fix(wireguard): ignore IPv6 addresses if IPv6 is not supported

internal/provider/utils/wireguard.go

@@ -25,7 +25,12 @@ func BuildWireguardSettings(connection models.Connection,
 	copy(settings.Endpoint.IP, connection.IP)
 	settings.Endpoint.Port = int(connection.Port)
 
+	settings.Addresses = make([]*net.IPNet, 0, len(userSettings.Addresses))
 	for _, address := range userSettings.Addresses {
+		ipv6Address := address.IP.To4() == nil
+		if !ipv6Supported && ipv6Address {
+			continue
+		}
 		addressCopy := new(net.IPNet)
 		addressCopy.IP = make(net.IP, len(address.IP))
 		copy(addressCopy.IP, address.IP)

internal/provider/utils/wireguard_test.go

@@ -32,11 +32,11 @@ func Test_BuildWireguardSettings(t *testing.T) {
 				PreSharedKey: stringPtr("pre-shared"),
 				Addresses: []net.IPNet{
 					{IP: net.IPv4(1, 1, 1, 1), Mask: net.IPv4Mask(255, 255, 255, 255)},
-					{IP: net.IPv4(2, 2, 2, 2), Mask: net.IPv4Mask(255, 255, 255, 255)},
+					{IP: net.IPv6zero, Mask: net.IPv4Mask(255, 255, 255, 255)},
 				},
 				Interface: "wg1",
 			},
-			ipv6Supported: true,
+			ipv6Supported: false,
 			settings: wireguard.Settings{
 				InterfaceName: "wg1",
 				PrivateKey:    "private",
@@ -48,10 +48,9 @@ func Test_BuildWireguardSettings(t *testing.T) {
 				},
 				Addresses: []*net.IPNet{
 					{IP: net.IPv4(1, 1, 1, 1), Mask: net.IPv4Mask(255, 255, 255, 255)},
-					{IP: net.IPv4(2, 2, 2, 2), Mask: net.IPv4Mask(255, 255, 255, 255)},
 				},
 				RulePriority: 101,
-				IPv6:         boolPtr(true),
+				IPv6:         boolPtr(false),
 			},
 		},
 	}

internal/wireguard/settings.go

@@ -23,6 +23,7 @@ type Settings struct {
 	// Wireguard server endpoint to connect to.
 	Endpoint *net.UDPAddr
 	// Addresses assigned to the client.
+	// Note IPv6 addresses are ignored if IPv6 is not supported.
 	Addresses []*net.IPNet
 	// FirewallMark to be used in routing tables and IP rules.
 	// It defaults to 51820 if left to 0.