sandialabs · Aptimex · Aug 1, 2024 · Jul 31, 2024 · Aug 1, 2024 · Aug 1, 2024
diff --git a/README.md b/README.md
@@ -97,8 +97,8 @@ Endpoint = 172.17.0.2:51821
 server config: wiretap_server.conf
 
 server command:
-POSIX Shell:  WIRETAP_RELAY_INTERFACE_PRIVATEKEY=WDH8F6rSUZDyQFfEsRjWLCnapU254qrSAfpGyGs+N1Y= WIRETAP_RELAY_PEER_PUBLICKEY=Ta75SvIb2v2V8EDo6oE2Fvsys/CNlkzW+aPjxdY+Dlc= WIRETAP_RELAY_PEER_ENDPOINT=1.3.3.7:1337 WIRETAP_E2EE_INTERFACE_PRIVATEKEY=GKzGBe3qS7JuLp0vMAErBW6lAewvmFowCIbcgwzComg= WIRETAP_E2EE_PEER_PUBLICKEY=cXddDGWCzd5igux4FDv97XBsyLH0SRPehhTz3E2IXBM= WIRETAP_E2EE_PEER_ENDPOINT=172.16.0.1:51821 ./wiretap serve
- PowerShell:  $env:WIRETAP_RELAY_INTERFACE_PRIVATEKEY="WDH8F6rSUZDyQFfEsRjWLCnapU254qrSAfpGyGs+N1Y="; $env:WIRETAP_RELAY_PEER_PUBLICKEY="Ta75SvIb2v2V8EDo6oE2Fvsys/CNlkzW+aPjxdY+Dlc="; $env:WIRETAP_RELAY_PEER_ENDPOINT="1.3.3.7:1337"; $env:WIRETAP_E2EE_INTERFACE_PRIVATEKEY="GKzGBe3qS7JuLp0vMAErBW6lAewvmFowCIbcgwzComg="; $env:WIRETAP_E2EE_PEER_PUBLICKEY="cXddDGWCzd5igux4FDv97XBsyLH0SRPehhTz3E2IXBM="; $env:WIRETAP_E2EE_PEER_ENDPOINT="172.16.0.1:51821"; .\wiretap.exe serve
+POSIX Shell:  WIRETAP_RELAY_INTERFACE_PRIVATEKEY=WDH8F6rSUZDyQFfEsRjWLCnapU254qrSAfpGyGs+N1Y= WIRETAP_RELAY_INTERFACE_PORT=51820 WIRETAP_RELAY_PEER_PUBLICKEY=Ta75SvIb2v2V8EDo6oE2Fvsys/CNlkzW+aPjxdY+Dlc= WIRETAP_RELAY_PEER_ENDPOINT=1.3.3.7:1337 WIRETAP_E2EE_INTERFACE_PRIVATEKEY=GKzGBe3qS7JuLp0vMAErBW6lAewvmFowCIbcgwzComg= WIRETAP_E2EE_PEER_PUBLICKEY=cXddDGWCzd5igux4FDv97XBsyLH0SRPehhTz3E2IXBM= WIRETAP_E2EE_PEER_ENDPOINT=172.16.0.1:51821 ./wiretap serve
+ PowerShell:  $env:WIRETAP_RELAY_INTERFACE_PRIVATEKEY="WDH8F6rSUZDyQFfEsRjWLCnapU254qrSAfpGyGs+N1Y="; $env:WIRETAP_RELAY_INTERFACE_PORT="51820"; $env:WIRETAP_RELAY_PEER_PUBLICKEY="Ta75SvIb2v2V8EDo6oE2Fvsys/CNlkzW+aPjxdY+Dlc="; $env:WIRETAP_RELAY_PEER_ENDPOINT="1.3.3.7:1337"; $env:WIRETAP_E2EE_INTERFACE_PRIVATEKEY="GKzGBe3qS7JuLp0vMAErBW6lAewvmFowCIbcgwzComg="; $env:WIRETAP_E2EE_PEER_PUBLICKEY="cXddDGWCzd5igux4FDv97XBsyLH0SRPehhTz3E2IXBM="; $env:WIRETAP_E2EE_PEER_ENDPOINT="172.16.0.1:51821"; .\wiretap.exe serve
 Config File:  ./wiretap serve -f wiretap_server.conf
 ```
 
@@ -206,8 +206,8 @@ Endpoint = 172.17.0.3:51821
 
 server config: wiretap_server_1.conf
 
