diff --git a/apps/fz_http/lib/fz_http/devices.ex b/apps/fz_http/lib/fz_http/devices.ex index 3d0431e79..c4a47caa8 100644 --- a/apps/fz_http/lib/fz_http/devices.ex +++ b/apps/fz_http/lib/fz_http/devices.ex @@ -8,6 +8,7 @@ defmodule FzHttp.Devices do alias FzHttp.{Devices.Device, Repo, Users.User} @ipv4_prefix "10.3.2." + @ipv6_prefix "fd00:3:2::" def list_devices do Repo.all(Device) @@ -49,11 +50,15 @@ defmodule FzHttp.Devices do @ipv4_prefix <> Integer.to_string(device.address) end + def ipv6_address(%Device{} = device) do + @ipv6_prefix <> Integer.to_string(device.address) + end + def to_peer_list do for device <- Repo.all(Device) do %{ public_key: device.public_key, - allowed_ips: ipv4_address(device) + allowed_ips: "#{ipv4_address(device)}/32, #{ipv6_address(device)}/128" } end end diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/index.html.heex b/apps/fz_http/lib/fz_http_web/live/device_live/index.html.heex index 8f9b9b26c..c7df50c50 100644 --- a/apps/fz_http/lib/fz_http_web/live/device_live/index.html.heex +++ b/apps/fz_http/lib/fz_http_web/live/device_live/index.html.heex @@ -20,7 +20,7 @@ <%= live_patch(device.name, to: Routes.device_show_path(@socket, :show, device)) %> - <%= FzHttp.Devices.ipv4_address(device) %> + <%= FzHttp.Devices.ipv4_address(device) %>, <%= FzHttp.Devices.ipv6_address(device) %> <%= device.public_key %> <% end %> diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/index_live.ex b/apps/fz_http/lib/fz_http_web/live/device_live/index_live.ex index 811994f58..0ae0bbd0e 100644 --- a/apps/fz_http/lib/fz_http_web/live/device_live/index_live.ex +++ b/apps/fz_http/lib/fz_http_web/live/device_live/index_live.ex @@ -37,7 +37,7 @@ defmodule FzHttpWeb.DeviceLive.Index do {:ok, device} -> @events_module.device_created( device.public_key, - Devices.ipv4_address(device) + {Devices.ipv4_address(device), Devices.ipv6_address(device)} ) {:noreply, diff --git a/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex b/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex index 25f87ebf6..a60db4732 100644 --- a/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex +++ b/apps/fz_http/lib/fz_http_web/live/device_live/show.html.heex @@ -33,7 +33,7 @@
Interface IP:
-
<%= FzHttp.Devices.ipv4_address(@device) %>
+
<%= FzHttp.Devices.ipv4_address(@device) %>, <%= FzHttp.Devices.ipv6_address(@device) %>
Public key: @@ -72,7 +72,7 @@ 

 [Interface]
 PrivateKey = <%= @device.private_key %>
-Address = <%= FzHttp.Devices.ipv4_address(@device) %>
+Address = <%= FzHttp.Devices.ipv4_address(@device) %>/32, <%= FzHttp.Devices.ipv6_address(@device) %>/128
 DNS = 1.1.1.1, 1.0.0.1
 
 [Peer]
diff --git a/apps/fz_http/test/fz_http/devices_test.exs b/apps/fz_http/test/fz_http/devices_test.exs
index bb251bb4f..87f6e7f63 100644
--- a/apps/fz_http/test/fz_http/devices_test.exs
+++ b/apps/fz_http/test/fz_http/devices_test.exs
@@ -85,7 +85,7 @@ defmodule FzHttp.DevicesTest do
     test "renders all peers", %{device: device} do
       assert Devices.to_peer_list() |> List.first() == %{
                public_key: device.public_key,
-               allowed_ips: Devices.ipv4_address(device)
+               allowed_ips: "#{Devices.ipv4_address(device)}/32, #{Devices.ipv6_address(device)}/128"
              }
     end
   end
diff --git a/apps/fz_vpn/lib/fz_vpn/cli/live.ex b/apps/fz_vpn/lib/fz_vpn/cli/live.ex
index d4fb1548d..82ca4bfc5 100644
--- a/apps/fz_vpn/lib/fz_vpn/cli/live.ex
+++ b/apps/fz_vpn/lib/fz_vpn/cli/live.ex
@@ -33,8 +33,8 @@ defmodule FzVpn.CLI.Live do
     {privkey, pubkey(privkey)}
   end
 
-  def add_peer(pubkey, ip) do
-    set("peer #{pubkey} allowed-ips #{ip}")
+  def add_peer(pubkey, {ipv4, ipv6}) do
+    set("peer #{pubkey} allowed-ips #{ipv4}/32,#{ipv6}/128")
   end
 
   def delete_peer(pubkey) do
diff --git a/omnibus/cookbooks/firezone/recipes/network.rb b/omnibus/cookbooks/firezone/recipes/network.rb
index ee21079bb..6437d7006 100644
--- a/omnibus/cookbooks/firezone/recipes/network.rb
+++ b/omnibus/cookbooks/firezone/recipes/network.rb
@@ -44,12 +44,17 @@ if wg_exists.status.exitstatus == 1
   end
 end
 
-execute 'setup_wireguard_ip' do
+execute 'setup_wireguard_ipv4' do
   # XXX: Make this configurable
   if_addr = '10.3.2.1/24'
   command "ip address replace #{if_addr} dev #{wg_interface}"
 end
 
+execute 'setup_wireguard_ipv6' do
+  if_addr = 'fd00:3:2:1/48'
+  command "ip address replace #{if_addr} dev #{wg_interface}"
+end
+
 execute 'set_wireguard_interface_private_key' do
   command "#{wg_path} set #{wg_interface} private-key #{private_key_path}"
 end
@@ -68,6 +73,10 @@ route '10.3.2.0/24' do
   device wg_interface
 end
 
+route 'fd00:3:2::/48' do
+  device wg_interface
+end
+
 replace_or_add "IPv4 packet forwarding" do
   path "/etc/sysctl.conf"
   pattern "^#net.ipv4.ip_forward=1"