TRAEFIK_VPN_ALLOWED_IPS is being changed to "<VPN subnet>/24" instead of whatever value is entered in .env
Closed this issue · 4 comments
I'm not sure if this is an issue that needs fixing or if I'm misunderstanding things.
The following line resets the value of TRAEFIK_VPN_ALLOWED_IPS from whatever you entered during make config to the value of the VPN subnet + "/24":
Line 820 in 67c36e1
I discovered this because I think I need to manually add an allowed IP in order for my Home Assistant to be accessed as a peer, but after I add the IP (e.g., TRAEFIK_VPN_ALLOWED_IPS=10.13.16.0/24,192.168.133.10/32), make install resets the value to TRAEFIK_VPN_ALLOWED_IPS=10.13.16.0/24.
I do think that line that blindly resets the variable could be a bug, especially if you had set it to something more restrictive.
However, unless you are using this VPN as a general internet privacy guard, I don't understand why you would want to route any IP address other than the VPN subnet. 192.168 sounds like a private IP address, and so if it needs to be exposed, it should be exposed through a Traefik route, and that Traefik instance should have a VPN IP address starting with 10.13.16.x.
This appears to be the only place that variable is set? where else does it set it when you do make config? Or did you mean you set it in the .env by hand?
I think this is the only place that d.ry sets TRAEFIK_VPN_ALLOWED_IPS. I had set it in the .env by hand and it got reset by make install.
I am not going to fix the potential bug I mentioned earlier, instead I added a warning not to change the variable. See 96e5b53
(I could have removed TRAEFIK_VPN_ALLOWED_IPS from .env-dist and just hardcoded it in docker-compose.yaml as ${TRAEFIK_VPN_SUBNET}/24, however I decided to leave the option with a warning instead.)