Peer interface address should match server's prefix length (#177)

h44z · Oct 19, 2023 · 4c061a1 · 4c061a1
1 parent 40cfcd6
commit 4c061a1
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 5 deletions.
diff --git a/internal/app/wireguard/wireguard_interfaces.go b/internal/app/wireguard/wireguard_interfaces.go
@@ -644,7 +644,7 @@ func (m Manager) importPeer(ctx context.Context, in *domain.Interface, p *domain
 	peer.InterfaceIdentifier = in.Identifier
 	peer.EndpointPublicKey = domain.StringConfigOption{Value: in.PublicKey, Overridable: true}
 	peer.AllowedIPsStr = domain.StringConfigOption{Value: in.PeerDefAllowedIPsStr, Overridable: true}
-	peer.Interface.Addresses = p.AllowedIPs // use allowed IP's as the peer IP's
+	peer.Interface.Addresses = p.AllowedIPs // use allowed IP's as the peer IP's TODO: Should this also match server interface address' prefix length?
 	peer.Interface.DnsStr = domain.StringConfigOption{Value: in.PeerDefDnsStr, Overridable: true}
 	peer.Interface.DnsSearchStr = domain.StringConfigOption{Value: in.PeerDefDnsSearchStr, Overridable: true}
 	peer.Interface.Mtu = domain.IntConfigOption{Value: in.PeerDefMtu, Overridable: true}

diff --git a/internal/app/wireguard/wireguard_peers.go b/internal/app/wireguard/wireguard_peers.go
@@ -310,8 +310,9 @@ func (m Manager) getFreshPeerIpConfig(ctx context.Context, iface *domain.Interfa
 		for {
 			ipConflict := false
 			for _, usedIp := range existingIps[network] {
-				if usedIp == ip {
+				if usedIp.Addr == ip.Addr {
 					ipConflict = true
+					break
 				}
 			}
 
@@ -326,7 +327,7 @@ func (m Manager) getFreshPeerIpConfig(ctx context.Context, iface *domain.Interfa
 			}
 		}
 
-		ips = append(ips, ip.HostAddr())
+		ips = append(ips, ip)
 	}
 
 	return

diff --git a/internal/domain/interface.go b/internal/domain/interface.go
@@ -103,7 +103,9 @@ func (i *Interface) GetAllowedIPs(peers []Peer) []Cidr {
 	var allowedCidrs []Cidr
 
 	for _, peer := range peers {
-		allowedCidrs = append(allowedCidrs, peer.Interface.Addresses...)
+		for _, ip := range peer.Interface.Addresses {
+			allowedCidrs = append(allowedCidrs, ip.HostAddr())
+		}
 		if peer.ExtraAllowedIPsStr != "" {
 			extraIPs, err := CidrsFromString(peer.ExtraAllowedIPsStr)
 			if err == nil {

diff --git a/internal/domain/peer.go b/internal/domain/peer.go
@@ -228,7 +228,10 @@ func MergeToPhysicalPeer(pp *PhysicalPeer, p *Peer) {
 		extraAllowedIPs, _ := CidrsFromString(p.ExtraAllowedIPsStr)
 		pp.AllowedIPs = append(allowedIPs, extraAllowedIPs...)
 	} else {
-		allowedIPs := p.Interface.Addresses
+		allowedIPs := make([]Cidr, len(p.Interface.Addresses))
+		for i, ip := range p.Interface.Addresses {
+			allowedIPs[i] = ip.HostAddr()
+		}
 		extraAllowedIPs, _ := CidrsFromString(p.ExtraAllowedIPsStr)
 		pp.AllowedIPs = append(allowedIPs, extraAllowedIPs...)
 	}