From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4b6kkb5QQ1z2ywd for ; Wed, 28 May 2025 09:30:31 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4b6kkX1lsSz2yCS for ; Wed, 28 May 2025 09:30:28 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4b6kkW487gz9T; Wed, 28 May 2025 09:30:27 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1748424627; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IyOrnUJVp1iCHdgZ/Iwjt19JPVZyq5TdEJoLf4c7K9U=; b=v6tG8lxgM0yRFow8xjmRvtqYXEKhkLNdeQReiZ/4n5x2cpQlUx8XQIi8a3AkItR5MO0736 QfDCL9++Bp2FVjAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1748424627; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IyOrnUJVp1iCHdgZ/Iwjt19JPVZyq5TdEJoLf4c7K9U=; b=d9OXFovgB+BS1EOEEy7XqRfO+tfL7K2FGxHzHpHNSS2gfavYo7YBlr13rtjR5XUK/3CR1l lNLfo++42yIjxXbWJz4/R3IcbftqETYOLTYyZhNe2tZEllMjGyHQHulgCcMUQT1V0mnpZl +XKReoJTjtPTjXiqB5Mbjth0Ol+hkDStsWF+uwSCvsCnVdr308eyE5uAhvIa4YV2ZG+p6v SKqVvTkH5PKa3GKUl49q4V9TjzitE4V6tYc3CIt5SV/88H996YSGblS0mvdTrTlujygtVa ywfEXAd14Sg+TdVGl2uo5cmrg7dQqb/xoCCqQzvxtpxuutCe3jnX5pbHqeybbg== Content-Type: text/plain; charset=utf-8 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: [PATCH] index.cgi: Add wireguard status to home screen From: Michael Tremer In-Reply-To: <60c0fb73-af66-482e-8dff-de9ef10a171c@ipfire.org> Date: Wed, 28 May 2025 10:30:27 +0100 Cc: development@lists.ipfire.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20250525113501.9516-1-adolf.belka@ipfire.org> <1EA05C7D-F736-435C-91C3-B561BBED0F62@ipfire.org> <60c0fb73-af66-482e-8dff-de9ef10a171c@ipfire.org> To: Adolf Belka Hello Adolf, I agree. We should be consistent. It would be ideal to pretty much show a summary instead of large tables = as we are doing. I believe there is more value in showing the = connections that are currently down, because that would be a call for = action for the admin to check out why that is. Otherwise we should show = some green checkbox and say =E2=80=9Ceverything is okay=E2=80=9D. That is however not very easy to do without reworking the entire page. = So I would propose we at least remain consistent and add WG N2N. I will submit a patch whenever I find the time for this. This will = probably not land in C195, but this would not be a critical change = anyways. -Michael > On 26 May 2025, at 16:29, Adolf Belka wrote: >=20 > Hi Michael, >=20 > On 26/05/2025 15:43, Michael Tremer wrote: >> Hello, >>> On 26 May 2025, at 13:10, Adolf Belka = wrote: >>>=20 >>> Hi Michael, >>>=20 >>> On 26/05/2025 12:12, Michael Tremer wrote: >>>> Hello Adolf, >>>> Thank you for this patch. >>>> I have made some further changes to this, but in essence I agree = with it: >>>> = https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3Dc29a07b2ee50= 5811a6cd78ca643bf816beb77375 >>>> = https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3D9f1f3da8f586= 6098177edd68ef50b238a3dadf6a >>>> = https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3D8277dec16614= df36ed0bd6f687ce244c2d243c62 (not too related) >>>> = https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3Dc00e6e49c3cd= 0ba0fa3826539c251d757f41bc9a >>>=20 >>> Those all look good changes. I just copied the existing code for the = IPSec line and then edited parts to be for wireguard. >> And this worked absolutely fine. >> I just wanted to make sure that we use the functions we have so that = we can have the logic in one place only. Wireguard should then become = much easier to maintain and extend later. >>>> Should we also add the N2N connections? >>>=20 >>> Yes, but I would again just copy the IPSec section and see what = looked like it needed to be changed to work for wireguard as I don't = fully understand all the code being used. >>>=20 >>> If anyone else wants to do the changes, I don't have any problems. I = won't try anything anyway