another e2e test finished

e2e/README.md

@@ -6,3 +6,5 @@ If you are trying to add/debug these e2e tests and don't understand what they ar
 2. [generate-remote-access-to-server](./generate-remote-access-to-server)
 3. [generate-remote-access-to-lan](./generate-remote-access-to-lan)
 4. [generate-server-hub-and-spoke-access](./generate-server-hub-and-spoke-access)
+5. [generate-lan-hub-and-spoke-access](./generate-lan-hub-and-spoke-access)
+6. [generate-lan-to-lan-access](./generate-lan-to-lan-access)

e2e/generate-lan-hub-and-spoke-access/A-alice-client-tests.sh

@@ -2,6 +2,11 @@
 
 set -euo pipefail
 
-ip route add 10.0.5.0/24 via 10.0.1.2
 wg-quick up wg0
-sleep infinity
+ping 192.168.10.1 -c 3
+ping 192.168.10.2 -c 3
+ping 192.168.10.3 -c 3
+ping 192.168.10.100 -c 3
+ping 10.0.1.4 -c 3
+ping 10.0.1.5 -c 3
+sleep 5s

e2e/generate-lan-hub-and-spoke-access/A-alice-wireguard.conf

@@ -1,10 +1,19 @@
 [Interface]
-ListenPort = 0
-Address = 192.168.10.2/24
-PrivateKey = gM4x14ZE8EEpE7Fk0//dkwuXQNuvoe54PpteIh+oWHQ=
+ListenPort = 41820
+Address = 192.168.10.1/24
+PrivateKey = UE5GTRXvRlm0ngiLIpxYC8rOWr90vpXHXrOH3FpqEFk=
 
 [Peer]
-PublicKey = DQh5QwYbaj/h3iVH1C28Pzdkhs3z+MIvZCh4np5f/F8=
-PresharedKey = glxcNfoSAQ6Ic1Ewcz0WhkmmHiG3nGezZixRInVpnbE=
-Endpoint = 10.0.5.5:51820
-AllowedIPs = 192.168.10.1/32, 192.168.10.3/32, 192.168.10.100/32, 10.0.4.0/24
+PublicKey = IRMg3FvS1hwdZYCh3z0jjxp0gY2i6TabXcUj/TOILXs=
+PresharedKey = TaLmt134ML98dkVIxPtGE21DFyAsrHQTkEzGu2lGF+E=
+AllowedIPs = 192.168.10.100/32
+
+[Peer]
+PublicKey = yYjcDYJJpr3Y5nmpTsxelNmgClYZXN6USZOAEbn271E=
+PresharedKey = /Hvo1t7dPBjOLFkURrFaQx0G8RciSlyzV3ju1llmr1Y=
+AllowedIPs = 192.168.10.2/32
+
+[Peer]
+PublicKey = MrP8poUY31A/DPtHqRX0nXqJQ4fJw9SatyB7J8euhlY=
+PresharedKey = ymkUGsYUa9bjvlXu91+LhveI3PPBPKtKQQBG9t03uk0=
+AllowedIPs = 192.168.10.3/32

e2e/generate-lan-hub-and-spoke-access/A-lan-member.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+ip route add 10.0.0.0/24 via 10.0.1.2
+ip route add 192.168.10.0/24 via 10.0.1.3
+sleep 30s

e2e/generate-lan-hub-and-spoke-access/D-router-firewall.sh → e2e/generate-lan-hub-and-spoke-access/A-router-firewall.sh

