diff --git a/ipk-source/luci-app-GO-wireguard/CONTROL/control b/ipk-source/luci-app-GO-wireguard/CONTROL/control new file mode 100755 index 0000000..4484a20 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/CONTROL/control @@ -0,0 +1,11 @@ +Package: ext-wireguard +Version: 4.500-1 +Depends: libc, wireguard-tools, kmod-wireguard, luci-proto-wireguard, udptunnel, eoip +Source: package/rooter/0optionalapps/ext-wireguard +SourceName: ext-wireguard +Section: utils +SourceDateEpoch: 1716401566 +Maintainer: Created by DM/makefile by Cobia@whirlpool +Architecture: all +Installed-Size: 23912 +Description: Install scripts for Wireguard diff --git a/ipk-source/luci-app-GO-wireguard/CONTROL/postinst b/ipk-source/luci-app-GO-wireguard/CONTROL/postinst new file mode 100755 index 0000000..77d54d2 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/CONTROL/postinst @@ -0,0 +1,3 @@ +#!/bin/sh +ln -sf /usr/bin/udptunnel /sbin/udptunnel +exit 0 diff --git a/ipk-source/luci-app-GO-wireguard/CONTROL/prerm b/ipk-source/luci-app-GO-wireguard/CONTROL/prerm new file mode 100755 index 0000000..12d06ec --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/CONTROL/prerm @@ -0,0 +1,4 @@ +#!/bin/sh +[ -s ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0 +. ${IPKG_INSTROOT}/lib/functions.sh +default_prerm $0 $@ diff --git a/ipk-source/luci-app-GO-wireguard/build-ipk b/ipk-source/luci-app-GO-wireguard/build-ipk new file mode 100755 index 0000000..eb83cf6 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/build-ipk @@ -0,0 +1,74 @@ +#!/bin/sh + +# Script for building OpenWRT .ipk packages using tar by iamromulan +# Works with SDXPPINN OpenWRT - iamromulan +# This script accepts an optional path to the directory containing the `CONTROL` and `root` directories. +# Usage: ./build-ipk.sh [path] +# If no path is provided, the script will look in the current directory for `CONTROL` and `root` directories. +# This will spit out an ipk in the current directory + +# Check if the script is run as root. If not, rerun with sudo. +if [ "$(id -u)" -ne 0 ]; then + echo "Script is not running as root. Re-executing with sudo..." + exec sudo "$0" "$@" +fi + +# Set the default build path to the current directory +build_path="." + +# Check if a path is provided as the first argument +if [ "$1" ]; then + build_path="$1" +fi + +# Check if the required directories are present in the specified path +if [ ! -d "${build_path}/CONTROL" ] || [ ! -d "${build_path}/root" ]; then + echo "Error: CONTROL and root directories must be present in the specified path (${build_path})." + exit 1 +fi + +# Extract values from the CONTROL/control file in the specified path +pkgname=$(grep -i '^Package:' "${build_path}/CONTROL/control" | awk '{print $2}') +version=$(grep -i '^Version:' "${build_path}/CONTROL/control" | awk '{print $2}') +architecture=$(grep -i '^Architecture:' "${build_path}/CONTROL/control" | awk '{print $2}') + +# Check if values are extracted correctly +if [ -z "$pkgname" ] || [ -z "$version" ] || [ -z "$architecture" ]; then + echo "Error: Failed to extract Package, Version, or Architecture from ${build_path}/CONTROL/control." + exit 1 +fi + +# Set the final IPK name based on the extracted values +ipkname="${pkgname}_${version}_${architecture}.ipk" + +# Ensure all CONTROL scripts are executable +echo "Setting permissions for CONTROL scripts..." +chmod +x "${build_path}/CONTROL"/* + +# Set ownership for CONTROL and root files +echo "Setting ownership for all package files..." +chown -R root:root "${build_path}/CONTROL"/* +chown -R root:root "${build_path}/root"/* + +# Create control.tar.gz from the CONTROL directory +echo "Creating control.tar.gz..." +tar -czvf control.tar.gz -C "${build_path}/CONTROL" . + +# Create data.tar.gz from the root directory +echo "Creating data.tar.gz..." +tar -czvf data.tar.gz -C "${build_path}/root" . + +# Create debian-binary file (must contain exactly "2.0" without a newline) +echo -n "2.0" > debian-binary +chown -R root:root debian-binary + +# Combine the components into the final .ipk file using tar +echo "Packaging ${ipkname}..." +tar -czvf "$ipkname" debian-binary control.tar.gz data.tar.gz + +# Clean up intermediate files +echo "Cleaning up temporary files..." +rm -f control.tar.gz data.tar.gz debian-binary + +echo "IPK package ${ipkname} created successfully using tar." + diff --git a/ipk-source/luci-app-GO-wireguard/root/etc/config/wireguard b/ipk-source/luci-app-GO-wireguard/root/etc/config/wireguard new file mode 100755 index 0000000..77908d4 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/etc/config/wireguard @@ -0,0 +1,5 @@ + +config settings 'settings' + option enabled '0' + option client '0' + option server '0' diff --git a/ipk-source/luci-app-GO-wireguard/root/etc/config/wireguard_recipes b/ipk-source/luci-app-GO-wireguard/root/etc/config/wireguard_recipes new file mode 100755 index 0000000..52a6b2b --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/etc/config/wireguard_recipes @@ -0,0 +1,36 @@ +config wireguard_recipe b_client + option _description "Wireguard Client" + option _role "client" + option client "1" + option port "51280" + option auto '0' + option addresses '' + option dns '' + option privatekey '' + option name '' + option keepalive '25' + option publickey '' + option presharedkey '' + option ips '' + option ra_ips '1' + option endpoint_host '' + option sport '51280' + option active '0' + option udptunnel '0' + option mtu '1280' + +config wireguard_recipe b_server + option _description "Wireguard Server" + option _role "server" + option client "0" + option port "51280" + option auto '0' + option addresses '' + option publickey '' + option privatekey '' + option usepre '0' + option presharedkey '' + option active '0' + option udptunnel '0' + option udpport '54321' + option mtu '1280' \ No newline at end of file diff --git a/ipk-source/luci-app-GO-wireguard/root/etc/init.d/wireguard b/ipk-source/luci-app-GO-wireguard/root/etc/init.d/wireguard new file mode 100755 index 0000000..16a34ce --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/etc/init.d/wireguard @@ -0,0 +1,92 @@ +#!