diff --git a/server/routers/newt/handleGetConfigMessage.ts b/server/routers/newt/handleGetConfigMessage.ts index 579500cf..9fbd5314 100644 --- a/server/routers/newt/handleGetConfigMessage.ts +++ b/server/routers/newt/handleGetConfigMessage.ts @@ -54,13 +54,17 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { logger.warn("handleGetConfigMessage: Site not found"); return; } -// todo check if the public key has changed + // we need to wait for hole punch success if (!existingSite.endpoint) { logger.warn(`Site ${existingSite.siteId} has no endpoint, skipping`); return; } + if (existingSite.publicKey !== publicKey) { + // TODO: somehow we should make sure a recent hole punch has happened if this occurs (hole punch could be from the last restart if done quickly) + } + if (existingSite.lastHolePunch && now - existingSite.lastHolePunch > 6) { logger.warn( `Site ${existingSite.siteId} last hole punch is too old, skipping` @@ -129,7 +133,7 @@ export const handleGetConfigMessage: MessageHandler = async (context) => { return { publicKey: client.clients.pubKey!, - allowedIps: [client.clients.subnet!], + allowedIps: [`${client.clients.subnet.split('/')[0]}/32`], // we want to only allow from that client endpoint: client.clientSites.isRelayed ? "" : client.clients.endpoint! // if its relayed it should be localhost diff --git a/server/routers/olm/handleOlmRegisterMessage.ts b/server/routers/olm/handleOlmRegisterMessage.ts index af525fc4..f541378f 100644 --- a/server/routers/olm/handleOlmRegisterMessage.ts +++ b/server/routers/olm/handleOlmRegisterMessage.ts @@ -141,7 +141,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => { ); await addPeer(site.siteId, { publicKey: publicKey, - allowedIps: [client.subnet], + allowedIps: [`${client.subnet.split('/')[0]}/32`], // we want to only allow from that client endpoint: client.endpoint }); } else {