wip

feat(publicip): support custom API url echoip#https://... (#2529 )
Chore(deps): Bump golang.org/x/sys from 0.26.0 to 0.27.0 (#2573 )
2024-11-08 17:25:12 +00:00 · 2024-11-08 17:37:08 +01:00 · 2024-11-08 17:33:30 +01:00 · 2024-11-08 17:33:18 +01:00
13 changed files with 249 additions and 49 deletions
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/golang/mock v1.6.0
 	github.com/klauspost/compress v1.17.11
 	github.com/klauspost/pgzip v1.2.6
-	github.com/pelletier/go-toml/v2 v2.2.2
+	github.com/pelletier/go-toml/v2 v2.2.3
 	github.com/qdm12/dns/v2 v2.0.0-rc8
 	github.com/qdm12/gosettings v0.4.3
 	github.com/qdm12/goshutdown v0.3.0
@@ -22,7 +22,7 @@ require (
 	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
 	golang.org/x/net v0.30.0
-	golang.org/x/sys v0.26.0
+	golang.org/x/sys v0.27.0
 	golang.org/x/text v0.19.0
 	golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173
 	golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6
--- a/go.sum
+++ b/go.sum
@@ -4,7 +4,6 @@ github.com/breml/rootcerts v0.2.18 h1:KjZaNT7AX/akUjzpStuwTMQs42YHlPyc6NmdwShVba
 github.com/breml/rootcerts v0.2.18/go.mod h1:S/PKh+4d1HUn4HQovEB8hPJZO6pUZYrIhmXBhsegfXw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
@@ -42,8 +41,8 @@ github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 h1:RlZweED6sbSArvlE9
 github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
-github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
+github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
+github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
@@ -74,13 +73,6 @@ github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3 h1:f/FNXud6gA3MNr
 github.com/riobard/go-bloom v0.0.0-20200614022211-cdc8013cb5b3/go.mod h1:HgjTstvQsPGkxUsCd2KWxErBblirPizecHcpD3ffK+s=
 github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
 github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
@@ -120,8 +112,8 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -150,7 +142,6 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ=
--- a/internal/netlink/types.go
+++ b/internal/netlink/types.go
@@ -32,6 +32,11 @@ type Route struct {
 	Type      int
 }

+func (r Route) String() string {
+	return fmt.Sprintf("{link %d, dst %s, src %s, gw %s, priority %d, family %d, table %d, type %d}",
+		r.LinkIndex, r.Dst, r.Src, r.Gw, r.Priority, r.Family, r.Table, r.Type)
+}
+
 type Rule struct {
 	Priority int
 	Family   int
--- a/internal/publicip/api/api.go
+++ b/internal/publicip/api/api.go
@@ -3,7 +3,11 @@ package api
 import (
 	"errors"
 	"fmt"
+	"maps"
 	"net/http"
+	"net/url"
+	"regexp"
+	"slices"
 	"strings"
 )

@@ -16,6 +20,8 @@ const (
 	IP2Location Provider = "ip2location"
 )

+const echoipPrefix = "echoip#"
+
 type NameToken struct {
 	Name  string
 	Token string
@@ -30,15 +36,19 @@ func New(nameTokenPairs []NameToken, client *http.Client) (
 		if err != nil {
 			return nil, fmt.Errorf("parsing API name: %w", err)
 		}
-		switch provider {
-		case Cloudflare:
+		switch {
+		case provider == Cloudflare:
 			fetchers[i] = newCloudflare(client)
-		case IfConfigCo:
-			fetchers[i] = newIfConfigCo(client)
-		case IPInfo:
+		case provider == IfConfigCo:
+			const ifConfigCoURL = "https://ifconfig.co"
+			fetchers[i] = newEchoip(client, ifConfigCoURL)
+		case provider == IPInfo:
 			fetchers[i] = newIPInfo(client, nameTokenPair.Token)
-		case IP2Location:
+		case provider == IP2Location:
 			fetchers[i] = newIP2Location(client, nameTokenPair.Token)
+		case strings.HasPrefix(string(provider), echoipPrefix):
+			url := strings.TrimPrefix(string(provider), echoipPrefix)
+			fetchers[i] = newEchoip(client, url)
 		default:
 			panic("provider not valid: " + provider)
 		}
@@ -46,20 +56,88 @@ func New(nameTokenPairs []NameToken, client *http.Client) (
 	return fetchers, nil
 }

