kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

bundles/wireguard: support s2s connection to other services

Browse source
This commit is contained in:
Franzi 2024-03-22 22:52:12 +01:00
parent ae14265abc
commit 104d1f11bf
Signed by: kunsi
GPG key ID: 12E3D2136B818350
3 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
bundles/wireguard/metadata.py
View file

@ -253,7 +253,7 @@ def interface_ips(metadata):
my_ip = '{}/31'.format(config['my_ip'])
ips = {my_ip}
if snat_ip:
if snat_ip and peer in repo.libs.s2s.WG_AUTOGEN_NODES:
ips.add(snat_ip)
their_ip = config['their_ip']
@ -289,12 +289,14 @@ def snat(metadata):
forward.add(f'iifname wg_{config["iface"]} accept')
forward.add(f'oifname wg_{config["iface"]} accept')
if snat_ip:
if snat_ip and peer in repo.libs.s2s.WG_AUTOGEN_NODES:
postrouting.add('ip saddr {} ip daddr != {} snat to {}'.format(
config['my_ip'],
config['their_ip'],
snat_ip,
))
elif config.get('masquerade', False):
postrouting.add(f'oifname wg_{peer} masquerade')
return {
'nftables': {