From cd5b1d319cf4a2a7d601d847aa25f0f47029a120 Mon Sep 17 00:00:00 2001
From: dolf <rudolfbyker@gmail.com>
Date: Tue, 12 Sep 2023 08:32:16 +0200
Subject: [PATCH] Exclude AllowedIPs when peers can't establish a direct
 connection. This allows them to connect indirectly.

---
 wg_meshconf/database_manager.py | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/wg_meshconf/database_manager.py b/wg_meshconf/database_manager.py
index bc36de4..5bd63d6 100755
--- a/wg_meshconf/database_manager.py
+++ b/wg_meshconf/database_manager.py
@@ -105,7 +105,7 @@ def init(self):
             database = self.read_database()
 
             # check values that cannot be generated automatically
-            for key in ["Address", "Endpoint"]:
+            for key in ["Address"]:
                 for peer in database["peers"]:
                     if database["peers"][peer].get(key) is None:
                         print(f"The value of {key} cannot be automatically generated")
@@ -341,6 +341,7 @@ def genconfig(self, Name: str, output: pathlib.Path):
         # for every peer in the database
         for peer in peers:
             local_peer = database["peers"][peer]
+            local_peer_endpoint = local_peer.get("Endpoint")
 
             with (output / f"{peer}.conf").open("w") as config:
                 config.write("[Interface]\n")
@@ -355,6 +356,7 @@ def genconfig(self, Name: str, output: pathlib.Path):
                 # generate [Peer] sections for all other peers
                 for p in [i for i in database["peers"] if i != peer]:
                     remote_peer = database["peers"][p]
+                    remote_peer_endpoint = remote_peer.get("Endpoint")
 
                     config.write("\n[Peer]\n")
                     config.write("# Name: {}\n".format(p))
@@ -364,7 +366,7 @@ def genconfig(self, Name: str, output: pathlib.Path):
                         )
                     )
 
-                    if remote_peer.get("Endpoint") is not None:
+                    if remote_peer_endpoint is not None:
                         config.write(
                             "Endpoint = {}:{}\n".format(
                                 remote_peer["Endpoint"],
@@ -372,14 +374,20 @@ def genconfig(self, Name: str, output: pathlib.Path):
                             )
                         )
 
-                    if remote_peer.get("Address") is not None:
-                        if remote_peer.get("AllowedIPs") is not None:
-                            allowed_ips = ", ".join(
-                                remote_peer["Address"] + remote_peer["AllowedIPs"]
-                            )
-                        else:
-                            allowed_ips = ", ".join(remote_peer["Address"])
-                        config.write("AllowedIPs = {}\n".format(allowed_ips))
+                    peers_can_connect_directly = (
+                        remote_peer_endpoint is not None
+                        or local_peer_endpoint is not None
+                    )
+
+                    if peers_can_connect_directly:
+                        if remote_peer.get("Address") is not None:
+                            if remote_peer.get("AllowedIPs") is not None:
+                                allowed_ips = ", ".join(
+                                    remote_peer["Address"] + remote_peer["AllowedIPs"]
+                                )
+                            else:
+                                allowed_ips = ", ".join(remote_peer["Address"])
+                            config.write("AllowedIPs = {}\n".format(allowed_ips))
 
                     for key in PEER_OPTIONAL_ATTRIBUTES_REMOTE:
                         if remote_peer.get(key) is not None: