openziti / ziti-tunnel-sdk-c

Apache License 2.0
43 stars 16 forks source link

Re-Introducing dnsmasq option in ziti-edge-tunnel specially for OPENWRT supported devices #386

Closed sameersarkar-tcl closed 2 years ago

sameersarkar-tcl commented 2 years ago

The following shall be done:

  1. Re-introduced dnsmasq option
  2. Fixed an issue where routes added for individual services weren’t getting deleted after removal of service from the endpoint/identity/edge-tunnel ip route table,
  3. Fixed an issue where, removal of the files created in dnsmasq path (again they also weren’t deleted post removal of service from the endpoint/identity/edge-tunnel.
  4. Then added support of creation of tun interface with any name (which isn’t available with openziti code). This is required for teltonika boxes as it tun interface creation and in past we have observed that they have create issues in the box.
scareything commented 2 years ago

Hi Sameer.

My apologies if there was some confusion.

I helped you along with the previous issue to get you going quickly, because you had the code most of the way there except for the one missing line, but I should have been more clear that we don't intend to re-add the dnsmasq options to ziti-edge-tunnel.

I was suggesting that we make a plan to go forward with current releases of ziti-edge-tunnel and learn how to configure dnsmasq so that it works with the new capabilities of the DNS resolver in ziti-edge-tunnel.

scareything commented 2 years ago

@dariuszSki I think you mentioned you've gotten ZET to work with dnsmasq on openwrt?

dariuszSki commented 2 years ago

Yes, not fully vetted though since I have lost connection to my remote test bed. Will provide the details here if Sameer can test it. I also asked another customer to try it out and waiting for a reply back.

dariuszSki commented 2 years ago
uci add_list dhcp.@dnsmasq[0].server="100.64.0.2"
uci set dhcp.@dnsmasq[0].strictorder="true"
uci commit dhcp
/etc/init.d/dnsmasq restart
uci show |grep dns
...
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].boguspriv='1'
dhcp.@dnsmasq[0].filterwin2k='0'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].nonegcache='0'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].dhcpscript='/usr/sbin/dhcpinfo.sh'

dhcp.@dnsmasq[0].server='100.64.0.2'
dhcp.@dnsmasq[0].strictorder='true'
...

then ran the ziti-edge tunnel with u option
./ziti-edge-tunnel run -i identity.json -u 1.1.1.1
dariuszSki commented 2 years ago

In my testing, the client on the lan would be set to send dns request to GW IP of the Lan., i.e. net 192.168.1.0/24, GW IP 192.168.1.1. Requests would be sent to 192.168.1.1, and then they should be forwarded to 100.64.0.2.