Optimise wireguard

defaults/main.yml

@@ -87,7 +87,7 @@ fail2ban_activate_modules:
 ## WIREGUARD
 wireguard_enabled: True
 wireguard_is_gateway: False
-wireguard_allow_adjacent_client_traffic: False
+wireguard_allow_adjacent_client_traffic: True
 wireguard_keepalive: 25
 
 wireguard_gateway_interface: eth0

templates/etc/wireguard/wireguard-client.conf.j2

@@ -1,11 +1,11 @@
 [Interface]
-Address = {{ wireguard_gateway_net_prefix }}.{{ wireguard_clients[wireguard_client_host].index }}/32
+Address = {{ wireguard_gateway_net_prefix }}.{{ wireguard_clients[wireguard_client_host].index }}/{{ wireguard_gateway_net_cidr }}
 PrivateKey = {{ wireguard_clients[wireguard_client_host].private_key }}
 DNS = {{ cloud_internal_dns }}
 
 [Peer]
 PublicKey = {{ wireguard_gateway_public_key }}
 Endpoint = {{ wireguard_gateway_host }}:{{ wireguard_gateway_port }}
-AllowedIPs = {{ wireguard_gateway_net_prefix }}.1/{% if wireguard_allow_adjacent_client_traffic %}{{ wireguard_gateway_net_cidr }}{% else %}32{% endif %}
+AllowedIPs = {{ wireguard_gateway_net_prefix }}{% if wireguard_allow_adjacent_client_traffic %}.0/{{ wireguard_gateway_net_cidr }}{% else %}.1/32{% endif %}
 
 PersistentKeepalive = {{ wireguard_keepalive }}