diff options
Diffstat (limited to 'protocols/luci-proto-wireguard')
| -rw-r--r-- | protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js | 137 | ||||
| -rw-r--r-- | protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua | 179 |
2 files changed, 137 insertions, 179 deletions
diff --git a/protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js b/protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js new file mode 100644 index 0000000000..6742f2ab99 --- /dev/null +++ b/protocols/luci-proto-wireguard/htdocs/luci-static/resources/protocol/wireguard.js @@ -0,0 +1,137 @@ +'use strict'; +'require form'; +'require network'; + +function validateBase64(section_id, value) { + if (value.length != 44 || !value.match(/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/)) + return _('Invalid Base64 key string'); + + return true; +} + +return network.registerProtocol('wireguard', { + getI18n: function() { + return _('WireGuard VPN'); + }, + + getIfname: function() { + return this._ubus('l3_device') || this.sid; + }, + + getOpkgPackage: function() { + return 'wireguard-tools'; + }, + + isFloating: function() { + return true; + }, + + isVirtual: function() { + return true; + }, + + getDevices: function() { + return null; + }, + + containsDevice: function(ifname) { + return (network.getIfnameOf(ifname) == this.getIfname()); + }, + + renderFormOptions: function(s) { + var o, ss; + + // -- general --------------------------------------------------------------------- + + o = s.taboption('general', form.Value, 'private_key', _('Private Key'), _('Required. Base64-encoded private key for this interface.')); + o.password = true; + o.validate = validateBase64; + o.rmempty = false; + + o = s.taboption('general', form.Value, 'listen_port', _('Listen Port'), _('Optional. UDP port used for outgoing and incoming packets.')); + o.datatype = 'port'; + o.placeholder = _('random'); + o.optional = true; + + o = s.taboption('general', form.DynamicList, 'addresses', _('IP Addresses'), _('Recommended. IP addresses of the WireGuard interface.')); + o.datatype = 'ipaddr'; + o.optional = true; + + + // -- advanced -------------------------------------------------------------------- + + o = s.taboption('advanced', form.Value, 'metric', _('Metric'), _('Optional')); + o.datatype = 'uinteger'; + o.placeholder = '0'; + o.optional = true; + + o = s.taboption('advanced', form.Value, 'mtu', _('MTU'), _('Optional. Maximum Transmission Unit of tunnel interface.')); + o.datatype = 'range(1280,1420)'; + o.placeholder = '1420'; + o.optional = true; + + o = s.taboption('advanced', form.Value, 'fwmark', _('Firewall Mark'), _('Optional. 32-bit mark for outgoing encrypted packets. Enter value in hex, starting with <code>0x</code>.')); + o.optional = true; + o.validate = function(section_id, value) { + if (value.length > 0 && !value.match(/^0x[a-fA-F0-9]{1,4}$/)) + return _('Invalid hexadecimal value'); + + return true; + }; + + + // -- peers ----------------------------------------------------------------------- + + try { + s.tab('peers', _('Peers'), _('Further information about WireGuard interfaces and peers at <a href=\'http://wireguard.com\'>wireguard.com</a>.')); + } + catch(e) {} + + o = s.taboption('peers', form.SectionValue, '_peers', form.TypedSection, 'wireguard_%s'.format(s.section)); + o.depends('proto', 'wireguard'); + + ss = o.subsection; + ss.anonymous = true; + ss.addremove = true; + ss.addbtntitle = _('Add peer'); + + ss.renderSectionPlaceholder = function() { + return E([], [ + E('br'), + E('em', _('No peers defined yet')) + ]); + }; + + o = ss.option(form.Value, 'description', _('Description'), _('Optional. Description of peer.')); + o.placeholder = 'My Peer'; + o.datatype = 'string'; + o.optional = true; + + o = ss.option(form.Value, 'public_key', _('Public Key'), _('Required. Base64-encoded public key of peer.')); + o.validate = validateBase64; + o.rmempty = false; + + o = ss.option(form.Value, 'preshared_key', _('Preshared Key'), _('Optional. Base64-encoded preshared key. Adds in an additional layer of symmetric-key cryptography for post-quantum resistance.')); + o.password = true; + o.validate = validateBase64; + o.optional = true; + + o = ss.option(form.DynamicList, 'allowed_ips', _('Allowed IPs'), _("Required. IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel.")); + o.datatype = 'ipaddr'; + o.rmempty = false; + + o = ss.option(form.Flag, 'route_allowed_ips', _('Route Allowed IPs'), _('Optional. Create routes for Allowed IPs for this peer.')); + + o = ss.option(form.Value, 'endpoint_host', _('Endpoint Host'), _('Optional. Host of peer. Names are resolved prior to bringing up the interface.')); + o.placeholder = 'vpn.example.com'; + o.datatype = 'host'; + + o = ss.option(form.Value, 'endpoint_port', _('Endpoint Port'), _('Optional. Port of peer.')); + o.placeholder = '51820'; + o.datatype = 'port'; + + o = ss.option(form.Value, 'persistent_keepalive', _('Persistent Keep Alive'), _('Optional. Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25.')); + o.datatype = 'range(0,65535)'; + o.placeholder = '0'; + } +}); diff --git a/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua b/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua deleted file mode 100644 index 64e256a517..0000000000 --- a/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua +++ /dev/null @@ -1,179 +0,0 @@ --- Copyright 2016-2017 Dan Luedtke <mail@danrl.com> --- Licensed to the public under the Apache License 2.0. - - -local map, section, net = ... -local ifname = net:get_interface():name() -local private_key, listen_port -local metric, mtu, preshared_key, description -local peers, public_key, allowed_ips, endpoint, persistent_keepalive - - --- general --------------------------------------------------------------------- - -private_key = section:taboption( - "general", - Value, - "private_key", - translate("Private Key"), - translate("Required. Base64-encoded private key for this interface.") -) -private_key.password = true -private_key.datatype = "and(base64,rangelength(44,44))" -private_key.optional = false - - -listen_port = section:taboption( - "general", - Value, - "listen_port", - translate("Listen Port"), - translate("Optional. UDP port used for outgoing and incoming packets.") -) -listen_port.datatype = "port" -listen_port.placeholder = translate("random") -listen_port.optional = true - -addresses = section:taboption( - "general", - DynamicList, - "addresses", - translate("IP Addresses"), - translate("Recommended. IP addresses of the WireGuard interface.") -) -addresses.datatype = "ipaddr" -addresses.optional = true - - --- advanced -------------------------------------------------------------------- - -metric = section:taboption( - "advanced", - Value, - "metric", - translate("Metric"), - translate("Optional") -) -metric.datatype = "uinteger" -metric.placeholder = "0" -metric.optional = true - - -mtu = section:taboption( - "advanced", - Value, - "mtu", - translate("MTU"), - translate("Optional. Maximum Transmission Unit of tunnel interface.") -) -mtu.datatype = "range(1280,1420)" -mtu.placeholder = "1420" -mtu.optional = true - -fwmark = section:taboption( - "advanced", - Value, - "fwmark", - translate("Firewall Mark"), - translate("Optional. 32-bit mark for outgoing encrypted packets. " .. - "Enter value in hex, starting with <code>0x</code>.") -) -fwmark.datatype = "hex(4)" -fwmark.optional = true - - --- peers ----------------------------------------------------------------------- - -peers = map:section( - TypedSection, - "wireguard_" .. ifname, - translate("Peers"), - translate("Further information about WireGuard interfaces and peers " .. - "at <a href=\"http://wireguard.com\">wireguard.com</a>.") -) -peers.template = "cbi/tsection" -peers.anonymous = true -peers.addremove = true - - -description = peers:option( - Value, - "description", - translate("Description"), - translate("Optional. Description of peer.")) -description.placeholder = "My Peer" -description.datatype = "string" -description.optional = true - - -public_key = peers:option( - Value, - "public_key", - translate("Public Key"), - translate("Required. Base64-encoded public key of peer.") -) -public_key.datatype = "and(base64,rangelength(44,44))" -public_key.optional = false - - -preshared_key = peers:option( - Value, - "preshared_key", - translate("Preshared Key"), - translate("Optional. Base64-encoded preshared key. " .. - "Adds in an additional layer of symmetric-key " .. - "cryptography for post-quantum resistance.") -) -preshared_key.password = true -preshared_key.datatype = "and(base64,rangelength(44,44))" -preshared_key.optional = true - - -allowed_ips = peers:option( - DynamicList, - "allowed_ips", - translate("Allowed IPs"), - translate("Required. IP addresses and prefixes that this peer is allowed " .. - "to use inside the tunnel. Usually the peer's tunnel IP " .. - "addresses and the networks the peer routes through the tunnel.") -) -allowed_ips.datatype = "ipaddr" -allowed_ips.optional = false - - -route_allowed_ips = peers:option( - Flag, - "route_allowed_ips", - translate("Route Allowed IPs"), - translate("Optional. Create routes for Allowed IPs for this peer.") -) - - -endpoint_host = peers:option( - Value, - "endpoint_host", - translate("Endpoint Host"), - translate("Optional. Host of peer. Names are resolved " .. - "prior to bringing up the interface.")) -endpoint_host.placeholder = "vpn.example.com" -endpoint_host.datatype = "host" - - -endpoint_port = peers:option( - Value, - "endpoint_port", - translate("Endpoint Port"), - translate("Optional. Port of peer.")) -endpoint_port.placeholder = "51820" -endpoint_port.datatype = "port" - - -persistent_keepalive = peers:option( - Value, - "persistent_keepalive", - translate("Persistent Keep Alive"), - translate("Optional. Seconds between keep alive messages. " .. - "Default is 0 (disabled). Recommended value if " .. - "this device is behind a NAT is 25.")) -persistent_keepalive.datatype = "range(0,65535)" -persistent_keepalive.placeholder = "0" |