/bin/sh /etc/rc.common +. /lib/functions.sh +# Copyright (C) 2006 OpenWrt.org + +START=99 + +log() { + logger -t "WireGuard Init.d : " "$@" +} + +chk_zone() { + local config=$1 + + config_get src $config src + config_get dest $config dest + if [ $src = "lan" -a $dest = "wg" ]; then + uci set firewall."$config".dest="wan" + uci commit firewall + fi +} + +check_config () { + log "Check Client Interfaces" + uci delete network.wg0 + uci delete network.wg1 + uci commit network + uci set network.wg0=interface + uci set network.wg0.proto="wireguard" + uci set network.wg0.auto="0" + uci set network.wg0.private_key="" + uci set network.wg0.listen_port="" + uci add_list network.wg0.addresses="" + uci set network.wg1=interface + uci set network.wg1.proto="wireguard" + uci set network.wg1.auto="0" + uci set network.wg1.private_key="" + uci set network.wg1.listen_port="" + uci add_list network.wg1.addresses="" + uci commit network + + uci delete firewall.wgzone + uci delete firewall.wgwforward + uci delete firewall.wwgforward + uci delete firewall.lwgforward + uci delete firewall.wglforward + uci commit firewall + uci set firewall.wgzone=zone + uci set firewall.wgzone.name="wg" + uci set firewall.wgzone.forward="ACCEPT" + uci set firewall.wgzone.output="ACCEPT" + uci set firewall.wgzone.network="wg0 wg1" + uci set firewall.wgzone.input="ACCEPT" + uci set firewall.wgzone.masq="1" + uci set firewall.wgzone.mtu_fix="1" + uci commit firewall + + config_load firewall + config_foreach chk_zone forwarding + + /etc/init.d/firewall restart +} + +chk_start() { + local config=$1 + + config_get auto $config auto + uci set wireguard."$config".active="0" + uci commit wireguard + if [ $auto = '1' ]; then + /usr/lib/wireguard/startvpn.sh $config + else + /usr/lib/wireguard/stopvpn.sh $config + fi +} + +start() { + uci set wireguard.settings.client="0" + uci set wireguard.settings.server="0" + uci commit wireguard + if [ ! -e /etc/openvpn ]; then + mkdir /etc/openvpn + fi + check_config + + config_load wireguard + config_foreach chk_start wireguard + if [ -e /etc/crontabs/root ]; then + sed -i '/wireguard_watchdog/d' /etc/crontabs/root + fi + echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root + /etc/init.d/cron restart +} \ No newline at end of file diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/controller/wireguard.lua b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/controller/wireguard.lua new file mode 100755 index 0000000..48ea3c3 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/controller/wireguard.lua @@ -0,0 +1,111 @@ +-- Copyright 2016-2017 Dan Luedtke +-- Licensed to the public under the Apache License 2.0. + +module("luci.controller.wireguard", package.seeall) + +I18N = require "luci.i18n" +translate = I18N.translate + +function index() + local multilock = luci.model.uci.cursor():get("custom", "multiuser", "multi") or "0" + local rootlock = luci.model.uci.cursor():get("custom", "multiuser", "root") or "0" + if (multilock == "0") or (multilock == "1" and rootlock == "1") then + entry({"admin", "vpn", "wireguard"}, cbi("wireguard"), _("Wireguard"), 63) + entry( {"admin", "vpn", "wireguard", "client"}, cbi("wireguard-client"), nil ).leaf = true + entry( {"admin", "vpn", "wireguard", "server"}, cbi("wireguard-server"), nil ).leaf = true + end + + entry( {"admin", "vpn", "wireguard", "wupload"}, call("conf_upload")) + entry( {"admin", "vpn", "generateconf"}, call("conf_gen")) + entry( {"admin", "vpn", "textconf"}, call("text_gen")) + entry( {"admin", "vpn", "wirestatus"}, call("wirestatus")) +end + +function conf_upload() + local fs = require("nixio.fs") + local http = require("luci.http") + local util = require("luci.util") + local uci = require("luci.model.uci").cursor() + local upload = http.formvalue("ovpn_file") + local name = http.formvalue("instance_name2") + local file = "/etc/openvpn/" ..name.. ".conf" + + if name and upload then + local fp + + http.setfilehandler( + function(meta, chunk, eof) + local data = util.trim(chunk:gsub("\r\n", "\n")) .. "\n" + data = util.trim(data:gsub("[\128-\255]", "")) + + if not fp and meta and meta.name == "ovpn_file" then + fp = io.open(file, "w") + end + if fp and data then + fp:write(data) + end + if fp and eof then + fp:close() + end + end + ) + + if fs.access(file) then + os.execute("/usr/lib/wireguard/conf.sh " .. name .. " " .. file) + end + end + http.redirect(luci.dispatcher.build_url('admin/vpn/wireguard')) +end + +function conf_gen() + os.execute("/usr/lib/wireguard/create.sh") +end + +function text_gen() + local set = luci.http.formvalue("set") + os.execute("/usr/lib/wireguard/text.sh " .. "\"" .. set .. "\"") +end + +function wirestatus() + local data = { } + local last_device = "" + + local wg_dump = io.popen("wg show all dump") + if wg_dump then + local line + for line in wg_dump:lines() do + local line = string.split(line, "\t") + if not (last_device == line[1]) then + last_device = line[1] + data[line[1]] = { + name = line[1], + public_key = line[3], + listen_port = line[4], + fwmark = line[5], + peers = { } + } + else + local peer = { + public_key = line[2], + endpoint = line[4], + allowed_ips = { }, + latest_handshake = line[6], + transfer_rx = line[7], + transfer_tx = line[8], + persistent_keepalive = line[9] + } + if not (line[4] == '(none)') then + for ipkey, ipvalue in pairs(string.split(line[5], ",")) do + if #ipvalue > 0 then + table.insert(peer['allowed_ips'], ipvalue) + end + end + end + table.insert(data[line[1]].peers, peer) + end + end + end + + luci.http.prepare_content("application/json") + luci.http.write_json(data) +end \ No newline at end of file diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard-client.lua b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard-client.lua new file mode 100755 index 0000000..45e2216 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard-client.lua @@ -0,0 +1,104 @@ +require("luci.ip") +require("luci.model.uci") + +--luci.sys.call("/usr/lib/wireguard/keygen.sh " .. arg[1]) + +local m = Map("wireguard", translate("Wireguard Client"), translate("Set up a Wireguard