tinc icon indicating copy to clipboard operation
tinc copied to clipboard
verified publisher icon gsliepen

Feature Request: Client GUI

Open jdrews opened this issue 9 years ago • 17 comments

Requesting the addition of client GUIs for Windows and Mac. Adding a GUI would greatly increase adoption, especially in the corporate sector to support road warriors.

jdrews avatar May 20 '16 06:05 jdrews

I see there was some work on a wxWidgets gui. https://www.tinc-vpn.org/documentation-1.1/tinc-gui.8.html

Not sure where I can find this GUI. I would also be interested in continuing development on it.

jdrews avatar May 20 '16 17:05 jdrews

On Fri, May 20, 2016 at 10:24:31AM -0700, Jon Drews wrote:

I see there was some work on a wxWidgets gui. https://www.tinc-vpn.org/documentation-1.1/tinc-gui.8.html

Not sure where I can find this GUI. I would also be interested in continuing development on it.

It's in the directory gui/ in the 1.1 branch. It's not very useful at the moment. Also, while the tinc-gui script is quite small, it requires a lot of dependencies to be installed. On Linux, it's usually no problem, because most distributions have an apt-get equivalent nowadays, but on Windows and OS X it can be quite a bit of work to get Python and wxWidgets installed. If it could be rewritten in C or C++, that might be interesting. But if you want to improve the current Python version, that would be welcome as well.

Met vriendelijke groet / with kind regards, Guus Sliepen [email protected]

gsliepen avatar May 24 '16 09:05 gsliepen

I believe I can invest some time to this and write it in C++. What do you think would be the best approach:

  1. use tinc-ctl and redirect its stdio, stdin, stderr ?
  2. implement the control protocol

I am inclined towards the first option because of my limited knowledge of tinc internals even though I could steal code from tinc-ctl.

Gjergj avatar Feb 19 '18 13:02 Gjergj

On Mon, Feb 19, 2018 at 05:12:01AM -0800, Gjergji Ramku wrote:

I believe I can invest some time to this and write it in C++. What do you think would be the best approach:

  1. use tinc-ctl and redirect its stdio, stdin, stderr ?
  2. implement the control protocol

I am inclined towards the first option because of my limited knowledge of tinc internals even though I could steal code from tinc-ctl.

You should definitely use the control protocol. It will be easier to communicate this way than to create commandlines for tincctl, run it, and parsing the output. The control protocol is just a single UNIX socket, no separate stdin, stdout and stderr, and it is just a line-based ASCII format that is designed to be machine-readable.

Which widget toolkit are you planning to use?

-- Met vriendelijke groet / with kind regards, Guus Sliepen [email protected]

gsliepen avatar Feb 19 '18 15:02 gsliepen

I am pretty familiar with Qt. Had a look at nana library because it's small and it can be static compiled but does not support MAC and it's off my radar.

I had a look at tincctl and things like generating rsa pub/priv worry me at this stage. What would be the most basic things it should support in the beginning?

Gjergj avatar Feb 19 '18 16:02 Gjergj

Is there a documentation of the control protocol?

Gjergj avatar Feb 19 '18 16:02 Gjergj

It's old and definitely not the greatest, but I wrote a tinc taskbar applet for Linux. Pretty minimalist, but may be some sort of inspiration for a GUI: https://github.com/rjulian/tinc-applet

rjulian avatar Feb 19 '18 17:02 rjulian

I added some documentation about the control protocol here:

https://github.com/gsliepen/tinc/blob/1.1/doc/CONTROL

However, this indeed does not do everything you can do with the command-line interface. For now I guess you can just have the GUI call the CLI behind the screens for certain operations. I'd restrict myself to the following commands:

tinc -n <netname> init <name>
tinc -n <netname> start
tinc -n <netname> stop
tinc -n <netname> invite <name>
tinc -n <netname> join <invitation URL>

When run non-interactively, these commands don't require input or output (except the invite command, which will print out the invitation URL to stdout which you need to grab), and you can check by the exit code whether they succeeded or failed.

