tyk/quectel-rgmii-toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add wireguard luci app

Browse Source 
- Pulled from GoldenOrb
This commit is contained in:
Cameron Thompson
2025-01-30 20:43:29 -05:00
parent 3f86da0e33
commit e820fe3623
25 changed files with 1951 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
ipk-source/luci-app-GO-wireguard/CONTROL/control Executable file
View File

@@ -0,0 +1,11 @@
Package: ext-wireguard
Version: 4.500-1
Depends: libc, wireguard-tools, kmod-wireguard, luci-proto-wireguard, udptunnel, eoip
Source: package/rooter/0optionalapps/ext-wireguard
SourceName: ext-wireguard
Section: utils
SourceDateEpoch: 1716401566
Maintainer: Created by DM/makefile by Cobia@whirlpool
Architecture: all
Installed-Size: 23912
Description: Install scripts for Wireguard

3
ipk-source/luci-app-GO-wireguard/CONTROL/postinst Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/sh
ln -sf /usr/bin/udptunnel /sbin/udptunnel
exit 0

4
ipk-source/luci-app-GO-wireguard/CONTROL/prerm Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
[ -s ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0
. ${IPKG_INSTROOT}/lib/functions.sh
default_prerm $0 $@

74
ipk-source/luci-app-GO-wireguard/build-ipk Executable file
View File

@@ -0,0 +1,74 @@
#!/bin/sh
# Script for building OpenWRT .ipk packages using tar by iamromulan
# Works with SDXPPINN OpenWRT - iamromulan
# This script accepts an optional path to the directory containing the `CONTROL` and `root` directories.
# Usage: ./build-ipk.sh [path]
# If no path is provided, the script will look in the current directory for `CONTROL` and `root` directories.
# This will spit out an ipk in the current directory
# Check if the script is run as root. If not, rerun with sudo.
if [ "$(id -u)" -ne 0 ]; then
echo "Script is not running as root. Re-executing with sudo..."
exec sudo "$0" "$@"
fi
# Set the default build path to the current directory
build_path="."
# Check if a path is provided as the first argument
if [ "$1" ]; then
build_path="$1"
fi
# Check if the required directories are present in the specified path
if [ ! -d "${build_path}/CONTROL" ] || [ ! -d "${build_path}/root" ]; then
echo "Error: CONTROL and root directories must be present in the specified path (${build_path})."
exit 1
fi
# Extract values from the CONTROL/control file in the specified path
pkgname=$(grep -i '^Package:' "${build_path}/CONTROL/control" | awk '{print $2}')
version=$(grep -i '^Version:' "${build_path}/CONTROL/control" | awk '{print $2}')
architecture=$(grep -i '^Architecture:' "${build_path}/CONTROL/control" | awk '{print $2}')
# Check if values are extracted correctly
if [ -z "$pkgname" ] || [ -z "$version" ] || [ -z "$architecture" ]; then
echo "Error: Failed to extract Package, Version, or Architecture from ${build_path}/CONTROL/control."
exit 1
fi
# Set the final IPK name based on the extracted values
ipkname="${pkgname}_${version}_${architecture}.ipk"
# Ensure all CONTROL scripts are executable
echo "Setting permissions for CONTROL scripts..."
chmod +x "${build_path}/CONTROL"/*
# Set ownership for CONTROL and root files
echo "Setting ownership for all package files..."
chown -R root:root "${build_path}/CONTROL"/*
chown -R root:root "${build_path}/root"/*
# Create control.tar.gz from the CONTROL directory
echo "Creating control.tar.gz..."
tar -czvf control.tar.gz -C "${build_path}/CONTROL" .
# Create data.tar.gz from the root directory
echo "Creating data.tar.gz..."
tar -czvf data.tar.gz -C "${build_path}/root" .
# Create debian-binary file (must contain exactly "2.0" without a newline)
echo -n "2.0" > debian-binary
chown -R root:root debian-binary
# Combine the components into the final .ipk file using tar
echo "Packaging ${ipkname}..."
tar -czvf "$ipkname" debian-binary control.tar.gz data.tar.gz
# Clean up intermediate files
echo "Cleaning up temporary files..."
rm -f control.tar.gz data.tar.gz debian-binary
echo "IPK package ${ipkname} created successfully using tar."

5
ipk-source/luci-app-GO-wireguard/root/etc/config/wireguard Executable file
View File

@@ -0,0 +1,5 @@
config settings 'settings'
option enabled '0'
option client '0'
option server '0'

36
ipk-source/luci-app-GO-wireguard/root/etc/config/wireguard_recipes Executable file
View File

@@ -0,0 +1,36 @@
config wireguard_recipe b_client
option _description "Wireguard Client"
option _role "client"
option client "1"
option port "51280"
option auto '0'
option addresses ''
option dns ''
option privatekey ''
option name ''
option keepalive '25'
option publickey ''
option presharedkey ''
option ips ''
option ra_ips '1'
option endpoint_host ''
option sport '51280'
option active '0'
option udptunnel '0'
option mtu '1280'
config wireguard_recipe b_server
option _description "Wireguard Server"
option _role "server"
option client "0"
option port "51280"
option auto '0'
option addresses ''
option publickey ''
option privatekey ''
option usepre '0'
option presharedkey ''
option active '0'
option udptunnel '0'
option udpport '54321'
option mtu '1280'

92
ipk-source/luci-app-GO-wireguard/root/etc/init.d/wireguard Executable file
View File

@@ -0,0 +1,92 @@
#!/bin/sh /etc/rc.common
. /lib/functions.sh
# Copyright (C) 2006 OpenWrt.org
START=99
log() {
logger -t "WireGuard Init.d : " "$@"
}
chk_zone() {
local config=$1
config_get src $config src
config_get dest $config dest
if [ $src = "lan" -a $dest = "wg" ]; then
uci set firewall."$config".dest="wan"
uci commit firewall
fi
}
check_config () {
log "Check Client Interfaces"
uci delete network.wg0
uci delete network.wg1
uci commit network
uci set network.wg0=interface
uci set network.wg0.proto="wireguard"
uci set network.wg0.auto="0"
uci set network.wg0.private_key=""
uci set network.wg0.listen_port=""
uci add_list network.wg0.addresses=""
uci set network.wg1=interface
uci set network.wg1.proto="wireguard"
uci set network.wg1.auto="0"
uci set network.wg1.private_key=""
uci set network.wg1.listen_port=""
uci add_list network.wg1.addresses=""
uci commit network
uci delete firewall.wgzone
uci delete firewall.wgwforward
uci delete firewall.wwgforward
uci delete firewall.lwgforward
uci delete firewall.wglforward
uci commit firewall
uci set firewall.wgzone=zone
uci set firewall.wgzone.name="wg"
uci set firewall.wgzone.forward="ACCEPT"
uci set firewall.wgzone.output="ACCEPT"
uci set firewall.wgzone.network="wg0 wg1"
uci set firewall.wgzone.input="ACCEPT"
uci set firewall.wgzone.masq="1"
uci set firewall.wgzone.mtu_fix="1"
uci commit firewall
config_load firewall
config_foreach chk_zone forwarding
/etc/init.d/firewall restart
}
chk_start() {
local config=$1
config_get auto $config auto
uci set wireguard."$config".active="0"
uci commit wireguard
if [ $auto = '1' ]; then
/usr/lib/wireguard/startvpn.sh $config
else
/usr/lib/wireguard/stopvpn.sh $config
fi
}
start() {
uci set wireguard.settings.client="0"
uci set wireguard.settings.server="0"
uci commit wireguard
if [ ! -e /etc/openvpn ]; then
mkdir /etc/openvpn
fi
check_config
config_load wireguard
config_foreach chk_start wireguard
if [ -e /etc/crontabs/root ]; then
sed -i '/wireguard_watchdog/d' /etc/crontabs/root
fi
echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
/etc/init.d/cron restart
}

111
ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/controller/wireguard.lua Executable file
View File

