search

webmeshproj / webmesh

A simple, distributed, zero-configuration WireGuard mesh solution
https://webmeshproj.github.io
Apache License 2.0
425 stars 16 forks source link

ip changing #9

Closed bbigras closed 1 year ago

bbigras commented 1 year ago

An extra thing I'll call out - and it's making me wonder if this should remain the default behavior or not - is unless you specify a --wireguard.key-file - you'll generate a fresh one on each boot (you can specify it at a non-existant path and it will generate it for you the first time).

Originally posted by @tinyzimmer in https://github.com/webmeshproj/webmesh/issues/7#issuecomment-1670259363

Today I'm trying to connect my rpi (at home) to my vps (as the server). The rpi gets 172.16.0.2 at first, but if I restart the node, it gets 172.16.0.3. If I restart it again, I get 172.16.0.2 again. Is that normal?

# vps (server)
sudo webmesh-node \
     --global.detect-endpoints \
     --global.mtls \
     --global.tls-cert-file=/opt/webmesh/tls.crt \
     --global.tls-key-file=/opt/webmesh/tls.key \
     --global.tls-ca-file=/opt/webmesh/ca.crt \
     --wireguard.key-file=/opt/webmesh/wg-key \
     --bootstrap.enabled \
     --wireguard.listen-port 51821 \
     --global.primary-endpoint vps_real_ip \
     --global.no-ipv6

# rpi
sudo webmesh-node \
     --global.detect-endpoints \
     --global.mtls \
     --global.tls-cert-file=/opt/webmesh/tls.crt \
     --global.tls-key-file=/opt/webmesh/tls.key \
     --global.tls-ca-file=/opt/webmesh/ca.crt \
     --wireguard.key-file=/opt/webmesh/wg-key \
     --global.verify-chain-only \
     --mesh.join-address=vps_real_ip:8443 \
     --wireguard.listen-port 51821 \
     --global.no-ipv6

# restart webmesh-node on rpi
tinyzimmer commented 1 year ago

Yea - that's just a byproduct of the eventual consistency of the raft log. This is where potentially using the meshdns service is useful. It will resolve nodes to their ip address at <node-id>.<mesh-domain>. Where mesh-domain defaults to "webmesh.internal" and can be overridden at bootstrap.

IPAM itself is a plugin and you could write your own to do it. The only built-in one right now does dynamic assignments. I am thinking a built-in static one may not be a terrible idea.

tinyzimmer commented 1 year ago

On second glance - there is some room for the leader to reuse an existing IP address under certain conditions. It's just a gamble if I want to allow that. My initial thought process at the time was it was more important to never have a collision than it was to try to reuse things. Every "Join" is effectively you saying hello for the first time.

tinyzimmer commented 1 year ago

7eab325e397ee9b5f291897093d83b2c384ffebf adds the ability to include static address assignments in the built-in IPAM plugin. This should provide more predictability in simpler setups.

bbigras commented 1 year ago

Nice.

I tried --mesh.meshdns yesterday. I think it would work fine for me on Linux since I'm already using "split dns" with resolved, but statics IPs should be simpler on Android (nix-on-droid) and Windows for me.

bbigras commented 1 year ago

btw, webmesh is now in nixpkgs https://repology.org/project/webmesh/versions :tada:

tinyzimmer commented 1 year ago

btw, webmesh is now in nixpkgs https://repology.org/project/webmesh/versions tada

Sweet! I'll add it to the website. I also need to update that webmesh-git package to pin versions now. With perhaps another one that builds from main. Will do that with this next release.

Gonna close this issue for now since we at least have an interim solution, but as always - I'll need to keep improving documentation.

tinyzimmer commented 1 year ago

I'm not super familar with NixOS - But I've added a link to your package here: https://webmeshproj.github.io/documentation/installation-instructions/#nixos

Feel free to let me know if I should add more context. Or you are also welcome to open a PR to the website repo. It's just a simple Hugo app.