github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3fe8f6d3d81668e9ead61586fffe6789ed1cb81f
firezone/rust/client-tunnel
History
Reactor Scram b0904e382a chore: add crate for privileged Linux tunnel process (#4229) 
Refs #3713 

```[tasklist]
### Before merging
- [ ] Is 'firezone-client-tunnel' okay for the binary name?
- [ ] Using a library and building it as two binaries is correct, right? `cargo run -p firezone-client-tunnel` takes 1 second. `cargo run -p firezone-gui-client --bin firezone-client-tunnel` takes 1m42s because it builds all the GUI deps.
```
2024-03-21 14:06:55 +00:00
..
src
chore: add crate for privileged Linux tunnel process (#4229)
2024-03-21 14:06:55 +00:00
Cargo.toml
chore: add crate for privileged Linux tunnel process (#4229)
2024-03-21 14:06:55 +00:00
README.md
chore: add crate for privileged Linux tunnel process (#4229)
2024-03-21 14:06:55 +00:00

README.md

firezone-client-tunnel

A privileged tunnel process that can communicate with the Linux GUI Client (and eventually Windows)

Files

  • /etc/dev.firezone.client/token - The service account token, provided by the human administrator. Must be owned by root and have 600 permissions (r/w by owner, nobody else can read) If present, the tunnel will ignore any GUI Client and run as a headless Client. If absent, the tunnel will wait for commands from a GUI Client
  • /usr/bin/firezone-client-tunnel - The tunnel binary. This must run as root so it can modify the system's DNS settings. If DNS is not needed, it only needs CAP_NET_ADMIN.
  • /usr/lib/systemd/system/firezone-client-tunnel.service - A systemd service unit, installed by the deb package.
  • /var/lib/dev.firezone.client/config/firezone-id - The device ID, unique across an organization. The tunnel will generate this if it's not present.
Reference in New Issue View Git Blame Copy Permalink