mirror/Easytier
1
0
Fork 0
mirror of https://github.com/EasyTier/EasyTier.git synced 2026-05-07 02:09:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
756 Commits 15 Branches 33 Tags
101f4162689806c5789396d952de700d465f5236
Commit Graph

31 Commits

Author SHA1 Message Date
KKRainbow 101f416268 Introduce secure mode (part 1) (#1808) 
Use noise protocol on handshake. Check peer's public key if needed. Also support rekey and replay attack prevention.

E2EE and temporary password will be implemented based on this.
 2026-01-25 20:16:51 +08:00
KKRainbow c19cd1bff3 add tcp hole punching (#1713) 
add tcp hole punching and tcp stun test
 2025-12-28 21:35:30 +08:00
Sijie.Sun b44053f496 support p2p-only mode (#1598) 2025-11-20 08:20:27 +08:00
Sijie.Sun 71679e889a allow sync conn with conn list when conn bitmap is too large (#1508) 2025-10-23 08:11:36 +08:00
Luna Yao 5292b87275 Add quic-listen-port flag for customization of the port used by QUIC proxy (#1473) 2025-10-14 09:43:50 +08:00
agusti moll 5e48626cb9 add tld-dns-zone for customizing top-level domain (TLD) zone (#1436) 2025-10-04 00:18:10 +08:00
Mg Pig 020bf04ec4 refactor(config): unify runtime configuration management via ConfigRpc (#1397) 
* refactor(config): unify runtime configuration management via ConfigRpc
* feat(tests): add config patch test and fix problem
 2025-10-01 00:32:28 +08:00
Sijie.Sun 5b7384fddd disable nat4 hole punch (#1277) 2025-08-22 23:33:21 +08:00
CyiceK 0087ac3ffc feat(encrypt): Add XOR and ChaCha20 encryption with low-end device optimization and openssl support. (#1186) 
Add ChaCha20 XOR algorithm, extend AES-GCM-256 capabilities, and integrate OpenSSL support.

---------

Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn>
 2025-08-09 18:53:55 +08:00
Sijie.Sun 8ffc2f12e4 optimize the condition of enabling kcp (#1210) 2025-08-09 16:16:09 +08:00
Sijie.Sun 8e7a8de5e5 Implement ACL (#1140) 
1. get acl stats
```
./easytier-cli acl stats
AclStats:
  Global:
    CacheHits: 4
    CacheMaxSize: 10000
    CacheSize: 5
    DefaultAllows: 3
    InboundPacketsAllowed: 2
    InboundPacketsTotal: 2
    OutboundPacketsAllowed: 7
    OutboundPacketsTotal: 7
    PacketsAllowed: 9
    PacketsTotal: 9
    RuleMatches: 2
  ConnTrack:
    [src: 10.14.11.1:57444, dst: 10.14.11.2:1000, proto: Tcp, state: New, pkts: 1, bytes: 60, created: 2025-07-24 10:13:39 +08:00, last_seen: 2025-07-24 10:13:39 +08:00]
  Rules:
    [name: 'tcp_whitelist', prio: 1000, action: Allow, enabled: true, proto: Tcp, ports: ["1000"], src_ports: [], src_ips: [], dst_ips: [], stateful: true, rate: 0, burst: 0] [pkts: 2, bytes: 120]

  ```
2. use tcp/udp whitelist to block unexpected traffic.
   `sudo ./easytier-core -d --tcp-whitelist 1000`

3. use complete acl ability with config file:

```
[[acl.acl_v1.chains]]
name = "inbound_whitelist"
chain_type = 1
description = "Auto-generated inbound whitelist from CLI"
enabled = true
default_action = 2

[[acl.acl_v1.chains.rules]]
name = "tcp_whitelist"
description = "Auto-generated TCP whitelist rule"
priority = 1000
enabled = true
protocol = 1
ports = ["1000"]
source_ips = []
destination_ips = []
source_ports = []
action = 1
rate_limit = 0
burst_limit = 0
stateful = true

```
 2025-07-24 22:13:45 +08:00
DavHau d0cfc49806 Add support for IPv6 within VPN (#1061) 
* add flake.nix with nix based dev shell
* add support for IPv6
* update thunk

