From 402d9975992ef127f0a8b9574d309cce5c0df508 Mon Sep 17 00:00:00 2001 From: Dominik Roth Date: Sun, 24 Aug 2025 17:54:35 +0200 Subject: [PATCH] Fix WireGuard AllowedIPs for proper mesh networking Change from /32 single-IP restrictions to full network range for all peers. This enables proper all-to-all mesh communication while maintaining security through preshared keys. --- cluster-setup.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster-setup.sh b/cluster-setup.sh index 6e47498..7d4ecea 100755 --- a/cluster-setup.sh +++ b/cluster-setup.sh @@ -219,14 +219,14 @@ EOF echo -e "${YELLOW}[+] Requesting cluster to add this node as peer...${NC}" # SSH to cluster node and add peer (requires SSH key setup) - ssh_cmd="wg set ${WG_INTERFACE} peer ${public_key} preshared-key <(echo ${preshared_key}) allowed-ips ${my_ip}/32 persistent-keepalive 25" + ssh_cmd="wg set ${WG_INTERFACE} peer ${public_key} preshared-key <(echo ${preshared_key}) allowed-ips ${WG_NETWORK} persistent-keepalive 25" echo -e "${YELLOW}Run this command on the cluster node (10.10.0.1) to add this peer:${NC}" - echo -e "${GREEN}sudo wg set ${WG_INTERFACE} peer ${public_key} preshared-key <(echo ${preshared_key}) allowed-ips ${my_ip}/32 persistent-keepalive 25${NC}" + echo -e "${GREEN}sudo wg set ${WG_INTERFACE} peer ${public_key} preshared-key <(echo ${preshared_key}) allowed-ips ${WG_NETWORK} persistent-keepalive 25${NC}" echo -e "${GREEN}sudo bash -c 'echo \"[Peer]\" >> /etc/wireguard/${WG_INTERFACE}.conf'${NC}" echo -e "${GREEN}sudo bash -c 'echo \"PublicKey = ${public_key}\" >> /etc/wireguard/${WG_INTERFACE}.conf'${NC}" echo -e "${GREEN}sudo bash -c 'echo \"PresharedKey = ${preshared_key}\" >> /etc/wireguard/${WG_INTERFACE}.conf'${NC}" - echo -e "${GREEN}sudo bash -c 'echo \"AllowedIPs = ${my_ip}/32\" >> /etc/wireguard/${WG_INTERFACE}.conf'${NC}" + echo -e "${GREEN}sudo bash -c 'echo \"AllowedIPs = ${WG_NETWORK}\" >> /etc/wireguard/${WG_INTERFACE}.conf'${NC}" echo -e "${GREEN}sudo bash -c 'echo \"PersistentKeepalive = 25\" >> /etc/wireguard/${WG_INTERFACE}.conf'${NC}" read -p "Press enter once you've added this peer to the cluster node..."