firezone

mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00

Go to file

Jamil 54e1a79a50 fix(ios): portal connectivity and tunnel setup (#1927 )

This PR fixes issues with the iOS client connecting to the portal and
setting up the tunnel.

- portal IPv6 unique-local prefix typo
- Use `rustls-webpki-roots` instead of `rustls-native-roots` for tokio
tungstenite since the latter [only supports macOS, Linux, and
Windows](https://github.com/rustls/rustls-native-certs) while the former
seems to work on all platforms(?)
- Remove Multipath TCP entitlement for iOS since it's not relevant for
us.

@conectado After this is merged, we _almost_ have a working tunnel on
iOS. I believe the error we're hitting now is the 4-byte address family
header that we need to add and strip from each packet written to / read
from the tunnel. See below log for sample output when attempting to
connect to the `HTTPbin` resource:

```
dev.firezone.firezone.network-extension	packet-tunnel	debug	16:10:13.401705-0700	FirezoneNetworkExtensioniOS	Adapter state changed to: tunnelReady
dev.firezone.firezone.network-extension	packet-tunnel	debug	16:10:13.401731-0700	FirezoneNetworkExtensioniOS	Beginning path monitoring
com.apple.network	path	default	16:10:13.402211-0700	FirezoneNetworkExtensioniOS	nw_path_evaluator_start [1ACDE975-615B-4557-BF7C-678F3594452E <NULL> generic, multipath service: 1, attribution: developer]
	path: satisfied (Path is satisfied), interface: en0[802.11], scoped, ipv4, ipv6, dns
com.apple.network	path	info	16:10:13.402235-0700	FirezoneNetworkExtensioniOS	nw_path_evaluator_call_update_handler [1ACDE975-615B-4557-BF7C-678F3594452E] scheduling update
com.apple.network	path	info	16:10:13.402261-0700	FirezoneNetworkExtensioniOS	nw_path_evaluator_call_update_handler_block_invoke [1ACDE975-615B-4557-BF7C-678F3594452E] delivering update
com.apple.network		debug	16:10:13.402286-0700	FirezoneNetworkExtensioniOS	nw_path_copy_interface_with_generation Cache miss for interface for index 3 (generation 4574)
com.apple.network		debug	16:10:13.402312-0700	FirezoneNetworkExtensioniOS	nw_path_copy_interface_with_generation Cache miss for interface for index 31 (generation 141)
dev.firezone.firezone.network-extension	packet-tunnel	debug	16:10:13.402363-0700	FirezoneNetworkExtensioniOS	Suppressing calls to disableSomeRoamingForBrokenMobileSemantics() and bumpSockets()
dev.firezone.firezone	connlib	debug	16:10:14.368105-0700	FirezoneNetworkExtensioniOS	Reading from iface 76 bytes
dev.firezone.firezone	connlib	debug	16:10:15.369018-0700	FirezoneNetworkExtensioniOS	Reading from iface 76 bytes
dev.firezone.firezone	connlib	debug	16:10:16.095618-0700	FirezoneNetworkExtensioniOS	Reading from iface 76 bytes
dev.firezone.firezone	connlib	debug	16:10:16.370908-0700	FirezoneNetworkExtensioniOS	Reading from iface 76 bytes
dev.firezone.firezone	connlib	debug	16:10:17.372035-0700	FirezoneNetworkExtensioniOS	Reading from iface 76 bytes
dev.firezone.firezone	connlib	debug	16:10:18.373423-0700	FirezoneNetworkExtensioniOS	Reading from iface 76 bytes
dev.firezone.firezone	connlib	debug	16:10:20.402863-0700	FirezoneNetworkExtensioniOS	Reading from iface 76 bytes
dev.firezone.firezone	connlib	debug	16:10:24.381581-0700	FirezoneNetworkExtensioniOS	Reading from iface 76 bytes
dev.firezone.firezone	connlib	debug	16:10:32.374566-0700	FirezoneNetworkExtensioniOS	Reading from iface 76 bytes
dev.firezone.firezone	connlib	debug	16:10:38.137437-0700	FirezoneNetworkExtensioniOS	Text("{\"ref\":null,\"topic\":\"phoenix\",\"event\":\"phx_reply\",\"payload\":{\"status\":\"ok\",\"response\":{}}}")
dev.firezone.firezone	connlib	debug	16:10:38.137757-0700	FirezoneNetworkExtensioniOS	Phoenix status message
dev.firezone.firezone	connlib	debug	16:10:48.376339-0700	FirezoneNetworkExtensioniOS	Reading from iface 76 bytes
dev.firezone.firezone	connlib	debug	16:11:08.148369-0700	FirezoneNetworkExtensioniOS	Text("{\"ref\":null,\"topic\":\"phoenix\",\"event\":\"phx_reply\",\"payload\":{\"status\":\"ok\",\"response\":{}}}")
dev.firezone.firezone	connlib	debug	16:11:08.148654-0700	FirezoneNetworkExtensioniOS	Phoenix status message
```

2023-08-21 20:48:30 -07:00

.github

Gabi/fix relay expected message size (#1911 )

2023-08-16 20:29:51 +00:00

elixir

fix(ios): portal connectivity and tunnel setup (#1927 )