Client")) + +e = m:section(NamedSection, "settings", "") + +m.on_init = function(self) + --luci.sys.call("/usr/lib/wireguard/keygen.sh " .. arg[1]) +end + +btn = e:option(Button, "_btn", translate(" ")) +btn.inputtitle = translate("Back to Main Page") +btn.inputstyle = "apply" +btn.redirect = luci.dispatcher.build_url( + "admin", "vpn", "wireguard" +) +function btn.write(self, section, value) + luci.http.redirect( self.redirect ) +end + + +local s = m:section( NamedSection, arg[1], "wireguard", translate("Client") ) + +ip = s:option(Value, "addresses", translate("IP Addresses :"), translate("Comma separated list of IP Addresses that server will accept from this client")); +ip.rmempty = true; +ip.optional=false; +ip.default="10.14.0.2/24"; + +port = s:option(Value, "port", translate("Listen Port :"), translate("Client Listen Port")); +port.rmempty = true; +port.optional=false; +port.default="51820"; + +ul = s:option(ListValue, "udptunnel", translate("Enable UDP over TCP :")); +ul:value("0", translate("No")) +ul:value("1", translate("Yes")) +ul.default=0 + +dns = s:option(Value, "dns", translate("DNS Servers :"), translate("Comma separated list of DNS Servers.")); +dns.rmempty = true; +dns.optional=false; + +mtu = s:option(Value, "mtu", translate("MTU :"), translate("Maximum MTU")); +mtu.rmempty = true; +mtu.optional=false; +mtu.datatype = 'range(1280,1420)'; +mtu.default="1280"; + +pka = s:option(Value, "persistent_keepalive", translate("Persistent Keep Alive :"), translate("Seconds between keep alive messages")); +pka.rmempty = true; +pka.optional=false; +pka.datatype = 'range(1,100)'; +pka.default="25"; + +pkey = s:option(Value, "privatekey", translate("Private Key :"), translate("Private Key supplied by the Server")); +pkey.rmempty = true; +pkey.optional=false; + +il = s:option(ListValue, "wginter", translate("Interface to Use :")); +il:value("0", translate("WG0")) +il:value("1", translate("WG1")) +il.default="0" + +bl = s:option(ListValue, "auto", translate("Start on Boot :")); +bl:value("0", translate("No")) +bl:value("1", translate("Yes")) +bl.default="0" + +xbl = s:option(ListValue, "forward", translate("All Traffic Through Tunnel :")); +xbl:value("0", translate("No")) +xbl:value("1", translate("Yes")) +xbl.default="1" + +s = m:section( NamedSection, arg[1], "wireguard", translate("Server") ) + +name = s:option( Value, "name", translate("Server Name :"), translate("Optional Server name")) + +pukey = s:option(Value, "publickey", translate("Public Key :"), translate("Public Key of the Server")); +pukey.rmempty = true; +pukey.optional=false; + +prkey = s:option(Value, "presharedkey", translate("Presharedkey :"), translate("PreShared Key from the Server")); +prkey.rmempty = true; +prkey.optional=false; + +host = s:option(Value, "endpoint_host", translate("Server Address :"), translate("URL or IP Address of Server")); +host.rmempty = true; +host.optional=false; +host.default=""; + +sport = s:option(Value, "sport", translate("Listen Port :"), translate("Server Listen Port")); +sport.rmempty = true; +sport.optional=false; +sport.default="51820"; + +sip = s:option(Value, "ips", translate("Allowed IP Addresses :"), translate("Comma separated list of IP Addresses that server will accept")); +sip.rmempty = true; +sip.optional=false; +sip.default="10.14.0.0/24"; + +return m \ No newline at end of file diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard-server.lua b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard-server.lua new file mode 100755 index 0000000..5fb15ee --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard-server.lua @@ -0,0 +1,130 @@ +require("luci.ip") +require("luci.model.uci") + +--luci.sys.call("/usr/lib/wireguard/keygen.sh " .. arg[1]) + +local m = Map("wireguard", translate("Wireguard Server"), translate("Set up a Wireguard Server")) + +e = m:section(NamedSection, "settings", "") + +m.on_init = function(self) + luci.sys.call("/usr/lib/wireguard/keygen.sh " .. arg[1]) +end + +m.on_after_save = function(self) + luci.sys.call("/usr/lib/wireguard/keygen.sh " .. arg[1] .. "&") +end + +btn = e:option(Button, "_btn", translate(" ")) +btn.inputtitle = translate("Back to Main Page") +btn.inputstyle = "apply" +btn.redirect = luci.dispatcher.build_url( + "admin", "vpn", "wireguard" +) +function btn.write(self, section, value) + luci.http.redirect( self.redirect ) +end + + +local s = m:section( NamedSection, arg[1], "wireguard", translate("Server") ) + +ip = s:option(Value, "addresses", translate("Internal IP Address :")); +ip.rmempty = true; +ip.optional=false; +ip.default="10.14.0.1/32"; +ip.datatype = "ipaddr" + +host = s:option(Value, "endpoint_host", translate("Server Address :"), translate("URL or IP Address of Server")); +host.rmempty = true; +host.optional=false; +host.default="example.wireguard.org"; + +port = s:option(Value, "port", translate("Port :"), translate("Server Listen Port. Default is 51280")); +port.rmempty = true; +port.optional=false; +port.default="51280"; + +ul = s:option(ListValue, "udptunnel", "Enable UDP over TCP :"); +ul:value("0", translate("No")) +ul:value("1", translate("Yes")) +ul.default=0 + +uport = s:option(Value, "udpport", translate("UDP over TCP Port :"), translate("Server Local TCP Port. Default is 54321")); +uport.rmempty = true; +uport.optional=false; +uport.default="54321"; +uport:depends("udptunnel", "1") + +pkey = s:option(DummyValue, "privatekey", translate("Private Key :")); +pkey.optional=false; + +pukey = s:option(DummyValue, "publickey", translate("Public Key :"), translate("Server Public key sent to Clients")); +pukey.optional=false; + +pl = s:option(ListValue, "usepre", "Use PreSharedKey :"); +pl:value("0", translate("No")) +pl:value("1", translate("Yes")) +pl.default=0 + +prkey = s:option(DummyValue, "presharedkey", translate("PreShared Key :"), translate("PreShared Key sent to Client")); +prkey.optional=false; +prkey:depends("usepre", "1") + +bl = s:option(ListValue, "auto", translate("Start on Boot :")); +bl:value("0", translate("No")) +bl:value("1", translate("Yes")) +bl.default="0" + +xbl = s:option(ListValue, "forward", translate("All