Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support tunnel functionality #598

Closed
4 tasks
rtertiaer opened this issue Jan 3, 2024 · 1 comment · Fixed by #731
Closed
4 tasks

Add support tunnel functionality #598

rtertiaer opened this issue Jan 3, 2024 · 1 comment · Fixed by #731
Assignees
@rtertiaer
Labels
developer-experience Something that speaks to improving the developer's experience enhancement New feature or request stability Improves stability of the platform support Improves our ability to support our platform user-experience Something that speaks to the interface or interaction with the user webapp Web application development
Milestone
0.4.0

Comments

@rtertiaer
Copy link
Contributor

rtertiaer commented Jan 3, 2024
edited
Loading

Users of AmpliPis ought to have the ability to instantiate a support tunnel connection from their appliances in the field to a Micro-Nova shell server. This will allow us to easily see bugs in the field and shorten the feedback loop between a support request and fix.

This implementation will need to be extremely transparent, privacy preserving and rigorously secure. Any proposed implementation should check these boxes:

  • e2e encrypted
  • all access to customer appliances requires two factors and explicit customer action to provide access
  • the design should not permit customer boxes to access internal micronova resources
  • logs of all access & interactions with the appliance should be available for the end user to peruse

more?
@rtertiaer rtertiaer added enhancement New feature or request user-experience Something that speaks to the interface or interaction with the user developer-experience Something that speaks to improving the developer's experience stability Improves stability of the platform support Improves our ability to support our platform labels Jan 3, 2024
@rtertiaer rtertiaer added this to the 0.4.0 milestone Jan 3, 2024
@rtertiaer
Copy link
Contributor Author

rtertiaer commented Jan 3, 2024
edited
Loading

A quick sketch of a proposed implementation might look something like this:

  • on the amplipi, a form with some details is filled out and a button labelled "start a support tunnel" button is clicked
  • amplipi generates a public/private key and passphrase for a wireguard tunnel
  • an API server at micronova listens for requests for support. an amplipi POSTs the public key to this service
  • the service creates a queue of "support requests" with the details of the support tunnel request
  • when a particular item in the queue is approved by a micronova engineer, the service launches a throwaway VM; this then instantiates its own wireguard material and through the API provides that public key back to the amplipi (cons: we may need to spend money. the amplipi probably needs to poll until this key material is available.)
  • the passphrase the amplipi generates is provided out of band by the customer in a support request and is used as both the wireguard tunnel PSK and ssh password.
  • after a session, .bash_history is uploaded someplace and provided to the end user (this is not a great implementation of the transparency here - would love ideas.)
  • the web service (and possibly the appliance itself) reaps all VMs/connections that have been idle for X hrs, or when explicitly closed.

@rtertiaer rtertiaer self-assigned this Mar 11, 2024
@rtertiaer rtertiaer added the webapp Web application development label May 15, 2024
@rtertiaer rtertiaer linked a pull request Jun 13, 2024 that will close this issue
support tunnel MVP #731
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rtertiaer rtertiaer

Labels
developer-experience Something that speaks to improving the developer's experience enhancement New feature or request stability Improves stability of the platform support Improves our ability to support our platform user-experience Something that speaks to the interface or interaction with the user webapp Web application development
Projects
None yet
Milestone
0.4.0
Development

Successfully merging a pull request may close this issue.

support tunnel MVP micro-nova/AmpliPi
1 participant
@rtertiaer