From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4b5fpK5RWnz337H for ; Mon, 26 May 2025 15:30:01 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4b5fpG1sk1z2y1D for ; Mon, 26 May 2025 15:29:58 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4b5fpF2nB0zrD; Mon, 26 May 2025 15:29:57 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1748273397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ANASdftQ8UT773doIWtf6DaH+YcklqVKVkk215n12yI=; b=0pfo8ETVXyqtU9R9si4Jx0poBiEhov7uSwASRDL1Cz2KgBzcW6N4sSb6iJeOB8/Ny0w6nt +aOiMqHxi+gpGMCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1748273397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ANASdftQ8UT773doIWtf6DaH+YcklqVKVkk215n12yI=; b=UEAmYzmu9cBG/CjgXpUPfKnFSYbIaAwxnulllJ0AV7C40Ftjbvn59q5O7mfqRjIT6GwnnF hKN7F9aIh/UJE8daSBTlwZd6UDy7yJl4jTXPB+JnTtlesmS4xQfnqPua4No0rQ6u+XJBoh i2Vi26T3RYsLOVmDKwFpVVkBWDGqdb5dLEvch0fbHn+/i4wBQ0j/ucq9OwvOuRZ2t7Q46d UTGGciWC177+MvRlthCbDctAzcHq3XrW0GwNbr/LcBxzjKh2TJhZcDq69w8IvTq5LChyAW CsDi8PCLemz9MGRX9xPSqHjFm59fcIMK/g/1Wo1eYL3ViVtiX/K/1CCjZhKbpA== Message-ID: <60c0fb73-af66-482e-8dff-de9ef10a171c@ipfire.org> Date: Mon, 26 May 2025 17:29:53 +0200 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Subject: Re: [PATCH] index.cgi: Add wireguard status to home screen To: Michael Tremer Cc: development@lists.ipfire.org References: <20250525113501.9516-1-adolf.belka@ipfire.org> <1EA05C7D-F736-435C-91C3-B561BBED0F62@ipfire.org> Content-Language: en-GB From: Adolf Belka In-Reply-To: <1EA05C7D-F736-435C-91C3-B561BBED0F62@ipfire.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi Michael, On 26/05/2025 15:43, Michael Tremer wrote: > Hello, > >> On 26 May 2025, at 13:10, Adolf Belka wrote: >> >> Hi Michael, >> >> On 26/05/2025 12:12, Michael Tremer wrote: >>> Hello Adolf, >>> Thank you for this patch. >>> I have made some further changes to this, but in essence I agree with it: >>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=c29a07b2ee505811a6cd78ca643bf816beb77375 >>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=9f1f3da8f5866098177edd68ef50b238a3dadf6a >>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=8277dec16614df36ed0bd6f687ce244c2d243c62 (not too related) >>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=c00e6e49c3cd0ba0fa3826539c251d757f41bc9a >> >> Those all look good changes. I just copied the existing code for the IPSec line and then edited parts to be for wireguard. > > And this worked absolutely fine. > > I just wanted to make sure that we use the functions we have so that we can have the logic in one place only. Wireguard should then become much easier to maintain and extend later. > >>> Should we also add the N2N connections? >> >> Yes, but I would again just copy the IPSec section and see what looked like it needed to be changed to work for wireguard as I don't fully understand all the code being used. >> >> If anyone else wants to do the changes, I don't have any problems. I won't try anything anyway until I have a working wireguard n2n connection. >> >> I have just been able to get an IPSec N2N connection working which took me a few days. So wireguard is next on the list. Then when I have a working n2n connection I can use that to test any changes I would make to index.cgi >> >> As I would just copy/paste/edit the IPSec block of code it might well be that I end up with something that needs to be further modified, although the enabled check I will now try and remember for other changes. > > I can look at implementing this. > > I just wanted to make sure we want this. I don’t want the index.cgi page to become too slow (it is already one of the slowest ones we have) and I don’t want it to become too long. Ah I had misunderstood you. I don't have a problem not having the wireguard N2N connections on the index.cgi page. You can see the status on the individual pages for IPSec, OpenVPN and WireGuard. If the decision is to not put WireGuard on that page, then I think IPSec and OpenVPN could also be removed. That would then be self consistent and should further help with any speed issues of that page. Regards, Adolf. > > -Michael > >> Regards, >> Adolf. >> >>> -Michael >>>> On 25 May 2025, at 12:35, Adolf Belka wrote: >>>> >>>> - This fix adds a wireguard line to show when it is enabled. >>>> - This fix does not show a table for any net2net connections that are enabled. I have >>>> started working on that but as I only have an OpenVPN n2n connection in place, I can't >>>> test out the copy of the ipsec n2n code section that I have made. I need to get ipsec >>>> and wireguard n2n connections working first. >>>> - If someone else wants to provide a patch for the wireguard n2n connections tables I have >>>> no problems with that. If not then I will submit one when I have been able to test it. >>>> >>>> Tested-by: Adolf Belka >>>> Signed-off-by: Adolf Belka >>>> --- >>>> html/cgi-bin/index.cgi | 20 ++++++++++++++++++-- >>>> 1 file changed, 18 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi >>>> index d9c74ce7f..e28629cc9 100644 >>>> --- a/html/cgi-bin/index.cgi >>>> +++ b/html/cgi-bin/index.cgi >>>> @@ -2,7 +2,7 @@ >>>> ############################################################################### >>>> # # >>>> # IPFire.org - A linux based firewall # >>>> -# Copyright (C) 2007-2023 IPFire Team # >>>> +# Copyright (C) 2007-2025 IPFire Team # >>>> # # >>>> # This program is free software: you can redistribute it and/or modify # >>>> # it under the terms of the GNU General Public License as published by # >>>> @@ -39,6 +39,7 @@ my %netsettings=(); >>>> my %ddnssettings=(); >>>> my %proxysettings=(); >>>> my %vpnsettings=(); >>>> +my %wgsettings=(); >>>> my %vpnconfig=(); >>>> my %ovpnconfig=(); >>>> my $warnmessage = ''; >>>> @@ -60,6 +61,7 @@ $pppsettings{'PROFILENAME'} = 'None'; >>>> &General::readhash("${General::swroot}/ddns/settings", \%ddnssettings); >>>> &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings); >>>> &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); >>>> +&General::readhash("${General::swroot}/wireguard/settings", \%wgsettings); >>>> >>>> my %color = (); >>>> my %mainsettings = (); >>>> @@ -369,7 +371,21 @@ print <>>> Online >>>> >>>> END >>>> - } >>>> +} >>>> + >>>> +#check if WireGuard is running >>>> +if ( $wgsettings{'ENABLED'} eq 'on' ) { >>>> +print<>>> + >>>> + >>>> + $Lang::tr{'wg'} >>>> + >>>> + >>>> + Online >>>> + >>>> +END >>>> +} >>>> + >>>> print""; >>>> &Header::closesection(); >>>> >>>> -- >>>> 2.49.0 >>>> >>>> >> >