https://bugs.koozali.org/show_bug.cgi?id=11771
--- Comment #16 from John Crisp <[email protected]> ---
OK I understand now.
So Wireguard adds the network it uses to the networks DB.
All well and good as that SHOULD be a PRIVATE IP range. It is added as a
network to Local Networks.
It then adds that network to the relayclient file for people who dial in.
But if you add a normal routable IP network, or add an address with the wrong
subnet which opens up routable addresses, you set your server as an open relay.
Unintended consequences.
So as far as I can tell the Wireguard Network section should NOT be changed
unless it really conflicts with your own network or other special reason. I
think the code routes in the backgroud the way that OpenVPN routed does.
You can add extra networks for convenience if really required, but they should
not be public addresses.
Fixes required:
Deleting a network deletes the network DB entry
Neon warning signs on the networking section in the SM panel
Preferably a network/subnet mask check in the form to make sure they are
correct private address ranges only eg 192.168.x.x/24 not 192.0.0.0/8 etc
=======
If you have a breakage then delete the extra local network DB entries from the
server manager and then check the relayclients file.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
