Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External NAT IP mapping support #487

Merged
merged 5 commits into from
Nov 23, 2022
Merged

External NAT IP mapping support #487

merged 5 commits into from
Nov 23, 2022

Conversation

tkunicki
Copy link
Contributor

Support external IP mappings for host interface IPs

The external IP must not be behind a CGNAT and port-forwarding for incoming UDP packets from WgPort on from the external IP to WgPort on the host interface IP must be present. This can take form of:

  • single port-forwarding rule from external IP to host interface IP
  • 1:1 DNAT mapping ExternalIP to host interface IP
  • NAT DMZ to host interface IP.

Configuration

A special value of stun will use the STUN server's XORMappedAddress to set the External IP value; this is for installations behind dynamic DHCP assuming the above restrictions are met.

A single mapping will take the form of external[/internal]

  • external (required):
    • external IP address or stun to use STUN to determine the external IP address
  • internal (optional)
    • the host interface IP address or an interface name
    • if the "internal" argument is present and "stun" is specified for external, the STUN request will be generated by a connection originating from the specified host interface IP

Examples:

 "stun"                 => all interface IPs will be mapped to external IP reported by stun
 "12.34.56.78"          => all interfaces IPs will be mapped to external IP of 12.34.56.78
 "stun/eth0"            => IPv4 assigned to interface eth0 will be mapped to external IP reported by stun
 "stun/10.1.2.3"        => interface IP 10.1.2.3 will be mapped to external IP reported by stun
 "12.34.56.78/eth0"     => IPv4 assigned to interface eth0 will be mapped to external IP of 12.34.56.78
 "12.34.56.78/10.1.2.3" => interface IP 10.1.2.3 will be mapped to external IP of 12.34.56.78

@CLAassistant
Copy link

CLAassistant commented Sep 30, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@tkunicki tkunicki force-pushed the nat_external_ip branch 2 times, most recently from 667f9d8 to 4204878 Compare September 30, 2022 22:48
@mlsmaycon mlsmaycon requested review from braginini and mlsmaycon and removed request for braginini October 1, 2022 04:58
mlsmaycon
mlsmaycon requested changes Oct 3, 2022
View reviewed changes
Copy link
Collaborator

@mlsmaycon mlsmaycon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @tkunicki for the contribution. I left some notes.

I will ping you on slack regarding tests and the Stun comments.

client/internal/engine.go Outdated Show resolved Hide resolved
client/internal/engine.go Outdated Show resolved Hide resolved
client/internal/engine.go Show resolved Hide resolved
client/internal/engine.go Show resolved Hide resolved
client/internal/engine.go Outdated Show resolved Hide resolved
client/internal/engine.go Outdated Show resolved Hide resolved
@mlsmaycon
Copy link
Collaborator

The Release checks failed because of updated go.sum file. This usually means that go.mod was updated and your local go.sum wasn't pushed

mlsmaycon
mlsmaycon approved these changes Nov 23, 2022
View reviewed changes
Copy link
Collaborator

@mlsmaycon mlsmaycon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @tkunicki for this contribution. @braginini I will be adding unit tests here before release

@mlsmaycon mlsmaycon merged commit f604956 into netbirdio:main Nov 23, 2022
pulsastrix pushed a commit to pulsastrix/netbird that referenced this pull request Dec 24, 2023
@tkunicki
External NAT IP mapping support (netbirdio#487)
c3d0d27 
* External NAT IP mapping support

* Ignore blacklisted interfaces, even if in user specified in  mapping
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mlsmaycon mlsmaycon mlsmaycon approved these changes

@braginini braginini Awaiting requested review from braginini

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tkunicki @CLAassistant @mlsmaycon