Exclude AllowedIPs when peers can't establish a direct connection. Th…

…is allows them to connect indirectly.
k4yt3x · Sep 12, 2023 · cd5b1d3 · cd5b1d3
1 parent aac994f
commit cd5b1d3
Showing 1 changed file with 18 additions and 10 deletions.
diff --git a/wg_meshconf/database_manager.py b/wg_meshconf/database_manager.py
@@ -105,7 +105,7 @@ def init(self):
             database = self.read_database()
 
             # check values that cannot be generated automatically
-            for key in ["Address", "Endpoint"]:
+            for key in ["Address"]:
                 for peer in database["peers"]:
                     if database["peers"][peer].get(key) is None:
                         print(f"The value of {key} cannot be automatically generated")
@@ -341,6 +341,7 @@ def genconfig(self, Name: str, output: pathlib.Path):
         # for every peer in the database
         for peer in peers:
             local_peer = database["peers"][peer]
+            local_peer_endpoint = local_peer.get("Endpoint")
 
             with (output / f"{peer}.conf").open("w") as config:
                 config.write("[Interface]\n")
@@ -355,6 +356,7 @@ def genconfig(self, Name: str, output: pathlib.Path):
                 # generate [Peer] sections for all other peers
                 for p in [i for i in database["peers"] if i != peer]:
                     remote_peer = database["peers"][p]
+                    remote_peer_endpoint = remote_peer.get("Endpoint")
 
                     config.write("\n[Peer]\n")
                     config.write("# Name: {}\n".format(p))
@@ -364,22 +366,28 @@ def genconfig(self, Name: str, output: pathlib.Path):
                         )
                     )
 
-                    if remote_peer.get("Endpoint") is not None:
+                    if remote_peer_endpoint is not None:
                         config.write(
                             "Endpoint = {}:{}\n".format(
                                 remote_peer["Endpoint"],
                                 remote_peer["ListenPort"],
                             )
                         )
 
-                    if remote_peer.get("Address") is not None:
-                        if remote_peer.get("AllowedIPs") is not None:
-                            allowed_ips = ", ".join(
-                                remote_peer["Address"] + remote_peer["AllowedIPs"]
-                            )
-                        else:
-                            allowed_ips = ", ".join(remote_peer["Address"])
-                        config.write("AllowedIPs = {}\n".format(allowed_ips))
+                    peers_can_connect_directly = (
+                        remote_peer_endpoint is not None
+                        or local_peer_endpoint is not None
+                    )
+
+                    if peers_can_connect_directly:
+                        if remote_peer.get("Address") is not None:
+                            if remote_peer.get("AllowedIPs") is not None:
+                                allowed_ips = ", ".join(
+                                    remote_peer["Address"] + remote_peer["AllowedIPs"]
+                                )
+                            else:
+                                allowed_ips = ", ".join(remote_peer["Address"])
+                            config.write("AllowedIPs = {}\n".format(allowed_ips))
 
                     for key in PEER_OPTIONAL_ATTRIBUTES_REMOTE:
                         if remote_peer.get(key) is not None: