wireguard.cgi: Ensure that AllowedIPs are in CIDR format

author Michael Tremer <michael.tremer@ipfire.org>

Thu, 25 Apr 2024 16:48:22 +0000 (18:48 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 22 Apr 2025 14:48:31 +0000 (16:48 +0200)
author Michael Tremer <michael.tremer@ipfire.org>
Thu, 25 Apr 2024 16:48:22 +0000 (18:48 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 22 Apr 2025 14:48:31 +0000 (16:48 +0200)
diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi

index 45363c0d456590db219ec51caa51d10a59b30df6..8f5cababe8931e8cb7617a9118534f93554403f8 100644 (file)
--- a/html/cgi-bin/wireguard.cgi
+++ b/html/cgi-bin/wireguard.cgi
@@ -1170,6 +1170,19 @@ sub pool_is_in_use($) {
  sub generate_client_configuration($) {
         my $peer = shift;
  
+       my @allowed_ips = ();
+
+       # Convert all subnets into CIDR notation
+       foreach my $subnet ($peer->{'LOCAL_SUBNETS'}) {
+               my $netaddress = &Network::get_netaddress($subnet);
+               my $prefix     = &Network::get_prefix($subnet);
+
+               # Skip invalid subnets
+               next if (!defined $netaddress || !defined $prefix);
+
+               push(@allowed_ips, "${netaddress}/${prefix}");
+       }
+
         my @conf = (
                 "[Interface]",
                 "PrivateKey = $peer->{'PRIVATE_KEY'}",
@@ -1180,7 +1193,7 @@ sub generate_client_configuration($) {
                 "Endpoint = $General::main{'HOSTNAME'}.$General::main{'DOMAINNAME'}",
                 "PublicKey = $settings{'PUBLIC_KEY'}",
                 "PresharedKey = $peer->{'PSK'}",
-               "AllowedIPs = $peer->{'LOCAL_SUBNETS'}",
+               "AllowedIPs = " . join(", ", @allowed_ips),
                 "PersistentKeepalive = $DEFAULT_KEEPALIVE",
         );
author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 25 Apr 2024 16:48:22 +0000 (18:48 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 22 Apr 2025 14:48:31 +0000 (16:48 +0200)