diff --git a/logic/extpeers.go b/logic/extpeers.go index 2f526fa1..b7fbb299 100644 --- a/logic/extpeers.go +++ b/logic/extpeers.go @@ -33,6 +33,7 @@ func GetExtPeersList(node *models.Node) ([]models.ExtPeersResponse, error) { logger.Log(2, "failed to unmarshal ext client") continue } + if extClient.Enabled && extClient.Network == node.Network && extClient.IngressGatewayID == node.ID { peers = append(peers, peer) } diff --git a/logic/peers.go b/logic/peers.go index 028815f5..c07322d2 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -97,6 +97,7 @@ func GetNodePeers(network *models.Network, nodeid string, excludeRelayed bool, i peer.AllowedIPs = append(peer.AllowedIPs, currentExtClients[i].Address) } if network.IsIPv6 == "yes" && currentExtClients[i].Address6 != "" { + fmt.Printf("append ext client address6 %s \n", currentExtClients[i].Address6) peer.AllowedIPs = append(peer.AllowedIPs, currentExtClients[i].Address6) } } @@ -281,20 +282,26 @@ func getExtPeers(node *models.Node) ([]wgtypes.PeerConfig, error) { continue } - var peer wgtypes.PeerConfig - var peeraddr = net.IPNet{ - IP: net.ParseIP(extPeer.Address), - Mask: net.CIDRMask(32, 32), - } var allowedips []net.IPNet - allowedips = append(allowedips, peeraddr) + var peer wgtypes.PeerConfig + if extPeer.Address != "" { + var peeraddr = net.IPNet{ + IP: net.ParseIP(extPeer.Address), + Mask: net.CIDRMask(32, 32), + } + if peeraddr.IP != nil && peeraddr.Mask != nil { + allowedips = append(allowedips, peeraddr) + } + } if extPeer.Address6 != "" { var addr6 = net.IPNet{ IP: net.ParseIP(extPeer.Address6), Mask: net.CIDRMask(128, 128), } - allowedips = append(allowedips, addr6) + if addr6.IP != nil && addr6.Mask != nil { + allowedips = append(allowedips, addr6) + } } peer = wgtypes.PeerConfig{ PublicKey: pubkey, diff --git a/logic/server.go b/logic/server.go index dbfba4fa..7c38ce83 100644 --- a/logic/server.go +++ b/logic/server.go @@ -347,22 +347,27 @@ func GetServerExtPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, error) { if serverNode.PublicKey == extPeer.PublicKey { continue } + var allowedips = []net.IPNet{} var peer wgtypes.PeerConfig - var peeraddr = net.IPNet{ - IP: net.ParseIP(extPeer.Address), - Mask: net.CIDRMask(32, 32), - } - var allowedips = []net.IPNet{ - peeraddr, + if extPeer.Address != "" { + newAddr := net.IPNet{ + IP: net.ParseIP(extPeer.Address), + Mask: net.CIDRMask(32, 32), + } + if &newAddr != nil { + allowedips = append(allowedips, newAddr) + } } if extPeer.Address6 != "" { - var addr6 = net.IPNet{ + newAddr6 := net.IPNet{ IP: net.ParseIP(extPeer.Address6), Mask: net.CIDRMask(128, 128), } - allowedips = append(allowedips, addr6) + if &newAddr6 != nil { + allowedips = append(allowedips, newAddr6) + } } peer = wgtypes.PeerConfig{ PublicKey: pubkey, @@ -374,6 +379,7 @@ func GetServerExtPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, error) { } tempPeers = nil extPeers = nil + fmt.Printf("appended peers: %v \n", peers) return peers, err } diff --git a/netclient/wireguard/common.go b/netclient/wireguard/common.go index 77e787d5..779ea60d 100644 --- a/netclient/wireguard/common.go +++ b/netclient/wireguard/common.go @@ -68,7 +68,9 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error var allowedips string var iparr []string for _, ipaddr := range peer.AllowedIPs { - iparr = append(iparr, ipaddr.String()) + if len(peer.AllowedIPs) > 0 && (&ipaddr) != nil { + iparr = append(iparr, ipaddr.String()) + } } allowedips = strings.Join(iparr, ",") keepAliveString := strconv.Itoa(int(keepalive)) diff --git a/serverctl/iptables.go b/serverctl/iptables.go index a71a3424..3c220763 100644 --- a/serverctl/iptables.go +++ b/serverctl/iptables.go @@ -77,7 +77,7 @@ func isContainerized() bool { // make sure host allows forwarding func setForwardPolicy() error { - logger.Log(1, "setting iptables forward policy") + logger.Log(2, "setting iptables forward policy") _, err := ncutils.RunCmd("iptables --policy FORWARD ACCEPT", false) return err }