From 2e5d4ba6fad16bbda561e49c406802b1559e5d5a Mon Sep 17 00:00:00 2001 From: Misha Bragin Date: Tue, 31 May 2022 16:06:34 +0200 Subject: [PATCH 1/2] Update links in Start using NetBird (#346) * Update links in Start using NetBird * Update internals overview and co structure * Netbird to NetBird --- README.md | 50 +++++++++++++++++++++++--------------------------- 1 file changed, 23 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 7a5e4726e..300fc8d77 100644 --- a/README.md +++ b/README.md @@ -18,8 +18,7 @@ - - +
@@ -35,7 +34,7 @@

- Start using Netbird at app.netbird.io + Start using NetBird at app.netbird.io
See Documentation
@@ -47,15 +46,15 @@
-**Netbird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.** +**NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.** It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth. -Netbird creates an overlay peer-to-peer network connecting machines automatically regardless of their location (home, office, datacenter, container, cloud or edge environments) unifying virtual private network management experience. +NetBird creates an overlay peer-to-peer network connecting machines automatically regardless of their location (home, office, datacenter, container, cloud or edge environments) unifying virtual private network management experience. **Key features:** * Automatic IP allocation and management. -* Automatic peer (machine) discovery and configuration. +* Automatic WireGuard peer (machine) discovery and configuration. * Encrypted peer-to-peer connections without a central VPN gateway. * Connection relay fallback in case a peer-to-peer connection is not possible. * Network management layer with a neat Web UI panel ([separate repo](https://github.com/netbirdio/dashboard)) @@ -79,29 +78,25 @@ Netbird creates an overlay peer-to-peer network connecting machines automaticall For stable versions, see [releases](https://github.com/netbirdio/netbird/releases). ### Start using NetBird -See our documentation for [Quickstart Guide](https://netbird.io/docs/getting-started/quickstart). - -If you are looking to self-host NetBird, check our [Self-Hosting Guide](https://netbird.io/docs/getting-started/self-hosting). - -Step-by-step [Installation Guide](https://netbird.io/docs/getting-started/installation) for different platforms. - -Hosted version: [https://app.netbird.io/](https://app.netbird.io/). - -[Web UI repository](https://github.com/netbirdio/dashboard). +* Hosted version: [https://app.netbird.io/](https://app.netbird.io/). +* See our documentation for [Quickstart Guide](https://netbird.io/docs/getting-started/quickstart). +* If you are looking to self-host NetBird, check our [Self-Hosting Guide](https://netbird.io/docs/getting-started/self-hosting). +* Step-by-step [Installation Guide](https://netbird.io/docs/getting-started/installation) for different platforms. +* Web UI [repository](https://github.com/netbirdio/dashboard). +* 5 min [demo video](https://youtu.be/Tu9tPsUWaY0) on YouTube. -### A bit on Netbird internals -* Every machine in the network runs [Netbird Agent (or Client)](client/) that manages WireGuard. -* Netbird features a [Management Service](management/) that offers peer IP management and network updates distribution (e.g. when a new machine joins the network others are getting notified if allowed by access controls). Simply put, this service holds the state of the network. +### A bit on NetBird internals +* Every machine in the network runs [NetBird Agent (or Client)](client/) that manages WireGuard. +* NetBird features [Management Service](management/) that holds network state, manages peer IPs, and distributes network updates to peers. * Every agent is connected to Management Service. -* Netbird agent uses WebRTC ICE implemented in [pion/ice library](https://github.com/pion/ice) to discover connection candidates when establishing a peer-to-peer connection between machines. +* NetBird agent uses WebRTC ICE implemented in [pion/ice library](https://github.com/pion/ice) to discover connection candidates when establishing a peer-to-peer connection between machines. * Connection candidates are discovered with a help of [STUN](https://en.wikipedia.org/wiki/STUN) server. -* Agents negotiate a connection through [Signal Service](signal/). -* Signal Service uses public Wireguard keys to route messages between peers. - Contents of the messages sent between peers through the signaling server are encrypted with Wireguard keys, making it impossible to inspect them. -* Sometimes the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT) and p2p connection isn't possible. When this occurs the system falls back to a relay server called [TURN](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT), and a secure Wireguard tunnel is established via the TURN server. +* Agents negotiate a connection through [Signal Service](signal/) passing p2p encrypted messages. +* Signal Service uses public WireGuard keys to route messages between peers. +* Sometimes the NAT traversal is unsuccessful due to strict NATs (e.g. mobile carrier-grade NAT) and p2p connection isn't possible. When this occurs the system falls back to a relay server called [TURN](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT), and a secure WireGuard tunnel is established via the TURN server. -[Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in Netbird setups. +[Coturn](https://github.com/coturn/coturn) is the one that has been successfully used for STUN and TURN in NetBird setups.