-POSIX Shell:  WIRETAP_RELAY_INTERFACE_PRIVATEKEY=sLERnxT2+VdwwcJOTUHK5fa5sIN7oJ1Jww9n42txrEQ= WIRETAP_RELAY_INTERFACE_IPV4=172.17.0.3 WIRETAP_RELAY_INTERFACE_IPV6=fd:17::3 WIRETAP_RELAY_PEER_PUBLICKEY=kMj7HwfYYFO/XEHNFK2kz9cBd7vTHk63fhygyuYLMzI= WIRETAP_RELAY_PEER_ALLOWED=172.16.0.0/16,fd:16::/40 WIRETAP_RELAY_PEER_ENDPOINT=10.0.0.2:51820 WIRETAP_E2EE_INTERFACE_PRIVATEKEY=uF79x5X8q3Vd/ajWMR5XyDt/haahtpy5PkJj9b+OaUE= WIRETAP_E2EE_INTERFACE_API=::3 WIRETAP_E2EE_PEER_PUBLICKEY=cXddDGWCzd5igux4FDv97XBsyLH0SRPehhTz3E2IXBM= WIRETAP_E2EE_PEER_ENDPOINT=172.16.0.1:51821 ./wiretap serve
- PowerShell:  $env:WIRETAP_RELAY_INTERFACE_PRIVATEKEY="sLERnxT2+VdwwcJOTUHK5fa5sIN7oJ1Jww9n42txrEQ="; $env:WIRETAP_RELAY_INTERFACE_IPV4="172.17.0.3"; $env:WIRETAP_RELAY_INTERFACE_IPV6="fd:17::3"; $env:WIRETAP_RELAY_PEER_PUBLICKEY="kMj7HwfYYFO/XEHNFK2kz9cBd7vTHk63fhygyuYLMzI="; $env:WIRETAP_RELAY_PEER_ALLOWED="172.16.0.0/16,fd:16::/40"; $env:WIRETAP_RELAY_PEER_ENDPOINT="10.0.0.2:51820"; $env:WIRETAP_E2EE_INTERFACE_PRIVATEKEY="uF79x5X8q3Vd/ajWMR5XyDt/haahtpy5PkJj9b+OaUE="; $env:WIRETAP_E2EE_INTERFACE_API="::3"; $env:WIRETAP_E2EE_PEER_PUBLICKEY="cXddDGWCzd5igux4FDv97XBsyLH0SRPehhTz3E2IXBM="; $env:WIRETAP_E2EE_PEER_ENDPOINT="172.16.0.1:51821"; .\wiretap.exe serve
+POSIX Shell:  WIRETAP_RELAY_INTERFACE_PRIVATEKEY=sLERnxT2+VdwwcJOTUHK5fa5sIN7oJ1Jww9n42txrEQ= WIRETAP_RELAY_INTERFACE_PORT=51820 WIRETAP_RELAY_INTERFACE_IPV4=172.17.0.3 WIRETAP_RELAY_INTERFACE_IPV6=fd:17::3 WIRETAP_RELAY_PEER_PUBLICKEY=kMj7HwfYYFO/XEHNFK2kz9cBd7vTHk63fhygyuYLMzI= WIRETAP_RELAY_PEER_ALLOWED=172.16.0.0/16,fd:16::/40 WIRETAP_RELAY_PEER_ENDPOINT=10.0.0.2:51820 WIRETAP_E2EE_INTERFACE_PRIVATEKEY=uF79x5X8q3Vd/ajWMR5XyDt/haahtpy5PkJj9b+OaUE= WIRETAP_E2EE_INTERFACE_API=::3 WIRETAP_E2EE_PEER_PUBLICKEY=cXddDGWCzd5igux4FDv97XBsyLH0SRPehhTz3E2IXBM= WIRETAP_E2EE_PEER_ENDPOINT=172.16.0.1:51821 ./wiretap serve
+ PowerShell:  $env:WIRETAP_RELAY_INTERFACE_PRIVATEKEY="sLERnxT2+VdwwcJOTUHK5fa5sIN7oJ1Jww9n42txrEQ="; $env:WIRETAP_RELAY_INTERFACE_PORT="51820"; $env:WIRETAP_RELAY_INTERFACE_IPV4="172.17.0.3"; $env:WIRETAP_RELAY_INTERFACE_IPV6="fd:17::3"; $env:WIRETAP_RELAY_PEER_PUBLICKEY="kMj7HwfYYFO/XEHNFK2kz9cBd7vTHk63fhygyuYLMzI="; $env:WIRETAP_RELAY_PEER_ALLOWED="172.16.0.0/16,fd:16::/40"; $env:WIRETAP_RELAY_PEER_ENDPOINT="10.0.0.2:51820"; $env:WIRETAP_E2EE_INTERFACE_PRIVATEKEY="uF79x5X8q3Vd/ajWMR5XyDt/haahtpy5PkJj9b+OaUE="; $env:WIRETAP_E2EE_INTERFACE_API="::3"; $env:WIRETAP_E2EE_PEER_PUBLICKEY="cXddDGWCzd5igux4FDv97XBsyLH0SRPehhTz3E2IXBM="; $env:WIRETAP_E2EE_PEER_ENDPOINT="172.16.0.1:51821"; .\wiretap.exe serve
 Config File:  ./wiretap serve -f wiretap_server_1.conf
 ```
 
