6 files changed, 296 insertions, 0 deletions
diff --git a/protocols/luci-proto-ipip/Makefile b/protocols/luci-proto-ipip/Makefile
new file mode 100644
index 0000000000..6af85647e5
--- /dev/null
+++ b/protocols/luci-proto-ipip/Makefile
@@ -0,0 +1,16 @@
+#
+# Copyright 2016 Roger Pueyo Centelles <roger.pueyo@guifi.net>
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=Support for IPIP tunnels (IPv4-in-IPv4 RFC2003)
+LUCI_DEPENDS:=+ipip
+
+PKG_MAINTAINER:=Roger Pueyo Centelles <roger.pueyo@guifi.net>
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
diff --git a/protocols/luci-proto-ipip/luasrc/model/cbi/admin_network/proto_ipip.lua b/protocols/luci-proto-ipip/luasrc/model/cbi/admin_network/proto_ipip.lua
new file mode 100644
index 0000000000..8817f18d6d
--- /dev/null
+++ b/protocols/luci-proto-ipip/luasrc/model/cbi/admin_network/proto_ipip.lua
@@ -0,0 +1,34 @@
+-- Copyright 2016 Roger Pueyo Centelles <roger.pueyo@guifi.net>
+-- Licensed to the public under the Apache License 2.0.
+
+local map, section, net = ...
+
+local peeraddr, ipaddr, ttl, tos, df, mtu, tunlink
+
+peeraddr = section:taboption("general", Value, "peeraddr", translate("Remote IPv4 address or FQDN"), translate("The IPv4 address or the fully-qualified domain name of the remote tunnel end."))
+peeraddr.optional = false
+peeraddr.datatype = "or(hostname,ip4addr)"
+
+ipaddr = section:taboption("general", Value, "ipaddr", translate("Local IPv4 address"), translate("The local IPv4 address over which the tunnel is created (optional)."))
+ipaddr.optional = true
+ipaddr.datatype = "ip4addr"
+
+tunlink = section:taboption("general", Value, "tunlink", translate("Bind interface"), translate("Bind the tunnel to this interface (optional)."))
+ipaddr.optional = true
+
+
+mtu = section:taboption("advanced", Value, "mtu", translate("Override MTU"), translate("Specify an MTU (Maximum Transmission Unit) other than the default (1280 bytes)."))
+mtu.optional = true
+mtu.placeholder = 1280
+mtu.datatype = "range(68, 9200)"
+
+ttl = section:taboption("advanced", Value, "ttl", translate("Override TTL"), translate("Specify a TTL (Time to Live) for the encapsulating packet other than the default (64)."))
+ttl.optional = true
+ttl.placeholder = 64
+ttl.datatype = "min(1)"
+
+tos = section:taboption("advanced", Value, "tos", translate("Override TOS"), translate("Specify a TOS (Type of Service)."))
+tos.optional = true
+tos.datatype = "range(0, 255)"
+
+df = section:taboption("advanced", Flag, "df", translate("Don't Fragment"), translate("Enable the DF (Don't Fragment) flag of the encapsulating packets."))
diff --git a/protocols/luci-proto-ipip/luasrc/model/network/proto_ipip.lua b/protocols/luci-proto-ipip/luasrc/model/network/proto_ipip.lua
new file mode 100644
index 0000000000..5c3761c9cb
--- /dev/null
+++ b/protocols/luci-proto-ipip/luasrc/model/network/proto_ipip.lua
@@ -0,0 +1,40 @@
+-- Copyright 2016 Roger Pueyo Centelles <roger.pueyo@guifi.net>
+-- Licensed to the public under the Apache License 2.0.
+
+local netmod = luci.model.network
+local interface = luci.model.network.interface
+local proto = netmod:register_protocol("ipip")
+
+function proto.get_i18n(self)
+	return luci.i18n.translate("IPv4-in-IPv4 (RFC2003)")
+end
+
+function proto.ifname(self)
+	return "ipip-" .. self.sid
+end
+
+function proto.opkg_package(self)
+	return "ipip"
+end
+
+function proto.is_installed(self)
+	return nixio.fs.access("/lib/netifd/proto/ipip.sh")
+end
+
+function proto.is_floating(self)
+	return true
+end
+
+function proto.is_virtual(self)
+	return true
+end
+
+function proto.get_interfaces(self)
+	return nil
+end
+
+function proto.contains_interface(self, ifc)
+	 return (netmod:ifnameof(ifc) == self:ifname())
+end
+
+netmod:register_pattern_virtual("^ipip-%w")
diff --git a/protocols/luci-proto-wireguard/Makefile b/protocols/luci-proto-wireguard/Makefile
new file mode 100644
index 0000000000..ed94a557b6
--- /dev/null
+++ b/protocols/luci-proto-wireguard/Makefile
@@ -0,0 +1,16 @@
+#
+# Copyright (C) 2016 Dan Luedtke <mail@danrl.com>
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=Support for WireGuard VPN
+LUCI_DEPENDS:=+kmod-wireguard +wireguard-tools
+
+PKG_MAINTAINER:=Dan Luedtke <mail@danrl.com>
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
diff --git a/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua b/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
new file mode 100644
index 0000000000..774c6db22b
--- /dev/null
+++ b/protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua
@@ -0,0 +1,148 @@
+-- Copyright 2016 Dan Luedtke <mail@danrl.com>
+-- Licensed to the public under the Apache License 2.0.
+
+
+local map, section, net = ...
