fix: wan address isn't used by peering token

agent/consul/peering_backend.go

@@ -205,6 +205,19 @@ func meshGatewayAdresses(state *state.Store, ws memdb.WatchSet, wan bool) ([]str
 	return addrs, nil
 }
 
+func parseNodeAddr(node *structs.ServiceNode) string {
+	// Prefer the wan address
+	if v, ok := node.TaggedAddresses[structs.TaggedAddressWANIPv4]; ok {
+		return v
+	}
+
+	if v, ok := node.TaggedAddresses[structs.TaggedAddressWAN]; ok {
+		return v
+	}
+
+	return node.Address
+}
+
 func serverAddresses(state *state.Store) ([]string, error) {
 	_, nodes, err := state.ServiceNodes(nil, "consul", structs.DefaultEnterpriseMetaInDefaultPartition(), structs.DefaultPeerKeyword)
 	if err != nil {
@@ -212,16 +225,18 @@ func serverAddresses(state *state.Store) ([]string, error) {
 	}
 	var addrs []string
 	for _, node := range nodes {
+		addr := parseNodeAddr(node)
+
 		// Prefer the TLS port if it is defined.
 		grpcPortStr := node.ServiceMeta["grpc_tls_port"]
 		if v, err := strconv.Atoi(grpcPortStr); err == nil && v > 0 {
-			addrs = append(addrs, node.Address+":"+grpcPortStr)
+			addrs = append(addrs, addr+":"+grpcPortStr)
 			continue
 		}
 		// Fallback to the standard port if TLS is not defined.
 		grpcPortStr = node.ServiceMeta["grpc_port"]
 		if v, err := strconv.Atoi(grpcPortStr); err == nil && v > 0 {
-			addrs = append(addrs, node.Address+":"+grpcPortStr)
+			addrs = append(addrs, addr+":"+grpcPortStr)
 			continue
 		}
 		// Skip node if neither defined.