2 files changed, 28 insertions, 16 deletions

diff --git a/protocols/luci-proto-wireguard/Makefile b/protocols/luci-proto-wireguard/Makefile
index ed94a557b6..0dc70cf31e 100644
--- a/protocols/luci-proto-wireguard/Makefile
+++ b/protocols/luci-proto-wireguard/Makefile
@@ -8,6 +8,7 @@ include $(TOPDIR)/rules.mk
 
 LUCI_TITLE:=Support for WireGuard VPN
 LUCI_DEPENDS:=+kmod-wireguard +wireguard-tools
+LUCI_PKGARCH:=all
 
 PKG_MAINTAINER:=Dan Luedtke <mail@danrl.com>
 
diff --git a/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua b/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
index e585324106..fa0db3412e 100644
--- a/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
+++ b/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
@@ -19,7 +19,7 @@ private_key = section:taboption(
   translate("Required. Base64-encoded private key for this interface.")
 )
 private_key.password = true
-private_key.datatype = "rangelength(44, 44)"
+private_key.datatype = "and(base64,rangelength(44,44))"
 private_key.optional = false
 
 
@@ -52,7 +52,7 @@ metric = section:taboption(
   Value,
   "metric",
   translate("Metric"),
-  translate("Optional.")
+  translate("Optional")
 )
 metric.datatype = "uinteger"
 metric.placeholder = "0"
@@ -66,22 +66,20 @@ mtu = section:taboption(
   translate("MTU"),
   translate("Optional. Maximum Transmission Unit of tunnel interface.")
 )
-mtu.datatype = "range(1280,1423)"
-mtu.placeholder = "1423"
+mtu.datatype = "range(1280,1420)"
+mtu.placeholder = "1420"
 mtu.optional = true
 
-
-preshared_key = section:taboption(
+fwmark = section:taboption(
   "advanced",
   Value,
-  "preshared_key",
-  translate("Preshared Key"),
-  translate("Optional. Adds in an additional layer of symmetric-key " ..
-            "cryptography for post-quantum resistance.")
+  "fwmark",
+  translate("Firewall Mark"),
+  translate("Optional. 32-bit mark for outgoing encrypted packets. " ..
+            "Enter value in hex, starting with <code>0x</code>.")
 )
-preshared_key.password = true
-preshared_key.datatype = "rangelength(44, 44)"
-preshared_key.optional = true
+fwmark.datatype = "hex(4)"
+fwmark.optional = true
 
 
 -- peers -----------------------------------------------------------------------
@@ -102,12 +100,25 @@ public_key = peers:option(
   Value,
   "public_key",
   translate("Public Key"),
-  translate("Required. Public key of peer.")
+  translate("Required. Base64-encoded public key of peer.")
 )
-public_key.datatype = "rangelength(44, 44)"
+public_key.datatype = "and(base64,rangelength(44,44))"
 public_key.optional = false
 
 
+preshared_key = peers:option(
+  Value,
+  "preshared_key",
+  translate("Preshared Key"),
+  translate("Optional. Base64-encoded preshared key. " ..
+            "Adds in an additional layer of symmetric-key " ..
+            "cryptography for post-quantum resistance.")
+)
+preshared_key.password = true
+preshared_key.datatype = "and(base64,rangelength(44,44))"
+preshared_key.optional = true
+
+
 allowed_ips = peers:option(
   DynamicList,
   "allowed_ips",
@@ -154,5 +165,5 @@ persistent_keepalive = peers:option(
   translate("Optional. Seconds between keep alive messages. " ..
             "Default is 0 (disabled). Recommended value if " ..
             "this device is behind a NAT is 25."))
-persistent_keepalive.datatype = "range(0, 65535)"
+persistent_keepalive.datatype = "range(0,65535)"
 persistent_keepalive.placeholder = "0"