* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 569a0a9d33e37c6967c47033bed75cdca8984fd1
@ 2025-04-26 13:04 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-04-26 13:04 UTC (permalink / raw)
To: ipfire-scm
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 59735 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 569a0a9d33e37c6967c47033bed75cdca8984fd1 (commit)
via 9fba112e94900d0a64a140a7d945d7ec651ce7ae (commit)
via 459bb750298c09990c0c8d4677f0f442887304d0 (commit)
via 361437f82984effc7408d4428cd6c89855163de4 (commit)
via 5abfabb8bd81ded8c01f34e71b0d01717a4952b4 (commit)
via 0dc47e5dbd6df2ba54f20617bd54b2ae3f0bbec5 (commit)
via fa53185b7b50b3ffb40186a3c7d1c7a0204ca8cc (commit)
via cae7916decc645cd7ea9cefec739db0f9da93354 (commit)
via 0bdbbd0e323062eab81504f61affc985e2c44cae (commit)
from d0943219087f39fe69a47e20dff748297e4a5fb7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 569a0a9d33e37c6967c47033bed75cdca8984fd1
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Apr 26 15:03:53 2025 +0200
langs: Add German translation for WireGuard
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 9fba112e94900d0a64a140a7d945d7ec651ce7ae
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Apr 26 14:37:29 2025 +0200
wireguard.cgi: Check the first available option on add
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 459bb750298c09990c0c8d4677f0f442887304d0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Apr 26 14:30:44 2025 +0200
wireguard: Automatically apply MASQUERADE for peers with local address
In this case we are the client and we cannot leak any local subnets.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 361437f82984effc7408d4428cd6c89855163de4
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Apr 26 14:25:27 2025 +0200
wireguard: Support having a local IP address
This is what we need to support VPN providers.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5abfabb8bd81ded8c01f34e71b0d01717a4952b4
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Apr 26 14:04:54 2025 +0200
wireguard-functions.pl: Complain if required fields are missing
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0dc47e5dbd6df2ba54f20617bd54b2ae3f0bbec5
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Apr 26 13:54:30 2025 +0200
wireguard.cgi: Rebuild the importer
This is now a two-step process that is asking for all sorts of required
information.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit fa53185b7b50b3ffb40186a3c7d1c7a0204ca8cc
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Apr 26 13:13:32 2025 +0200
wireguard.cgi: Add some extra spacing when chosing a connection type
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit cae7916decc645cd7ea9cefec739db0f9da93354
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Apr 26 13:06:47 2025 +0200
wireguard.cgi: Allow full access to everywhere by default for RW
I think this is a more what people would expect.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 0bdbbd0e323062eab81504f61affc985e2c44cae
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat Apr 26 13:05:18 2025 +0200
wireguard.cgi: Fail if we are trying to edit a peer that does not exist
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/wireguard-functions.pl | 57 ++++++++-
doc/language_issues.de | 36 ------
doc/language_issues.en | 9 ++
doc/language_issues.es | 9 +-
doc/language_issues.fr | 9 +-
doc/language_issues.it | 9 +-
doc/language_issues.nl | 9 +-
doc/language_issues.pl | 9 +-
doc/language_issues.ru | 9 +-
doc/language_issues.tr | 9 +-
doc/language_missings | 91 ++++++++------
html/cgi-bin/wireguard.cgi | 223 +++++++++++++++++++++++++++++-----
langs/de/cgi-bin/de.pl | 43 +++++++
langs/en/cgi-bin/en.pl | 8 ++
src/initscripts/system/firewall | 4 +
src/initscripts/system/wireguard | 17 ++-
16 files changed, 433 insertions(+), 118 deletions(-)
Difference in files:
diff --git a/config/cfgroot/wireguard-functions.pl b/config/cfgroot/wireguard-functions.pl
index c8af939b5..53e8f1a38 100644
--- a/config/cfgroot/wireguard-functions.pl
+++ b/config/cfgroot/wireguard-functions.pl
@@ -190,6 +190,7 @@ sub load_peer($) {
"LOCAL_SUBNETS" => &decode_subnets($peers{$key}[10]),
"PSK" => $peers{$key}[11],
"KEEPALIVE" => $peers{$key}[12],
+ "LOCAL_ADDRESS" => $peers{$key}[13],
"INTERFACE" => ($type eq "host") ? "wg0" : "wg${key}",
);
@@ -453,10 +454,13 @@ sub generate_peer_configuration($$) {
return join("\n", @conf);
}
-sub parse_configuration($) {
+sub parse_configuration($$) {
+ my $name = shift;
my $fh = shift;
- my %peer = ();
+ my %peer = (
+ "NAME" => $name,
+ );
# Collect any errors
my @errormessages = ();
@@ -465,6 +469,16 @@ sub parse_configuration($) {
my $key = undef;
my $val = undef;
+ # Check if the name is valid
+ unless (&Wireguard::name_is_valid($name)) {
+ push(@errormessages, $Lang::tr{'wg invalid name'});
+ }
+
+ # Check if the name is already taken
+ unless (&Wireguard::name_is_free($name)) {
+ push(@errormessages, $Lang::tr{'wg name is already used'});
+ }
+
while (<$fh>) {
# Remove line breaks
chomp;
@@ -493,11 +507,19 @@ sub parse_configuration($) {
# Address
if ($key eq "Address") {
if (&Network::check_ip_address($val)) {
- $peer{'CLIENT_ADDRESS'} = $val;
+ $peer{'LOCAL_ADDRESS'} = $val;
} else {
push(@errormessages, $Lang::tr{'invalid ip address'});
}
+ # Port
+ } elsif ($key eq "Port") {
+ if (&General::validport($val)) {
+ $peer{'PORT'} = $val;
+ } else {
+ push(@errormessages, $Lang::tr{'wg invalid endpoint port'});
+ }
+
# PrivateKey
} elsif ($key eq "PrivateKey") {
if (&key_is_valid($val)) {
@@ -536,7 +558,7 @@ sub parse_configuration($) {
}
}
- $peer{'REMOTE_SUBNETS'} = join(", ", @networks);
+ $peer{'REMOTE_SUBNETS'} = \@networks;
# Endpoint
} elsif ($key eq "Endpoint") {
my $address = $val;
@@ -578,7 +600,32 @@ sub parse_configuration($) {
}
}
- return %peer, @errormessages;
+ # Check if we have all required properties
+ unless (exists $peer{"PRIVATE_KEY"}) {
+ push(@errormessages, $Lang::tr{'wg missing private key'});
+ }
+
+ unless (exists $peer{"PUBLIC_KEY"}) {
+ push(@errormessages, $Lang::tr{'wg missing public key'});
+ }
+
+ unless (exists $peer{"REMOTE_SUBNETS"}) {
+ push(@errormessages, $Lang::tr{'wg missing allowed ips'});
+ }
+
+ unless (exists $peer{"PORT"}) {
+ push(@errormessages, $Lang::tr{'wg missing port'});
+ }
+
+ unless (exists $peer{"ENDPOINT_ADDRESS"}) {
+ push(@errormessages, $Lang::tr{'wg missing endpoint address'});
+ }
+
+ unless (exists $peer{"ENDPOINT_PORT"}) {
+ push(@errormessages, $Lang::tr{'wg missing endpoint port'});
+ }
+
+ return \%peer, @errormessages;
}
sub get_free_port() {
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 090850fbe..a8626e352 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -417,7 +417,6 @@ WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: ike lifetime
-WARNING: translation string unused: import
WARNING: translation string unused: importkey
WARNING: translation string unused: in
WARNING: translation string unused: inactive
@@ -964,9 +963,6 @@ WARNING: untranslated string: download apple profile = Download Apple Configurat
WARNING: untranslated string: enable = Enable
WARNING: untranslated string: enable disable client = unknown string
WARNING: untranslated string: enable disable dyndns = unknown string
-WARNING: untranslated string: endpoint = Endpoint
-WARNING: untranslated string: endpoint address = Endpoint Address
-WARNING: untranslated string: endpoint port = Endpoint Port
WARNING: untranslated string: error message = unknown string
WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date!
