Revert "feat: cidr notation"

1 year ago · bf214fb4d3
8 changed files with 29 additions and 44 deletions
--- a/README.md
+++ b/README.md
@ -96,8 +96,7 @@ These options can be configured by setting environment variables using `-e KEY="
 | `WG_PORT` | `51820` | `12345` | The public UDP port of your VPN server. WireGuard will always listen on 51820 inside the Docker container. |
 | `WG_MTU` | `null` | `1420` | The MTU the clients will use. Server uses default WG MTU. |
 | `WG_PERSISTENT_KEEPALIVE` | `0` | `25` | Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive. |
-| `WG_DEFAULT_ADDRESS` | `10.8.0.0` | `10.6.0.0` | Clients IP address range. |
-| `WG_DEFAULT_ADDRESS_RANGE` | `24` | `32` | Value to define CIDR Range. If not defined fallback to `24`
+| `WG_DEFAULT_ADDRESS` | `10.8.0.x` | `10.6.0.x` | Clients IP address range. |
 | `WG_DEFAULT_DNS` | `1.1.1.1` | `8.8.8.8, 8.8.4.4` | DNS server clients will use. If set to blank value, clients will not use any DNS. |
 | `WG_ALLOWED_IPS` | `0.0.0.0/0, ::/0` | `192.168.15.0/24, 10.0.1.0/24` | Allowed IPs clients will use. |
 | `WG_PRE_UP` | `...` | - | See [config.js](https://github.com/wg-easy/wg-easy/blob/master/src/config.js#L19) for the default value. |
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -15,8 +15,7 @@ services:
      # Optional:
      # - PASSWORD=foobar123
      # - WG_PORT=51820
-      # - WG_DEFAULT_ADDRESS=10.8.0.0
-      # - WG_DEFAULT_ADDRESS_RANGE=24
+      # - WG_DEFAULT_ADDRESS=10.8.0.x
      # - WG_DEFAULT_DNS=1.1.1.1
      # - WG_MTU=1420
      # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
--- a/src/config.js
+++ b/src/config.js
@ -1,7 +1,5 @@
 'use strict';

-const ip = require('ip');
-
 const { release } = require('./package.json');

 module.exports.RELEASE = release;
@ -14,21 +12,15 @@ module.exports.WG_HOST = process.env.WG_HOST;
 module.exports.WG_PORT = process.env.WG_PORT || '51820';
 module.exports.WG_MTU = process.env.WG_MTU || null;
 module.exports.WG_PERSISTENT_KEEPALIVE = process.env.WG_PERSISTENT_KEEPALIVE || '0';
-module.exports.WG_DEFAULT_ADDRESS = process.env.WG_DEFAULT_ADDRESS || '10.8.0.0';
-module.exports.WG_DEFAULT_ADDRESS_RANGE = process.env.WG_DEFAULT_ADDRESS_RANGE || '24';
+module.exports.WG_DEFAULT_ADDRESS = process.env.WG_DEFAULT_ADDRESS || '10.8.0.x';
 module.exports.WG_DEFAULT_DNS = typeof process.env.WG_DEFAULT_DNS === 'string'
  ? process.env.WG_DEFAULT_DNS
  : '1.1.1.1';
 module.exports.WG_ALLOWED_IPS = process.env.WG_ALLOWED_IPS || '0.0.0.0/0, ::/0';

-module.exports.WG_SUBNET = ip.cidrSubnet(`${module.exports.WG_DEFAULT_ADDRESS}/${module.exports.WG_DEFAULT_ADDRESS_RANGE}`);
-module.exports.WG_SERVER_ADDRESS = module.exports.WG_SUBNET.firstAddress;
-module.exports.WG_CLIENT_FIRST_ADDRESS = ip.toLong(module.exports.WG_SERVER_ADDRESS) + 1;
-module.exports.WG_CLIENT_LAST_ADDRESS = ip.toLong(module.exports.WG_SUBNET.lastAddress) - 1; // Exclude the broadcast address
-
 module.exports.WG_PRE_UP = process.env.WG_PRE_UP || '';
 module.exports.WG_POST_UP = process.env.WG_POST_UP || `
-iptables -t nat -A POSTROUTING -s ${module.exports.WG_SERVER_ADDRESS}/${module.exports.WG_DEFAULT_ADDRESS_RANGE} -o ${module.exports.WG_DEVICE} -j MASQUERADE;
+iptables -t nat -A POSTROUTING -s ${module.exports.WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o ${module.exports.WG_DEVICE} -j MASQUERADE;
 iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT;
 iptables -A FORWARD -i wg0 -j ACCEPT;
 iptables -A FORWARD -o wg0 -j ACCEPT;
@ -36,7 +28,7 @@ iptables -A FORWARD -o wg0 -j ACCEPT;

 module.exports.WG_PRE_DOWN = process.env.WG_PRE_DOWN || '';
 module.exports.WG_POST_DOWN = process.env.WG_POST_DOWN || `
-iptables -t nat -D POSTROUTING -s ${module.exports.WG_SERVER_ADDRESS}/${module.exports.WG_DEFAULT_ADDRESS_RANGE} -o ${module.exports.WG_DEVICE} -j MASQUERADE;
+iptables -t nat -D POSTROUTING -s ${module.exports.WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o ${module.exports.WG_DEVICE} -j MASQUERADE;
 iptables -D INPUT -p udp -m udp --dport 51820 -j ACCEPT;
 iptables -D FORWARD -i wg0 -j ACCEPT;
 iptables -D FORWARD -o wg0 -j ACCEPT;
--- a/src/lib/Util.js
+++ b/src/lib/Util.js
@ -4,6 +4,19 @@ const childProcess = require('child_process');

 module.exports = class Util {

+  static isValidIPv4(str) {
+    const blocks = str.split('.');
+    if (blocks.length !== 4) return false;
+
+    for (let value of blocks) {
+      value = parseInt(value, 10);
+      if (Number.isNaN(value)) return false;
+      if (value < 0 || value > 255) return false;
+    }
+
+    return true;
+  }
+
  static promisify(fn) {
    // eslint-disable-next-line func-names
    return function(req, res) {
--- a/src/lib/WireGuard.js
+++ b/src/lib/WireGuard.js
@ -4,7 +4,6 @@ const fs = require('fs').promises;
 const path = require('path');

 const debug = require('debug')('WireGuard');
-const ip = require('ip');
 const uuid = require('uuid');
 const QRCode = require('qrcode');

@ -17,12 +16,9 @@ const {
  WG_PORT,
  WG_MTU,
  WG_DEFAULT_DNS,
-  WG_DEFAULT_ADDRESS_RANGE,
+  WG_DEFAULT_ADDRESS,
  WG_PERSISTENT_KEEPALIVE,
  WG_ALLOWED_IPS,
-  WG_SERVER_ADDRESS,
-  WG_CLIENT_FIRST_ADDRESS,
-  WG_CLIENT_LAST_ADDRESS,
  WG_PRE_UP,
  WG_POST_UP,
  WG_PRE_DOWN,
@ -49,15 +45,13 @@ module.exports = class WireGuard {
          const publicKey = await Util.exec(`echo ${privateKey} | wg pubkey`, {
            log: 'echo ***hidden*** | wg pubkey',
          });
-          const address = WG_SERVER_ADDRESS;
-          const cidrBlock = WG_DEFAULT_ADDRESS_RANGE;
+          const address = WG_DEFAULT_ADDRESS.replace('x', '1');

          config = {
            server: {
              privateKey,
              publicKey,
              address,
-              cidrBlock,
            },
            clients: {},
          };
@ -73,7 +67,7 @@ module.exports = class WireGuard {

          throw err;
        });
-        // await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_SERVER_ADDRESS}/${WG_DEFAULT_ADDRESS_RANGE} -o ' + WG_DEVICE + ' -j MASQUERADE`);
+        // await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o ' + WG_DEVICE + ' -j MASQUERADE`);
        // await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
        // await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
        // await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
@ -100,7 +94,7 @@ module.exports = class WireGuard {
 # Server
 [Interface]
 PrivateKey = ${config.server.privateKey}
-Address = ${config.server.address}/${config.server.cidrBlock}
+Address = ${config.server.address}/24
 ListenPort = 51820
 PreUp = ${WG_PRE_UP}
 PostUp = ${WG_POST_UP}
@ -143,7 +137,6 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : ''
      name: client.name,
      enabled: client.enabled,
      address: client.address,
-      cidrBlock: client.cidrBlock,
      publicKey: client.publicKey,
      createdAt: new Date(client.createdAt),
      updatedAt: new Date(client.updatedAt),
@ -206,7 +199,7 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : ''
    return `
 [Interface]
 PrivateKey = ${client.privateKey ? `${client.privateKey}` : 'REPLACE_ME'}
-Address = ${client.address}/${client.cidrBlock}
+Address = ${client.address}/24
 ${WG_DEFAULT_DNS ? `DNS = ${WG_DEFAULT_DNS}\n` : ''}\
 ${WG_MTU ? `MTU = ${WG_MTU}\n` : ''}\