@@ -4,7 +4,7 @@ set -euo pipefail
 
 iptables -A FORWARD -m conntrack --ctstate NEW -j ACCEPT
 iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-iptables -t nat -A PREROUTING -p udp --dport 51820 -j DNAT --to-destination 10.0.4.3:41820
-iptables -t nat -A POSTROUTING -p udp -d 10.0.4.3 --dport 41820 -j MASQUERADE
+iptables -t nat -A PREROUTING -p udp --dport 51820 -j DNAT --to-destination 10.0.1.3:41820
+iptables -t nat -A POSTROUTING -p udp -d 10.0.1.3 --dport 41820 -j MASQUERADE
 iptables -t nat -A POSTROUTING -j MASQUERADE
-sleep infinity
+sleep 30s

e2e/generate-lan-hub-and-spoke-access/B-bob-client-tests.sh

@@ -2,6 +2,12 @@
 
 set -euo pipefail
 
-ip route add 10.0.5.0/24 via 10.0.2.2
+ip route add 10.0.0.0/24 via 10.0.2.2
 wg-quick up wg0
-sleep infinity
+ping 192.168.10.1 -c 3
+ping 192.168.10.2 -c 3
+ping 192.168.10.3 -c 3
+ping 192.168.10.100 -c 3
+ping 10.0.1.4 -c 3
+ping 10.0.1.5 -c 3
+sleep 5s

e2e/generate-lan-hub-and-spoke-access/B-bob-wireguard.conf

@@ -1,10 +1,10 @@
 [Interface]
 ListenPort = 0
-Address = 192.168.10.3/24
-PrivateKey = CNpqDCwT+U5TWgTVE+JHSk5gkHZ0SCXlWv75NuJvwl4=
+Address = 192.168.10.100/24
+PrivateKey = +Kr+oFNf0RIQukwR09YS2Rv5nrA6npxa6Ag16Ds5524=
 
 [Peer]
-PublicKey = DQh5QwYbaj/h3iVH1C28Pzdkhs3z+MIvZCh4np5f/F8=
-PresharedKey = 3rCJ3ytDIdeJWZloq3YH4+5a4rG5kW80gl3A+c6FFCA=
-Endpoint = 10.0.5.5:51820
-AllowedIPs = 192.168.10.1/32, 192.168.10.2/32, 192.168.10.100/32, 10.0.4.0/24
+PublicKey = BNwYfjUrhd7ZAOocR9xZCd7KMw+bh3FhyR9sQJkzu3Y=
+PresharedKey = TaLmt134ML98dkVIxPtGE21DFyAsrHQTkEzGu2lGF+E=
+Endpoint = 10.0.0.2:51820
+AllowedIPs = 192.168.10.1/32, 192.168.10.3/32, 192.168.10.2/32, 10.0.1.0/24

e2e/generate-lan-hub-and-spoke-access/C-charlie-client-tests.sh

@@ -2,6 +2,12 @@
 
 set -euo pipefail
 
-ip route add 10.0.5.0/24 via 10.0.3.2
+ip route add 10.0.0.0/24 via 10.0.3.2
 wg-quick up wg0
-sleep infinity
+ping 192.168.10.1 -c 3
+ping 192.168.10.2 -c 3
+ping 192.168.10.3 -c 3
+ping 192.168.10.100 -c 3
+ping 10.0.1.4 -c 3
+ping 10.0.1.5 -c 3
+sleep 5s

e2e/generate-lan-hub-and-spoke-access/C-charlie-wireguard.conf

@@ -1,10 +1,10 @@
 [Interface]
 ListenPort = 0
-Address = 192.168.10.100/24
-PrivateKey = cNJ1+qA5VCTxjXsOQentPqZmdti3fep1/QJi/rGZ6H8=
+Address = 192.168.10.2/24
+PrivateKey = COHD4qQVLO6N9A0E6F8hZ8vbecyLi8SH00wifVxNg1Y=
 
