From b5dfc7374c71ac1976c1c8cbfb298100382d8ec2 Mon Sep 17 00:00:00 2001 From: FuturePrayer <166296470+FuturePrayer@users.noreply.github.com> Date: Mon, 2 Jun 2025 06:47:17 +0800 Subject: [PATCH] add private mode (#897) --------- Co-authored-by: Sijie.Sun --- easytier-gui/README.md | 6 +++++- easytier-web/frontend-lib/src/components/Config.vue | 1 + easytier-web/frontend-lib/src/locales/cn.yaml | 4 ++++ easytier-web/frontend-lib/src/locales/en.yaml | 4 ++++ easytier-web/frontend-lib/src/types/network.ts | 2 ++ easytier/locales/app.yml | 3 +++ easytier/src/common/config.rs | 1 + easytier/src/easytier-core.rs | 8 ++++++++ easytier/src/launcher.rs | 4 ++++ easytier/src/peers/peer_manager.rs | 7 +++++++ easytier/src/proto/common.proto | 2 ++ easytier/src/proto/web.proto | 1 + 12 files changed, 42 insertions(+), 1 deletion(-) diff --git a/easytier-gui/README.md b/easytier-gui/README.md index beb3004..fbfb4b8 100644 --- a/easytier-gui/README.md +++ b/easytier-gui/README.md @@ -18,7 +18,11 @@ cd ../tauri-plugin-vpnservice pnpm install pnpm build -cd ../easytier-gui +cd ../easytier-web/frontend-lib +pnpm install +pnpm build + +cd ../../easytier-gui pnpm install pnpm tauri build ``` diff --git a/easytier-web/frontend-lib/src/components/Config.vue b/easytier-web/frontend-lib/src/components/Config.vue index 6b4e27a..5b4d1f7 100644 --- a/easytier-web/frontend-lib/src/components/Config.vue +++ b/easytier-web/frontend-lib/src/components/Config.vue @@ -157,6 +157,7 @@ const bool_flags: BoolFlag[] = [ { field: 'disable_encryption', help: 'disable_encryption_help' }, { field: 'disable_udp_hole_punching', help: 'disable_udp_hole_punching_help' }, { field: 'enable_magic_dns', help: 'enable_magic_dns_help' }, + { field: 'enable_private_mode', help: 'enable_private_mode_help' }, ] diff --git a/easytier-web/frontend-lib/src/locales/cn.yaml b/easytier-web/frontend-lib/src/locales/cn.yaml index 0b35776..e7e1585 100644 --- a/easytier-web/frontend-lib/src/locales/cn.yaml +++ b/easytier-web/frontend-lib/src/locales/cn.yaml @@ -116,6 +116,10 @@ enable_magic_dns: 启用魔法DNS enable_magic_dns_help: | 启用魔法DNS,允许通过EasyTier的DNS服务器访问其他节点的虚拟IPv4地址, 如 node1.et.net。 +enable_private_mode: 启用私有模式 +enable_private_mode_help: | + 启用私有模式,则不允许使用了与本网络不相同的网络名称和密码的节点通过本节点进行握手或中转。 + relay_network_whitelist: 网络白名单 relay_network_whitelist_help: | 仅转发白名单网络的流量,支持通配符字符串。多个网络名称间可以使用英文空格间隔。 diff --git a/easytier-web/frontend-lib/src/locales/en.yaml b/easytier-web/frontend-lib/src/locales/en.yaml index 4b9268d..15a0f77 100644 --- a/easytier-web/frontend-lib/src/locales/en.yaml +++ b/easytier-web/frontend-lib/src/locales/en.yaml @@ -115,6 +115,10 @@ enable_magic_dns: Enable Magic DNS enable_magic_dns_help: | Enable magic dns, all nodes in the network can access each other by domain name, e.g.: node1.et.net. +enable_private_mode: Enable Private Mode +enable_private_mode_help: | + Enable private mode, nodes with different network names or passwords from this network are not allowed to perform handshake or relay through this node. + relay_network_whitelist: Network Whitelist relay_network_whitelist_help: | Only forward traffic from the whitelist networks, supporting wildcard strings, multiple network names can be separated by spaces. diff --git a/easytier-web/frontend-lib/src/types/network.ts b/easytier-web/frontend-lib/src/types/network.ts index c9bc174..6f1af40 100644 --- a/easytier-web/frontend-lib/src/types/network.ts +++ b/easytier-web/frontend-lib/src/types/network.ts @@ -64,6 +64,7 @@ export interface NetworkConfig { mapped_listeners: string[] enable_magic_dns?: boolean + enable_private_mode?: boolean } export function DEFAULT_NETWORK_CONFIG(): NetworkConfig { @@ -121,6 +122,7 @@ export function DEFAULT_NETWORK_CONFIG(): NetworkConfig { mtu: null, mapped_listeners: [], enable_magic_dns: false, + enable_private_mode: false, } } diff --git a/easytier/locales/app.yml b/easytier/locales/app.yml index a9a7693..e68a0e9 100644 --- a/easytier/locales/app.yml +++ b/easytier/locales/app.yml @@ -155,6 +155,9 @@ core_clap: accept_dns: en: "if true, enable magic dns. with magic dns, you can access other nodes with a domain name, e.g.: .et.net. magic dns will modify your system dns settings, enable it carefully." zh-CN: "如果为true,则启用魔法DNS。