drop internet gateway on server

logic/server.go

@@ -12,6 +12,7 @@ import (
 	"github.com/gravitl/netmaker/models"
 	"github.com/gravitl/netmaker/netclient/ncutils"
 	"github.com/gravitl/netmaker/servercfg"
+	"golang.org/x/exp/slices"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 
@@ -206,6 +207,10 @@ func GetServerPeers(serverNode *models.Node) ([]wgtypes.PeerConfig, bool, []stri
 	nodes, err := GetNetworkNodes(serverNode.Network)
 	if err == nil {
 		for _, node := range nodes {
+			//if egress ranges is internet (0.0.0.0/0 or ::/0) remove as don't want server to use internet gateway
+			if node.IsEgressGateway == "yes" && (slices.Contains(node.EgressGatewayRanges, "0.0.0.0/0") || slices.Contains(node.EgressGatewayRanges, "::/0")) {
+				continue
+			}
 			if node.IsEgressGateway == "yes" && !IsLocalServer(&node) {
 				gateways = append(gateways, node.EgressGatewayRanges...)
 			}

netclient/local/routes.go

@@ -62,3 +62,11 @@ func SetCIDRRoute(iface, currentAddr string, cidr *net.IPNet) {
 func RemoveCIDRRoute(iface, currentAddr string, cidr *net.IPNet) {
 	removeCidr(iface, cidr, currentAddr)
 }
+
+// SetDefaultRoute - sets the default route when peer is internet gateway
+func SetDefaultRoute(iface string, peer wgtypes.PeerConfig) error {
+	if err := setDefaultRoute(iface, peer); err != nil {
+		return err
+	}
+	return nil
+}

netclient/local/routes_linux.go

@@ -10,6 +10,7 @@ import (
 	"github.com/c-robinson/iplib"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/netclient/ncutils"
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 
 func setRoute(iface string, addr *net.IPNet, address string) error {
@@ -42,3 +43,14 @@ func setCidr(iface, address string, addr *net.IPNet) {
 func removeCidr(iface string, addr *net.IPNet, address string) {
 	ncutils.RunCmd("ip route delete "+addr.String()+" dev "+iface, false)
 }
+
+func setDefaultRoute(iface string, peer wgtypes.PeerConfig) error {
+	cmd := "wg set " + iface + " fwmark 1234"
+	cmd += ";ip route add default dev " + iface + " table 2468"
+	cmd += ";ip rule add not fwmark 1234 table 2468"
+	cmd += ";ip rule add table main suppress_prefixlength 0"
+	if _, err := ncutils.RunCmd(cmd, true); err != nil {
+		return err
+	}
+	return nil
+}

netclient/wireguard/common.go

@@ -121,6 +121,22 @@ func SetPeers(iface string, node *models.Node, peers []wgtypes.PeerConfig) error
 			local.SetPeerRoutes(iface, oldPeerAllowedIps, peers)
 		}
 	}
+	//check if internet gateway
+	internetGateway := false
+	gateway := wgtypes.PeerConfig{}
+	for _, peer := range peers {
+		for _, allowedip := range peer.AllowedIPs {
+			if allowedip.String() == "0.0.0.0/0" || allowedip.String() == "::/0" {
+				internetGateway = true
+				gateway = peer
+			}
+		}
+	}
+	if internetGateway {
+		if err := local.SetDefaultRoute(iface, gateway); err != nil {
+			return err
+		}
+	}
 
 	return nil
 }