summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authordanrl <mail@danrl.com>2016-11-15 16:55:47 +0100
committerdanrl <mail@danrl.com>2016-11-15 21:40:14 +0100
commit71770c1d9ac829567a176de7050e1773247fc061 (patch)
tree51cd8e7b59d66d2030ff1ba0e0d0f53e3dd4e8f2
parentd4bbf44fbbac312633a4d104c55734c61f712c9e (diff)
luci-proto-wireguard: WireGuard VPN Protocol (New)
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It runs over UDP. Signed-off-by: Dan Lüdtke mail@danrl.com
-rw-r--r--protocols/luci-proto-wireguard/Makefile16
-rw-r--r--protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua147
-rw-r--r--protocols/luci-proto-wireguard/luasrc/model/network/proto_wireguard.lua42
3 files changed, 205 insertions, 0 deletions
diff --git a/protocols/luci-proto-wireguard/Makefile b/protocols/luci-proto-wireguard/Makefile
new file mode 100644
index 0000000000..0e54add6ba
--- /dev/null
+++ b/protocols/luci-proto-wireguard/Makefile
@@ -0,0 +1,16 @@
+#
+# Copyright (C) 2016 Dan Luedtke <mail@danrl.com>
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=Support for WireGuard VPN
+LUCI_DEPENDS:=+wireguard
+
+PKG_MAINTAINER:=Dan Luedtke <mail@danrl.com>
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
diff --git a/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua b/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
new file mode 100644
index 0000000000..e088881293
--- /dev/null
+++ b/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
@@ -0,0 +1,147 @@
+-- Copyright 2016 Dan Luedtke <mail@danrl.com>
+-- Licensed to the public under the Apache License 2.0.
+
+
+local map, section, net = ...
+local ifname = net:get_interface():name()
+local private_key, listen_port
+local metric, mtu, preshared_key
+local peers, public_key, allowed_ips, endpoint, persistent_keepalive
+
+
+-- general ---------------------------------------------------------------------
+
+private_key = section:taboption(
+ "general",
+ Value,
+ "private_key",
+ translate("Private Key"),
+ translate("Required. Base64-encoded private key for this interface.")
+)
+private_key.password = true
+private_key.datatype = "and(minlength(44),maxlength(44))"
+private_key.optional = false
+
+
+listen_port = section:taboption(
+ "general",
+ Value,
+ "listen_port",
+ translate("Listen Port"),
+ translate("Optional. UDP port used for outgoing and incoming packets.")
+)
+listen_port.datatype = "port"
+listen_port.placeholder = "51820"
+listen_port.optional = true
+
+
+-- advanced --------------------------------------------------------------------
+
+metric = section:taboption(
+ "advanced",
+ Value,
+ "metric",
+ translate("Metric"),
+ translate("Optional.")
+)
+metric.datatype = "uinteger"
+metric.placeholder = "0"
+metric.optional = true
+
+
+mtu = section:taboption(
+ "advanced",
+ Value,
+ "mtu",
+ translate("MTU"),
+ translate("Optional. Maximum Transmission Unit of tunnel interface.")
+)
+mtu.datatype = "range(1280,1423)"
+mtu.placeholder = "1423"
+mtu.optional = true
+
+
+preshared_key = section:taboption(
+ "advanced",
+ Value,
+ "preshared_key",
+ translate("Preshared Key"),
+ translate("Optional. Adds in an additional layer of symmetric-key " ..
+ "cryptography for post-quantum resistance.")
+)
+preshared_key.password = true
+preshared_key.datatype = "and(minlength(44),maxlength(44))"
+preshared_key.optional = true
+
+
+-- peers -----------------------------------------------------------------------
+
+peers = map:section(
+ TypedSection,
+ "wireguard_" .. ifname,
+ translate("Peers"),
+ translate("Further information about WireGuard interfaces and peers " ..
+ "at <a href=\"http://wireguard.io\">wireguard.io</a>.")
+)
+peers.template = "cbi/tsection"
+peers.anonymous = true
+peers.addremove = true
+
+
+public_key = peers:option(
+ Value,
+ "public_key",
+ translate("Public Key"),
+ translate("Required. Public key of peer.")
+)
+public_key.datatype = "and(minlength(44),maxlength(44))"
+public_key.optional = false
+
+
+allowed_ips = peers:option(
+ DynamicList,
+ "allowed_ips",
+ translate("Allowed IPs"),
+ translate("Required. IP addresses and prefixes that this peer is allowed " ..
+ "to use inside the tunnel. Routes will be added accordingly.")
+)
+allowed_ips.datatype = "or(ip6addr, ip4addr)"
+allowed_ips.optional = false
+
+
+route_allowed_ips = peers:option(
+ Flag,
+ "route_allowed_ips",
+ translate("Route Allowed IPs"),
+ translate("Optional. Create routes for Allowed IPs for this peer.")
+)
+
+
+endpoint_host = peers:option(
+ Value,
+ "endpoint_host",
+ translate("Endpoint Host"),
+ translate("Optional. Host of peer. Names are resolved " ..
+ "prior to bringing up the interface."))
+endpoint_host.placeholder = "vpn.example.com"
+endpoint_host.datatype = "host"
+
+
+endpoint_port = peers:option(
+ Value,
+ "endpoint_port",
+ translate("Endpoint Port"),
+ translate("Optional. Port of peer."))
+endpoint_port.placeholder = "51820"
+endpoint_port.datatype = "port"
+
+
+persistent_keepalive = peers:option(
+ Value,
+ "persistent_keepalive",
+ translate("Persistent Keep Alive"),
+ translate("Optional. Seconds between keep alive messages. " ..
+ "Default is 0 (disabled). Recommended value if " ..
+ "this device is behind a NAT is 25."))
+persistent_keepalive.datatype = "range(0, 65535)"
+persistent_keepalive.placeholder = "0"
diff --git a/protocols/luci-proto-wireguard/luasrc/model/network/proto_wireguard.lua b/protocols/luci-proto-wireguard/luasrc/model/network/proto_wireguard.lua
new file mode 100644
index 0000000000..d6937618a7
--- /dev/null
+++ b/protocols/luci-proto-wireguard/luasrc/model/network/proto_wireguard.lua
@@ -0,0 +1,42 @@
+-- Copyright 2016 Dan Luedtke <mail@danrl.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local netmod = luci.model.network
+local interface = luci.model.network.interface
+local proto = netmod:register_protocol("wireguard")
+
+function proto.get_i18n(self)
+ return luci.i18n.translate("WireGuard VPN")
+end
+
+function proto.ifname(self)
+ return self.sid
+end
+
+function proto.get_interface(self)
+ return interface(self:ifname(), self)
+end
+
+function proto.opkg_package(self)
+ return "wireguard-tools"
+end
+
+function proto.is_installed(self)
+ return nixio.fs.access("/lib/netifd/proto/wireguard.sh")
+end
+
+function proto.is_floating(self)
+ return true
+end
+
+function proto.is_virtual(self)
+ return true
+end
+
+function proto.get_interfaces(self)
+ return nil
+end
+
+function proto.contains_interface(self, ifc)
+ return (netmod:ifnameof(ifc) == self:ifname())
+end