@@ -0,0 +1,111 @@
-- Copyright 2016-2017 Dan Luedtke <mail@danrl.com>
-- Licensed to the public under the Apache License 2.0.
module("luci.controller.wireguard", package.seeall)
I18N = require "luci.i18n"
translate = I18N.translate
function index()
local multilock = luci.model.uci.cursor():get("custom", "multiuser", "multi") or "0"
local rootlock = luci.model.uci.cursor():get("custom", "multiuser", "root") or "0"
if (multilock == "0") or (multilock == "1" and rootlock == "1") then
entry({"admin", "vpn", "wireguard"}, cbi("wireguard"), _("Wireguard"), 63)
entry( {"admin", "vpn", "wireguard", "client"}, cbi("wireguard-client"), nil ).leaf = true
entry( {"admin", "vpn", "wireguard", "server"}, cbi("wireguard-server"), nil ).leaf = true
end
entry( {"admin", "vpn", "wireguard", "wupload"}, call("conf_upload"))
entry( {"admin", "vpn", "generateconf"}, call("conf_gen"))
entry( {"admin", "vpn", "textconf"}, call("text_gen"))
entry( {"admin", "vpn", "wirestatus"}, call("wirestatus"))
end
function conf_upload()
local fs = require("nixio.fs")
local http = require("luci.http")
local util = require("luci.util")
local uci = require("luci.model.uci").cursor()
local upload = http.formvalue("ovpn_file")
local name = http.formvalue("instance_name2")
local file = "/etc/openvpn/" ..name.. ".conf"
if name and upload then
local fp
http.setfilehandler(
function(meta, chunk, eof)
local data = util.trim(chunk:gsub("\r\n", "\n")) .. "\n"
data = util.trim(data:gsub("[\128-\255]", ""))
if not fp and meta and meta.name == "ovpn_file" then
fp = io.open(file, "w")
end
if fp and data then
fp:write(data)
end
if fp and eof then
fp:close()
end
end
)
if fs.access(file) then
os.execute("/usr/lib/wireguard/conf.sh " .. name .. " " .. file)
end
end
http.redirect(luci.dispatcher.build_url('admin/vpn/wireguard'))
end
function conf_gen()
os.execute("/usr/lib/wireguard/create.sh")
end
function text_gen()
local set = luci.http.formvalue("set")
os.execute("/usr/lib/wireguard/text.sh " .. "\"" .. set .. "\"")
end
function wirestatus()
local data = { }
local last_device = ""
local wg_dump = io.popen("wg show all dump")
if wg_dump then
local line
for line in wg_dump:lines() do
local line = string.split(line, "\t")
if not (last_device == line[1]) then
last_device = line[1]
data[line[1]] = {
name = line[1],
public_key = line[3],
listen_port = line[4],
fwmark = line[5],
peers = { }
}
else
local peer = {
public_key = line[2],
endpoint = line[4],
allowed_ips = { },
latest_handshake = line[6],
transfer_rx = line[7],
transfer_tx = line[8],
persistent_keepalive = line[9]
}
if not (line[4] == '(none)') then
for ipkey, ipvalue in pairs(string.split(line[5], ",")) do
if #ipvalue > 0 then
table.insert(peer['allowed_ips'], ipvalue)
end
end
end
table.insert(data[line[1]].peers, peer)
end
end
end
luci.http.prepare_content("application/json")
luci.http.write_json(data)
end

104
ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard-client.lua Executable file
View File

@@ -0,0 +1,104 @@
require("luci.ip")
require("luci.model.uci")
--luci.sys.call("/usr/lib/wireguard/keygen.sh " .. arg[1])
local m = Map("wireguard", translate("Wireguard Client"), translate("Set up a Wireguard Client"))
e = m:section(NamedSection, "settings", "")
m.on_init = function(self)
--luci.sys.call("/usr/lib/wireguard/keygen.sh " .. arg[1])
end
btn = e:option(Button, "_btn", translate(" "))
btn.inputtitle = translate("Back to Main Page")
btn.inputstyle = "apply"
btn.redirect = luci.dispatcher.build_url(
"admin", "vpn", "wireguard"
)
function btn.write(self, section, value)
luci.http.redirect( self.redirect )
end
local s = m:section( NamedSection, arg[1], "wireguard", translate("Client") )
ip = s:option(Value, "addresses", translate("IP Addresses :"), translate("Comma separated list of IP Addresses that server will accept from this client"));
ip.rmempty = true;
ip.optional=false;
ip.default="10.14.0.2/24";
port = s:option(Value, "port", translate("Listen Port :"), translate("Client Listen Port"));
port.rmempty = true;
port.optional=false;
port.default="51820";
ul = s:option(ListValue, "udptunnel", translate("Enable UDP over TCP :"));
ul:value("0", translate("No"))
ul:value("1", translate("Yes"))
ul.default=0
dns = s:option(Value, "dns", translate("DNS Servers :"), translate("Comma separated list of DNS Servers."));
dns.rmempty = true;
dns.optional=false;
mtu = s:option(Value, "mtu", translate("MTU :"), translate("Maximum MTU"));
mtu.rmempty = true;
mtu.optional=false;
mtu.datatype = 'range(1280,1420)';
mtu.default="1280";
pka = s:option(Value, "persistent_keepalive", translate("Persistent Keep Alive :"), translate("Seconds between keep alive messages"));
pka.rmempty = true;
pka.optional=false;
pka.datatype = 'range(1,100)';
pka.default="25";
pkey = s:option(Value, "privatekey", translate("Private Key :"), translate("Private Key supplied by the Server"));
pkey.rmempty = true;
pkey.optional=false;
il = s:option(ListValue, "wginter", translate("Interface to Use :"));
il:value("0", translate("WG0"))
il:value("1", translate("WG1"))
il.default="0"
bl = s:option(ListValue, "auto", translate("Start on Boot :"));
bl:value("0", translate("No"))
bl:value("1", translate("Yes"))
bl.default="0"
xbl = s:option(ListValue, "forward", translate("All Traffic Through Tunnel :"));
xbl:value("0", translate("No"))
xbl:value("1", translate("Yes"))
xbl.default="1"
s = m:section( NamedSection, arg[1], "wireguard", translate("Server") )
name = s:option( Value, "name", translate("Server Name :"), translate("Optional Server name"))
pukey = s:option(Value, "publickey", translate("Public Key :"), translate("Public Key of the Server"));
pukey.rmempty = true;
pukey.optional=false;
prkey = s:option(Value, "presharedkey", translate("Presharedkey :"), translate("PreShared Key from the Server"));
prkey.rmempty = true;
prkey.optional=false;
host = s:option(Value, "endpoint_host", translate("Server Address :"), translate("URL or IP Address of Server"));
host.rmempty = true;
host.optional=false;
host.default="";
sport = s:option(Value, "sport", translate("Listen Port :"), translate("Server Listen Port"));
sport.rmempty = true;
sport.optional=false;
sport.default="51820";
sip = s:option(Value, "ips", translate("Allowed IP Addresses :"), translate("Comma separated list of IP Addresses that server will accept"));
sip.rmempty = true;
sip.optional=false;
sip.default="10.14.0.0/24";
return m

130
ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard-server.lua Executable file
View File