2023-08-21 20:48:30 -07:00

kotlin

android: integrate firebase crashlytics (#1908 )

2023-08-14 19:59:20 +00:00

rust

fix(ios): portal connectivity and tunnel setup (#1927 )

2023-08-21 20:48:30 -07:00

swift/apple

fix(ios): portal connectivity and tunnel setup (#1927 )

2023-08-21 20:48:30 -07:00

terraform

Grant Thomas access to staging env

2023-08-17 16:53:08 -06:00

website

feat(website): Replace cust logos (#1928 )

2023-08-21 18:51:22 +00:00

.codespellrc

Add updates from master that we want in cloud (#1774 )

2023-07-13 02:54:44 +00:00

.dockerignore

Deployment for the cloud version (#1638 )

2023-06-06 15:03:26 -06:00

.gitignore

Move elixir code to a subfolder (#1631 )

2023-05-24 15:46:51 -06:00

.markdownlint.json

Add websocket connection troubleshooting section (#977 )

2022-09-23 15:35:01 -07:00

.markdownlintignore

Cache node deps; fix minor docs typos (#923 )

2022-08-18 21:01:04 -07:00

.pre-commit-config.yaml

Announce 1.0 early access (#1791 )

2023-07-17 22:48:35 +00:00

.prettierrc.json

Announce 1.0 early access (#1791 )

2023-07-17 22:48:35 +00:00

.terraformignore

Add newlines in the end of files

2023-06-07 09:16:32 -06:00

.tool-versions

Bump Elixir/OTP versions (#1730 )

2023-07-03 23:11:47 +00:00

CODE_OF_CONDUCT.md

Merge blog site into docs, serve at subpaths (#1419 )

2023-02-15 16:52:16 -08:00

CONTRIBUTING.md

CI: add a flow that test client to resource ping (#1729 )

2023-07-05 03:17:26 +00:00

docker-compose.yml

feat(relay): allow configuration for lowest and highest allocation port (#1921 )

2023-08-18 13:04:26 -07:00

LICENSE

Update LICENSE to include component license clarification for subcomponents (#1806 )

2023-07-20 21:14:38 +00:00

NOTICE.txt

apple: Tunnel stack (#1876 )

2023-08-10 12:40:46 -05:00

README.md

Update LICENSE to include component license clarification for subcomponents (#1806 )

2023-07-20 21:14:38 +00:00

requirements.txt

Bump codespell from 2.2.4 to 2.2.5 (#1779 )

2023-07-13 17:17:02 +00:00

SECURITY.md

Add SupportOptions component and utm_source for links (#1219 )

2022-12-24 16:16:55 -06:00

README.md

Note: 🚧 The main branch is undergoing major restructuring in preparation for the 1.0 release 🚧.

See the legacy branch for the branch tracking the latest 0.7 release.

Firezone is a self-hosted VPN server and Linux firewall

Manage remote access through an intuitive web interface and CLI utility.
Deploy on your own infrastructure to keep control of your network traffic.
Built on WireGuard® to be stable, performant, and lightweight.

Get Started

Follow our deploy guide to install your self-hosted instance of Firezone.

Or, if you're on a supported platform, try our auto-install script.

Using Firezone in production at your organization? Contact us to learn about our Enterprise Plan.

Features

Fast: Uses WireGuard® to be 3-4 times faster than OpenVPN.
SSO Integration: Authenticate using any identity provider with an OpenID Connect (OIDC) connector.
Containerized: All dependencies are bundled via Docker.
Simple: Takes minutes to set up. Manage via a simple CLI.
Secure: Runs unprivileged. HTTPS enforced. Encrypted cookies.
Firewall included: Uses Linux nftables to block unwanted egress traffic.

Anti-features

Firezone is not:

An inbound firewall
A tool for creating mesh networks
A full-featured router
An IPSec or OpenVPN server

Documentation

Additional documentation on general usage, troubleshooting, and configuration can be found at https://docs.firezone.dev.

Get Help

If you're looking for help installing, configuring, or using Firezone, check our community support options:

Discussion Forums: Ask questions, report bugs, and suggest features.
Public Slack Group: Join live discussions, meet other users, and get to know the contributors.
Open a PR: Contribute a bugfix or make a contribution to Firezone.

If you need help deploying or maintaining Firezone for your business, consider contacting us about our paid support plan.

Star History

Package Repository

Package repository hosting is graciously provided by Cloudsmith. Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence.

Developing and Contributing

See CONTRIBUTING.md.

Security

See SECURITY.md.

License

Portions of this software are licensed as follows:

All content residing under the "elixir/" directory of this repository, if that directory exists, is licensed under the "Elastic License 2.0" license defined in "elixir/LICENSE".
All third party components incorporated into the Firezone Software are licensed under the original license provided by the owner of the applicable component.
Content outside of the above mentioned directories or restrictions above is available under the "Apache 2.0 License" license as defined in "LICENSE".

WireGuard® is a registered trademark of Jason A. Donenfeld.

Languages

Elixir 57.1%

Rust 29.2%

TypeScript 5.9%

Swift 3.3%

Kotlin 1.8%

Other 2.5%