innernet icon indicating copy to clipboard operation
innernet copied to clipboard
verified publisher icon tonarino

can innernet-server node also become a member?

Open Oaklight opened this issue 1 year ago • 10 comments

I have deployed a innernet-server on my vps. but meanwhile I want to connect this vps to a cidr reserved for all my cloud machines. Can this be achievable? I tried create a peer toml for this server vps, but innernet install xxx.toml with neither original interface nor altered interface name works.

Oaklight avatar Mar 02 '25 16:03 Oaklight

Hey @Oaklight, there are a couple issues related to what you're trying:

  • https://github.com/tonarino/innernet/issues/45
  • https://github.com/tonarino/innernet/issues/135

The short answer is that this is currently not supported, but given that your VPS is the innernet-server, it should be accessible to all peers on the innernet network.

bschwind avatar Mar 03 '25 02:03 bschwind

The attempt to include server as peer was out of the expectation to connect to peers from server. Because when I check the /etc/hosts from the server machine, the peers are not visible.

Oaklight avatar Mar 03 '25 05:03 Oaklight

@Oaklight oh, that was just beause the server doesn't currently write to /etc/hosts, but the peers are fully reachable form it using their innernet IPs.

strohel avatar Mar 03 '25 07:03 strohel

is writing to /etc/hosts for server machine something we can expect in the foreseeable future? Also, how do we re-generate invites if something needs to be changed before its redeemed?

Oaklight avatar Mar 03 '25 07:03 Oaklight

is writing to /etc/hosts for server machine something we can expect in the foreseeable future?

That should be pretty easy to do I would think, just mirror how the client does it already. We just haven't...done it yet.

Also, how do we re-generate invites if something needs to be changed before its redeemed?

You should be able to re-generate the invite, though I suppose if the invitation hasn't expired you may need to delete it on the server. Sorry, I haven't done this workflow in awhile, what error do you get when you try?

bschwind avatar Mar 03 '25 08:03 bschwind

This is already great work. I understand maintaining features outside the company's primary use case takes extra effort.

As for regenerating the invite, I don't find an option to remove peer:

Usage: innernet-server [OPTIONS] <COMMAND>

Commands:
  new           Create a new network
  uninstall     Permanently uninstall a created network, rendering it unusable. Use with care
  serve         Serve the coordinating server for an existing network
  add-peer      Add a peer to an existing network
  disable-peer  Disable an enabled peer
  enable-peer   Enable a disabled peer
  rename-peer   Rename an existing peer
  add-cidr      Add a new CIDR to an existing network
  delete-cidr   Delete a CIDR
  completions   Generate shell completion scripts
  help          Print this message or the help of the given subcommand(s)

Options:
  -c, --config-dir <CONFIG_DIR>  [default: /etc/innernet-server]
  -d, --data-dir <DATA_DIR>      [default: /var/lib/innernet-server]
      --no-routing               Whether the routing should be done by innernet or is done by an external
                                 tool like e.g. babeld
      --backend <BACKEND>        Specify a WireGuard backend to use. If not set, innernet will auto-select
                                 based on availability [default: kernel] [possible values: kernel,
                                 userspace]
      --mtu <MTU>                Specify the desired MTU for your interface (default: 1280)
  -h, --help                     Print help
  -V, --version                  Print version

the option I tried was to wait until the invite expired and redo the add-peer, but that unfortunately took 2 weeks....

Oaklight avatar Mar 03 '25 10:03 Oaklight

@Oaklight right, there's no command for it. I believe you would have to delete the peer via an sqlite query, something like this:

DELETE FROM peers
WHERE is_redeemed = 0

You can of course tack on other conditions or just delete the exact peer directly, but I'll let you read up on the discussion on peer deletion and the rationale for making it not easy:

  • https://github.com/tonarino/innernet/issues/9
  • https://github.com/tonarino/innernet/issues/139

Sorry this probably isn't a great introduction to using innernet. Our typical workflow if we want to remove a peer is to disable the one we made and simply create a new one. I know if the CIDR you set up has a limited number of IPs this can be annoying, but just know you can always manually fix things up in sqlite (after taking a backup!) if needed.

bschwind avatar Mar 03 '25 11:03 bschwind

is writing to /etc/hosts for server machine something we can expect in the foreseeable future?

That should be pretty easy to do I would think, just mirror how the client does it already. We just haven't...done it yet.

Really, that's all that's needed? I've spent far more time working around this and setting up relay servers than it probably would have taken to just fix this. And that's just me, not every other user that has bumped up against this limitation!

I'll try to have a look at it myself and if it really that easy maybe I can contribute. In any case know that this would be a high-value addition.

alerque avatar Mar 03 '25 12:03 alerque

@alerque I believe it should be similar to the client logic, barring any sort of weird networking gotchas I'm unaware of. We made a separate library just for the purpose of writing to /etc/hosts (or any particular hostfile path) in a non-destructive manner, so that should be easily re-usable from the server. I'll take a look at the code now.

Sorry to hear you spent so much time on relay servers and such to work around it!

bschwind avatar Mar 03 '25 12:03 bschwind

@alerque I started #336 which should more or less implement the functionality for the serve command. Let's continue the conversation there to decide how we want this all to behave.

bschwind avatar Mar 03 '25 14:03 bschwind