Client: advertise LAN subnets via peer AllowedIPs

server/wg-peerctl.sh

@@ -23,6 +23,7 @@ usage() {
     --client-name <name> \
     --client-public-key <pubkey> \
     [--client-address <10.66.66.X/32>] \
+    [--client-routes <cidr,cidr>] \
     [--client-preshared-key <psk>] \
     [--persistent-keepalive 25]
 
@@ -140,6 +141,7 @@ cmd_add() {
   local client_name=""
   local client_pubkey=""
   local client_address=""
+  local client_routes=""
   local client_psk=""
   local keepalive="25"
 
@@ -151,6 +153,8 @@ cmd_add() {
         client_pubkey="$2"; shift 2 ;;
       --client-address)
         client_address="$2"; shift 2 ;;
+      --client-routes)
+        client_routes="$2"; shift 2 ;;
       --client-preshared-key)
         client_psk="$2"; shift 2 ;;
       --persistent-keepalive)
@@ -192,6 +196,13 @@ EOF_OUT
     client_address="$(next_client_ip "$WG_NETWORK")" || die "Не удалось выделить IP клиенту в сети $WG_NETWORK"
   fi
 
+  local peer_allowed_ips="$client_address"
+  if [[ -n "$client_routes" ]]; then
+    is_valid_cidr_list "$client_routes" || die "Некорректный список --client-routes"
+    client_routes="$(echo "$client_routes" | tr -d ' ')"
+    peer_allowed_ips="${peer_allowed_ips},${client_routes}"
+  fi
+
   backup_file "$WG_CONF"
 
   {
@@ -202,7 +213,7 @@ EOF_OUT
     if [[ -n "$client_psk" ]]; then
       echo "PresharedKey = ${client_psk}"
     fi
-    echo "AllowedIPs = ${client_address}"
+    echo "AllowedIPs = ${peer_allowed_ips}"
     echo "PersistentKeepalive = ${keepalive}"
   } >> "$WG_CONF"