github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
998bf17891c06c2aa459763551f682031fd1ecb8
firezone/rust/linux-client
History
Thomas Eizinger 998bf17891 refactor(connlib): only call onDisconnect for unrecoverable errors (#4014) 
Previously, we called `onDisconnect` in two kinds of situations:

- With an error when we wanted the clients to clear the token
- Without an error when the token was still valid (i.e. after a call to
`disconnect` from the clients)

This is unnecessarily redundant. Firezone is designed to **not** have a
state of "signed in but disconnected". Thus, every time connlib calls
`disconnect`, we should clear the token and sign the user out.

At present, we only do this for errors with the control plane. Errors in
the actual tunnel are only logged and we continue trying to use the
tunnel. There are errors in the tunnel where we should also give up
(i.e. TUN device gone, fatal IO error, etc). At present, those are not
yet bubbled up but we will at some point. Once we have
https://github.com/firezone/firezone/pull/3682, it will be much easier
to create a type-safe contract that ensures we only disconnect on fatal
errors.

---------

Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
Co-authored-by: ReactorScram <ReactorScram@users.noreply.github.com>
2024-03-08 02:22:48 +00:00
..
docs
docs(linux): document default DNS setup on Debian 12 and Ubuntu 20.04 (#3668)
2024-02-16 18:20:45 +00:00
src
refactor(connlib): only call onDisconnect for unrecoverable errors (#4014)
2024-03-08 02:22:48 +00:00
Cargo.toml
build(deps): Bump clap from 4.5.1 to 4.5.2 in /rust (#4009)
2024-03-07 04:39:39 +00:00
README.md
ci: document and fix a couple things for local Docker testing (#3672)
2024-02-17 16:16:39 +00:00

README.md

linux-client

This crate houses the Firezone linux client.

Building

Assuming you have Rust installed, you can build the Linux client from a Linux host with:

cargo build --release --bin firezone-linux-client

You should then find a binary in target/release/firezone-linux-client.

The releases on Github are built with musl. To build this way, use:

rustup target add x86_64-unknown-linux-musl
sudo apt-get install musl-tools
cargo build --release --bin firezone-linux-client --target x86_64-unknown-linux-musl

Running

To run the Linux client:

  1. Generate a new Service account token from the "Actors -> Service Accounts" section of the admin portal and save it in your secrets manager. The Firezone Linux client requires a service account at this time.
  2. Ensure the FIREZONE_TOKEN=<service_account_token> environment variable is set securely in your client's shell environment. The client requires this variable at startup.
  3. Set FIREZONE_ID to a unique string to identify this client in the portal, e.g. export FIREZONE_ID=$(uuidgen). The client requires this variable at startup.
  4. Set LOG_DIR to a suitable directory for writing logs 
    export LOG_DIR=/tmp/firezone-logs
mkdir $LOG_DIR
  5. Now, you can start the client with:
./firezone-linux-client

If you're running as an unprivileged user, you'll need the CAP_NET_ADMIN capability to open /dev/net/tun. You can add this to the client binary with:

sudo setcap 'cap_net_admin+eip' /path/to/firezone-linux-client
Reference in New Issue View Git Blame Copy Permalink