From 249fa10716cdb80fb5f694ec4fda0a175ba8ea02 Mon Sep 17 00:00:00 2001
From: ddrimus <ddrimus.dev@gmail.com>
Date: Thu, 10 Apr 2025 21:15:53 +0200
Subject: [PATCH] Fix: Add network interface detection

---
 README.md            |  8 +++++++-
 src/lib/WireGuard.js | 34 ++++++++++++++++++++++++++--------
 2 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index be8a32cb..659fe429 100644
--- a/README.md
+++ b/README.md
@@ -105,7 +105,7 @@ These options can be configured by setting environment variables using `-e KEY="
 | `WEBUI_HOST` | `0.0.0.0` | `localhost` | IP address web UI binds to.                                                                                                                          |
 | `PASSWORD_HASH` | - | `$2y$05$Ci...` | When set, requires a password when logging in to the Web UI. See [How to generate an bcrypt hash.md]("https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md") for know how generate the hash. |
 | `WG_HOST` | - | `vpn.myserver.com` | The public hostname of your VPN server.                                                                                                              |
-| `WG_DEVICE` | `eth0` | `ens6f0` | Ethernet device the wireguard traffic should be forwarded through.                                                                                   |
+| `WG_DEVICE` | `eth0` | `ens6f0` | The network interface to use for routing. Set to `auto` to automatically detect the interface.                                                                                   |
 | `WG_PORT` | `51820` | `12345` | The public UDP port of your VPN server. WireGuard will listen on that (othwise default) inside the Docker container.                                 |
 | `WG_CONFIG_PORT`| `51820` | `12345` | The UDP port used on [Home Assistant Plugin](https://github.com/adriy-be/homeassistant-addons-jdeath/tree/main/wgeasy)                               
 | `WG_MTU` | `null` | `1420` | The MTU the clients will use. Server uses default WG MTU.                                                                                            |
@@ -149,3 +149,9 @@ was pulled.
 * [Using WireGuard-Easy with nginx/SSL](https://github.com/wg-easy/wg-easy/wiki/Using-WireGuard-Easy-with-nginx-SSL)
 
 For less common or specific edge-case scenarios, please refer to the detailed information provided in the [Wiki](https://github.com/wg-easy/wg-easy/wiki).
+
+## Environment Variables
+
+| Name | Type | Default | Description |
+|------|------|---------|-------------|
+| `WG_DEVICE` | string | `eth0` | The network interface to use for routing. Set to `auto` to automatically detect the interface. |
diff --git a/src/lib/WireGuard.js b/src/lib/WireGuard.js
index adf6ca95..ce6e07a1 100644
--- a/src/lib/WireGuard.js
+++ b/src/lib/WireGuard.js
@@ -23,6 +23,7 @@ const {
   WG_POST_UP,
   WG_PRE_DOWN,
   WG_POST_DOWN,
+  WG_DEVICE,
 } = require('../config');
 
 module.exports = class WireGuard {
@@ -45,16 +46,20 @@ module.exports = class WireGuard {
           log: 'echo ***hidden*** | wg pubkey',
         });
         const address = WG_DEFAULT_ADDRESS.replace('x', '1');
+        const interfaceName = WG_DEVICE === 'auto' ? 
+          (await Util.exec('ip route get 8.8.8.8 | awk \'{print $5}\'', { log: false })) : 
+          WG_DEVICE;
 
         config = {
           server: {
             privateKey,
             publicKey,
             address,
+            interface: interfaceName
           },
           clients: {},
         };
-        debug('Configuration generated.');
+        debug('Configuration generated with interface:', interfaceName);
       }
 
       return config;
@@ -66,20 +71,29 @@ module.exports = class WireGuard {
   async getConfig() {
     if (!this.__configPromise) {
       const config = await this.__buildConfig();
-
       await this.__saveConfig(config);
       await Util.exec('wg-quick down wg0').catch(() => {});
+      
+      const interfaceName = WG_DEVICE === 'auto' ? 
+        (await Util.exec('ip route get 8.8.8.8 | awk \'{print $5}\'', { log: false })) : 
+        WG_DEVICE;
+      
+      const subnet = WG_DEFAULT_ADDRESS.replace('x', '0') + '/24';
+      
+      await Util.exec('iptables -t nat -F POSTROUTING').catch(() => {});
+      await Util.exec('iptables -F FORWARD').catch(() => {});
+      await Util.exec(`iptables -t nat -A POSTROUTING -s ${subnet} -o ${interfaceName} -j MASQUERADE`);
+      await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
+      await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
+      await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
+      
       await Util.exec('wg-quick up wg0').catch((err) => {
         if (err && err.message && err.message.includes('Cannot find device "wg0"')) {
           throw new Error('WireGuard exited with the error: Cannot find device "wg0"\nThis usually means that your host\'s kernel does not support WireGuard!');
         }
-
         throw err;
       });
-      // await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o ' + WG_DEVICE + ' -j MASQUERADE`);
-      // await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
-      // await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
-      // await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
+      
       await this.__syncConfig();
     }
 
@@ -93,6 +107,10 @@ module.exports = class WireGuard {
   }
 
   async __saveConfig(config) {
+    const interfaceName = WG_DEVICE === 'auto' ? 
+      (await Util.exec('ip route get 8.8.8.8 | awk \'{print $5}\'', { log: false })) : 
+      WG_DEVICE;
+      
     let result = `
 # Note: Do not edit this file directly.
 # Your changes will be overwritten!
@@ -127,7 +145,7 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : ''
     await fs.writeFile(path.join(WG_PATH, 'wg0.conf'), result, {
       mode: 0o600,
     });
-    debug('Config saved.');
+    debug('Config saved with interface:', interfaceName);
   }
 
   async __syncConfig() {