使用 rust 实现的 飞连 客户端
下载 release 中的安装包,并安装
pacman -U corplink-rs-2.1-1-x86_64.pkg.tar.zst
欢迎贡献其它包管理器的打包脚本
git clone https://github.com/PinkD/corplink-rs --depth 1
cd corplink-rs
cargo build --release
# install corplink-rs to your PATH
mv target/release/corplink-rs /usr/bin/
cd ..
git clone https://github.com/PinkD/wireguard-go --depth 1
cd wireguard-go
# you can build with `go build` on windows maunally
make
# install wg-corplink to your PATH
# your can also install it to somewhere else and use wg_binary config to tell corplink-rs where it is
mv wireguard-go /usr/bin/wg-corplink
该程序需要 root 权限来启动
wg-go
(windows 上需要管理员权限)
# direct
corplink-rs config.json
# systemd
# config is /etc/corplink/config.json
systemctl start corplink-rs.service
# auto start
systemctl enable corplink-rs.service
# systemd with custom config
# config is /etc/corplink/test.json
# NOTE: cookies.json is reserved by cookie storage
systemctl start corplink-rs@test.service
windows 中启动 wg-go
需要 wintun 支持,请到官网下载,并将 wintun.dll
与 wg-go
放到同一目录下(或者环境变量下)
windows 中 wg-go
默认使用的 pipe 来实现 ipc ,但是我发现权限有问题,所以改成了 Windows AF_UNIX
最小配置
{
"company_name": "company code name",
"username": "your_name"
}
推荐配置(自用配置)
{
"company_name": "company code name",
"username": "your_name",
"password": "your_pass",
"platform": "ldap"
}
完整配置
{
"company_name": "company code name",
"username": "your_name",
// support sha256sum hashed pass if you don't use ldap, will ask email for code if not provided
"password": "your_pass",
// default is feilian, can be feilian/ldap/feishu, feishu is not supported yet
"platform": "ldap",
"code": "totp code",
// default is DollarOS(not CentOS)
"device_name": "any string to describe your device",
"device_id": "md5 of device_name or any string with same format",
"public_key": "wg public key, can be generated from private key",
"private_key": "wg private key",
"server": "server link",
// will use corplink as interface name
"interface_name": "corplink",
// will use wg-corplink as wireguard-go
"wg_binary": "wg-corplink"
}
魔改了配置的方式,加了鉴权
猜测是:
- 动态管理 peer
- 客户端通过验证后,使用 public key 来请求连接,然后服务端就将客户端的 key 加到 peer 库里,然后将配置返回给客户端,等待客户端连接
- wg 是支持同一个接口上连多个 peer ,所以这样是 OK 的
- 定时将不活跃的客户端清理,释放分配的 IP
- ...
因此,我们只需要生成 wg 的 key ,然后去找服务端拿配置,然后写到 wg 配置里,启动 wg ,就能连上服务端了
2.0.9 版本(或者更早)新增了 protocol_version
字段,需要使用魔改后的 wg-corplink 才能连接
graph TD;
A[Password Login];
B[Request Email Code];
C[Email Login];
D[Verify 2-FA];
E[List VPN];
F[Ping VPN];
G[Connect VPN];
A-->D;
B-->C-->D;
D-->E-->F-->G;
graph TD;
A[Password Login];
B[Request Email Code];
C[Email Login];
D[List VPN];
E[Ping VPN];
F[Connect VPN With 2-FA Code];
A-->D;
B-->C;
C-->D-->E-->F;
飞连的 otp 是使用的标准的 totp ,在 ua 为 Android 时,会在登录时返回 totp 的 token ,然后使用 totp 算法就能生成出当前时间的验证码了,然后在获取连接信息时传输该验证码,就不需要单独验证验证码了
- windows/mac 实现
- 为不同配置生成不同的
cookie.json
- 自动使用从服务器返回的请求中的时间戳同步时间
- 自动生成 wg key
- 修复服务端异常断开连接后客户端不会退出的问题
- 0.3.0
- add windows/mac support
- 0.2.3
- fix empty
protocol_version
- add privilege check
- fix empty
- 0.2.2
- fix wg-corplink not exit if corplink-rs exit accidently
- 0.2.1
- use modified wireguard-go
- don't generate config anymore
- remove
conf_name/conf_dir
and addinterface_name/wg_binary
in config
- use modified wireguard-go
- 0.1.4
- get company name from company code automatically
- support ldap
- check and skip tcp wg server
- optimize config
- 0.1.3
- disconnect if wireguard handshake timeout
- 0.1.2
- support time correction for totp
- 0.1.1
- support generate wg key
- 0.1.0
- first version
Copyright (C) 2022 PinkD
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.