@@ -0,0 +1,130 @@
require("luci.ip")
require("luci.model.uci")
--luci.sys.call("/usr/lib/wireguard/keygen.sh " .. arg[1])
local m = Map("wireguard", translate("Wireguard Server"), translate("Set up a Wireguard Server"))
e = m:section(NamedSection, "settings", "")
m.on_init = function(self)
luci.sys.call("/usr/lib/wireguard/keygen.sh " .. arg[1])
end
m.on_after_save = function(self)
luci.sys.call("/usr/lib/wireguard/keygen.sh " .. arg[1] .. "&")
end
btn = e:option(Button, "_btn", translate(" "))
btn.inputtitle = translate("Back to Main Page")
btn.inputstyle = "apply"
btn.redirect = luci.dispatcher.build_url(
"admin", "vpn", "wireguard"
)
function btn.write(self, section, value)
luci.http.redirect( self.redirect )
end
local s = m:section( NamedSection, arg[1], "wireguard", translate("Server") )
ip = s:option(Value, "addresses", translate("Internal IP Address :"));
ip.rmempty = true;
ip.optional=false;
ip.default="10.14.0.1/32";
ip.datatype = "ipaddr"
host = s:option(Value, "endpoint_host", translate("Server Address :"), translate("URL or IP Address of Server"));
host.rmempty = true;
host.optional=false;
host.default="example.wireguard.org";
port = s:option(Value, "port", translate("Port :"), translate("Server Listen Port. Default is 51280"));
port.rmempty = true;
port.optional=false;
port.default="51280";
ul = s:option(ListValue, "udptunnel", "Enable UDP over TCP :");
ul:value("0", translate("No"))
ul:value("1", translate("Yes"))
ul.default=0
uport = s:option(Value, "udpport", translate("UDP over TCP Port :"), translate("Server Local TCP Port. Default is 54321"));
uport.rmempty = true;
uport.optional=false;
uport.default="54321";
uport:depends("udptunnel", "1")
pkey = s:option(DummyValue, "privatekey", translate("Private Key :"));
pkey.optional=false;
pukey = s:option(DummyValue, "publickey", translate("Public Key :"), translate("Server Public key sent to Clients"));
pukey.optional=false;
pl = s:option(ListValue, "usepre", "Use PreSharedKey :");
pl:value("0", translate("No"))
pl:value("1", translate("Yes"))
pl.default=0
prkey = s:option(DummyValue, "presharedkey", translate("PreShared Key :"), translate("PreShared Key sent to Client"));
prkey.optional=false;
prkey:depends("usepre", "1")
bl = s:option(ListValue, "auto", translate("Start on Boot :"));
bl:value("0", translate("No"))
bl:value("1", translate("Yes"))
bl.default="0"
xbl = s:option(ListValue, "forward", translate("All Traffic Through Tunnel :"));
xbl:value("0", translate("No"))
xbl:value("1", translate("Yes"))
xbl.default="1"
b3 = s:option(DummyValue, "blank", " ");
sx = s:option(Value, "_dmy1", translate(" "))
sx.template = "wireguard/conf"
ss = m:section(TypedSection, "custom" .. arg[1], translate("Clients"), translate("Clients of this server"))
ss.anonymous = true
ss.addremove = true
name = ss:option(Value, "name", translate("Client Name"))
name.optional=false;
cport = ss:option(Value, "endpoint_port", translate("Listen Port :"), translate("Port sent to Client. Default is 51280"));
cport.rmempty = true;
cport.optional=false;
cport.default="";
aip = ss:option(Value, "address", translate("Assigned IP Address :"), translate("IP Address assigned to Client"));
aip.rmempty = true;
aip.optional=false;
aip.default="10.14.0.2/32";
dns = ss:option(Value, "dns", translate("DNS Servers :"), translate("Comma separated list of DNS Servers sent to Client"));
dns.rmempty = true;
dns.optional=false;
dns.default="";
mtu = ss:option(Value, "mtu", translate("MTU :"), translate("Maximum MTU"));
mtu.rmempty = true;
mtu.optional=false;
mtu.datatype = 'range(1280,1420)';
mtu.default="1280";
aip = ss:option(Value, "allowed_ips", translate("Allowed IP Address :"), translate("Comma separated list of IP Addresses allowed from Client"));
aip.rmempty = true;
aip.optional=false;
aip.default="0.0.0.0/0,::/0";
pukey = ss:option(DummyValue, "publickey", translate("Public Key :"), translate("Client Public Key"));
pukey.optional=false;
pikey = ss:option(DummyValue, "privatekey", translate("Private Key :"), translate("Private Key sent to Client"));
pikey.optional=false;
b3 = ss:option(DummyValue, "blank", " ");
return m

182
ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard.lua Executable file
View File

@@ -0,0 +1,182 @@
local fs = require "nixio.fs"
local sys = require "luci.sys"
local uci = require "luci.model.uci".cursor()
local testfullps = sys.exec("ps --help 2>&1 | grep BusyBox") --check which ps do we have
local psstring = (string.len(testfullps)>0) and "ps w" or "ps axfw" --set command we use to get pid
local m = Map("wireguard", translate("Wireguard"), translate("Set up a Wireguard VPN Tunnel on your Router"))
local s = m:section( TypedSection, "wireguard", translate("Instances"), translate("Below is a list of configured Wireguard Instances and their current state") )
s.template = "cbi/tblsection"
s.template_addremove = "wireguard/cbi-select-input-add"
s.addremove = true
s.add_select_options = { }
local cfg = s:option(DummyValue, "config")
function cfg.cfgvalue(self, section)
local file_cfg = self.map:get(section, "client")
if file_cfg == "1" then
s.extedit = luci.dispatcher.build_url("admin", "vpn", "wireguard", "client", "%s")
else
s.extedit = luci.dispatcher.build_url("admin", "vpn", "wireguard", "server", "%s")
end
end
uci:load("wireguard_recipes")
uci:foreach( "wireguard_recipes", "wireguard_recipe",
function(section)
s.add_select_options[section['.name']] =
section['_description'] or section['.name']
end
)
function s.parse(self, section)
local recipe = luci.http.formvalue(
luci.cbi.CREATE_PREFIX .. self.config .. "." ..
self.sectiontype .. ".select"
)
if recipe and not s.add_select_options[recipe] then
self.invalid_cts = true
else
TypedSection.parse( self, section )
end
end
function s.create(self, name)
local recipe = luci.http.formvalue(
luci.cbi.CREATE_PREFIX .. self.config .. "." ..
self.sectiontype .. ".select"
)
local name = luci.http.formvalue(
luci.cbi.CREATE_PREFIX .. self.config .. "." ..
self.sectiontype .. ".text"
)
if #name > 3 and not name:match("[^a-zA-Z0-9_]") then
local s = uci:section("wireguard", "wireguard", name)
if s then
local options = uci:get_all("wireguard_recipes", recipe)
for k, v in pairs(options) do
if k ~= "_role" and k ~= "_description" then
if type(v) == "boolean" then
v = v and "1" or "0"
end
uci:set("wireguard", name, k, v)
end
end
uci:save("wireguard")
uci:commit("wireguard")
if extedit then
luci.http.redirect( self.extedit:format(name) )
end
end
elseif #name > 0 then
self.invalid_cts = true
end
return 0
end
function s.remove(self, name)
local cfg_file = "/etc/openvpn/" ..name.. ".conf"
local auth_file = "/etc/openvpn/" ..name.. ".auth"
if fs.access(cfg_file) then
fs.unlink(cfg_file)
end
if fs.access(auth_file) then
fs.unlink(auth_file)
end
uci:delete("wireguard", name)
uci:save("wireguard")
uci:commit("wireguard")
end
local port = s:option( DummyValue, "client", translate("Type") )
function port.cfgvalue(self, section)
local val = AbstractValue.cfgvalue(self, section)
if val == nil then
val = 0
end
if val == "1" then
return "Client"
else
return "Server"
end
end
local addr = s:option( DummyValue, "addresses", translate("IP Addresses") )
function addr.cfgvalue(self, section)
local val = AbstractValue.cfgvalue(self, section)
return val or "----"
end
local auto = s:option( DummyValue, "udptunnel", translate("UDP over TCP") )
function auto.cfgvalue(self, section)
local val = AbstractValue.cfgvalue(self, section)
if val == nil then
val = 0
end
if val == "1" then
return "Yes"
else
return "No"
end
end
local auto = s:option( DummyValue, "auto", translate("Start on Boot") )
function auto.cfgvalue(self, section)
local val = AbstractValue.cfgvalue(self, section)
if val == nil then
val = 0
end
if val == "1" then
return "Yes"
else
return "No"
end
end
local active = s:option( DummyValue, "active", translate("Started") )
function active.cfgvalue(self, section)
local val = AbstractValue.cfgvalue(self, section)
if val == nil then
val = 0
end
if val == "1" then
return "Yes"
else
return "No"
end
end
local updown = s:option( Button, "_updown", translate("Start/Stop") )
updown._state = false
updown.redirect = luci.dispatcher.build_url(
"admin", "vpn", "wireguard"
)
function updown.cbid(self, section)
local file_cfg = self.map:get(section, "active")
if file_cfg == "1" then
pid = 1
else
pid = nil
end
self._state = pid ~= nil
self.option = self._state and "stop" or "start"
return AbstractValue.cbid(self, section)
end
function updown.cfgvalue(self, section)
self.title = self._state and "stop" or "start"
self.inputstyle = self._state and "reset" or "reload"
end
function updown.write(self, section, value)
if self.option == "stop" then
sys.call("/usr/lib/wireguard/stopvpn.sh %s" % section)
else
sys.call("/usr/lib/wireguard/startvpn.sh %s" % section)
end
luci.http.redirect( self.redirect )
end
m:section(SimpleSection).template = "wireguard/wireguard"
return m

