[LEDE-DEV] [PATCH] wireguard: add distinction for remote and local endpoint ip
John Crispin
john at phrozen.org
Mon Apr 30 06:37:59 PDT 2018
On 19/02/18 19:54, Thomas Huehn wrote:
> This patch fixes a bug when someone tries to set up a Wireguard tunnel
> to an endpoint where its ip belongs to a local subnet, e.g. in a Freifunk
> olsr mesh. The call of proto_add_host_dependency() is just needed in cases
> where the endpoint is reachable via a default gateway but not in such cases
> where the endpoint is part of a local subnet.
>
> Signed-off-by: Thomas Huehn <thomas at net.t-labs.tu-berlin.de>
Hi,
this should be fixed in trunk due to a netifd update. please let us know
if you are still seeing this issue.
John
> ---
> package/network/services/wireguard/files/wireguard.sh | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/package/network/services/wireguard/files/wireguard.sh b/package/network/services/wireguard/files/wireguard.sh
> index 7b18a2e0ecdb..36ed80d9e7aa 100644
> --- a/package/network/services/wireguard/files/wireguard.sh
> +++ b/package/network/services/wireguard/files/wireguard.sh
> @@ -16,6 +16,10 @@ fi
> init_proto "$@"
> }
>
> +is_remote_ip() {
> + ip route get $1 | grep "via $(ip route | grep -m1 default | cut -d" " -f3)"
> +}
> +
>
> proto_wireguard_init_config() {
> proto_config_add_string "private_key"
> @@ -174,7 +178,9 @@ proto_wireguard_setup() {
> sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
> while IFS=$'\t ' read -r key address port; do
> [ -n "${port}" ] || continue
> - proto_add_host_dependency "${config}" "${address}"
> + is_remote_ip ${address} && {
> + logger -t Wireguard "no local route to endpoint - call proto_add_host_dependency()"
> + proto_add_host_dependency "${config}" "${address}"
> done
>
> proto_send_update "${config}"
More information about the Lede-dev
mailing list