summaryrefslogtreecommitdiffhomepage
path: root/protocols/luci-proto-wireguard
AgeCommit message (Collapse)Author
2024-02-16luci-proto-wireguard: fix broken DNS option in peer config generatorJo-Philipp Wich
The config generation code was referencing a not existing `dns_servers` input field. Fixes: #6921 Fixes: 5b26887c52 ("Adding a DNS option to the wireguard peer config ...") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-12-05Adding a DNS option to the wireguard peer config generator.Nicholaos Mouzourakis
Some clients like iOS require this explicitly, and so this change adds the appropriate config with some sensible defaults. Closes #6351 Signed-off-by: Nicholaos Mouzourakis <nevumx@gmail.com> Signed-off-by: Paul Donald <newtwen@gmail.com> Tested-by: Paul Donald <newtwen@gmail.com> (cherry picked from commit 990696d73f982de015df7c7d552daef1a03f50c5)
2023-12-04luci-proto-wireguard: Remove confirmation dialogue to generate keys (#6697)Paul Donald
Quality of life improvements. Reduce click amounts. LuCI batches all changes for user-review anyway. Tested on 23.05.0 Signed-off-by: Paul Donald <newtwen@gmail.com>
2023-10-21Adding an Addresses option to the wireguard peer config generator.Nicholaos Mouzourakis
Some clients like iOS require this explicitly, and so this change adds the appropriate config with some sensible defaults. Addresses issue #6050 Signed-off-by: Nicholaos Mouzourakis <nevumx@gmail.com>
2023-09-24luci-proto-wireguard: Escape IPv6 endpoints with [] in generated wireguard ↵Jonathan Duncan
config Signed-off-by: Jonathan Duncan <JonathanDuncan@gmail.com>
2023-08-11luci-proto-wireguard: grammar fixesPaul Dee
To setup (n) -> To set(v) up Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2023-03-14luci-proto-wireguard: use ddns lookup_host for peer hintsJo-Philipp Wich
The `domain` option of a DDNS service entry may contain non-hostname values, use the `lookup_hostname` option instead. Fixes: #6289 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-12-05luci-proto-wireguard: fix configuration importJo-Philipp Wich
Avoid referencing not existing `peerdns` option during the configuration file import process. Fixes: #6136 Fixes: 2be01cbfcb ("luci-mod-network: restrict peerdns option to protocols that implemenent it") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-11-23luci-proto-wireguard: fix loading peer descriptionsJo-Philipp Wich
Explicitly load `network` uci in wireguard rpcd backend as `ctx.foreach()` does not implicitly load it. Also remove leftover test setup information from the status page source. Fixes: #6095 Fixes: 008fa18878 ("luci-proto-wireguard: rewrite rpcd handler in ucode") Fixes: 6e6fce3eb4 ("luci-proto-wireguard: merge status page functionality") Ref: https://github.com/jow-/ucode/pull/126 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-11-22luci-proto-wireguard: merge status page functionalityJo-Philipp Wich
Merge status page functionality from the separate `luci-app-wireguard` package into the `luci-proto-wirguard` protocol backend. Also rewrite the status page markup to be more compact while we're at it. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-11-09luci-proto-wireguard: fix generated AllowedIPsJulien Cassette
This corrects the option `AllowedIPs` in generated peer configurations, and allows to customize it via a dropdown list. Fixes: #5956 Signed-off-by: Julien Cassette <julien.cassette@gmail.com> [correct fixes tag, slightly adjust option description] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-10-25luci-proto-wireguard: rewrite rpcd handler in ucodeJo-Philipp Wich
Rewrite the wireguard rpcd plugin in ucode to prevent an implicit dependency on the LuCI Lua runtime. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-08-01luci-proto-wireguard: handle multiple peers in imported configurationJo-Philipp Wich
When importing a fully configuration, import all peer entries from it instead of non-deterministically merging all peer keys into one. When importing a remote configuration as peer, only use the setting from the peer section matching our local interface pubkey. Also relabel the `Import peer configuration` button to `Import configuration as peer` in order to be more explicit. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-07-23luci-proto-wireguard: configuration import improvementsJo-Philipp Wich
- Reword texts in import dialogs for better clarity, use different descriptions for full import and peer import - Allow importing configurations without [Peer] section Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-06-21luci-proto-wireguard: gracefully deal with missing uci configsJo-Philipp Wich
The /etc/config/ddns in particular might not be present on the system, don't fail if it is absent. Fixes: #5838 Fixes: 9ba20645b0 ("luci-proto-wireguard: rewrite protocol handler") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-06-20luci-proto-wireguard: grant uci read access to system and ddns configJo-Philipp Wich
The configuration export requires access to /e/c/system and /e/c/ddns for external hostname hints. Fixes: #5838 Fixes: 9ba20645b0 ("luci-proto-wireguard: rewrite protocol handler") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-05-17luci-proto-wireguard: rewrite protocol handlerJo-Philipp Wich
This commit rewrites large chunks of the WireGuard protocol handler in order to simplify the process of importing and exporting configuration. The major changes are: 1) The wireguard interface configuration tab (General Settings) gained an import assistant which allows dragging or pasting a native WireGuard configuration file in order to import required settrings into uci 2) The peer configuration tab gained a similar import assistant which allows importing the settings for a WireGuard peer from an existing native WireGuard configuration file 3) The QR code export feature has been rewritten to make the resulting codes actually useful for importing into a WireGuard client application. Additionally the plaintext native WireGuard configuration is displayed to allow copy-pasting it for use on a Linux or OS X system Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-04-14luci-proto-wireguard: adjust MTU range from 0-8940Florian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-04-12luci-proto-wireguard: remove MTU limitFlorian Eckert
