Wg-allowed-ips NPM

Wireguard AllowedIPs generator

Motivation

If we want to pass all traffic trough wireguard except some IPs, we can't do it in the wireguard configuration.

This blogpost contains more info about it, and even contains AllowedIPs generator, but does not work with large subnets.

In my case, I wanted to pass all traffic through wireguard except my country's traffic, and except cloudflare's traffic.

Usage

There are two options: --allowed-ips and --disallowed-ips, both accepts the list of IPs separated by newline or space, the IP can be in CIDR format (IpV4 or IpV6), or range like 10.0.0.0 - 11.0.0.0.

Example command for "everything except cloudflare/Netherlands/rfc1918/loopback":

npx wg-allowed-ips --allowed-ips "0/0 ::/0" --disallowed-ips "$(curl -L https://www.cloudflare.com/ips-v4) $(curl -L https://www.cloudflare.com/ips-v6) $(curl -L http://ipverse.net/ipblocks/data/countries/nl.zone) $(curl -L http://ipverse.net/ipblocks/data/countries/nl-ipv6.zone) 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fd00::/8"

Note, that algorithm is not optimized at all, and can work slow in some cases, but it works correct even if you process large subnets.

You can use this project as a library, but it is not designed for this use case, it has heavy weight dependencies (effect-ts/fp-ts/io-ts), so please don't use it in the frontend.

@effect-ts/core decline-ts fp-ts fp-ts-contrib io-ts parser-ts

@infinitebrahmanuniverse/nolb-wg @everything-registry/sub-chunk-3142

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago

2 years ago