Add bindToWildcard local.conf option.

service/OneService.cpp

@@ -565,6 +565,7 @@ public:
 			}
 
 			// Read local configuration
+			bool bindToWildcard = false;
 			{
 				std::map<InetAddress,ZT_PhysicalPathConfiguration> ppc;
 
@@ -626,12 +627,15 @@ public:
 					}
 				}
 
-				// Allow controller DB path to be put somewhere else
 				json &settings = _localConfig["settings"];
 				if (settings.is_object()) {
+					// Allow controller DB path to be put somewhere else
 					const std::string cdbp(OSUtils::jsonString(settings["controllerDbPath"],""));
 					if (cdbp.length() > 0)
 						_controllerDbPath = cdbp;
+
+					// Bind to wildcard instead of to specific interfaces (disables full tunnel capability)
+					bindToWildcard = OSUtils::jsonBool(settings["bindToWildcard"],false);
 				}
 
 				// Set trusted paths if there are any
@@ -801,7 +805,7 @@ public:
 						if (_ports[i])
 							p[pc++] = _ports[i];
 					}
-					_binder.refresh(_phy,p,pc,*this);
+					_binder.refresh(_phy,p,pc,bindToWildcard,*this);
 					{
 						Mutex::Lock _l(_nets_m);
 						for(std::map<uint64_t,NetworkState>::iterator n(_nets.begin());n!=_nets.end();++n) {

service/README.md

@@ -31,7 +31,8 @@ Settings available in `local.conf` (this is not valid JSON, and JSON does not al
 		"softwareUpdateChannel": "release"|"beta", /* Software update channel */
 		"softwareUpdateDist": true|false, /* If true, distribute software updates (only really useful to ZeroTier, Inc. itself, default is false) */
 		"interfacePrefixBlacklist": [ "XXX",... ], /* Array of interface name prefixes (e.g. eth for eth#) to blacklist for ZT traffic */
-		"allowManagementFrom": "NETWORK/bits"|null /* If non-NULL, allow JSON/HTTP management from this IP network. Default is 127.0.0.1 only. */
+		"allowManagementFrom": "NETWORK/bits"|null, /* If non-NULL, allow JSON/HTTP management from this IP network. Default is 127.0.0.1 only. */
+		"bindToWildcard": true|false /* If true, bind to wildcard e.g. 0.0.0.0 instead of per interface */
 	}
 }
 ```