github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
de6bbbc10d8ebcef47d5d57f76ddb9d68eecd40b
firezone/rust/linux-client
History
Thomas Eizinger d092e22840 feat(connlib): introduce Session::reconnect (#4116) 
I ended up calling it `reconnect` because that is really what we are
doing:

- We reconnect to the portal.
- We "reconnect" to all relays, i.e. refresh the allocations.

I decided **not** to use an ICE restart. An ICE restart clears the local
as well as the remote credentials, meaning we would need to run another
instance of the signalling protocol. The current control plane does not
support this and it is also unnecessary in our situation. In the case of
an actual network change (e.g. WiFI to cellular), refreshing of the
allocations will turn up new candidates as that is how we discovered our
original ones in the first place. Because we constantly operate in ICE
trickle mode, those will be sent to the remote via the control plane and
we start testing them.

As those new paths become available, str0m will automatically nominate
them in case the current one runs into an ICE timeout. Here is a
screen-recording of the Linux CLI client where `Session::refresh` is
triggered via the SIGHUP signal:

[Screencast from 2024-03-14
11-16-47.webm](https://github.com/firezone/firezone/assets/5486389/7171d199-f2a2-4b22-92c8-243494d5d6d8)

Provides the infrastructure for: #4028.
2024-03-14 23:23:29 +00:00
..
docs
docs(linux): document default DNS setup on Debian 12 and Ubuntu 20.04 (#3668)
2024-02-16 18:20:45 +00:00
src
feat(connlib): introduce Session::reconnect (#4116)
2024-03-14 23:23:29 +00:00
Cargo.toml
refactor(connlib): don't start a runtime as part of Session (#4119)
2024-03-14 00:06:29 +00:00
README.md
ci: document and fix a couple things for local Docker testing (#3672)
2024-02-17 16:16:39 +00:00

README.md

linux-client

This crate houses the Firezone linux client.

Building

Assuming you have Rust installed, you can build the Linux client from a Linux host with:

cargo build --release --bin firezone-linux-client

You should then find a binary in target/release/firezone-linux-client.

The releases on Github are built with musl. To build this way, use:

rustup target add x86_64-unknown-linux-musl
sudo apt-get install musl-tools
cargo build --release --bin firezone-linux-client --target x86_64-unknown-linux-musl

Running

To run the Linux client:

  1. Generate a new Service account token from the "Actors -> Service Accounts" section of the admin portal and save it in your secrets manager. The Firezone Linux client requires a service account at this time.
  2. Ensure the FIREZONE_TOKEN=<service_account_token> environment variable is set securely in your client's shell environment. The client requires this variable at startup.
  3. Set FIREZONE_ID to a unique string to identify this client in the portal, e.g. export FIREZONE_ID=$(uuidgen). The client requires this variable at startup.
  4. Set LOG_DIR to a suitable directory for writing logs 
    export LOG_DIR=/tmp/firezone-logs
mkdir $LOG_DIR
  5. Now, you can start the client with:
./firezone-linux-client

If you're running as an unprivileged user, you'll need the CAP_NET_ADMIN capability to open /dev/net/tun. You can add this to the client binary with:

sudo setcap 'cap_net_admin+eip' /path/to/firezone-linux-client
Reference in New Issue View Git Blame Copy Permalink