ligolo-ng icon indicating copy to clipboard operation
ligolo-ng copied to clipboard

Published 20 hours ago verified publisher icon nicocha30

Error building on Go 1.19 on MacOS

Open dismantl opened this issue 2 years ago • 9 comments

I'm getting a similar error to #17 trying to build Ligolo-ng on a Mac with Golang 1.19:

$ go build -o proxy cmd/proxy/main.go
go: downloading github.com/hashicorp/yamux v0.1.0
go: downloading github.com/jedib0t/go-pretty/v6 v6.3.5
package command-line-arguments
	imports github.com/nicocha30/ligolo-ng/cmd/proxy/app
	imports github.com/nicocha30/ligolo-ng/pkg/proxy/netstack
	imports github.com/nicocha30/ligolo-ng/pkg/proxy/netstack/tun
	imports github.com/nicocha30/gvisor-ligolo/pkg/tcpip/link/rawfile: build constraints exclude all Go files in /Users/dismantl/go/pkg/mod/github.com/nicocha30/[email protected]/pkg/tcpip/link/rawfile
$ go version
go version go1.19 darwin/amd64

Interestingly, it builds fine with Go 1.19 on Windows and Linux.

dismantl avatar Aug 29 '22 18:08 dismantl

Hi,

Ligolo-ng proxy doesn't support Darwin. I will try to implement it, but I don't have a test environment available.

I will keep this issue open till I implement MacOS support.

nicocha30 avatar Aug 30 '22 11:08 nicocha30

Experimental build for Darwin: https://github.com/nicocha30/ligolo-ng/releases/tag/v0.4.3 can you test @dismantl? Thanks

nicocha30 avatar Feb 02 '23 12:02 nicocha30

Hello @nicocha30,

I would like to try ligolo-ng on MacOS, but I'm encountering the following error when launching the proxy on MacOS Ventura 13.4.1 (darwin):

./ligolo-ng_proxy_0.4.3_macOS_64bit/proxy
FATA[0000] unable to create tun interface: (tun.Open Interface name must be utun[0-9]*), make sure you created the tun interface

However, I haven't been able to find how to create a utun interface since updating MacOS to version Ventura 13.4.1.

Do you have any idea?

Thank you!

Yulypso avatar Aug 03 '23 14:08 Yulypso

seems like the issue is that proxy is looking for a tun interface specifically named 'ligolo'. this is impossible (from what I can tell) on macos due to limitations put in place by apple. for those interested, the easiest way to enable these utun[0-9] interfaces is via the tunnelblick tun and tap system extensions which can be installed through the application.

d3xtrx avatar Jan 02 '24 09:01 d3xtrx

Hey @d3xtrx thanks for the update! Have you tested Ligolo-ng with the tunnelblick kexts? Did you encounter any problems?

nicocha30 avatar Jan 02 '24 09:01 nicocha30

Hey @d3xtrx thanks for the update! Have you tested Ligolo-ng with the tunnelblick kexts? Did you encounter any problems?

yea, im looking into it now but am new to Go. enabling the utun interfaces does not fix anything. seems like theres no way to change the names of these interfaces.

I first tried modifying stackSettings.TunName = "utun0" in stack.go and the error changed to (tun.New resource busy) from (tun.New operation not permitted). EDIT: this most likely is from me running proxy as sudo. operation not permitted persists in all cases otherwise. on my device, utun0-5 were already created. when i set TunName = "utun7" i receive this runtime error:

panic: runtime error: slice bounds out of range [-4:]

goroutine 68 [running]:
golang.zx2c4.com/wireguard/tun.(*NativeTun).Read(0x14000318980, {0x1400025a600, 0x5dc, 0x5dc}, 0x0)
        /Users/robotrip/go/pkg/mod/golang.zx2c4.com/[email protected]/tun/tun_darwin.go:225 +0xcc
github.com/nicocha30/ligolo-ng/pkg/proxy/netstack/tun.(*RWEndpoint).dispatchLoop(0x1400031fe60)
        /opt/ligolo-ng/ligolo-ng-macos/pkg/proxy/netstack/tun/wireguard_ep.go:57 +0x68
created by github.com/nicocha30/ligolo-ng/pkg/proxy/netstack/tun.(*RWEndpoint).Attach in goroutine 8
        /opt/ligolo-ng/ligolo-ng-macos/pkg/proxy/netstack/tun/wireguard_ep.go:50 +0x88

I ran ifconfig afterwords and it did not show utun7 as an interface. I'll look into this more tomorrow and let you know if anything happens.

d3xtrx avatar Jan 02 '24 10:01 d3xtrx

You can specify the interface by using the --tun utun7 option to the start (or start_tunnel) command.

https://github.com/nicocha30/ligolo-ng?tab=readme-ov-file#using-ligolo-ng

nicocha30 avatar Jan 02 '24 12:01 nicocha30

You can specify the interface by using the --tun utun7 option to the start (or start_tunnel) command.

https://github.com/nicocha30/ligolo-ng?tab=readme-ov-file#using-ligolo-ng

lol whoops. i guess i cant help but make things harder for myself sometimes. passing the arg with --tun has the same effect. When selecting devices that are already created they are deemed 'busy'. I realized tunnelblick uses openvpn so I created wireguard utun interfaces with the same 'device busy' result.

From what I can tell, the wireguard-go implementation (at least for macos) is attempting to create an interface via CreateTUN() in tun_darwin.go . when ran with sudo it seems this is successful until the m.wgdev.Read call in the dispatchLoop() function within wireguard_ep.go. I will experiment more tomorrow but will most likely need to reach out to the maintainers for the go implementation. Maybe its something with the buffer offset? ¯_(ツ)_/¯

I'll do more digging tomorrow

d3xtrx avatar Jan 02 '24 23:01 d3xtrx

did it work in Mac os for creating a tun/tap ?

RajChowdhury240 avatar Mar 31 '24 16:03 RajChowdhury240

Ligolo-ng v0.6.1 adds support for MacOS

nicocha30 avatar Jun 23 '24 17:06 nicocha30

Any guide how to use it on mac , i faced some issues still with tuntap ?

RajChowdhury240 avatar Jul 03 '24 21:07 RajChowdhury240

Any guide how to use it on mac , i faced some issues still with tuntap ?

Explain "some issues" please.

nicocha30 avatar Jul 04 '24 05:07 nicocha30