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
@@ -1011,7 +1007,6 @@ WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS
WARNING: untranslated string: ipsec invalid ip address or fqdn for rw endpoint = Invalid IP address or FQDN for Host-to-Net Endpoint
WARNING: untranslated string: ipsec roadwarrior endpoint = Host-to-Net Endpoint
WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation
-WARNING: untranslated string: local subnets = Local Subnets
WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks
WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks
WARNING: untranslated string: netbios nameserver daemon = NetBIOS Nameserver Daemon
@@ -1020,14 +1015,11 @@ WARNING: untranslated string: oops something went wrong = Oops, something went w
WARNING: untranslated string: optional = Optional
WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server
WARNING: untranslated string: pakfire invalid tree = Invalid repository selected
-WARNING: untranslated string: public key = Public Key
-WARNING: untranslated string: qr code = QR Code
WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS)
WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: remarks = Remarks
-WARNING: untranslated string: remote subnets = Remote Subnets
WARNING: untranslated string: required = Required
WARNING: untranslated string: route config changed = unknown string
WARNING: untranslated string: routing = Routing
@@ -1039,34 +1031,6 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key
WARNING: untranslated string: smb daemon = SMB Daemon
WARNING: untranslated string: subscription code = Subscription code
WARNING: untranslated string: user management = User Management
-WARNING: untranslated string: wg client pool = Client Pool
-WARNING: untranslated string: wg create host-to-net peer = Create A New Host-To-Net Peer
-WARNING: untranslated string: wg create net-to-net peer = Create A New Net-To-Net Peer
-WARNING: untranslated string: wg dns = DNS
-WARNING: untranslated string: wg download configuration file = Download the configuration file
-WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
-WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
-WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
-WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
-WARNING: untranslated string: wg invalid client pool = Invalid client pool
-WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
-WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
-WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
-WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
-WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
-WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
-WARNING: untranslated string: wg invalid public key = Invalid public key
-WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
-WARNING: untranslated string: wg keepalive interval = Keepalive Interval
-WARNING: untranslated string: wg name is already used = The name is already in use
-WARNING: untranslated string: wg no local subnets = No local subnets given
-WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
-WARNING: untranslated string: wg no remote subnets = No remote subnets given
-WARNING: untranslated string: wg peer configuration = Peer Configuration
-WARNING: untranslated string: wg peer does not exist = Peer does not exist
-WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers
-WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client.
-WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.
WARNING: untranslated string: winbind daemon = Winbind Daemon
WARNING: untranslated string: wio = unknown string
WARNING: untranslated string: wio checked = unknown string
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 1c1c546f7..1fdb40a87 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -479,6 +479,7 @@ WARNING: untranslated string: common name = Common name
WARNING: untranslated string: comp-lzo = LZO-Compression:
WARNING: untranslated string: computer to modem rate = Computer to modem rate:
WARNING: untranslated string: concentrator name = Concentrator name:
+WARNING: untranslated string: configuration file = Configuration File
WARNING: untranslated string: confirmation = confirmation
WARNING: untranslated string: connect timeout = Connect timeout:
WARNING: untranslated string: connected = Connected
@@ -1078,6 +1079,7 @@ WARNING: untranslated string: iface = Iface
WARNING: untranslated string: ignore filter = Ignore filter
WARNING: untranslated string: ike lifetime should be between 1 and 24 hours = IKE lifetime should be between 1 and 24 hours.
