Commit Graph

118 Commits

Author SHA1 Message Date
Lukas Prettenthaler
578a86ada7
remove artifact conflict for router 2024-05-16 13:23:28 -06:00
Lukas Prettenthaler
0403918275
update actions 2024-05-16 12:29:41 -06:00
Lukas Prettenthaler
f85eeb21a5
upgrade to 1.14.0 2024-05-02 17:58:13 -06:00
Lukas Prettenthaler
706b94c2ac
add more architectures to build 2024-04-12 15:56:15 -06:00
Lukas Prettenthaler
d18dfe3b09
keep legacy iptables as default to stay compatible with previous behavior 2023-11-05 12:59:36 -07:00
Lukas Prettenthaler
ea04bd7977
Merge pull request #26 from bfg100k/master
Version 1.12.2 broken on host systems that are still using legacy iptables. ISSUE FOR ROUTER MODE ONLY
2023-11-05 07:15:19 -08:00
bfg100k
cfc3276a5d
switched to iptables-legacy for backwards compatibility 2023-11-05 18:11:47 +11:00
bfg100k
e1e2c27461
Merge pull request #3 from zyclonite/main
bringing this repo up to date
2023-11-05 17:32:46 +11:00
Lukas Prettenthaler
6dcb6a75d0
upgrade to 1.12.2 2023-09-14 13:26:33 -06:00
Lukas Prettenthaler
2e6bcb559f
Merge pull request #24 from sinamics/patch-1
Release 1.12.1
2023-08-26 04:33:15 -07:00
Lukas Prettenthaler
bd65ec3868
update commit hash 2023-08-26 13:27:19 +02:00
Bernt Christian Egeland
c54e8dc4ba
Update Dockerfile 2023-08-26 08:52:37 +02:00
Lukas Prettenthaler
e3c5953a16
upgrade to 1.12.0 2023-08-24 09:13:46 +02:00
Lukas Prettenthaler
efc6029f18
upgrade to 1.10.6 2023-03-23 20:34:47 +01:00
Lukas Prettenthaler
8dc3a0a48d
upgrade to 1.10.5 2023-03-22 10:14:23 -06:00
Lukas Prettenthaler
6945be0e2f
upgrade to 1.10.3 2023-02-16 08:53:14 +01:00
Lukas Prettenthaler
141c5e3897
Update Dockerfile 2022-11-01 21:26:02 +01:00
Lukas Prettenthaler
d45adf395d
upgrade to 1.10.2 2022-11-01 14:24:38 -06:00
Lukas Prettenthaler
1741721037
Merge pull request #19 from Granga/patch-1
Fix a small typo.
2022-10-19 02:12:15 +02:00
Granga
4efd643813
Fix a small typo. 2022-10-18 23:21:59 +02:00
Lukas Prettenthaler
2686599248
upgrade gh actions 2022-10-17 10:47:45 -06:00
Lukas Prettenthaler
5548308e01
Merge pull request #16 from Paraphraser/20220803-entrypoint-router-main
unexpected script termination - entrypoint-router.sh
2022-08-03 11:58:05 +02:00
Phill Kelley
4d0f21c52b
unexpected script termination - entrypoint-router.sh
Resolves issue raised in #15 where `entrypoint-router.sh` exits after
telling the pipe listener process to go away, with the result that the
temporary pipe file does not get cleaned up on a container restart.

> The temporary pipe file is not persisted so it will always get cleaned
 up when the container is terminated or recreated.

The pipe listener process exits automatically without needing any signal
from `entrypoint-router.sh` so the script lines doing that are removed.

Instead of creating the pipe file using `mktemp` with a random suffix,
the hard-coded name "/tmp/zerotier-ipc-log" will be used. The pipe file
is:

* still in `/tmp` so it is not persisted and will get cleaned up when
 the container is terminated.

* always initalised empty each time the script runs (important if the
 container restarts).

Fixes: #15

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-08-03 12:45:22 +10:00
Lukas Prettenthaler
4b546307ca
Merge pull request #13 from bfg100k/master
Fixed firewall rules for inbound/outbound scenarios
2022-07-31 10:39:36 +02:00
bfg100k
a130232f3e
fixed inbound / outbound drop rule order 2022-07-30 14:05:09 +10:00
bfg100k
4b154771fd
Fixed firewall rules for inbound/outbound scenarios 2022-07-29 18:07:34 +10:00
Lukas Prettenthaler
6157fcb49b
fix builds 2022-07-28 14:48:15 +02:00
Lukas Prettenthaler
030632aada
Merge pull request #12 from Paraphraser/20220718-router-master
20220718 router master
2022-07-28 14:46:59 +02:00
Phill Kelley
09df8bf66e
support three routing modes as proposed by @bfg100k
Adds `ZEROTIER_ONE_GATEWAY_MODE` variable. Supported values are
`inbound` (forward traffic from ZeroTier cloud to local interfaces),
`outbound` (forward traffic from local interfaces to ZeroTier cloud)
and `both` (bi-directional). Defaults to `inbound`.