Traffic Through Tunnel :")); +xbl:value("0", translate("No")) +xbl:value("1", translate("Yes")) +xbl.default="1" + + +b3 = s:option(DummyValue, "blank", " "); + +sx = s:option(Value, "_dmy1", translate(" ")) +sx.template = "wireguard/conf" + +ss = m:section(TypedSection, "custom" .. arg[1], translate("Clients"), translate("Clients of this server")) +ss.anonymous = true +ss.addremove = true + +name = ss:option(Value, "name", translate("Client Name")) +name.optional=false; + +cport = ss:option(Value, "endpoint_port", translate("Listen Port :"), translate("Port sent to Client. Default is 51280")); +cport.rmempty = true; +cport.optional=false; +cport.default=""; + +aip = ss:option(Value, "address", translate("Assigned IP Address :"), translate("IP Address assigned to Client")); +aip.rmempty = true; +aip.optional=false; +aip.default="10.14.0.2/32"; + +dns = ss:option(Value, "dns", translate("DNS Servers :"), translate("Comma separated list of DNS Servers sent to Client")); +dns.rmempty = true; +dns.optional=false; +dns.default=""; + +mtu = ss:option(Value, "mtu", translate("MTU :"), translate("Maximum MTU")); +mtu.rmempty = true; +mtu.optional=false; +mtu.datatype = 'range(1280,1420)'; +mtu.default="1280"; + +aip = ss:option(Value, "allowed_ips", translate("Allowed IP Address :"), translate("Comma separated list of IP Addresses allowed from Client")); +aip.rmempty = true; +aip.optional=false; +aip.default="0.0.0.0/0,::/0"; + +pukey = ss:option(DummyValue, "publickey", translate("Public Key :"), translate("Client Public Key")); +pukey.optional=false; + +pikey = ss:option(DummyValue, "privatekey", translate("Private Key :"), translate("Private Key sent to Client")); +pikey.optional=false; + +b3 = ss:option(DummyValue, "blank", " "); + +return m \ No newline at end of file diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard.lua b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard.lua new file mode 100755 index 0000000..0aab305 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/model/cbi/wireguard.lua @@ -0,0 +1,182 @@ +local fs = require "nixio.fs" +local sys = require "luci.sys" +local uci = require "luci.model.uci".cursor() +local testfullps = sys.exec("ps --help 2>&1 | grep BusyBox") --check which ps do we have +local psstring = (string.len(testfullps)>0) and "ps w" or "ps axfw" --set command we use to get pid + +local m = Map("wireguard", translate("Wireguard"), translate("Set up a Wireguard VPN Tunnel on your Router")) + +local s = m:section( TypedSection, "wireguard", translate("Instances"), translate("Below is a list of configured Wireguard Instances and their current state") ) +s.template = "cbi/tblsection" +s.template_addremove = "wireguard/cbi-select-input-add" +s.addremove = true +s.add_select_options = { } + +local cfg = s:option(DummyValue, "config") +function cfg.cfgvalue(self, section) + local file_cfg = self.map:get(section, "client") + if file_cfg == "1" then + s.extedit = luci.dispatcher.build_url("admin", "vpn", "wireguard", "client", "%s") + else + s.extedit = luci.dispatcher.build_url("admin", "vpn", "wireguard", "server", "%s") + end +end + +uci:load("wireguard_recipes") +uci:foreach( "wireguard_recipes", "wireguard_recipe", + function(section) + s.add_select_options[section['.name']] = + section['_description'] or section['.name'] + end +) + +function s.parse(self, section) + local recipe = luci.http.formvalue( + luci.cbi.CREATE_PREFIX .. self.config .. "." .. + self.sectiontype .. ".select" + ) + + if recipe and not s.add_select_options[recipe] then + self.invalid_cts = true + else + TypedSection.parse( self, section ) + end +end + +function s.create(self, name) + local recipe = luci.http.formvalue( + luci.cbi.CREATE_PREFIX .. self.config .. "." .. + self.sectiontype .. ".select" + ) + local name = luci.http.formvalue( + luci.cbi.CREATE_PREFIX .. self.config .. "." .. + self.sectiontype .. ".text" + ) + if #name > 3 and not name:match("[^a-zA-Z0-9_]") then + local s = uci:section("wireguard", "wireguard", name) + if s then + local options = uci:get_all("wireguard_recipes", recipe) + for k, v in pairs(options) do + if k ~= "_role" and k ~= "_description" then + if type(v) == "boolean" then + v = v and "1" or "0" + end + uci:set("wireguard", name, k, v) + end + end + uci:save("wireguard") + uci:commit("wireguard") + if extedit then + luci.http.redirect( self.extedit:format(name) ) + end + end + elseif #name > 0 then + self.invalid_cts = true + end + return 0 +end + +function s.remove(self, name) + local cfg_file = "/etc/openvpn/" ..name.. ".conf" + local auth_file = "/etc/openvpn/" ..name.. ".auth" + if fs.access(cfg_file) then + fs.unlink(cfg_file) + end + if fs.access(auth_file) then + fs.unlink(auth_file) + end + uci:delete("wireguard", name) + uci:save("wireguard") + uci:commit("wireguard") +end + +local port = s:option( DummyValue, "client", translate("Type") ) +function port.cfgvalue(self, section) + local val = AbstractValue.cfgvalue(self, section) + if val == nil then + val = 0 + end + if val == "1" then + return "Client" + else + return "Server" + end +end + +local addr = s:option( DummyValue, "addresses", translate("IP Addresses") ) +function addr.cfgvalue(self, section) + local val = AbstractValue.cfgvalue(self, section) + return val or "----" +end + +local auto = s:option( DummyValue, "udptunnel", translate("UDP over TCP") ) +function auto.cfgvalue(self, section) + local val = AbstractValue.cfgvalue(self, section) + if val == nil then + val = 0 + end + if val == "1" then + return "Yes" + else + return "No" + end +end + +local auto = s:option( DummyValue, "auto", translate("Start on Boot") ) +function auto.cfgvalue(self, section) + local val = AbstractValue.cfgvalue(self, section) + if val == nil then + val = 0 + end + if val == "1" then + return "Yes" + else + return "No" + end +end + +local active = s:option( DummyValue, "active", translate("Started") ) +function active.cfgvalue(self, section) + local val = AbstractValue.cfgvalue(self, section) + if val == nil then + val = 0 + end + if val == "1" then + return "Yes" + else + return "No" + end +end + +local updown = s:option( Button, "_updown", translate("Start/Stop") ) +updown._state = false +updown.redirect = luci.dispatcher.build_url( + "admin", "vpn", "wireguard" +) +function updown.cbid(self, section) + local file_cfg = self.map:get(section, "active") + if file_cfg == "1" then + pid = 1 + else + pid = nil + end + self._state = pid ~= nil + self.option = self._state and "stop" or "start" + return AbstractValue.cbid(self, section) +end +function updown.cfgvalue(self, section) + self.title = self._state and "stop" or "start" + self.inputstyle = self._state and "reset" or "reload" +end +function updown.write(self, section, value) + if self.option == "stop" then + sys.call("/usr/lib/wireguard/stopvpn.sh %s" % section) + else + sys.call("/usr/lib/wireguard/startvpn.sh %s" % section) + end + luci.http.redirect( self.redirect ) +end + +m:section(SimpleSection).template = "wireguard/wireguard" + +return m \ No newline at end of file diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/cbi-select-input-add.htm b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/cbi-select-input-add.htm new file mode 100755 index 0000000..8f37846 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/cbi-select-input-add.htm @@ -0,0 +1,111 @@ + + + +<%+wireguard/ovpn_css%> + +
+
+

<%:Template based configuration%>

+
+
+ +
+
+ +
+
+
+
+
+

<%:Conf configuration file upload%>

+
+
+ +
+
+ +
+
+ +
+
+
+
+ +
+
diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/conf.htm b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/conf.htm new file mode 100755 index 0000000..e75e88f --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/conf.htm @@ -0,0 +1,27 @@ + + + +
+ + + + + + + +
   
+
diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/ovpn_css.htm b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/ovpn_css.htm new file mode 100755 index 0000000..55c0a54 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/ovpn_css.htm @@ -0,0 +1,38 @@ + diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/pageswitch.htm b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/pageswitch.htm new file mode 100755 index 0000000..47056fa --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/pageswitch.htm @@ -0,0 +1,30 @@ +<%# + Copyright 2008 Steven Barth + Copyright 2008 Jo-Philipp Wich + Licensed to the public under the Apache License 2.0. +-%> + +<%+openvpn/ovpn_css%> + +
+

+ <%:Overview%> » + <%=luci.i18n.translatef("Instance \"%s\"", self.instance)%> +

+ <% if self.mode == "basic" then %> + "><%:Switch to advanced configuration%> »

+

+ <% elseif self.mode == "advanced" then %> + <%:Switch to basic configuration%> »

+

+ <%:Configuration category%>: + <% for i, c in ipairs(self.categories) do %> + <% if c == self.category then %> + <%=translate(c)%> + <% else %> + "><%=translate(c)%> + <% end %> + <% if next(self.categories, i) then %>|<% end %> + <% end %> + <% end %> +
diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/text_conf.htm b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/text_conf.htm new file mode 100755 index 0000000..2a1a4b5 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/text_conf.htm @@ -0,0 +1,61 @@ +<% + +%> + + + +
+ <%:Paste Configuration File Here%> + + + + +
+ +
+ + + + + + + + + + +
<%:Instance Name : %>
<%:Start on Boot : %>
 + +  
+
diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/wireguard.htm b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/wireguard.htm new file mode 100755 index 0000000..cf7544e --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/lua/luci/view/wireguard/wireguard.htm @@ -0,0 +1,228 @@ +<%# + Copyright 2016-2017 Dan Luedtke + Licensed to the public under the Apache License 2.0. +-%> + +<% + +-%> + + + +

<%:WireGuard Status%>

+ +
+ +
+ + + + + + +
+
<%:Interface %>
+ 		  
+ + + + + + + + + + + + + + + +
  +
<%:Configuration%>
+ 		   +
+ <%:Collecting data...%> +
+
  +
<%:Peer%>
+ 		   +
+ <%:Collecting data...%> +
+
+ + + + + + + +
+
<%:Interface %>
+ 		  
+ + + + + + + + + + + + + + + +
  +
<%:Configuration%>
+ 		   +
+ <%:Collecting data...%> +
+
  +
<%:Peer%>
+ 		   +
+ <%:Collecting data...%> +
+
+ +
+ +
+ diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/conf.sh b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/conf.sh new file mode 100755 index 0000000..5c36ca2 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/conf.sh @@ -0,0 +1,134 @@ +#!/bin/sh + +log() { + modlog "Wireguard Conf" "$@" +} + +name=$1 +file=$2 +auto=$3 +if [ -z $auto ]; then + auto="0" +fi + +extract() { + line=$1 + PD=$(echo "$line" | grep "#") + if [ ! -z "$PD" ]; then + return + fi + PRK=$(echo "$line" | grep "PrivateKey" | tr " " ",") + if [ ! -z "$PRK" ]; then + PrivateKey=$(echo $PRK | cut -d, -f3) + fi + PRK=$(echo "$line" | grep "PublicKey" | tr " " ",") + if [ ! -z "$PRK" ]; then + PublicKey=$(echo $PRK | cut -d, -f3) + fi + PRK=$(echo "$line" | grep "PresharedKey" | tr " " ",") + if [ ! -z "$PRK" ]; then + PreSharedKey=$(echo $PRK | cut -d, -f3) + fi + INTER=$(echo "$line" | grep "WGinterface" | tr " " ",") + if [ ! -z "$INTER" ]; then + wginter=$(echo $INTER | cut -d, -f3) + if [ "$wginter" -gt 1 ]; then + wginter="1" + fi + fi + PRK=$(echo "$line" | grep "Address" | tr " " "#") + if [ ! -z "$PRK" ]; then + if [ -z $Address ]; then + Address=$(echo $PRK | cut -d# -f3) + else + Address=$Address","$(echo $PRK | cut -d# -f3) + fi + fi + PRK=$(echo "$line" | grep "dns" | tr " " "#") + if [ ! -z "$PRK" ]; then + dns=$(echo $PRK | cut -d# -f3) + fi + PRK=$(echo "$line" | grep "DNS" | tr " " "#") + if [ ! -z "$PRK" ]; then + dns=$(echo $PRK | cut -d# -f3) + fi + PRK=$(echo "$line" | grep "ListenPort" | tr " " ",") + if [ ! -z "$PRK" ]; then + listenport=$(echo $PRK | cut -d, -f3) + fi + PRK=$(echo "$line" | grep "AllowedIPs" | tr " " "#") + if [ ! -z "$PRK" ]; then + if [ -z $allowedips ]; then + allowedips=$(echo $PRK | cut -d# -f3) + else + allowedips=$allowedips","$(echo $PRK | cut -d# -f3) + fi + fi + PRK=$(echo "$line" | grep "Endpoint" | tr " " ",") + if [ ! -z "$PRK" ]; then + endpoint=$(echo $PRK | cut -d, -f3) + fi + MTU=$(echo "$line" | grep "MTU" | tr " " ",") + if [ ! -z "$MTU" ]; then + mtu=$(echo $MTU | cut -d, -f3) + fi +} + +listenport="51280" +dns="" +sed -i -e "s!PrivateKey= !PrivateKey=!g" $file +sed -i -e "s!PrivateKey=!PrivateKey = !g" $file +sed -i -e "s!PublicKey= !PublicKey=!g" $file +sed -i -e "s!PublicKey=!PublicKey = !g" $file +sed -i -e "s!PresharedKey= !PresharedKey=!g" $file +sed -i -e "s!PresharedKey=!PresharedKey = !g" $file +sed -i -e "s!Address= !Address=!g" $file +sed -i -e "s!Address=!Address = !g" $file +sed -i -e "s!WGinterface=!WGinterface = !g" $file +sed -i -e "s!WGinterface= !WGinterface = !g" $file +sed -i -e "s!dns= !dns=!g" $file +sed -i -e "s!dns=!dns = !g" $file +sed -i -e "s!DNS= !DNS=!g" $file +sed -i -e "s!DNS=!DNS = !g" $file +sed -i -e "s!ListenPort= !ListenPort=!g" $file +sed -i -e "s!ListenPort=!ListenPort = !g" $file +sed -i -e "s!AllowedIPs= !AllowedIPs=!g" $file +sed -i -e "s!AllowedIPs=!AllowedIPs = !g" $file +sed -i -e "s!Endpoint= !Endpoint=!g" $file +sed -i -e "s!Endpoint=!Endpoint = !g" $file +sed -i -e "s!MTU= !MTU=!g" $file +sed -i -e "s!MTU=!MTU = !g" $file + +while IFS= read -r linex +do + extract "$linex" +done < $file +extract "$linex" +PRK=$(echo "$endpoint" | tr ":" ",") +endpoint=$(echo $PRK | cut -d, -f1) +sport=$(echo $PRK | cut -d, -f2) +if [ -z "$wginter" ]; then + wginter="0" +fi +uci delete wireguard.$name +uci set wireguard.$name=wireguard +uci set wireguard.$name.auto=$auto +uci set wireguard.$name.client="1" +uci set wireguard.$name.active="0" +uci set wireguard.$name.privatekey="$PrivateKey" +uci set wireguard.$name.presharedkey="$PreSharedKey" +uci set wireguard.$name.port="$listenport" +uci set wireguard.$name.addresses="$Address" +uci set wireguard.$name.dns="$dns" +uci set wireguard.$name.wginter="$wginter" +uci set wireguard.$name.publickey="$PublicKey" +uci set wireguard.$name.endpoint_host="$endpoint" +uci set wireguard.$name.ips="$allowedips" +uci set wireguard.$name.name="$name" +uci set wireguard.$name.sport="$sport" +uci set wireguard.$name.mtu="$mtu" +uci set wireguard.$name.persistent_keepalive='25' +uci commit wireguard + +rm -f $file + \ No newline at end of file diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/create.sh b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/create.sh new file mode 100755 index 0000000..bbde0c8 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/create.sh @@ -0,0 +1,81 @@ +#!/bin/sh +. /lib/functions.sh + +log() { + logger -t "Wireguard Conf" "$@" +} + +WG=$(cat /tmp/wginst) + +do_create() { + local config=$1 + + config_get name $config name + if [ -z $name ]; then + name=$config + fi + + echo "----Start Conf File for "$name" ----" >> ${PKI_DIR}/package/wg.conf + echo "[Interface]" >> ${PKI_DIR}/package/wg.conf + config_get privatekey $config privatekey + echo "PrivateKey = "$privatekey >> ${PKI_DIR}/package/wg.conf + config_get address $config address + echo "Address = "$address >> ${PKI_DIR}/package/wg.conf + config_get endpoint_port $config endpoint_port + if [ ! -z $endpoint_port ]; then + echo "ListenPort = "$endpoint_port >> ${PKI_DIR}/package/wg.conf + fi + config_get dns $config dns + if [ ! -z $dns ]; then + echo "DNS = "$dns >> ${PKI_DIR}/package/wg.conf + fi + config_get mtu $config mtu + if [ ! -z $mtu ]; then + echo "MTU = "$mtu >> ${PKI_DIR}/package/wg.conf + fi + config_get wginter $config wginter + if [ -z"$wginter"]; then + wginter=0 + fi + #echo "PrivateKey = "$wginter >> ${PKI_DIR}/package/wg.conf + echo " " >> ${PKI_DIR}/package/wg.conf + echo "[Peer]" >> ${PKI_DIR}/package/wg.conf + PUB=$(uci get wireguard."$WG".publickey) + echo "PublicKey = "$PUB >> ${PKI_DIR}/package/wg.conf + USE=$(uci get wireguard."$WG".usepre) + if [ $USE = "1" ]; then + PRE=$(uci get wireguard."$WG".presharedkey) + echo "PresharedKey = "$PRE >> ${PKI_DIR}/package/wg.conf + fi + HOST=$(uci get wireguard."$WG".endpoint_host) + PORT=$(uci get wireguard."$WG".port) + if [ ! -z $PORT ]; then + HOST=$HOST":"$PORT + fi + echo "Endpoint = "$HOST >> ${PKI_DIR}/package/wg.conf + config_get allowed_ips $config allowed_ips + echo "AllowedIPs = "$allowed_ips >> ${PKI_DIR}/package/wg.conf + echo "----EndConf File for "$name" ----" >> ${PKI_DIR}/package/wg.conf + echo " " >> ${PKI_DIR}/package/wg.conf +} + +#PKI_DIR="/tmp/wireguard" +PKI_DIR="/www" +#rm -rfv "$PKI_DIR" +#mkdir -p ${PKI_DIR} +#chmod -R 0777 ${PKI_DIR} +cd ${PKI_DIR} +mkdir -p package +cd .. +chmod -R 0777 ${PKI_DIR}/package +#rm -rfv "/www/package" +#ln -s ${PKI_DIR}/package /www/package + + +rm -f ${PKI_DIR}/package/wg.conf +config_load wireguard +config_foreach do_create custom$WG + +cd ${PKI_DIR}/package + +tar -czf wgconf.tar.gz wg.conf diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/keygen.sh b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/keygen.sh new file mode 100755 index 0000000..4733ae1 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/keygen.sh @@ -0,0 +1,68 @@ +#!/bin/sh +. /lib/functions.sh + +log() { + modlog "Wireguard KeyGen" "$@" +} + +WG=$1 + +ww=$(echo "$WG" | grep "https") +if [ ! -z "$ww" ]; then + exit 0 +fi +echo "$WG" > /tmp/wginst + +sleep 5 + +EXST=$(uci get wireguard."$WG") +if [ -z $EXST ]; then + uci set wireguard."$WG"="wireguard" + uci commit wireguard +fi + +PRIV=$(uci get wireguard."$WG".privatekey) +if [ -z $PRIV ]; then + umask u=rw,g=,o= + wg genkey | tee /tmp/wgserver.key | wg pubkey > /tmp/wgclient.pub + wg genpsk > /tmp/wg.psk + + WG_KEY="$(cat /tmp/wgserver.key)" # private key + WG_PSK="$(cat /tmp/wg.psk)" # shared key + WG_PUB="$(cat /tmp/wgclient.pub)" # public key to be used on other end + rm -f /tmp/wgserver.key + rm -f /tmp/wg.psk + rm -f /tmp/wgclient.pub + uci set wireguard."$WG".privatekey=$WG_KEY + uci set wireguard."$WG".publickey=$WG_PUB + uci set wireguard."$WG".presharedkey=$WG_PSK + uci commit wireguard +fi + +do_custom() { + local config=$1 + + config_get privatekey $config privatekey + if [ -z "$privatekey" ]; then + umask u=rw,g=,o= + wg genkey | tee /tmp/wgserver.key | wg pubkey > /tmp/wgclient.pub + wg genpsk > /tmp/wg.psk + + WG_KEY="$(cat /tmp/wgserver.key)" # private key + WG_PSK="$(cat /tmp/wg.psk)" # shared key + WG_PUB="$(cat /tmp/wgclient.pub)" # public key to be used on other end + rm -f /tmp/wgserver.key + rm -f /tmp/wg.psk + rm -f /tmp/wgclient.pub + log "$WG_KEY" + uci set wireguard."