XiaoMo/frp
1
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2025-04-21 16:14:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
frp/pkg/vnet/README.md
fatedier 22b852a935 virtual-net: initial
2025-04-07 22:08:49 +08:00

2.8 KiB
Raw Blame History

Virtual Network Controller for FRP

This package implements a virtual network controller that enables VPN-like functionality between FRP clients and servers.

Overview

The Virtual Network Controller manages TUN devices and routing logic to create secure tunnels between clients and servers. It supports both client-side routing (based on destination IP) and server-side routing (based on source IP).

How it Works

  1. Client Side: Routes packets based on destination IP addresses. When a packet is destined for a network that matches a registered route, it's forwarded through the appropriate work connection.

  2. Server Side: Routes packets based on source IP addresses. When a packet is received over a connection, its source IP is registered with that connection. Future packets from the TUN device with that source IP will be routed back through the same connection.

  3. TUN Device: A virtual network interface that captures and injects packets at the IP layer.

Usage

Client Implementation

// Set up VNet configuration
clientCfg := v1.VirtualNetConfig{
    Address: "10.10.0.1/24",
    Routes:  []string{"10.20.0.0/24"}, // Routes to the server's network
}

// Create and initialize controller
controller := vnet.NewController(clientCfg)
if err := controller.Init(); err != nil {
    // Handle error
}

// Parse route strings to IPNet objects
routes, err := vnet.ParseRoutes(clientCfg.Routes)
if err != nil {
    // Handle error
}

// Register work connection with routes
if err := controller.RegisterClientRoute("server1", routes, workConn); err != nil {
    // Handle error
}

// Start the controller (typically in a goroutine)
go func() {
    if err := controller.Run(); err != nil {
        // Handle error
    }
}()

Server Implementation

// Set up VNet configuration
serverCfg := v1.VirtualNetConfig{
    Address: "10.20.0.1/24",
}

// Create and initialize controller
controller := vnet.NewController(serverCfg)
if err := controller.Init(); err != nil {
    // Handle error
}

// Register client work connection
if err := controller.RegisterServerConn("client1", workConn); err != nil {
    // Handle error
}

// Start the controller (typically in a goroutine)
go func() {
    if err := controller.Run(); err != nil {
        // Handle error
    }
}()

Network Setup

For proper routing, you'll need to:

  1. Configure the TUN device with appropriate IP addresses
  2. Add routes to your routing table for traffic that should go through the VPN
  3. Enable IP forwarding if needed

See the examples directory for a complete implementation example.

Security Considerations

  • The VNet controller operates at the IP layer, so all traffic is routed based on IP addresses
  • Encryption should be handled at the transport layer (e.g., by the FRP connection)
  • Consider using firewall rules to restrict access to the TUN device