For MacOS, it only support tun. If use tun than tap, server
should recode ip of each endpoint. And parse ipv4 header
from net connection, and forword packet according to ipv4
header dst ip. If dst ip included by vpn cidr cheack the
endpoint and forward to it. If dst ip included by vpn cidr
but no recode of endpoint, drop it do nothing. If dst ip
not included by vpn cidr, send it to server tun interface,
it will forword by server according to routes and iptables
rules.
Support build windows client.
Use in windows, make sure you have been install tap-windows properly.
After launch, the windows client will now listen udp multicast
so if you need to config routes by yourself
1. Implement multicast routes, use username as route nexthop,
server will parse username to ip
2. For route to virtuallan server use SERVER as nexthop
3. Add 50ms delay before send route multicast, to prevent endpoint
start too fast don't reveice route mlticast
4. Whenever user login or logout multicast routes, no matter user
in routes nexthop
Only configured routes nexthop user login or logout will make
svc.Routes data change, when svc.Routes change send multicast
to sync routes
SyncRoutesForIface, bind route with tap or bridge interface
so when tap or bridge delted routes will clean up auto.
For know route nexthop ip use replace flag, for unknow route
nexthop ip delete route if exist.
Routes configed by server, like cidr 192.168.0.0/24
nexthop endpoint username.
Beacuse of endpoint user is already know, but the ip
of endpoint it got from ip pool, so we need to parse
endpoint ip by username.
1. Use SetAESKey to set AES key
2. Check config.yaml and make port and log info with default value
3. Make will generate new random AES key in config.yaml
The stats data is the tap pkt stats on server, and the tap on endpoint
just like a veth peer of tap on server, so the actually stats of
endpoint is opposite.
When endpoint reconnect, the tap interface will recreate, and the
mac address of tap will change. It will make arp entry staled.
It will cause network not reachable before arp entry update.
So fix it by set tap with a special mac address that generated
by ipv4 address, and it will make sure each ip with a fixed mac
address, and the arp entry will still be correct even when tap
has been recreate.
lucheng