suhoan/EasyTier
1
0
Fork 0
mirror of https://mirror.suhoan.cn/https://github.com/EasyTier/EasyTier.git synced 2025-12-12 20:57:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
576 Commits 20 Branches 28 Tags
7dc5988620dc34c24a80e44eb61efbab52ae5d93
Commit Graph

310 Commits

Author SHA1 Message Date
Sijie.Sun
7dc5988620 avoid udp hole punch go through tun (#1155) 2025-07-26 14:39:03 +08:00
Sijie.Sun
354a4e1d7b fix acl not work with kcp&quic (#1152) 2025-07-26 14:38:10 +08:00
Sijie.Sun
5409c5bbe7 port range should not be converted to single port (#1154) 2025-07-26 14:13:13 +08:00
Sijie.Sun
33ff9554cd need encrypt rpc if dst is in peer map (#1151) 2025-07-25 22:28:47 +08:00
Sijie.Sun
1f6a715939 releases/v2.4.0 (#1145) 
* bump version to v2.4.0
* update tauri.
* allow try direct connect to public server
 2025-07-25 00:16:15 +08:00
Sijie.Sun
8e7a8de5e5 Implement ACL (#1140) 
1. get acl stats
```
./easytier-cli acl stats
AclStats:
  Global:
    CacheHits: 4
    CacheMaxSize: 10000
    CacheSize: 5
    DefaultAllows: 3
    InboundPacketsAllowed: 2
    InboundPacketsTotal: 2
    OutboundPacketsAllowed: 7
    OutboundPacketsTotal: 7
    PacketsAllowed: 9
    PacketsTotal: 9
    RuleMatches: 2
  ConnTrack:
    [src: 10.14.11.1:57444, dst: 10.14.11.2:1000, proto: Tcp, state: New, pkts: 1, bytes: 60, created: 2025-07-24 10:13:39 +08:00, last_seen: 2025-07-24 10:13:39 +08:00]
  Rules:
    [name: 'tcp_whitelist', prio: 1000, action: Allow, enabled: true, proto: Tcp, ports: ["1000"], src_ports: [], src_ips: [], dst_ips: [], stateful: true, rate: 0, burst: 0] [pkts: 2, bytes: 120]

  ```
2. use tcp/udp whitelist to block unexpected traffic.
   `sudo ./easytier-core -d --tcp-whitelist 1000`

3. use complete acl ability with config file:

```
[[acl.acl_v1.chains]]
name = "inbound_whitelist"
chain_type = 1
description = "Auto-generated inbound whitelist from CLI"
enabled = true
default_action = 2

[[acl.acl_v1.chains.rules]]
name = "tcp_whitelist"
description = "Auto-generated TCP whitelist rule"
priority = 1000
enabled = true
protocol = 1
ports = ["1000"]
source_ips = []
destination_ips = []
source_ports = []
action = 1
rate_limit = 0
burst_limit = 0
stateful = true

```
 2025-07-24 22:13:45 +08:00
Sijie.Sun
4f53fccd25 fix bugs (#1138) 
1. avoid dns query hangs the thread
2. avoid deadloop when stun query failed because of no ipv4 addr.
3. make quic input error non-fatal.
4. remove ring tunnel from connection map to avoid mem leak.
5. limit listener retry count.
 2025-07-21 23:18:38 +08:00
Sijie.Sun
876d550f68 reduce memory usage (#1133) 
Large memory usage comes from:

Mimalloc hold large thread cache, causing abort 13M+ usage.
QUIC endpoint occupy 3M when GRO is enabled.
Smoltcp 64 tcp listener use 2MB.
 2025-07-20 19:15:28 +08:00
Sijie.Sun
2660ed5fda try create tun device if not exist (#1131) 2025-07-19 22:56:19 +08:00
Sijie.Sun
50c6f5ae6c add windows firewall for tun interface (#1130) 
allow all icmp/tcp/udp on tun interface.
 2025-07-19 20:38:44 +08:00
Sijie.Sun
85f0091056 fix latency first route of public server (#1129) 2025-07-19 18:16:53 +08:00
Sijie.Sun
e25cd9be37 add disable ipv6 option to gui/web (#1127) 2025-07-19 11:07:57 +08:00
Sijie.Sun
7f3a9c021c close peer conn if remote addr is from virtual network (#1123) 2025-07-18 03:29:48 +08:00
liusen373
0427b48d75 Allows to modify Easytier's mapped listener at runtime via RPC (#1107) 
* Add proto definition
* Implement and register the corresponding rpc service
* Parse command line parameters and call remote rpc service

---------

Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn>
 2025-07-17 20:37:05 +08:00
Jiangqiu Shen
0b729b99e7 add options to generate completions (#1103) 
* add options to generate completions

use clap-complete crate to generate completions scripts: easytier-core --generate fish > ~/.config/fish/completions/easytier-core.fish

---------

Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn>
 2025-07-17 20:35:49 +08:00
Sijie.Sun
940238f158 socks5 and port forwarding (#1118) 2025-07-17 10:09:25 +08:00
Sijie.Sun
13c2e72871 fix incorrect config check (#1086) 2025-07-06 14:20:49 +08:00
Sijie.Sun
3c65594030 smoltcp use larger tx/rx buf size (#1085) 
* smoltcp use larger tx/rx buf size
* fix direct conn check
 2025-07-06 10:53:01 +08:00
Sijie.Sun
f85b031402 handle close peer conn correctly (#1082) 2025-07-06 09:16:13 +08:00
Sijie.Sun
a4bb555fac use winapi to config ip and route (remove dep on netsh) (#1079) 
On some windows machines can not execut netsh.
Also this avoid black cmd window when using gui.
 2025-07-05 16:50:09 +08:00
DavHau
d0cfc49806 Add support for IPv6 within VPN (#1061) 
* add flake.nix with nix based dev shell
* add support for IPv6
* update thunk

