search

kayrus / gof5

Open Source F5 BIG-IP VPN client for Linux, MacOS, FreeBSD and Windows
Apache License 2.0
134 stars 25 forks source link

fixDisableDNS #33

Closed renatopancheri closed 3 years ago

renatopancheri commented 3 years ago

Hi!

i think i've found a small bug when setting disableDNS: true in config.yaml:

root@prdtun139:~# ./gof5_linux_amd64  --server https://XXXXXXX --username XXXXXXX --password XXXXXXXXX
2021/07/29 16:51:07 gof5 v0.1.3-6-gda6e8ac compiled with go1.16.2 for linux/amd64
2021/07/29 16:51:07 Reusing saved HTTPS VPN session for XXXXXXXXXXXXXXXXX
2021/07/29 16:51:07 Found F5 VPN profiles: ["0:/Common/bcs-vpn.access_profile_ADAuth_custom_portalaccess-vpn-bcs.network_access"]
2021/07/29 16:51:07 Using "/Common/bcs-vpn.access_profile_ADAuth_custom_portalaccess-vpn-bcs.network_access" F5 VPN profile
2021/07/29 16:51:08 MTU: 1411
2021/07/29 16:51:08 Magic: 528e4b49
2021/07/29 16:51:08 PFC: 0702
2021/07/29 16:51:08 ACFC: 0802
2021/07/29 16:51:08 id: 1, IPV6 accepted
2021/07/29 16:51:08 id: 2, MTU accepted
2021/07/29 16:51:08 id: 1, id2: 3, Remote IPv4 requested: 1.1.1.1
2021/07/29 16:51:08 id: 1, id2: 1, Remote IPv6 requested: fe80::6cc0:a6a0:34:f40d
2021/07/29 16:51:08 id: 1, id2: 3, Local IPv4 not acknowledged: 172.16.82.115
2021/07/29 16:51:08 id: 1, id2: 3, Local IPv4 acknowledged: 172.16.82.115
2021/07/29 16:51:08 Using wireguard module to create tunnel
2021/07/29 16:51:08 Created tun0 interface
2021/07/29 16:51:08 Setting routes on tun0 interface
2021/07/29 16:51:08 Applying routes, pushed from F5 VPN server
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x887b0c]

goroutine 30 [running]:
github.com/kayrus/tuncfg/resolv.(*Handler).GetOriginalDNS(...)
        github.com/kayrus/tuncfg@v0.0.0-20210314181855-c4c275404a9a/resolv/resolv.go:166
github.com/kayrus/gof5/pkg/link.(*vpnLink).WaitAndConfig(0xc00022b0e0, 0xc0000b2630)
        github.com/kayrus/gof5/pkg/link/link.go:326 +0x1cc
created by github.com/kayrus/gof5/pkg/client.Connect
        github.com/kayrus/gof5/pkg/client/client.go:177 +0xcd9

looking at the code in pkg/link/link.go:326 seems to me pretty straight forward that there is an if statement missing in that block,

adding the if !cfg.DisableDNS { seems to fix the issue.

kayrus commented 3 years ago

Thanks for finding this bug. Unfortunately your fix is not quite correct, because the part of the code you're trying to put a condition to is responsible for handling routes to the original DNS server. The bug lies in l.resolvHandler initialization: https://github.com/kayrus/gof5/blob/da6e8ac2b33ddd4cc16d545055f6a54994b97e62/pkg/link/link.go#L295-L301

E.g. when wifi provides a DNS server, which is not a part of the current subnet. I already have a new-tuncfg WIP branch to fix this. Also need to provide a case, when there is a wifi's DNS and a primary VPN dns (wifi->wireguard->gof5).

gof5 needs to get current DNS setup anyway, even when DNS is disabled. I'll take a closer look into this problem and provide a fix.