diff options
| author | Paul Buetow <paul@buetow.org> | 2026-01-11 21:22:21 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-01-11 21:22:21 +0200 |
| commit | a6984e1a9c59f19444bbc9013c59604e48cbf371 (patch) | |
| tree | 0b50f83e08dd4217da3799eb9f81184c0ca7b463 /Gemfile | |
| parent | d3fe29187a6bb8b78bea2791e95c3d061d9f6aec (diff) | |
Add roaming client support for earth (Fedora laptop) and pixel7pro (Android)
Core changes to wireguardmeshgenerator.rb:
- Add roaming client detection (hosts without 'lan' or 'internet' sections)
- Enable PersistentKeepalive for all roaming client peer connections
- Route all traffic (0.0.0.0/0, ::/0) through VPN for roaming clients
- Add DNS configuration (1.1.1.1, 8.8.8.8) for roaming clients
- Handle CIDR notation in AllowedIPs without adding /32
- Support configurable SSH port per host (default 22, OpenBSD hosts use 2)
YAML configuration changes:
- Add earth roaming client (192.168.2.200, Fedora laptop)
- Add pixel7pro roaming client (192.168.2.201, Android phone)
- Configure client-only architecture via exclude_peers
- Roaming clients connect only to blowfish and fishfinger gateways
- LAN hosts (f0-f2, r0-r2) exclude roaming clients from peering
- Add SSH port 2 for OpenBSD hosts (blowfish, fishfinger)
Dependency updates:
- Add 'rake' gem to Gemfile for task management
- Add 'logger' gem to suppress Ruby 4.0 deprecation warnings
Implementation notes:
- Roaming clients have no fixed 'lan' or 'internet' section
- All-traffic routing enables internet access through VPN gateways
- NAT rules on OpenBSD gateways required for internet access
- WireGuard does not support automatic failover between peers
- Manual reconnection required if active gateway fails
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Diffstat (limited to 'Gemfile')
| -rw-r--r-- | Gemfile | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -1,5 +1,7 @@ source 'https://rubygems.org' +gem 'logger' gem 'net-scp' gem 'net-ssh' +gem 'rake' gem 'yaml' |