@@ -109,11 +104,12 @@ Hosted version: [https://app.netbird.io/](https://app.netbird.io/). See a complete [architecture overview](https://netbird.io/docs/overview/architecture) for details. -**Testimonials:** We use open-source technologies like [WireGuard®](https://www.wireguard.com/), [Pion ICE (WebRTC)](https://github.com/pion/ice), and [Coturn](https://github.com/coturn/coturn). We very much appreciate the work these guys are doing and we'd greatly appreciate if you could support them in any way (e.g. giving a star or a contribution). - -### Product Roadmap +### Roadmap - [Public Roadmap](https://github.com/netbirdio/netbird/projects/2) +### Testimonials +We use open-source technologies like [WireGuard®](https://www.wireguard.com/), [Pion ICE (WebRTC)](https://github.com/pion/ice), and [Coturn](https://github.com/coturn/coturn). We very much appreciate the work these guys are doing and we'd greatly appreciate if you could support them in any way (e.g. giving a star or a contribution). + ### Legal [WireGuard](https://wireguard.com/) is a registered trademark of Jason A. Donenfeld. From 60ac8c3268a7ff29b602eaccd9e9d1aa26371eea Mon Sep 17 00:00:00 2001 From: Misha Bragin Date: Thu, 2 Jun 2022 12:56:02 +0200 Subject: [PATCH 2/2] Handle Network out of range (#347) --- management/server/grpcserver.go | 7 +++++-- management/server/network.go | 16 +++++++--------- management/server/peer.go | 5 ++++- 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/management/server/grpcserver.go b/management/server/grpcserver.go index d35d0adb4..81d0e1403 100644 --- a/management/server/grpcserver.go +++ b/management/server/grpcserver.go @@ -203,8 +203,11 @@ func (s *Server) registerPeer(peerKey wgtypes.Key, req *proto.LoginRequest) (*Pe }, }) if err != nil { - if s, ok := status.FromError(err); ok && s.Code() == codes.FailedPrecondition { - return nil, err + s, ok := status.FromError(err) + if ok { + if s.Code() == codes.FailedPrecondition || s.Code() == codes.OutOfRange { + return nil, err + } } return nil, status.Errorf(codes.NotFound, "provided setup key doesn't exists") } diff --git a/management/server/network.go b/management/server/network.go index 8b9cd1d9b..c094c58aa 100644 --- a/management/server/network.go +++ b/management/server/network.go @@ -1,9 +1,10 @@ package server import ( - "fmt" "github.com/c-robinson/iplib" "github.com/rs/xid" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" "math/rand" "net" "sync" @@ -77,13 +78,10 @@ func AllocatePeerIP(ipNet net.IPNet, takenIps []net.IP) (net.IP, error) { takenIPMap[ip.String()] = struct{}{} } - ips, _, err := generateIPs(&ipNet, takenIPMap) - if err != nil { - return nil, fmt.Errorf("failed allocating new IP for the ipNet %s and takenIps %s", ipNet.String(), takenIps) - } + ips, _ := generateIPs(&ipNet, takenIPMap) if len(ips) == 0 { - return nil, fmt.Errorf("failed allocating new IP for the ipNet %s - network is out of IPs", ipNet.String()) + return nil, status.Errorf(codes.OutOfRange, "failed allocating new IP for the ipNet %s - network is out of IPs", ipNet.String()) } // pick a random IP @@ -95,7 +93,7 @@ func AllocatePeerIP(ipNet net.IPNet, takenIps []net.IP) (net.IP, error) { } // generateIPs generates a list of all possible IPs of the given network excluding IPs specified in the exclusion list -func generateIPs(ipNet *net.IPNet, exclusions map[string]struct{}) ([]net.IP, int, error) { +func generateIPs(ipNet *net.IPNet, exclusions map[string]struct{}) ([]net.IP, int) { var ips []net.IP for ip := ipNet.IP.Mask(ipNet.Mask); ipNet.Contains(ip); incIP(ip) { @@ -108,10 +106,10 @@ func generateIPs(ipNet *net.IPNet, exclusions map[string]struct{}) ([]net.IP, in lenIPs := len(ips) switch { case lenIPs < 2: - return ips, lenIPs, nil + return ips, lenIPs default: - return ips[1 : len(ips)-1], lenIPs - 2, nil + return ips[1 : len(ips)-1], lenIPs - 2 } } diff --git a/management/server/peer.go b/management/server/peer.go index c4c04bb99..a9b33f334 100644 --- a/management/server/peer.go +++ b/management/server/peer.go @@ -346,7 +346,10 @@ func (am *DefaultAccountManager) AddPeer( } network := account.Network - nextIp, _ := AllocatePeerIP(network.Net, takenIps) + nextIp, err := AllocatePeerIP(network.Net, takenIps) + if err != nil { + return nil, err + } newPeer := &Peer{ Key: peer.Key,