mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-03-21 16:41:47 +00:00
2bca378f17
## Changelog - Updates connlib parameter API_URL (formerly known under different names as `CONTROL_PLANE_URL`, `PORTAL_URL`, `PORTAL_WS_URL`, and friends) to be configured as an "advanced" or "hidden" feature at runtime so that we can test production builds on both staging and production. - Makes `AUTH_BASE_URL` configurable at runtime too - Moves `CONNLIB_LOG_FILTER_STRING` to be configured like this as well and simplifies its naming - Fixes a timing attack bug on Android when comparing the `csrf` token - Adds proper account ID validation to Android to prevent invalid URL parameter strings from being saved and used - Cleans up a number of UI / view issues on Android regarding typos, consistency, etc - Hides vars from from the `relay` CLI we may not want to expose just yet - `get_device_id()` is flawed for connlib components -- SMBios is rarely available. Data plane components now require a `FIREZONE_ID` now instead to use for upserting. Fixes #2482 Fixes #2471 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
46 lines
1.3 KiB
Markdown
46 lines
1.3 KiB
Markdown
# linux-client
|
|
|
|
This crate houses the Firezone linux client.
|
|
|
|
## Building
|
|
|
|
Assuming you have Rust installed, you can build the Linux client from a Linux
|
|
host with:
|
|
|
|
```
|
|
cargo build --release --bin firezone-linux-client
|
|
```
|
|
|
|
You should then find a binary in `target/release/firezone-linux-client`.
|
|
|
|
## Running
|
|
|
|
To run the Linux client:
|
|
|
|
1. Generate a new Service account token from the "Actors -> Service Accounts"
|
|
section of the admin portal and save it in your secrets manager. The Firezone
|
|
Linux client requires a service account at this time.
|
|
1. Ensure the `FIREZONE_TOKEN=<service_account_token>` environment variable is
|
|
set securely in your client's shell environment. The client requires this
|
|
variable at startup.
|
|
1. Set `FIREZONE_ID` to a unique string to identify this client in the portal,
|
|
e.g. `export FIREZONE_ID=$(uuidgen)`. The client requires this variable at
|
|
startup.
|
|
1. Set `LOG_DIR` to a suitable directory for writing logs
|
|
```
|
|
export LOG_DIR=/tmp/firezone-logs
|
|
mkdir $LOG_DIR
|
|
```
|
|
1. Now, you can start the client with:
|
|
|
|
```
|
|
./firezone-linux-client
|
|
```
|
|
|
|
If you're running as an unprivileged user, you'll need the `CAP_NET_ADMIN`
|
|
capability to open `/dev/net/tun`. You can add this to the client binary with:
|
|
|
|
```
|
|
sudo setcap 'cap_net_admin+eip' /path/to/firezone-linux-client
|
|
```
|