---------

Co-authored-by: sijie.sun <sijie.sun@smartx.com>
 2025-07-04 23:43:30 +08:00
Sijie.Sun 70e69a382e allow set multithread count (#1056) 2025-06-26 02:19:33 +08:00
Sijie.Sun 40601bd05b add bps limiter (#1015) 
* add token bucket
* remove quinn-proto
 2025-06-19 21:15:04 +08:00
Sijie.Sun 40b5fe9a54 support quic proxy (#993) 
QUIC proxy works like kcp proxy, it can proxy TCP streams and transfer data with QUIC.
QUIC has better congestion algorithm (BBR) for network with both high loss rate and high bandwidth. 
QUIC proxy can be enabled by passing `--enable-quic-proxy` to easytier in the client side. The proxy status can be viewed by `easytier-cli proxy`.
 2025-06-15 19:43:45 +08:00
FuturePrayer b5dfc7374c add private mode (#897) 
---------

Co-authored-by: Sijie.Sun <sunsijie@buaa.edu.cn>
 2025-06-02 06:47:17 +08:00
Sijie.Sun 28fe6257be magic dns (#813) 
This patch implements:

1. A dns server that handles .et.net. zone in local and forward all other queries to system dns server.

2. A dns server instance which is a singleton in one machine, using one specific tcp port to be exclusive with each other. this instance is responsible for config system dns and run the dns server to handle dns queries.

3. A dns client instance that all easytier instance will run one, this instance will try to connect to dns server instance, and update the dns record in the dns server instance.

this pr only implements the system config for windows. linux & mac will do later.
 2025-05-16 09:24:24 +08:00
Sijie.Sun c142db301a port forward (#736) 
* support tcp port forward
* support udp port forward
* command line option for port forward
 2025-04-01 09:59:53 +08:00
Sijie.Sun 23f69ce6a4 improve direct connector (#685) 
* support ipv6 stun
* show interface and public ip in cli node info
* direct conn should keep trying unless already direct connected
* peer should use conn with smallest latency
* deprecate ipv6_listener, use -l instead
 2025-03-17 10:46:14 +08:00
L-Trump 00d61333d3 allow proxy packets to be forwarded by system kernel 2025-03-08 12:56:49 +08:00
Sijie.Sun 2a5d5ea4df make kcp proxy compitible with old version (#585) 
* fix kcp not work with smoltcp
* check if dst kcp input is enabled
 2025-01-26 16:22:10 +08:00
Sijie.Sun 55a39491cb feat/kcp (#580) 
* support proxy tcp stream with kcp to improve experience of tcp over udp
* update rust version
* make subnet proxy route metrics lower in windows.
 2025-01-26 00:41:15 +08:00
Sijie.Sun bb0ccca3e5 allow manually specify public address of listeners (#556) 2025-01-10 09:25:14 +08:00
Sijie.Sun 15ad92aef2 fix no relay not work in local network (#476) 2024-11-16 14:36:17 +08:00
Sijie.Sun 6cdea38284 support compress for rpc and tun data (#473) 
* support compress for rpc and tun data
* add compression layer to easytier-web
 2024-11-16 11:23:18 +08:00
Sijie.Sun e948dbfcc1 Feat/web (Patchset 4) (#460) 
support basic functions in frontend
1. create/del network
2. inspect network running status
 2024-11-08 23:33:17 +08:00
Sijie.Sun 7ab8cad1af allow use ipv4 address in any cidr (#404) 2024-10-10 10:28:48 +08:00
Sijie.Sun 37ceb77bf6 nat4-nat4 punch (#388) 
this patch optimize the udp hole punch logic:

1. allow start punch hole before stun test complete.
2. add lock to symmetric punch, avoid conflict between concurrent hole punching task.
3. support punching hole for predictable nat4-nat4.
4. make backoff of retry reasonable
 2024-10-06 22:49:18 +08:00
Hs_Yeah a50bcf3087 Fix IP address display in the status page of GUI 
Signed-off-by: Hs_Yeah <bYeahq@gmail.com>
 2024-09-27 15:58:02 +08:00
sijie.sun bd60cfc2a0 add feature flag to ospf route 2024-09-21 20:54:19 +08:00
Sijie.Sun 1b03223537 use customized rpc implementation, remove Tarpc & Tonic (#348) 
This patch removes Tarpc & Tonic GRPC and implements a customized rpc framework, which can be used by peer rpc and cli interface.

web config server can also use this rpc framework.

moreover, rewrite the public server logic, use ospf route to implement public server based networking. this make public server mesh possible.
 2024-09-18 21:55:28 +08:00