theis.gaedigk/wg-easy-ca-lose
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add option to disable ipv6 (#1951)

Browse Source 
* add option to disable ipv6

* don't add ipv6 address

* update docs
This commit is contained in:
Bernd Storath
2025-07-01 07:57:14 +02:00
committed by GitHub
parent 68fde7d165
commit 0f663df7f6
7 changed files with 116 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/server/database/sqlite.ts
+51
View File
@@ -2,6 +2,7 @@ import { drizzle } from 'drizzle-orm/libsql';
import { migrate as drizzleMigrate } from 'drizzle-orm/libsql/migrator';
import { createClient } from '@libsql/client';
import debug from 'debug';
import { eq } from 'drizzle-orm';
import * as schema from './schema';
import { ClientService } from './repositories/client/service';
@@ -25,6 +26,11 @@ export async function connect() {
await initialSetup(dbService);
}
if (WG_ENV.DISABLE_IPV6) {
DB_DEBUG('Warning: Disabling IPv6...');
await disableIpv6(db);
}
return dbService;
}
@@ -108,3 +114,48 @@ async function initialSetup(db: DBServiceType) {
await db.general.setSetupStep(0);
}
}
async function disableIpv6(db: DBType) {
// This should match the initial value migration
const postUpMatch =
' ip6tables -t nat -A POSTROUTING -s {{ipv6Cidr}} -o {{device}} -j MASQUERADE; ip6tables -A INPUT -p udp -m udp --dport {{port}} -j ACCEPT; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -A FORWARD -o wg0 -j ACCEPT;';
const postDownMatch =
' ip6tables -t nat -D POSTROUTING -s {{ipv6Cidr}} -o {{device}} -j MASQUERADE; ip6tables -D INPUT -p udp -m udp --dport {{port}} -j ACCEPT; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -D FORWARD -o wg0 -j ACCEPT;';
await db.transaction(async (tx) => {
const hooks = await tx.query.hooks.findFirst({
where: eq(schema.hooks.id, 'wg0'),
});
if (!hooks) {
throw new Error('Hooks not found');
}
if (hooks.postUp.includes(postUpMatch)) {
DB_DEBUG('Disabling IPv6 in Post Up hooks...');
await tx
.update(schema.hooks)
.set({
postUp: hooks.postUp.replace(postUpMatch, ''),
postDown: hooks.postDown.replace(postDownMatch, ''),
})
.where(eq(schema.hooks.id, 'wg0'))
.execute();
} else {
DB_DEBUG('IPv6 Post Up hooks already disabled, skipping...');
}
if (hooks.postDown.includes(postDownMatch)) {
DB_DEBUG('Disabling IPv6 in Post Down hooks...');
await tx
.update(schema.hooks)
.set({
postUp: hooks.postUp.replace(postUpMatch, ''),
postDown: hooks.postDown.replace(postDownMatch, ''),
})
.where(eq(schema.hooks.id, 'wg0'))
.execute();
} else {
DB_DEBUG('IPv6 Post Down hooks already disabled, skipping...');
}
});
}