diff --git a/tests/integration/rpsc-test.nix b/tests/integration/rpsc-test.nix index 89a4592..63db311 100644 --- a/tests/integration/rpsc-test.nix +++ b/tests/integration/rpsc-test.nix @@ -176,20 +176,20 @@ in peerA = { networking.wireguard.interfaces.${wgInterface} = { listenPort = wgPort; - ips = [ "${staticConfig.peerA.innerIp}/24" ]; + ips = [ "${staticConfig.peerA.innerIp}/32" ]; inherit (staticConfig.peerA) privateKey; peers = [ { inherit (staticConfig.peerB) publicKey; - allowedIPs = [ "${staticConfig.peerB.innerIp}/24" ]; + allowedIPs = [ "${staticConfig.peerB.innerIp}/32" ]; endpoint = "peerB:${builtins.toString wgPort}"; presharedKey = "AR/yvSvMAzW6eS27PsRHUMWwC8cLhaD96t42cysxrb0="; } # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. ] ++ (lib.optional multiPeer { inherit (staticConfig.peerC) publicKey; - allowedIPs = [ "${staticConfig.peerC.innerIp}/24" ]; + allowedIPs = [ "${staticConfig.peerC.innerIp}/32" ]; endpoint = "peerC:${builtins.toString wgPort}"; presharedKey = "LfWvJCN8h7NhS+JWRG7GMIY20JxUV4WUs7MJ45ZGoCE="; } # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. @@ -208,7 +208,7 @@ in peerPubkey = staticConfig.peerB.publicKey; remoteKeyPath = keyExchangePathAB; endpoint = "peerB:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerB.innerIp}/24"; + allowedIps = "${staticConfig.peerB.innerIp}/32"; }; } // lib.optionalAttrs multiPeer { @@ -220,20 +220,20 @@ in peerPubkey = staticConfig.peerC.publicKey; remoteKeyPath = keyExchangePathAC; endpoint = "peerC:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerC.innerIp}/24"; + allowedIps = "${staticConfig.peerC.innerIp}/32"; }; }; }; peerB = { networking.wireguard.interfaces.${wgInterface} = { listenPort = wgPort; - ips = [ "${staticConfig.peerB.innerIp}/24" ]; + ips = [ "${staticConfig.peerB.innerIp}/32" ]; inherit (staticConfig.peerB) privateKey; peers = [ { inherit (staticConfig.peerA) publicKey; - allowedIPs = [ "${staticConfig.peerA.innerIp}/24" ]; + allowedIPs = [ "${staticConfig.peerA.innerIp}/32" ]; endpoint = "peerA:${builtins.toString wgPort}"; presharedKey = "o25fjoIOI623cnRyhvD4YEGtuSY4BFRZmY3UHvZ0BCA="; # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. @@ -241,7 +241,7 @@ in ] ++ (lib.optional multiPeer { inherit (staticConfig.peerC) publicKey; - allowedIPs = [ "${staticConfig.peerC.innerIp}/24" ]; + allowedIPs = [ "${staticConfig.peerC.innerIp}/32" ]; endpoint = "peerC:${builtins.toString wgPort}"; presharedKey = "GsYTUd/4Ph7wMy5r+W1no9yGe0UeZlmCPeiyu4tb6yM="; # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. @@ -260,7 +260,7 @@ in peerPubkey = staticConfig.peerA.publicKey; remoteKeyPath = keyExchangePathBA; endpoint = "peerA:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerB.innerIp}/24"; + allowedIps = "${staticConfig.peerB.innerIp}/32"; }; } // lib.optionalAttrs multiPeer { @@ -272,7 +272,7 @@ in peerPubkey = staticConfig.peerC.publicKey; remoteKeyPath = keyExchangePathBC; endpoint = "peerC:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerC.innerIp}/24"; + allowedIps = "${staticConfig.peerC.innerIp}/32"; }; }; }; @@ -310,18 +310,18 @@ in peerC = { networking.wireguard.interfaces.${wgInterface} = { listenPort = wgPort; - ips = [ "${staticConfig.peerC.innerIp}/24" ]; + ips = [ "${staticConfig.peerC.innerIp}/32" ]; inherit (staticConfig.peerC) privateKey; peers = [ { inherit (staticConfig.peerA) publicKey; - allowedIPs = [ "${staticConfig.peerA.innerIp}/24" ]; + allowedIPs = [ "${staticConfig.peerA.innerIp}/32" ]; endpoint = "peerA:${builtins.toString wgPort}"; presharedKey = "s9aIG1pY6nj2lH6p61tP8WRETNgQvoTfgel5BmVjYeI="; } # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. { inherit (staticConfig.peerB) publicKey; - allowedIPs = [ "${staticConfig.peerB.innerIp}/24" ]; + allowedIPs = [ "${staticConfig.peerB.innerIp}/32" ]; endpoint = "peerB:${builtins.toString wgPort}"; presharedKey = "DYlFqWg/M6EfnMolBO+b4DFNrRyS6YWr4lM/2xRE1FQ="; } # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. @@ -339,7 +339,7 @@ in peerPubkey = staticConfig.peerA.publicKey; remoteKeyPath = keyExchangePathCA; endpoint = "peerA:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerA.innerIp}/24"; + allowedIps = "${staticConfig.peerA.innerIp}/32"; }; CB = { create = true; @@ -349,7 +349,7 @@ in peerPubkey = staticConfig.peerB.publicKey; remoteKeyPath = keyExchangePathCB; endpoint = "peerB:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerB.innerIp}/24"; + allowedIps = "${staticConfig.peerB.innerIp}/32"; }; }; };