111
ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/cbi-select-input-add.htm Executable file
View File

@@ -0,0 +1,111 @@
<script type="text/javascript">
//<![CDATA[
function vpn_add()
{
var vpn_name = div_add.querySelector("#instance_name1").value.replace(/[^\x00-\x7F]|[\s\.!@#$%^&*()\-+=\[\]{};':"\\|,<>\/?]/g,'');
var vpn_template = div_add.querySelector("#instance_template").value;
var form = document.getElementsByName('cbi')[0];
if (!vpn_name || !vpn_name.length)
{
return info_message(vpn_output, "<%=pcdata(translate("The 'Name' field must not be empty!"))%>", 2000);
}
document.getElementById("instance_name1").value = vpn_name;
if (document.getElementById("cbi-wireguard-" + vpn_name) != null)
{
return info_message(vpn_output, "<%=pcdata(translate("Instance with that name already exists!"))%>", 2000);
}
if (!vpn_template || !vpn_template.length)
{
return info_message(vpn_output, "<%=pcdata(translate("Please select a valid VPN template!"))%>", 2000);
}
if (form)
{
form.submit();
}
}
function vpn_upload()
{
var vpn_name = div_upload.querySelector("#instance_name2").value.replace(/[^\x00-\x7F]|[\s\.!@#$%^&*()\-+=\[\]{};':"\\|,<>\/?]/g,'');
var vpn_file = document.getElementById("ovpn_file").value;
var form = document.getElementsByName('cbi')[0];
if (!vpn_name || !vpn_name.length)
{
return info_message(vpn_output, "<%=pcdata(translate("The 'Name' field must not be empty!"))%>", 2000);
}
document.getElementById("instance_name2").value = vpn_name;
if (document.getElementById("cbi-wireguard-" + vpn_name) != null)
{
return info_message(vpn_output, "<%=pcdata(translate("Instance with that name already exists!"))%>", 2000);
}
if (!vpn_file || !vpn_file.length)
{
return info_message(vpn_output, "<%=pcdata(translate("Please select a valid CONF config file to upload!"))%>", 2000);
}
if (form)
{
form.enctype = 'multipart/form-data';
form.action = '<%=url('admin/vpn/wireguard/wupload')%>';
form.submit();
}
}
function info_message(output, msg, timeout)
{
timeout = timeout || 0;
output.innerHTML = '<em>' + msg + '</em>';
if (timeout > 0)
{
setTimeout(function(){ output.innerHTML=""}, timeout);
}
}
//]]>
</script>
<%+wireguard/ovpn_css%>
<div class="cbi-section-node">
<div class="table cbi-section-table">
<h4><%:Template based configuration%></h4>
<div class="tr cbi-section-table-row" id="div_add">
<div class="td left">
<input type="text" maxlength="20" placeholder="Instance name" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.text" id="instance_name1" />
</div>
<div class="td left">
<select id="instance_template" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.select">
<option value="" selected="selected" disabled="disabled"><%:Select template ...%></option>
<%- for k, v in luci.util.kspairs(self.add_select_options) do %>
<option value="<%=k%>"><%=luci.xml.pcdata(v)%></option>
<% end -%>
</select>
</div>
<div class="td left">
<input class="cbi-button cbi-button-add" type="submit" onclick="vpn_add(); return false;" value="<%:Add%>" title="<%:Add template based configuration%>" /><br />
</div>
</div>
<h4><%:Conf configuration file upload%></h4>
<div class="tr cbi-section-table-row" id="div_upload">
<div class="td left">
<input type="text" maxlength="20" placeholder="Instance name" name="instance_name2" id="instance_name2" />
</div>
<div class="td left">
<input type="file" name="ovpn_file" id="ovpn_file" accept="application/x-wireguard-profile,.conf" />
</div>
<div class="td left">
<input class="cbi-button cbi-button-add" type="submit" onclick="vpn_upload(); return false;" value="<%:Upload%>" title="<%:Upload conf file%>" />
</div>
</div>
</div>
<div class="vpn-output">
<span id="vpn_output"></span>
</div>
</div>

27
ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/conf.htm Executable file
View File

@@ -0,0 +1,27 @@
<script type="text/javascript" src="<%=resource%>/xhr.js"></script>
<script type="text/javascript">//<![CDATA[
function generateconf()
{
XHR.get('<%=luci.dispatcher.build_url("admin", "vpn", "generateconf")%>',
null,
function(x, rv)
{
window.open('http://'+window.location.hostname+'/package/wgconf.tar.gz', '_self')
}
);
}
//]]></script>
<fieldset class="cbi-section" id="cbi-family">
<table width="550" border="0">
<tr>
<td width="20%">&nbsp;</td>
<td width="17%"><input type="button" type="submit" id="generate" class="cbi-button cbi-button-apply" value="<%:Generate Conf Files%>" onclick="return generateconf()" /></td>
<td width="17%">&nbsp;</td>
<td width="46%">&nbsp;</td>
</tr>
</table>
</fieldset>

38
ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/ovpn_css.htm Executable file
View File

@@ -0,0 +1,38 @@
<style type="text/css">
h4
{
white-space: nowrap;
border-bottom: 0px;
margin: 10px 5px 5px 5px;
}
.tr
{
border: 0px;
text-align: left;
}
.vpn-output
{
box-shadow: none;
margin: 10px 5px 5px 5px;
color: #a22;
}
textarea
{
border: 1px solid #cccccc;
padding: 5px;
font-size: 12px;
font-family: monospace;
resize: none;
white-space: pre;
overflow-wrap: normal;
overflow-x: scroll;
}
a
{
line-height: 1.5;
}
hr
{
margin: 0.5em 0;
}
</style>

30
ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/pageswitch.htm Executable file
View File

@@ -0,0 +1,30 @@
<%#
Copyright 2008 Steven Barth <steven@midlink.org>
Copyright 2008 Jo-Philipp Wich <jow@openwrt.org>
Licensed to the public under the Apache License 2.0.
-%>
<%+openvpn/ovpn_css%>
<div class="cbi-section">
<h3>
<a href="<%=url('admin/vpn/wireguard')%>"><%:Overview%></a> &#187;
<%=luci.i18n.translatef("Instance \"%s\"", self.instance)%>
</h3>
<% if self.mode == "basic" then %>
<a href="<%=url('admin/vpn/wireguard/advanced', self.instance, "Service")%>"><%:Switch to advanced configuration%> &#187;</a><p/>
<hr />
<% elseif self.mode == "advanced" then %>
<a href="<%=url('admin/vpn/wireguard/basic', self.instance)%>"><%:Switch to basic configuration%> &#187;</a><p/>
<hr />
<%:Configuration category%>:
<% for i, c in ipairs(self.categories) do %>
<% if c == self.category then %>
<strong><%=translate(c)%></strong>
<% else %>
<a href="<%=luci.dispatcher.build_url("admin", "vpn", "wireguard", "advanced", self.instance, c)%>"><%=translate(c)%></a>
<% end %>
<% if next(self.categories, i) then %>|<% end %>
<% end %>
<% end %>
</div>

61
ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/text_conf.htm Executable file
View File