fixes #5737 Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-18luci-proto-wireguard: add generate psk buttonLukas Voegl
Signed-off-by: Lukas Voegl <lvoegl@tdt.de>
2021-12-02Merge pull request #5540 from jow-/wireguard-peer-gridsectionJo-Philipp Wich
Implement nested grid section support and use it for wireguard peer config
2021-11-30Merge pull request #5400 from systemcrash/wg_pubkeyFlorian Eckert
luci-proto-wireguard: display interface public key
2021-11-22luci-proto-wireguard: turn peer configuration into grid viewJo-Philipp Wich
Turn the list of configured peers into a grid section in order to improve the overview of the configuration form. Fixes: #5489 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-11-21luci-proto-wireguard: fix QR code generation markupJo-Philipp Wich
The custom code generation markup lacked a required CSS class. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-11-17luci-proto-wireguard: add option to disable peer-sectionRobert Walli
Submitted-by: Robert Walli <12079858+rwalli@users.noreply.github.com> Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-11-11luci-proto-wireguard: display interface public keyPaul Dee
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
2021-10-08luci-proto-wireguard: fix potential shell injection vulnerabilitiesJo-Philipp Wich
The `luci.wireguard.generateQrCode` UBUS method allows injecting arbitrary shell code by not sanitizing the `privkey` and `allowed_ips` arguments before concatenating them into shell command expressions. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-10-07luci-proto-wireguard: fix markup not valid for XHTMLJo-Philipp Wich
Fixes: #5407 Fixes: 03d615f62c ("luci-proto-wireguard: add more options to qr code") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-10-01Merge pull request #5403 from lvoegl/luci-app-wireguard-fix-parsingFlorian Eckert
luci-app-wireguard: fix allowed_ip parsing
2021-10-01luci-app-wireguard: fix allowed_ip parsinglvoegl
Signed-off-by: lvoegl <lvoegl@tdt.de>
2021-09-30luci-proto-wireguard: fix luci.wireguard rpcd dependencyFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-09-26luci-app-wireguard: fix dependencyFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-09-17luci-proto-wireguard: add more options to qr codelvoegl
Signed-off-by: lvoegl <lvoegl@tdt.de>
2021-09-17luci-proto-wireguard: client qr code generationlvoegl
Signed-off-by: lvoegl <lvoegl@tdt.de>
2021-09-17luci-app-wireguard: merge app and proto rpcdlvoegl
Signed-off-by: lvoegl <lvoegl@tdt.de>
2021-08-28#5307 Made AllowedIPs optionalKeith Irwin
Signed-off-by: Keith Irwin <git@ki9.us>
2021-06-03luci-proto-wireguard: fix fwmark validation to allow 32 bit valuesJo-Philipp Wich
The iptables mark field is 32 bits wide, which is 4 bytes and so 8 hex characters. Fix the fwmark validation to allow 8 characters in the hex string. Fixes: #5098 Suggested-by: Robert <32970961+differentblue@users.noreply.github.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-15treewide: remove rendundant proto handler optionsJo-Philipp Wich
The introduction of network device configuration support also implemented all common, protocol-independent interface options directly in the interface config view, so drop the redundant option definitions. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-02-27luci-{app,proto}-wireguard: remove kmod-wireguardIlya Lipnitskiy
Prepares for 5.10 migration. wireguard-tools will bring in the correct wireguard kernel module dependency - either kmod-wireguard or kmod-wireguard-oot. Depends on https://github.com/openwrt/openwrt/pull/3885 Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2020-08-21luci-proto-wireguard: Add generate key buttonWojciech Jowsa
Signed-off-by: Wojciech Jowsa <wojciech.jowsa@gmail.com> [minor indentation fix, use bound section_id value, remove empty translation] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-14luci-proto-wireguard: verify last base64 string symbol is an = signFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-05-13luci-proto-wireguard: add warning that allowed_ips must not be emptyFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-03-03luci-proto-wireguard: remove peer sections when deleting interfaceJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-09wireguard: add checkbox for `nohostroute` optionYuxiang Zhu
This change allows to configure `nohostroute` option for wireguard to explicitely prevent creation of host routes to endpoints. By default without `option nohostroute '1'`, an explicite route to the peer's endpoint will be created in the main routing table with the next hop to the gateway. However, it causes issues with some setup. Enabling this option will inhibit this behavior. See discussions at http://lists.openwrt.org/pipermail/openwrt-devel/2019-March/016329.html. Signed-off-by: Yuxiang Zhu <vfreex@gmail.com>
2020-01-22luci-proto-wireguard: explicitely escape slashes in regex literalsJo-Philipp Wich
The unespaced slashes confuse xgettext and likely other source scanners as well. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-03treewide: move templates and libraries not used by the core to luci-compatJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-17luci-proto-wireguard: fix preshared key validationJo-Philipp Wich
Ensure that the preshared key option remains optional. Fixes: #3075 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-10protocols: drop server side cbi implementations of protocol handlersJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-10protocols: add client side protocol handler implementationsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-10luci-*-wireguard: Remove inactive maintainerDan Lüdtke
I tried to find a successor in the last months, but that failed. Signed-off by Dan Luedtke <mail@danrl.com>