Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Allow specifying server in "add client" command #24

Closed
jmac125 opened this issue Aug 4, 2023 · 5 comments · Fixed by #25
Closed

Feature Request: Allow specifying server in "add client" command #24

jmac125 opened this issue Aug 4, 2023 · 5 comments · Fixed by #25
Assignees
@luker983
Labels
feature request New feature or request

Comments

@jmac125
Copy link

jmac125 commented Aug 4, 2023
edited
Loading

It would be useful to allow specifying the --server-address ::6 in the add client command just like in the add server command. This would create a new client config that connects its relay to the server specified and e2e same as the original client
@luker983 luker983 added the feature request New feature or request label Aug 29, 2023
@luker983
Copy link
Collaborator

The way Wiretap is currently structured, this might be a little tricky. Routing rules assume that the network is a tree, with clients being at the root of the tree.

It might be doable if we assume that there is only one "first-hop" server, but if your initial client has multiple first-hop servers then it may not be possible to grant the new client access to both branches when added to an arbitrary server.

Case that would probably work:

 ┌─────┐
 │  C  │
 └──┬──┘
    │
 ┌──┴──┐
 │  S  │
 └──┬──┘
    │
 ┌──┴──┐
 │  S  ◄───────┐
 └─────┘       │
            ┌──┴─┐
            │ C  │
            └────┘

Case that will only allow the new client access to the right branch:

        ┌─────┐
        │  C  │
        └┬───┬┘
         │   │
    ┌────┴┐ ┌┴────┐
    │  S  │ │  S  │
    └──┬──┘ └──┬──┘
       │       │
    ┌──┴──┐ ┌──┴──┐
    │  S  │ │  S  ◄───────┐
    └─────┘ └─────┘       │
                       ┌──┴─┐
                       │ C  │
                       └────┘

Thoughts? If you don't care about the second case, I could see about adding an option like you describe. It may also limit the new client's ability to add additional clients

@jmac125
Copy link
Author

jmac125 commented Aug 29, 2023

I think the only-one-first-hop case is what i'm thinking of. If i was working with parallel server chains i would probably just use two instances of wiretap vs having them combined.
I would only use the first client to add more clients i think.

@luker983 luker983 self-assigned this Sep 14, 2023
@luker983
Copy link
Collaborator

I have a draft of this working in the add-client-to-any-server branch.

Would you mind trying it out to make sure it works as you intend?

@jmac125
Copy link
Author

jmac125 commented Sep 21, 2023

Yea it works how i expected. It seems like maybe the wiretap status command doesn't show server ::3 after adding the client onto ::3, though pings still work through the tunnels as expected

@luker983
Copy link
Collaborator

Thanks for testing, good catch. status command should be fixed now.

@luker983 luker983 mentioned this issue Sep 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@luker983 luker983

Labels
feature request New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add client to any server sandialabs/wiretap
2 participants
@luker983 @jmac125