3 år sedan · 57dafd7b00
--- a/logic/server.go
+++ b/logic/server.go
@@ -12,6 +12,7 @@ import (
 
				 	"github.com/gravitl/netmaker/models"
			
 
				 	"github.com/gravitl/netmaker/netclient/ncutils"
			
 
				 	"github.com/gravitl/netmaker/servercfg"
			
 
				+	"golang.org/x/exp/slices"
			
 
				 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
			
 
				 )
			
 
				 
			
@@ -206,6 +207,10 @@ func GetServerPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, bool, []stri
 
				 	nodes, err := GetNetworkNodes(serverNode.Network)
			
 
				 	if err == nil {
			
 
				 		for _, node := range nodes {
			
 
				+			//if egress ranges is internet (0.0.0.0/0 or ::/0) remove as don't want server to use internet gateway
			
 
				+			if node.IsEgressGateway == "yes" && (slices.Contains(node.EgressGatewayRanges, "0.0.0.0/0") || slices.Contains(node.EgressGatewayRanges, "::/0")) {
			
 
				+				continue
			
 
				+			}
			
 
				 			if node.IsEgressGateway == "yes" && !IsLocalServer(&node) {
			
 
				 				gateways = append(gateways, node.EgressGatewayRanges...)
			
 
				 			}
			
--- a/netclient/local/routes.go
+++ b/netclient/local/routes.go
@@ -62,3 +62,11 @@ func SetCIDRRoute(iface, currentAddr string, cidr *net.IPNet) {
 
				 func RemoveCIDRRoute(iface, currentAddr string, cidr *net.IPNet) {
			
 
				 	removeCidr(iface, cidr, currentAddr)
			
 
				 }
			
 
				+
			
 
				+// SetDefaultRoute - sets the default route when peer is internet gateway
			
 
				+func SetDefaultRoute(iface string, peer wgtypes.PeerConfig) error {
			
 
				+	if err := setDefaultRoute(iface, peer); err != nil {
			
 
				+		return err
			
 
				+	}
			
 
				+	return nil
			
 
				+}
			
--- a/netclient/local/routes_linux.go
+++ b/netclient/local/routes_linux.go
@@ -10,6 +10,7 @@ import (
 
				 	"github.com/c-robinson/iplib"
			
 
				 	"github.com/gravitl/netmaker/logger"
			
 
				 	"github.com/gravitl/netmaker/netclient/ncutils"
			
 
				+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
			
 
				 )
			
 
				 
			
 
				 func setRoute(iface string, addr *net.IPNet, address string) error {
			
@@ -42,3 +43,14 @@ func setCidr(iface, address string, addr *net.IPNet) {
 
				 func removeCidr(iface string, addr *net.IPNet, address string) {
			
 
				 	ncutils.RunCmd("ip route delete "+addr.String()+" dev "+iface, false)
			
 
				 }
			
 
				+
			
 
				+func setDefaultRoute(iface string, peer wgtypes.PeerConfig) error {
			
 
				+	cmd := "wg set " + iface + " fwmark 1234"
			
 
				+	cmd += ";ip route add default dev " + iface + " table 2468"
			
 
				+	cmd += ";ip rule add not fwmark 1234 table 2468"
			
 
				+	cmd += ";ip rule add table main suppress_prefixlength 0"
			
 
				+	if _, err := ncutils.RunCmd(cmd, true); err != nil {
			
 
				+		return err
			
 
				+	}
			
 
				+	return nil
			
 
				+}
			
--- a/netclient/wireguard/common.go
+++ b/netclient/wireguard/common.go
@@ -121,6 +121,22 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error
 
				 			local.SetPeerRoutes(iface, oldPeerAllowedIps, peers)
			
 
				 		}
			
 
				 	}
			
 
				+	//check if internet gateway
			
 
				+	internetGateway := false
			
 
				+	gateway := wgtypes.PeerConfig{}
			
 
				+	for _, peer := range peers {
			
 
				+		for _, allowedip := range peer.AllowedIPs {
			
 
				+			if allowedip.String() == "0.0.0.0/0" || allowedip.String() == "::/0" {
			
 
				+				internetGateway = true
			
 
				+				gateway = peer
			
 
				+			}
			
 
				+		}
			
 
				+	}
			
 
				+	if internetGateway {
			
 
				+		if err := local.SetDefaultRoute(iface, gateway); err != nil {
			
 
				+			return err
			
 
				+		}
			
 
				+	}
			
 
				 
			
 
				 	return nil
			
 
				 }