@@ -0,0 +1,61 @@
<%
%>
<script type="text/javascript" src="<%=resource%>/xhr.js"></script>
<script type="text/javascript">//<![CDATA[
function uploadc(btn)
{
var conf = document.getElementById("conf").value;
if ( conf == "" )
{
alert("<%:You must enter a Conf file!!%>");
return false;
}
var iname = document.getElementById("iname").value;
if ( iname == "" )
{
alert("<%:You must enter an Instance name!!%>");
return false;
}
var boot = document.getElementById('boot').checked;
bootn = "0";
if ( boot == true )
{
bootn= "1";
}
confile = bootn + "?" + iname + "?" + conf +"\n?";
XHR.get('<%=luci.dispatcher.build_url("admin", "vpn", "textconf")%>',
{ set: confile },
function(x, rv)
{
window.location.reload(false);
}
);
}
//]]></script>
<fieldset class="cbi-section" id="cbi-family">
<legend><%:Paste Configuration File Here%></legend>
<table id="ctxt" width="700" border="0" style="display:table;">
<tr>
<td width="50%">
<textarea name="conf" id="conf" rows="10" style="width: 600px;" maxlength="1000"></textarea>
</td>
</tr>
</table>
<table id="btxt" width="700" border="0" style="display:table;">
<tr>
<td width="10%"><input type="button" id="apply1" class="cbi-button cbi-button-apply" value="<%:Upload Conf File%>" onclick="return uploadc(this)" /></td>
<td width="10%"><div align="right"><strong><%:Instance Name : %></strong></div></td>
<td width="12%"><input type="text" name="iname" id="iname" class="cbi-input-text" style="width: 150px;" maxlength="100" value="SardisTel"></input></td>
<td width="10%"><div align="right"><strong><%:Start on Boot : %></strong></div></td>
<td width="8%">
<input type="checkbox" id="boot" checked />
</td>
<td width="50%">&nbsp;</td>
</tr>
</table>
</fieldset>

228
ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/wireguard.htm Executable file
View File

@@ -0,0 +1,228 @@
<%#
Copyright 2016-2017 Dan Luedtke <mail@danrl.com>
Licensed to the public under the Apache License 2.0.
-%>
<%
-%>
<script type="text/javascript">//<![CDATA[
function bytes_to_str(bytes) {
bytes = parseFloat(bytes);
if (bytes < 1) { return "0 B"; }
var sizes = ['B', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB'];
var i = parseInt(Math.floor(Math.log(bytes) / Math.log(1024)));
return Math.round(bytes / Math.pow(1024, i), 2) + ' ' + sizes[i];
};
function timestamp_to_str(timestamp) {
if (timestamp < 1) {
return '<%:Never%>';
}
var now = new Date();
var seconds = (now.getTime() / 1000) - timestamp;
var ago = "";
if (seconds < 60) {
ago = parseInt(seconds) + '<%:s ago%>';
} else if (seconds < 3600) {
ago = parseInt(seconds / 60) + '<%:m ago%>';
} else if (seconds < 86401) {
ago = parseInt(seconds / 3600) + '<%:h ago%>';
} else {
ago = '<%:over a day ago%>';
}
var t = new Date(timestamp * 1000);
return t.toUTCString() + ' (' + ago + ')';
}
XHR.poll(5, '<%=luci.dispatcher.build_url("admin", "vpn", "wirestatus")%>', null,
function(x, data) {
both = {};
bothbp={};
iii = 1;
for (var key in data) {
if (!data.hasOwnProperty(key)) { continue; }
var ifname = key;
var iface = data[key];
var s = "";
if (iface.public_key == '(none)') {
s += '<em><%:Interface does not have a public key!%></em>';
} else {
s += String.format(
'<strong><%:Public Key%>: </strong>%s',
iface.public_key
);
}
if (iface.listen_port > 0) {
s += String.format(
'<br /><strong><%:Listen Port%>: </strong>%s',
iface.listen_port
);
}
if (iface.fwmark != 'off') {
s += String.format(
'<br /><strong><%:Firewall Mark%>: </strong>%s',
iface.fwmark
);
}
if ( iii == 1 )
{
document.getElementById("iinfo").innerHTML = s;
document.getElementById("leg").innerHTML = ifname;
}
else
{
document.getElementById("iinfo1").innerHTML = s;
document.getElementById("leg1").innerHTML = ifname;
}
for (var i = 0, ilen = iface.peers.length; i < ilen; i++) {
var peer = iface.peers[i];
var s = String.format(
'<strong><%:Public Key%>: </strong>%s',
peer.public_key
);
if (peer.endpoint != '(none)') {
s += String.format(
'<br /><strong><%:Endpoint%>: </strong>%s',
peer.endpoint
);
}
if (peer.allowed_ips.length > 0) {
s += '<br /><strong><%:Allowed IPs%>:</strong>';
for (var k = 0, klen = peer.allowed_ips.length; k < klen; k++) {
s += '<br />&nbsp;&nbsp;&bull;&nbsp;' + peer.allowed_ips[k];
}
}
if (peer.persistent_keepalive != 'off') {
s += String.format(
'<br /><strong><%:Persistent Keepalive%>: </strong>%ss',
peer.persistent_keepalive
);
}
var icon = '<img src="<%=resource%>/icons/wireguard_disabled.png" />';
var now = new Date();
if (((now.getTime() / 1000) - peer.latest_handshake) < 140) {
icon = '<img src="<%=resource%>/icons/wireguard.png" />';
}
s += String.format(
'<br /><strong><%:Latest Handshake%>: </strong>%s',
timestamp_to_str(peer.latest_handshake)
);
s += String.format(
'<br /><strong><%:Data Received%>: </strong>%s' +
'<br /><strong><%:Data Transmitted%>: </strong>%s',
bytes_to_str(peer.transfer_rx),
bytes_to_str(peer.transfer_tx)
);
if ( iii == 1 )
{
document.getElementById("config").innerHTML = icon;
document.getElementById("info").innerHTML = s;
}
else
{
document.getElementById("config1").innerHTML = icon;
document.getElementById("info1").innerHTML = s;
}
}
iii = iii + 1;
}
});
//]]></script>
<h2><%:WireGuard Status%></h2>
<fieldset class="cbi-section">
<div>
<table width="900" border="0">
<tr>
<td width="50px" style="vertical-align:center;font-size : 25px">
<div><%:Interface %></div>
</td>
<td width="100px" id="leg" style="width:100px; text-align:left; padding:3px;font-size : 25px">&nbsp;</td>
<td width="650px">&nbsp;</td>
</tr>
</table>
<table width="900" border="0">
<tr>
<td width="20px">&nbsp;</td>
<td width="150px" style="vertical-align:center;font-size : 20px">
<div><%:Configuration%></div>
</td>
<td width="100px" id="config" style="width:16px; text-align:center; padding:3px">&nbsp;</td>
<td width="50px">&nbsp;</td>
<td width="580px">
<div id="info" style="vertical-align:middle; padding: 3px">
<em><%:Collecting data...%></em>
</div>
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td style="vertical-align:center;font-size : 20px">
<div><%:Peer%></div>
</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td>
<div id="iinfo" style="vertical-align:middle; padding: 3px">
<em><%:Collecting data...%></em>
</div>
</td>
</tr>
</table>
<table width="900" border="0" id="second1">
<tr>
<td width="50px" style="vertical-align:center;font-size : 25px">
<div><%:Interface %></div>
</td>
<td width="100px" id="leg1" style="width:100px; text-align:left; padding:3px;font-size : 25px">&nbsp;</td>
<td width="650px">&nbsp;</td>
</tr>
</table>
<table width="900" border="0" id="second">
<tr>
<td width="20px">&nbsp;</td>
<td width="150px" style="vertical-align:center;font-size : 20px">
<div><%:Configuration%></div>
</td>
<td width="100px" id="config1" style="width:16px; text-align:center; padding:3px">&nbsp;</td>
<td width="50px">&nbsp;</td>
<td width="580px">
<div id="info1" style="vertical-align:middle; padding: 3px">
<em><%:Collecting data...%></em>
</div>
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td style="vertical-align:center;font-size : 20px">
<div><%:Peer%></div>
</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td>
<div id="iinfo1" style="vertical-align:middle; padding: 3px">
<em><%:Collecting data...%></em>
</div>
</td>
</tr>
</table>
<!--
<table id="cmdtxt" width="700" border="0" style="display:table;">
<tr>
<td width="100%">
<textarea readonly="readonly" name="attxt" id="attxt" rows="6" style="width: 600px;" maxlength="160"></textarea>
</td>
</tr>
</table> -->
</div>
</fieldset>

134
ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/conf.sh Executable file
View File

@@ -0,0 +1,134 @@
#!/bin/sh
log() {
modlog "Wireguard Conf" "$@"
}
name=$1
file=$2
auto=$3
if [ -z $auto ]; then
auto="0"
fi
extract() {
line=$1
PD=$(echo "$line" | grep "#")
if [ ! -z "$PD" ]; then
return
fi
PRK=$(echo "$line" | grep "PrivateKey" | tr " " ",")
if [ ! -z "$PRK" ]; then
PrivateKey=$(echo $PRK | cut -d, -f3)
fi
PRK=$(echo "$line" | grep "PublicKey" | tr " " ",")
if [ ! -z "$PRK" ]; then
PublicKey=$(echo $PRK | cut -d, -f3)
fi
PRK=$(echo "$line" | grep "PresharedKey" | tr " " ",")
if [ ! -z "$PRK" ]; then
PreSharedKey=$(echo $PRK | cut -d, -f3)
fi
INTER=$(echo "$line" | grep "WGinterface" | tr " " ",")
if [ ! -z "$INTER" ]; then
wginter=$(echo $INTER | cut -d, -f3)
if [ "$wginter" -gt 1 ]; then
wginter="1"
fi
fi
PRK=$(echo "$line" | grep "Address" | tr " " "#")
if [ ! -z "$PRK" ]; then
if [ -z $Address ]; then
Address=$(echo $PRK | cut -d# -f3)
else
Address=$Address","$(echo $PRK | cut -d# -f3)
fi
fi
PRK=$(echo "$line" | grep "dns" | tr " " "#")
if [ ! -z "$PRK" ]; then
dns=$(echo $PRK | cut -d# -f3)
fi
PRK=$(echo "$line" | grep "DNS" | tr " " "#")
if [ ! -z "$PRK" ]; then
dns=$(echo $PRK | cut -d# -f3)
fi
PRK=$(echo "$line" | grep "ListenPort" | tr " " ",")
if [ ! -z "$PRK" ]; then
listenport=$(echo $PRK | cut -d, -f3)
fi
PRK=$(echo "$line" | grep "AllowedIPs" | tr " " "#")
if [ ! -z "$PRK" ]; then
if [ -z $allowedips ]; then
allowedips=$(echo $PRK | cut -d# -f3)
else
allowedips=$allowedips","$(echo $PRK | cut -d# -f3)
fi
fi
PRK=$(echo "$line" | grep "Endpoint" | tr " " ",")
if [ ! -z "$PRK" ]; then
endpoint=$(echo $PRK | cut -d, -f3)
fi
MTU=$(echo "$line" | grep "MTU" | tr " " ",")
if [ ! -z "$MTU" ]; then
mtu=$(echo $MTU | cut -d, -f3)
fi
}
listenport="51280"
dns=""
sed -i -e "s!PrivateKey= !PrivateKey=!g" $file
sed -i -e "s!PrivateKey=!PrivateKey = !g" $file
sed -i -e "s!PublicKey= !PublicKey=!g" $file
sed -i -e "s!PublicKey=!PublicKey = !g" $file
sed -i -e "s!PresharedKey= !PresharedKey=!g" $file
sed -i -e "s!PresharedKey=!PresharedKey = !g" $file
sed -i -e "s!Address= !Address=!g" $file
sed -i -e "s!Address=!Address = !g" $file
sed -i -e "s!WGinterface=!WGinterface = !g" $file
sed -i -e "s!WGinterface= !WGinterface = !g" $file
sed -i -e "s!dns= !dns=!g" $file
sed -i -e "s!dns=!dns = !g" $file
sed -i -e "s!DNS= !DNS=!g" $file
sed -i -e "s!DNS=!DNS = !g" $file
sed -i -e "s!ListenPort= !ListenPort=!g" $file
sed -i -e "s!ListenPort=!ListenPort = !g" $file
sed -i -e "s!AllowedIPs= !AllowedIPs=!g" $file
sed -i -e "s!AllowedIPs=!AllowedIPs = !g" $file
sed -i -e "s!Endpoint= !Endpoint=!g" $file
sed -i -e "s!Endpoint=!Endpoint = !g" $file
sed -i -e "s!MTU= !MTU=!g" $file
sed -i -e "s!MTU=!MTU = !g" $file
while IFS= read -r linex
do
extract "$linex"
done < $file
extract "$linex"
PRK=$(echo "$endpoint" | tr ":" ",")
endpoint=$(echo $PRK | cut -d, -f1)
sport=$(echo $PRK | cut -d, -f2)
if [ -z "$wginter" ]; then
wginter="0"
fi
uci delete wireguard.$name
uci set wireguard.$name=wireguard
uci set wireguard.$name.auto=$auto
uci set wireguard.$name.client="1"
uci set wireguard.$name.active="0"
uci set wireguard.$name.privatekey="$PrivateKey"
uci set wireguard.$name.presharedkey="$PreSharedKey"
uci set wireguard.$name.port="$listenport"
uci set wireguard.$name.addresses="$Address"
uci set wireguard.$name.dns="$dns"
uci set wireguard.$name.wginter="$wginter"
uci set wireguard.$name.publickey="$PublicKey"
uci set wireguard.$name.endpoint_host="$endpoint"
uci set wireguard.$name.ips="$allowedips"
uci set wireguard.$name.name="$name"
uci set wireguard.$name.sport="$sport"
uci set wireguard.$name.mtu="$mtu"
uci set wireguard.$name.persistent_keepalive='25'
uci commit wireguard
rm -f $file

81
ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/create.sh Executable file
View File

@@ -0,0 +1,81 @@
#!/bin/sh
. /lib/functions.sh
log() {
logger -t "Wireguard Conf" "$@"
}
WG=$(cat /tmp/wginst)
do_create() {
local config=$1
config_get name $config name
if [ -z $name ]; then
name=$config
fi
echo "----Start Conf File for "$name" ----" >> ${PKI_DIR}/package/wg.conf
echo "[Interface]" >> ${PKI_DIR}/package/wg.conf
config_get privatekey $config privatekey
echo "PrivateKey = "$privatekey >> ${PKI_DIR}/package/wg.conf
config_get address $config address
echo "Address = "$address >> ${PKI_DIR}/package/wg.conf
config_get endpoint_port $config endpoint_port
if [ ! -z $endpoint_port ]; then
echo "ListenPort = "$endpoint_port >> ${PKI_DIR}/package/wg.conf
fi
config_get dns $config dns
if [ ! -z $dns ]; then
echo "DNS = "$dns >> ${PKI_DIR}/package/wg.conf
fi
config_get mtu $config mtu
if [ ! -z $mtu ]; then
echo "MTU = "$mtu >> ${PKI_DIR}/package/wg.conf
fi
config_get wginter $config wginter
if [ -z"$wginter"]; then
wginter=0
fi
#echo "PrivateKey = "$wginter >> ${PKI_DIR}/package/wg.conf
echo " " >> ${PKI_DIR}/package/wg.conf
echo "[Peer]" >> ${PKI_DIR}/package/wg.conf
PUB=$(uci get wireguard."$WG".publickey)
echo "PublicKey = "$PUB >> ${PKI_DIR}/package/wg.conf
USE=$(uci get wireguard."$WG".usepre)
if [ $USE = "1" ]; then
PRE=$(uci get wireguard."$WG".presharedkey)
echo "PresharedKey = "$PRE >> ${PKI_DIR}/package/wg.conf
fi
HOST=$(uci get wireguard."$WG".endpoint_host)
PORT=$(uci get wireguard."$WG".port)
if [ ! -z $PORT ]; then
HOST=$HOST":"$PORT
fi
echo "Endpoint = "$HOST >> ${PKI_DIR}/package/wg.conf
config_get allowed_ips $config allowed_ips
echo "AllowedIPs = "$allowed_ips >> ${PKI_DIR}/package/wg.conf
echo "----EndConf File for "$name" ----" >> ${PKI_DIR}/package/wg.conf
echo " " >> ${PKI_DIR}/package/wg.conf
}
#PKI_DIR="/tmp/wireguard"
PKI_DIR="/www"
#rm -rfv "$PKI_DIR"
#mkdir -p ${PKI_DIR}
#chmod -R 0777 ${PKI_DIR}
cd ${PKI_DIR}
mkdir -p package
cd ..
chmod -R 0777 ${PKI_DIR}/package
#rm -rfv "/www/package"
#ln -s ${PKI_DIR}/package /www/package
rm -f ${PKI_DIR}/package/wg.conf
config_load wireguard
config_foreach do_create custom$WG
cd ${PKI_DIR}/package
tar -czf wgconf.tar.gz wg.conf

