overwrite AllowedIPs in wg config (#3055)

mute UnknownCA errors
2026-04-04 14:29:45 +00:00 · 2025-11-21 11:30:21 -07:00
parent 66188d791b
commit 6e8a425eb1
2 changed files with 27 additions and 5 deletions
--- a/core/startos/src/net/tunnel.rs
+++ b/core/startos/src/net/tunnel.rs
@@ -39,6 +39,23 @@ pub struct AddTunnelParams {
    public: bool,
 }

+fn sanitize_config(config: &str) -> String {
+    let mut res = String::with_capacity(config.len());
+    for line in config.lines() {
+        if line
+            .trim()
+            .strip_prefix("AllowedIPs")
+            .map_or(false, |l| l.trim().starts_with("="))
+        {
+            res.push_str("AllowedIPs = 0.0.0.0/0, ::/0");
+        } else {
+            res.push_str(line);
+        }
+        res.push('\n');
+    }
+    res
+}
+
 pub async fn add_tunnel(
    ctx: RpcContext,
    AddTunnelParams {
@@ -86,7 +103,7 @@ pub async fn add_tunnel(

    let tmpdir = TmpDir::new().await?;
    let conf = tmpdir.join(&iface).with_extension("conf");
-    write_file_atomic(&conf, &config).await?;
+    write_file_atomic(&conf, &sanitize_config(&config)).await?;
    Command::new("nmcli")
        .arg("connection")
        .arg("import")