vpn: configure IPv6 addresses for WG clients
This commit is contained in:
parent
92e552eb76
commit
ff2246df8c
|
|
@ -28,6 +28,7 @@ def create_app(test_config=None):
|
||||||
'wg_dns': False,
|
'wg_dns': False,
|
||||||
'wg_key': '',
|
'wg_key': '',
|
||||||
'wg_net': '',
|
'wg_net': '',
|
||||||
|
'wg_net6': '',
|
||||||
'version': 0,
|
'version': 0,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,7 @@ def save_config():
|
||||||
wireguard = db.read('wireguard')
|
wireguard = db.read('wireguard')
|
||||||
for ip, key in wireguard.items():
|
for ip, key in wireguard.items():
|
||||||
ip4 = [f'{ip}/32']
|
ip4 = [f'{ip}/32']
|
||||||
ip6 = [f'{key["ip6"]}/128'] if 'ip6' in key else None
|
ip6 = [f'{key["ip6"]}/128'] if key.get('ip6') else None
|
||||||
for network in user_networks.get(key.get('user', ''), ()):
|
for network in user_networks.get(key.get('user', ''), ()):
|
||||||
if group := network_group(network):
|
if group := network_group(network):
|
||||||
ipset_add(ipsets, group, ip4, ip6)
|
ipset_add(ipsets, group, ip4, ip6)
|
||||||
|
|
@ -174,6 +174,8 @@ PrivateKey = {settings.get('wg_key')}
|
||||||
PublicKey = {data.get('key')}
|
PublicKey = {data.get('key')}
|
||||||
AllowedIPs = {ip}
|
AllowedIPs = {ip}
|
||||||
''', file=f)
|
''', file=f)
|
||||||
|
if 'ip6' in data:
|
||||||
|
print(f'AllowedIPs = {data["ip6"]}', file=f)
|
||||||
|
|
||||||
# Make a config archive in a temporary place, so we don’t send
|
# Make a config archive in a temporary place, so we don’t send
|
||||||
# incomplete tars.
|
# incomplete tars.
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
# {{ timestamp }} {{ current_user['username'] }} {{ name }}
|
# {{ timestamp }} {{ current_user['username'] }} {{ name }}
|
||||||
# PublicKey = {{ pubkey }}
|
# PublicKey = {{ pubkey }}
|
||||||
PrivateKey = # paste private key here
|
PrivateKey = # paste private key here
|
||||||
Address = {{ ip }}
|
Address = {{ ip }}{% if ip6 %}, {{ ip6 }}{% endif %}
|
||||||
{%- if dns %}
|
{%- if dns %}
|
||||||
DNS = {{ dns }}
|
DNS = {{ dns }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
|
||||||
|
|
@ -39,8 +39,11 @@ def new():
|
||||||
with db.locked():
|
with db.locked():
|
||||||
# Find a free address for the new key.
|
# Find a free address for the new key.
|
||||||
keys = db.read('wireguard')
|
keys = db.read('wireguard')
|
||||||
for ip in host.network.hosts():
|
ip6 = None
|
||||||
|
for index, ip in enumerate(host.network.hosts(), start=1):
|
||||||
if ip != host.ip and str(ip) not in keys:
|
if ip != host.ip and str(ip) not in keys:
|
||||||
|
if wg_net6 := settings.get('wg_net6'):
|
||||||
|
ip6 = (ipaddress.ip_interface(wg_net6) + index).ip
|
||||||
break
|
break
|
||||||
else:
|
else:
|
||||||
return flask.Response('no more available IP addresses', status=500, mimetype='text/plain')
|
return flask.Response('no more available IP addresses', status=500, mimetype='text/plain')
|
||||||
|
|
@ -49,6 +52,7 @@ def new():
|
||||||
|
|
||||||
keys[str(ip)] = {
|
keys[str(ip)] = {
|
||||||
'key': pubkey,
|
'key': pubkey,
|
||||||
|
'ip6': str(ip6) if ip6 else None,
|
||||||
'time': now.timestamp(),
|
'time': now.timestamp(),
|
||||||
'user': flask_login.current_user.get_id(),
|
'user': flask_login.current_user.get_id(),
|
||||||
'name': name,
|
'name': name,
|
||||||
|
|
@ -65,6 +69,7 @@ def new():
|
||||||
'server_key': server_pubkey,
|
'server_key': server_pubkey,
|
||||||
'pubkey': pubkey,
|
'pubkey': pubkey,
|
||||||
'ip': str(ip),
|
'ip': str(ip),
|
||||||
|
'ip6': str(ip6) if ip6 else None,
|
||||||
'timestamp': now,
|
'timestamp': now,
|
||||||
'name': name,
|
'name': name,
|
||||||
'dns': settings.get('wg_dns') if flask.request.json.get('use_dns', True) else False,
|
'dns': settings.get('wg_dns') if flask.request.json.get('use_dns', True) else False,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue