summaryrefslogtreecommitdiffhomepage
path: root/protocols/luci-proto-wireguard
AgeCommit message (Collapse)Author
2021-06-03luci-proto-wireguard: fix fwmark validation to allow 32 bit valuesJo-Philipp Wich
The iptables mark field is 32 bits wide, which is 4 bytes and so 8 hex characters. Fix the fwmark validation to allow 8 characters in the hex string. Fixes: #5098 Suggested-by: Robert <32970961+differentblue@users.noreply.github.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-03-15treewide: remove rendundant proto handler optionsJo-Philipp Wich
The introduction of network device configuration support also implemented all common, protocol-independent interface options directly in the interface config view, so drop the redundant option definitions. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-02-27luci-{app,proto}-wireguard: remove kmod-wireguardIlya Lipnitskiy
Prepares for 5.10 migration. wireguard-tools will bring in the correct wireguard kernel module dependency - either kmod-wireguard or kmod-wireguard-oot. Depends on https://github.com/openwrt/openwrt/pull/3885 Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2020-08-21luci-proto-wireguard: Add generate key buttonWojciech Jowsa
Signed-off-by: Wojciech Jowsa <wojciech.jowsa@gmail.com> [minor indentation fix, use bound section_id value, remove empty translation] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-14luci-proto-wireguard: verify last base64 string symbol is an = signFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-05-13luci-proto-wireguard: add warning that allowed_ips must not be emptyFlorian Eckert
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-03-03luci-proto-wireguard: remove peer sections when deleting interfaceJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-09wireguard: add checkbox for `nohostroute` optionYuxiang Zhu
This change allows to configure `nohostroute` option for wireguard to explicitely prevent creation of host routes to endpoints. By default without `option nohostroute '1'`, an explicite route to the peer's endpoint will be created in the main routing table with the next hop to the gateway. However, it causes issues with some setup. Enabling this option will inhibit this behavior. See discussions at http://lists.openwrt.org/pipermail/openwrt-devel/2019-March/016329.html. Signed-off-by: Yuxiang Zhu <vfreex@gmail.com>
2020-01-22luci-proto-wireguard: explicitely escape slashes in regex literalsJo-Philipp Wich
The unespaced slashes confuse xgettext and likely other source scanners as well. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-03treewide: move templates and libraries not used by the core to luci-compatJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-17luci-proto-wireguard: fix preshared key validationJo-Philipp Wich
Ensure that the preshared key option remains optional. Fixes: #3075 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-10protocols: drop server side cbi implementations of protocol handlersJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-10protocols: add client side protocol handler implementationsJo-Philipp Wich
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-10luci-*-wireguard: Remove inactive maintainerDan Lüdtke
I tried to find a successor in the last months, but that failed. Signed-off by Dan Luedtke <mail@danrl.com>
2018-07-08Add descriptionrwalli
2018-06-11wireguard: update wireguard urlKevin Darbyshire-Bryant
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-30Fix #1609: luci-proto-wireguard placeholder wrongfully suggests default portsquare.wf
2017-05-30luci-proto-wireguard: use "Optional" instead of "Optional." as translationJo-Philipp Wich
This allows sharing the translation string with other components. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-09wireguard: preshared-key is now an attribute of the peerJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-27luci-proto-wireguard: add support for fwmark optiondanrl
Adds support for the fwmark option. FwMark is a 32-bit fwmark for outgoing packets. If set to 0 or "off", this option is disabled. Signed-off-by: Dan Luedtke <mail@danrl.com>
2017-02-16luci-proto-wireguard: mark package as arch indep.Dan Lüdtke
Marks package luci-proto-wireguard as architecture independent. Signed-off-by: Dan Luedtke <mail@danrl.com>
2017-02-15luci-proto-wireguard: stricter input validationdanrl
Signed-off-by: Dan Luedtke <mail@danrl.com>
2017-02-03luci-proto-wireguard: fix wrong maximum MTUdanrl
Signed-off-by: Dan Luedtke <mail@danrl.com>
2017-01-14luci-proto-wireguard: enable addressing for tunnel interfacesdanrl
Enable static addresses on WireGuard tunnel interfaces without requiring an static address interface. This removes the requirement to use a static address interface on top of a WireGuard tunnel interface in the majority of cases. In the past, users have been confused by the current approach and asked for a simpler way to configure WireGuard interfaces. Signed-off-by: Dan Luedtke <mail@danrl.com>
2016-12-01luci-proto-wireguard: Fix misleading descriptiondanrl
Description was misleading, as the routes are not created automatically. We have a flag to create routes. Added a hint what to fill into the AlledIPs field as users repeatedly have struggled to use it correctly. Thanks to Stefan Agner for providing feedback on this. Signed-off-by: Dan Luedtke <mail@danrl.com>
2016-11-19luci-proto-wireguard: do not depend on meta-packagedanrl
Signed-off-by: Dan Luedtke <mail@danrl.com>
2016-11-15luci-proto-wireguard: input validation optimizationdanrl
2016-11-15luci-proto-wireguard: added maintainerDan Lüdtke
Signed-off-by: Dan Lüdtke <mail@danrl.com>
2016-11-15luci-proto-wireguard: WireGuard VPN Protocol (New)danrl
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It runs over UDP. Signed-off-by: Dan Lüdtke mail@danrl.com