1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
raspap-webgui/includes/wireguard.php

138 lines
5.5 KiB
PHP
Raw Normal View History

2020-04-20 13:53:46 +02:00
<?php
require_once 'includes/status_messages.php';
require_once 'config.php';
/**
* Manage WireGuard configuration
*/
function DisplayWireGuardConfig()
{
$status = new StatusMessages();
if (!RASPI_MONITOR_ENABLED) {
2020-08-29 00:42:55 +02:00
if (isset($_POST['savewgsettings'])) {
// Set defaults
2020-08-27 00:54:49 +02:00
$good_input = true;
$peer_id = 1;
2020-08-29 00:42:55 +02:00
// Validate input
if (isset($_POST['wg_port'])) {
if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
$status->addMessage('Invalid value for port number', 'danger');
$good_input = false;
}
2020-04-20 13:53:46 +02:00
}
2020-08-29 00:42:55 +02:00
if (isset($_POST['wg_ipaddress'])) {
if (!validateCidr($_POST['wg_ipaddress'])) {
$status->addMessage('Invalid value for IP address', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
if (!validateCidr($_POST['wg_endpoint'])) {
2020-08-27 00:54:49 +02:00
$status->addMessage('Invalid value for endpoint address', 'danger');
$good_input = false;
}
2020-04-20 13:53:46 +02:00
}
2020-08-25 23:11:27 +02:00
if (isset($_POST['wg_allowedips'])) {
2020-08-29 00:42:55 +02:00
if (!validateCidr($_POST['wg_allowedips'])) {
2020-08-27 00:54:49 +02:00
$status->addMessage('Invalid value for allowed IPs', 'danger');
$good_input = false;
}
2020-08-25 23:11:27 +02:00
}
2020-08-29 00:42:55 +02:00
if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
2020-08-27 00:54:49 +02:00
if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
$status->addMessage('Invalid value for persistent keepalive', 'danger');
$good_input = false;
}
2020-08-25 23:11:27 +02:00
}
2020-08-27 00:54:49 +02:00
// Save settings
if ($good_input) {
2020-08-29 00:42:55 +02:00
$config[] = '[Interface]';
$config[] = 'Address = '.$_POST['wg_ipaddress'];
$config[] = 'ListenPort = '.$_POST['wg_port'];
2021-02-24 00:21:02 +01:00
2020-08-29 00:42:55 +02:00
$config[] = '';
$config[] = 'PrivateKey = '.$_POST['wg_privkey'];
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
$config[] = '';
$config[] = '[Peer]';
$config[] = 'PublicKey = '.$_POST['wg_pubkey'];
if ($_POST['wg_endpoint'] !== '') {
$config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
}
$config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
if ($_POST['wg_pkeepalive'] !== '') {
$config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
}
$config[] = '';
$config = join(PHP_EOL, $config);
2020-08-27 00:54:49 +02:00
file_put_contents("/tmp/wgdata", $config);
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
2020-09-05 20:27:38 +02:00
// handle log option
if ($_POST['wg_log'] == "1") {
exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
}
2020-08-27 00:54:49 +02:00
foreach ($return as $line) {
$status->addMessage($line, 'info');
}
2020-08-29 00:42:55 +02:00
if ($return == 0) {
$status->addMessage('Wireguard configuration updated successfully', 'success');
} else {
$status->addMessage('Wireguard configuration failed to be updated.', 'danger');
}
2020-08-25 23:11:27 +02:00
}
2020-04-20 13:53:46 +02:00
} elseif (isset($_POST['startwg'])) {
$status->addMessage('Attempting to start WireGuard', 'info');
2020-04-22 11:01:31 +02:00
exec('sudo /usr/bin/wg-quick up wg0', $return);
2020-04-20 13:53:46 +02:00
foreach ($return as $line) {
$status->addMessage($line, 'info');
}
} elseif (isset($_POST['stopwg'])) {
$status->addMessage('Attempting to stop WireGuard', 'info');
2020-04-22 11:01:31 +02:00
exec('sudo /usr/bin/wg-quick down wg0', $return);
2020-04-20 13:53:46 +02:00
foreach ($return as $line) {
$status->addMessage($line, 'info');
}
}
}
2020-08-27 00:54:49 +02:00
// fetch wg config
exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
$conf = ParseConfig($return);
2021-02-24 00:21:02 +01:00
$wg_port = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','interface','listenport') : $conf['ListenPort'];
$wg_ipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','interface','address') : $conf['Address'];
2020-08-27 00:54:49 +02:00
$wg_pubkey = $conf['PublicKey'];
2020-08-29 00:42:55 +02:00
$wg_privkey = $conf['PrivateKey'];
2020-08-27 00:54:49 +02:00
$wg_endpoint = $conf['Endpoint'];
$wg_allowedips = $conf['AllowedIPs'];
$wg_pkeepalive = $conf['PersistentKeepalive'];
2020-04-20 13:53:46 +02:00
2020-08-27 00:54:49 +02:00
// fetch service status
exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
2020-04-20 13:53:46 +02:00
$serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
2020-04-22 11:01:31 +02:00
$wg_state = ($wgstatus[0] > 0);
2020-04-20 13:53:46 +02:00
echo renderTemplate(
"wireguard", compact(
"status",
2020-04-22 11:01:31 +02:00
"wg_state",
2020-08-25 23:11:27 +02:00
"serviceStatus",
2020-09-05 20:27:38 +02:00
"wg_log",
2020-08-25 23:11:27 +02:00
"endpoint_enable",
"peer_id",
2020-08-27 00:54:49 +02:00
"wg_port",
"wg_ipaddress",
"wg_pubkey",
2020-08-29 00:42:55 +02:00
"wg_privkey",
2020-08-25 23:11:27 +02:00
"wg_endpoint",
"wg_allowedips",
2020-08-27 00:54:49 +02:00
"wg_pkeepalive"
2020-04-20 13:53:46 +02:00
)
);
}