* Sort clients list by `last_seen_at` desc. This handles the `online?`
case too. Before, they were sorted by `asc` which made it hard to see
which recent clients were connected
* Scope the client log filename by account slug and actor name so it's
easier to find.
Stacked on PR #2883
There will be more changes after this PR, these features are still
broken:
- Can't change filter at runtime yet, you have to restart the client app
- connlib and GUI are sending logs to the same connlib logs files, they
should be separated
---------
Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
This reduces the failover time by depending on webrtc's keepalive
instead of wireguard's.
We have much more control over that, since boringtun doesn't bubble up
any of the keepalives timeout(only a trace warning).
In the a next commit, when things are more stable, we should just get
rid of wireguard's keep alive. When we remove webrtc we will build our
own.
Events based on `keepalive` timeouts are key to our failover system, so
we **need** it.
Draft because it's built on top of #2891 (which is completely separate
code but without that the failover just doesn't work correctly)
<img width="1552" alt="Screenshot 2023-12-12 at 11 29 43 PM"
src="https://github.com/firezone/firezone/assets/167144/d517c830-64a8-462d-8cb5-c41835fa2059">
Found a reliable way to return default system DNS resolvers on iOS and
macOS. Even if this method is not perfect, I think it's still worth
pursuing because:
* Many administrators will set an upstream resolver in the portal anyway
(bypassing client system resolvers)
* It unifies our Split DNS approach across platforms (assuming we can
query the default system resolvers on Windows), allowing connlib to
intercept all DNS queries on all platforms. This opens the door for some
interesting feature possibilities in the area of malicious query
blocking. This also makes DNS bugs easier to investigate because there's
only one codepath for packets to take. See
https://github.com/firezone/firezone/issues/2859
Draft because it needs more testing and I need to figure out the
`RustVec<RustString>` type for the Swift -> Rust FFI.
Refs #2713
When a peer expired the os might have cached the old internal ips that
we used, then with a new peer we were assigning new ips and that cached
ip might have been wrong, then the tunnel would be in state where it
would send the wrong response to this ips.
With this PR we try to always reuse the old ip if there's any available.
Fixes#2725.
This PR adds a new tab in settings called "Diagnostic Logs". It has:
- A label saying: "Log directory size: `<size>`"
- A button to clear the logs
- A button to export logs
We calculate the log directory size when the user navigates to that tab.
When “Clear logs” button is clicked, we can stop the calculation (if
it’s going on), and then clear the logs. We refresh the log size every 1
min. We stop refreshing when the user goes to another tab. We’ll refresh
when the user navigates to the Log tab.
Previously, we just expected the portal to disconnects us and 401 on the
retry, right now we harden that behaviour by also just disconnecting
when token expiration.
This seems to work, there's another part to this which is not only
handling the replies but also handling the message generated by the
portal, I'll implement that when I can easily test expirying tokens, for
now this makes the client much more stable.
- Added google workspace docs at `/kb/authenticate/google`
- Updated in-product Provider creation form with more details and a link
to docs
- Fixed bg-color for unauthenticated layouts
---------
Co-authored-by: Brian Manifold <bmanifold@gmail.com>
just silly but important mistake 😛fixes#2858 and #2859 (though there might be an additional edge case in
#2859 where the upstream server is set as a dns, though it seems to work
some further testing would be good)
At present, the definition of `Device` is heavily nested with
conditional code. I've found this hard to understand and navigate.
Recent refactorings now made it possible to remove a lot of these layers
so we primarily deal with two concepts:
- A `Device` which offers async read and non-blocking write functions
- A `Tun` abstraction which is platform-specific
Instead of dedicated modules, I chose to feature-flag individual
functions on `Device` with `#[cfg(target_family = "unix")]` and
`#[cfg(target_family = "windows")]`. I find this easier to understand
because the code is right next to each other.
In addition, changing the module hierarchy of `Device` allows us to
remove `async` from the public API which is only introduced by the use
of `rtnetlink` in Linux. Instead of making functions across all `Tun`
implementations `async`, we embed a "worker" within the `linux::Tun`
implementation that gets polled before `poll_read`.
---------
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
It'll show UAC when you first run the app. After that we can open and
close the VPN network adapter without showing more UAC dialogs since we
have sudo powers.
Fixes: #2854.
Note: this is ready for review but reproducing the bug that triggered
the fix takes ~1 hour or so, so I would like to wait to check that's
fixed.
Can be reviewed meanwhile.
* Fix numerous typos and grammar
* Align all next/continue action buttons to the right side of the form
* Rework the Gateway deploy page to be more readable and use consistent
colors
* Link to `Troubleshooting` guide for gateway deployments
* Add spacing between `:sections` so they stand out more
* Move help paragraphs into `:help`s
* Make links consistent to `text-accent-500` to match website/docs
(buttons unchanged)
* Add `warning` style button
More to come in further PRs
---------
Co-authored-by: Brian Manifold <bmanifold@gmail.com>
We're uploading dupe builds of the client on macOS and iOS because we're
testing the build on Xcode 14 and 15.
Since Xcode 15 is stable now, builds for 14 can be removed.
* Reconnect 60 times to reconnect, every second
* Fix "in limbo" animation to occur during reconnecting, disconnecting,
and reasserting states (up to 60 seconds)
It doesn't run with `--example` because Tauri's build process doesn't
seem to be compatible with that.
But it does build the permissions test exe in CI. I might change that a
general test exe later so that I don't have to add more build targets.
It adds about 5 minutes to the CI, sccache only seems to speed up the
build for the 2nd exe a tiny bit.
* Removes remaining traces of account ID. We don't have any external
users using the app _yet_ so I wanted to remove the tech debt completely
before we get the app to testers
* Adds logo to welcome screen
* Removes "CONNECTION" section from MainView
