feat: переименован allowed_subnet в route_subnet, добавлено управление системными маршрутами

- Переименовано поле allowed_subnets -> route_subnets в конфигурации - Обновлен парсинг конфига: allowed_subnet -> route_subnet - Создан новый модуль tun_route для управления системными маршрутами - Linux: реализация через netlink sockets с fallback на ip route - Windows: реализация через IP Helper API - BSD: реализация через routing sockets с fallback на route - При запуске: автоматическое добавление маршрутов route_subnet на TUN интерфейс - При завершении: автоматическое удаление всех маршрутов через tun_route_flush - Обновлены Makefile.am для сборки новых файлов
2 months ago · 4cd22b1513
11 changed files with 537 additions and 53 deletions
--- a/.gitignore
+++ b/.gitignore
@ -61,6 +61,8 @@ tests/test_*
 # Local configs
 *.cfg
 !utun_test.cfg
 utun.conf
 !utun.conf.sample
 # MSVC temp files
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -10,6 +10,7 @@ utun_CORE_SOURCES = \
 	route_bgp.c \
 	routing.c \
 	tun_if.c \
 	tun_route.c \
 	etcp.c \
 	etcp_connections.c \
 	etcp_loadbalancer.c \
--- a/src/config_parser.c
+++ b/src/config_parser.c
@ -509,8 +509,8 @@ static struct utun_config* parse_config_internal(FILE *fp, const char *filename)
                }
                break;
            case SECTION_ROUTING:
-                if (strcmp(key, "allowed_subnet") == 0) {
+                if (strcmp(key, "route_subnet") == 0) {
-                    add_route_entry(&cfg->allowed_subnets, value);
+                    add_route_entry(&cfg->route_subnets, value);
                } else if (strcmp(key, "my_subnet") == 0) {
                    add_route_entry(&cfg->my_subnets, value);
                }
@ -584,7 +584,7 @@ void free_config(struct utun_config *config) {
    }
    // Free route entries
-    free_route_entries(config->allowed_subnets);
+    free_route_entries(config->route_subnets);
    free_route_entries(config->my_subnets);
    free(config);
@ -647,8 +647,8 @@ void print_config(const struct utun_config *cfg) {
        c = c->next;
    }
-    printf("\nAllowed Subnets:\n");
+    printf("\nRoute Subnets:\n");
-    struct CFG_ROUTE_ENTRY *allowed = cfg->allowed_subnets;
+    struct CFG_ROUTE_ENTRY *allowed = cfg->route_subnets;
    while (allowed) {
        printf("  %s/%d\n", ip_to_string(&allowed->ip, ip_buffer, sizeof(ip_buffer)), allowed->netmask);
        allowed = allowed->next;
--- a/src/config_parser.h
+++ b/src/config_parser.h
@ -83,7 +83,7 @@ struct utun_config {
    struct global_config global;
    struct CFG_SERVER* servers;
    struct CFG_CLIENT* clients;
-    struct CFG_ROUTE_ENTRY* allowed_subnets;
+    struct CFG_ROUTE_ENTRY* route_subnets;
    struct CFG_ROUTE_ENTRY* my_subnets;
 };
--- a/src/tun_route.c
+++ b/src/tun_route.c
@ -0,0 +1,429 @@
 // tun_route.c - Cross-platform system routing table management
 // Linux: netlink sockets, Windows: IP Helper API, BSD: routing sockets
 #include "tun_route.h"
 #include "config_parser.h"
 #include "../lib/debug_config.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
 // Platform detection
 #ifdef _WIN32
    #include <windows.h>
    #include <winsock2.h>
    #include <ws2tcpip.h>
    #include <iphlpapi.h>
 #elif defined(__linux__)
    #include <linux/netlink.h>
    #include <linux/rtnetlink.h>
    #include <sys/socket.h>
    #include <unistd.h>
    #include <net/if.h>
 #elif defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__APPLE__)
    #include <sys/socket.h>
    #include <net/route.h>
    #include <net/if.h>
    #include <netinet/in.h>
    #include <unistd.h>
 #endif
 // Convert prefix length to netmask
