mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
a211f96109
# Gateways - [x] When Gateway Group is deleted all gateways should be disconnected - [x] When Gateway Group is updated (eg. routing) broadcast to all affected gateway to disconnect all the clients - [x] When Gateway is deleted it should be disconnected - [x] When Gateway Token is revoked all gateways that use it should be disconnected # Relays - [x] When Relay Group is deleted all relays should be disconnected - [x] When Relay is deleted it should be disconnected - [x] When Relay Token is revoked all gateways that use it should be disconnected # Clients - [x] Remove Delete Client button, show clients using the token on the Actors page (#2669) - [x] When client is deleted disconnect it - [ ] ~When Gateway is offline broadcast to the Clients connected to it it's status~ - [x] Persist `last_used_token_id` in Clients and show it in tokens UI # Resources - [x] When Resource is deleted it should be removed from all gateways and clients - [x] When Resource connection is removed it should be deleted from removed gateway groups - [x] When Resource is updated (eg. traffic filters) all it's authorizations should removed # Authentication - [x] When Token is deleted related sessions are terminated - [x] When an Actor is deleted or disabled it should be disconnected from browser and client - [x] When Identity is deleted it's sessions should be disconnected from browser and client - [x] ^ Ensure the same happens for identities during IdP sync - [x] When IdP is disabled act like all actors for it are disabled? - [x] When IdP is deleted act like all actors for it are deleted? # Authorization - [x] When Policy is created clients that gain access to a resource should get an update - [x] When Policy is deleted we need to all authorizations it's made - [x] When Policy is disabled we need to all authorizations it's made - [x] When Actor Group adds or removes a user, related policies should be re-evaluated - [x] ^ Ensure the same happens for identities during IdP sync # Settings - [x] Re-send init message to Client when DNS settings change # Code - [x] Crear way to see all available topics and messages, do not use binary topics any more --------- Co-authored-by: conectado <gabrielalejandro7@gmail.com>
gateway
This crate houses the Firezone gateway.
Building
You can build the gateway using: cargo build --release --bin firezone-gateway
You should then find a binary in target/release/firezone-gateway.
Running
The Firezone Gateway supports Linux only. To run the Gateway binary on your Linux host:
- Generate a new Gateway token from the "Gateways" section of the admin portal and save it in your secrets manager.
- Ensure the
FIREZONE_TOKEN=<gateway_token>environment variable is set securely in your Gateway's shell environment. The Gateway requires this variable at startup. - Set
FIREZONE_IDto a unique string to identify this gateway in the portal, e.g.export FIREZONE_ID=$(uuidgen). The Gateway requires this variable at startup. - Now, you can start the Gateway with:
firezone-gateway
If you're running as a non-root user, you'll need the CAP_NET_ADMIN capability
to open /dev/net/tun. You can add this to the gateway binary with:
sudo setcap 'cap_net_admin+eip' /path/to/firezone-gateway
Ports
The gateway requires no open ports. Connections automatically traverse NAT with STUN/TURN via the relay.