[LEDE-DEV] [PATCH] wireguard: add distinction for remote and local endpoint ip

John Crispin john at phrozen.org
Mon Apr 30 06:37:59 PDT 2018



On 19/02/18 19:54, Thomas Huehn wrote:
> This patch fixes a bug when someone tries to set up a Wireguard tunnel
> to an endpoint where its ip belongs to a local subnet, e.g. in a Freifunk
> olsr mesh. The call of proto_add_host_dependency() is just needed in cases
> where the endpoint is reachable via a default gateway but not in such cases
> where the endpoint is part of a local subnet.
>
> Signed-off-by: Thomas Huehn <thomas at net.t-labs.tu-berlin.de>
Hi,

this should be fixed in trunk due to a netifd update. please let us know 
if you are still seeing this issue.
     John

> ---
>   package/network/services/wireguard/files/wireguard.sh | 8 +++++++-
>   1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/package/network/services/wireguard/files/wireguard.sh b/package/network/services/wireguard/files/wireguard.sh
> index 7b18a2e0ecdb..36ed80d9e7aa 100644
> --- a/package/network/services/wireguard/files/wireguard.sh
> +++ b/package/network/services/wireguard/files/wireguard.sh
> @@ -16,6 +16,10 @@ fi
>     init_proto "$@"
>   }
>   
> +is_remote_ip() {
> +     ip route get $1 | grep "via $(ip route | grep -m1 default | cut -d" " -f3)"
> +}
> +
>   
>   proto_wireguard_init_config() {
>     proto_config_add_string "private_key"
> @@ -174,7 +178,9 @@ proto_wireguard_setup() {
>       sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
>       while IFS=$'\t ' read -r key address port; do
>       [ -n "${port}" ] || continue
> -    proto_add_host_dependency "${config}" "${address}"
> +    is_remote_ip ${address} && {
> +      logger -t Wireguard "no local route to endpoint - call proto_add_host_dependency()"
> +      proto_add_host_dependency "${config}" "${address}"
>     done
>   
>     proto_send_update "${config}"




More information about the Lede-dev mailing list