Project

General

Profile

Actions

Feature #11588

open

Automatically suggest next IP address in Wireguard interface subnet when creating a peer

Added by Jim Pingle about 3 years ago. Updated about 2 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
WireGuard
Target version:
Start date:
03/01/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

When creating a new WireGuard peer, we should suggest/pre-fill the AllowedIPs field with the next IP address in the WireGuard interface subnet. This will make the management of peer addresses semi-automatic.

For example:

On Peer A:
  • Create WireGuard interface with address 10.0.11.1/24
  • Add a peer, suggest the next available address, 10.0.11.2/32
  • Add a peer, suggest the next available address, 10.0.11.3/32
On Peer B:
  • Create WireGuard interface with address 10.0.11.2/24
  • When adding a peer, suggest the next available address, which happens to be 10.0.11.1/32
On Peer C:
  • Create WireGuard interface with address 10.0.11.3/24
  • When adding a peer, suggest the next available address, which happens to be 10.0.11.1/32

[...]

Actions #1

Updated by Jim Pingle almost 3 years ago

  • Target version changed from 2.6.0 to Future
Actions #2

Updated by Adam Cooper over 2 years ago

Opened PR 145 (https://github.com/theonemcdonald/pfSense-pkg-WireGuard/pull/145) to resolve this feature request.

Currently a WIP due to no IPv6 processing but the groundwork is in place.

Edit: IPv6 now in, PR has some "hacky" methods for subnet enumerating etc but it's a start. Still lacks the JS side as it requires a user click on the "Add new peer" button for an existing tunnel (code needs to know which tunnel we're on from start). No current code to allow use to create a peer, select the tunnel and have JS load the next available IPs, yet.

If PR is approved I'll look into making it generic enough to come from PHP or load via JS on the peer edit page.

Actions #3

Updated by Adam Cooper about 2 years ago

Hello all, am I able to get any feedback / comments on this pr? Its been sat for 3 months. I'd like to contribute more but haven't had great interactions with netgate so far. Either prs just get merged with questions still hanging (like the default route pr had a question regarding ipv6 compression, does pfsense do any validation or equality checks on ::, 0::, 0000::, etc), or prs just left with no comments, suggestions, feedbacks, or mention of work happening elsewhere perhaps on the private netgate gitlab.

This plugin (and others I suspect) would have much more open source involvement if they were managed in a more conducive fashion.

Actions

Also available in: Atom PDF