roof/pic - pic - Gitea: Git with a cup of tea

roof/pic

Fork 0

Commit Graph

Author	SHA1	Message	Date
roof	9418c3da5b	feat: restore WireGuard peers after bootstrap and add VPN routing tests apply_config() now calls _load_registered_peers() when wg0.conf is empty so all active peers from peers.json are written back into the config file after a bootstrap — preventing clients from losing tunnel access after an API restart that regenerated wg0.conf from scratch. Adds test_wireguard_vpn_routing.py (36 tests) covering: - generate_config() PostUp/PostDown rules enabling internet forwarding (MASQUERADE + FORWARD ACCEPT required for internet-through-VPN) - get_peer_config() DNS field pointing to cell-dns for domain resolution - apply_config() bootstrap peer restoration from peers.json - _load_registered_peers() filtering (inactive, missing fields, malformed) - add_peer() /32 AllowedIPs enforcement to prevent route leaks Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 15:33:57 -04:00

Author

SHA1

Message

Date

roof

9418c3da5b

feat: restore WireGuard peers after bootstrap and add VPN routing tests

apply_config() now calls _load_registered_peers() when wg0.conf is empty
so all active peers from peers.json are written back into the config file
after a bootstrap — preventing clients from losing tunnel access after
an API restart that regenerated wg0.conf from scratch.

Adds test_wireguard_vpn_routing.py (36 tests) covering:
- generate_config() PostUp/PostDown rules enabling internet forwarding
  (MASQUERADE + FORWARD ACCEPT required for internet-through-VPN)
- get_peer_config() DNS field pointing to cell-dns for domain resolution
- apply_config() bootstrap peer restoration from peers.json
- _load_registered_peers() filtering (inactive, missing fields, malformed)
- add_peer() /32 AllowedIPs enforcement to prevent route leaks

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-26 15:33:57 -04:00

1 Commits