mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
5551eece5d
Fixes
```json
{
"insertId": "1lzwe6ffj77v9n",
"jsonPayload": {
"cos.googleapis.com/container_name": "klt-relay-vmkr",
"cos.googleapis.com/stream": "stderr",
"cos.googleapis.com/container_id": "29e6fd8f9a4ed1ce390e8a25561d73b0fd8cbcdf17344e999637301175c41fdc",
"message": " 1: invalid peer certificate: UnknownIssuer\n",
"time": "2024-01-16T20:21:49.992901207Z"
},
"resource": {
"type": "gce_instance",
"labels": {
"zone": "asia-south1-a",
"instance_id": "4570479834747179906",
"project_id": "firezone-staging"
}
},
"timestamp": "2024-01-16T20:21:49.992901207Z",
"logName": "projects/firezone-staging/logs/cos_containers",
"receiveTimestamp": "2024-01-16T20:21:50.930410255Z"
}
```
gateway
This crate houses the Firezone gateway.
Building
You can build the gateway using: cargo build --release --bin firezone-gateway
You should then find a binary in target/release/firezone-gateway.
Running
The Firezone Gateway supports Linux only. To run the Gateway binary on your Linux host:
- Generate a new Gateway token from the "Gateways" section of the admin portal and save it in your secrets manager.
- Ensure the
FIREZONE_TOKEN=<gateway_token>environment variable is set securely in your Gateway's shell environment. The Gateway requires this variable at startup. - Set
FIREZONE_IDto a unique string to identify this gateway in the portal, e.g.export FIREZONE_ID=$(uuidgen). The Gateway requires this variable at startup. - Now, you can start the Gateway with:
firezone-gateway
If you're running as a non-root user, you'll need the CAP_NET_ADMIN capability
to open /dev/net/tun. You can add this to the gateway binary with:
sudo setcap 'cap_net_admin+eip' /path/to/firezone-gateway
Ports
The gateway requires no open ports. Connections automatically traverse NAT with STUN/TURN via the relay.