WARNING: untranslated string: imei = IMEI
+WARNING: untranslated string: import = Import
WARNING: untranslated string: import connection = Import a Connection
WARNING: untranslated string: imsi = IMSI
WARNING: untranslated string: include logfiles = Include logfiles
@@ -2164,6 +2166,7 @@ WARNING: untranslated string: wg download configuration file = Download the conf
WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg import peer = Import Peer
WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
WARNING: untranslated string: wg invalid client pool = Invalid client pool
WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
@@ -2176,6 +2179,12 @@ WARNING: untranslated string: wg invalid public key = Invalid public key
WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
WARNING: untranslated string: wg keepalive interval = Keepalive Interval
WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg missing allowed ips = Missing AllowedIPs
+WARNING: untranslated string: wg missing endpoint address = Missing Endpoint Address
+WARNING: untranslated string: wg missing endpoint port = Missing Endpoint Port
+WARNING: untranslated string: wg missing port = Missing Port
+WARNING: untranslated string: wg missing private key = Missing Private Key
+WARNING: untranslated string: wg missing public key = Missing Public Key
WARNING: untranslated string: wg name is already used = The name is already in use
WARNING: untranslated string: wg no local subnets = No local subnets given
WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
diff --git a/doc/language_issues.es b/doc/language_issues.es
index cf7237435..6ff02aa04 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -458,7 +458,6 @@ WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: ike lifetime
-WARNING: translation string unused: import
WARNING: translation string unused: importkey
WARNING: translation string unused: in
WARNING: translation string unused: inactive
@@ -1012,6 +1011,7 @@ WARNING: untranslated string: access point name is required = Access Point Name
WARNING: untranslated string: allowed subnets = Allowed Subnets
WARNING: untranslated string: bypassed = Bypassed
WARNING: untranslated string: ca name must only contain characters and spaces = unknown string
+WARNING: untranslated string: configuration file = Configuration File
WARNING: untranslated string: cpu frequency = CPU frequency
WARNING: untranslated string: data transfer = Data Transfer
WARNING: untranslated string: dhcp fixed ip address in dynamic range = Fixed IP Address in dynamic range
@@ -1122,6 +1122,7 @@ WARNING: untranslated string: wg download configuration file = Download the conf
WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg import peer = Import Peer
WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
WARNING: untranslated string: wg invalid client pool = Invalid client pool
WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
@@ -1134,6 +1135,12 @@ WARNING: untranslated string: wg invalid public key = Invalid public key
WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
WARNING: untranslated string: wg keepalive interval = Keepalive Interval
WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg missing allowed ips = Missing AllowedIPs
+WARNING: untranslated string: wg missing endpoint address = Missing Endpoint Address
+WARNING: untranslated string: wg missing endpoint port = Missing Endpoint Port
+WARNING: untranslated string: wg missing port = Missing Port
+WARNING: untranslated string: wg missing private key = Missing Private Key
+WARNING: untranslated string: wg missing public key = Missing Public Key
WARNING: untranslated string: wg name is already used = The name is already in use
WARNING: untranslated string: wg no local subnets = No local subnets given
WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 702911061..2b9cd9d50 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -443,7 +443,6 @@ WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: ike lifetime
-WARNING: translation string unused: import
WARNING: translation string unused: importkey
WARNING: translation string unused: in
WARNING: translation string unused: inactive
@@ -977,6 +976,7 @@ WARNING: translation string unused: zoneconf val zoneslave amount error
WARNING: untranslated string: allowed subnets = Allowed Subnets
WARNING: untranslated string: bypassed = Bypassed
WARNING: untranslated string: ca name must only contain characters and spaces = unknown string
+WARNING: untranslated string: configuration file = Configuration File
WARNING: untranslated string: core notice 3 = available.
WARNING: untranslated string: data transfer = Data Transfer
WARNING: untranslated string: done = Done
@@ -1062,6 +1062,7 @@ WARNING: untranslated string: wg download configuration file = Download the conf
WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg import peer = Import Peer
WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
WARNING: untranslated string: wg invalid client pool = Invalid client pool
WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
@@ -1074,6 +1075,12 @@ WARNING: untranslated string: wg invalid public key = Invalid public key
WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
WARNING: untranslated string: wg keepalive interval = Keepalive Interval
WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg missing allowed ips = Missing AllowedIPs
+WARNING: untranslated string: wg missing endpoint address = Missing Endpoint Address
+WARNING: untranslated string: wg missing endpoint port = Missing Endpoint Port
+WARNING: untranslated string: wg missing port = Missing Port
+WARNING: untranslated string: wg missing private key = Missing Private Key
+WARNING: untranslated string: wg missing public key = Missing Public Key
WARNING: untranslated string: wg name is already used = The name is already in use
WARNING: untranslated string: wg no local subnets = No local subnets given
WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 3d93239af..445a1a76c 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -409,7 +409,6 @@ WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: ike lifetime
-WARNING: translation string unused: import
WARNING: translation string unused: importkey
WARNING: translation string unused: in
WARNING: translation string unused: inactive
@@ -996,6 +995,7 @@ WARNING: untranslated string: cake profile pppoe-ptm 27 = PPPoE PTM (27 bytes)
WARNING: untranslated string: cake profile pppoe-vcmux 32 = PPPoE VC-MUX (32 bytes)
WARNING: untranslated string: cake profile raw 0 = Raw (no overhead compensation)
WARNING: untranslated string: check all = Check all
+WARNING: untranslated string: configuration file = Configuration File
WARNING: untranslated string: core update = Core-Update
WARNING: untranslated string: cpu frequency = CPU frequency
WARNING: untranslated string: crypto error = Cryptographic error