+var regexEchoipURL = regexp.MustCompile(`^http(s|):\/\/.+$`)
+
 var ErrProviderNotValid = errors.New("API name is not valid")

 func ParseProvider(s string) (provider Provider, err error) {
-	switch strings.ToLower(s) {
-	case "cloudflare":
-		return Cloudflare, nil
-	case string(IfConfigCo):
-		return IfConfigCo, nil
-	case "ipinfo":
-		return IPInfo, nil
-	case "ip2location":
-		return IP2Location, nil
-	default:
-		return "", fmt.Errorf(`%w: %q can only be "cloudflare", "ifconfigco", "ip2location" or "ipinfo"`,
-			ErrProviderNotValid, s)
+	possibleProviders := []Provider{
+		Cloudflare,
+		IfConfigCo,
+		IP2Location,
+		IPInfo,
 	}
+	stringToProvider := make(map[string]Provider, len(possibleProviders))
+	for _, provider := range possibleProviders {
+		stringToProvider[string(provider)] = provider
+	}
+	provider, ok := stringToProvider[strings.ToLower(s)]
+	if ok {
+		return provider, nil
+	}
+
+	customPrefixToURLRegex := map[string]*regexp.Regexp{
+		echoipPrefix: regexEchoipURL,
+	}
+	for prefix, urlRegex := range customPrefixToURLRegex {
+		match, err := checkCustomURL(s, prefix, urlRegex)
+		if !match {
+			continue
+		} else if err != nil {
+			return "", err
+		}
+		return Provider(s), nil
+	}
+
+	providerStrings := make([]string, 0, len(stringToProvider)+len(customPrefixToURLRegex))
+	for _, providerString := range slices.Sorted(maps.Keys(stringToProvider)) {
+		providerStrings = append(providerStrings, `"`+providerString+`"`)
+	}
+	for _, prefix := range slices.Sorted(maps.Keys(customPrefixToURLRegex)) {
+		providerStrings = append(providerStrings, "a custom "+prefix+" url")
+	}
+
+	return "", fmt.Errorf(`%w: %q can only be %s`,
+		ErrProviderNotValid, s, orStrings(providerStrings))
+}
+
+var ErrCustomURLNotValid = errors.New("custom URL is not valid")
+
+func checkCustomURL(s, prefix string, regex *regexp.Regexp) (match bool, err error) {
+	if !strings.HasPrefix(s, prefix) {
+		return false, nil
+	}
+	s = strings.TrimPrefix(s, prefix)
+	_, err = url.Parse(s)
+	if err != nil {
+		return true, fmt.Errorf("%s %w: %w", prefix, ErrCustomURLNotValid, err)
+	}
+
+	if regex.MatchString(s) {
+		return true, nil
+	}
+
+	return true, fmt.Errorf("%s %w: %q does not match regular expression: %s",
+		prefix, ErrCustomURLNotValid, s, regex)
+}
+
+func orStrings(strings []string) (result string) {
+	return joinStrings(strings, "or")
+}
+
+func joinStrings(strings []string, lastJoin string) (result string) {
+	if len(strings) == 0 {
+		return ""
+	}
+
+	result = strings[0]
+	for i := 1; i < len(strings); i++ {
+		if i < len(strings)-1 {
+			result += ", " + strings[i]
+		} else {
+			result += " " + lastJoin + " " + strings[i]
+		}
+	}
+
+	return result
 }
--- a/internal/publicip/api/api_test.go
+++ b/internal/publicip/api/api_test.go
@@ -0,0 +1,68 @@
+package api
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_ParseProvider(t *testing.T) {
+	t.Parallel()
+
+	testCases := map[string]struct {
+		s          string
+		provider   Provider
+		errWrapped error
+		errMessage string
+	}{
+		"empty": {
+			errWrapped: ErrProviderNotValid,
+			errMessage: `API name is not valid: "" can only be ` +
+				`"cloudflare", "ifconfigco", "ip2location", "ipinfo" or a custom echoip# url`,
+		},
+		"invalid": {
+			s:          "xyz",
+			errWrapped: ErrProviderNotValid,
+			errMessage: `API name is not valid: "xyz" can only be ` +
+				`"cloudflare", "ifconfigco", "ip2location", "ipinfo" or a custom echoip# url`,
+		},
+		"ipinfo": {
+			s:        "ipinfo",
+			provider: IPInfo,
+		},
+		"IpInfo": {
+			s:        "IpInfo",
+			provider: IPInfo,
+		},
+		"echoip_url_empty": {
+			s:          "echoip#",
+			errWrapped: ErrCustomURLNotValid,
+			errMessage: `echoip# custom URL is not valid: "" ` +
+				`does not match regular expression: ^http(s|):\/\/.+$`,
+		},
+		"echoip_url_invalid": {
+			s:          "echoip#postgres://localhost:3451",
+			errWrapped: ErrCustomURLNotValid,
+			errMessage: `echoip# custom URL is not valid: "postgres://localhost:3451" ` +
+				`does not match regular expression: ^http(s|):\/\/.+$`,
+		},
+		"echoip_url_valid": {
+			s:        "echoip#http://localhost:3451",
+			provider: Provider("echoip#http://localhost:3451"),
+		},
+	}
+
+	for name, testCase := range testCases {
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+
+			provider, err := ParseProvider(testCase.s)
+
+			assert.Equal(t, testCase.provider, provider)
+			assert.ErrorIs(t, err, testCase.errWrapped)
+			if testCase.errWrapped != nil {
+				assert.EqualError(t, err, testCase.errMessage)
+			}
+		})
+	}
+}
--- a/internal/publicip/api/ifconfigco.go
+++ b/internal/publicip/api/ifconfigco.go
@@ -6,39 +6,45 @@ import (
 	"fmt"
 	"net/http"
 	"net/netip"
+	"strings"

