Commit Graph

101 Commits

Author SHA1 Message Date
Lukas Prettenthaler
d45adf395d
upgrade to 1.10.2 2022-11-01 14:24:38 -06:00
Lukas Prettenthaler
1741721037
Merge pull request #19 from Granga/patch-1
Fix a small typo.
2022-10-19 02:12:15 +02:00
Granga
4efd643813
Fix a small typo. 2022-10-18 23:21:59 +02:00
Lukas Prettenthaler
2686599248
upgrade gh actions 2022-10-17 10:47:45 -06:00
Lukas Prettenthaler
5548308e01
Merge pull request #16 from Paraphraser/20220803-entrypoint-router-main
unexpected script termination - entrypoint-router.sh
2022-08-03 11:58:05 +02:00
Phill Kelley
4d0f21c52b
unexpected script termination - entrypoint-router.sh
Resolves issue raised in #15 where `entrypoint-router.sh` exits after
telling the pipe listener process to go away, with the result that the
temporary pipe file does not get cleaned up on a container restart.

> The temporary pipe file is not persisted so it will always get cleaned
 up when the container is terminated or recreated.

The pipe listener process exits automatically without needing any signal
from `entrypoint-router.sh` so the script lines doing that are removed.

Instead of creating the pipe file using `mktemp` with a random suffix,
the hard-coded name "/tmp/zerotier-ipc-log" will be used. The pipe file
is:

* still in `/tmp` so it is not persisted and will get cleaned up when
 the container is terminated.

* always initalised empty each time the script runs (important if the
 container restarts).

Fixes: #15

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-08-03 12:45:22 +10:00
Lukas Prettenthaler
4b546307ca
Merge pull request #13 from bfg100k/master
Fixed firewall rules for inbound/outbound scenarios
2022-07-31 10:39:36 +02:00
bfg100k
a130232f3e
fixed inbound / outbound drop rule order 2022-07-30 14:05:09 +10:00
bfg100k
4b154771fd
Fixed firewall rules for inbound/outbound scenarios 2022-07-29 18:07:34 +10:00
Lukas Prettenthaler
6157fcb49b
fix builds 2022-07-28 14:48:15 +02:00
Lukas Prettenthaler
030632aada
Merge pull request #12 from Paraphraser/20220718-router-master
20220718 router master
2022-07-28 14:46:59 +02:00
Phill Kelley
09df8bf66e
support three routing modes as proposed by @bfg100k
Adds `ZEROTIER_ONE_GATEWAY_MODE` variable. Supported values are
`inbound` (forward traffic from ZeroTier cloud to local interfaces),
`outbound` (forward traffic from local interfaces to ZeroTier cloud)
and `both` (bi-directional). Defaults to `inbound`.

Also checks for `net.ipv4.ip_forward=1`. If not enabled, falls back
to standard client mode.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-27 21:58:39 +10:00
Phill Kelley
1ae368044b
refactor documentation to separate zerotier-router into separate readme
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-25 11:13:36 +10:00
Phill Kelley
41d4501593
Improve entrypoint-router.sh:
- Remove redundant echo statements
- Improve comments
- Rename `PIPE` to `TAIL_PIPE` to clarify purpose
- Remove traps used during testing and consolidate on INT TERM and HUP
 (TERM being the usual case)
- Normal exit when ZeroTier aborts or exits just calls termination
handler
- Termination handler unconditionally removes iptables rules but
conditionally clobbers processes.
- All logging includes date.

Tested combination of waiting on ZeroTier + TERM trap correctly
handling:

1. Docker commands to restart, terminate, recreate, stack down, etc.
2. A reboot while the container is running (assuming restart unless
stopped).
3. External action clobbering the ZeroTier daemon.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-25 11:09:06 +10:00
Phill Kelley
9b98b470f8
Change ZEROTIER_ONE_NETWORK_ID to ZEROTIER_ONE_NETWORK_IDS so more
than one network can be specified as defaults.