@@ -388,7 +388,7 @@ Available Commands:
 
 Flags:
   -h, --help          help for wiretap
-      --show-hidden   show hidden flag options
+  -H, --show-hidden   show hidden flag options
   -v, --version       version for wiretap
 
 Use "wiretap [command] --help" for more information about a command.

diff --git a/src/cmd/add.go b/src/cmd/add.go
@@ -9,7 +9,6 @@ import (
 type addCmdConfig struct {
 	endpoint  string
 	outbound  bool
-	port      int
 	keepalive int
 }
 
@@ -18,7 +17,6 @@ type addCmdConfig struct {
 var addCmdArgs = addCmdConfig{
 	endpoint:  Endpoint,
 	outbound:  false,
-	port:      USE_ENDPOINT_PORT,
 	keepalive: Keepalive,
 }
 
@@ -35,7 +33,6 @@ func init() {
 
 	addCmd.PersistentFlags().StringVarP(&addCmdArgs.endpoint, "endpoint", "e", addCmdArgs.endpoint, "[REQUIRED] socket address of wireguard listener; client address if inbound handshake and server address if outbound (example \"1.2.3.4:51820\")")
 	addCmd.PersistentFlags().BoolVar(&addCmdArgs.outbound, "outbound", addCmdArgs.outbound, "use endpoint to initiate handshake out to server instead of the other way around")
-	addCmd.PersistentFlags().IntVarP(&addCmdArgs.port, "port", "p", addCmdArgs.port, "port of wireguard listener; client port if inbound handshake and server port if outbound")
 
 	addCmd.PersistentFlags().IntVarP(&addCmdArgs.keepalive, "keepalive", "k", addCmdArgs.keepalive, "tunnel keepalive in seconds")
 

diff --git a/src/cmd/add_client.go b/src/cmd/add_client.go
@@ -24,6 +24,7 @@ type addClientCmdConfig struct {
 	outputConfigFileE2EE  string
 	serverAddress         string
 	mtu                   int
+	port                  int
 }
 
 var addClientCmdArgs = addClientCmdConfig{
@@ -33,6 +34,7 @@ var addClientCmdArgs = addClientCmdConfig{
 	outputConfigFileE2EE:  ConfigE2EE,
 	serverAddress:         "",
 	mtu:                   MTU,
+	port:                  USE_ENDPOINT_PORT,
 }
 
 // addClientCmd represents the client command.
@@ -49,7 +51,9 @@ func init() {
 	addCmd.AddCommand(addClientCmd)
 
 	addClientCmd.Flags().StringVarP(&addClientCmdArgs.serverAddress, "server-address", "s", addClientCmdArgs.serverAddress, "API address of server that new client will connect to. By default new clients connect to existing relay servers")
+	addClientCmd.Flags().IntVarP(&addClientCmdArgs.port, "port", "p", addClientCmdArgs.port, "port of wireguard listener to start; server port if --outbound, client port otherwise. Default is the port specified in --endpoint")
 	addClientCmd.Flags().IntVarP(&addClientCmdArgs.mtu, "mtu", "m", addClientCmdArgs.mtu, "tunnel MTU")
+
 	addClientCmd.Flags().StringVarP(&addClientCmdArgs.outputConfigFileRelay, "relay-output", "", addClientCmdArgs.outputConfigFileRelay, "filename of output relay config file")
 	addClientCmd.Flags().StringVarP(&addClientCmdArgs.outputConfigFileE2EE, "e2ee-output", "", addClientCmdArgs.outputConfigFileE2EE, "filename of output E2EE config file")
 	addClientCmd.Flags().StringVarP(&addClientCmdArgs.inputConfigFileRelay, "relay-input", "", addClientCmdArgs.inputConfigFileRelay, "filename of input relay config file")
@@ -101,8 +105,8 @@ func (c addClientCmdConfig) Run() {
 		disableV6 = true
 	}
 
-	if addArgs.port == USE_ENDPOINT_PORT {
-		addArgs.port = portFromEndpoint(addArgs.endpoint);
+	if c.port == USE_ENDPOINT_PORT {
+		c.port = portFromEndpoint(addArgs.endpoint);
 	}
 
 	// Make new configs for client.
@@ -111,7 +115,7 @@ func (c addClientCmdConfig) Run() {
 		relayAddrs = append(relayAddrs, addresses.NextClientRelayAddr6.String()+"/128")
 	}
 	clientConfigRelay, err := peer.GetConfig(peer.ConfigArgs{
-		ListenPort: addArgs.port,
+		ListenPort: c.port,
 		Addresses:  relayAddrs,
 	})
 	check("failed to generate client relay config", err)

diff --git a/src/cmd/add_server.go b/src/cmd/add_server.go
@@ -24,6 +24,7 @@ type addServerCmdConfig struct {
 	configFileE2EE   string
 	configFileServer string
 	writeToClipboard bool
+	port             int
 }
 
 var addServerCmdArgs = addServerCmdConfig{
@@ -33,6 +34,7 @@ var addServerCmdArgs = addServerCmdConfig{
 	configFileE2EE:   ConfigE2EE,
 	configFileServer: ConfigServer,
 	writeToClipboard: false,
+	port:             USE_ENDPOINT_PORT,
 }
 
 // addServerCmd represents the server command.
@@ -50,10 +52,12 @@ func init() {
 
 	addServerCmd.Flags().StringSliceVarP(&addServerCmdArgs.allowedIPs, "routes", "r", addServerCmdArgs.allowedIPs, "[REQUIRED] CIDR IP ranges that will be routed through wiretap")
 	addServerCmd.Flags().StringVarP(&addServerCmdArgs.serverAddress, "server-address", "s", addServerCmdArgs.serverAddress, "API address of server that new server will connect to, connects to client by default")
+	addServerCmd.Flags().IntVarP(&addServerCmdArgs.port, "port", "p", addServerCmdArgs.port, "listener port to start on new server for wireguard relay. If --outbound, default is the port specified in --endpoint; otherwise default is 51820")
+	addServerCmd.Flags().BoolVarP(&addServerCmdArgs.writeToClipboard, "clipboard", "c", addServerCmdArgs.writeToClipboard, "copy configuration args to clipboard")
+
 	addServerCmd.Flags().StringVarP(&addServerCmdArgs.configFileRelay, "relay-input", "", addServerCmdArgs.configFileRelay, "filename of input relay config file")
 	addServerCmd.Flags().StringVarP(&addServerCmdArgs.configFileE2EE, "e2ee-input", "", addServerCmdArgs.configFileE2EE, "filename of input E2EE config file")
 	addServerCmd.Flags().StringVarP(&addServerCmdArgs.configFileServer, "server-output", "", addServerCmdArgs.configFileServer, "filename of server config output file")
-	addServerCmd.Flags().BoolVarP(&addServerCmdArgs.writeToClipboard, "clipboard", "c", addServerCmdArgs.writeToClipboard, "copy configuration args to clipboard")
 
 	err := addServerCmd.MarkFlagRequired("routes")
 	check("failed to mark flag required", err)
@@ -328,15 +332,18 @@ func (c addServerCmdConfig) Run() {
 		clientConfigRelay = leafServerConfigRelay
 	}
 
-	// Use a reasonable default for server listening ports
-	if addArgs.port == USE_ENDPOINT_PORT {
-		addArgs.port = Port;
-	}
-
-	if addArgs.port != Port {
-		err = serverConfigRelay.SetPort(addArgs.port)
-		check("failed to set port", err)
+	// Set port defaults
+	if c.port == USE_ENDPOINT_PORT {
+		if addArgs.outbound { //for outbound, default port is same as endpoint port
+			c.port = portFromEndpoint(addArgs.endpoint)
+			
+		} else { //for inbound, use a reasonable default for server relay listening port
+			c.port = Port;
+		}
 	}
+
+	err = serverConfigRelay.SetPort(c.port)
+	check("failed to set port", err)
 
 	// Overwrite Relay file with new server peer if adding a server directly to the client.
 	var fileStatusRelay string

diff --git a/src/cmd/configure.go b/src/cmd/configure.go
@@ -177,6 +177,10 @@ func (c configureCmdConfig) Run() {
 	if c.port == USE_ENDPOINT_PORT {
 		c.port = portFromEndpoint(c.endpoint);
 	}
+
+	err = serverConfigRelay.SetPort(Port)
+	check("failed to set port", err)
+
 
 	clientConfigRelayArgs := peer.ConfigArgs{
 		ListenPort: c.port,