[LEDE-DEV] wireguard: add distinction for remote and local endpoint ip

Message ID 20180219185417.19574-1-thomas@net.t-labs.tu-berlin.de
State Superseded
Delegated to: John Crispin
Headers show
Series
  • [LEDE-DEV] wireguard: add distinction for remote and local endpoint ip
Related show

Commit Message

Thomas Huehn Feb. 19, 2018, 6:54 p.m.
This patch fixes a bug when someone tries to set up a Wireguard tunnel
to an endpoint where its ip belongs to a local subnet, e.g. in a Freifunk
olsr mesh. The call of proto_add_host_dependency() is just needed in cases
where the endpoint is reachable via a default gateway but not in such cases
where the endpoint is part of a local subnet.

Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
---
 package/network/services/wireguard/files/wireguard.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Comments

John Crispin April 30, 2018, 1:37 p.m. | #1
On 19/02/18 19:54, Thomas Huehn wrote:
> This patch fixes a bug when someone tries to set up a Wireguard tunnel
> to an endpoint where its ip belongs to a local subnet, e.g. in a Freifunk
> olsr mesh. The call of proto_add_host_dependency() is just needed in cases
> where the endpoint is reachable via a default gateway but not in such cases
> where the endpoint is part of a local subnet.
>
> Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
Hi,

this should be fixed in trunk due to a netifd update. please let us know 
if you are still seeing this issue.
     John

> ---
>   package/network/services/wireguard/files/wireguard.sh | 8 +++++++-
>   1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/package/network/services/wireguard/files/wireguard.sh b/package/network/services/wireguard/files/wireguard.sh
> index 7b18a2e0ecdb..36ed80d9e7aa 100644
> --- a/package/network/services/wireguard/files/wireguard.sh
> +++ b/package/network/services/wireguard/files/wireguard.sh
> @@ -16,6 +16,10 @@ fi
>     init_proto "$@"
>   }
>   
> +is_remote_ip() {
> +     ip route get $1 | grep "via $(ip route | grep -m1 default | cut -d" " -f3)"
> +}
> +
>   
>   proto_wireguard_init_config() {
>     proto_config_add_string "private_key"
> @@ -174,7 +178,9 @@ proto_wireguard_setup() {
>       sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
>       while IFS=$'\t ' read -r key address port; do
>       [ -n "${port}" ] || continue
> -    proto_add_host_dependency "${config}" "${address}"
> +    is_remote_ip ${address} && {
> +      logger -t Wireguard "no local route to endpoint - call proto_add_host_dependency()"
> +      proto_add_host_dependency "${config}" "${address}"
>     done
>   
>     proto_send_update "${config}"

Patch

diff --git a/package/network/services/wireguard/files/wireguard.sh b/package/network/services/wireguard/files/wireguard.sh
index 7b18a2e0ecdb..36ed80d9e7aa 100644
--- a/package/network/services/wireguard/files/wireguard.sh
+++ b/package/network/services/wireguard/files/wireguard.sh
@@ -16,6 +16,10 @@  fi
   init_proto "$@"
 }
 
+is_remote_ip() {
+     ip route get $1 | grep "via $(ip route | grep -m1 default | cut -d" " -f3)"
+}
+
 
 proto_wireguard_init_config() {
   proto_config_add_string "private_key"
@@ -174,7 +178,9 @@  proto_wireguard_setup() {
     sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
     while IFS=$'\t ' read -r key address port; do
     [ -n "${port}" ] || continue
-    proto_add_host_dependency "${config}" "${address}"
+    is_remote_ip ${address} && {
+      logger -t Wireguard "no local route to endpoint - call proto_add_host_dependency()"
+      proto_add_host_dependency "${config}" "${address}"
   done
 
   proto_send_update "${config}"