From b5bb64d07af9a63090c7975c1a952c0503aeb7ba Mon Sep 17 00:00:00 2001
From: David Myers <dem@myersnet.net>
Date: Sat, 31 Oct 2020 13:26:12 -0400
Subject: [PATCH] Allow more users (#1895)

---
 config.cfg                               | 12 ++++++------
 roles/wireguard/defaults/main.yml        |  4 ++--
 roles/wireguard/templates/server.conf.j2 |  2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/config.cfg b/config.cfg
index 758d27e..f4390ec 100644
--- a/config.cfg
+++ b/config.cfg
@@ -1,10 +1,10 @@
 ---
 
 # This is the list of users to generate.
-# Every device must have a unique username.
-# You can generate up to 250 users at one time.
-# Usernames with leading 0's or containing only numbers should be escaped in double quotes, e.g. "000dan" or "123".
-# Emails are not allowed
+# Every device must have a unique user.
+# You can add up to 65,534 new users over the lifetime of an AlgoVPN.
+# User names with leading 0's or containing only numbers should be escaped in double quotes, e.g. "000dan" or "123".
+# Email addresses are not allowed.
 users:
   - phone
   - laptop
@@ -114,7 +114,7 @@ strongswan_log_level: 2
 
 # rightsourceip for ipsec
 # ipv4
-strongswan_network: 10.19.48.0/24
+strongswan_network: 10.48.0.0/16
 # ipv6
 strongswan_network_ipv6: '2001:db8:4160::/48'
 
@@ -124,7 +124,7 @@ strongswan_network_ipv6: '2001:db8:4160::/48'
 wireguard_PersistentKeepalive: 0
 
 # WireGuard network configuration
-wireguard_network_ipv4: 10.19.49.0/24
+wireguard_network_ipv4: 10.49.0.0/16
 wireguard_network_ipv6: 2001:db8:a160::/48
 
 # Randomly generated IP address for the local dns resolver
diff --git a/roles/wireguard/defaults/main.yml b/roles/wireguard/defaults/main.yml
index 030511f..171530a 100644
--- a/roles/wireguard/defaults/main.yml
+++ b/roles/wireguard/defaults/main.yml
@@ -13,8 +13,8 @@ wireguard_dns_servers: >-
   {% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
   {% endif %}
 wireguard_client_ip: >-
-  {{ wireguard_network_ipv4 | ipaddr(index|int+2) }}
-  {{ ',' + wireguard_network_ipv6 | ipaddr(index|int+2) if ipv6_support else '' }}
+  {{ wireguard_network_ipv4 | ipmath(index|int+2) }}
+  {{ ',' + wireguard_network_ipv6 | ipmath(index|int+2) if ipv6_support else '' }}
 wireguard_server_ip: >-
   {{ wireguard_network_ipv4 | ipaddr('1') }}
   {{ ',' + wireguard_network_ipv6 | ipaddr('1') if ipv6_support else '' }}
diff --git a/roles/wireguard/templates/server.conf.j2 b/roles/wireguard/templates/server.conf.j2
index 0104f5f..1baad83 100644
--- a/roles/wireguard/templates/server.conf.j2
+++ b/roles/wireguard/templates/server.conf.j2
@@ -12,6 +12,6 @@ SaveConfig = false
 # {{ u }}
 PublicKey = {{ lookup('file', wireguard_pki_path + '/public/' + u) }}
 PresharedKey = {{ lookup('file', wireguard_pki_path + '/preshared/' + u) }}
-AllowedIPs = {{ wireguard_network_ipv4 | ipaddr(index|int+1) | ipv4('address') }}/32{{ ',' + wireguard_network_ipv6 | ipaddr(index|int+1) | ipv6('address') + '/128' if ipv6_support else '' }}
+AllowedIPs = {{ wireguard_network_ipv4 | ipmath(index|int+1) | ipv4('address') }}/32{{ ',' + wireguard_network_ipv6 | ipmath(index|int+1) | ipv6('address') + '/128' if ipv6_support else '' }}
 {% endif %}
 {% endfor %}