mirror of
https://github.com/fatedier/frp.git
synced 2025-04-23 16:01:26 +00:00
94 lines
2.8 KiB
Markdown
94 lines
2.8 KiB
Markdown
# Virtual Network Controller for FRP
|
|
|
|
This package implements a virtual network controller that enables VPN-like functionality between FRP clients and servers.
|
|
|
|
## Overview
|
|
|
|
The Virtual Network Controller manages TUN devices and routing logic to create secure tunnels between clients and servers. It supports both client-side routing (based on destination IP) and server-side routing (based on source IP).
|
|
|
|
## How it Works
|
|
|
|
1. **Client Side**: Routes packets based on destination IP addresses. When a packet is destined for a network that matches a registered route, it's forwarded through the appropriate work connection.
|
|
|
|
2. **Server Side**: Routes packets based on source IP addresses. When a packet is received over a connection, its source IP is registered with that connection. Future packets from the TUN device with that source IP will be routed back through the same connection.
|
|
|
|
3. **TUN Device**: A virtual network interface that captures and injects packets at the IP layer.
|
|
|
|
## Usage
|
|
|
|
### Client Implementation
|
|
|
|
```go
|
|
// Set up VNet configuration
|
|
clientCfg := v1.VirtualNetConfig{
|
|
Address: "10.10.0.1/24",
|
|
Routes: []string{"10.20.0.0/24"}, // Routes to the server's network
|
|
}
|
|
|
|
// Create and initialize controller
|
|
controller := vnet.NewController(clientCfg)
|
|
if err := controller.Init(); err != nil {
|
|
// Handle error
|
|
}
|
|
|
|
// Parse route strings to IPNet objects
|
|
routes, err := vnet.ParseRoutes(clientCfg.Routes)
|
|
if err != nil {
|
|
// Handle error
|
|
}
|
|
|
|
// Register work connection with routes
|
|
if err := controller.RegisterClientRoute("server1", routes, workConn); err != nil {
|
|
// Handle error
|
|
}
|
|
|
|
// Start the controller (typically in a goroutine)
|
|
go func() {
|
|
if err := controller.Run(); err != nil {
|
|
// Handle error
|
|
}
|
|
}()
|
|
```
|
|
|
|
### Server Implementation
|
|
|
|
```go
|
|
// Set up VNet configuration
|
|
serverCfg := v1.VirtualNetConfig{
|
|
Address: "10.20.0.1/24",
|
|
}
|
|
|
|
// Create and initialize controller
|
|
controller := vnet.NewController(serverCfg)
|
|
if err := controller.Init(); err != nil {
|
|
// Handle error
|
|
}
|
|
|
|
// Register client work connection
|
|
if err := controller.RegisterServerConn("client1", workConn); err != nil {
|
|
// Handle error
|
|
}
|
|
|
|
// Start the controller (typically in a goroutine)
|
|
go func() {
|
|
if err := controller.Run(); err != nil {
|
|
// Handle error
|
|
}
|
|
}()
|
|
```
|
|
|
|
## Network Setup
|
|
|
|
For proper routing, you'll need to:
|
|
|
|
1. Configure the TUN device with appropriate IP addresses
|
|
2. Add routes to your routing table for traffic that should go through the VPN
|
|
3. Enable IP forwarding if needed
|
|
|
|
See the examples directory for a complete implementation example.
|
|
|
|
## Security Considerations
|
|
|
|
- The VNet controller operates at the IP layer, so all traffic is routed based on IP addresses
|
|
- Encryption should be handled at the transport layer (e.g., by the FRP connection)
|
|
- Consider using firewall rules to restrict access to the TUN device |