diff --git a/core/startos/src/net/tls.rs b/core/startos/src/net/tls.rs index 0a58d7085..95d25d5fe 100644 --- a/core/startos/src/net/tls.rs +++ b/core/startos/src/net/tls.rs @@ -217,10 +217,15 @@ where .write_all(&buffered) .await .with_kind(ErrorKind::Network)?; - return Ok(Some(( - metadata, - Box::pin(mid.into_stream(Arc::new(cfg)).await?) as AcceptStream, - ))); + let stream = match mid.into_stream(Arc::new(cfg)).await { + Ok(stream) => Box::pin(stream) as AcceptStream, + Err(e) => { + tracing::trace!("Error completing TLS handshake: {e}"); + tracing::trace!("{e:?}"); + return Ok(None); + } + }; + return Ok(Some((metadata, stream))); } Ok(None) diff --git a/core/startos/src/net/tunnel.rs b/core/startos/src/net/tunnel.rs index b4b89783d..f58cc17c7 100644 --- a/core/startos/src/net/tunnel.rs +++ b/core/startos/src/net/tunnel.rs @@ -39,6 +39,23 @@ pub struct AddTunnelParams { public: bool, } +fn sanitize_config(config: &str) -> String { + let mut res = String::with_capacity(config.len()); + for line in config.lines() { + if line + .trim() + .strip_prefix("AllowedIPs") + .map_or(false, |l| l.trim().starts_with("=")) + { + res.push_str("AllowedIPs = 0.0.0.0/0, ::/0"); + } else { + res.push_str(line); + } + res.push('\n'); + } + res +} + pub async fn add_tunnel( ctx: RpcContext, AddTunnelParams { @@ -86,7 +103,7 @@ pub async fn add_tunnel( let tmpdir = TmpDir::new().await?; let conf = tmpdir.join(&iface).with_extension("conf"); - write_file_atomic(&conf, &config).await?; + write_file_atomic(&conf, &sanitize_config(&config)).await?; Command::new("nmcli") .arg("connection") .arg("import")