feat: lokale Subnetze vor VPN-Verbindung ermitteln und Versionsnummer auf 1.0.30 erhöht

2026-05-09 12:31:59 +02:00
parent 1db8f2c70b
commit 5dfe632a81
2 changed files with 26 additions and 25 deletions
--- a/app.py
+++ b/app.py
@@ -332,42 +332,42 @@ import ipaddress as _ipaddress
 _wg_managed_subnets: list = []  # beim Connect gemerkte Subnetze für sauberes Cleanup


-def _local_subnets() -> list:
-    """Alle direkt verbundenen IPv4-Subnetze außer WireGuard-Interface und Loopback."""
-    r = subprocess.run(['ip', '-4', 'route', 'show', 'table', 'main'],
-                       capture_output=True, text=True)
+def _local_subnets_before_vpn() -> list:
+    """Subnetze aller lokalen Interfaces (außer Loopback) via 'ip addr show'.
+    Muss VOR wg-quick up aufgerufen werden, damit wg-quick die Tabelle noch
+    nicht verändert hat."""
+    r = subprocess.run(['ip', '-4', 'addr', 'show'], capture_output=True, text=True)
    seen, result = set(), []
+    current_iface = ''
    for line in r.stdout.splitlines():
-        parts = line.split()
-        if not parts or parts[0] in ('default', 'unreachable', 'prohibit'):
-            continue
-        if 'dev' not in parts:
-            continue
-        dev = parts[parts.index('dev') + 1]
-        if dev == WG_IFACE:
-            continue
-        try:
-            net = str(_ipaddress.IPv4Network(parts[0], strict=False))
-            if net not in seen and not _ipaddress.IPv4Network(net).is_loopback:
-                seen.add(net)
-                result.append(net)
-        except ValueError:
-            pass
+        if not line[:1].isspace():
+            # Zeile wie "2: wlan0: <BROADCAST,..."
+            current_iface = line.split(':')[1].strip().split('@')[0] if ':' in line else ''
+        elif current_iface and current_iface != 'lo':
+            s = line.strip()
+            if s.startswith('inet '):
+                try:
+                    net = str(_ipaddress.IPv4Interface(s.split()[1]).network)
+                    if net not in seen:
+                        seen.add(net)
+                        result.append(net)
+                except Exception:
+                    pass
    return result


-def _wg_add_local_routes():
+def _wg_add_local_routes(subnets: list):
    """Alle lokalen Subnetze (Hotspot, WLAN, LAN) vom VPN-Tunnel ausschließen."""
    global _wg_managed_subnets
-    _wg_managed_subnets = _local_subnets()
-    for i, subnet in enumerate(_wg_managed_subnets):
+    _wg_managed_subnets = subnets
+    for i, subnet in enumerate(subnets):
        prio_from = 100 + i * 2
        prio_to   = 101 + i * 2
        subprocess.run(['ip', 'rule', 'add', 'from', subnet,
                        'table', 'main', 'priority', str(prio_from)], capture_output=True)
        subprocess.run(['ip', 'rule', 'add', 'to', subnet,
                        'table', 'main', 'priority', str(prio_to)], capture_output=True)
-    log.info(f'Lokale Routing-Regeln gesetzt: {_wg_managed_subnets}')
+    log.info(f'Lokale Routing-Regeln gesetzt: {subnets}')


 def _wg_remove_local_routes():
@@ -389,11 +389,12 @@ def wg_connect():
        with wg_lock:
            wg_state['error'] = 'Keine Konfiguration vorhanden'
        return False
+    local_nets = _local_subnets_before_vpn()  # VOR wg-quick lesen
    r = subprocess.run(['wg-quick', 'up', WG_IFACE],
                       capture_output=True, text=True, timeout=30)
    if r.returncode == 0:
        time.sleep(1)
-        _wg_add_local_routes()
+        _wg_add_local_routes(local_nets)
        wg_update_state()
        log.info('WireGuard verbunden')
        return True