 static uint32_t prefix_to_netmask(uint8_t prefix_len) {
    return (prefix_len == 0) ? 0 : htonl(~((1U << (32 - prefix_len)) - 1));
 }
 #ifdef __linux__
 // Linux netlink implementation
 struct nl_req {
    struct nlmsghdr nl;
    struct rtmsg rt;
    char buf[256];
 };
 static int netlink_route(int ifindex, uint32_t network, uint8_t prefix_len, int cmd, int flags) {
    int fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE);
    if (fd < 0) {
        DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Failed to create netlink socket: %s", strerror(errno));
        return -1;
    }
    struct nl_req req;
    memset(&req, 0, sizeof(req));
    req.nl.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
    req.nl.nlmsg_type = cmd;  // RTM_NEWROUTE or RTM_DELROUTE
    req.nl.nlmsg_flags = flags | NLM_F_REQUEST;
    req.nl.nlmsg_seq = 1;
    req.nl.nlmsg_pid = getpid();
    req.rt.rtm_family = AF_INET;
    req.rt.rtm_table = RT_TABLE_MAIN;
    req.rt.rtm_protocol = RTPROT_STATIC;
    req.rt.rtm_scope = RT_SCOPE_UNIVERSE;
    req.rt.rtm_type = RTN_UNICAST;
    req.rt.rtm_dst_len = prefix_len;
    // Add destination address attribute
    struct rtattr *rta = (struct rtattr *)(((char *)&req) + NLMSG_ALIGN(req.nl.nlmsg_len));
    rta->rta_type = RTA_DST;
    rta->rta_len = RTA_LENGTH(4);
    memcpy(RTA_DATA(rta), &network, 4);
    req.nl.nlmsg_len = NLMSG_ALIGN(req.nl.nlmsg_len) + RTA_ALIGN(rta->rta_len);
    // Add output interface attribute
    rta = (struct rtattr *)(((char *)&req) + NLMSG_ALIGN(req.nl.nlmsg_len));
    rta->rta_type = RTA_OIF;
    rta->rta_len = RTA_LENGTH(4);
    memcpy(RTA_DATA(rta), &ifindex, 4);
    req.nl.nlmsg_len = NLMSG_ALIGN(req.nl.nlmsg_len) + RTA_ALIGN(rta->rta_len);
    if (send(fd, &req, req.nl.nlmsg_len, 0) < 0) {
        DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Failed to send netlink message: %s", strerror(errno));
        close(fd);
        return -1;
    }
    // Receive response
    char reply[4096];
    ssize_t len = recv(fd, reply, sizeof(reply), 0);
    if (len < 0) {
        DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Failed to receive netlink response: %s", strerror(errno));
        close(fd);
        return -1;
    }
    struct nlmsghdr *nl_hdr = (struct nlmsghdr *)reply;
    if (nl_hdr->nlmsg_type == NLMSG_ERROR) {
        struct nlmsgerr *err = (struct nlmsgerr *)NLMSG_DATA(nl_hdr);
        if (err->error < 0) {
            errno = -err->error;
            DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Netlink error: %s", strerror(errno));
            close(fd);
            return -1;
        }
    }
    close(fd);
    return 0;
 }
 // Fallback: use ip route command
 static int ip_route_cmd(const char *ifname, uint32_t network, uint8_t prefix_len, const char *cmd) {
    char network_str[INET_ADDRSTRLEN];
    struct in_addr addr;
    addr.s_addr = network;
    if (!inet_ntop(AF_INET, &addr, network_str, sizeof(network_str))) {
        return -1;
    }
    char cmdline[256];
    snprintf(cmdline, sizeof(cmdline), "ip route %s %s/%d dev %s 2>/dev/null",
             cmd, network_str, prefix_len, ifname);
    int ret = system(cmdline);
    return (ret == 0) ? 0 : -1;
 }
 int tun_route_add(const char *ifname, uint32_t network, uint8_t prefix_len) {
    int ifindex = if_nametoindex(ifname);
    if (ifindex == 0) {
        DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Interface %s not found", ifname);
        return -1;
    }
    network = htonl(network);
    // Try netlink first
    if (netlink_route(ifindex, network, prefix_len, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL) == 0) {