68
ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/keygen.sh Executable file
View File

@@ -0,0 +1,68 @@
#!/bin/sh
. /lib/functions.sh
log() {
modlog "Wireguard KeyGen" "$@"
}
WG=$1
ww=$(echo "$WG" | grep "https")
if [ ! -z "$ww" ]; then
exit 0
fi
echo "$WG" > /tmp/wginst
sleep 5
EXST=$(uci get wireguard."$WG")
if [ -z $EXST ]; then
uci set wireguard."$WG"="wireguard"
uci commit wireguard
fi
PRIV=$(uci get wireguard."$WG".privatekey)
if [ -z $PRIV ]; then
umask u=rw,g=,o=
wg genkey | tee /tmp/wgserver.key | wg pubkey > /tmp/wgclient.pub
wg genpsk > /tmp/wg.psk
WG_KEY="$(cat /tmp/wgserver.key)" # private key
WG_PSK="$(cat /tmp/wg.psk)" # shared key
WG_PUB="$(cat /tmp/wgclient.pub)" # public key to be used on other end
rm -f /tmp/wgserver.key
rm -f /tmp/wg.psk
rm -f /tmp/wgclient.pub
uci set wireguard."$WG".privatekey=$WG_KEY
uci set wireguard."$WG".publickey=$WG_PUB
uci set wireguard."$WG".presharedkey=$WG_PSK
uci commit wireguard
fi
do_custom() {
local config=$1
config_get privatekey $config privatekey
if [ -z "$privatekey" ]; then
umask u=rw,g=,o=
wg genkey | tee /tmp/wgserver.key | wg pubkey > /tmp/wgclient.pub
wg genpsk > /tmp/wg.psk
WG_KEY="$(cat /tmp/wgserver.key)" # private key
WG_PSK="$(cat /tmp/wg.psk)" # shared key
WG_PUB="$(cat /tmp/wgclient.pub)" # public key to be used on other end
rm -f /tmp/wgserver.key
rm -f /tmp/wg.psk
rm -f /tmp/wgclient.pub
log "$WG_KEY"
uci set wireguard."$config".privatekey=$WG_KEY
uci set wireguard."$config".publickey=$WG_PUB
uci set wireguard."$config".presharedkey=$WG_PSK
uci set wireguard."$config".persistent_keepalive='25'
uci set wireguard."$config".route_allowed_ips='1'
fi
}
config_load wireguard
config_foreach do_custom custom$WG
uci commit wireguard

327
ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/startvpn.sh Executable file
View File

