roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: wireguard port/subnet/domain propagate to peer configs and new peer IPs

Browse Source 
Backend:
- wireguard_manager: _get_configured_port/address/network() read from wg0.conf
  instead of module-level constants; get_split_tunnel_ips() derives VPN network
  from configured Address; get_server_config() returns configured port, dns_ip,
  split_tunnel_ips, vpn_network
- add_peer() and get_peer_config() use configured port (not hardcoded 51820)
- _next_peer_ip() derives subnet from wireguard_manager._get_configured_address()
  so new peers are allocated IPs from the correct VPN range after address change
- refresh-ip and check-port API endpoints return configured port, not 51820
- PUT /api/config: when wireguard port/address changes, all peers are marked
  config_needs_reinstall so users know to re-download tunnel configs
- get_peer_config endpoint: uses configured split tunnel IPs (not hardcoded)

Frontend:
- Peers.jsx: SERVICES domains use live domain from ConfigContext; generateConfig()
  uses serverConf.dns_ip and serverConf.split_tunnel_ips; vpn_network shown in
  peer-access description; DNS hint uses live domain; server config loaded at
  mount time so it is available without re-fetching on every peer action;
  handleUpdatePeer uses /32 for server-side AllowedIPs (was incorrectly using
  full/split tunnel CIDRs which the backend rejects)
- WireGuard.jsx: generateWireGuardConfig() uses serverConfig.dns_ip,
  split_tunnel_ips from server-config API; split-tunnel description shows
  live IPs

Tests: 9 new tests in TestWireGuardConfigReads verify all config reads

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-04-21 07:47:19 -04:00
parent 5c89687fab
commit 3912452fd6
5 changed files with 198 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files
webui/src/pages/WireGuard.jsx
+6 -6
View File
@@ -181,21 +181,21 @@ function WireGuard() {
return { public_key: '', endpoint: '<SERVER_IP>:51820' };
};
const CELL_DNS = '172.20.0.3';
const SPLIT_TUNNEL_IPS = '10.0.0.0/24, 172.20.0.0/16';
const FULL_TUNNEL_IPS = '0.0.0.0/0, ::/0';
const generateWireGuardConfig = (peer, mode = tunnelMode) => {
const serverPublicKey = peer.server_public_key || "SERVER_PUBLIC_KEY_PLACEHOLDER";
const serverEndpoint = peer.server_endpoint || "YOUR_SERVER_IP:51820";
const serverEndpoint = peer.server_endpoint || serverConfig?.endpoint || "YOUR_SERVER_IP:51820";
const privateKey = peer.private_key || 'YOUR_PRIVATE_KEY_HERE';
const peerAddress = peer.ip?.includes('/') ? peer.ip : `${peer.ip}/32`;
const allowedIPs = mode === 'full' ? FULL_TUNNEL_IPS : SPLIT_TUNNEL_IPS;
const splitTunnelIPs = serverConfig?.split_tunnel_ips || '10.0.0.0/24, 172.20.0.0/16';
const allowedIPs = mode === 'full' ? FULL_TUNNEL_IPS : splitTunnelIPs;
const dnsIp = serverConfig?.dns_ip || '172.20.0.3';
return `[Interface]
PrivateKey = ${privateKey}
Address = ${peerAddress}
DNS = ${CELL_DNS}
DNS = ${dnsIp}
[Peer]
PublicKey = ${serverPublicKey}
@@ -631,7 +631,7 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
</div>
<p className="text-xs text-gray-500 mb-3">
{tunnelMode === 'split'
? 'Split tunnel: only cell services (10.0.0.0/24, 172.20.0.0/16) route through VPN — local network & internet traffic stay direct.'
? `Split tunnel: only cell services (${serverConfig?.split_tunnel_ips || '10.0.0.0/24, 172.20.0.0/16'}) route through VPN — local network & internet traffic stay direct.`
: 'Full tunnel: all traffic (internet + local) routes through VPN server.'}
</p>