Comments (6)
@dimon222 Sure.
Proposal: if we do not let the script do this via netaddr, let the user manually specify the IP address of the interface with --address
and have this separately from what hosts are allowed (literally: routed through the interface) by using --allowed-ips
.
In my proposal, let's say I have two hosts Waldorf and Statler:
% wg-meshconf addpeer --endpoint waldorf.example.com --address 10.0.0.254/24 --address fd05:abcd:0123:f000::ffaa/64 --allowed-ips 10.0.0.0/24 --allowed-ips fd05:abcd:0123:f000::/64 waldorf
% wg-meshconf addpeer --endpoint statler.example.com --address 10.0.123.254/24 --address fd05:abcd:0123:f123::ffaa/64 --allowed-ips 10.0.123.0/24 --allowed-ips fd05:abcd:0123:f123::/64 statler
Waldorf: would generate:
[Interface]
# Name: waldorf
Address = 10.0.0.254/24, fd05:abcd:0123:f000::ffaa/64
PrivateKey = waldorfprivate
[Peer]
# Name: statler
PublicKey = statlerpublic
Endpoint = waldorf.example.com:1234
AllowedIPs = 10.0.123.0/24, fd05:abcd:0123:f123::/64
Statler:
[Interface]
# Name: statler
Address = 10.0.123.254/24, fd05:abcd:0123:f123::ffaa/64
PrivateKey = statlerprivate
[Peer]
# Name: waldorf
PublicKey = waldorfpublic
Endpoint = statler.example.com:1234
AllowedIPs = 10.0.0.0/24, fd05:abcd:0123:f000::/64
So: keep --address
for the IP(s) of the interface. Add: --allowed-ips
to add the subnet (this is what AllowedIPs is).
Note: i typed this config by hand so here's to hoping I made no mistakes.
from wg-meshconf.
Writing AllowedIP
should be the way to go.
I think AllowedIP
is supposed to be NetworkID/CIDR. 10.30.0.1 is a host address, not the network address. The network address for 10.30.0.1/24 should be 10.30.0.0. Change 10.30.0.1/24 to 10.30.0.0/24 and you should be fine.
from wg-meshconf.
Right. Well it still works, but perhaps it's a good idea to either let this script parse AllowedIP so that the address is correctly specified under [Interface]
, and the subnets are changed correctly under [Peer]
. It makes little sense to first generate configs and then edit all configs by hand. This gets tedious with many peers... I have 12. Or - option two - is to specify addresses separately from AllowedIP, this is more typing for the user, but requires fewer changes in the wg-meshconf script.
from wg-meshconf.
I thought about verifying user input with netaddr, but
- These errors are easy to fix
- Verifying netaddr requires an extra dependency
from wg-meshconf.
@voidzero
Can you provide full example config with two nodes (host and client) to show expected behaviour in details?
from wg-meshconf.
So to be painfully verbose, right now the AllowedIPs of Waldorf configures 10.0.123.254/24, fd05:abcd:0123:f123/64
, which is invalid for routing unless it specifies a /32 for an IPv4 and a /128 for a IPv6.
from wg-meshconf.
Related Issues (20)
- Pre-shared key generation HOT 5
- cannot find wg binary in mac bigsur HOT 3
- PersistentKeepalive arguments HOT 4
- Prerequisites for Debian Stretch HOT 8
- What is the status/future of wg-meshconf ? Is it considered ready for use? HOT 2
- The future of wg-dynamic HOT 1
- Output is created in `site-packages` under `venv` HOT 3
- Adding new Hosts via Excel not working HOT 13
- In README it would help to indicate which commands need to be executed as sudo and which as a normal User HOT 1
- Why is Endpoint mandatory? HOT 4
- three node mesh trouble... HOT 5
- Bug: `PersistentKeepalive` is added to the wrong side. HOT 6
- Relay servers HOT 3
- method of using multiple servers? HOT 1
- Multiple preup, postup, predown, postdown commands HOT 2
- Error with csv HOT 1
- Is it possible for wg-meshconf to offer exit-node? HOT 4
- Description Field HOT 8
- new profile fails HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wg-meshconf.