@@ -0,0 +1,327 @@
#!/bin/sh
. /lib/functions.sh
log() {
logger -t "Wireguard Start" "$@"
}
WG=$1
chk_zone() {
local config=$1
config_get src $config src
config_get dest $config dest
if [ $src = "lan" -a $dest = "wan" ]; then
uci set firewall."$config".dest="wg"
uci commit firewall
fi
}
do_dns() {
cdns=$1
local ifce=$2
ldns=$(uci -q get network.wg$ifce.dns)
ex=$(echo "$ldns" | grep "$cdns")
if [ -z $ex ]; then
log "Add DNS $cdns to WG$ifce"
uci add_list network.wg$ifce.dns="$cdns"
uci commit network
/etc/init.d/network reload
fi
}
do_port() {
PORT=$1
udp=$2
# look for rule for this port
INB="inbound"$PORT$udp
RULE=$(uci -q get firewall.$INB)
if [ -z $RULE ]; then
uci set firewall.$INB=rule
uci set firewall.$INB.name=$INB
uci set firewall.$INB.target=ACCEPT
uci set firewall.$INB.src=*
uci set firewall.$INB.proto=$udp
uci set firewall.$INB.dest_port=$PORT
uci commit firewall
/etc/init.d/firewall reload
fi
}
do_delete() {
local config=$1
uci delete network.$1
}
create_speer() {
local config=$1
uci set network.$config="wireguard_wg1"
config_get persistent_keepalive $config persistent_keepalive
uci set network.$config.persistent_keepalive="$persistent_keepalive"
config_get route_allowed_ips $config route_allowed_ips
uci set network.$config.route_allowed_ips="$route_allowed_ips"
config_get publickey $config publickey
uci set network.$config.public_key="$publickey"
usepre=$(uci -q get wireguard.$WG.usepre)
log "$usepre"
if [ $usepre = "1" ]; then
presharedkey=$(uci -q get wireguard.$WG.presharedkey)
log "$presharedkey"
uci set network.$config.preshared_key="$presharedkey"
fi
config_get allowed_ips $config allowed_ips
allowed_ips=$allowed_ips","
ips=$(echo $allowed_ips | cut -d, -f1)
i=1
while [ ! -z $ips ]
do
uci add_list network.$config.allowed_ips="$ips"
i=$((i+1))
ips=$(echo $allowed_ips | cut -d, -f$i)
done
}
create_cpeer() {
local config=$1
local ifce=$2
uci set network.$config="wireguard_wg$ifce"
publickey=$(uci -q get wireguard."$config".publickey)
uci set network.$config.public_key="$publickey"
presharedkey=$(uci -q get wireguard."$WG".presharedkey)
if [ ! -z $presharedkey ]; then
uci set network.$config.preshared_key="$presharedkey"
fi
persistent_keepalive=$(uci -q get wireguard."$config".persistent_keepalive)
if [ -z $persistent_keepalive ]; then
persistent_keepalive=25
fi
uci set network.$config.persistent_keepalive="$persistent_keepalive"
route_allowed_ips=1
uci set network.$config.route_allowed_ips="$route_allowed_ips"
if [ $UDP = 1 ]; then
endpoint_host="127.0.0.1"
uci set network.$config.endpoint_host="$endpoint_host"
sport=$(uci -q get wireguard."$config".port)
if [ -z $sport ]; then
sport="54321"
fi
uci set network.$config.endpoint_port="$sport"
else
endpoint_host=$(uci -q get wireguard."$config".endpoint_host)
uci set network.$config.endpoint_host="$endpoint_host"
sport=$(uci -q get wireguard."$config".sport)
if [ -z $sport ]; then
sport="51280"
fi
uci set network.$config.endpoint_port="$sport"
fi
ips=$(uci -q get wireguard."$config".ips)","
cips=$(echo $ips | cut -d, -f1)
i=1
while [ ! -z $cips ]
do
uci add_list network.$config.allowed_ips="$cips"
i=$((i+1))
cips=$(echo $ips | cut -d, -f$i)
done
}
handle_server() {
config_foreach do_delete wireguard_wg1
uci delete network.wg1
uci set network.wg1="interface"
uci set network.wg1.proto="wireguard"
auto=$(uci -q get wireguard."$WG".auto)
if [ -z $auto ]; then
auto="0"
fi
uci set network.wg1.auto="$auto"
port=$(uci -q get wireguard."$WG".port)
if [ -z $port ]; then
port="51280"
fi
uci set network.wg1.listen_port="$port"
do_port $port udp
privatekey=$(uci -q get wireguard."$WG".privatekey)
uci set network.wg1.private_key="$privatekey"
ips=$(uci -q get wireguard."$WG".addresses)","
cips=$(echo $ips | cut -d, -f1)
i=1
while [ ! -z $cips ]
do
uci add_list network.wg1.addresses="$cips"
i=$((i+1))
cips=$(echo $ips | cut -d, -f"$i")
if [ -z $cips ]; then
break
fi
done
config_load wireguard
config_foreach create_speer custom$WG
uci commit network
}
handle_client() {
ifce=$1
config_foreach do_delete wireguard_wg$ifce
uci delete network.wg$ifce
uci set network.wg$ifce="interface"
uci set network.wg$ifce.proto="wireguard"
uci set network.wg$ifce.metric="1"
auto=$(uci -q get wireguard."$WG".auto)
if [ -z $auto ]; then
auto="0"
fi
uci set network.wg$ifce.auto="$auto"
mtu=$(uci -q get wireguard."$WG".mtu)
if [ ! -z $mtu ]; then
uci set network.wg$ifce.mtu="$mtu"
fi
dns=$(uci -q get wireguard."$WG".dns)
if [ ! -z $dns ]; then
do_dns $dns $ifce
fi
port=$(uci -q get wireguard."$WG".port)
if [ -z $port ]; then
port="51280"
fi
uci set network.wg$ifce.listen_port="$port"
do_port $port udp
privatekey=$(uci -q get wireguard."$WG".privatekey)
uci set network.wg$ifce.private_key="$privatekey"
ips=$(uci -q get wireguard."$WG".addresses)","
cips=$(echo $ips | cut -d, -f1)
i=1
while [ ! -z "$cips" ]
do
uci add_list network.wg$ifce.addresses="$cips"
i=$((i+1))
cips=$(echo "$ips" | cut -d, -f"$i")
if [ -z "$cips" ]; then
break
fi
done
uci add_list network.wg$ifce.addresses="::/0"
create_cpeer $WG $ifce
uci commit network
}
udp_server() {
local config=$1
udpport=$(uci -q get wireguard."$WG".udpport)
if [ -z $udpport ]; then
udpport="54321"
fi
port=$(uci -q get wireguard."$WG".port)
if [ -z $port ]; then
port="54321"
fi
do_port $udpport tcp
udptunnel -s -v "0.0.0.0:"$udpport "127.0.0.1:"$port &
#log "udptunnel -s -v 0.0.0.0:$udpport 127.0.0.1:$port"
}
udp_client() {
local config=$1
port=$(uci -q get wireguard."$WG".port)
if [ -z $port ]; then
port="54321"
fi
endpoint_host=$(uci -q get wireguard.$WG.endpoint_host)
sport=$(uci -q get wireguard.$WG.sport)
if [ -z $sport ]; then
sport="51280"
fi
udptunnel "127.0.0.1:"$port $endpoint_host":"$sport &
#log "udptunnel 127.0.0.1:$port $endpoint_host:$sport"
}
forward=$(uci -q get wireguard."$WG".forward)
if [ "$forward" != "0" ]; then
config_load firewall
config_foreach chk_zone forwarding
else
uci set firewall.wgwforward=forwarding
uci set firewall.wgwforward.dest="wan"
uci set firewall.wgwforward.src="wg"
uci set firewall.wwgforward=forwarding
uci set firewall.wwgforward.dest="wg"
uci set firewall.wwgforward.src="wan"
uci set firewall.lwgforward=forwarding
uci set firewall.lwgforward.dest="wg"
uci set firewall.lwgforward.src="lan"
uci set firewall.wglforward=forwarding
uci set firewall.wglforward.dest="lan"
uci set firewall.wglforward.src="wg"
uci commit firewall
fi
/etc/init.d/firewall restart
config_load network
SERVE=$(uci -q get wireguard."$WG".client)
if [ $SERVE = "0" ]; then
running=$(uci -q get wireguard.settings.server)
if [ $running = 1 ]; then
exit 0
fi
UDP=$(uci -q get wireguard."$WG".udptunnel)
if [ $UDP = 1 ]; then
udp_server $WG
fi
handle_server
uci commit network
ifup wg1
sleep 2
uci set wireguard.settings.server="1"
else
running=$(uci -q get wireguard.settings.client)
log "Client running $running"
INTER=$(uci -q get wireguard."$WG".wginter)
if [ -z "$INTER" ]; then
INTER=0
fi
UDP=$(uci -q get wireguard."$WG".udptunnel)
if [ $UDP = 1 ]; then
udp_client $WG
fi
handle_client $INTER
uci commit network
log "Start Interface"
ifup wg$INTER
sleep 2
uci set wireguard.settings.client="1"
if [ -e /usr/lib/wireguard/wiremwan3.sh ]; then
/usr/lib/wireguard/wiremwan3.sh start
fi
fi
uci set wireguard."$WG".active="1"
uci commit wireguard

75
ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/stopvpn.sh Executable file
View File

@@ -0,0 +1,75 @@
#!/bin/sh
. /lib/functions.sh
log() {
logger -t "Wireguard Stop" "$@"
}
chk_zone() {
local config=$1
config_get src $config src
config_get dest $config dest
if [ $src = "lan" -a $dest = "wg" ]; then
uci set firewall."$config".dest="wan"
uci commit firewall
fi
}
WG=$1
forward=$(uci -q get wireguard."$WG".forward)
if [ "$forward" != "0" ]; then
config_load firewall
config_foreach chk_zone forwarding
else
uci delete firewall.wgwforward
uci delete firewall.wwgforward
uci delete firewall.lwgforward
uci delete firewall.wglforward
uci commit firewall
fi
/etc/init.d/firewall restart
SERVE=$(uci get wireguard."$WG".client)
if [ $SERVE = "0" ]; then
ifdown wg1
uci set wireguard.settings.server="0"
uci delete network.wg1
uci set network.wg1=interface
uci set network.wg1.proto="wireguard"
uci set network.wg1.auto="0"
uci set network.wg1.private_key=""
uci set network.wg1.listen_port=""
uci add_list network.wg1.addresses=""
uci commit network
else
INTER=$(uci -q get wireguard."$WG".wginter)
if [ -z "$INTER" ]; then
INTER=0
fi
ifdown wg$INTER
uci set wireguard.settings.client="0"
uci delete network.wg$INTER
uci set network.wg$INTER=interface
uci set network.wg$INTER.proto="wireguard"
uci set network.wg$INTER.auto="0"
uci set network.wg$INTER.private_key=""
uci set network.wg$INTER.listen_port=""
uci add_list network.wg$INTER.addresses=""
uci commit network
if [ -e /usr/lib/wireguard/wiremwan3.sh ]; then
/usr/lib/wireguard/wiremwan3.sh stop
fi
ifup wan
fi
UDP=$(uci get wireguard."$WG".udptunnel)
if [ $UDP = 1 ]; then
PID=$(ps |grep "udptunnel" | grep -v grep |head -n 1 | awk '{print $1}')
kill -9 $PID
fi
uci set wireguard."$WG".active="0"
uci commit wireguard
/etc/init.d/wireguard stop

19
ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/text.sh Executable file
View File

@@ -0,0 +1,19 @@
#!/bin/sh
. /lib/functions.sh
log() {
logger -t "Wireguard TextConf" "$@"
}
conf1=$1
conf=$(echo $conf1)
conf=$(echo "$conf" | tr "?" "~")
boot=$(echo "$conf" | cut -d~ -f1)
iname=$(echo "$conf" | cut -d~ -f2)
conf=$(echo "$conf1" | tr "?" "~")
confile=$(echo "$conf" | cut -d~ -f3)
echo "$confile" > /tmp/confile
/usr/lib/wireguard/conf.sh $iname /tmp/confile $boot

BIN
ipk-source/luci-app-GO-wireguard/root/www/luci-static/resources/icons/wireguard.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
ipk-source/luci-app-GO-wireguard/root/www/luci-static/resources/icons/wireguard_disabled.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB