Allow setting AllowedIPs on the server side

[jpjonte]

Is your feature request related to a problem? Please describe. I want to access services on my NAS and my home network (192.168.0.0/24) remotely using a wireguard tunnel from my NAS to my VPS running k3s.

I have installed the operator on my VPS and successfully set up the wireguard server and the client/peer on my NAS and established the tunnel. I can access my NAS remotely using the wireguard IP (10.8.0.XXX).

However, I can't access my NAS using the IP from my home network (192.168.0.XXX). According to the guide I used, the server configuration also needs AllowedIPs for the NAS peer so that the wireguard server knows to route packets for 192.168.0.0/24 to this peer.

As far as I can tell, there currently is no way to set this part of the configuration.

Describe the solution you'd like I'd like to set AllowedIPs directly in the spec of the WireguardPeer.

Describe alternatives you've considered Not sure if any other way would make sense.

Additional context Explanation how AllowedIPs also sets up routing: https://techoverflow.net/2021/07/09/what-does-wireguard-allowedips-actually-do/

[jodevsa]

Moin @jpjonte,

Thanks for opening this issue. Would you be interested in contributing to this project and implementing this feature? Otherwise I'll try to work on this the next time I touch this repo.

[jpjonte]

Moin @jodevsa!

I'm not sure my golang and kube-api skills are up to par, but I can give it a shot when I have some free time.

[jodevsa]

That makes it more fun. Give it a try. What else can you do in this weather in Lübeck anyways 😜

[winston0410]

fixed in 2.4.0