Make testing lighthouses optional

slackhq · Apr 20, 2023 · 3eab639 · 3eab639
1 parent 397fe5f
commit 3eab639
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 1 deletion.
diff --git a/connection_manager.go b/connection_manager.go
@@ -215,7 +215,7 @@ func (n *connectionManager) doTrafficCheck(localIndex uint32, p, nb, out []byte,
 			n.sendPunch(hostinfo)
 		}
 
-		if n.intf.lightHouse.IsLighthouseIP(hostinfo.vpnIp) {
+		if !n.punchy.GetTestLighthouses() && n.intf.lightHouse.IsLighthouseIP(hostinfo.vpnIp) {
 			// We are sending traffic to the lighthouse, let recv_error sort out any issues instead of testing the tunnel
 			n.trafficTimer.Add(hostinfo.localIndexId, n.checkInterval)
 			return

diff --git a/examples/config.yml b/examples/config.yml
@@ -42,6 +42,13 @@ lighthouse:
   hosts:
     - "192.168.100.1"
 
+  # Toggle sending test packets to lighthouse hosts to assert the tunnels are still viable.
+  # Disabling sending test packets to lighthouses can reduce bookkeeping traffic
+  # and load on lighthouses with many tunnels.
+  # Setting to false may lead to connectivity issues if a lighthouse host is behind a NAT or firewall that
+  # tracks outbound packets from the lighthouse to the clients.
+  #test: true
+
   # remote_allow_list allows you to control ip ranges that this node will
   # consider when handshaking to another node. By default, any remote IPs are
   # allowed. You can provide CIDRs here with `true` to allow and `false` to

diff --git a/punchy.go b/punchy.go
@@ -14,6 +14,7 @@ type Punchy struct {
 	delay           atomic.Int64
 	respondDelay    atomic.Int64
 	punchEverything atomic.Bool
+	testLighthouses atomic.Bool
 	l               *logrus.Logger
 }
 
@@ -87,6 +88,13 @@ func (p *Punchy) reload(c *config.C, initial bool) {
 			p.l.Infof("punchy.respond_delay changed to %s", p.GetRespondDelay())
 		}
 	}
+
+	if initial || c.HasChanged("lighthouse.test") {
+		p.testLighthouses.Store(c.GetBool("lighthouse.test", true))
+		if !initial {
+			p.l.Infof("lighthouse.test changed to %v", p.GetTestLighthouses())
+		}
+	}
 }
 
 func (p *Punchy) GetPunch() bool {
@@ -108,3 +116,7 @@ func (p *Punchy) GetRespondDelay() time.Duration {
 func (p *Punchy) GetTargetEverything() bool {
 	return p.punchEverything.Load()
 }
+
+func (p *Punchy) GetTestLighthouses() bool {
+	return p.testLighthouses.Load()
+}