@@ -1408,6 +1408,7 @@ WARNING: untranslated string: wg download configuration file = Download the conf
WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg import peer = Import Peer
WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
WARNING: untranslated string: wg invalid client pool = Invalid client pool
WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
@@ -1420,6 +1421,12 @@ WARNING: untranslated string: wg invalid public key = Invalid public key
WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
WARNING: untranslated string: wg keepalive interval = Keepalive Interval
WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg missing allowed ips = Missing AllowedIPs
+WARNING: untranslated string: wg missing endpoint address = Missing Endpoint Address
+WARNING: untranslated string: wg missing endpoint port = Missing Endpoint Port
+WARNING: untranslated string: wg missing port = Missing Port
+WARNING: untranslated string: wg missing private key = Missing Private Key
+WARNING: untranslated string: wg missing public key = Missing Public Key
WARNING: untranslated string: wg name is already used = The name is already in use
WARNING: untranslated string: wg no local subnets = No local subnets given
WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index f1090fc33..055d8e98d 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -411,7 +411,6 @@ WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: ike lifetime
-WARNING: translation string unused: import
WARNING: translation string unused: importkey
WARNING: translation string unused: in
WARNING: translation string unused: inactive
@@ -998,6 +997,7 @@ WARNING: untranslated string: cake profile pppoe-vcmux 32 = PPPoE VC-MUX (32 byt
WARNING: untranslated string: cake profile raw 0 = Raw (no overhead compensation)
WARNING: untranslated string: capabilities = Capabilities
WARNING: untranslated string: check all = Check all
+WARNING: untranslated string: configuration file = Configuration File
WARNING: untranslated string: cpu frequency = CPU frequency
WARNING: untranslated string: crypto error = Cryptographic error
WARNING: untranslated string: crypto warning = Cryptographic warning
@@ -1429,6 +1429,7 @@ WARNING: untranslated string: wg download configuration file = Download the conf
WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg import peer = Import Peer
WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
WARNING: untranslated string: wg invalid client pool = Invalid client pool
WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
@@ -1441,6 +1442,12 @@ WARNING: untranslated string: wg invalid public key = Invalid public key
WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
WARNING: untranslated string: wg keepalive interval = Keepalive Interval
WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg missing allowed ips = Missing AllowedIPs
+WARNING: untranslated string: wg missing endpoint address = Missing Endpoint Address
+WARNING: untranslated string: wg missing endpoint port = Missing Endpoint Port
+WARNING: untranslated string: wg missing port = Missing Port
+WARNING: untranslated string: wg missing private key = Missing Private Key
+WARNING: untranslated string: wg missing public key = Missing Public Key
WARNING: untranslated string: wg name is already used = The name is already in use
WARNING: untranslated string: wg no local subnets = No local subnets given
WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 1db36fb67..e0a57174d 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -350,7 +350,6 @@ WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: ike lifetime
-WARNING: translation string unused: import
WARNING: translation string unused: importkey
WARNING: translation string unused: in
WARNING: translation string unused: inactive
@@ -960,6 +959,7 @@ WARNING: untranslated string: ccd routes = Routing:
WARNING: untranslated string: ccd subnet = Subnet
WARNING: untranslated string: ccd used = Used addresses
WARNING: untranslated string: check all = Check all
+WARNING: untranslated string: configuration file = Configuration File
WARNING: untranslated string: core update = Core-Update
WARNING: untranslated string: count = Count
WARNING: untranslated string: countries = Countries
@@ -1671,6 +1671,7 @@ WARNING: untranslated string: wg download configuration file = Download the conf
WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg import peer = Import Peer
WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
WARNING: untranslated string: wg invalid client pool = Invalid client pool
WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
@@ -1683,6 +1684,12 @@ WARNING: untranslated string: wg invalid public key = Invalid public key
WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
WARNING: untranslated string: wg keepalive interval = Keepalive Interval
WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg missing allowed ips = Missing AllowedIPs
+WARNING: untranslated string: wg missing endpoint address = Missing Endpoint Address
+WARNING: untranslated string: wg missing endpoint port = Missing Endpoint Port
+WARNING: untranslated string: wg missing port = Missing Port
+WARNING: untranslated string: wg missing private key = Missing Private Key
+WARNING: untranslated string: wg missing public key = Missing Public Key
WARNING: untranslated string: wg name is already used = The name is already in use
WARNING: untranslated string: wg no local subnets = No local subnets given
WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 4d29c4f95..5745996bc 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -346,7 +346,6 @@ WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: ike lifetime
-WARNING: translation string unused: import
WARNING: translation string unused: importkey
WARNING: translation string unused: in
WARNING: translation string unused: inactive
@@ -955,6 +954,7 @@ WARNING: untranslated string: ccd routes = Routing:
WARNING: untranslated string: ccd subnet = Subnet
WARNING: untranslated string: ccd used = Used addresses
WARNING: untranslated string: check all = Check all
+WARNING: untranslated string: configuration file = Configuration File
WARNING: untranslated string: core update = Core-Update
WARNING: untranslated string: count = Count
WARNING: untranslated string: countries = Countries
@@ -1664,6 +1664,7 @@ WARNING: untranslated string: wg download configuration file = Download the conf
WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg import peer = Import Peer
WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
WARNING: untranslated string: wg invalid client pool = Invalid client pool
WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
@@ -1676,6 +1677,12 @@ WARNING: untranslated string: wg invalid public key = Invalid public key
WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
