mesh

bypasser

@@ -153,6 +153,20 @@ _get_available_port() {
   echo "$((_avail_port + 1))"
 }
 
+_get_interface_name() {
+  ip -4 route ls | while read -r line; do
+    case "$line" in
+    *default*)
+      _int="${line##* dev }"
+      _int="${_int%% *}"
+      echo "$_int"
+      break
+      ;;
+    *) ;;
+    esac
+  done
+}
+
 _vpn_new() {
   if ! [ -d "$BP_WG_DIR" ] || [ -z "$BP_WG_DIR" ]; then
     echo "Error: directory '$BP_WG_DIR' nonexistent, create it (and set 600 permissions) to add new VPNs"
@@ -160,7 +174,8 @@ _vpn_new() {
   fi
 
   _vpn_name="$1"
-  _vpn_file="$BP_WG_DIR"/"$BP_WG_INTERFACE_PREFIX$_vpn_name".conf
+  _vpn_interface="${BP_WG_INTERFACE_PREFIX}${_vpn_name}"
+  _vpn_file="$BP_WG_DIR"/"$_vpn_interface".conf
 
   if [ -f "$_vpn_file" ]; then
     echo "Error: vpn name '$_vpn_name' already exists in '$_vpn_file'"
@@ -182,10 +197,21 @@ _vpn_new() {
   _highest="$(_highest_interface)"
   _new=$((_highest + 1))
 
+  _server_interface="$(_get_interface_name)"
+  if [ -z "$_server_interface" ]; then
+    echo "Error: could not get server interface name"
+    return 1
+  fi
+
   echo "[Interface]
   PrivateKey = ${_server_sec_key}
   ListenPort = ${_port}
-  Address = ${BG_WG_SUBNET_PREFIX}.${_new}.1/${BG_WG_INTERFACE_SUBNET_MASK}" >"$_vpn_file"
+  Address = ${BG_WG_SUBNET_PREFIX}.${_new}.1/${BG_WG_INTERFACE_SUBNET_MASK}
+  PreUp =
+  PostUp = iptables -t nat -A POSTROUTING -s ${BG_WG_SUBNET_PREFIX}.${_new}.0/24 -o ${_server_interface} -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport ${_port} -j ACCEPT; iptables -A FORWARD -i ${_vpn_interface} -j ACCEPT; iptables -A FORWARD -o ${_vpn_interface} -j ACCEPT;
+  PreDown =
+  PostDown =
+  " >"$_vpn_file"
 
   chmod 600 "$_vpn_file"