Also checks for `net.ipv4.ip_forward=1`. If not enabled, falls back
to standard client mode.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-27 21:58:39 +10:00
Phill Kelley
1ae368044b
refactor documentation to separate zerotier-router into separate readme
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-25 11:13:36 +10:00
Phill Kelley
41d4501593
Improve entrypoint-router.sh:
- Remove redundant echo statements
- Improve comments
- Rename `PIPE` to `TAIL_PIPE` to clarify purpose
- Remove traps used during testing and consolidate on INT TERM and HUP
 (TERM being the usual case)
- Normal exit when ZeroTier aborts or exits just calls termination
handler
- Termination handler unconditionally removes iptables rules but
conditionally clobbers processes.
- All logging includes date.

Tested combination of waiting on ZeroTier + TERM trap correctly
handling:

1. Docker commands to restart, terminate, recreate, stack down, etc.
2. A reboot while the container is running (assuming restart unless
stopped).
3. External action clobbering the ZeroTier daemon.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-25 11:09:06 +10:00
Phill Kelley
9b98b470f8
Change ZEROTIER_ONE_NETWORK_ID to ZEROTIER_ONE_NETWORK_IDS so more
than one network can be specified as defaults.

First cut at improved launch/tear-down so iptables entries do not get
duplicated, especially if the zerotier daemon quits because networking
has not come up properly after a reboot.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-22 13:50:28 +10:00
Phill Kelley
7f6239fae4
update documentation to describe router-mode environment variables
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 18:44:28 +10:00
Phill Kelley
226cf83004
add example docker-compose service definition for router
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 18:42:58 +10:00
Phill Kelley
f28b665afd
Extend router launch script:
1. Support `ZEROTIER_ONE_USE_IPTABLES_NFT` environment variable. If
omitted or has any value other than `true`, `iptables` is used
(maintains backwards compatibility). If `true`, substitutes
`iptables-nft`. This definitely seems to be necessary on Raspberry Pi
running Bullseye.
2. Support `ZEROTIER_ONE_LOCAL_PHYS` environment variable. Defaults to
`eth0` if omitted (maintains backwards compatibility). Allows for
overriding to `wlan0` (eg Raspberry Pi Zero 2W), or both `eth0 wlan0` to
support multiple subnets or failover modes, or similar situations (eg
extra network interface cards).
3. Support `ZEROTIER_ONE_NETWORK_ID` as an alternative to the `join`
command. Means container will always fail safe if its persistent storage
is erased - will look like a new identity but can be authorised and
will then be reachable for additional configuration.
4. Support `PUID` + `PGID` environment variables. Default to 999 and
994, respectively, mimicking what happens on a "native" install of
ZeroTier-One (on a Raspberry Pi).
5. Perform unconditional reset of ownership (PUID:PGID) throughout
persistent store on each launch. This avoids many permission problems
that can sometimes occur in docker environments.
6. Add launch message with date. Assists in assessing recency of
"sendto: Network unreachable" messages that can occur after a reboot
where the container resumes before networking is available.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 18:41:38 +10:00
Phill Kelley
bf15adc4ce
timezone support
Adding `tzdata` to Dockerfile.router activates TZ environment variable.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 15:58:18 +10:00
Phill Kelley
ddb2636141
rename "bridge" to "router"
1. Rename files with "bridge" in the name to "router".
2. Edit file contents referring to "bridge" so they refer to "router".
3. Update README to reflect this change, plus point to the relevant
link in the ZeroTier documentation.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-18 16:03:36 +10:00
Lukas Prettenthaler
a69a1b57ca
upgrade to 1.10.1 2022-07-01 00:15:27 +02:00
Lukas Prettenthaler
90e425bdd7
update gh actions 2022-06-21 16:56:05 +02:00
Lukas Prettenthaler
e238c36f28
upgrade to 1.10.0 2022-06-14 10:13:17 +02:00
Lukas Prettenthaler
a793e8b971
upgrade gh actions to ubuntu 22.04 2022-06-13 08:01:35 +02:00
Lukas Prettenthaler
43de76e5ea
proper variant tagging 2022-06-12 23:11:47 +02:00
Lukas Prettenthaler
97d63e4637
fix manifest creation 2022-06-12 21:50:15 +02:00
Lukas Prettenthaler
6f866c1c0b
cleanup 2022-06-12 20:33:21 +02:00
Lukas Prettenthaler
4767514530
copy missing scripts 2022-06-12 19:30:07 +02:00
Lukas Prettenthaler
52ee605ed1
add entrypoint and define env variables to override local settings 2022-06-12 17:53:02 +02:00
Lukas Prettenthaler
e2a1c86072
disable sso 2022-05-24 14:13:25 +02:00
Lukas Prettenthaler
d560485234
Update Dockerfile 2022-05-16 21:42:01 +02:00
Lukas Prettenthaler
7df4c4a138
upgrade to 1.8.9 2022-04-28 09:50:00 +02:00
Lukas Prettenthaler
79d54a0413
Update Dockerfile 2022-04-12 08:33:08 +02:00