Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow remote IP in firewall before NAT hole punching #1769

Merged
merged 3 commits into from
Feb 26, 2020
Merged

Allow remote IP in firewall before NAT hole punching #1769

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e3e9cae
Allow remote IP in firewall before NAT hole punching
soffokl Feb 26, 2020
36c2905
Enable kill switch for traversal E2E test
soffokl Feb 26, 2020
fb68eaf
Fix test for wrapped error
soffokl Feb 26, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions docker-compose.e2e-traversal.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@ services:
--accountant.address=http://accountant:8889/api/v2
--transactor.address=http://transactor:8888/api/v1
--quality.address=http://morqa:8085/api/v1
--firewall.killSwitch.always
daemon
dns: 172.30.0.254
networks:
Expand Down
19 changes: 10 additions & 9 deletions services/openvpn/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,12 @@ func (c *Client) Start(options connection.ConnectOptions) error {
sessionConfig := VPNConfig{}
err := json.Unmarshal(options.SessionConfig, &sessionConfig)
if err != nil {
return err
return errors.Wrap(err, "failed to unmarshal session config")
}

c.removeAllowedIPRule, err = firewall.AllowIPAccess(sessionConfig.RemoteIP)
if err != nil {
return errors.Wrap(err, "failed to add allowed IP address")
}

// TODO this backward compatibility check needs to be removed once we will start using port ranges for all peers.
Expand All @@ -138,6 +143,7 @@ func (c *Client) Start(options connection.ConnectOptions) error {

lPort, rPort, err := c.natPinger.PingProvider(ip, localPorts, remotePorts, sessionConfig.LocalPort)
if err != nil {
c.removeAllowedIPRule()
return errors.Wrap(err, "could not ping provider")
}

Expand All @@ -148,21 +154,16 @@ func (c *Client) Start(options connection.ConnectOptions) error {
proc, clientConfig, err := c.processFactory(options, sessionConfig)
if err != nil {
log.Info().Err(err).Msg("Client config factory error")
return err
return errors.Wrap(err, "client config factory error")
}
c.process = proc
log.Info().Interface("data", clientConfig).Msgf("Openvpn client configuration")
removeAllowedIPRule, err := firewall.AllowIPAccess(clientConfig.VpnConfig.RemoteIP)
if err != nil {
return err
}
c.removeAllowedIPRule = removeAllowedIPRule

err = c.process.Start()
if err != nil {
removeAllowedIPRule()
c.removeAllowedIPRule()
}
return err
return errors.Wrap(err, "failed to start client process")
}

// Wait waits for the connection to exit
Expand Down
2 changes: 1 addition & 1 deletion services/openvpn/client_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func TestConnection_ErrorsOnInvalidConfig(t *testing.T) {
connectionOptions := connection.ConnectOptions{}
assert.Nil(t, err)
err = conn.Start(connectionOptions)
assert.EqualError(t, err, "unexpected end of JSON input")
assert.EqualError(t, err, "failed to unmarshal session config: unexpected end of JSON input")
}

func TestConnection_CreatesConnection(t *testing.T) {
Expand Down