Fix: Add network interface detection

4 months ago · 249fa10716
2 changed files with 33 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -105,7 +105,7 @@ These options can be configured by setting environment variables using `-e KEY="
 | `WEBUI_HOST` | `0.0.0.0` | `localhost` | IP address web UI binds to.                                                                                                                          |
 | `PASSWORD_HASH` | - | `$2y$05$Ci...` | When set, requires a password when logging in to the Web UI. See [How to generate an bcrypt hash.md]("https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md") for know how generate the hash. |
 | `WG_HOST` | - | `vpn.myserver.com` | The public hostname of your VPN server.                                                                                                              |
-| `WG_DEVICE` | `eth0` | `ens6f0` | Ethernet device the wireguard traffic should be forwarded through.                                                                                   |
+| `WG_DEVICE` | `eth0` | `ens6f0` | The network interface to use for routing. Set to `auto` to automatically detect the interface.                                                                                   |
 | `WG_PORT` | `51820` | `12345` | The public UDP port of your VPN server. WireGuard will listen on that (othwise default) inside the Docker container.                                 |
 | `WG_CONFIG_PORT`| `51820` | `12345` | The UDP port used on [Home Assistant Plugin](https://github.com/adriy-be/homeassistant-addons-jdeath/tree/main/wgeasy)                               
 | `WG_MTU` | `null` | `1420` | The MTU the clients will use. Server uses default WG MTU.                                                                                            |
@ -149,3 +149,9 @@ was pulled.
 * [Using WireGuard-Easy with nginx/SSL](https://github.com/wg-easy/wg-easy/wiki/Using-WireGuard-Easy-with-nginx-SSL)

 For less common or specific edge-case scenarios, please refer to the detailed information provided in the [Wiki](https://github.com/wg-easy/wg-easy/wiki).
+
+## Environment Variables
+
+| Name | Type | Default | Description |
+|------|------|---------|-------------|
+| `WG_DEVICE` | string | `eth0` | The network interface to use for routing. Set to `auto` to automatically detect the interface. |
--- a/src/lib/WireGuard.js
+++ b/src/lib/WireGuard.js
@ -23,6 +23,7 @@ const {
  WG_POST_UP,
  WG_PRE_DOWN,
  WG_POST_DOWN,
+  WG_DEVICE,
 } = require('../config');

 module.exports = class WireGuard {
@ -45,16 +46,20 @@ module.exports = class WireGuard {
          log: 'echo ***hidden*** | wg pubkey',
        });
        const address = WG_DEFAULT_ADDRESS.replace('x', '1');
+        const interfaceName = WG_DEVICE === 'auto' ? 
+          (await Util.exec('ip route get 8.8.8.8 | awk \'{print $5}\'', { log: false })) : 
+          WG_DEVICE;

        config = {
          server: {
            privateKey,
            publicKey,
            address,
+            interface: interfaceName
          },
          clients: {},
        };
-        debug('Configuration generated.');
+        debug('Configuration generated with interface:', interfaceName);
      }

      return config;
@ -66,20 +71,29 @@ module.exports = class WireGuard {
  async getConfig() {
    if (!this.__configPromise) {
      const config = await this.__buildConfig();
-
      await this.__saveConfig(config);
      await Util.exec('wg-quick down wg0').catch(() => {});
+      
+      const interfaceName = WG_DEVICE === 'auto' ? 
+        (await Util.exec('ip route get 8.8.8.8 | awk \'{print $5}\'', { log: false })) : 
+        WG_DEVICE;
+      
+      const subnet = WG_DEFAULT_ADDRESS.replace('x', '0') + '/24';
+      
+      await Util.exec('iptables -t nat -F POSTROUTING').catch(() => {});
+      await Util.exec('iptables -F FORWARD').catch(() => {});
+      await Util.exec(`iptables -t nat -A POSTROUTING -s ${subnet} -o ${interfaceName} -j MASQUERADE`);
+      await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
+      await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
+      await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
+      
      await Util.exec('wg-quick up wg0').catch((err) => {
        if (err && err.message && err.message.includes('Cannot find device "wg0"')) {
          throw new Error('WireGuard exited with the error: Cannot find device "wg0"\nThis usually means that your host\'s kernel does not support WireGuard!');
        }
-
        throw err;
      });
-      // await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o ' + WG_DEVICE + ' -j MASQUERADE`);
-      // await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
-      // await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
-      // await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
+      
      await this.__syncConfig();
    }

@ -93,6 +107,10 @@ module.exports = class WireGuard {
  }

  async __saveConfig(config) {
+    const interfaceName = WG_DEVICE === 'auto' ? 
+      (await Util.exec('ip route get 8.8.8.8 | awk \'{print $5}\'', { log: false })) : 
+      WG_DEVICE;
+      
    let result = `
 # Note: Do not edit this file directly.
 # Your changes will be overwritten!
@ -127,7 +145,7 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : ''
    await fs.writeFile(path.join(WG_PATH, 'wg0.conf'), result, {
      mode: 0o600,
    });
-    debug('Config saved.');
+    debug('Config saved with interface:', interfaceName);
  }

  async __syncConfig() {