使用魔法DNS,您可以使用域名访问其他节点,例如:.et.net。魔法DNS将修改您的系统DNS设置,请谨慎启用。" + private_mode: + en: "if true, nodes with different network names or passwords from this network are not allowed to perform handshake or relay through this node." + zh-CN: "如果为true,则不允许使用了与本网络不相同的网络名称和密码的节点通过本节点进行握手或中转" core_app: panic_backtrace_save: diff --git a/easytier/src/common/config.rs b/easytier/src/common/config.rs index 8295976..cdb8be6 100644 --- a/easytier/src/common/config.rs +++ b/easytier/src/common/config.rs @@ -37,6 +37,7 @@ pub fn gen_default_flags() -> Flags { disable_kcp_input: false, disable_relay_kcp: true, accept_dns: false, + private_mode: false, } } diff --git a/easytier/src/easytier-core.rs b/easytier/src/easytier-core.rs index 4f86a8c..9d2ee58 100644 --- a/easytier/src/easytier-core.rs +++ b/easytier/src/easytier-core.rs @@ -452,6 +452,13 @@ struct Cli { help = t!("core_clap.accept_dns").to_string(), )] accept_dns: Option, + + #[arg( + long, + env = "ET_PRIVATE_MODE", + help = t!("core_clap.private_mode").to_string(), + )] + private_mode: Option, } rust_i18n::i18n!("locales", fallback = "en"); @@ -770,6 +777,7 @@ impl TryFrom<&Cli> for TomlConfigLoader { f.enable_kcp_proxy = cli.enable_kcp_proxy.unwrap_or(f.enable_kcp_proxy); f.disable_kcp_input = cli.disable_kcp_input.unwrap_or(f.disable_kcp_input); f.accept_dns = cli.accept_dns.unwrap_or(f.accept_dns); + f.private_mode = cli.private_mode.unwrap_or(f.private_mode); cfg.set_flags(f); if !cli.exit_nodes.is_empty() { diff --git a/easytier/src/launcher.rs b/easytier/src/launcher.rs index 5a4480e..1465eeb 100644 --- a/easytier/src/launcher.rs +++ b/easytier/src/launcher.rs @@ -676,6 +676,10 @@ impl NetworkConfig { flags.mtu = mtu as u32; } + if let Some(enable_private_mode) = self.enable_private_mode { + flags.private_mode = enable_private_mode; + } + cfg.set_flags(flags); Ok(cfg) } diff --git a/easytier/src/peers/peer_manager.rs b/easytier/src/peers/peer_manager.rs index 2adcd8a..0fb55a9 100644 --- a/easytier/src/peers/peer_manager.rs +++ b/easytier/src/peers/peer_manager.rs @@ -422,6 +422,13 @@ impl PeerManager { tracing::info!("add tunnel as server start"); let mut peer = PeerConn::new(self.my_peer_id, self.global_ctx.clone(), tunnel); peer.do_handshake_as_server().await?; + if self.global_ctx.config.get_flags().private_mode + && peer.get_network_identity().network_name != self.global_ctx.get_network_identity().network_name + { + return Err(Error::SecretKeyError( + "private mode is turned on, network identity not match".to_string(), + )); + } if peer.get_network_identity().network_name == self.global_ctx.get_network_identity().network_name { diff --git a/easytier/src/proto/common.proto b/easytier/src/proto/common.proto index 405b028..5066d26 100644 --- a/easytier/src/proto/common.proto +++ b/easytier/src/proto/common.proto @@ -33,6 +33,8 @@ message FlagsInConfig { // enable magic dns or not bool accept_dns = 22; + // enable private mode + bool private_mode = 23; } message RpcDescriptor { diff --git a/easytier/src/proto/web.proto b/easytier/src/proto/web.proto index 1c5a9ee..c0b4f37 100644 --- a/easytier/src/proto/web.proto +++ b/easytier/src/proto/web.proto @@ -65,6 +65,7 @@ message NetworkConfig { repeated string mapped_listeners = 41; optional bool enable_magic_dns = 42; + optional bool enable_private_mode = 43; } message MyNodeInfo {