fix: WireGuard sysctl || true, port check on page load, add peer status tests
Root cause: sysctl -q net.ipv4.conf.all.rp_filter=0 in PostUp exited non-zero inside the linuxserver/wireguard container (no permission), causing wg-quick to tear down the wg0 interface — breaking peer status, port check, and internet access through full tunnel. - wireguard_manager.py: add || true to both sysctl PostUp/PostDown lines - docker-compose.yml: add net.ipv4.conf.all.rp_filter=0 to wireguard sysctls - WireGuard.jsx: kick off port check asynchronously on page load (was refresh-only) - tests: add TestWireGuardSysctlAndPortCheck — 14 new tests covering sysctl content, check_port_open (interface up / down / fallback-to-handshake), get_peer_status (online / offline / not-found / no-handshake), and get_all_peer_statuses (multi-peer / empty / skips interface line) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -134,11 +134,11 @@ class WireGuardManager(BaseServiceManager):
|
||||
f'PostUp = iptables -A FORWARD -i %i -j ACCEPT; '
|
||||
f'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; '
|
||||
f'{hairpin}'
|
||||
f'sysctl -q net.ipv4.conf.all.rp_filter=0\n'
|
||||
f'sysctl -q net.ipv4.conf.all.rp_filter=0 || true\n'
|
||||
f'PostDown = iptables -D FORWARD -i %i -j ACCEPT; '
|
||||
f'iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; '
|
||||
f'{hairpin_down}'
|
||||
f'sysctl -q net.ipv4.conf.all.rp_filter=1\n'
|
||||
f'sysctl -q net.ipv4.conf.all.rp_filter=1 || true\n'
|
||||
)
|
||||
|
||||
def _config_file(self) -> str:
|
||||
|
||||
Reference in New Issue
Block a user