Tobias/PiCopy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Hotspot-Routing-Regeln auf lokale Subnetze umgestellt und Versionsnummer auf 1.0.29 erhöht

Browse Source
This commit is contained in:
Tobias Leuschner
2026-05-09 12:25:46 +02:00
parent 8e4e436d18
commit 1db8f2c70b
2 changed files with 54 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
app.py
View File

@@ -327,25 +327,61 @@ def wg_update_state():
error=None, has_config=has_conf) error=None, has_config=has_conf)
_AP_SUBNET = '10.42.0.0/24' # NetworkManager Hotspot-Standard import ipaddress as _ipaddress
_wg_managed_subnets: list = [] # beim Connect gemerkte Subnetze für sauberes Cleanup
def _wg_add_hotspot_routes(): def _local_subnets() -> list:
"""Hotspot-Subnet vom WireGuard-Tunnel ausschließen (höhere Priorität als wg-quick-Regeln).""" """Alle direkt verbundenen IPv4-Subnetze außer WireGuard-Interface und Loopback."""
subprocess.run(['ip', 'rule', 'add', 'from', _AP_SUBNET, r = subprocess.run(['ip', '-4', 'route', 'show', 'table', 'main'],
'table', 'main', 'priority', '100'], capture_output=True) capture_output=True, text=True)
subprocess.run(['ip', 'rule', 'add', 'to', _AP_SUBNET, seen, result = set(), []
'table', 'main', 'priority', '101'], capture_output=True) for line in r.stdout.splitlines():
log.info('Hotspot-Routing-Regeln gesetzt (Prio 100/101)') parts = line.split()
if not parts or parts[0] in ('default', 'unreachable', 'prohibit'):
continue
if 'dev' not in parts:
continue
dev = parts[parts.index('dev') + 1]
if dev == WG_IFACE:
continue
try:
net = str(_ipaddress.IPv4Network(parts[0], strict=False))
if net not in seen and not _ipaddress.IPv4Network(net).is_loopback:
seen.add(net)
result.append(net)
except ValueError:
pass
return result
def _wg_remove_hotspot_routes(): def _wg_add_local_routes():
"""Hotspot-Routing-Regeln wieder entfernen.""" """Alle lokalen Subnetze (Hotspot, WLAN, LAN) vom VPN-Tunnel ausschließen."""
subprocess.run(['ip', 'rule', 'del', 'from', _AP_SUBNET, global _wg_managed_subnets
'table', 'main', 'priority', '100'], capture_output=True) _wg_managed_subnets = _local_subnets()
subprocess.run(['ip', 'rule', 'del', 'to', _AP_SUBNET, for i, subnet in enumerate(_wg_managed_subnets):
'table', 'main', 'priority', '101'], capture_output=True) prio_from = 100 + i * 2
log.info('Hotspot-Routing-Regeln entfernt') prio_to = 101 + i * 2
subprocess.run(['ip', 'rule', 'add', 'from', subnet,
'table', 'main', 'priority', str(prio_from)], capture_output=True)
subprocess.run(['ip', 'rule', 'add', 'to', subnet,
'table', 'main', 'priority', str(prio_to)], capture_output=True)
log.info(f'Lokale Routing-Regeln gesetzt: {_wg_managed_subnets}')
def _wg_remove_local_routes():
"""Routing-Regeln wieder entfernen."""
global _wg_managed_subnets
for i, subnet in enumerate(_wg_managed_subnets):
prio_from = 100 + i * 2
prio_to = 101 + i * 2
subprocess.run(['ip', 'rule', 'del', 'from', subnet,
'table', 'main', 'priority', str(prio_from)], capture_output=True)
subprocess.run(['ip', 'rule', 'del', 'to', subnet,
'table', 'main', 'priority', str(prio_to)], capture_output=True)
log.info(f'Lokale Routing-Regeln entfernt: {_wg_managed_subnets}')
_wg_managed_subnets = []
def wg_connect(): def wg_connect():
@@ -357,7 +393,7 @@ def wg_connect():
capture_output=True, text=True, timeout=30) capture_output=True, text=True, timeout=30)
if r.returncode == 0: if r.returncode == 0:
time.sleep(1) time.sleep(1)
_wg_add_hotspot_routes() _wg_add_local_routes()
wg_update_state() wg_update_state()
log.info('WireGuard verbunden') log.info('WireGuard verbunden')
return True return True
@@ -374,7 +410,7 @@ def wg_connect():
def wg_disconnect(): def wg_disconnect():
_wg_remove_hotspot_routes() _wg_remove_local_routes()
r = subprocess.run(['wg-quick', 'down', WG_IFACE], r = subprocess.run(['wg-quick', 'down', WG_IFACE],
capture_output=True, text=True, timeout=15) capture_output=True, text=True, timeout=15)
with wg_lock: with wg_lock:

2
version.txt
View File

@@ -1 +1 @@
1.0.28 1.0.29