WARNING: untranslated string: wg keepalive interval = Keepalive Interval
WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg missing allowed ips = Missing AllowedIPs
+WARNING: untranslated string: wg missing endpoint address = Missing Endpoint Address
+WARNING: untranslated string: wg missing endpoint port = Missing Endpoint Port
+WARNING: untranslated string: wg missing port = Missing Port
+WARNING: untranslated string: wg missing private key = Missing Private Key
+WARNING: untranslated string: wg missing public key = Missing Public Key
WARNING: untranslated string: wg name is already used = The name is already in use
WARNING: untranslated string: wg no local subnets = No local subnets given
WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 2da19f276..833d450ab 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -435,7 +435,6 @@ WARNING: translation string unused: ike encryption
WARNING: translation string unused: ike grouptype
WARNING: translation string unused: ike integrity
WARNING: translation string unused: ike lifetime
-WARNING: translation string unused: import
WARNING: translation string unused: importkey
WARNING: translation string unused: in
WARNING: translation string unused: inactive
@@ -981,6 +980,7 @@ WARNING: untranslated string: cake profile pppoe-llcsnap 40 = PPPoE LLC SNAP (40
WARNING: untranslated string: cake profile pppoe-ptm 27 = PPPoE PTM (27 bytes)
WARNING: untranslated string: cake profile pppoe-vcmux 32 = PPPoE VC-MUX (32 bytes)
WARNING: untranslated string: cake profile raw 0 = Raw (no overhead compensation)
+WARNING: untranslated string: configuration file = Configuration File
WARNING: untranslated string: core update = Core-Update
WARNING: untranslated string: cpu frequency = CPU frequency
WARNING: untranslated string: crypto error = Cryptographic error
@@ -1291,6 +1291,7 @@ WARNING: untranslated string: wg download configuration file = Download the conf
WARNING: untranslated string: wg edit host-to-net peer = Edit Host-To-Net Peer
WARNING: untranslated string: wg edit net-to-net peer = Edit Net-To-Net Peer
WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg import peer = Import Peer
WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
WARNING: untranslated string: wg invalid client pool = Invalid client pool
WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
@@ -1303,6 +1304,12 @@ WARNING: untranslated string: wg invalid public key = Invalid public key
WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
WARNING: untranslated string: wg keepalive interval = Keepalive Interval
WARNING: untranslated string: wg leave empty to automatically select = Leave empty to automatically select
+WARNING: untranslated string: wg missing allowed ips = Missing AllowedIPs
+WARNING: untranslated string: wg missing endpoint address = Missing Endpoint Address
+WARNING: untranslated string: wg missing endpoint port = Missing Endpoint Port
+WARNING: untranslated string: wg missing port = Missing Port
+WARNING: untranslated string: wg missing private key = Missing Private Key
+WARNING: untranslated string: wg missing public key = Missing Public Key
WARNING: untranslated string: wg name is already used = The name is already in use
WARNING: untranslated string: wg no local subnets = No local subnets given
WARNING: untranslated string: wg no more free addresses in pool = No more free addresses in pool
diff --git a/doc/language_missings b/doc/language_missings
index 48b98ce74..acaa30814 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -56,9 +56,6 @@
< dns could not add server
< download apple profile
< enable
-< endpoint
-< endpoint address
-< endpoint port
< error the to date has to be later than the from date
< extrahd because it it outside the allowed mount path
< fwdfw syn flood protection
@@ -77,7 +74,6 @@
< ipsec invalid ip address or fqdn for rw endpoint
< ipsec roadwarrior endpoint
< link-layer encapsulation
-< local subnets
< log drop hostile in
< log drop hostile out
< netbios nameserver daemon
@@ -90,8 +86,6 @@
< pakfire dependencies found
< pakfire no dependencies found
< pakfire resolvedeps wait
-< public key
-< qr code
< quick control
< random number generator daemon
< regenerate host certificate
@@ -99,7 +93,6 @@
< reiserfs warning1
< reiserfs warning2
< remarks
-< remote subnets
< required
< routing
< samba server role member
@@ -119,37 +112,9 @@
< vpn configuration main
< wg
< wg client configuration file
-< wg client pool
-< wg create host-to-net peer
-< wg create net-to-net peer
< wg create peer
-< wg dns
-< wg download configuration file
-< wg edit host-to-net peer
-< wg edit net-to-net peer
< wg edit peer
-< wg host to net client settings
-< wg invalid client dns
-< wg invalid client pool
-< wg invalid endpoint address
-< wg invalid endpoint port
-< wg invalid keepalive interval
-< wg invalid local subnet
-< wg invalid name
-< wg invalid psk
-< wg invalid public key
-< wg invalid remote subnet
-< wg keepalive interval
-< wg name is already used
-< wg no local subnets
-< wg no more free addresses in pool
-< wg no remote subnets
-< wg peer configuration
-< wg peer does not exist
< wg pre-shared key (optional)
-< wg rw peers
-< wg scan the qr code
-< wg warning configuration only shown once
< winbind daemon
< wireguard
< wlanap 802.11w disabled
@@ -170,6 +135,7 @@
< allowed subnets
< bypassed
< ca name must only contain characters or spaces
+< configuration file
< cpu frequency
< data transfer
< dhcp fixed ip address in dynamic range
@@ -246,6 +212,7 @@
< wg edit net-to-net peer
< wg edit peer
< wg host to net client settings
+< wg import peer
< wg invalid client dns
< wg invalid client pool
< wg invalid endpoint address
@@ -258,6 +225,12 @@
< wg invalid remote subnet
< wg keepalive interval
< wg leave empty to automatically select
+< wg missing allowed ips
+< wg missing endpoint address
+< wg missing endpoint port
+< wg missing port
+< wg missing private key
+< wg missing public key
< wg name is already used
< wg no local subnets
< wg no more free addresses in pool
@@ -286,6 +259,7 @@
< bewan adsl usb
< bypassed
< ca name must only contain characters or spaces
+< configuration file
< data transfer
< done
< endpoint
@@ -343,6 +317,7 @@
< wg edit net-to-net peer
< wg edit peer
< wg host to net client settings
+< wg import peer
< wg invalid client dns
< wg invalid client pool
< wg invalid endpoint address
@@ -355,6 +330,12 @@
< wg invalid remote subnet
< wg keepalive interval
< wg leave empty to automatically select
+< wg missing allowed ips
+< wg missing endpoint address
+< wg missing endpoint port
+< wg missing port
+< wg missing private key
+< wg missing public key
< wg name is already used
< wg no local subnets
< wg no more free addresses in pool
@@ -482,6 +463,7 @@
< Captive WiFi coupon
< Captive wrong type
< check all
+< configuration file
< core update
< cpu frequency
< crypto error
@@ -894,6 +876,7 @@
