aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/tunnel (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tunnel: mtumonitor: serialize change callbacksJason A. Donenfeld2026-05-191-0/+5
| | | | | | | | The route-change and interface-change callbacks run on separate threads from the IP Helper notification pool and both touch the same lastLUID/lastIndex/lastMTU state. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: create DNS registry key if it doesn't existJason A. Donenfeld2026-05-071-1/+1
| | | | | | | This fixes a bit of a race with interface attachment on old Windows builds. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: regenerate syscall code from latest x/sys/windows wrapperJason A. Donenfeld2026-04-202-45/+45
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: format codeJason A. Donenfeld2026-04-161-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: use system cmd.exe for scriptsJason A. Donenfeld2026-04-161-7/+4
| | | | | | | Always resolve cmd.exe via GetSystemDirectory instead of trusting the COMSPEC environment variable. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: disable firewall after flushing routes on teardownJason A. Donenfeld2026-04-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: avoid calling netsh on <1809 for DNS changesJason A. Donenfeld2026-04-162-114/+32
| | | | | | | And it turns out we can use SearchList on old Windows 10 too. This gets total feature parity with the new DNS function. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: prevent metric integer overflowJason A. Donenfeld2026-04-161-3/+4
| | | | | | You can set really big metrics using powershell. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: move label to right place to avoid zeroing errJason A. Donenfeld2026-04-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: firewall: prevent unsafe variables from being GC'dJason A. Donenfeld2026-04-161-1/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: prevent min MTU calculation from wrappingJason A. Donenfeld2026-04-161-2/+2
| | | | | | uint32(mtu)-80 is a big number if mtu is small. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: clone slices before sorting in deterministicGUIDJason A. Donenfeld2026-04-161-2/+3
| | | | | | | sortedPeers and sortedAllowedIPs aliased the caller's slices, so sort.Slice mutated the original config's Peers and AllowedIPs ordering. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: don't set addresses, routes, and MTU if no family configuredJason A. Donenfeld2026-03-301-10/+29
| | | | | | | This allows setting MTUs under 1280 on IPv4-only configurations. Suggested-by: Eduard Matveev <eduard_matveev@mail.ru> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* firewall: fix formattingJason A. Donenfeld2026-03-212-4/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: raise min windows version to 10Jason A. Donenfeld2026-03-211-12/+0
| | | | | | | | | | | | | | | Since we're also bumping the PE subsystem header to 10.0, this means we need a _load_config with the proper flags. So there's some work to be done here. This also means bumping LLVM and Go builds. In the case of Go, the patch is still pending: https://go-review.googlesource.com/c/go/+/756680 , so it's a custom build. Remove lots of compatibility code and hacks. Also update the installer to display a useful message. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: modernize go conventionsJason A. Donenfeld2026-03-184-7/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2026-03-1830-30/+30
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2022-01-0630-30/+30
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use strings.Cut where possibleJason A. Donenfeld2021-12-231-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: update to go 1.18 beta1Jason A. Donenfeld2021-12-168-15/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: apply gofumptJason A. Donenfeld2021-12-096-34/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: backout AddrFromSlice signature changeJason A. Donenfeld2021-11-112-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: check for WeakHostSend/Forwarding in pitfallsJason A. Donenfeld2021-11-083-0/+180
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: add routes even when no corresponding addressJason A. Donenfeld2021-11-061-16/+3
| | | | | | | Apparently this works now, but it didn't used to. Reported-by: Christoph Loesch <wireguard-mail@chil.at> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: handle zones and make things use itJason A. Donenfeld2021-11-061-2/+14
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: switch to netipJason A. Donenfeld2021-11-068-202/+157
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* services: use more reliable method of detecting boot-upJason A. Donenfeld2021-10-262-22/+23
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: cleanup IPs when masks don't matchJason A. Donenfeld2021-10-261-9/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: convert ips to string for hash tableJason A. Donenfeld2021-10-261-14/+12
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: defer startup until tcp configuration is setJason A. Donenfeld2021-10-262-7/+31
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: add retry loop to certain interface config failuresJason A. Donenfeld2021-10-212-11/+32
| | | | | | | I wish there was another way here, but we have too little control over Windows' boot sequence. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* manager: warn about dnscache and old virtio driverJason A. Donenfeld2021-10-201-25/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove wireguard-go/Wintun implementationJason A. Donenfeld2021-10-167-621/+55
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: remove old reboot required logicJason A. Donenfeld2021-10-161-4/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove old-style build tagsJason A. Donenfeld2021-10-126-6/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: use unsafe.Slice instead of unsafeSliceJason A. Donenfeld2021-10-111-28/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: use new APIJason A. Donenfeld2021-10-051-13/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: fix typo in DNS LLMNR flagJason A. Donenfeld2021-09-231-1/+1
| | | | | Reported-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: help people fix their DNS Cache serviceJason A. Donenfeld2021-09-191-0/+25
| | | | | | | | Too many people follow silly Internet guides and disable this, making it impossible for us to then set activestore-style DNS servers for the interface. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: pretty print route failures betterJason A. Donenfeld2021-09-162-2/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: return if unable to configureJason A. Donenfeld2021-09-151-0/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: reinitialize configuration after PnP flaps driver on <10Jason A. Donenfeld2021-09-142-4/+20
| | | | | | | | | | On older Windows, PnP will unload the driver and reload it. This makes multiple tunnels impossible, as we knew. But this also happens when various adapter settings change, like ICS, which is maybe a bigger issue. Solve this by reloading the configuration after these flaps. Reported-by: Harland Coles <harland.coles@energy-x.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: prefer WireGuardNT over wireguard-go/WintunJason A. Donenfeld2021-09-121-7/+1
| | | | | | Also remove Wintun driver on startup. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: set address after routes so that loopback worksJason A. Donenfeld2021-09-091-11/+10
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: disable DAD so that IP becomes useful soonerJason A. Donenfeld2021-09-091-0/+5
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: disable dhcp probesJason A. Donenfeld2021-09-091-0/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tunnel: disable dad and router discovery on v4 tooJason A. Donenfeld2021-09-091-12/+5
| | | | | | Oddly enough, these mean something for IPv4. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* locales: sync with crowdinJason A. Donenfeld2021-09-071-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* winipcfg: update documentationSimon Rozman2021-08-131-1/+1
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* tunnel: execute *down commands for wgntJason A. Donenfeld2021-08-101-3/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>