ansible-role-wireguard icon indicating copy to clipboard operation
ansible-role-wireguard copied to clipboard

Published 20 hours ago verified publisher icon githubixx

Hide peers with empty endpoints

Open Miroka96 opened this issue 3 years ago • 9 comments

solves #101

Miroka96 avatar Apr 25 '21 14:04 Miroka96

Thanks for the PR! Sorry for not getting back earlier! While this PR works fine for my setup I'd like to setup an additional Molecule test scenario fist to make sure that it works as intended. I can't test every edge case but I'd at least have a better "feeling" before merging it :wink: I'm not sure if the current Molecule test scenario really covers this case at least a little bit.

githubixx avatar Jun 06 '21 21:06 githubixx

It's good to know that you have to set wireguard_port to "" otherwise it will still create then endpoint entries.

provokateurin avatar Jul 24 '21 21:07 provokateurin

The same should be done for unmanaged peers:

diff --git a/templates/etc/wireguard/wg.conf.j2 b/templates/etc/wireguard/wg.conf.j2
index bc60039..ad758b3 100644
--- a/templates/etc/wireguard/wg.conf.j2
+++ b/templates/etc/wireguard/wg.conf.j2
@@ -88,6 +88,8 @@ Endpoint = {{host}}:{{wireguard_port}}
 
 # Peers not managed by Ansible from "wireguard_unmanaged_peers" variable
 {% for peer in wireguard_unmanaged_peers.keys() %}
+{%   if (wireguard_unmanaged_peers[peer].endpoint is defined and wireguard_unmanaged_peers[peer].endpoint != "") or (wireguard_endpoint is defined and wireguard_endpoint != "") %}
+
 [Peer]
 # {{ peer }}
 PublicKey = {{ wireguard_unmanaged_peers[peer].public_key }}
@@ -103,5 +105,6 @@ Endpoint = {{ wireguard_unmanaged_peers[peer].endpoint }}
 {%     if wireguard_unmanaged_peers[peer].persistent_keepalive is defined %}
 PersistentKeepalive = {{ wireguard_unmanaged_peers[peer].persistent_keepalive }}
 {%     endif %}
+{%   endif %}
 {%   endfor %}
 {% endif %}

provokateurin avatar Jul 25 '21 06:07 provokateurin

I had merged this with master into https://github.com/libresh/ansible-role-wireguard, but cannot confirm that leaving the host variable wireguard_endpoint out and setting wireguard_port to "" will also hide these clients.

A workaround is to add them as unmanaged clients.

almereyda avatar Dec 22 '21 01:12 almereyda

I am in the same boat and tested your PR. It is working well for me. setting the port to "" will yield a message about invalid ports as it must be an integer. @Miroka96 thank you for this patch. it did help me a lot!

Any chance to get this merged soon?

christf avatar Jan 08 '22 15:01 christf

Hi! Can you please provide a test case that shows the problem? It would be very helpful to maybe make a copy of the existing Molecule test with two or three VMs with some host variables that will cause the problem e.g. The test doesn't need to work as most people most probably don't have QEMU/KVM around to actually test it. I just want to have a few variables to play around. Thx!

githubixx avatar Jan 16 '22 20:01 githubixx

Also looking forward for this, since the current behaviour breaks routing over a central server when two clients without endpoint try to connect to each other.

varac avatar Feb 01 '22 16:02 varac

I tested this PR and it works nicely.

varac avatar Feb 01 '22 19:02 varac