< wg edit net-to-net peer
< wg edit peer
< wg host to net client settings
+< wg import peer
< wg invalid client dns
< wg invalid client pool
< wg invalid endpoint address
@@ -906,6 +889,12 @@
< wg invalid remote subnet
< wg keepalive interval
< wg leave empty to automatically select
+< wg missing allowed ips
+< wg missing endpoint address
+< wg missing endpoint port
+< wg missing port
+< wg missing private key
+< wg missing public key
< wg name is already used
< wg no local subnets
< wg no more free addresses in pool
@@ -1085,6 +1074,7 @@
< Captive WiFi coupon
< Captive wrong type
< check all
+< configuration file
< cpu frequency
< crypto error
< cryptographic settings
@@ -1521,6 +1511,7 @@
< wg edit net-to-net peer
< wg edit peer
< wg host to net client settings
+< wg import peer
< wg invalid client dns
< wg invalid client pool
< wg invalid endpoint address
@@ -1533,6 +1524,12 @@
< wg invalid remote subnet
< wg keepalive interval
< wg leave empty to automatically select
+< wg missing allowed ips
+< wg missing endpoint address
+< wg missing endpoint port
+< wg missing port
+< wg missing private key
+< wg missing public key
< wg name is already used
< wg no local subnets
< wg no more free addresses in pool
@@ -1766,6 +1763,7 @@
< ccd used
< check all
< community rules
+< configuration file
< ConnSched dial
< ConnSched hangup
< ConnSched reboot
@@ -2564,6 +2562,7 @@
< wg edit net-to-net peer
< wg edit peer
< wg host to net client settings
+< wg import peer
< wg invalid client dns
< wg invalid client pool
< wg invalid endpoint address
@@ -2576,6 +2575,12 @@
< wg invalid remote subnet
< wg keepalive interval
< wg leave empty to automatically select
+< wg missing allowed ips
+< wg missing endpoint address
+< wg missing endpoint port
+< wg missing port
+< wg missing private key
+< wg missing public key
< wg name is already used
< wg no local subnets
< wg no more free addresses in pool
@@ -2841,6 +2846,7 @@
< ccd used
< check all
< community rules
+< configuration file
< ConnSched dial
< ConnSched hangup
< ConnSched reboot
@@ -3644,6 +3650,7 @@
< wg edit net-to-net peer
< wg edit peer
< wg host to net client settings
+< wg import peer
< wg invalid client dns
< wg invalid client pool
< wg invalid endpoint address
@@ -3656,6 +3663,12 @@
< wg invalid remote subnet
< wg keepalive interval
< wg leave empty to automatically select
+< wg missing allowed ips
+< wg missing endpoint address
+< wg missing endpoint port
+< wg missing port
+< wg missing private key
+< wg missing public key
< wg name is already used
< wg no local subnets
< wg no more free addresses in pool
@@ -3802,6 +3815,7 @@
< cake profile raw 0
< ca name must only contain characters or spaces
< Captive delete logo
+< configuration file
< core update
< cpu frequency
< crypto error
@@ -4101,6 +4115,7 @@
< wg edit net-to-net peer
< wg edit peer
< wg host to net client settings
+< wg import peer
< wg invalid client dns
< wg invalid client pool
< wg invalid endpoint address
@@ -4113,6 +4128,12 @@
< wg invalid remote subnet
< wg keepalive interval
< wg leave empty to automatically select
+< wg missing allowed ips
+< wg missing endpoint address
+< wg missing endpoint port
+< wg missing port
+< wg missing private key
+< wg missing public key
< wg name is already used
< wg no local subnets
< wg no more free addresses in pool
diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi
index 6213fd342..a53016076 100644
--- a/html/cgi-bin/wireguard.cgi
+++ b/html/cgi-bin/wireguard.cgi
@@ -153,6 +153,7 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
"LOCAL_SUBNETS" => join(", ", @$local_subnets),
"PSK" => $Wireguard::peers{$key}[11],
"KEEPALIVE" => $Wireguard::peers{$key}[12],
+ "LOCAL_ADDRESS" => $Wireguard::peers{$key}[13],
);
# Jump to the editor
@@ -164,6 +165,75 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
die "Unsupported type: $type";
}
+} elsif ($cgiparams{"ACTION"} eq "IMPORT") {
+ my @local_subnets = ();
+ my $peer;
+
+ # Parse the configuration file
+ ($peer, @errormessages) = &Wireguard::parse_configuration($cgiparams{'NAME'}, $cgiparams{'FH'});
+
+ # Check local subnets
+ if (defined $cgiparams{'LOCAL_SUBNETS'}) {
+ @local_subnets = split(/,/, $cgiparams{'LOCAL_SUBNETS'});
+
+ foreach my $subnet (@local_subnets) {
+ $subnet =~ s/^\s+//g;
+ $subnet =~ s/\s+$//g;
+
+ unless (&Network::check_subnet($subnet)) {
+ push(@errormessages, $Lang::tr{'wg invalid local subnet'} . ": ${subnet}");
+ }
+ }
+ } else {
+ push(@errormessages, $Lang::tr{'wg no local subnets'});
+ }
+
+ # Show any error messages
+ goto IMPORT if (@errormessages);
+
+ # Allocate a new key
+ my $key = &General::findhasharraykey(\%Wireguard::peers);
+
+ # Save the connection
+ $Wireguard::peers{$key} = [
+ # 0 = Enabled
+ "on",
+ # 1 = Type
+ "net",
+ # 2 = Name
+ $peer->{"NAME"},
+ # 3 = Remote Public Key
+ $peer->{"PUBLIC_KEY"},
+ # 4 = Local Private Key
+ $peer->{"PRIVATE_KEY"},
+ # 5 = Port
+ $peer->{"PORT"},
+ # 6 = Endpoint Address
+ $peer->{"ENDPOINT_ADDRESS"},
+ # 7 = Endpoint Port
+ $peer->{"ENDPOINT_PORT"},
+ # 8 = Remote Subnets
+ &Wireguard::encode_subnets(@{ $peer->{"REMOTE_SUBNETS"} }),
+ # 9 = Remark
+ &Wireguard::encode_remarks($cgiparams{"REMARKS"}),
+ # 10 = Local Subnets
+ &Wireguard::encode_subnets(@local_subnets),
+ # 11 = PSK
+ $peer->{"PSK"},
+ # 12 = Keepalive
+ $peer->{"KEEPALIVE"} || $Wireguard::DEFAULT_KEEPALIVE,
+ # 13 = Local Address
+ $peer->{"LOCAL_ADDRESS"},
+ ];
+
+ # Store the configuration
+ &General::writehasharray("/var/ipfire/wireguard/peers", \%Wireguard::peers);
+
+ # Reload if enabled
+ if ($Wireguard::settings{'ENABLED'} eq "on") {
+ &General::system("/usr/local/bin/wireguardctrl", "start");
+ }
+
} elsif ($cgiparams{"ACTION"} eq "CREATE-PEER-NET") {
my @local_subnets = ();
my @remote_subnets = ();
@@ -271,6 +341,8 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
$psk,
# 12 = Keepalive
$Wireguard::DEFAULT_KEEPALIVE,
+ # 13 = Local Address
+ "",
];
# Store the configuration
@@ -334,6 +406,11 @@ END
# Load the existing peer
my $peer = &Wireguard::load_peer($key);
+ # Fail if we don't have the key
+ unless (defined $peer) {
+ die "Peer $key does not exist\n";
+ }
+
# Check if the name is valid
unless (&Wireguard::name_is_valid($cgiparams{"NAME"})) {
push(@errormessages, $Lang::tr{'wg invalid name'});
@@ -449,6 +526,8 @@ END
$cgiparams{"PSK"} || "",
# 12 = Keepalive
$cgiparams{"KEEPALIVE"} || 0,
+ # 13 = Local Address
+ "",
];
# Store the configuration
@@ -562,6 +641,8 @@ END
$cgiparams{"PSK"},
# 12 = Keepalive
0,
+ # 13 = Local Address
+ "",
];
# Store the configuration
@@ -661,12 +742,7 @@ END
goto CREATEHOST;
} elsif ($cgiparams{"TYPE"} eq "import") {
- # Parse the configuration file
- (%cgiparams, @errormessages) = &Wireguard::parse_configuration($cgiparams{'FH'});
-
- # We basically don't support importing RW connections, so we always
- # need to go and show the N2N editor.
