Message ID | 20180219185417.19574-1-thomas@net.t-labs.tu-berlin.de |
---|---|
State | Superseded |
Delegated to: | John Crispin |
Headers | show |
Series | [LEDE-DEV] wireguard: add distinction for remote and local endpoint ip | expand |
On 19/02/18 19:54, Thomas Huehn wrote: > This patch fixes a bug when someone tries to set up a Wireguard tunnel > to an endpoint where its ip belongs to a local subnet, e.g. in a Freifunk > olsr mesh. The call of proto_add_host_dependency() is just needed in cases > where the endpoint is reachable via a default gateway but not in such cases > where the endpoint is part of a local subnet. > > Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de> Hi, this should be fixed in trunk due to a netifd update. please let us know if you are still seeing this issue. John > --- > package/network/services/wireguard/files/wireguard.sh | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/package/network/services/wireguard/files/wireguard.sh b/package/network/services/wireguard/files/wireguard.sh > index 7b18a2e0ecdb..36ed80d9e7aa 100644 > --- a/package/network/services/wireguard/files/wireguard.sh > +++ b/package/network/services/wireguard/files/wireguard.sh > @@ -16,6 +16,10 @@ fi > init_proto "$@" > } > > +is_remote_ip() { > + ip route get $1 | grep "via $(ip route | grep -m1 default | cut -d" " -f3)" > +} > + > > proto_wireguard_init_config() { > proto_config_add_string "private_key" > @@ -174,7 +178,9 @@ proto_wireguard_setup() { > sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \ > while IFS=$'\t ' read -r key address port; do > [ -n "${port}" ] || continue > - proto_add_host_dependency "${config}" "${address}" > + is_remote_ip ${address} && { > + logger -t Wireguard "no local route to endpoint - call proto_add_host_dependency()" > + proto_add_host_dependency "${config}" "${address}" > done > > proto_send_update "${config}"
diff --git a/package/network/services/wireguard/files/wireguard.sh b/package/network/services/wireguard/files/wireguard.sh index 7b18a2e0ecdb..36ed80d9e7aa 100644 --- a/package/network/services/wireguard/files/wireguard.sh +++ b/package/network/services/wireguard/files/wireguard.sh @@ -16,6 +16,10 @@ fi init_proto "$@" } +is_remote_ip() { + ip route get $1 | grep "via $(ip route | grep -m1 default | cut -d" " -f3)" +} + proto_wireguard_init_config() { proto_config_add_string "private_key" @@ -174,7 +178,9 @@ proto_wireguard_setup() { sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \ while IFS=$'\t ' read -r key address port; do [ -n "${port}" ] || continue - proto_add_host_dependency "${config}" "${address}" + is_remote_ip ${address} && { + logger -t Wireguard "no local route to endpoint - call proto_add_host_dependency()" + proto_add_host_dependency "${config}" "${address}" done proto_send_update "${config}"
This patch fixes a bug when someone tries to set up a Wireguard tunnel to an endpoint where its ip belongs to a local subnet, e.g. in a Freifunk olsr mesh. The call of proto_add_host_dependency() is just needed in cases where the endpoint is reachable via a default gateway but not in such cases where the endpoint is part of a local subnet. Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de> --- package/network/services/wireguard/files/wireguard.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)