Fix: read WG server IP and subnet from live API instead of hardcoding 10.0.0.x

test_wg_connect_and_ping_server and the connected_peer fixture hardcoded 10.0.0.1 / 10.0.0.0/24 as the server VPN address. This breaks when the server uses a different subnet (e.g. pic1 uses 10.0.1.1/24). Now both read 'address' from /api/wireguard/status at session start and pass the live server_ip / server_network through wg_server_info and connected_peer. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-06 14:09:48 -04:00
parent e2e9c50786
commit ab6d6230dd
2 changed files with 23 additions and 3 deletions
@@ -39,10 +39,27 @@ def wg_server_info(admin_client, pic_host):
    except Exception:
        pass

+    # Server VPN IP (e.g. '10.0.0.1') and subnet (e.g. '10.0.0.0/24') from status
+    server_address = '10.0.0.1/24'
+    try:
+        server_address = admin_client.get('/api/wireguard/status').json().get('address', server_address)
+    except Exception:
+        pass
+    import ipaddress as _ip
+    try:
+        iface = _ip.ip_interface(server_address)
+        server_ip = str(iface.ip)
+        server_network = str(iface.network)
+    except Exception:
+        server_ip = '10.0.0.1'
+        server_network = '10.0.0.0/24'
+
    return {
        'public_key': server_pubkey,
        'endpoint': pic_host,
        'port': int(port),
+        'server_ip': server_ip,
+        'server_network': server_network,
    }


@@ -65,7 +82,7 @@ def connected_peer(make_peer, wg_server_info, tmp_path):
        server_pubkey=wg_server_info['public_key'],
        server_endpoint=wg_server_info['endpoint'],
        server_port=wg_server_info['port'],
-        allowed_ips='10.0.0.0/24',
+        allowed_ips=wg_server_info['server_network'],
    )

    # Write config with restricted permissions
@@ -78,6 +95,7 @@ def connected_peer(make_peer, wg_server_info, tmp_path):
        iface.bring_up()
        peer['iface'] = iface
        peer['conf_path'] = conf_path
+        peer['server_ip'] = wg_server_info['server_ip']
        yield peer
    finally:
        iface.bring_down()
@@ -7,8 +7,9 @@ pytestmark = pytest.mark.wg
 def test_wg_connect_and_ping_server(connected_peer):
    """Scenario 25+26: create peer, connect, ping server VPN IP."""
    iface = connected_peer['iface']
+    server_ip = connected_peer.get('server_ip', '10.0.0.1')
    assert iface.up, "WireGuard interface should be up"
-    assert iface.is_connected('10.0.0.1'), "Server VPN IP 10.0.0.1 should be reachable via WireGuard"
+    assert iface.is_connected(server_ip), f"Server VPN IP {server_ip} should be reachable via WireGuard"


 def test_wg_peer_has_assigned_ip(connected_peer):
@@ -21,8 +22,9 @@ def test_wg_peer_has_assigned_ip(connected_peer):
 def test_wg_disconnect_removes_route(connected_peer):
    """Scenario 29: after disconnect, VPN IP is not reachable."""
    iface = connected_peer['iface']
+    server_ip = connected_peer.get('server_ip', '10.0.0.1')
    iface.bring_down()
-    result = subprocess.run(['ping', '-c', '1', '-W', '2', '10.0.0.1'],
+    result = subprocess.run(['ping', '-c', '1', '-W', '2', server_ip],
                            capture_output=True, timeout=5)
    # After disconnect, ping should fail
    assert result.returncode != 0, "VPN IP should not be reachable after disconnect"