- goto EDITNET;
+ goto IMPORT;
# Ask the user what type they want
} else {
@@ -977,32 +1053,34 @@ ADD:
}
}
+ # Check the first available option
+ my %checked = (
+ "host" => ($disabled{"host"} eq "disabled") ? "" : "checked",
+ "net" => ($disabled{"host"} eq "disabled") ? "checked" : "",
+ );
+
print <<END;
<form method="POST" ENCTYPE="multipart/form-data">
- <ul>
- <li>
- <label>
- <input type='radio' name='TYPE' value='host' $disabled{'host'} />
- $Lang::tr{'host to net vpn'}
- </label>
- </li>
-
- <li>
- <label>
- <input type='radio' name='TYPE' value='net' checked />
- $Lang::tr{'net to net vpn'}
- </label>
- </li>
-
- <li>
- <label>
- <input type='radio' name='TYPE' value='import' />
- $Lang::tr{'import connection'}
- </label>
-
- <input type='file' name='FH' />
- </li>
- </ul>
+ <p>
+ <label>
+ <input type='radio' name='TYPE' value='host' $disabled{'host'} $checked{'host'} />
+ $Lang::tr{'host to net vpn'}
+ </label>
+ </p>
+
+ <p>
+ <label>
+ <input type='radio' name='TYPE' value='net' $checked{'net'} />
+ $Lang::tr{'net to net vpn'}
+ </label>
+ </p>
+
+ <p>
+ <label>
+ <input type='radio' name='TYPE' value='import' />
+ $Lang::tr{'import connection'}
+ </label>
+ </p>
<table class="form">
<tr class="action">
@@ -1019,6 +1097,87 @@ END
exit(0);
+IMPORT:
+ # Send HTTP Headers
+ &Header::showhttpheaders();
+
+ # Open the page
+ &Header::openpage($Lang::tr{'wireguard'}, 1, '');
+
+ # Show any error messages
+ &Header::errorbox(@errormessages);
+
+ # Open a new box
+ &Header::openbox('100%', '', $Lang::tr{'wg import peer'});
+
+ print <<END;
+ <form method="POST" ENCTYPE="multipart/form-data">
+ <input type="hidden" name="ACTION" value="IMPORT">
+
+ <table class="form">
+ <tr>
+ <td>
+ $Lang::tr{'name'}
+ </td>
+
+ <td>
+ <input type="text" name="NAME"
+ value="$cgiparams{'NAME'}" required />
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'remarks'}
+ </td>
+
+ <td>
+ <input type="text" name="REMARKS"
+ value="$cgiparams{'REMARKS'}" />
+ </td>
+ </tr>
+
+ <tr>
+ <td>
+ $Lang::tr{'configuration file'}
+ </td>
+
+ <td>
+ <input type='file' name='FH' required />
+ </td>
+ </tr>
+ </table>
+
+ <h6>$Lang::tr{'routing'}</h6>
+
+ <table class="form">
+ <tr>
+ <td>
+ $Lang::tr{'local subnets'}
+ </td>
+
+ <td>
+ <input type="text" name="LOCAL_SUBNETS"
+ value="$cgiparams{'LOCAL_SUBNETS'}" required />
+ </td>
+ </tr>
+ </table>
+
+ <table class="form">
+ <tr class="action">
+ <td colspan="2">
+ <input type='submit' value='$Lang::tr{'import'}' />
+ </td>
+ </tr>
+ </table>
+ </form>
+END
+
+ &Header::closebox();
+ &Header::closepage();
+
+ exit(0);
+
CREATENET:
# Send HTTP Headers
&Header::showhttpheaders();
@@ -1306,9 +1465,7 @@ EDITHOST:
# Set defaults
unless (defined $key) {
&General::set_defaults(\%cgiparams, {
- "LOCAL_SUBNETS" =>
- $Network::ethernet{"GREEN_NETADDRESS"}
- . "/" . $Network::ethernet{"GREEN_NETMASK"},
+ "LOCAL_SUBNETS" => "0.0.0.0/0",
});
}
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 3ce02b657..7fd0dae2b 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -635,6 +635,7 @@
'compression' => 'Kompression:',
'computer to modem rate' => 'Übertragungsrate zwischen Computer und Modem:',
'concentrator name' => 'Name des Konzentrators:',
+'configuration file' => 'Konfigurationsdatei',
'confirmation' => 'Bestätigung',
'connect' => 'OpenVPN Start / Verbinden',
'connect the modem' => 'Das Modem anschließen',
@@ -990,6 +991,9 @@
'encrypted' => 'Verschlüsselt',
'encryption' => 'Verschlüsselung:',
'end address' => 'Endadresse:',
+'endpoint' => 'Endpoint',
+'endpoint address' => 'Endpoint-Adresse',
+'endpoint port' => 'Endpoint-Port',
'enter ack class' => 'Legen Sie hier die ACK-Klasse fest <br /> und klicken Sie danach auf <i>Speichern</i>.',
'enter data' => 'Geben Sie die Daten ein <br /> und klicken Sie danach auf <i>Speichern</i>.',
'entropy' => 'Entropie',
@@ -1633,6 +1637,7 @@
'local port' => 'Lokaler Port',
'local subnet' => 'Lokales Subnetz:',
'local subnet is invalid' => 'Lokales Subnetz ist ungültig.',
+'local subnets' => 'Lokale Subnetze',
'local vpn hostname/ip' => 'Lokaler VPN Hostname/IP',
'localkey' => 'Localkey',
'localkeyfile' => 'Localkeyfile',
@@ -2142,12 +2147,14 @@
'psk' => 'PSK',
'ptr' => 'PTR',
'ptr lookup failed' => 'Reverse Lookup gescheitert',
+'public key' => 'Öffentlicher Schlüssel',
'pulse' => 'Puls',
'pulse dial' => 'Pulswahl:',
'qos add subclass' => 'Unterklasse hinzufügen',
'qos enter bandwidths' => 'Bitte geben Sie ihre Downstream- und Upstream-Bandbreite an!',
'qos graphs' => 'Qos Diagramme',
'qos warning' => 'Die Regel <strong>muss</strong> wieder gespeichert werden, ansonsten wird sie verworfen!',
+'qr code' => 'QR-Code',
'quick playlist' => 'Quick Playlist',
'ram' => 'RAM-Speicher',
'rdns' => 'rDNS',
@@ -2185,6 +2192,7 @@
'remote logging' => 'Entfernte Protokollierung',
'remote subnet' => 'Entferntes Subnetz:',
'remote subnet is invalid' => 'Entferntes Subnetz ist ungültig.',
+'remote subnets' => 'Entfernte Subnetze',
'removable device advice' => 'Stecken Sie ein Gerät an, aktualisieren Sie und binden Sie es vor der Benutzung ein. Melden Sie das Gerät vorm Entfernen ab.',
'remove' => 'Löschen',
'remove ca certificate' => 'CA-Zertifikat entfernen',
@@ -2956,9 +2964,44 @@
'week-graph' => 'Woche',
'weekly firewallhits' => 'wöchentliche Firewalltreffer',
'weeks' => 'Wochen',
+'wg client pool' => 'Client-Pool',
+'wg create host-to-net peer' => 'Einen neuen Host-zu-Netz-Peer erstellen',
+'wg create net-to-net peer' => 'Einen neuen Netz-zu-Netz-Peer erstellen',
+'wg dns' => 'DNS',
'wg download configuration' => 'Konfiguration herunterladen',
+'wg download configuration file' => 'Konfigurationsdatei herunterladen',
+'wg edit host-to-net peer' => 'Host-zu-Netz-Peer bearbeiten',
+'wg edit net-to-net peer' => 'Netz-zu-Netz-Peer bearbeiten',
+'wg host to net client settings' => 'Host-zu-Netz-Client-Einstellungen',
+'wg import peer' => 'Peer importieren',
+'wg invalid client dns' => 'Ungültige Client-DNS-Adresse',
+'wg invalid client pool' => 'Ungültiger Client-Pool',
