gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2025-12-12 15:49:22 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix(integration-test): Use /32 again for allowed ips

Browse Source
This commit is contained in:
Karolin Varner
2025-08-23 12:53:15 +02:00
committed by David Niehues
parent 098aff91ab
commit 879a25ec46
1 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
tests/integration/rpsc-test.nix
View File

@@ -176,20 +176,20 @@ in
peerA = { peerA = {
networking.wireguard.interfaces.${wgInterface} = { networking.wireguard.interfaces.${wgInterface} = {
listenPort = wgPort; listenPort = wgPort;
ips = [ "${staticConfig.peerA.innerIp}/24" ]; ips = [ "${staticConfig.peerA.innerIp}/32" ];
inherit (staticConfig.peerA) privateKey; inherit (staticConfig.peerA) privateKey;
peers = peers =
[ [
{ {
inherit (staticConfig.peerB) publicKey; inherit (staticConfig.peerB) publicKey;
allowedIPs = [ "${staticConfig.peerB.innerIp}/24" ]; allowedIPs = [ "${staticConfig.peerB.innerIp}/32" ];
endpoint = "peerB:${builtins.toString wgPort}"; endpoint = "peerB:${builtins.toString wgPort}";
presharedKey = "AR/yvSvMAzW6eS27PsRHUMWwC8cLhaD96t42cysxrb0="; presharedKey = "AR/yvSvMAzW6eS27PsRHUMWwC8cLhaD96t42cysxrb0=";
} # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. } # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
] ]
++ (lib.optional multiPeer { ++ (lib.optional multiPeer {
inherit (staticConfig.peerC) publicKey; inherit (staticConfig.peerC) publicKey;
allowedIPs = [ "${staticConfig.peerC.innerIp}/24" ]; allowedIPs = [ "${staticConfig.peerC.innerIp}/32" ];
endpoint = "peerC:${builtins.toString wgPort}"; endpoint = "peerC:${builtins.toString wgPort}";
presharedKey = "LfWvJCN8h7NhS+JWRG7GMIY20JxUV4WUs7MJ45ZGoCE="; presharedKey = "LfWvJCN8h7NhS+JWRG7GMIY20JxUV4WUs7MJ45ZGoCE=";
} # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. } # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
@@ -208,7 +208,7 @@ in
peerPubkey = staticConfig.peerB.publicKey; peerPubkey = staticConfig.peerB.publicKey;
remoteKeyPath = keyExchangePathAB; remoteKeyPath = keyExchangePathAB;
endpoint = "peerB:${builtins.toString wgPort}"; endpoint = "peerB:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerB.innerIp}/24"; allowedIps = "${staticConfig.peerB.innerIp}/32";
}; };
} }
// lib.optionalAttrs multiPeer { // lib.optionalAttrs multiPeer {
@@ -220,20 +220,20 @@ in
peerPubkey = staticConfig.peerC.publicKey; peerPubkey = staticConfig.peerC.publicKey;
remoteKeyPath = keyExchangePathAC; remoteKeyPath = keyExchangePathAC;
endpoint = "peerC:${builtins.toString wgPort}"; endpoint = "peerC:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerC.innerIp}/24"; allowedIps = "${staticConfig.peerC.innerIp}/32";
}; };
}; };
}; };
peerB = { peerB = {
networking.wireguard.interfaces.${wgInterface} = { networking.wireguard.interfaces.${wgInterface} = {
listenPort = wgPort; listenPort = wgPort;
ips = [ "${staticConfig.peerB.innerIp}/24" ]; ips = [ "${staticConfig.peerB.innerIp}/32" ];
inherit (staticConfig.peerB) privateKey; inherit (staticConfig.peerB) privateKey;
peers = peers =
[ [
{ {
inherit (staticConfig.peerA) publicKey; inherit (staticConfig.peerA) publicKey;
allowedIPs = [ "${staticConfig.peerA.innerIp}/24" ]; allowedIPs = [ "${staticConfig.peerA.innerIp}/32" ];
endpoint = "peerA:${builtins.toString wgPort}"; endpoint = "peerA:${builtins.toString wgPort}";
presharedKey = "o25fjoIOI623cnRyhvD4YEGtuSY4BFRZmY3UHvZ0BCA="; presharedKey = "o25fjoIOI623cnRyhvD4YEGtuSY4BFRZmY3UHvZ0BCA=";
# NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
@@ -241,7 +241,7 @@ in
] ]
++ (lib.optional multiPeer { ++ (lib.optional multiPeer {
inherit (staticConfig.peerC) publicKey; inherit (staticConfig.peerC) publicKey;
allowedIPs = [ "${staticConfig.peerC.innerIp}/24" ]; allowedIPs = [ "${staticConfig.peerC.innerIp}/32" ];
endpoint = "peerC:${builtins.toString wgPort}"; endpoint = "peerC:${builtins.toString wgPort}";
presharedKey = "GsYTUd/4Ph7wMy5r+W1no9yGe0UeZlmCPeiyu4tb6yM="; presharedKey = "GsYTUd/4Ph7wMy5r+W1no9yGe0UeZlmCPeiyu4tb6yM=";
# NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
@@ -260,7 +260,7 @@ in
peerPubkey = staticConfig.peerA.publicKey; peerPubkey = staticConfig.peerA.publicKey;
remoteKeyPath = keyExchangePathBA; remoteKeyPath = keyExchangePathBA;
endpoint = "peerA:${builtins.toString wgPort}"; endpoint = "peerA:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerB.innerIp}/24"; allowedIps = "${staticConfig.peerB.innerIp}/32";
}; };
} }
// lib.optionalAttrs multiPeer { // lib.optionalAttrs multiPeer {
@@ -272,7 +272,7 @@ in
peerPubkey = staticConfig.peerC.publicKey; peerPubkey = staticConfig.peerC.publicKey;
remoteKeyPath = keyExchangePathBC; remoteKeyPath = keyExchangePathBC;
endpoint = "peerC:${builtins.toString wgPort}"; endpoint = "peerC:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerC.innerIp}/24"; allowedIps = "${staticConfig.peerC.innerIp}/32";
}; };
}; };
}; };
@@ -310,18 +310,18 @@ in
peerC = { peerC = {
networking.wireguard.interfaces.${wgInterface} = { networking.wireguard.interfaces.${wgInterface} = {
listenPort = wgPort; listenPort = wgPort;
ips = [ "${staticConfig.peerC.innerIp}/24" ]; ips = [ "${staticConfig.peerC.innerIp}/32" ];
inherit (staticConfig.peerC) privateKey; inherit (staticConfig.peerC) privateKey;
peers = [ peers = [
{ {
inherit (staticConfig.peerA) publicKey; inherit (staticConfig.peerA) publicKey;
allowedIPs = [ "${staticConfig.peerA.innerIp}/24" ]; allowedIPs = [ "${staticConfig.peerA.innerIp}/32" ];
endpoint = "peerA:${builtins.toString wgPort}"; endpoint = "peerA:${builtins.toString wgPort}";
presharedKey = "s9aIG1pY6nj2lH6p61tP8WRETNgQvoTfgel5BmVjYeI="; presharedKey = "s9aIG1pY6nj2lH6p61tP8WRETNgQvoTfgel5BmVjYeI=";
} # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. } # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
{ {
inherit (staticConfig.peerB) publicKey; inherit (staticConfig.peerB) publicKey;
allowedIPs = [ "${staticConfig.peerB.innerIp}/24" ]; allowedIPs = [ "${staticConfig.peerB.innerIp}/32" ];
endpoint = "peerB:${builtins.toString wgPort}"; endpoint = "peerB:${builtins.toString wgPort}";
presharedKey = "DYlFqWg/M6EfnMolBO+b4DFNrRyS6YWr4lM/2xRE1FQ="; presharedKey = "DYlFqWg/M6EfnMolBO+b4DFNrRyS6YWr4lM/2xRE1FQ=";
} # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded. } # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
@@ -339,7 +339,7 @@ in
peerPubkey = staticConfig.peerA.publicKey; peerPubkey = staticConfig.peerA.publicKey;
remoteKeyPath = keyExchangePathCA; remoteKeyPath = keyExchangePathCA;
endpoint = "peerA:${builtins.toString wgPort}"; endpoint = "peerA:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerA.innerIp}/24"; allowedIps = "${staticConfig.peerA.innerIp}/32";
}; };
CB = { CB = {
create = true; create = true;
@@ -349,7 +349,7 @@ in
peerPubkey = staticConfig.peerB.publicKey; peerPubkey = staticConfig.peerB.publicKey;
remoteKeyPath = keyExchangePathCB; remoteKeyPath = keyExchangePathCB;
endpoint = "peerB:${builtins.toString wgPort}"; endpoint = "peerB:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerB.innerIp}/24"; allowedIps = "${staticConfig.peerB.innerIp}/32";
}; };
}; };
}; };