fix AllowIps and Address fields for WireGuard client (#99)

- add Wireguard client cidr into AllowIps
- change subnet number to 32 in Address field
This commit is contained in:
Yumin Wu 2024-05-09 22:01:55 +08:00 committed by GitHub
parent 7d3b8e42fe
commit 4da7f4ec20
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 32 additions and 19 deletions

View File

@ -218,20 +218,22 @@ After successfully starting easytier-core, use easytier-cli to obtain the WireGu
$> easytier-cli vpn-portal $> easytier-cli vpn-portal
portal_name: wireguard portal_name: wireguard
client_config: ############### client_config_start ###############
[Interface] [Interface]
PrivateKey = 9VDvlaIC9XHUvRuE06hD2CEDrtGF+0lDthgr9SZfIho= PrivateKey = 9VDvlaIC9XHUvRuE06hD2CEDrtGF+0lDthgr9SZfIho=
Address = 10.14.14.0/24 # should assign an ip from this cidr manually Address = 10.14.14.0/32 # should assign an ip from this cidr manually
[Peer] [Peer]
PublicKey = zhrZQg4QdPZs8CajT3r4fmzcNsWpBL9ImQCUsnlXyGM= PublicKey = zhrZQg4QdPZs8CajT3r4fmzcNsWpBL9ImQCUsnlXyGM=
AllowedIPs = 192.168.80.0/20,10.147.223.0/24,10.144.144.0/24 AllowedIPs = 10.144.144.0/24,10.14.14.0/24
Endpoint = 0.0.0.0:11013 # should be the public ip of the vpn server Endpoint = 0.0.0.0:11013 # should be the public ip(or domain) of the vpn server
PersistentKeepalive = 25 PersistentKeepalive = 25
############### client_config_end ###############
connected_clients: connected_clients:
[] []
``` ```
Before using the Client Config, you need to modify the Interface Address and Peer Endpoint to the client's IP and the IP of the EasyTier node, respectively. Import the configuration file into the WireGuard client to access the EasyTier network. Before using the Client Config, you need to modify the Interface Address and Peer Endpoint to the client's IP and the IP of the EasyTier node, respectively. Import the configuration file into the WireGuard client to access the EasyTier network.

View File

@ -219,20 +219,22 @@ easytier-core 启动成功后,使用 easytier-cli 获取 WireGuard Client 的
$> easytier-cli vpn-portal $> easytier-cli vpn-portal
portal_name: wireguard portal_name: wireguard
client_config: ############### client_config_start ###############
[Interface] [Interface]
PrivateKey = 9VDvlaIC9XHUvRuE06hD2CEDrtGF+0lDthgr9SZfIho= PrivateKey = 9VDvlaIC9XHUvRuE06hD2CEDrtGF+0lDthgr9SZfIho=
Address = 10.14.14.0/24 # should assign an ip from this cidr manually Address = 10.14.14.0/32 # should assign an ip from this cidr manually
[Peer] [Peer]
PublicKey = zhrZQg4QdPZs8CajT3r4fmzcNsWpBL9ImQCUsnlXyGM= PublicKey = zhrZQg4QdPZs8CajT3r4fmzcNsWpBL9ImQCUsnlXyGM=
AllowedIPs = 192.168.80.0/20,10.147.223.0/24,10.144.144.0/24 AllowedIPs = 10.144.144.0/24,10.14.14.0/24
Endpoint = 0.0.0.0:11013 # should be the public ip of the vpn server Endpoint = 0.0.0.0:11013 # should be the public ip(or domain) of the vpn server
PersistentKeepalive = 25 PersistentKeepalive = 25
############### client_config_end ###############
connected_clients: connected_clients:
[] []
``` ```
使用 Client Config 前,需要将 Interface Address 和 Peer Endpoint 分别修改为客户端的 IP 和 EasyTier 节点的 IP。将配置文件导入 WireGuard 客户端,即可访问 EasyTier 网络。 使用 Client Config 前,需要将 Interface Address 和 Peer Endpoint 分别修改为客户端的 IP 和 EasyTier 节点的 IP。将配置文件导入 WireGuard 客户端,即可访问 EasyTier 网络。

View File

@ -360,8 +360,15 @@ async fn main() -> Result<(), Error> {
.into_inner() .into_inner()
.vpn_portal_info .vpn_portal_info
.unwrap_or_default(); .unwrap_or_default();
println!("portal_name: {}\n", resp.vpn_type); println!("portal_name: {}", resp.vpn_type);
println!("client_config:{}", resp.client_config); println!(
r#"
############### client_config_start ###############
{}
############### client_config_end ###############
"#,
resp.client_config
);
println!("connected_clients:\n{:#?}", resp.connected_clients); println!("connected_clients:\n{:#?}", resp.connected_clients);
} }
} }

View File

@ -428,7 +428,7 @@ pub async fn async_main(cli: Cli) {
}); });
println!("Starting easytier with config:"); println!("Starting easytier with config:");
println!("############### TOML ##############\n"); println!("############### TOML ###############\n");
println!("{}", cfg.dump()); println!("{}", cfg.dump());
println!("-----------------------------------"); println!("-----------------------------------");

View File

@ -264,33 +264,35 @@ impl VpnPortal for WireGuard {
break; break;
} }
let vpn_cfg = global_ctx.config.get_vpn_portal_config().unwrap();
let client_cidr = vpn_cfg.client_cidr;
allow_ips.push(client_cidr.to_string());
let allow_ips = allow_ips let allow_ips = allow_ips
.into_iter() .into_iter()
.map(|x| x.to_string()) .map(|x| x.to_string())
.collect::<Vec<_>>() .collect::<Vec<_>>()
.join(","); .join(",");
let vpn_cfg = global_ctx.config.get_vpn_portal_config().unwrap();
let client_cidr = vpn_cfg.client_cidr;
let cfg = self.inner.as_ref().unwrap().wg_config.clone(); let cfg = self.inner.as_ref().unwrap().wg_config.clone();
let cfg_str = format!( let cfg_str = format!(
r#" r#"
[Interface] [Interface]
PrivateKey = {peer_secret_key} PrivateKey = {peer_secret_key}
Address = {client_cidr} # should assign an ip from this cidr manually Address = {address} # should assign an ip from this cidr manually
[Peer] [Peer]
PublicKey = {my_public_key} PublicKey = {my_public_key}
AllowedIPs = {allow_ips} AllowedIPs = {allow_ips}
Endpoint = {listenr_addr} # should be the public ip of the vpn server Endpoint = {listenr_addr} # should be the public ip(or domain) of the vpn server
PersistentKeepalive = 25 PersistentKeepalive = 25
"#, "#,
peer_secret_key = BASE64_STANDARD.encode(cfg.peer_secret_key()), peer_secret_key = BASE64_STANDARD.encode(cfg.peer_secret_key()),
my_public_key = BASE64_STANDARD.encode(cfg.my_public_key()), my_public_key = BASE64_STANDARD.encode(cfg.my_public_key()),
listenr_addr = self.inner.as_ref().unwrap().listenr_addr, listenr_addr = self.inner.as_ref().unwrap().listenr_addr,
allow_ips = allow_ips, allow_ips = allow_ips,
client_cidr = client_cidr, address = client_cidr.first_address().to_string() + "/32",
); );
cfg_str cfg_str