gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2025-12-05 20:40:02 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix(integration-test): Use /32 again for allowed ips

Browse Source
This commit is contained in:
Karolin Varner
2025-08-23 12:53:15 +02:00
committed by David Niehues
parent 098aff91ab
commit 879a25ec46
1 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
tests/integration/rpsc-test.nix
View File

@@ -176,20 +176,20 @@ in
peerA = {
networking.wireguard.interfaces.${wgInterface} = {
listenPort = wgPort;
ips = [ "${staticConfig.peerA.innerIp}/24" ];
ips = [ "${staticConfig.peerA.innerIp}/32" ];
inherit (staticConfig.peerA) privateKey;
peers =
[
{
inherit (staticConfig.peerB) publicKey;
allowedIPs = [ "${staticConfig.peerB.innerIp}/24" ];
allowedIPs = [ "${staticConfig.peerB.innerIp}/32" ];
endpoint = "peerB:${builtins.toString wgPort}";
presharedKey = "AR/yvSvMAzW6eS27PsRHUMWwC8cLhaD96t42cysxrb0=";
} # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
]
++ (lib.optional multiPeer {
inherit (staticConfig.peerC) publicKey;
allowedIPs = [ "${staticConfig.peerC.innerIp}/24" ];
allowedIPs = [ "${staticConfig.peerC.innerIp}/32" ];
endpoint = "peerC:${builtins.toString wgPort}";
presharedKey = "LfWvJCN8h7NhS+JWRG7GMIY20JxUV4WUs7MJ45ZGoCE=";
} # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
@@ -208,7 +208,7 @@ in
peerPubkey = staticConfig.peerB.publicKey;
remoteKeyPath = keyExchangePathAB;
endpoint = "peerB:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerB.innerIp}/24";
allowedIps = "${staticConfig.peerB.innerIp}/32";
};
}
// lib.optionalAttrs multiPeer {
@@ -220,20 +220,20 @@ in
peerPubkey = staticConfig.peerC.publicKey;
remoteKeyPath = keyExchangePathAC;
endpoint = "peerC:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerC.innerIp}/24";
allowedIps = "${staticConfig.peerC.innerIp}/32";
};
};
};
peerB = {
networking.wireguard.interfaces.${wgInterface} = {
listenPort = wgPort;
ips = [ "${staticConfig.peerB.innerIp}/24" ];
ips = [ "${staticConfig.peerB.innerIp}/32" ];
inherit (staticConfig.peerB) privateKey;
peers =
[
{
inherit (staticConfig.peerA) publicKey;
allowedIPs = [ "${staticConfig.peerA.innerIp}/24" ];
allowedIPs = [ "${staticConfig.peerA.innerIp}/32" ];
endpoint = "peerA:${builtins.toString wgPort}";
presharedKey = "o25fjoIOI623cnRyhvD4YEGtuSY4BFRZmY3UHvZ0BCA=";
# NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
@@ -241,7 +241,7 @@ in
]
++ (lib.optional multiPeer {
inherit (staticConfig.peerC) publicKey;
allowedIPs = [ "${staticConfig.peerC.innerIp}/24" ];
allowedIPs = [ "${staticConfig.peerC.innerIp}/32" ];
endpoint = "peerC:${builtins.toString wgPort}";
presharedKey = "GsYTUd/4Ph7wMy5r+W1no9yGe0UeZlmCPeiyu4tb6yM=";
# NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
@@ -260,7 +260,7 @@ in
peerPubkey = staticConfig.peerA.publicKey;
remoteKeyPath = keyExchangePathBA;
endpoint = "peerA:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerB.innerIp}/24";
allowedIps = "${staticConfig.peerB.innerIp}/32";
};
}
// lib.optionalAttrs multiPeer {
@@ -272,7 +272,7 @@ in
peerPubkey = staticConfig.peerC.publicKey;
remoteKeyPath = keyExchangePathBC;
endpoint = "peerC:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerC.innerIp}/24";
allowedIps = "${staticConfig.peerC.innerIp}/32";
};
};
};
@@ -310,18 +310,18 @@ in
peerC = {
networking.wireguard.interfaces.${wgInterface} = {
listenPort = wgPort;
ips = [ "${staticConfig.peerC.innerIp}/24" ];
ips = [ "${staticConfig.peerC.innerIp}/32" ];
inherit (staticConfig.peerC) privateKey;
peers = [
{
inherit (staticConfig.peerA) publicKey;
allowedIPs = [ "${staticConfig.peerA.innerIp}/24" ];
allowedIPs = [ "${staticConfig.peerA.innerIp}/32" ];
endpoint = "peerA:${builtins.toString wgPort}";
presharedKey = "s9aIG1pY6nj2lH6p61tP8WRETNgQvoTfgel5BmVjYeI=";
} # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
{
inherit (staticConfig.peerB) publicKey;
allowedIPs = [ "${staticConfig.peerB.innerIp}/24" ];
allowedIPs = [ "${staticConfig.peerB.innerIp}/32" ];
endpoint = "peerB:${builtins.toString wgPort}";
presharedKey = "DYlFqWg/M6EfnMolBO+b4DFNrRyS6YWr4lM/2xRE1FQ=";
} # NOTE: We use mismatching preshared keys on purpose to make the wireguard key exchange fail until the rosenpass key exchange succeeded.
@@ -339,7 +339,7 @@ in
peerPubkey = staticConfig.peerA.publicKey;
remoteKeyPath = keyExchangePathCA;
endpoint = "peerA:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerA.innerIp}/24";
allowedIps = "${staticConfig.peerA.innerIp}/32";
};
CB = {
create = true;
@@ -349,7 +349,7 @@ in
peerPubkey = staticConfig.peerB.publicKey;
remoteKeyPath = keyExchangePathCB;
endpoint = "peerB:${builtins.toString wgPort}";
allowedIps = "${staticConfig.peerB.innerIp}/24";
allowedIps = "${staticConfig.peerB.innerIp}/32";
};
};
};