Age | Commit message (Collapse) | Author |
|
Rewrite the wireguard rpcd plugin in ucode to prevent an implicit dependency
on the LuCI Lua runtime.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
When importing a fully configuration, import all peer entries from it
instead of non-deterministically merging all peer keys into one.
When importing a remote configuration as peer, only use the setting from
the peer section matching our local interface pubkey.
Also relabel the `Import peer configuration` button to
`Import configuration as peer` in order to be more explicit.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
- Reword texts in import dialogs for better clarity, use different
descriptions for full import and peer import
- Allow importing configurations without [Peer] section
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The /etc/config/ddns in particular might not be present on the system,
don't fail if it is absent.
Fixes: #5838
Fixes: 9ba20645b0 ("luci-proto-wireguard: rewrite protocol handler")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The configuration export requires access to /e/c/system and /e/c/ddns for
external hostname hints.
Fixes: #5838
Fixes: 9ba20645b0 ("luci-proto-wireguard: rewrite protocol handler")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
This commit rewrites large chunks of the WireGuard protocol handler in order
to simplify the process of importing and exporting configuration. The major
changes are:
1) The wireguard interface configuration tab (General Settings) gained an
import assistant which allows dragging or pasting a native WireGuard
configuration file in order to import required settrings into uci
2) The peer configuration tab gained a similar import assistant which allows
importing the settings for a WireGuard peer from an existing native
WireGuard configuration file
3) The QR code export feature has been rewritten to make the resulting codes
actually useful for importing into a WireGuard client application.
Additionally the plaintext native WireGuard configuration is displayed
to allow copy-pasting it for use on a Linux or OS X system
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
fixes #5737
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Signed-off-by: Lukas Voegl <lvoegl@tdt.de>
|
|
Implement nested grid section support and use it for wireguard peer config
|
|
luci-proto-wireguard: display interface public key
|
|
Turn the list of configured peers into a grid section in order to improve
the overview of the configuration form.
Fixes: #5489
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The custom code generation markup lacked a required CSS class.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Submitted-by: Robert Walli <12079858+rwalli@users.noreply.github.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Signed-off-by: Paul Dee <itsascambutmailmeanyway@gmail.com>
|
|
The `luci.wireguard.generateQrCode` UBUS method allows injecting
arbitrary shell code by not sanitizing the `privkey` and `allowed_ips`
arguments before concatenating them into shell command expressions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: #5407
Fixes: 03d615f62c ("luci-proto-wireguard: add more options to qr code")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
luci-app-wireguard: fix allowed_ip parsing
|
|
Signed-off-by: lvoegl <lvoegl@tdt.de>
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Signed-off-by: lvoegl <lvoegl@tdt.de>
|
|
Signed-off-by: lvoegl <lvoegl@tdt.de>
|
|
Signed-off-by: lvoegl <lvoegl@tdt.de>
|
|
Signed-off-by: Keith Irwin <git@ki9.us>
|
|
The iptables mark field is 32 bits wide, which is 4 bytes and so 8 hex
characters. Fix the fwmark validation to allow 8 characters in the hex
string.
Fixes: #5098
Suggested-by: Robert <32970961+differentblue@users.noreply.github.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
The introduction of network device configuration support also implemented
all common, protocol-independent interface options directly in the
interface config view, so drop the redundant option definitions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Prepares for 5.10 migration. wireguard-tools will bring in the correct
wireguard kernel module dependency - either kmod-wireguard or
kmod-wireguard-oot.
Depends on https://github.com/openwrt/openwrt/pull/3885
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
|
|
Signed-off-by: Wojciech Jowsa <wojciech.jowsa@gmail.com>
[minor indentation fix, use bound section_id value, remove empty translation]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
This change allows to configure `nohostroute` option for wireguard to explicitely prevent creation
of host routes to endpoints.
By default without `option nohostroute '1'`, an explicite route to the peer's endpoint will be created in the main routing table with the next hop to the gateway. However, it causes issues with some setup. Enabling this option will inhibit this behavior. See discussions at http://lists.openwrt.org/pipermail/openwrt-devel/2019-March/016329.html.
Signed-off-by: Yuxiang Zhu <vfreex@gmail.com>
|
|
The unespaced slashes confuse xgettext and likely other source
scanners as well.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Ensure that the preshared key option remains optional.
Fixes: #3075
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
I tried to find a successor in the last months, but that failed.
Signed-off by Dan Luedtke <mail@danrl.com>
|
|
|
|
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
This allows sharing the translation string with other components.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Adds support for the fwmark option.
FwMark is a 32-bit fwmark for outgoing packets.
If set to 0 or "off", this option is disabled.
Signed-off-by: Dan Luedtke <mail@danrl.com>
|
|
Marks package luci-proto-wireguard as architecture independent.
Signed-off-by: Dan Luedtke <mail@danrl.com>
|
|
Signed-off-by: Dan Luedtke <mail@danrl.com>
|
|
Signed-off-by: Dan Luedtke <mail@danrl.com>
|
|
Enable static addresses on WireGuard tunnel interfaces without requiring
an static address interface.
This removes the requirement to use a static address interface on top of a
WireGuard tunnel interface in the majority of cases. In the past, users have
been confused by the current approach and asked for a simpler way to configure
WireGuard interfaces.
Signed-off-by: Dan Luedtke <mail@danrl.com>
|
|
Description was misleading, as the routes are not created automatically. We have
a flag to create routes. Added a hint what to fill into the AlledIPs field as
users repeatedly have struggled to use it correctly. Thanks to Stefan Agner for
providing feedback on this.
Signed-off-by: Dan Luedtke <mail@danrl.com>
|