---------

Co-authored-by: sijie.sun <sijie.sun@smartx.com>
 2025-07-04 23:43:30 +08:00
韩嘉乐
01e491ec07 support ohos (#974) 
* support ohos

---------

Co-authored-by: FrankHan <2777926911@qq.com>
 2025-07-02 09:44:45 +08:00
Sijie.Sun
70e69a382e allow set multithread count (#1056) 2025-06-26 02:19:33 +08:00
Sijie.Sun
cd26d9f669 fix mem leak of token bucket (#1055) 2025-06-26 02:19:26 +08:00
Sijie.Sun
4fd0253e99 fix cargo install failure (#1054) 2025-06-25 21:55:44 +08:00
Mg Pig
760a1e6306 fix rpc_portal_whitelist from config file not working (#1042) 2025-06-23 00:50:41 +08:00
Sijie.Sun
fded8b1de0 limit max conn count in foreign network manager (#1041) 2025-06-22 19:11:27 +08:00
Sijie.Sun
762d5cd392 blacklist the peers which disable p2p in hole-punching client (#1038) 2025-06-22 14:39:24 +08:00
liusen373
95e4e5a931 Implement custom fmt::Debug for some prost_build generated structs 
Currently implemented for:
1. common.Ipv4Addr
2. common.Ipv6Addr
3. common.UUID
 2025-06-21 14:56:28 +08:00
sijie.sun
dde7a4dff1 bps limit should throttle kcp packet 2025-06-19 22:53:41 +08:00
Sijie.Sun
40601bd05b add bps limiter (#1015) 
* add token bucket
* remove quinn-proto
 2025-06-19 21:15:04 +08:00
chenxudong2020
72d5ed908e quic uses the bbr congestion control algorithm (#1010) 2025-06-18 23:17:52 +08:00
liusen373
72673a9d52 Add is_hole_punched flag to PeerConn (#1001) 2025-06-18 12:14:57 +08:00
Sijie.Sun
8c2f96d1aa allow set machine uid with command line (#1009) 2025-06-18 11:02:29 +08:00
Sijie.Sun
34ba0bc95b add keepalive option for quic proxy (#1008) 
avoid connection loss when idle
 2025-06-17 23:39:56 +08:00
Mg Pig
ed162c2e66 Add conversion method from TomlConfigLoader to NetworkConfig to enhance configuration experience (#990) 
* add method to create NetworkConfig from TomlConfigLoader
* allow web export/import toml config file and gui edit toml config
* Extract the configuration file dialog into a separate component and allow direct editing of the configuration file on the web
 2025-06-15 23:41:42 +08:00
Sijie.Sun
40b5fe9a54 support quic proxy (#993) 
QUIC proxy works like kcp proxy, it can proxy TCP streams and transfer data with QUIC.
QUIC has better congestion algorithm (BBR) for network with both high loss rate and high bandwidth. 
QUIC proxy can be enabled by passing `--enable-quic-proxy` to easytier in the client side. The proxy status can be viewed by `easytier-cli proxy`.
 2025-06-15 19:43:45 +08:00
Sijie.Sun
0bab14cd72 use bulk compress instead of streaming to reduce mem usage (#985) 2025-06-14 14:55:48 +08:00
Mg Pig
b407cfd9d4 Fixed the issue where the GUI would panic after using InstanceManager (#982) 
Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn>
 2025-06-14 13:06:53 +08:00
Sijie.Sun
25dcdc652a support mapping subnet proxy (#978) 
- **support mapping subproxy network cidr**
- **add command line option for proxy network mapping**
- **fix Instance leak in tests.
 2025-06-14 11:42:45 +08:00
Sijie.Sun
950cb04534 remove macos default route on utun device (#976) 2025-06-12 22:24:34 +08:00
Sijie.Sun
c07d1286ef internal stun server should use xor mapped addr (#975) 2025-06-12 08:09:59 +08:00
Mg Pig
8ddd153022 easytier-core支持多配置文件 (#964) 
* 将web和gui允许多网络实例逻辑抽离到NetworkInstanceManager中

* easytier-core支持多配置文件

* FFI复用instance manager

* 添加instance manager 单元测试
 2025-06-11 23:17:09 +08:00
Sijie.Sun
870353c499 fix ospf route (#970) 
- **fix deadlock in ospf route introducd by #958 **
- **use random peer id for foreign network entry, because ospf route algo need peer id change after peer info version reset. this may interfere route propagation and cause node residual**
- **allow multiple nodes broadcast same network ranges for subnet proxy**
- **bump version to v2.3.2**
 2025-06-11 09:44:03 +08:00
BlackLuny
ecebbecd3b add check for rpc packet fix #963 (#969) 2025-06-09 19:35:29 +08:00
Sijie.Sun
f39fbb2ce2 ipv4-peerid table should use peer with least hop (#958) 
sometimes route table may not be updated in time, so some dead nodes are still showing in the peer list.
when generating ipv4-peer table, we should avoid these dead devices overrides the entry of healthy nodes.
 2025-06-08 11:28:59 +08:00
Kiva
ec56c0bc45 feat: allow using --proxy-forward-by-system together with --enable-exit-node (#957) 2025-06-07 22:27:57 +08:00
Mg Pig
20a6025075 Added RPC portal whitelist function, allowing only local access by default to enhance security (#929) 2025-06-07 22:05:47 +08:00
Kiva
3c7837692e fix(vpn-portal): wireguard peer table should be kept if the client roamed to another endpoint address (#954) 2025-06-07 21:19:03 +08:00
Sijie.Sun
f890812577 kcp connect retry (#952) 2025-06-07 12:24:11 +08:00