 	"github.com/qdm12/gluetun/internal/models"
 )

-type ifConfigCo struct {
+type echoip struct {
 	client *http.Client
+	url    string
 }

-func newIfConfigCo(client *http.Client) *ifConfigCo {
-	return &ifConfigCo{
+func newEchoip(client *http.Client, url string) *echoip {
+	return &echoip{
 		client: client,
+		url:    url,
 	}
 }

-func (i *ifConfigCo) String() string {
-	return string(IfConfigCo)
+func (e *echoip) String() string {
+	s := e.url
+	s = strings.TrimPrefix(s, "http://")
+	s = strings.TrimPrefix(s, "https://")
+	return s
 }

-func (i *ifConfigCo) CanFetchAnyIP() bool {
+func (e *echoip) CanFetchAnyIP() bool {
 	return true
 }

-func (i *ifConfigCo) Token() string {
+func (e *echoip) Token() string {
 	return ""
 }

 // FetchInfo obtains information on the ip address provided
-// using the ifconfig.co/json API. If the ip is the zero value,
+// using the echoip API at the url given. If the ip is the zero value,
 // the public IP address of the machine is used as the IP.
-func (i *ifConfigCo) FetchInfo(ctx context.Context, ip netip.Addr) (
+func (e *echoip) FetchInfo(ctx context.Context, ip netip.Addr) (
 	result models.PublicIP, err error,
 ) {
-	url := "https://ifconfig.co/json"
+	url := e.url + "/json"
 	if ip.IsValid() {
 		url += "?ip=" + ip.String()
 	}
@@ -48,7 +54,7 @@ func (i *ifConfigCo) FetchInfo(ctx context.Context, ip netip.Addr) (
 		return result, err
 	}

-	response, err := i.client.Do(request)
+	response, err := e.client.Do(request)
 	if err != nil {
 		return result, err
 	}
--- a/internal/vpn/interfaces.go
+++ b/internal/vpn/interfaces.go
@@ -67,6 +67,7 @@ type NetLinker interface {
 type Router interface {
 	RouteList(family int) (routes []netlink.Route, err error)
 	RouteAdd(route netlink.Route) error
+	RouteReplace(route netlink.Route) error
 }

 type Ruler interface {
--- a/internal/vpn/run.go
+++ b/internal/vpn/run.go
@@ -38,7 +38,7 @@ func (l *Loop) Run(ctx context.Context, done chan<- struct{}) {
 				l.openvpnConf, providerConf, settings, l.ipv6Supported, l.starter, subLogger)
 		} else { // Wireguard
 			vpnInterface = settings.Wireguard.Interface
-			vpnRunner, serverName, canPortForward, err = setupWireguard(ctx, l.netLinker, l.fw,
+			vpnRunner, serverName, canPortForward, err = setupWireguard(ctx, l.netLinker, l.routing, l.fw,
 				providerConf, settings, l.ipv6Supported, subLogger)
 		}
 		if err != nil {
--- a/internal/vpn/wireguard.go
+++ b/internal/vpn/wireguard.go
@@ -13,7 +13,7 @@ import (

 // setupWireguard sets Wireguard up using the configurators and settings given.
 // It returns a serverName for port forwarding (PIA) and an error if it fails.
-func setupWireguard(ctx context.Context, netlinker NetLinker,
+func setupWireguard(ctx context.Context, netlinker NetLinker, routing Routing,
 	fw Firewall, providerConf provider.Provider,
 	settings settings.VPN, ipv6Supported bool, logger wireguard.Logger) (
 	wireguarder *wireguard.Wireguard, serverName string, canPortForward bool, err error,
@@ -29,7 +29,7 @@ func setupWireguard(ctx context.Context, netlinker NetLinker,
 	logger.Debug("Wireguard client private key: " + gosettings.ObfuscateKey(wireguardSettings.PrivateKey))
 	logger.Debug("Wireguard pre-shared key: " + gosettings.ObfuscateKey(wireguardSettings.PreSharedKey))