$config".privatekey=$WG_KEY + uci set wireguard."$config".publickey=$WG_PUB + uci set wireguard."$config".presharedkey=$WG_PSK + uci set wireguard."$config".persistent_keepalive='25' + uci set wireguard."$config".route_allowed_ips='1' + fi +} + +config_load wireguard +config_foreach do_custom custom$WG +uci commit wireguard \ No newline at end of file diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/startvpn.sh b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/startvpn.sh new file mode 100755 index 0000000..5beade6 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/startvpn.sh @@ -0,0 +1,327 @@ +#!/bin/sh +. /lib/functions.sh + +log() { + logger -t "Wireguard Start" "$@" +} + +WG=$1 + +chk_zone() { + local config=$1 + + config_get src $config src + config_get dest $config dest + if [ $src = "lan" -a $dest = "wan" ]; then + uci set firewall."$config".dest="wg" + uci commit firewall + fi +} + +do_dns() { + cdns=$1 + local ifce=$2 + ldns=$(uci -q get network.wg$ifce.dns) + ex=$(echo "$ldns" | grep "$cdns") + if [ -z $ex ]; then + log "Add DNS $cdns to WG$ifce" + uci add_list network.wg$ifce.dns="$cdns" + uci commit network + /etc/init.d/network reload + fi +} + +do_port() { + PORT=$1 + udp=$2 + # look for rule for this port + INB="inbound"$PORT$udp + RULE=$(uci -q get firewall.$INB) + if [ -z $RULE ]; then + uci set firewall.$INB=rule + uci set firewall.$INB.name=$INB + uci set firewall.$INB.target=ACCEPT + uci set firewall.$INB.src=* + uci set firewall.$INB.proto=$udp + uci set firewall.$INB.dest_port=$PORT + uci commit firewall + /etc/init.d/firewall reload + fi +} + +do_delete() { + local config=$1 + + uci delete network.$1 +} + +create_speer() { + local config=$1 + + uci set network.$config="wireguard_wg1" + + config_get persistent_keepalive $config persistent_keepalive + uci set network.$config.persistent_keepalive="$persistent_keepalive" + config_get route_allowed_ips $config route_allowed_ips + uci set network.$config.route_allowed_ips="$route_allowed_ips" + config_get publickey $config publickey + uci set network.$config.public_key="$publickey" + usepre=$(uci -q get wireguard.$WG.usepre) + log "$usepre" + if [ $usepre = "1" ]; then + presharedkey=$(uci -q get wireguard.$WG.presharedkey) + log "$presharedkey" + uci set network.$config.preshared_key="$presharedkey" + fi + config_get allowed_ips $config allowed_ips + allowed_ips=$allowed_ips"," + ips=$(echo $allowed_ips | cut -d, -f1) + i=1 + while [ ! -z $ips ] + do + uci add_list network.$config.allowed_ips="$ips" + i=$((i+1)) + ips=$(echo $allowed_ips | cut -d, -f$i) + done + +} + +create_cpeer() { + local config=$1 + local ifce=$2 + + uci set network.$config="wireguard_wg$ifce" + + publickey=$(uci -q get wireguard."$config".publickey) + uci set network.$config.public_key="$publickey" + presharedkey=$(uci -q get wireguard."$WG".presharedkey) + if [ ! -z $presharedkey ]; then + uci set network.$config.preshared_key="$presharedkey" + fi + persistent_keepalive=$(uci -q get wireguard."$config".persistent_keepalive) + if [ -z $persistent_keepalive ]; then + persistent_keepalive=25 + fi + uci set network.$config.persistent_keepalive="$persistent_keepalive" + route_allowed_ips=1 + uci set network.$config.route_allowed_ips="$route_allowed_ips" + + if [ $UDP = 1 ]; then + endpoint_host="127.0.0.1" + uci set network.$config.endpoint_host="$endpoint_host" + sport=$(uci -q get wireguard."$config".port) + if [ -z $sport ]; then + sport="54321" + fi + uci set network.$config.endpoint_port="$sport" + else + endpoint_host=$(uci -q get wireguard."$config".endpoint_host) + uci set network.$config.endpoint_host="$endpoint_host" + sport=$(uci -q get wireguard."$config".sport) + if [ -z $sport ]; then + sport="51280" + fi + uci set network.$config.endpoint_port="$sport" + fi + + ips=$(uci -q get wireguard."$config".ips)"," + cips=$(echo $ips | cut -d, -f1) + i=1 + while [ ! -z $cips ] + do + uci add_list network.$config.allowed_ips="$cips" + i=$((i+1)) + cips=$(echo $ips | cut -d, -f$i) + done +} + +handle_server() { + config_foreach do_delete wireguard_wg1 + + uci delete network.wg1 + uci set network.wg1="interface" + uci set network.wg1.proto="wireguard" + + auto=$(uci -q get wireguard."$WG".auto) + if [ -z $auto ]; then + auto="0" + fi + uci set network.wg1.auto="$auto" + + port=$(uci -q get wireguard."$WG".port) + if [ -z $port ]; then + port="51280" + fi + uci set network.wg1.listen_port="$port" + do_port $port udp + + privatekey=$(uci -q get wireguard."$WG".privatekey) + uci set network.wg1.private_key="$privatekey" + + ips=$(uci -q get wireguard."$WG".addresses)"," + cips=$(echo $ips | cut -d, -f1) + i=1 + while [ ! -z $cips ] + do + uci add_list network.wg1.addresses="$cips" + i=$((i+1)) + cips=$(echo $ips | cut -d, -f"$i") + if [ -z $cips ]; then + break + fi + done + + config_load wireguard + config_foreach create_speer custom$WG + + uci commit network +} + +handle_client() { + ifce=$1 + config_foreach do_delete wireguard_wg$ifce + + uci delete network.wg$ifce + uci set network.wg$ifce="interface" + uci set network.wg$ifce.proto="wireguard" + uci set network.wg$ifce.metric="1" + + auto=$(uci -q get wireguard."$WG".auto) + if [ -z $auto ]; then + auto="0" + fi + uci set network.wg$ifce.auto="$auto" + mtu=$(uci -q get wireguard."$WG".mtu) + if [ ! -z $mtu ]; then + uci set network.wg$ifce.mtu="$mtu" + fi + dns=$(uci -q get wireguard."$WG".dns) + if [ ! -z $dns ]; then + do_dns $dns $ifce + fi + port=$(uci -q get wireguard."$WG".port) + if [ -z $port ]; then + port="51280" + fi + uci set network.wg$ifce.listen_port="$port" + do_port $port udp + + privatekey=$(uci -q get wireguard."$WG".privatekey) + uci set network.wg$ifce.private_key="$privatekey" + + ips=$(uci -q get wireguard."