Info: Latest docker image 0.13.0 is buggy and some versioning chaos

[allroundtechie]

Hi there,

looks like some weird things are going on here. The latest release in the Github project is v0.12.1 but you have released v0.13.0 which is also tagged as "latest" in the Github package registry

https://github.com/freifunkMUC/wg-access-server/pkgs/container/wg-access-server

This latest version v0.13.0 is buggy. It avoids network traffic between VPN connected clients and other network targets like the internet or local networks which the host wg-access-server is running on has access to.
Reverting to v0.12.1 solved this problem.

Best regards

[GoliathLabs]

Hello,

Thank you for reporting the bug. We are currently investigating the issue with the network traffic. As a result, we decided to pull the v0.13.0 release, but we overlooked pulling the Docker image as well.

[GoliathLabs]

It appears that the POSTROUTING iptables rule is missing in newer versions. In version v0.12.1, the rule is still set as follows:

Chain WG_ACCESS_SERVER_POSTROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   78 21563 MASQUERADE  0    --  *      eth0    10.44.0.0/24         0.0.0.0/0

However, this behavior has changed in the master branch:

bb2e813cccb6:/# iptables -t nat -L WG_ACCESS_SERVER_POSTROUTING -n -v
Chain WG_ACCESS_SERVER_POSTROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination    

Manually adding the rule within the container allows traffic to reach other networks (such as the internet) again.

Initially, I suspected that the issue might be related to the go-iptables module update. However, even after downgrading, the problem persists. Notably, the code handling iptables rules hasn't been modified for quite some time. Similarly, downgrading the Alpine image did not resolve the issue.

Maybe @nwaldispuehl, @DasSkelett or other maintainers have an idea what is causing the issue?