From 4db9a9ef98521dd780d66e6b12e3a9d3e99fe117 Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Thu, 30 Jan 2025 02:09:20 +0000 Subject: [PATCH] chore(gateway): tell users to check their firewall rules (#7953) --- rust/gateway/src/eventloop.rs | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/rust/gateway/src/eventloop.rs b/rust/gateway/src/eventloop.rs index ec0c04ab4..47b14da48 100644 --- a/rust/gateway/src/eventloop.rs +++ b/rust/gateway/src/eventloop.rs @@ -16,11 +16,11 @@ use firezone_tunnel::{ use phoenix_channel::{PhoenixChannel, PublicKeyParam}; use std::collections::BTreeSet; use std::convert::Infallible; -use std::io; use std::net::IpAddr; use std::sync::Arc; use std::task::{Context, Poll}; use std::time::{Duration, Instant}; +use std::{io, mem}; use tokio::sync::Mutex; use tracing::Instrument; @@ -49,6 +49,8 @@ pub struct Eventloop { resolve_tasks: futures_bounded::FuturesTupleSet>, ResolveTrigger>, set_interface_tasks: futures_bounded::FuturesSet>, + + logged_permission_denied: bool, } impl Eventloop { @@ -65,6 +67,7 @@ impl Eventloop { tun_device_manager: Arc::new(Mutex::new(tun_device_manager)), resolve_tasks: futures_bounded::FuturesTupleSet::new(DNS_RESOLUTION_TIMEOUT, 1000), set_interface_tasks: futures_bounded::FuturesSet::new(Duration::from_secs(5), 10), + logged_permission_denied: false, } } } @@ -84,6 +87,13 @@ impl Eventloop { // Network unreachable most likely means we don't have IPv4 or IPv6 connectivity. continue; } + Poll::Ready(Err(e)) if e.kind() == io::ErrorKind::PermissionDenied => { + if !mem::replace(&mut self.logged_permission_denied, true) { + tracing::info!("Encountered `PermissionDenied` IO error. Check your local firewall rules to allow outbound STUN/TURN/WireGuard and general UDP traffic.") + } + + continue; + } Poll::Ready(Err(e)) => { debug_assert_ne!( e.kind(),