diff --git a/plinth/modules/wireguard/forms.py b/plinth/modules/wireguard/forms.py index 75e1a9f24..87450ac32 100644 --- a/plinth/modules/wireguard/forms.py +++ b/plinth/modules/wireguard/forms.py @@ -109,6 +109,7 @@ class AddServerForm(forms.Form): def get_settings(self): """Return NM settings dict from cleaned data.""" + ip_address = self.cleaned_data['ip_address'] settings = { 'common': { 'type': 'wireguard', @@ -116,8 +117,8 @@ class AddServerForm(forms.Form): }, 'ipv4': { 'method': 'manual', - 'address': self.cleaned_data['ip_address'], - 'netmask': '', + 'address': ip_address, + 'netmask': '255.255.255.0', 'gateway': '', 'dns': '', 'second_dns': '', @@ -125,6 +126,7 @@ class AddServerForm(forms.Form): 'wireguard': { 'peer_endpoint': self.cleaned_data['peer_endpoint'], 'peer_public_key': self.cleaned_data['peer_public_key'], + 'ip_address': ip_address, 'private_key': self.cleaned_data['private_key'], 'preshared_key': self.cleaned_data['preshared_key'], 'default_route': self.cleaned_data['default_route'], diff --git a/plinth/network.py b/plinth/network.py index dfe99e466..873bcd5bb 100644 --- a/plinth/network.py +++ b/plinth/network.py @@ -507,8 +507,13 @@ def _update_wireguard_settings(connection, wireguard): peer.set_preshared_key_flags(nm.SettingSecretFlags.NONE) peer.set_preshared_key(wireguard['preshared_key'], False) - peer.append_allowed_ip('0.0.0.0/0', False) - peer.append_allowed_ip('::/0', False) + if wireguard['default_route']: + peer.append_allowed_ip('0.0.0.0/0', False) + peer.append_allowed_ip('::/0', False) + else: + ip_addr = wireguard['ip_address'] + peer.append_allowed_ip(f'{ip_addr}/24', False) + settings.clear_peers() settings.append_peer(peer)