until I have a working wireguard n2n = connection. >>>=20 >>> I have just been able to get an IPSec N2N connection working which = took me a few days. So wireguard is next on the list. Then when I have a = working n2n connection I can use that to test any changes I would make = to index.cgi >>>=20 >>> As I would just copy/paste/edit the IPSec block of code it might = well be that I end up with something that needs to be further modified, = although the enabled check I will now try and remember for other = changes. >> I can look at implementing this. >> I just wanted to make sure we want this. I don=E2=80=99t want the = index.cgi page to become too slow (it is already one of the slowest ones = we have) and I don=E2=80=99t want it to become too long. >=20 > Ah I had misunderstood you. I don't have a problem not having the = wireguard N2N connections on the index.cgi page. You can see the status = on the individual pages for IPSec, OpenVPN and WireGuard. >=20 > If the decision is to not put WireGuard on that page, then I think = IPSec and OpenVPN could also be removed. That would then be self = consistent and should further help with any speed issues of that page. >=20 > Regards, > Adolf. >=20 >> -Michael >>> Regards, >>> Adolf. >>>=20 >>>> -Michael >>>>> On 25 May 2025, at 12:35, Adolf Belka = wrote: >>>>>=20 >>>>> - This fix adds a wireguard line to show when it is enabled. >>>>> - This fix does not show a table for any net2net connections that = are enabled. I have >>>>> started working on that but as I only have an OpenVPN n2n = connection in place, I can't >>>>> test out the copy of the ipsec n2n code section that I have = made. I need to get ipsec >>>>> and wireguard n2n connections working first. >>>>> - If someone else wants to provide a patch for the wireguard n2n = connections tables I have >>>>> no problems with that. If not then I will submit one when I have = been able to test it. >>>>>=20 >>>>> Tested-by: Adolf Belka >>>>> Signed-off-by: Adolf Belka >>>>> --- >>>>> html/cgi-bin/index.cgi | 20 ++++++++++++++++++-- >>>>> 1 file changed, 18 insertions(+), 2 deletions(-) >>>>>=20 >>>>> diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi >>>>> index d9c74ce7f..e28629cc9 100644 >>>>> --- a/html/cgi-bin/index.cgi >>>>> +++ b/html/cgi-bin/index.cgi >>>>> @@ -2,7 +2,7 @@ >>>>> = ##########################################################################= ##### >>>>> # = # >>>>> # IPFire.org - A linux based firewall = # >>>>> -# Copyright (C) 2007-2023 IPFire Team = # >>>>> +# Copyright (C) 2007-2025 IPFire Team = # >>>>> # = # >>>>> # This program is free software: you can redistribute it and/or = modify # >>>>> # it under the terms of the GNU General Public License as = published by # >>>>> @@ -39,6 +39,7 @@ my %netsettings=3D(); >>>>> my %ddnssettings=3D(); >>>>> my %proxysettings=3D(); >>>>> my %vpnsettings=3D(); >>>>> +my %wgsettings=3D(); >>>>> my %vpnconfig=3D(); >>>>> my %ovpnconfig=3D(); >>>>> my $warnmessage =3D ''; >>>>> @@ -60,6 +61,7 @@ $pppsettings{'PROFILENAME'} =3D 'None'; >>>>> &General::readhash("${General::swroot}/ddns/settings", = \%ddnssettings); >>>>> &General::readhash("${General::swroot}/proxy/advanced/settings", = \%proxysettings); >>>>> &General::readhash("${General::swroot}/vpn/settings", = \%vpnsettings); >>>>> +&General::readhash("${General::swroot}/wireguard/settings", = \%wgsettings); >>>>>=20 >>>>> my %color =3D (); >>>>> my %mainsettings =3D (); >>>>> @@ -369,7 +371,21 @@ print <>>>> Online >>>>> >>>>> END >>>>> - } >>>>> +} >>>>> + >>>>> +#check if WireGuard is running >>>>> +if ( $wgsettings{'ENABLED'} eq 'on' ) { >>>>> +print<>>>> + >>>>> + >>>>> + $Lang::tr{'wg'} >>>>> + >>>>> + >>>>> + Online >>>>> + >>>>> +END >>>>> +} >>>>> + >>>>> print""; >>>>> &Header::closesection(); >>>>>=20 >>>>> --=20 >>>>> 2.49.0