mirror
/
wg-easy
mirror of https://github.com/wg-easy/wg-easy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add subnet mask

pull/1714/head
yanghuanglin 4 months ago
parent
c8fc129df4
commit
f078709894
4 changed files with 42 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      README.md
  2. 1
      docker-compose.yml
  3. 1
      src/config.js
  4. 15
      src/lib/WireGuard.js

3
README.md
View File

@ -110,11 +110,12 @@ Donation to core component: [WireGuard](https://www.wireguard.com/donations/)
These options can be configured by setting environment variables using `-e KEY="VALUE"` in the `docker run` command.
| Env | Default | Example | Description |
| - | - | - |------------------------------------------------------------------------------------------------------------------------------------------------------|
| - |-------------------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `PORT` | `51821` | `6789` | TCP port for Web UI. |
| `WEBUI_HOST` | `0.0.0.0` | `localhost` | IP address web UI binds to. |
| `PASSWORD_HASH` | - | `$2y$05$Ci...` | When set, requires a password when logging in to the Web UI. See [How to generate an bcrypt hash.md]("https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md") for know how generate the hash. |
| `WG_HOST` | - | `vpn.myserver.com` | The public hostname of your VPN server. |
| `WG_MASK` | `24` | `16` | The mask of your subnet, should between 0 and 32. |
| `WG_DEVICE` | `eth0` | `ens6f0` | Ethernet device the wireguard traffic should be forwarded through. |
| `WG_PORT` | `51820` | `12345` | The public UDP port of your VPN server. WireGuard will listen on that (othwise default) inside the Docker container. |
| `WG_CONFIG_PORT`| `51820` | `12345` | The UDP port used on [Home Assistant Plugin](https://github.com/adriy-be/homeassistant-addons-jdeath/tree/main/wgeasy)

1
docker-compose.yml
View File

@ -15,6 +15,7 @@ services:
# - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG # (needs double $$, hash of 'foobar123'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
# - PORT=51821
# - WG_PORT=51820
# - WG_MASK=24
# - WG_CONFIG_PORT=92820
# - WG_DEFAULT_ADDRESS=10.8.0.x
# - WG_DEFAULT_DNS=1.1.1.1

1
src/config.js
View File

@ -45,3 +45,4 @@ module.exports.UI_ENABLE_SORT_CLIENTS = process.env.UI_ENABLE_SORT_CLIENTS || 'f
module.exports.WG_ENABLE_EXPIRES_TIME = process.env.WG_ENABLE_EXPIRES_TIME || 'false';
module.exports.ENABLE_PROMETHEUS_METRICS = process.env.ENABLE_PROMETHEUS_METRICS || 'false';
module.exports.PROMETHEUS_METRICS_PASSWORD = process.env.PROMETHEUS_METRICS_PASSWORD;
module.exports.WG_MASK = process.env.WG_MASK || 24;

15
src/lib/WireGuard.js
View File

@ -14,6 +14,7 @@ const {
WG_PATH,
WG_HOST,
WG_PORT,
WG_MASK,
WG_CONFIG_PORT,
WG_MTU,
WG_DEFAULT_DNS,
@ -36,6 +37,10 @@ module.exports = class WireGuard {
throw new Error('WG_HOST Environment Variable Not Set!');
}
if (WG_MASK < 0 || WG_MASK > 32) {
throw new Error('WG_MASK should between 0 and 32!');
}
debug('Loading configuration...');
let config;
try {
@ -48,12 +53,14 @@ module.exports = class WireGuard {
log: 'echo ***hidden*** | wg pubkey',
});
const address = WG_DEFAULT_ADDRESS.replace('x', '1');
const mask = WG_MASK;
config = {
server: {
privateKey,
publicKey,
address,
mask,
},
clients: {},
};
@ -79,7 +86,7 @@ module.exports = class WireGuard {
throw err;
});
// await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o ' + WG_DEVICE + ' -j MASQUERADE`);
// await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/${WG_MASK} -o ' + WG_DEVICE + ' -j MASQUERADE`);
// await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
// await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
// await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
@ -103,7 +110,7 @@ module.exports = class WireGuard {
# Server
[Interface]
PrivateKey = ${config.server.privateKey}
Address = ${config.server.address}/24
Address = ${config.server.address}/${config.server.mask}
ListenPort = ${WG_PORT}
PreUp = ${WG_PRE_UP}
PostUp = ${WG_POST_UP}
@ -146,6 +153,7 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : ''
name: client.name,
enabled: client.enabled,
address: client.address,
mask: client.mask,
publicKey: client.publicKey,
createdAt: new Date(client.createdAt),
updatedAt: new Date(client.updatedAt),
@ -220,7 +228,7 @@ ${client.preSharedKey ? `PresharedKey = ${client.preSharedKey}\n` : ''
return `
[Interface]
PrivateKey = ${client.privateKey ? `${client.privateKey}` : 'REPLACE_ME'}
Address = ${client.address}/24
Address = ${client.address}/${client.mask}
${WG_DEFAULT_DNS ? `DNS = ${WG_DEFAULT_DNS}\n` : ''}\
${WG_MTU ? `MTU = ${WG_MTU}\n` : ''}\
${client.clientPreUP ? `PreUp = ${client.clientPreUP}\n` : ''}\
@ -291,6 +299,7 @@ Endpoint = ${WG_HOST}:${WG_CONFIG_PORT}`;
publicKey,
preSharedKey,
mask: WG_MASK,
createdAt: new Date(),
updatedAt: new Date(),
clientPreUP: null,

Write Preview
Loading…
Cancel
Save