        return 0;
    }
    // Fallback to ip route command
    DEBUG_WARN(DEBUG_CATEGORY_TUN, "Netlink failed, trying ip route command for %s", ifname);
    return ip_route_cmd(ifname, ntohl(network), prefix_len, "add");
 }
 int tun_route_del(const char *ifname, uint32_t network, uint8_t prefix_len) {
    int ifindex = if_nametoindex(ifname);
    if (ifindex == 0) {
        DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Interface %s not found", ifname);
        return -1;
    }
    network = htonl(network);
    // Try netlink first
    if (netlink_route(ifindex, network, prefix_len, RTM_DELROUTE, 0) == 0) {
        return 0;
    }
    // Fallback to ip route command
    DEBUG_WARN(DEBUG_CATEGORY_TUN, "Netlink failed, trying ip route command for %s", ifname);
    return ip_route_cmd(ifname, ntohl(network), prefix_len, "del");
 }
 int tun_route_flush(const char *ifname) {
    // Use ip route flush as primary method - works reliably
    char cmdline[256];
    snprintf(cmdline, sizeof(cmdline), "ip route flush dev %s 2>/dev/null", ifname);
    int ret = system(cmdline);
    if (ret != 0) {
        // Fallback: try to list and delete routes one by one
        DEBUG_WARN(DEBUG_CATEGORY_TUN, "ip route flush failed, trying alternative method");
        snprintf(cmdline, sizeof(cmdline), 
                 "ip route show dev %s 2>/dev/null | while read r; do ip route del $r dev %s 2>/dev/null; done",
                 ifname, ifname);
        ret = system(cmdline);
    }
    return (ret == 0) ? 0 : -1;
 }
 #elif defined(_WIN32)
 // Windows IP Helper API implementation
 int tun_route_add(const char *ifname, uint32_t network, uint8_t prefix_len) {
    MIB_IPFORWARDROW route;
    memset(&route, 0, sizeof(route));
    route.dwForwardDest = htonl(network);
    route.dwForwardMask = prefix_to_netmask(prefix_len);
    route.dwForwardPolicy = 0;
    route.dwForwardNextHop = 0;  // On-link route
    route.dwForwardIfIndex = if_nametoindex(ifname);
    route.dwForwardType = MIB_IPROUTE_TYPE_DIRECT;
    route.dwForwardProto = MIB_IPPROTO_NETMGMT;
    route.dwForwardAge = 0;
    route.dwForwardNextHopAS = 0;
    route.dwForwardMetric1 = 1;
    route.dwForwardMetric2 = 0;
    route.dwForwardMetric3 = 0;
    route.dwForwardMetric4 = 0;
    route.dwForwardMetric5 = 0;
    DWORD ret = CreateIpForwardEntry(&route);
    if (ret != NO_ERROR) {
        DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Failed to add route: %lu", ret);
        return -1;
    }
    return 0;
 }
 int tun_route_del(const char *ifname, uint32_t network, uint8_t prefix_len) {
    MIB_IPFORWARDROW route;
    memset(&route, 0, sizeof(route));
    route.dwForwardDest = htonl(network);
    route.dwForwardMask = prefix_to_netmask(prefix_len);
    route.dwForwardIfIndex = if_nametoindex(ifname);
    DWORD ret = DeleteIpForwardEntry(&route);
    if (ret != NO_ERROR) {
        DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Failed to delete route: %lu", ret);
        return -1;
    }
    return 0;
 }
 int tun_route_flush(const char *ifname) {
    PMIB_IPFORWARDTABLE table = NULL;
    DWORD size = 0;
    DWORD ret;
    DWORD ifindex = if_nametoindex(ifname);
    if (ifindex == 0) {
        return -1;
    }
    // Get table size
    ret = GetIpForwardTable(NULL, &size, 0);
    if (ret != ERROR_INSUFFICIENT_BUFFER) {
        return -1;
    }
    table = (PMIB_IPFORWARDTABLE)malloc(size);
    if (!table) return -1;
    ret = GetIpForwardTable(table, &size, 0);
    if (ret != NO_ERROR) {
        free(table);
        return -1;
    }
    // Delete all routes for this interface