+'wg invalid endpoint address' => 'Ungültige Endpoint-Adresse',
+'wg invalid endpoint port' => 'Ungültiger Endpoint-Port',
+'wg invalid keepalive interval' => 'Ungültiger Keepalive-Intervall (Muss zwischen 0 und 65535 sein)',
+'wg invalid local subnet' => 'Ungültiges lokales Subnetz',
+'wg invalid name' => 'Ungültiger Name (Nur Buchstaben, Zahlen, Leerzeichen und Bindestrich erlaubt)',
+'wg invalid psk' => 'Ungültiger Pre-Shared-Key',
+'wg invalid public key' => 'Ungültiger öffentlicher Schlüssel',
+'wg invalid remote subnet' => 'Ungültiges entferntes Subnetz',
+'wg keepalive interval' => 'Keepalive-Intervall',
'wg leave empty to automatically select' => 'Leer lassen für automatische Wahl',
+'wg missing allowed ips' => 'AllowedIPs fehlt',
+'wg missing endpoint address' => 'Fehlende Endpoint-Adresse',
+'wg missing endpoint port' => 'Fehlerder Endpoint-Port',
+'wg missing port' => 'Fehlender Port',
+'wg missing private key' => 'Fehlender privater Schlüssel',
+'wg missing public key' => 'Fehlender öffentlicher Schlüssel',
+'wg name is already used' => 'Dieser Name ist bereits in Verwendung',
+'wg no local subnets' => 'Keine lokalen Subnetze angegeben',
+'wg no more free addresses in pool' => 'Keine freien Adressen mehr im Pool',
+'wg no remote subnets' => 'Keine entfernten Subnetze angegeben',
+'wg peer configuration' => 'Peer-Konfiguration',
+'wg peer does not exist' => 'Peer existiert nicht',
+'wg rw peers' => 'WireGuard-Roadwarrior-Peers',
+'wg scan the qr code' => 'Scannen Sie den QR-Code, um die WireGuard-Konfiguration in ein mobiles Endgerät zu importieren.',
'wg show configuration qrcode' => 'Konfigurations-QR-Code anzeigen',
+'wg warning configuration only shown once' => 'Achtung: Diese WireGuard-Konfigurationsdatei wird nur dieses eine Mal angezeigt, da sie privates Schlüsselmaterial enthält, was nicht in IPFire gespeichert wird.',
'whitelisted' => 'Ausgenommen',
'whois results from' => 'WHOIS-Ergebnisse von',
'wildcards' => 'Wildcards',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 3e647e6e5..87e59ad16 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -672,6 +672,7 @@
'compression' => 'Compression:',
'computer to modem rate' => 'Computer to modem rate:',
'concentrator name' => 'Concentrator name:',
+'configuration file' => 'Configuration File',
'confirmation' => 'confirmation',
'connect' => 'OVPN Start / Connect',
'connect the modem' => 'Connect the modem',
@@ -3065,6 +3066,7 @@
'wg edit net-to-net peer' => 'Edit Net-To-Net Peer',
'wg edit peer' => 'Edit Peer',
'wg host to net client settings' => 'Host-To-Net Client Settings',
+'wg import peer' => 'Import Peer',
'wg invalid client dns' => 'Invalid client DNS address',
'wg invalid client pool' => 'Invalid client pool',
'wg invalid endpoint address' => 'Invalid endpoint address',
@@ -3077,6 +3079,12 @@
'wg invalid remote subnet' => 'Invalid remote subnet',
'wg keepalive interval' => 'Keepalive Interval',
'wg leave empty to automatically select' => 'Leave empty to automatically select',
+'wg missing allowed ips' => 'Missing AllowedIPs',
+'wg missing endpoint address' => 'Missing Endpoint Address',
+'wg missing endpoint port' => 'Missing Endpoint Port',
+'wg missing port' => 'Missing Port',
+'wg missing private key' => 'Missing Private Key',
+'wg missing public key' => 'Missing Public Key',
'wg name is already used' => 'The name is already in use',
'wg no local subnets' => 'No local subnets given',
'wg no more free addresses in pool' => 'No more free addresses in pool',
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index c6e3e9671..0d5bb0061 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -220,6 +220,10 @@ iptables_init() {
iptables -A INPUT -i wg+ -j WGBLOCK
iptables -A FORWARD -i wg+ -j WGBLOCK
+ # NAT for WireGuard peers
+ iptables -t nat -N WGNAT
+ iptables -t nat -A POSTROUTING -j WGNAT
+
# Block OpenVPN transfer networks
iptables -N OVPNBLOCK
iptables -A INPUT -i tun+ -j OVPNBLOCK
diff --git a/src/initscripts/system/wireguard b/src/initscripts/system/wireguard
index 9321b09c4..ac7438a24 100644
--- a/src/initscripts/system/wireguard
+++ b/src/initscripts/system/wireguard
@@ -148,6 +148,7 @@ generate_config() {
local local_subnets
local psk
local keepalive
+ local local_address
local _rest
# Handles the special case of the RW interface
@@ -166,7 +167,7 @@ generate_config() {
fi
while read -r id enabled type name pubkey privkey port endpoint_addr endpoint_port \
- remote_subnets remarks local_subnets psk keepalive _rest; do
+ remote_subnets remarks local_subnets psk keepalive local_address _rest; do
# Skip peers that are not hosts or not enabled
[ "${type}" = "host" ] || continue
[ "${enabled}" = "on" ] || continue
@@ -194,7 +195,7 @@ generate_config() {
local remote_subnet
while read -r id enabled type name pubkey privkey port endpoint_addr endpoint_port \
- remote_subnets remarks local_subnets psk keepalive _rest; do
+ remote_subnets remarks local_subnets psk keepalive local_address _rest; do
# Check for the matching connection
[ "${type}" = "net" ] || continue
[ "${intf}" = "wg${id}" ] || continue
@@ -205,6 +206,17 @@ generate_config() {
# Update the interface alias
ip link set "${intf}" alias "${name}"
+ # Flush any addresses
+ ip addr flush dev "${intf}"
+
+ # Assign the local address
+ if [ -n "${local_address}" ]; then
+ ip addr add "${local_address}" dev "${intf}"
+
+ # Apply MASQUERADE
+ iptables -t nat -A WGNAT -o "${intf}" -j MASQUERADE
+ fi
+
echo "[Interface]"
if [ -n "${privkey}" ]; then
@@ -278,6 +290,7 @@ generate_config() {
reload_firewall() {
# Flush all previous rules
iptables -F WGINPUT
+ iptables -t nat -F WGNAT
if [ "${ENABLED}" = "on" ]; then
iptables -A WGINPUT -p udp --dport "${PORT}" -j ACCEPT
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-04-26 13:04 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-04-26 13:04 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 569a0a9d33e37c6967c47033bed75cdca8984fd1 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox