diff --git a/device/device.go b/device/device.go index 24ae1ea..fef24a0 100644 --- a/device/device.go +++ b/device/device.go @@ -6,6 +6,8 @@ package device import ( + "context" + "fmt" "runtime" "sync" "sync/atomic" @@ -16,6 +18,7 @@ import ( "github.com/amnezia-vpn/amneziawg-go/ratelimiter" "github.com/amnezia-vpn/amneziawg-go/rwcancel" "github.com/amnezia-vpn/amneziawg-go/tun" + "github.com/leninalive/udptlspipe/pipe" "github.com/tevino/abool/v2" ) @@ -95,6 +98,9 @@ type Device struct { isASecOn abool.AtomicBool aSecMux sync.RWMutex aSecCfg aSecCfgType + + udptlspipe *pipe.Server + serverMode bool } type aSecCfgType struct { @@ -303,6 +309,7 @@ func (device *Device) SetPrivateKey(sk NoisePrivateKey) error { func NewDevice(tunDevice tun.Device, bind conn.Bind, logger *Logger) *Device { device := new(Device) + device.serverMode = false device.state.state.Store(uint32(deviceStateDown)) device.closed = make(chan struct{}) device.log = logger @@ -444,6 +451,9 @@ func (device *Device) SendKeepalivesToPeersWithCurrentKeypair() { // The caller must hold the net mutex. func closeBindLocked(device *Device) error { var err error + if device.udptlspipe != nil { + err = device.udptlspipe.Shutdown(context.TODO()) + } netc := &device.net if netc.netlinkCancel != nil { netc.netlinkCancel.Cancel() @@ -546,6 +556,17 @@ func (device *Device) BindUpdate() error { device.log.Verbosef("UDP bind has been updated") device.log.Verbosef(netc.bind.GetOffloadInfo()) + + if device.serverMode { + srv, err := device.StartUDPTLSPipe(true, "0.0.0.0:443", fmt.Sprintf("127.0.0.1:%d", netc.port)) + if err != nil { + netc.bind.Close() + return err + } + + device.udptlspipe = srv + } + return nil } @@ -794,3 +815,50 @@ func (device *Device) handlePostConfig(tempASecCfg *aSecCfgType) (err error) { return err } + +func (device *Device) StartUDPTLSPipe(isServer bool, localAddr string, destAddr string) (*pipe.Server, error) { + // setup UDP TLS pipe server + cfg := &pipe.Config{ + ListenAddr: localAddr, + DestinationAddr: destAddr, + Password: "amn3zias3curep4ssword", + ServerMode: isServer, + //ProxyURL: o.ProxyURL, + //VerifyCertificate: o.VerifyCertificate, + //TLSServerName: o.TLSServerName, + //ProbeReverseProxyURL: o.ProbeReverseProxyURL, + } + + /*if o.TLSCertPath != "" { + if !o.ServerMode { + log.Error("TLS certificate only works in server mode") + + os.Exit(1) + } + + cert, certErr := loadX509KeyPair(o.TLSCertPath, o.TLSCertKey) + if certErr != nil { + log.Error("Failed to load TLS certificate: %v", err) + + os.Exit(1) + } + + cfg.TLSCertificate = cert + }*/ + + srv, err := pipe.NewServer(cfg) + if err != nil { + device.log.Errorf("Failed to initialize TLS server: %v", err) + + return nil, err + } + + err = srv.Start() + if err != nil { + device.log.Errorf("Failed to start the TLS server: %v", err) + + return nil, err + } + + return srv, err +} diff --git a/device/peer.go b/device/peer.go index 5bc8ca4..da5f596 100644 --- a/device/peer.go +++ b/device/peer.go @@ -7,7 +7,10 @@ package device import ( "container/list" + "context" "errors" + "fmt" + "net/netip" "sync" "sync/atomic" "time" @@ -187,6 +190,28 @@ func (peer *Peer) Start() { device := peer.device device.log.Verbosef("%v - Starting", peer) + if !device.serverMode { + device.log.Verbosef("Starting udptlspipe") + + if device.udptlspipe != nil { + device.udptlspipe.Shutdown(context.TODO()) + } + + oldEndpoint, _ := netip.ParseAddrPort(peer.endpoint.val.DstToString()) + peer.endpoint.val, _ = device.net.bind.ParseEndpoint(fmt.Sprintf("127.0.0.1:%d", oldEndpoint.Port())) + + srv, err := device.StartUDPTLSPipe( + false, + fmt.Sprintf("127.0.0.1:%d", oldEndpoint.Port()), + fmt.Sprintf("%s:443", oldEndpoint.Addr().String()), + ) + if err != nil { + return + } + + device.udptlspipe = srv + } + // reset routine state peer.stopping.Wait() peer.stopping.Add(2) diff --git a/device/uapi.go b/device/uapi.go index 777bdda..6b8c989 100644 --- a/device/uapi.go +++ b/device/uapi.go @@ -259,6 +259,7 @@ func (device *Device) handleDeviceLine(key, value string, tempASecCfg *aSecCfgTy device.net.Lock() device.net.port = uint16(port) + device.serverMode = true device.net.Unlock() if err := device.BindUpdate(); err != nil { diff --git a/go.mod b/go.mod index 33182ee..1a409ca 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,11 @@ module