    for (DWORD i = 0; i < table->dwNumEntries; i++) {
        if (table->table[i].dwForwardIfIndex == ifindex) {
            DeleteIpForwardEntry(&table->table[i]);
        }
    }
    free(table);
    return 0;
 }
 #else
 // BSD / macOS routing socket implementation
 static int routing_socket_cmd(int ifindex, uint32_t network, uint8_t prefix_len, int cmd) {
    int fd = socket(PF_ROUTE, SOCK_RAW, AF_INET);
    if (fd < 0) {
        DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Failed to create routing socket: %s", strerror(errno));
        return -1;
    }
    uint8_t buf[512];
    memset(buf, 0, sizeof(buf));
    struct rt_msghdr *rtm = (struct rt_msghdr *)buf;
    rtm->rtm_msglen = sizeof(struct rt_msghdr);
    rtm->rtm_version = RTM_VERSION;
    rtm->rtm_type = cmd;  // RTM_ADD or RTM_DELETE
    rtm->rtm_index = ifindex;
    rtm->rtm_pid = getpid();
    rtm->rtm_addrs = RTA_DST | RTA_NETMASK | RTA_IFP;
    rtm->rtm_flags = RTF_UP | RTF_GATEWAY | RTF_STATIC;
    // Destination address (network)
    struct sockaddr_in *sin = (struct sockaddr_in *)(rtm + 1);
    sin->sin_family = AF_INET;
    sin->sin_len = sizeof(struct sockaddr_in);
    sin->sin_addr.s_addr = htonl(network);
    rtm->rtm_msglen += sizeof(struct sockaddr_in);
    // Netmask
    sin++;
    sin->sin_family = AF_INET;
    sin->sin_len = sizeof(struct sockaddr_in);
    sin->sin_addr.s_addr = prefix_to_netmask(prefix_len);
    rtm->rtm_msglen += sizeof(struct sockaddr_in);
    // Interface name
    sin++;
    struct sockaddr_dl *sdl = (struct sockaddr_dl *)sin;
    sdl->sdl_family = AF_LINK;
    sdl->sdl_index = ifindex;
    sdl->sdl_len = sizeof(struct sockaddr_dl);
    rtm->rtm_msglen += sizeof(struct sockaddr_dl);
    if (write(fd, rtm, rtm->rtm_msglen) < 0) {
        DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Failed to send routing message: %s", strerror(errno));
        close(fd);
        return -1;
    }
    // Read response
    ssize_t n = read(fd, buf, sizeof(buf));
    if (n >= sizeof(struct rt_msghdr)) {
        if (rtm->rtm_errno != 0) {
            errno = rtm->rtm_errno;
            DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Routing error: %s", strerror(errno));
            close(fd);
            return -1;
        }
    }
    close(fd);
    return 0;
 }
 // Fallback: use route command
 static int route_cmd(const char *ifname, uint32_t network, uint8_t prefix_len, const char *cmd) {
    char network_str[INET_ADDRSTRLEN];
    struct in_addr addr;
    addr.s_addr = htonl(network);
    if (!inet_ntop(AF_INET, &addr, network_str, sizeof(network_str))) {
        return -1;
    }
    char cmdline[256];
    snprintf(cmdline, sizeof(cmdline), "route %s -net %s/%d -interface %s 2>/dev/null",
             cmd, network_str, prefix_len, ifname);
    int ret = system(cmdline);
    return (ret == 0) ? 0 : -1;
 }
 int tun_route_add(const char *ifname, uint32_t network, uint8_t prefix_len) {
    int ifindex = if_nametoindex(ifname);
    if (ifindex == 0) {
        DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Interface %s not found", ifname);
        return -1;
    }
    // Try routing socket first
    if (routing_socket_cmd(ifindex, network, prefix_len, RTM_ADD) == 0) {
        return 0;
    }
    // Fallback to route command
    DEBUG_WARN(DEBUG_CATEGORY_TUN, "Routing socket failed, trying route command for %s", ifname);
    return route_cmd(ifname, network, prefix_len, "add");
 }
 int tun_route_del(const char *ifname, uint32_t network, uint8_t prefix_len) {
    int ifindex = if_nametoindex(ifname);
    if (ifindex == 0) {
        DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Interface %s not found", ifname);
