From f596f6b8334c6270d249bac0ccd90b7e1622e572 Mon Sep 17 00:00:00 2001 From: mwiegand Date: Sun, 10 Oct 2021 15:13:31 +0200 Subject: [PATCH] wip --- bin/wireguard_client_config | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/bin/wireguard_client_config b/bin/wireguard_client_config index 37c2b0f..7a77d6b 100755 --- a/bin/wireguard_client_config +++ b/bin/wireguard_client_config @@ -10,18 +10,15 @@ repo = Repository(dirname(dirname(realpath(__file__)))) server_node = repo.get_node('htz.mails') data = server_node.metadata.get(f'wireguard/clients/{argv[1]}') -sortable_client_routes = [ +vpn_network = ip_interface(server_node.metadata.get('wireguard/my_ip')).network +allowed_ips = [ + vpn_network, ip_interface(server_node.metadata.get('network/internal/ipv4')).network, ] for peer in server_node.metadata.get('wireguard/s2s').values(): for network in peer['allowed_ips']: - sortable_client_routes.append(ip_network(network)) - -client_routes = [ - ip_interface(server_node.metadata.get('wireguard/my_ip')).ip, - ip_interface(server_node.metadata.get('wireguard/my_ip')).network, - *sorted(sortable_client_routes), -] + if not ip_network(network).subnet_of(vpn_network): + allowed_ips.append(ip_network(network)) print( f'''[Interface] @@ -33,7 +30,7 @@ DNS = 8.8.8.8 [Peer] PublicKey = {repo.libs.wireguard.pubkey(server_node.metadata.get('id'))} PresharedKey = {repo.libs.wireguard.psk(data['peer_id'], server_node.metadata.get('id'))} -AllowedIPs = {', '.join(str(client_route) for client_route in client_routes)} +AllowedIPs = {', '.join(str(client_route) for client_route in sorted(allowed_ips))} Endpoint = {ip_interface(server_node.metadata.get('network/external/ipv4')).ip}:51820 PersistentKeepalive = 10''' )