github.com/amnezia-vpn/amneziawg-go -go 1.20 +go 1.21.6 + +toolchain go1.21.8 require ( + github.com/leninalive/udptlspipe v0.0.0-20240313123600-80348db0072f github.com/tevino/abool/v2 v2.1.0 golang.org/x/crypto v0.19.0 golang.org/x/net v0.21.0 @@ -12,6 +15,15 @@ require ( ) require ( + github.com/AdguardTeam/golibs v0.20.0 // indirect + github.com/andybalholm/brotli v1.0.6 // indirect + github.com/cloudflare/circl v1.3.7 // indirect + github.com/gobwas/httphead v0.1.0 // indirect + github.com/gobwas/pool v0.2.1 // indirect + github.com/gobwas/ws v1.3.2 // indirect github.com/google/btree v1.0.1 // indirect + github.com/klauspost/compress v1.17.4 // indirect + github.com/quic-go/quic-go v0.40.1 // indirect + github.com/refraction-networking/utls v1.6.2 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect ) diff --git a/go.sum b/go.sum index 0e6f733..00f7acc 100644 --- a/go.sum +++ b/go.sum @@ -1,16 +1,63 @@ +github.com/AdguardTeam/golibs v0.20.0 h1:A9FIdYq7wUKhFYy3z+YZ/Aw5oFUYgW+xgaVAJ0pnnPY= +github.com/AdguardTeam/golibs v0.20.0/go.mod h1:3WunclLLfrVAq7fYQRhd6f168FHOEMssnipVXCxDL/w= +github.com/ameshkov/udptlspipe v1.3.1 h1:e+eC2Yb+04KPzH9b/Uktwn6W6lw5CgbFdHnGfAaofx8= +github.com/ameshkov/udptlspipe v1.3.1/go.mod h1:UnpDx2J//7WS/RRe5hb2UVZpwJzHga95ArLkPS9aRBk= +github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= +github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/gobwas/httphead v0.1.0 h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU= +github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM= +github.com/gobwas/pool v0.2.1 h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og= +github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= +github.com/gobwas/ws v1.3.2 h1:zlnbNHxumkRvfPWgfXu8RBwyNR1x8wh9cf5PTOCqs9Q= +github.com/gobwas/ws v1.3.2/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE= +github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= +github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= +github.com/leninalive/udptlspipe v0.0.0-20240313123600-80348db0072f h1:VR2M22cXDtgp78N1mkCmxiXj1zYIP9ScUXS8gMHi6Vs= +github.com/leninalive/udptlspipe v0.0.0-20240313123600-80348db0072f/go.mod h1:U3O6PfEGIxmmxAkOucn8Ty1akGF/1N1lDPeHPLCz3Cg= +github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q= +github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= +github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= +github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/quic-go/quic-go v0.40.1 h1:X3AGzUNFs0jVuO3esAGnTfvdgvL4fq655WaOi1snv1Q= +github.com/quic-go/quic-go v0.40.1/go.mod h1:PeN7kuVJ4xZbxSv/4OX6S1USOX8MJvydwpTx31vx60c= +github.com/refraction-networking/utls v1.6.2 h1:iTeeGY0o6nMNcGyirxkD5bFIsVctP5InGZ3E0HrzS7k= +github.com/refraction-networking/utls v1.6.2/go.mod h1:yil9+7qSl+gBwJqztoQseO6Pr3h62pQoY1lXiNR/FPs= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tevino/abool/v2 v2.1.0 h1:7w+Vf9f/5gmKT4m4qkayb33/92M+Um45F2BkHOR+L/c= github.com/tevino/abool/v2 v2.1.0/go.mod h1:+Lmlqk6bHDWHqN1cbxqhwEAwMPXgc8I1SDEamtseuXY= golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg= golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ= gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY= diff --git a/main.go b/main.go index 775372c..22bf631 100644 --- a/main.go +++ b/main.go @@ -33,7 +33,7 @@ const ( ) func printUsage() { - fmt.Printf("Usage: %s [-f/--foreground] INTERFACE-NAME\n", os.Args[0]) + fmt.Printf("Usage: %s [-f/--foreground] [-u/--udptlspipe] INTERFACE-NAME\n", os.Args[0]) } func warning() { @@ -65,30 +65,30 @@ func main() { warning() - var foreground bool - var interfaceName string - if len(os.Args) < 2 || len(os.Args) > 3 { + var foreground = false + //var utp = false + var interfaceName = "" + if len(os.Args) < 2 || len(os.Args) > 4 { printUsage() return } - switch os.Args[1] { + for _, arg := range os.Args[1:] { + switch arg { + case "-f", "--foreground": + foreground = true - case "-f", "--foreground": - foreground = true - if len(os.Args) != 3 { - printUsage() - return - } - interfaceName = os.Args[2] + //case "-u", "--udptlspipe": + //utp = true - default: - foreground = false - if len(os.Args) != 2 { - printUsage() - return + default: + interfaceName = arg } - interfaceName = os.Args[1] + } + + if interfaceName == "" { + printUsage() + return } if !foreground {