-	wireguarder, err = wireguard.New(wireguardSettings, netlinker, logger)
+	wireguarder, err = wireguard.New(wireguardSettings, netlinker, routing, logger)
 	if err != nil {
 		return nil, "", false, fmt.Errorf("creating Wireguard: %w", err)
 	}
--- a/internal/wireguard/constructor.go
+++ b/internal/wireguard/constructor.go
@@ -4,10 +4,11 @@ type Wireguard struct {
 	logger   Logger
 	settings Settings
 	netlink  NetLinker
+	routing  Routing
 }

 func New(settings Settings, netlink NetLinker,
-	logger Logger,
+	routing Routing, logger Logger,
 ) (w *Wireguard, err error) {
 	settings.SetDefaults()
 	if err := settings.Check(); err != nil {
@@ -18,5 +19,6 @@ func New(settings Settings, netlink NetLinker,
 		logger:   logger,
 		settings: settings,
 		netlink:  netlink,
+		routing:  routing,
 	}, nil
 }
--- a/internal/wireguard/interfaces.go
+++ b/internal/wireguard/interfaces.go
@@ -0,0 +1,7 @@
+package wireguard
+
+import "net/netip"
+
+type Routing interface {
+	VPNLocalGatewayIP(vpnInterface string) (gateway netip.Addr, err error)
+}
--- a/internal/wireguard/netlinker.go
+++ b/internal/wireguard/netlinker.go
@@ -1,6 +1,8 @@
 package wireguard

-import "github.com/qdm12/gluetun/internal/netlink"
+import (
+	"github.com/qdm12/gluetun/internal/netlink"
+)

 //go:generate mockgen -destination=netlinker_mock_test.go -package wireguard . NetLinker

@@ -15,6 +17,7 @@ type NetLinker interface {
 type Router interface {
 	RouteList(family int) (routes []netlink.Route, err error)
 	RouteAdd(route netlink.Route) error
+	RouteReplace(route netlink.Route) error
 }

 type Ruler interface {
--- a/internal/wireguard/route.go
+++ b/internal/wireguard/route.go
@@ -1,6 +1,7 @@
 package wireguard

 import (
+	"errors"
 	"fmt"
 	"net/netip"
 	"strings"
@@ -29,6 +30,10 @@ func (w *Wireguard) addRoutes(link netlink.Link, destinations []netip.Prefix,
 	return nil
 }

+var (
+	ErrDefaultRouteNotFound = errors.New("default route not found")
+)
+
 func (w *Wireguard) addRoute(link netlink.Link, dst netip.Prefix,
 	firewallMark uint32,
 ) (err error) {
@@ -45,5 +50,39 @@ func (w *Wireguard) addRoute(link netlink.Link, dst netip.Prefix,
 			link.Name, dst, firewallMark, err)
 	}

+	vpnGatewayIP, err := w.routing.VPNLocalGatewayIP(link.Name)
+	if err != nil {
+		return fmt.Errorf("getting VPN gateway IP: %w", err)
+	}
+
+	routes, err := w.netlink.RouteList(netlink.FamilyV4)
+	if err != nil {
+		return fmt.Errorf("listing routes: %w", err)
+	}
+
+	var defaultRoute netlink.Route
+	var defaultRouteFound bool
+	for _, route = range routes {
+		if !route.Dst.IsValid() || route.Dst.Addr().IsUnspecified() {
+			defaultRoute = route
+			defaultRouteFound = true
+			break
+		}
+	}
+
+	if !defaultRouteFound {
+		return fmt.Errorf("%w: in %d routes", ErrDefaultRouteNotFound, len(routes))
+	}
+
+	// Equivalent replacement to:
+	// ip route replace default via <vpn-gateway> dev tun0
+	defaultRoute.Gw = vpnGatewayIP
+	defaultRoute.LinkIndex = link.Index
+
+	err = w.netlink.RouteReplace(defaultRoute)
+	if err != nil {
+		return fmt.Errorf("replacing default route: %w", err)
+	}
+
 	return err
 }
Author	SHA1	Message	Date
Quentin McGaw	c3eca4a17c	wip	2024-11-08 17:25:12 +00:00
Quentin McGaw	92011205be	feat(publicip): support custom API url `echoip#https://...` (#2529 )	2024-11-08 17:37:08 +01:00
dependabot[bot]	c9707646bd	Chore(deps): Bump golang.org/x/sys from 0.26.0 to 0.27.0 (#2573 )	2024-11-08 17:33:30 +01:00
dependabot[bot]	c50705736b	Chore(deps): Bump github.com/pelletier/go-toml/v2 from 2.2.2 to 2.2.3 (#2549 )	2024-11-08 17:33:18 +01:00