From d26b744bf6bd99e277a890420024a714997c8869 Mon Sep 17 00:00:00 2001
From: Keith Irwin <git@ki9.us>
Date: Mon, 12 Feb 2024 10:05:13 -0700
Subject: [PATCH] fix: :ambulance: Fixed mixup between client_allowedips and
 server_allowedips

---
 back/lib/dashboard/peer/add | 7 ++++---
 back/lib/fed_peer_add       | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/back/lib/dashboard/peer/add b/back/lib/dashboard/peer/add
index 61ea949..feb7b79 100755
--- a/back/lib/dashboard/peer/add
+++ b/back/lib/dashboard/peer/add
@@ -85,10 +85,11 @@ if ! printf 'IP addresses for %s created: %s %s\n' "${domain:?}" "${ipv4:?}" "${
 		/usr/lib/wagon/http_res 500; exit
 fi
 
-# Create wg config
+# Create client config
 privkey="$(/usr/bin/wg genkey)"
 pubkey="$(echo "${privkey}" | /usr/bin/wg pubkey)"
 address="${ipv4}/${IPV4_NET##*/},${ipv6}/${IPV6_NET##*/}"
+client_allowedips="${ipv4}/32, ${ipv6}/128"
 
 # Update nameserver
 if /usr/lib/wagon/ns_update_add "${domain:?}" "${ipv4:?}" "${ipv6:?}"
@@ -111,7 +112,7 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
 	if [ "${server_hostname}" == "${LOCAL_SERVER}" ]; then
 		server_blocks="${server_blocks}\n[Peer] # ${server_hostname:?}.${TLD:?}\nPublicKey=${server_pubkey:?}\nPresharedKey=${server_psk:?}\nAllowedIPs=${server_allowedips:?}\nEndpoint=${server_endpoint:?}\n"
 		# Add new user to local wireguard
-		if /usr/lib/wagon/wg_peer_add "${pubkey:?}" "${server_psk:?}" "${server_allowedips:?}"; then
+		if /usr/lib/wagon/wg_peer_add "${pubkey:?}" "${server_psk:?}" "${client_allowedips:?}"; then
 			printf 'Added %s to local wireguard server.\n' "${domain}" >&2
 		else
 			printf 'ERROR! Failed to add %s to local wireguard server!\n' "${domain}" >&2
@@ -121,7 +122,7 @@ while IFS=$'\t' read -r server_hostname server_ipv4 server_ipv6 server_pubkey se
 	else
 		server_blocks="${server_blocks}\n[Peer] # ${server_hostname:?}.${TLD:?}\nPublicKey=${server_pubkey:?}\nPresharedKey=${server_psk:?}\nAllowedIPs=${server_allowedips:?}\nEndpoint=${server_endpoint:?}\n"
 		# Send new user config to federated server
-		if /usr/lib/wagon/fed_peer_add "${server_url:?}" "${server_secret:?}" "${pubkey:?}" "${server_psk:?}" "${server_allowedips:?}" "${server_secret:?}"; then
+		if /usr/lib/wagon/fed_peer_add "${server_url:?}" "${server_secret:?}" "${pubkey:?}" "${server_psk:?}" "${client_allowedips:?}"; then
 			printf 'Sent %s to remote wireguard server %s.\n' "${domain}" "${server_hostname}" >&2
 		else
 			printf 'ERROR! Failed to send %s to remote wireguard server %s!\n' "${domain}" "${server_hostname}" >&2
diff --git a/back/lib/fed_peer_add b/back/lib/fed_peer_add
index 14fa77a..72794a3 100755
--- a/back/lib/fed_peer_add
+++ b/back/lib/fed_peer_add
@@ -11,4 +11,4 @@ if curl --silent -o /dev/null --fail --request POST --cacert "${SSL_CA_CERT}" "$
 else
 	printf 'ERROR: Failed to send peer to federated server %s\n' "${url}" >&2
 	exit 1
-fi
\ No newline at end of file
+fi