()
| 62 | } |
| 63 | |
| 64 | func (cmd *servecmd) Run() { |
| 65 | conf := cmd.ReadConfig() |
| 66 | |
| 67 | // The server's IP within the VPN virtual network |
| 68 | vpnip := network.ServerVPNIP(conf.VPN.CIDR) |
| 69 | |
| 70 | // Allow traffic to wg-access-server's peer endpoint. |
| 71 | // This is important because clients will send traffic |
| 72 | // to the embedded DNS proxy using the VPN IP |
| 73 | conf.VPN.AllowedIPs = append(conf.VPN.AllowedIPs, fmt.Sprintf("%s/32", vpnip.IP.String())) |
| 74 | |
| 75 | // WireGuard Server |
| 76 | wg := wgembed.NewNoOpInterface() |
| 77 | if conf.WireGuard.Enabled { |
| 78 | wgimpl, err := wgembed.New(conf.WireGuard.Interface) |
| 79 | if err != nil { |
| 80 | logrus.Fatal(errors.Wrap(err, "failed to create wireguard interface")) |
| 81 | } |
| 82 | defer wgimpl.Close() |
| 83 | wg = wgimpl |
| 84 | |
| 85 | logrus.Infof("starting wireguard server on 0.0.0.0:%d", conf.WireGuard.Port) |
| 86 | |
| 87 | wgconfig := &wgembed.ConfigFile{ |
| 88 | Interface: wgembed.IfaceConfig{ |
| 89 | PrivateKey: conf.WireGuard.PrivateKey, |
| 90 | Address: vpnip.String(), |
| 91 | ListenPort: &conf.WireGuard.Port, |
| 92 | }, |
| 93 | } |
| 94 | |
| 95 | if err := wg.LoadConfig(wgconfig); err != nil { |
| 96 | logrus.Fatal(errors.Wrap(err, "failed to load wireguard config")) |
| 97 | } |
| 98 | |
| 99 | logrus.Infof("wireguard VPN network is %s", conf.VPN.CIDR) |
| 100 | |
| 101 | if err := network.ConfigureForwarding(conf.WireGuard.Interface, conf.VPN.GatewayInterface, conf.VPN.CIDR, conf.VPN.AllowedIPs); err != nil { |
| 102 | logrus.Fatal(err) |
| 103 | } |
| 104 | } |
| 105 | |
| 106 | // DNS Server |
| 107 | if conf.DNS.Enabled { |
| 108 | dns, err := dnsproxy.New(dnsproxy.DNSServerOpts{ |
| 109 | Upstream: conf.DNS.Upstream, |
| 110 | }) |
| 111 | if err != nil { |
| 112 | logrus.Fatal(errors.Wrap(err, "failed to start dns server")) |
| 113 | } |
| 114 | defer dns.Close() |
| 115 | } |
| 116 | |
| 117 | // Storage |
| 118 | storageBackend, err := storage.NewStorage(conf.Storage) |
| 119 | if err != nil { |
| 120 | logrus.Fatal(errors.Wrap(err, "failed to create storage backend")) |
| 121 | } |
nothing calls this directly
no test coverage detected