Fix: read WG server IP and subnet from live API instead of hardcoding 10.0.0.x

test_wg_connect_and_ping_server and the connected_peer fixture hardcoded
10.0.0.1 / 10.0.0.0/24 as the server VPN address. This breaks when the
server uses a different subnet (e.g. pic1 uses 10.0.1.1/24). Now both
read 'address' from /api/wireguard/status at session start and pass the
live server_ip / server_network through wg_server_info and connected_peer.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

tests/e2e/wg/conftest.py

@@ -39,10 +39,27 @@ def wg_server_info(admin_client, pic_host):
     except Exception:
         pass
 
+    # Server VPN IP (e.g. '10.0.0.1') and subnet (e.g. '10.0.0.0/24') from status
+    server_address = '10.0.0.1/24'
+    try:
+        server_address = admin_client.get('/api/wireguard/status').json().get('address', server_address)
+    except Exception:
+        pass
+    import ipaddress as _ip
+    try:
+        iface = _ip.ip_interface(server_address)
+        server_ip = str(iface.ip)
+        server_network = str(iface.network)
+    except Exception:
+        server_ip = '10.0.0.1'
+        server_network = '10.0.0.0/24'
+
     return {
         'public_key': server_pubkey,
         'endpoint': pic_host,
         'port': int(port),
+        'server_ip': server_ip,
+        'server_network': server_network,
     }
 
 
@@ -65,7 +82,7 @@ def connected_peer(make_peer, wg_server_info, tmp_path):
         server_pubkey=wg_server_info['public_key'],
         server_endpoint=wg_server_info['endpoint'],
         server_port=wg_server_info['port'],
-        allowed_ips='10.0.0.0/24',
+        allowed_ips=wg_server_info['server_network'],
     )
 
     # Write config with restricted permissions
@@ -78,6 +95,7 @@ def connected_peer(make_peer, wg_server_info, tmp_path):
         iface.bring_up()
         peer['iface'] = iface
         peer['conf_path'] = conf_path
+        peer['server_ip'] = wg_server_info['server_ip']
         yield peer
     finally:
         iface.bring_down()

tests/e2e/wg/test_wg_basic.py

@@ -7,8 +7,9 @@ pytestmark = pytest.mark.wg
 def test_wg_connect_and_ping_server(connected_peer):
     """Scenario 25+26: create peer, connect, ping server VPN IP."""
     iface = connected_peer['iface']
+    server_ip = connected_peer.get('server_ip', '10.0.0.1')
     assert iface.up, "WireGuard interface should be up"
-    assert iface.is_connected('10.0.0.1'), "Server VPN IP 10.0.0.1 should be reachable via WireGuard"
+    assert iface.is_connected(server_ip), f"Server VPN IP {server_ip} should be reachable via WireGuard"
 
 
 def test_wg_peer_has_assigned_ip(connected_peer):
@@ -21,8 +22,9 @@ def test_wg_peer_has_assigned_ip(connected_peer):
 def test_wg_disconnect_removes_route(connected_peer):
     """Scenario 29: after disconnect, VPN IP is not reachable."""
     iface = connected_peer['iface']
+    server_ip = connected_peer.get('server_ip', '10.0.0.1')
     iface.bring_down()
-    result = subprocess.run(['ping', '-c', '1', '-W', '2', '10.0.0.1'],
+    result = subprocess.run(['ping', '-c', '1', '-W', '2', server_ip],
                             capture_output=True, timeout=5)
     # After disconnect, ping should fail
     assert result.returncode != 0, "VPN IP should not be reachable after disconnect"