TRAEFIK_VPN_ALLOWED_IPS is being changed to "<VPN subnet>/24" instead of whatever value is entered in .env
Closed this issue · 4 comments
I'm not sure if this is an issue that needs fixing or if I'm misunderstanding things.
The following line resets the value of TRAEFIK_VPN_ALLOWED_IPS
from whatever you entered during make config
to the value of the VPN subnet + "/24":
Line 820 in 67c36e1
I discovered this because I think I need to manually add an allowed IP in order for my Home Assistant to be accessed as a peer, but after I add the IP (e.g., TRAEFIK_VPN_ALLOWED_IPS=10.13.16.0/24,192.168.133.10/32
), make install
resets the value to TRAEFIK_VPN_ALLOWED_IPS=10.13.16.0/24
.
I do think that line that blindly resets the variable could be a bug, especially if you had set it to something more restrictive.
However, unless you are using this VPN as a general internet privacy guard, I don't understand why you would want to route any IP address other than the VPN subnet. 192.168 sounds like a private IP address, and so if it needs to be exposed, it should be exposed through a Traefik route, and that Traefik instance should have a VPN IP address starting with 10.13.16.x.
This appears to be the only place that variable is set? where else does it set it when you do make config
? Or did you mean you set it in the .env by hand?
I think this is the only place that d.ry sets TRAEFIK_VPN_ALLOWED_IPS
. I had set it in the .env by hand and it got reset by make install
.
I am not going to fix the potential bug I mentioned earlier, instead I added a warning not to change the variable. See 96e5b53
(I could have removed TRAEFIK_VPN_ALLOWED_IPS from .env-dist and just hardcoded it in docker-compose.yaml as ${TRAEFIK_VPN_SUBNET}/24, however I decided to leave the option with a warning instead.)