First cut at improved launch/tear-down so iptables entries do not get
duplicated, especially if the zerotier daemon quits because networking
has not come up properly after a reboot.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-22 13:50:28 +10:00
Phill Kelley
7f6239fae4
update documentation to describe router-mode environment variables
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 18:44:28 +10:00
Phill Kelley
226cf83004
add example docker-compose service definition for router
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 18:42:58 +10:00
Phill Kelley
f28b665afd
Extend router launch script:
1. Support `ZEROTIER_ONE_USE_IPTABLES_NFT` environment variable. If
omitted or has any value other than `true`, `iptables` is used
(maintains backwards compatibility). If `true`, substitutes
`iptables-nft`. This definitely seems to be necessary on Raspberry Pi
running Bullseye.
2. Support `ZEROTIER_ONE_LOCAL_PHYS` environment variable. Defaults to
`eth0` if omitted (maintains backwards compatibility). Allows for
overriding to `wlan0` (eg Raspberry Pi Zero 2W), or both `eth0 wlan0` to
support multiple subnets or failover modes, or similar situations (eg
extra network interface cards).
3. Support `ZEROTIER_ONE_NETWORK_ID` as an alternative to the `join`
command. Means container will always fail safe if its persistent storage
is erased - will look like a new identity but can be authorised and
will then be reachable for additional configuration.
4. Support `PUID` + `PGID` environment variables. Default to 999 and
994, respectively, mimicking what happens on a "native" install of
ZeroTier-One (on a Raspberry Pi).
5. Perform unconditional reset of ownership (PUID:PGID) throughout
persistent store on each launch. This avoids many permission problems
that can sometimes occur in docker environments.
6. Add launch message with date. Assists in assessing recency of
"sendto: Network unreachable" messages that can occur after a reboot
where the container resumes before networking is available.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 18:41:38 +10:00
Phill Kelley
bf15adc4ce
timezone support
Adding `tzdata` to Dockerfile.router activates TZ environment variable.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-19 15:58:18 +10:00
Phill Kelley
ddb2636141
rename "bridge" to "router"
1. Rename files with "bridge" in the name to "router".
2. Edit file contents referring to "bridge" so they refer to "router".
3. Update README to reflect this change, plus point to the relevant
link in the ZeroTier documentation.

Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2022-07-18 16:03:36 +10:00
Lukas Prettenthaler
a69a1b57ca
upgrade to 1.10.1 2022-07-01 00:15:27 +02:00
Lukas Prettenthaler
90e425bdd7
update gh actions 2022-06-21 16:56:05 +02:00
Lukas Prettenthaler
e238c36f28
upgrade to 1.10.0 2022-06-14 10:13:17 +02:00
Lukas Prettenthaler
a793e8b971
upgrade gh actions to ubuntu 22.04 2022-06-13 08:01:35 +02:00
Lukas Prettenthaler
43de76e5ea
proper variant tagging 2022-06-12 23:11:47 +02:00
Lukas Prettenthaler
97d63e4637
fix manifest creation 2022-06-12 21:50:15 +02:00
Lukas Prettenthaler
6f866c1c0b
cleanup 2022-06-12 20:33:21 +02:00
Lukas Prettenthaler
4767514530
copy missing scripts 2022-06-12 19:30:07 +02:00
Lukas Prettenthaler
52ee605ed1
add entrypoint and define env variables to override local settings 2022-06-12 17:53:02 +02:00
Lukas Prettenthaler
e2a1c86072
disable sso 2022-05-24 14:13:25 +02:00
Lukas Prettenthaler
d560485234
Update Dockerfile 2022-05-16 21:42:01 +02:00
Lukas Prettenthaler
7df4c4a138
upgrade to 1.8.9 2022-04-28 09:50:00 +02:00
Lukas Prettenthaler
79d54a0413
Update Dockerfile 2022-04-12 08:33:08 +02:00
Lukas Prettenthaler
b94f10f9e6
upgrade to version 1.8.7 2022-03-30 22:32:25 +02:00
Lukas Prettenthaler
285dacd2aa
switch to the correct commit id for 1.8.6 2022-03-11 08:23:47 +01:00
Lukas Prettenthaler
7509eb2658
1.8.6 2022-03-10 16:18:46 +01:00
Lukas Prettenthaler
9263237d27
Update Dockerfile 2022-03-04 08:23:39 +01:00
Lukas Prettenthaler
a4d92b7050
fix build 2022-03-03 16:39:53 +01:00
Lukas Prettenthaler
1cefbf3f6d
version 1.8.5 2022-03-03 15:09:40 +01:00
Lukas Prettenthaler
c3ceacd36a
add net_raw cap for bridge mode, seems to be not a default for podman on fedora 2022-01-31 11:58:07 +01:00
Lukas Prettenthaler
8579c1fde0
try riscv build on alpine edge 2022-01-31 10:24:10 +01:00
Lukas Prettenthaler
16cd0d1dba
Merge pull request #7 from red-avtovo/main
Cleanup bridge
2022-01-30 17:02:25 +01:00
red
78fa865823 cleanup bridge 2022-01-30 12:28:43 +01:00
Lukas Prettenthaler
08bcb469ca
add build action for bridge mode 2022-01-29 23:34:37 +01:00
Lukas Prettenthaler
8acd6e986a
Merge pull request #6 from red-avtovo/main
Bridge mode
2022-01-29 11:42:32 +01:00
red
467f991907 fixed comments 2022-01-28 21:43:52 +01:00
red
015fbce7c9 update k8s bridge deployment 2022-01-27 20:12:32 +01:00
red
c6c835db78 built the bridge image from zyclonite/zerotier 2022-01-27 20:11:38 +01:00
red
29c3e20476 revert original Dockerfile 2022-01-27 20:09:08 +01:00
red
3a6dd5f573 added bridge dockerfile 2022-01-27 20:02:16 +01:00