• Windows
• MacOS
• Linux

It should just be a matter of adding the appropriate targets.

Hi, first thanks for this project, I did use it a year ago and since then I've been using the wireguard connection thanks to you. But last week wireguard started refusing to connnect so I would like to check again the endpoint configs.

But similar to #55 with the exception that "--no-browser" makes no difference, I can't get the token and the CLI keeps waiting and never gets the "Login successful"

There is something that I'm missing? I'm on the same PC using MozWire and Firefox

Running Arch Linux on a ThinkPad and installing 0.7.0 via AUR helper yay fails:

error[E0512]: cannot transmute between types of different sizes, or dependently-sized types
   --> /home/joshmock/.cargo/registry/src/github.com-1ecc6299db9ec823/socket2-0.3.12/src/sockaddr.rs:176:9
    |
176 |         mem::transmute::<SocketAddrV4, sockaddr_in>(v4);
    |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = note: source type: `SocketAddrV4` (48 bits)
    = note: target type: `sockaddr_in` (128 bits)

For more information about this error, try `rustc --explain E0512`.
error: could not compile `socket2` due to previous error
warning: build failed, waiting for other jobs to finish...
==> ERROR: A failure occurred in build().
    Aborting...
 -> error making: mozwire

I'm not sure if AUR packages use a preexisting compiler if available, but I'll note that I have the Rust compiler installed on my machine. So I ran rustup update, tried again, and got the same error.

I was able to get it to install via cargo install mozwire so perhaps the PKGBUILD scripts make some wrong assumptions about my environment?

The currently released version (0.7.0) no longer builds on Rust 1.64 because rust-lang/rust#78802 breaks socket2 versions older than 0.3.16. I noticed that the update to clap v3 on trunk also makes this necessary update. Would it be possible to schedule a release with this change, or schedule a patch release with an update to socket2?

In the meantime, I'll patch this in nixpkgs with those commits, so there isn't any urgency. Thank you!

Mullvad supports additional features. Maybe theses can be available for MozillaVPN users.

When I used the "mozwire relay save" command, it redirected me to "vpn.mozilla.org/vpn/client/login/deprecated"
I literally cannot use the VPN service
I am using Ubuntu 20.10 completely updated
The browser was Firefox, also latest version

Continuation of #59

We may want to document this somewhere

New devices replace previous devices such that only the latest is present. Is my assumption wrong that up to 5 devices should be supported?

$ mozwire device add --name Device1 --privkey $(wg genkey)
- Device1: FxOmxUSVRdHDOGVfaTTtAUxWm/BmV+MzSLbwcuViwUs=, 10.109.252.69/32,fc00:bbbb:bbbb:bb01::2e:fc44/128

$ mozwire device add --name Device2 --privkey $(wg genkey)
- Device2: WpxUFyw7kgAg6K9GhG1ewmKtNahCKvOy+Mkr22vEzmg=, 10.107.142.164/32,fc00:bbbb:bbbb:bb01::2c:8ea3/128

$ mozwire device list
Devices:
- Device2: WpxUFyw7kgAg6K9GhG1ewmKtNahCKvOy+Mkr22vEzmg=, 10.107.142.164/32,fc00:bbbb:bbbb:bb01::2c:8ea3/128

Perhaps unsurprisingly, the same behavior occurs with mozwire relay save.

Just trying to set mozwire up but whenever I run the mozwire command it just gives me the error

Invalid token (Format is Authorization: Bearer [token]).

Not sure why this is, been following the install instructions both for cargo and the pre-compiled binaries but nothing seems to work. Any help would be great!

Thanks

I've compiled mozwire from the sources, everything went fine. Thanks a lot for this tool, btw.
I was able to obtain configurations with mozwire relay save -o /etc/wireguard -n 0, the directory is filled with conf files.

However if I want to obtain the token I get the following error:

$ export MOZ_TOKEN=$(mozwire --print-token)
Invalid token (Format is Authorization: Bearer [token])

Any idea what I'm doing wrong?

Hello, thank you for maintaining this tool it's really useful.

I have been using mozwire for a few months whithout any issue, but a couple of days ago, seeing that mozilla had released their linux client I tried installing that to check it out. Unfortunately it didn't work on my machine, and, much worse, now mozwire doesn't work anymore.

Now, whenever I use wg-quick up I end up with:

[#] resolvconf -a tun.us112-wireguard -m 0 -x
Failed to resolve interface "tun": No such device
[#] ip link delete dev us112-wireguard

I have purged the mozillavpn package, removed my box from the allowed devices and tried repeating the configuration steps from the beginning:

$ export MOZ_TOKEN=$(mozwire --print-token)
$ mozwire relay save
$ sudo wg-quick up ./us112-wireguard.conf

but I still get that error.

Do you know what may be causing it?

Edit: for completeness

$ uname -a
Linux  5.8.0-41-generic #46~20.04.1-Ubuntu SMP Mon Jan 18 17:52:23 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

It's a travesty it wasn't done in the first place.

I tried to read through the code prior to using it, and here:

https://github.com/NilsIrl/MozWire/blob/trunk/src/main.rs#L442

The server.hostname variable is used, as far as I can tell from the source code this value comes directly from the server and there is no checks to verify that it doesn't contain something that might cause a path traversal (i.e. ../ ).

I have not verified this in any way, as it was annoying to untangle the oauth things in front of it.

It also feels like a very low risk vulnerability, as the software is hardcoded to go against the mozilla servers.

Heya! Awesome project!

There might be a typo in the help text for the device add subcommand. It's the same as device list:

When attempting to run mozwire relay save, an error pops up:

thread 'main' panicked at 'called Result::unwrap()on anErr value: reqwest::Error { kind: Request, url: "https://api.mullvad.net/public/relays/wireguard/v1/", source: hyper::Error(Connect, Custom { kind: Other, error: Os { code: 104, kind: ConnectionReset, message: "Connection reset by peer" } }) }', src/relay.rs:117:14

here's the stack backtrace:

   
   0: rust_begin_unwind
             at /rustc/18bf6b4f01a6feaf7259ba7cdae58031af1b7b39/library/std/src/panicking.rs:475
   
   1: core::panicking::panic_fmt
             at /rustc/18bf6b4f01a6feaf7259ba7cdae58031af1b7b39/library/core/src/panicking.rs:85
   
   2: core::option::expect_none_failed
             at /rustc/18bf6b4f01a6feaf7259ba7cdae58031af1b7b39/library/core/src/option.rs:1221
   
   3: mozwire::relay::RelayList::new
  
   4: mozwire::main

On mullvad, the following lines are added to provide the following features:

PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

Running mozwire v0.8.1 on a remote system:

$ ./mozwire --print-token --no-browser
Please visit https://vpn.mozilla.org/api/v2/vpn/login/linux?code_challenge_method=S256&code_challenge=<redacted>&port=40715.

Then visiting this URL from my browser, I get a "Sign-in successful" response with the message "Please return to the Mozilla VPN app to complete setup." But mozwire never terminates.

In fact, strace shows it isn't polling a remote endpoint, so it's not really clear to me how this works or what the expected result is?

Currently, if you have a malformed MOZ_TOKEN variable, the error that comes back is:
Format is Authorization: Bearer [token]

To me, it's not immediately obvious that there might be a problem with my token...
Maybe it would be good to add a line in that block with a more clear error message?

            if !response.status().is_success() {
                eprintln!("Token authentication failed");
                response.json::<Error>().unwrap().fail();
            }

Cheers!

https://docs.rs/clap/2.33.3/clap/struct.App.html#method.gen_completions

Hi,

I tried to build MozWire, but there is a failure regarding the type of strip in the section profile.release in the cargo.toml file

anton@antony-macbookpro MozWire % cargo install --git https://github.com/NilsIrl/MozWire.git --branch trunk Updating git repositoryhttps://github.com/NilsIrl/MozWire.git`
error: failed to parse manifest at /Users/anton/.cargo/git/checkouts/mozwire-1618045574137c89/e6bcc26/Cargo.toml

Caused by:
invalid type: unit variant, expected string only for key 'profile.release.strip'
`

Repro:

1. $ export MOZ_TOKEN=...
2. $ mozwire --print-token
3. 💥

]$ RUST_BACKTRACE=full mozwire --print-token
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: reqwest::Error { kind: Builder, source: http::Error(InvalidHeaderValue) }', src/main.rs:178:18
stack backtrace:
   0:     0x561512e8897c - <unknown>
   1:     0x561512cdaefe - <unknown>
   2:     0x561512e9d644 - <unknown>
   3:     0x561512e8874f - <unknown>
   4:     0x561512e9da1f - <unknown>
   5:     0x561512e9e651 - <unknown>
   6:     0x561512e88db4 - <unknown>
   7:     0x561512e88d16 - <unknown>
   8:     0x561512e9def1 - <unknown>
   9:     0x561512c3dee2 - <unknown>
  10:     0x561512c3e372 - <unknown>
  11:     0x561512c6c9cc - <unknown>
  12:     0x561512c4b083 - <unknown>
  13:     0x561512c7cb7a - <unknown>
  14:     0x7fe092170ace - __libc_start_call_main
  15:     0x7fe092170b89 - __libc_start_main@@GLIBC_2.34
  16:     0x561512c49795 - <unknown>
  17:                0x0 - <unknown>

Expected behavior:

I'm not sure. Perhaps an error that says that MOZ_TOKEN is currently set. Alternatively, a warning message with the typical behavior of mozwire --print-token (i.e. opening a browser).

mozwire 0.7.0 installed from cargo

Hardware: Raspberry Pi 3 Model B Rev 1.2

OS: Raspbian Lite 10 (buster)

The --port option seems to be ignored as the generated authentication url looks like it contains a randomly generated port:

pi@raspberrypi:~ $ mozwire relay save --no-browser --port 12345
Please visit https://vpn.mozilla.org/api/v2/vpn/login/linux?code_challenge_method=S256&code_challenge=ZUJinAgnW9QfBm9YnGEkjjaXsrzaxlcHVdQayB46HdQ&port=34655.

The weight can be used for that

This would preferably be done when structopt is merged into clap, i.e. when clap v3 is released

v0.8.1 is panicking when adding devices using public key. MOZ_TOKEN is set.

$ wg genkey | wg pubkey
Mf/P3SXVGNz3k6JBADa5nEKBktkdX+zu6JNRCyxJ1WM=

$ mozwire device add --pubkey Mf/P3SXVGNz3k6JBADa5nEKBktkdX+zu6JNRCyxJ1WM=
thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', src/main.rs:203:76

https://github.com/mozilla-services/guardian-vpn-windows/blob/6468995f60e76caca42a557712a5c491380865a4/test/integrations/apimock/api/openapi.yaml#L377

This is returned when the token hasn't been used in a long time and looks more like a TokenExpired error. It may also have to do with devices in that this only happens there are no devices.