diff options
| -rw-r--r-- | wireguardmeshgenerator.rb | 27 | ||||
| -rw-r--r-- | wireguardmeshgenerator.yaml | 10 |
2 files changed, 32 insertions, 5 deletions
diff --git a/wireguardmeshgenerator.rb b/wireguardmeshgenerator.rb index 365b2b9..b12f0b9 100644 --- a/wireguardmeshgenerator.rb +++ b/wireguardmeshgenerator.rb @@ -139,11 +139,20 @@ WireguardConfig = Struct.new(:myself, :hosts) do # Generates the address configuration for the current host. # For OpenBSD, it returns a placeholder comment. Otherwise, it returns the - # IP address as that option isn't supported on OpenBSD. + # IP address (and optionally IPv6) as that option isn't supported on OpenBSD. + # Supports dual-stack: if ipv6 field is present, outputs both IPv4 and IPv6 addresses. def address return '# No Address = ... for OpenBSD here' if hosts[myself]['os'] == 'OpenBSD' - "Address = #{hosts[myself]['wg0']['ip']}" + ipv4 = hosts[myself]['wg0']['ip'] + ipv6 = hosts[myself]['wg0']['ipv6'] + + # WireGuard supports multiple Address directives for dual-stack + if ipv6 + "Address = #{ipv4}\nAddress = #{ipv6}/64" + else + "Address = #{ipv4}" + end end # Generates DNS configuration for roaming clients. @@ -185,9 +194,17 @@ WireguardConfig = Struct.new(:myself, :hosts) do # Set keepalive: LAN hosts connecting to internet hosts, OR roaming clients connecting to anyone. keepalive = is_roaming || (in_lan && !peer_in_lan) - # For roaming clients, route all traffic through VPN (0.0.0.0/0). - # For regular mesh peers, only route their specific IP. - allowed_ips = is_roaming ? '0.0.0.0/0, ::/0' : data['wg0']['ip'] + # For roaming clients, route all traffic through VPN (0.0.0.0/0, ::/0). + # For regular mesh peers, route their specific IPv4 (and IPv6 if present). + # Dual-stack peers get both addresses in AllowedIPs. + if is_roaming + allowed_ips = '0.0.0.0/0, ::/0' + else + # For mesh peers, allow both IPv4 and IPv6 if present + ipv4 = data['wg0']['ip'] + ipv6 = data['wg0']['ipv6'] + allowed_ips = ipv6 ? "#{ipv4}/32, #{ipv6}/128" : "#{ipv4}/32" + end PeerSnippet.new(peer, myself, reach['domain'], data['wg0']['domain'], allowed_ips, endpoint, keepalive) end diff --git a/wireguardmeshgenerator.yaml b/wireguardmeshgenerator.yaml index 020854f..a39b2ed 100644 --- a/wireguardmeshgenerator.yaml +++ b/wireguardmeshgenerator.yaml @@ -13,6 +13,7 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.130' + ipv6: 'fd42:beef:cafe:2::130' exclude_peers: - earth - pixel7pro @@ -29,6 +30,7 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.131' + ipv6: 'fd42:beef:cafe:2::131' exclude_peers: - earth - pixel7pro @@ -45,6 +47,7 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.132' + ipv6: 'fd42:beef:cafe:2::132' exclude_peers: - earth - pixel7pro @@ -61,6 +64,7 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.120' + ipv6: 'fd42:beef:cafe:2::120' exclude_peers: - earth - pixel7pro @@ -77,6 +81,7 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.121' + ipv6: 'fd42:beef:cafe:2::121' exclude_peers: - earth - pixel7pro @@ -93,6 +98,7 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.122' + ipv6: 'fd42:beef:cafe:2::122' exclude_peers: - earth - pixel7pro @@ -110,6 +116,7 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.110' + ipv6: 'fd42:beef:cafe:2::110' fishfinger: os: OpenBSD ssh: @@ -124,11 +131,13 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.111' + ipv6: 'fd42:beef:cafe:2::111' earth: os: Linux wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.200' + ipv6: 'fd42:beef:cafe:2::200' exclude_peers: - f0 - f1 @@ -145,6 +154,7 @@ hosts: wg0: domain: 'wg0.wan.buetow.org' ip: '192.168.2.201' + ipv6: 'fd42:beef:cafe:2::201' exclude_peers: - f0 - f1 |