        return -1;
    }
    // Try routing socket first
    if (routing_socket_cmd(ifindex, network, prefix_len, RTM_DELETE) == 0) {
        return 0;
    }
    // Fallback to route command
    DEBUG_WARN(DEBUG_CATEGORY_TUN, "Routing socket failed, trying route command for %s", ifname);
    return route_cmd(ifname, network, prefix_len, "delete");
 }
 int tun_route_flush(const char *ifname) {
    // Use route command to flush routes - more reliable on BSD
    char cmdline[256];
    snprintf(cmdline, sizeof(cmdline), 
             "route -n show -interface %s 2>/dev/null | grep -v '^[[:space:]]*#' | "
             "awk '/^[0-9]+\\./{print $1}' | while read r; do route delete -net $r 2>/dev/null; done",
             ifname);
    int ret = system(cmdline);
    return (ret == 0) ? 0 : -1;
 }
 #endif
 // Platform-independent functions
 int tun_route_add_all(const char *ifname, struct CFG_ROUTE_ENTRY *routes) {
    int count = 0;
    struct CFG_ROUTE_ENTRY *entry = routes;
    while (entry) {
        uint32_t network = ntohl(entry->ip.addr.v4.s_addr);
        if (entry->ip.family == AF_INET) {
            if (tun_route_add(ifname, network, entry->netmask) == 0) {
                char ip_str[INET_ADDRSTRLEN];
                struct in_addr addr;
                addr.s_addr = entry->ip.addr.v4.s_addr;
                inet_ntop(AF_INET, &addr, ip_str, sizeof(ip_str));
                DEBUG_INFO(DEBUG_CATEGORY_TUN, "Added route %s/%d via %s", ip_str, entry->netmask, ifname);
                count++;
            } else {
                char ip_str[INET_ADDRSTRLEN];
                struct in_addr addr;
                addr.s_addr = entry->ip.addr.v4.s_addr;
                inet_ntop(AF_INET, &addr, ip_str, sizeof(ip_str));
                DEBUG_ERROR(DEBUG_CATEGORY_TUN, "Failed to add route %s/%d via %s", ip_str, entry->netmask, ifname);
            }
        }
        entry = entry->next;
    }
    return count;
 }
--- a/src/tun_route.h
+++ b/src/tun_route.h
@ -0,0 +1,51 @@
 // tun_route.h - Cross-platform system routing table management
 #ifndef TUN_ROUTE_H
 #define TUN_ROUTE_H
 #include <stdint.h>
 #include <stddef.h>
 #ifdef __cplusplus
 extern "C" {
 #endif
 struct CFG_ROUTE_ENTRY;
 /**
 * @brief Add system route for a subnet via TUN interface
 * @param ifname Interface name (e.g., "tun0")
 * @param network Network address in host byte order
 * @param prefix_len Prefix length (1-32)
 * @return 0 on success, -1 on error
 */
 int tun_route_add(const char *ifname, uint32_t network, uint8_t prefix_len);
 /**
 * @brief Delete system route for a subnet via TUN interface
 * @param ifname Interface name (e.g., "tun0")
 * @param network Network address in host byte order
 * @param prefix_len Prefix length (1-32)
 * @return 0 on success, -1 on error
 */
 int tun_route_del(const char *ifname, uint32_t network, uint8_t prefix_len);
 /**
 * @brief Delete all system routes via specified interface
 * @param ifname Interface name (e.g., "tun0")
 * @return 0 on success, -1 on error
 */
 int tun_route_flush(const char *ifname);
 /**
 * @brief Add multiple routes from config entries
 * @param ifname Interface name (e.g., "tun0")
 * @param routes Linked list of route entries
 * @return Number of routes added successfully
 */
 int tun_route_add_all(const char *ifname, struct CFG_ROUTE_ENTRY *routes);
 #ifdef __cplusplus
 }
 #endif
 #endif /* TUN_ROUTE_H */
--- a/src/utun.conf
+++ b/src/utun.conf
@ -11,9 +11,9 @@ my_public_key=
 [routing]
-allowed_subnet=10.0.0.0/24 
+route_subnet=10.0.0.0/24 
-allowed_subnet=10.22.0.0/16
+route_subnet=10.22.0.0/16
-allowed_subnet=10.23.0.0/16
+route_subnet=10.23.0.0/16
 my_subnet=10.23.5.0/24
 my_subnet=10.23.6.0/24
--- a/src/utun_instance.c
+++ b/src/utun_instance.c
@ -3,6 +3,7 @@
 #include "config_parser.h"
 #include "config_updater.h"
 #include "tun_if.h"
 #include "tun_route.h"
 #include "route_lib.h"
 #include "routing.h"
 #include "route_bgp.h"
@ -100,6 +101,12 @@ static int instance_init_common(struct UTUN_INSTANCE* instance, struct UASYNC* u
            return -1;
        }
        DEBUG_INFO(DEBUG_CATEGORY_TUN, "TUN interface initialized: %s", instance->tun->ifname);
        // Add system routes for route_subnets
        if (config->route_subnets) {
            int added = tun_route_add_all(instance->tun->ifname, config->route_subnets);
            DEBUG_INFO(DEBUG_CATEGORY_TUN, "Added %d system routes for TUN interface", added);
        }
    } else {
        DEBUG_INFO(DEBUG_CATEGORY_TUN, "TUN initialization disabled - skipping TUN device setup");
        instance->tun = NULL;
@ -219,6 +226,11 @@ void utun_instance_destroy(struct UTUN_INSTANCE *instance) {
    // Cleanup TUN
    if (instance->tun) {
        DEBUG_INFO(DEBUG_CATEGORY_TUN, "Closing TUN interface: %s", instance->tun->ifname);
        // Flush all system routes for this interface
        tun_route_flush(instance->tun->ifname);
        DEBUG_INFO(DEBUG_CATEGORY_TUN, "Flushed system routes for %s", instance->tun->ifname);
        tun_close(instance->tun);
        instance->tun = NULL;
    }
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@ -72,6 +72,7 @@ ETCP_FULL_OBJS = \
 	$(top_builddir)/src/utun-route_bgp.o \
 	$(top_builddir)/src/utun-routing.o \
 	$(top_builddir)/src/utun-tun_if.o \
 	$(top_builddir)/src/utun-tun_route.o \
 	$(TUN_PLATFORM_OBJ) \
 	$(top_builddir)/src/utun-utun_instance.o \
 	$(ETCP_CORE_OBJS)
--- a/utun.conf
+++ b/utun.conf
@ -1,44 +0,0 @@
 [global]
 tun_ip=10.0.0.1
 mtu=1500  # MTU for all connections (0 = use default 1500)
 control_ip=127.0.0.1
 control_port=12345
 net_debug=0
 my_node_id=61be9d4cd3c60c2d
 my_private_key=1313912e5d34768983b0e06530a48c77816d228a5b5605e1ab3dc443d107a3dc
 my_public_key=dde6cec8a9023339a758f60883ef41534d24a1ffdc09bbb787a5c24ddfd891e3092461835a97d37944c681fc6b2c1f5acde8ad192f7d2cdc9920aa0d3ff78e99
 [routing]
 allowed_subnet=10.0.0.0/24 
 allowed_subnet=10.22.0.0/16
 allowed_subnet=10.23.0.0/16
 my_subnet=10.23.5.0/24
 my_subnet=10.23.6.0/24
 # секция server обязательна и у сервера и у клиента. это рабочий сокет.
 # мои адреса и каналы
 [server: lo0_test]
 addr=127.0.0.1:1330
 #so_mark=100
 #netif=eth0
 type=nat # public / nat / private
 [server: lan1]
 addr=192.168.29.117:1333
 so_mark=100
 netif=eth0
 type=public # public / nat / private
 [client: client_test1]
 # линки
 link=lo0_test:192.168.0.20:1234
 #link=wired1_fast:1.2.3.4:1234
 link=lan1:192.168.0.20:1234
 #link=wireless_bkp:1.2.3.4:1234
 keepalive=1
 peer_public_key=deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbe
--- a/utun.conf.sample
+++ b/utun.conf.sample
@ -0,0 +1,32 @@
 [global]
 tun_ip=10.0.0.1
 mtu=1500  # MTU for all connections (0 = use default 1500)
 control_ip=127.0.0.1
 control_port=12345
 net_debug=0
 my_node_id=
 my_private_key=
 my_public_key=
 [routing]
 route_subnet=10.0.0.0/24 
 route_subnet=10.23.0.0/16
 #allowed_subnet=10.23.0.0/16
 my_subnet=10.23.1.0/24
 # секция server обязательна и у сервера и у клиента. это рабочий сокет.
 # мои адреса и каналы
 [server: lo0_test]
 addr=127.0.0.1:1330
 #so_mark=100
 #netif=eth0
 type=nat # public / nat / private
 [server: lan1]
 addr=192.168.29.117:1333
 #so_mark=100
 #netif=eth0
 type=public # public / nat / private