lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-18 18:44:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

wireguard: improve previous

Browse Source 
Since route add with subnet will revert to a strict subnet route
two separate entries 192.168.1.1/24 and 192.168.1.2/24 will both
be added as 192.168.1.0/24 and produce the same error.

Normalize here as well and get rid of the duplicates.  It should
also fix IPv6 compression mismatches.
This commit is contained in:
Franco Fichtner 2024-02-09 09:59:12 +01:00
parent 56e5f99390
commit 0d7d48eb17
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/opnsense/scripts/Wireguard/wg-service-control.php
View File

@ -98,27 +98,31 @@ function wg_start($server, $fhandle, $ifcfgflag = 'up')
/* calculate subnets to skip because these are automatically attached by instance address */
foreach (array_filter(explode(',', (string)$server->tunneladdress)) as $alias) {
$proto = strpos($alias, ':') === false ? 'inet' : 'inet6';
$ipproto = strpos($alias, ':') === false ? 'inet' : 'inet6';
$alias = explode('/', $alias);
$routes_to_skip[$proto][] = ($proto == 'inet' ? gen_subnet($alias[0], $alias[1]) :
$alias = ($ipproto == 'inet' ? gen_subnet($alias[0], $alias[1]) :
gen_subnetv6($alias[0], $alias[1])) . "/{$alias[1]}";
$routes_to_skip[$ipproto][] = $alias;
}
foreach ((new OPNsense\Wireguard\Client())->clients->client->iterateItems() as $key => $client) {
if (empty((string)$client->enabled) || !in_array($key, $peers)) {
continue;
}
foreach (explode(',', (string)$client->tunneladdress) as $tunneladdress) {
$ipproto = strpos($tunneladdress, ":") === false ? "inet" : "inet6";
foreach (explode(',', (string)$client->tunneladdress) as $address) {
$ipproto = strpos($address, ":") === false ? "inet" : "inet6";
$address = explode('/', $address);
$address = ($ipproto == 'inet' ? gen_subnet($alias[0], $alias[1]) :
gen_subnetv6($alias[0], $alias[1])) . "/{$alias[1]}";
/* wg-quick seems to prevent /0 being routed and translates this automatically */
if (str_ends_with(trim($tunneladdress), '/0')) {
if (str_ends_with(trim($address), '/0')) {
if ($ipproto == 'inet') {
array_push($routes_to_add[$ipproto], '0.0.0.0/1', '128.0.0.0/1');
} else {
array_push($routes_to_add[$ipproto], '::/1', '8000::/1');
}
} elseif (!in_array($tunneladdress, $routes_to_skip[$ipproto])) {
$routes_to_add[$ipproto][] = $tunneladdress;
} elseif (!in_array($address, $routes_to_skip[$ipproto])) {
$routes_to_add[$ipproto][] = $address;
}
}
}