 [Peer]
-PublicKey = DQh5QwYbaj/h3iVH1C28Pzdkhs3z+MIvZCh4np5f/F8=
-PresharedKey = 6otXyHjb3Ms90PTHGOKs96tv9SMxFk6ZX13PBzBuF18=
-Endpoint = 10.0.5.5:51820
-AllowedIPs = 192.168.10.1/32, 192.168.10.3/32, 192.168.10.2/32, 10.0.4.0/24
+PublicKey = BNwYfjUrhd7ZAOocR9xZCd7KMw+bh3FhyR9sQJkzu3Y=
+PresharedKey = /Hvo1t7dPBjOLFkURrFaQx0G8RciSlyzV3ju1llmr1Y=
+Endpoint = 10.0.0.2:51820
+AllowedIPs = 192.168.10.1/32, 192.168.10.3/32, 192.168.10.100/32, 10.0.1.0/24

e2e/generate-lan-hub-and-spoke-access/D-dave-client-tests.sh

@@ -2,6 +2,12 @@
 
 set -euo pipefail
 
-ip route add 10.0.5.0/24 via 10.0.4.2
+ip route add 10.0.0.0/24 via 10.0.4.2
 wg-quick up wg0
-sleep infinity
+ping 192.168.10.1 -c 3
+ping 192.168.10.2 -c 3
+ping 192.168.10.3 -c 3
+ping 192.168.10.100 -c 3
+ping 10.0.1.4 -c 3
+ping 10.0.1.5 -c 3
+sleep 5s

e2e/generate-lan-hub-and-spoke-access/D-dave-wireguard.conf

@@ -1,19 +1,10 @@
 [Interface]
-ListenPort = 41820
-Address = 192.168.10.1/24
-PrivateKey = wOKGkGBHLkPZuCdggMmOje3tM73QCZ92MpFyToAw7kQ=
+ListenPort = 0
+Address = 192.168.10.3/24
+PrivateKey = aDIez6lbcG1IFCcAidk4fdcRb51bEZumunpH6WVnY1U=
 
 [Peer]
-PublicKey = XffIty2BGhWE291GXcG96jGT07uq3O8lMTqHZOufcmU=
-PresharedKey = 6otXyHjb3Ms90PTHGOKs96tv9SMxFk6ZX13PBzBuF18=
-AllowedIPs = 192.168.10.100/32
-
-[Peer]
-PublicKey = QmKdMWddSdLIGWiD/otjs79EgbY89x8ysbKBwCtdonw=
-PresharedKey = glxcNfoSAQ6Ic1Ewcz0WhkmmHiG3nGezZixRInVpnbE=
-AllowedIPs = 192.168.10.2/32
-
-[Peer]
-PublicKey = 5G4/eGckHzDOwhMkl7k1AEaH5fy/uZvH5Opre4xTLHI=
-PresharedKey = 3rCJ3ytDIdeJWZloq3YH4+5a4rG5kW80gl3A+c6FFCA=
-AllowedIPs = 192.168.10.3/32
+PublicKey = BNwYfjUrhd7ZAOocR9xZCd7KMw+bh3FhyR9sQJkzu3Y=
+PresharedKey = ymkUGsYUa9bjvlXu91+LhveI3PPBPKtKQQBG9t03uk0=
+Endpoint = 10.0.0.2:51820
+AllowedIPs = 192.168.10.1/32, 192.168.10.2/32, 192.168.10.100/32, 10.0.1.0/24

e2e/generate-lan-hub-and-spoke-access/README.md

@@ -1,9 +1,5 @@
 # LAN Hub and Spoke access
 
-In this example Alice, Bob, and Charlie will be wireguard peers (clients) - each on separate networks behind separate routers performing NAT. Dave will be the wireguard server behind network D along with two other lan clients Eve and Faye. Network D also performs nat so Dave will have "port forwarding" set up such that their wireguard server is accessible using router D's public ip address. Router A, router B, router C, and router D will be able to communicate with each other (this is where the internet would be).
-
-We expect that Alice, Bob, and Charlie will all be able to communicate with Dave as well with Eve and Faye since they are on the same network as Dave. We also expect that Alice, Bob, and Charlie will all be able to communicate with each other, however, it should be noted that communication between between any three of them still flows through Dave.
-
 ## Running this example
 
 ```sh