@ -237,16 +230,15 @@ Endpoint = ${WG_HOST}:${WG_PORT}`;
    const publicKey = await Util.exec(`echo ${privateKey} | wg pubkey`);
    const preSharedKey = await Util.exec('wg genpsk');

-    // find next IP
+    // Calculate next IP
    let address;
-    for (let i = WG_CLIENT_FIRST_ADDRESS; i <= WG_CLIENT_LAST_ADDRESS; i++) {
-      const currentIp = ip.fromLong(i);
+    for (let i = 2; i < 255; i++) {
      const client = Object.values(config.clients).find((client) => {
-        return client.address === currentIp;
+        return client.address === WG_DEFAULT_ADDRESS.replace('x', i);
      });

      if (!client) {
-        address = currentIp;
+        address = WG_DEFAULT_ADDRESS.replace('x', i);
        break;
      }
    }
@ -257,12 +249,10 @@ Endpoint = ${WG_HOST}:${WG_PORT}`;

    // Create Client
    const id = uuid.v4();
-    const cidrBlock = WG_DEFAULT_ADDRESS_RANGE;
    const client = {
      id,
      name,
      address,
-      cidrBlock,
      privateKey,
      publicKey,
      preSharedKey,
@ -319,7 +309,7 @@ Endpoint = ${WG_HOST}:${WG_PORT}`;
  async updateClientAddress({ clientId, address }) {
    const client = await this.getClient({ clientId });

-    if (!ip.isV4Format(address)) {
+    if (!Util.isValidIPv4(address)) {
      throw new ServerError(`Invalid Address: ${address}`, 400);
    }

--- a/src/package-lock.json
+++ b/src/package-lock.json
@ -13,7 +13,6 @@
        "debug": "^4.3.4",
        "express-session": "^1.18.0",
        "h3": "^1.11.1",
-        "ip": "^2.0.1",
        "qrcode": "^1.5.3",
        "uuid": "^9.0.1"
      },
@ -2655,11 +2654,6 @@
        "node": ">= 0.4"
      }
    },
-    "node_modules/ip": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.1.tgz",
-      "integrity": "sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ=="
-    },
    "node_modules/iron-webcrypto": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/iron-webcrypto/-/iron-webcrypto-1.1.0.tgz",
--- a/src/package.json
+++ b/src/package.json
@ -16,7 +16,6 @@
    "bcryptjs": "^2.4.3",
    "debug": "^4.3.4",
    "express-session": "^1.18.0",
-    "ip": "^2.0.1",
    "h3": "^1.11.1",
    "qrcode": "^1.5.3",
    "uuid": "^9.0.1"
--- a/wg-easy.service
+++ b/wg-easy.service
@ -5,8 +5,7 @@ After=network-online.target nss-lookup.target
 [Service]
 Environment="WG_HOST=raspberrypi.local" # Change this to your host's public address or static public ip.
 Environment="PASSWORD=REPLACEME" # When set, requires a password when logging in to the Web UI, to disable add a hashtag
-#Environment="WG_DEFAULT_ADDRESS=10.0.8.0" # Clients IP addresses.
-#Environment="WG_DEFAULT_ADDRESS_RANGE=32" # Client CIDR Range (if not set fallback to 24)
+#Environment="WG_DEFAULT_ADDRESS=10.0.8.x" #Clients IP address range.
 #Environment="WG_DEFAULT_DNS=10.0.8.1, 1.1.1.1" #DNS server clients will use. If set to blank value, clients will not use any DNS.
 #Environment="WG_ALLOWED_IPS=0.0.0.0/0,::/0" #Allowed IPs clients will use.
 #Environment="WG_DEVICE=ens1" #Ethernet device the wireguard traffic should be forwarded through.