Change allowed ips to postup and postdown

This commit is contained in:
LilyRose2798 2024-04-17 01:39:21 +10:00
parent c392dd081a
commit fc228fd4dd
1 changed files with 16 additions and 6 deletions

View File

@ -91,17 +91,24 @@ def generate_wg_configs(config: WovenConfig):
key_b = WireguardKey.generate() key_b = WireguardKey.generate()
key_b_pub = key_b.public_key() key_b_pub = key_b.public_key()
name_a = f"{id_a}-{id_b}-loop"
name_b = f"{id_b}-{id_a}-loop"
config_a = WireguardConfig( config_a = WireguardConfig(
addresses = [ipv4_a, ipv6_a], addresses = [ipv4_a, ipv6_a],
listen_port = port, listen_port = port,
private_key = key_a, private_key = key_a,
table = False, table = False,
preup=[f"ip ro add {node_b.listen_address}/32 dev {node_a.interface_name} via {node_a.listen_gateway} metric 10 src {node_a.listen_address}"], preup = [f"ip ro add {node_b.listen_address}/32 dev {node_a.interface_name} via {node_a.listen_gateway} metric 10 src {node_a.listen_address}"],
predown=[f"ip ro del {node_b.listen_address}/32 dev {node_a.interface_name} via {node_a.listen_gateway} metric 10 src {node_a.listen_address}"], predown = [f"ip ro del {node_b.listen_address}/32 dev {node_a.interface_name} via {node_a.listen_gateway} metric 10 src {node_a.listen_address}"],
postup = [f"ip ro add {sn} dev {name_a} via {ipv4_b} metric 10" for sn in node_b.routed_ipv4_subnets] +
[f"ip -6 ro add {sn} dev {name_a} via {ipv6_b} metric 10" for sn in node_b.routed_ipv6_subnets],
postdown = [f"ip ro del {sn} dev {name_a} via {ipv4_b} metric 10" for sn in node_b.routed_ipv4_subnets] +
[f"ip -6 ro del {sn} dev {name_a} via {ipv6_b} metric 10" for sn in node_b.routed_ipv6_subnets],
peers = { peers = {
key_b_pub: WireguardPeer( key_b_pub: WireguardPeer(
public_key = key_b_pub, public_key = key_b_pub,
allowed_ips = node_b.routed_ipv4_subnets + node_b.routed_ipv6_subnets, allowed_ips = ["0.0.0.0/0", "::/0"],
endpoint_host = node_b.listen_address, endpoint_host = node_b.listen_address,
endpoint_port = port, endpoint_port = port,
persistent_keepalive = 20 persistent_keepalive = 20
@ -116,10 +123,14 @@ def generate_wg_configs(config: WovenConfig):
table = False, table = False,
preup=[f"ip ro add {node_a.listen_address}/32 dev {node_b.interface_name} via {node_b.listen_gateway} metric 10 src {node_b.listen_address}"], preup=[f"ip ro add {node_a.listen_address}/32 dev {node_b.interface_name} via {node_b.listen_gateway} metric 10 src {node_b.listen_address}"],
predown=[f"ip ro del {node_a.listen_address}/32 dev {node_b.interface_name} via {node_b.listen_gateway} metric 10 src {node_b.listen_address}"], predown=[f"ip ro del {node_a.listen_address}/32 dev {node_b.interface_name} via {node_b.listen_gateway} metric 10 src {node_b.listen_address}"],
postup = [f"ip ro add {sn} dev {name_b} via {ipv4_a} metric 10" for sn in node_a.routed_ipv4_subnets] +
[f"ip -6 ro add {sn} dev {name_b} via {ipv6_a} metric 10" for sn in node_a.routed_ipv6_subnets],
postdown = [f"ip ro del {sn} dev {name_b} via {ipv4_a} metric 10" for sn in node_a.routed_ipv4_subnets] +
[f"ip -6 ro del {sn} dev {name_b} via {ipv6_a} metric 10" for sn in node_a.routed_ipv6_subnets],
peers = { peers = {
key_a_pub: WireguardPeer( key_a_pub: WireguardPeer(
public_key = key_a_pub, public_key = key_a_pub,
allowed_ips = node_a.routed_ipv4_subnets + node_a.routed_ipv6_subnets, allowed_ips = ["0.0.0.0/0", "::/0"],
endpoint_host = node_a.listen_address, endpoint_host = node_a.listen_address,
endpoint_port = port, endpoint_port = port,
persistent_keepalive = 20 persistent_keepalive = 20
@ -127,11 +138,10 @@ def generate_wg_configs(config: WovenConfig):
} }
) )
name_a = f"{id_a}-{id_b}-loop"
cs[id_a].put(StringIO(config_a.to_wgconfig(wgquick_format = True)), f"/etc/wireguard/{name_a}.conf") cs[id_a].put(StringIO(config_a.to_wgconfig(wgquick_format = True)), f"/etc/wireguard/{name_a}.conf")
# cs[id_a].run(f"systemctl start wg-quick@{name_a}.service") # cs[id_a].run(f"systemctl start wg-quick@{name_a}.service")
name_b = f"{id_b}-{id_a}-loop"
cs[id_b].put(StringIO(config_b.to_wgconfig(wgquick_format = True)), f"/etc/wireguard/{name_b}.conf") cs[id_b].put(StringIO(config_b.to_wgconfig(wgquick_format = True)), f"/etc/wireguard/{name_b}.conf")
# cs[id_b].run(f"systemctl start wg-quick@{name_b}.service") # cs[id_b].run(f"systemctl start wg-quick@{name_b}.service")