github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
55ba09c8bf73ab15d64929fbb6de64e6bc543084
firezone/rust/connlib
History
Gabi e3546cfa12 connlib: limit the number of host candidates used (#2746) 
In some cases we were obvserving that connections between clients and
gateways couldn't be established.

This happened even when candidates where being found on both ends.

This usually was obvserved when ipv6 isn't working on the relays and
it's still used as one of the viable candidates.

To reproduce this more easily I created an iface with 50 ips using this
script:

```bash
#!/bin/bash

# Generate 10 IPv6 addresses
for i in {1..10}
do
  for j in {1..5}
  do
    # Generate a random IPv6 address
    ipv6_address=$(openssl rand -hex 5 | sed 's/\(..\)/\1:/g; s/.$//' | awk '{print "fd00::"$1}')

    # Add IPv6 address to lo0
    sudo ifconfig lo0 inet6 alias $ipv6_address

    echo "Added IPv6 address $ipv6_address to lo0"
  done
done
```

This behavior was almost consistently obvserved, as it depended on the
order candidates were used.

I tried modifying timeouts and the limits to channel binding requests
that are internal to webrtc but the connections were still not
consistent, the only thing that worked was limiting the number of host
candidates.

This is okay since even if we can't stablish the local connection (no
hairpin nat) relayed connection will still happen.

But this is not a good long-term solution. In the future we should be
smarter how we sort and ping candidates, prioritizing srflx to srflx or
srflx to relay and leave host candidates for last. Will be easier to
improve on after refactoring webrtc out.
2023-11-30 14:33:07 +00:00
..
clients
connlib: fix logging string for macos (#2658)
2023-11-16 06:11:42 +00:00
shared
feat(connlib): directly send wireguard traffic instead of tunneling it through WebRTC datachannels (#2643)
2023-11-16 02:59:48 +00:00
tunnel
connlib: limit the number of host candidates used (#2746)
2023-11-30 14:33:07 +00:00
.gitignore
android: update connlib dependency and integration (#1752)
2023-07-17 18:50:39 +00:00
README.md
connlib: Connection mock (#1721)
2023-07-03 18:48:55 +00:00

README.md

Connlib

Firezone's connectivity library shared by all clients.

🚧 Disclaimer 🚧

NOTE: This repository is undergoing heavy construction. You could say we're Building In The Open™ in true open source spirit. Do not attempt to use anything released here until this notice is removed. You have been warned.

Building Connlib

Setting the CONNLIB_MOCK environment variable when packaging for Apple or Android will activate the mock feature flag, replacing connlib's normal connection logic with a mock for testing purposes.

  1. You'll need a Rust toolchain installed if you don't have one already. We recommend following the instructions at https://rustup.rs.
  2. rustup show will install all needed targets since they are added to rust-toolchain.toml.
  3. Follow the relevant instructions for your platform:
  4. Apple
  5. Android
  6. Linux
  7. Windows

Apple

Connlib should build successfully with recent macOS and Xcode versions assuming you have Rust installed. If not, open a PR with the notes you found.

Android

Linux

Windows

Reference in New Issue View Git Blame Copy Permalink