Qt is a good choice, it's very cross-platform.

gsliepen avatar Feb 19 '18 19:02 gsliepen

For further configuration I'd just have text fields where you can edit individual config files, like tinc.conf, tinc-up and the host config files.

gsliepen avatar Feb 19 '18 19:02 gsliepen

Here are some screenshots of a gui I created specifically for tomato firmware. https://files.lancethepants.com/Firmware/images/

More screenshots here with the tutorial I wrote up. (May need to create a login to see these ones) http://www.linksysinfo.org/index.php?threads/tinc-mesh-vpn.70257/

Also a firmware demo site (with an alternate gui I'm not a particular fan of) https://advancedtomato.com/demo/status-overview.asp#vpn-tinc.asp

Source: https://github.com/lancethepants/Toastman-Tinc

As you can see, under the "Config" tab, I ask for just a few user selectable inputs, enough for a minimal working config. One thing missing is the "Interface" variable, which I don't bother the user for input, but would be particularly important for a windows gui, or anyone wanting to name their interface. There is also a "Custom" input to append more config options to the very basic one I generate.

The hosts tab similarly asks for a few basic inputs, and also provides for Custom inputs for each host. A working configuration can be created without the need for inputting anything in "Custom" fields for tinc.conf, or the hosts files.

Since I know the environment tinc will be running in, I automatically generate a tinc-up script, but it can also be overridden with a user provided one in the "Scripts" tab. Same for the Firewall rules as well. The "Scripts" tab allows users to input scripts that will be evaluated by /bin/sh, which could also call external scripts written in your choice of language.

The "Generate Keys" tab is self-explanatory, as is the "Status" tab.

I love that tinc is so simplistic and minimalistic to setup. Many people using tomato have found it very (stupid) easy to setup vpn networks between their routers and other devices.

This was created specifically for tomato firmware, and is very much tied to its user interface. Not portable at all.

This is just an example of what I've done. In no way am I saying it is the best and only way. Just one implementation for reference to anyone creating their own gui.

lancethepants avatar Feb 19 '18 21:02 lancethepants

Thank you.

@gsliepen

  1. Is there a doc that explains how tincd behaves as a service on windows? How does it install/uninstall or start? I remember reading somewhere that it uses the registry but can not find the link anymore.
  2. Is the install dir on windows always the same?
  3. Doing some tests I noticed that every command should end with \n . Perhaps the doc should be updated.
  4. Where can I find more info about the control command parameters/options?
  5. When i issue "18 10\n" retry command to tincd that is not connected to a server it does not respond but closes connection.

Gjergj avatar Feb 20 '18 12:02 Gjergj

  1. When i issue "18 10\n" retry command to tincd that is not connected to a server it does not respond but closes connection.

My mistake. I wasn't sending the cookie first. Maybe it should respond with an error.

Gjergj avatar Feb 20 '18 12:02 Gjergj

  1. Is there a doc that explains how tincd behaves as a service on windows? How does it install/uninstall or start? I remember reading somewhere that it uses the registry but can not find the link anymore.

It installs itself as a Windows service using CreateService(), DeleteService(), StartService() and so on. Tinc doesn't use the registry for this purpose though.

  1. Is the install dir on windows always the same?

No, you can set it yourself when running the installer. The installation path is stored in the registry, and the tinc daemon reads the value from the registry to find its base configuration directory. The registry key is \\HKEY_LOCAL_MACHINE\\Software\\tinc, and it's just a string.

  1. Doing some tests I noticed that every command should end with \n . Perhaps the doc should be updated.

Yes, you're right.

  1. Where can I find more info about the control command parameters/options?

The CONTROL doc lists all the parameters. You can also look in src/control.c.

My mistake. I wasn't sending the cookie first. Maybe it should respond with an error.

The usual behaviour of tinc is to immediately disconnect if anything unexpected is received. That was simple to implement, and it prevents any attacker from getting more information than necessary.

gsliepen avatar Feb 20 '18 22:02 gsliepen

Status update. I got working and tested on windows + linux:

  1. Service start/stop from system tray
  2. Service restart from system tray
  3. Start in debug mode and set debug level via config window.
  4. Connecting to service/daemon control socket
  5. Reload command
  6. Reload command

Next step is making all of the above work on multiple networks/multiple service instances.

Gjergj avatar Feb 26 '18 07:02 Gjergj

tincd does not immediately respond to REQ_LOG command with any sort of ACK. However log messages arrive at control socket normaly. Is this normal behavior?

Gjergj avatar Mar 05 '18 23:03 Gjergj

Yes. You can also still send other commands while logging is enabled. The same goes for REQ_PCAP.

gsliepen avatar Mar 06 '18 18:03 gsliepen

Any news on this? Any intermediate results? Also a half-working implementation might be a good catch for others to join in development.

fxnn avatar Dec 20 '19 18:12 fxnn