+local ifname = net:get_interface():name()
+local private_key, listen_port
+local metric, mtu, preshared_key
+local peers, public_key, allowed_ips, endpoint, persistent_keepalive
+
+
+-- general ---------------------------------------------------------------------
+
+private_key = section:taboption(
+  "general",
+  Value,
+  "private_key",
+  translate("Private Key"),
+  translate("Required. Base64-encoded private key for this interface.")
+)
+private_key.password = true
+private_key.datatype = "rangelength(44, 44)"
+private_key.optional = false
+
+
+listen_port = section:taboption(
+  "general",
+  Value,
+  "listen_port",
+  translate("Listen Port"),
+  translate("Optional. UDP port used for outgoing and incoming packets.")
+)
+listen_port.datatype = "port"
+listen_port.placeholder = "51820"
+listen_port.optional = true
+
+
+-- advanced --------------------------------------------------------------------
+
+metric = section:taboption(
+  "advanced",
+  Value,
+  "metric",
+  translate("Metric"),
+  translate("Optional.")
+)
+metric.datatype = "uinteger"
+metric.placeholder = "0"
+metric.optional = true
+
+
+mtu = section:taboption(
+  "advanced",
+  Value,
+  "mtu",
+  translate("MTU"),
+  translate("Optional. Maximum Transmission Unit of tunnel interface.")
+)
+mtu.datatype = "range(1280,1423)"
+mtu.placeholder = "1423"
+mtu.optional = true
+
+
+preshared_key = section:taboption(
+  "advanced",
+  Value,
+  "preshared_key",
+  translate("Preshared Key"),
+  translate("Optional. Adds in an additional layer of symmetric-key " ..
+            "cryptography for post-quantum resistance.")
+)
+preshared_key.password = true
+preshared_key.datatype = "rangelength(44, 44)"
+preshared_key.optional = true
+
+
+-- peers -----------------------------------------------------------------------
+
+peers = map:section(
+  TypedSection,
+  "wireguard_" .. ifname,
+  translate("Peers"),
+  translate("Further information about WireGuard interfaces and peers " ..
+            "at <a href=\"http://wireguard.io\">wireguard.io</a>.")
+)
+peers.template = "cbi/tsection"
+peers.anonymous = true
+peers.addremove = true
+
+
+public_key = peers:option(
+  Value,
+  "public_key",
+  translate("Public Key"),
+  translate("Required. Public key of peer.")
+)
+public_key.datatype = "rangelength(44, 44)"
+public_key.optional = false
+
+
+allowed_ips = peers:option(
+  DynamicList,
+  "allowed_ips",
+  translate("Allowed IPs"),
+  translate("Required. IP addresses and prefixes that this peer is allowed " ..
+            "to use inside the tunnel. Usually the peer's tunnel IP " ..
+            "addresses and the networks the peer routes through the tunnel.")
+)
+allowed_ips.datatype = "ipaddr"
+allowed_ips.optional = false
+
+
+route_allowed_ips = peers:option(
+  Flag,
+  "route_allowed_ips",
+  translate("Route Allowed IPs"),
+  translate("Optional. Create routes for Allowed IPs for this peer.")
+)
+
+
+endpoint_host = peers:option(
+  Value,
+  "endpoint_host",
+  translate("Endpoint Host"),
+  translate("Optional. Host of peer. Names are resolved " ..
+            "prior to bringing up the interface."))
+endpoint_host.placeholder = "vpn.example.com"
+endpoint_host.datatype = "host"
+
+
+endpoint_port = peers:option(
+  Value,
+  "endpoint_port",
+  translate("Endpoint Port"),
+  translate("Optional. Port of peer."))
+endpoint_port.placeholder = "51820"
+endpoint_port.datatype = "port"
+
+
+persistent_keepalive = peers:option(
+  Value,
+  "persistent_keepalive",
+  translate("Persistent Keep Alive"),
+  translate("Optional. Seconds between keep alive messages. " ..
+            "Default is 0 (disabled). Recommended value if " ..
+            "this device is behind a NAT is 25."))
+persistent_keepalive.datatype = "range(0, 65535)"
+persistent_keepalive.placeholder = "0"
diff --git a/protocols/luci-proto-wireguard/luasrc/model/network/proto_wireguard.lua b/protocols/luci-proto-wireguard/luasrc/model/network/proto_wireguard.lua
new file mode 100644
index 0000000000..d6937618a7
--- /dev/null
+++ b/protocols/luci-proto-wireguard/luasrc/model/network/proto_wireguard.lua
@@ -0,0 +1,42 @@
+-- Copyright 2016 Dan Luedtke <mail@danrl.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local netmod = luci.model.network
+local interface = luci.model.network.interface
+local proto = netmod:register_protocol("wireguard")
+
+function proto.get_i18n(self)
+  return luci.i18n.translate("WireGuard VPN")
+end
+
+function proto.ifname(self)
+  return self.sid
+end
+
+function proto.get_interface(self)
+  return interface(self:ifname(), self)
+end
+
+function proto.opkg_package(self)
+  return "wireguard-tools"
+end
+
+function proto.is_installed(self)
+  return nixio.fs.access("/lib/netifd/proto/wireguard.sh")
+end
+
+function proto.is_floating(self)
+  return true
+end
+
+function proto.is_virtual(self)
+  return true
+end
+
+function proto.get_interfaces(self)
+  return nil
+end
+
+function proto.contains_interface(self, ifc)
+   return (netmod:ifnameof(ifc) == self:ifname())
+end