Feature #11588
openAutomatically suggest next IP address in Wireguard interface subnet when creating a peer
0%
Description
When creating a new WireGuard peer, we should suggest/pre-fill the AllowedIPs field with the next IP address in the WireGuard interface subnet. This will make the management of peer addresses semi-automatic.
For example:
On Peer A:- Create WireGuard interface with address 10.0.11.1/24
- Add a peer, suggest the next available address, 10.0.11.2/32
- Add a peer, suggest the next available address, 10.0.11.3/32
- Create WireGuard interface with address 10.0.11.2/24
- When adding a peer, suggest the next available address, which happens to be 10.0.11.1/32
- Create WireGuard interface with address 10.0.11.3/24
- When adding a peer, suggest the next available address, which happens to be 10.0.11.1/32
[...]
Updated by Jim Pingle over 3 years ago
- Target version changed from 2.6.0 to Future
Updated by Adam Cooper about 3 years ago
Opened PR 145 (https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/145) to resolve this feature request.
Currently a WIP due to no IPv6 processing but the groundwork is in place.
Edit: IPv6 now in, PR has some "hacky" methods for subnet enumerating etc but it's a start. Still lacks the JS side as it requires a user click on the "Add new peer" button for an existing tunnel (code needs to know which tunnel we're on from start). No current code to allow use to create a peer, select the tunnel and have JS load the next available IPs, yet.
If PR is approved I'll look into making it generic enough to come from PHP or load via JS on the peer edit page.
Updated by Adam Cooper almost 3 years ago
Hello all, am I able to get any feedback / comments on this pr? Its been sat for 3 months. I'd like to contribute more but haven't had great interactions with netgate so far. Either prs just get merged with questions still hanging (like the default route pr had a question regarding ipv6 compression, does pfsense do any validation or equality checks on ::, 0::, 0000::, etc), or prs just left with no comments, suggestions, feedbacks, or mention of work happening elsewhere perhaps on the private netgate gitlab.
This plugin (and others I suspect) would have much more open source involvement if they were managed in a more conducive fashion.