$WG".addresses)"," + cips=$(echo $ips | cut -d, -f1) + i=1 + while [ ! -z "$cips" ] + do + uci add_list network.wg$ifce.addresses="$cips" + i=$((i+1)) + cips=$(echo "$ips" | cut -d, -f"$i") + if [ -z "$cips" ]; then + break + fi + done + uci add_list network.wg$ifce.addresses="::/0" + + create_cpeer $WG $ifce + + uci commit network +} + +udp_server() { + local config=$1 + udpport=$(uci -q get wireguard."$WG".udpport) + if [ -z $udpport ]; then + udpport="54321" + fi + port=$(uci -q get wireguard."$WG".port) + if [ -z $port ]; then + port="54321" + fi + do_port $udpport tcp + udptunnel -s -v "0.0.0.0:"$udpport "127.0.0.1:"$port & + #log "udptunnel -s -v 0.0.0.0:$udpport 127.0.0.1:$port" +} + +udp_client() { + local config=$1 + port=$(uci -q get wireguard."$WG".port) + if [ -z $port ]; then + port="54321" + fi + endpoint_host=$(uci -q get wireguard.$WG.endpoint_host) + sport=$(uci -q get wireguard.$WG.sport) + if [ -z $sport ]; then + sport="51280" + fi + + udptunnel "127.0.0.1:"$port $endpoint_host":"$sport & + #log "udptunnel 127.0.0.1:$port $endpoint_host:$sport" +} + +forward=$(uci -q get wireguard."$WG".forward) +if [ "$forward" != "0" ]; then + config_load firewall + config_foreach chk_zone forwarding +else + uci set firewall.wgwforward=forwarding + uci set firewall.wgwforward.dest="wan" + uci set firewall.wgwforward.src="wg" + + uci set firewall.wwgforward=forwarding + uci set firewall.wwgforward.dest="wg" + uci set firewall.wwgforward.src="wan" + + uci set firewall.lwgforward=forwarding + uci set firewall.lwgforward.dest="wg" + uci set firewall.lwgforward.src="lan" + + uci set firewall.wglforward=forwarding + uci set firewall.wglforward.dest="lan" + uci set firewall.wglforward.src="wg" + uci commit firewall +fi +/etc/init.d/firewall restart + +config_load network +SERVE=$(uci -q get wireguard."$WG".client) +if [ $SERVE = "0" ]; then + running=$(uci -q get wireguard.settings.server) + if [ $running = 1 ]; then + exit 0 + fi + UDP=$(uci -q get wireguard."$WG".udptunnel) + if [ $UDP = 1 ]; then + udp_server $WG + fi + handle_server + uci commit network + ifup wg1 + sleep 2 + uci set wireguard.settings.server="1" +else + running=$(uci -q get wireguard.settings.client) + log "Client running $running" + + INTER=$(uci -q get wireguard."$WG".wginter) + if [ -z "$INTER" ]; then + INTER=0 + fi + UDP=$(uci -q get wireguard."$WG".udptunnel) + if [ $UDP = 1 ]; then + udp_client $WG + fi + handle_client $INTER + uci commit network + log "Start Interface" + ifup wg$INTER + sleep 2 + uci set wireguard.settings.client="1" + if [ -e /usr/lib/wireguard/wiremwan3.sh ]; then + /usr/lib/wireguard/wiremwan3.sh start + fi +fi + +uci set wireguard."$WG".active="1" +uci commit wireguard + diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/stopvpn.sh b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/stopvpn.sh new file mode 100755 index 0000000..6258784 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/stopvpn.sh @@ -0,0 +1,75 @@ +#!/bin/sh +. /lib/functions.sh + +log() { + logger -t "Wireguard Stop" "$@" +} + +chk_zone() { + local config=$1 + + config_get src $config src + config_get dest $config dest + if [ $src = "lan" -a $dest = "wg" ]; then + uci set firewall."$config".dest="wan" + uci commit firewall + fi +} + +WG=$1 + +forward=$(uci -q get wireguard."$WG".forward) +if [ "$forward" != "0" ]; then + config_load firewall + config_foreach chk_zone forwarding +else + uci delete firewall.wgwforward + uci delete firewall.wwgforward + uci delete firewall.lwgforward + uci delete firewall.wglforward + uci commit firewall +fi +/etc/init.d/firewall restart + +SERVE=$(uci get wireguard."$WG".client) +if [ $SERVE = "0" ]; then + ifdown wg1 + uci set wireguard.settings.server="0" + uci delete network.wg1 + uci set network.wg1=interface + uci set network.wg1.proto="wireguard" + uci set network.wg1.auto="0" + uci set network.wg1.private_key="" + uci set network.wg1.listen_port="" + uci add_list network.wg1.addresses="" + uci commit network +else + INTER=$(uci -q get wireguard."$WG".wginter) + if [ -z "$INTER" ]; then + INTER=0 + fi + ifdown wg$INTER + uci set wireguard.settings.client="0" + uci delete network.wg$INTER + uci set network.wg$INTER=interface + uci set network.wg$INTER.proto="wireguard" + uci set network.wg$INTER.auto="0" + uci set network.wg$INTER.private_key="" + uci set network.wg$INTER.listen_port="" + uci add_list network.wg$INTER.addresses="" + uci commit network + if [ -e /usr/lib/wireguard/wiremwan3.sh ]; then + /usr/lib/wireguard/wiremwan3.sh stop + fi + ifup wan +fi +UDP=$(uci get wireguard."$WG".udptunnel) +if [ $UDP = 1 ]; then + PID=$(ps |grep "udptunnel" | grep -v grep |head -n 1 | awk '{print $1}') + kill -9 $PID +fi + +uci set wireguard."$WG".active="0" +uci commit wireguard + +/etc/init.d/wireguard stop \ No newline at end of file diff --git a/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/text.sh b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/text.sh new file mode 100755 index 0000000..2f5a622 --- /dev/null +++ b/ipk-source/luci-app-GO-wireguard/root/usr/lib/wireguard/text.sh @@ -0,0 +1,19 @@ +#!/bin/sh +. /lib/functions.sh + +log() { + logger -t "Wireguard TextConf" "$@" +} + +conf1=$1 +conf=$(echo $conf1) +conf=$(echo "$conf" | tr "?" "~") + +boot=$(echo "$conf" | cut -d~ -f1) +iname=$(echo "$conf" | cut -d~ -f2) +conf=$(echo "$conf1" | tr "?" "~") +confile=$(echo "$conf" | cut -d~ -f3) + +echo "$confile" > /tmp/confile + +/usr/lib/wireguard/conf.sh $iname /tmp/confile $boot \ No newline at end of file diff --git a/ipk-source/luci-app-GO-wireguard/root/www/luci-static/resources/icons/wireguard.png b/ipk-source/luci-app-GO-wireguard/root/www/luci-static/resources/icons/wireguard.png new file mode 100755 index 0000000..34f85d8 Binary files /dev/null and b/ipk-source/luci-app-GO-wireguard/root/www/luci-static/resources/icons/wireguard.png differ diff --git a/ipk-source/luci-app-GO-wireguard/root/www/luci-static/resources/icons/wireguard_disabled.png b/ipk-source/luci-app-GO-wireguard/root/www/luci-static/resources/icons/wireguard_disabled.png new file mode 100755 index 0000000..ccfb7ae Binary files /dev/null and b/ipk-source/luci-app-GO-wireguard/root/www/luci-static/resources/icons/wireguard_disabled.png differ