Merge pull request #60 from aramperes/patch/boringtun-0.6

2025-09-08 07:18:32 -04:00 · 2023-12-24 14:45:45 -05:00 · 2023-12-24 14:45:45 -05:00 · 5fd28164b5
commit 5fd28164b5
parent 91e6c79832 1d703facc0
4 changed files with 338 additions and 82 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -17,6 +17,16 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"

+[[package]]
+name = "aead"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0"
+dependencies = [
+ "crypto-common",
+ "generic-array",
+]
+
 [[package]]
 name = "aho-corasick"
 version = "1.1.2"
@ -111,21 +121,45 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07"

 [[package]]
-name = "boringtun"
-version = "0.4.0"
+name = "blake2"
+version = "0.10.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bcaf3e6d388237249ec234ec6890bfc68634043f9b048011de8d0fc0025c3698"
+checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
 dependencies = [
+ "digest",
+]
+
+[[package]]
+name = "block-buffer"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "boringtun"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "751787b019c674b9ac353f4eaa285e6711c21badb421cd8c199bf2c83b727f29"
+dependencies = [
+ "aead",
 "base64",
+ "blake2",
+ "chacha20poly1305",
 "hex",
+ "hmac",
 "ip_network",
 "ip_network_table",
- "jni",
 "libc",
+ "nix",
 "parking_lot",
+ "rand_core",
 "ring",
 "tracing",
 "untrusted 0.9.0",
+ "x25519-dalek",
 ]

 [[package]]
@ -155,18 +189,47 @@ dependencies = [
 "libc",
 ]

-[[package]]
-name = "cesu8"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"
-
 [[package]]
 name = "cfg-if"
 version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"

+[[package]]
+name = "chacha20"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818"
+dependencies = [
+ "cfg-if",
+ "cipher",
+ "cpufeatures",
+]
+
+[[package]]
+name = "chacha20poly1305"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35"
+dependencies = [
+ "aead",
+ "chacha20",
+ "cipher",
+ "poly1305",
+ "zeroize",
+]
+
+[[package]]
+name = "cipher"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
+dependencies = [
+ "crypto-common",
+ "inout",
+ "zeroize",
+]
+
 [[package]]
 name = "clap"
 version = "4.4.11"
@ -195,13 +258,50 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1"

 [[package]]
-name = "combine"
-version = "4.6.6"
+name = "cpufeatures"
+version = "0.2.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35ed6e9d84f0b51a7f52daf1c7d71dd136fd7a3f41a8462b8cdb8c78d920fad4"
+checksum = "ce420fe07aecd3e67c5f910618fe65e94158f6dcc0adf44e00d69ce2bdfe0fd0"
 dependencies = [
- "bytes",
- "memchr",
+ "libc",
+]
+
+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "rand_core",
+ "typenum",
+]
+
+[[package]]
+name = "curve25519-dalek"
+version = "4.0.0-rc.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "436ace70fc06e06f7f689d2624dc4e2f0ea666efb5aa704215f7249ae6e047a7"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "curve25519-dalek-derive",
+ "fiat-crypto",
+ "platforms",
+ "rustc_version",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "curve25519-dalek-derive"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.41",
 ]

 [[package]]
@ -236,6 +336,17 @@ dependencies = [
 "thiserror",
 ]

+[[package]]
+name = "digest"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+dependencies = [
+ "block-buffer",
+ "crypto-common",
+ "subtle",
+]
+
 [[package]]
 name = "env_logger"
 version = "0.7.1"
@ -259,6 +370,12 @@ dependencies = [
 "windows-sys 0.52.0",
 ]

+[[package]]
+name = "fiat-crypto"
+version = "0.1.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77"
+
 [[package]]
 name = "futures"
 version = "0.3.29"
@ -348,6 +465,16 @@ dependencies = [
 "slab",
 ]

+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
 [[package]]
 name = "getrandom"
 version = "0.2.11"
@ -411,6 +538,15 @@ version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"

+[[package]]
+name = "hmac"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
+dependencies = [
+ "digest",
+]
+
 [[package]]
 name = "humantime"
 version = "1.3.0"
@ -430,6 +566,15 @@ dependencies = [
 "hashbrown",
 ]

+[[package]]
+name = "inout"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "ip_network"
 version = "0.4.1"
@ -452,26 +597,6 @@ version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e537132deb99c0eb4b752f0346b6a836200eaaa3516dd7e5514b63930a09e5d"

-[[package]]
-name = "jni"
-version = "0.19.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6df18c2e3db7e453d3c6ac5b3e9d5182664d28788126d39b91f2d1e22b017ec"
-dependencies = [
- "cesu8",
- "combine",
- "jni-sys",
- "log",
- "thiserror",
- "walkdir",
-]
-
-[[package]]
-name = "jni-sys"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130"
-
 [[package]]
 name = "js-sys"
 version = "0.3.66"
@ -547,6 +672,18 @@ dependencies = [
 "windows-sys 0.48.0",
 ]

+[[package]]
+name = "nix"
+version = "0.25.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f346ff70e7dbfd675fe90590b92d59ef2de15a8779ae305ebcbfd3f0caf59be4"
+dependencies = [
+ "autocfg",
+ "bitflags 1.3.2",
+ "cfg-if",
+ "libc",
+]
+
 [[package]]
 name = "nom"
 version = "7.1.3"
@ -604,6 +741,12 @@ dependencies = [
 "tracing",
 ]

+[[package]]
+name = "opaque-debug"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
+
 [[package]]
 name = "parking_lot"
 version = "0.12.1"
@ -639,6 +782,23 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"

+[[package]]
+name = "platforms"
+version = "3.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "14e6ab3f592e6fb464fc9712d8d6e6912de6473954635fd76a589d832cffcbb0"
+
+[[package]]
+name = "poly1305"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf"
+dependencies = [
+ "cpufeatures",
+ "opaque-debug",
+ "universal-hash",
+]
+
 [[package]]
 name = "ppv-lite86"
 version = "0.2.17"
@ -802,6 +962,15 @@ version = "0.1.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"

+[[package]]
+name = "rustc_version"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366"
+dependencies = [
+ "semver",
+]
+
 [[package]]
 name = "rustix"
 version = "0.38.28"
@ -815,21 +984,38 @@ dependencies = [
 "windows-sys 0.52.0",
 ]

-[[package]]
-name = "same-file"
-version = "1.0.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
-dependencies = [
- "winapi-util",
-]
-
 [[package]]
 name = "scopeguard"
 version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"

+[[package]]
+name = "semver"
+version = "1.0.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090"
+
+[[package]]
+name = "serde"
+version = "1.0.193"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.193"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.41",
+]
+
 [[package]]
 name = "slab"
 version = "0.4.9"
@ -888,6 +1074,12 @@ version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"

+[[package]]
+name = "subtle"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
+
 [[package]]
 name = "syn"
 version = "1.0.109"
@ -1008,12 +1200,28 @@ dependencies = [
 "once_cell",
 ]

+[[package]]
+name = "typenum"
+version = "1.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
+
 [[package]]
 name = "unicode-ident"
 version = "1.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"

+[[package]]
+name = "universal-hash"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea"
+dependencies = [
+ "crypto-common",
+ "subtle",
+]
+
 [[package]]
 name = "untrusted"
 version = "0.7.1"
@ -1032,16 +1240,6 @@ version = "0.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"

-[[package]]
-name = "walkdir"
-version = "2.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee"
-dependencies = [
- "same-file",
- "winapi-util",
-]
-
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
@ -1274,3 +1472,35 @@ name = "windows_x86_64_msvc"
 version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04"
+
+[[package]]
+name = "x25519-dalek"
+version = "2.0.0-rc.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec7fae07da688e17059d5886712c933bb0520f15eff2e09cfa18e30968f4e63a"
+dependencies = [
+ "curve25519-dalek",
+ "rand_core",
+ "serde",
+ "zeroize",
+]
+
+[[package]]
+name = "zeroize"
+version = "1.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
+dependencies = [
+ "zeroize_derive",
+]
+
+[[package]]
+name = "zeroize_derive"
+version = "1.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.41",
+]
--- a/Cargo.toml
+++ b/Cargo.toml
@ -11,7 +11,7 @@ repository = "https://github.com/aramperes/onetun"

 [dependencies]
 # Required dependencies (bin and lib)
-boringtun = { version = "0.4.0", default-features = false }
+boringtun = { version = "0.6.0", default-features = false }
 log = "0.4"
 anyhow = "1"
 tokio = { version = "1", features = [ "rt", "sync", "io-util", "net", "time", "fs", "macros" ] }
--- a/src/config.rs
+++ b/src/config.rs
@ -5,18 +5,18 @@ use std::fs::read_to_string;
 use std::net::{IpAddr, SocketAddr, ToSocketAddrs};
 use std::sync::Arc;

-use anyhow::Context;
-pub use boringtun::crypto::{X25519PublicKey, X25519SecretKey};
+use anyhow::{bail, Context};
+pub use boringtun::x25519::{PublicKey, StaticSecret};

 const DEFAULT_PORT_FORWARD_SOURCE: &str = "127.0.0.1";

-#[derive(Clone, Debug)]
+#[derive(Clone)]
 pub struct Config {
    pub port_forwards: Vec<PortForwardConfig>,
    #[allow(dead_code)]
    pub remote_port_forwards: Vec<PortForwardConfig>,
-    pub private_key: Arc<X25519SecretKey>,
-    pub endpoint_public_key: Arc<X25519PublicKey>,
+    pub private_key: Arc<StaticSecret>,
+    pub endpoint_public_key: Arc<PublicKey>,
    pub preshared_key: Option<[u8; 32]>,
    pub endpoint_addr: SocketAddr,
    pub endpoint_bind_addr: SocketAddr,
@ -305,24 +305,33 @@ fn parse_ip(s: Option<&String>) -> anyhow::Result<IpAddr> {
        .with_context(|| "Invalid IP address")
 }

-fn parse_private_key(s: &str) -> anyhow::Result<X25519SecretKey> {
-    s.parse::<X25519SecretKey>()
-        .map_err(|e| anyhow::anyhow!("{}", e))
+fn parse_private_key(s: &str) -> anyhow::Result<StaticSecret> {
+    let decoded = base64::decode(s).with_context(|| "Failed to decode private key")?;
+    if let Ok::<[u8; 32], _>(bytes) = decoded.try_into() {
+        Ok(StaticSecret::from(bytes))
+    } else {
+        bail!("Invalid private key")
+    }
 }

-fn parse_public_key(s: Option<&String>) -> anyhow::Result<X25519PublicKey> {
-    s.with_context(|| "Missing public key")?
-        .parse::<X25519PublicKey>()
-        .map_err(|e| anyhow::anyhow!("{}", e))
-        .with_context(|| "Invalid public key")
+fn parse_public_key(s: Option<&String>) -> anyhow::Result<PublicKey> {
+    let encoded = s.with_context(|| "Missing public key")?;
+    let decoded = base64::decode(encoded).with_context(|| "Failed to decode public key")?;
+    if let Ok::<[u8; 32], _>(bytes) = decoded.try_into() {
+        Ok(PublicKey::from(bytes))
+    } else {
+        bail!("Invalid public key")
+    }
 }

 fn parse_preshared_key(s: Option<&String>) -> anyhow::Result<Option<[u8; 32]>> {
    if let Some(s) = s {
-        let psk = base64::decode(s).with_context(|| "Invalid pre-shared key")?;
-        Ok(Some(psk.try_into().map_err(|_| {
-            anyhow::anyhow!("Unsupported pre-shared key")
-        })?))
+        let decoded = base64::decode(s).with_context(|| "Failed to decode preshared key")?;
+        if let Ok::<[u8; 32], _>(bytes) = decoded.try_into() {
+            Ok(Some(bytes))
+        } else {
+            bail!("Invalid preshared key")
+        }
    } else {
        Ok(None)
    }
--- a/src/wg.rs
+++ b/src/wg.rs
@ -9,6 +9,7 @@ use boringtun::noise::{Tunn, TunnResult};
 use log::Level;
 use smoltcp::wire::{IpProtocol, IpVersion, Ipv4Packet, Ipv6Packet};
 use tokio::net::UdpSocket;
+use tokio::sync::Mutex;

 use crate::config::{Config, PortProtocol};
 use crate::events::Event;
@ -23,7 +24,7 @@ const MAX_PACKET: usize = 65536;
 pub struct WireGuardTunnel {
    pub(crate) source_peer_ip: IpAddr,
    /// `boringtun` peer/tunnel implementation, used for crypto & WG protocol.
-    peer: Box<Tunn>,
+    peer: Mutex<Box<Tunn>>,
    /// The UDP socket for the public WireGuard endpoint to connect to.
    udp: UdpSocket,
    /// The address of the public WireGuard endpoint (UDP).
@ -36,7 +37,7 @@ impl WireGuardTunnel {
    /// Initialize a new WireGuard tunnel.
    pub async fn new(config: &Config, bus: Bus) -> anyhow::Result<Self> {
        let source_peer_ip = config.source_peer_ip;
-        let peer = Self::create_tunnel(config)?;
+        let peer = Mutex::new(Box::new(Self::create_tunnel(config)?));
        let endpoint = config.endpoint_addr;
        let udp = UdpSocket::bind(config.endpoint_bind_addr)
            .await
@ -55,7 +56,11 @@ impl WireGuardTunnel {
    pub async fn send_ip_packet(&self, packet: &[u8]) -> anyhow::Result<()> {
        trace_ip_packet("Sending IP packet", packet);
        let mut send_buf = [0u8; MAX_PACKET];
-        match self.peer.encapsulate(packet, &mut send_buf) {
+        let encapsulate_result = {
+            let mut peer = self.peer.lock().await;
+            peer.encapsulate(packet, &mut send_buf)
+        };
+        match encapsulate_result {
            TunnResult::WriteToNetwork(packet) => {
                self.udp
                    .send_to(packet, self.endpoint)
@ -104,7 +109,7 @@ impl WireGuardTunnel {

        loop {
            let mut send_buf = [0u8; MAX_PACKET];
-            let tun_result = self.peer.update_timers(&mut send_buf);
+            let tun_result = { self.peer.lock().await.update_timers(&mut send_buf) };
            self.handle_routine_tun_result(tun_result).await;
        }
    }
@ -131,7 +136,11 @@ impl WireGuardTunnel {
                warn!("Wireguard handshake has expired!");

                let mut buf = vec![0u8; MAX_PACKET];
-                let result = self.peer.format_handshake_initiation(&mut buf[..], false);
+                let result = self
+                    .peer
+                    .lock()
+                    .await
+                    .format_handshake_initiation(&mut buf[..], false);

                self.handle_routine_tun_result(result).await
            }
@ -172,7 +181,11 @@ impl WireGuardTunnel {
            };

            let data = &recv_buf[..size];
-            match self.peer.decapsulate(None, data, &mut send_buf) {
+            let decapsulate_result = {
+                let mut peer = self.peer.lock().await;
+                peer.decapsulate(None, data, &mut send_buf)
+            };
+            match decapsulate_result {
                TunnResult::WriteToNetwork(packet) => {
                    match self.udp.send_to(packet, self.endpoint).await {
                        Ok(_) => {}
@ -181,9 +194,10 @@ impl WireGuardTunnel {
                            continue;
                        }
                    };
+                    let mut peer = self.peer.lock().await;
                    loop {
                        let mut send_buf = [0u8; MAX_PACKET];
-                        match self.peer.decapsulate(None, &[], &mut send_buf) {
+                        match peer.decapsulate(None, &[], &mut send_buf) {
                            TunnResult::WriteToNetwork(packet) => {
                                match self.udp.send_to(packet, self.endpoint).await {
                                    Ok(_) => {}
@ -217,10 +231,13 @@ impl WireGuardTunnel {
        }
    }

-    fn create_tunnel(config: &Config) -> anyhow::Result<Box<Tunn>> {
+    fn create_tunnel(config: &Config) -> anyhow::Result<Tunn> {
+        let private = config.private_key.as_ref().clone();
+        let public = *config.endpoint_public_key.as_ref();
+
        Tunn::new(
-            config.private_key.clone(),
-            config.endpoint_public_key.clone(),
+            private,
+            public,
            config.preshared_key,
            config.keepalive_seconds,
            0,