frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Code Issues Releases Wiki Activity

Merge branch 'feature/wireguard' of https://github.com/billz/raspap-webgui into feature/wireguard

Browse Source
This commit is contained in:
billz 2020-10-15 10:46:07 +01:00
commit 09f65e0252
19 changed files with 484 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/css/custom.php
View File

@ -52,6 +52,10 @@ body {
font-weight: 500;
}
.sidebar-light hr.sidebar-divider {
padding-top: 0.5rem;
}
.card .card-header {
border-color: <?php echo $color; ?>;
color: #fff;

8
app/css/hackernews.css
View File

@ -66,6 +66,9 @@ h5.card-title {
font-family: Verdana, Geneva, sans-serif;
}
.sidebar-light hr.sidebar-divider {
padding-top: 0.5rem;
}
ul.nav-tabs, .nav-tabs .nav-link {
background-color: #f6f6ef;
@ -145,6 +148,7 @@ ul.nav-tabs, .nav-tabs .nav-link {
.info-item-xs {
font-size: 0.7rem;
margin-left: 0.3rem;
line-height: 1.5em;
}
.info-item-wifi {
@ -181,6 +185,10 @@ ul.nav-tabs, .nav-tabs .nav-link {
}
}
.fas.fa-circle {
font-size: 0.5rem;
}
.logoutput {
width:100%;
height:300px;

2
config/config.php
View File

@ -21,6 +21,7 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
define('RASPI_WIREGUARD_CONFIG', '/etc/wireguard/wg0.conf');
define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
@ -36,6 +37,7 @@ define('RASPI_NETWORK_ENABLED', true);
define('RASPI_DHCP_ENABLED', true);
define('RASPI_ADBLOCK_ENABLED', false);
define('RASPI_OPENVPN_ENABLED', false);
define('RASPI_WIREGUARD_ENABLED', false);
define('RASPI_TORPROXY_ENABLED', false);
define('RASPI_CONFAUTH_ENABLED', true);
define('RASPI_CHANGETHEME_ENABLED', true);

BIN
dist/raspap/css/fonts/RaspAP.eot vendored Executable file
View File

Binary file not shown.

12
dist/raspap/css/fonts/RaspAP.svg vendored Executable file
View File

@ -0,0 +1,12 @@
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
<svg xmlns="http://www.w3.org/2000/svg">
<metadata>Generated by IcoMoon</metadata>
<defs>
<font id="RaspAP" horiz-adv-x="1024">
<font-face units-per-em="1024" ascent="960" descent="-64" />
<missing-glyph horiz-adv-x="1024" />
<glyph unicode="&#x20;" horiz-adv-x="512" d="" />
<glyph unicode="&#xe900;" glyph-name="wireguard" d="M1023.147 463.147c0 0 23.595 496.853-522.453 496.853-482.859 0-497.963-476.587-497.963-476.587s-70.997-547.413 509.141-547.413c556.501 0 511.275 527.147 511.275 527.147zM347.947 636.757c102.4 62.72 233.344 24.363 282.368-69.888 9.301-17.877 10.496-45.355 4.608-64.128-20.352-64.683-68.309-100.949-134.187-116.395 19.413 16.64 34.859 35.499 39.808 61.525 1.195 5.504 1.88 11.827 1.88 18.31 0 20.027-6.533 38.528-17.584 53.488l0.174-0.246c-16.797 22.874-43.588 37.556-73.809 37.556-11.257 0-22.038-2.037-31.995-5.763l0.63 0.207c-40.533-15.36-62.72-52.395-58.752-97.877 3.712-42.24 35.797-69.632 95.787-80.043-8.96-4.736-15.872-8.235-22.613-11.989-27.988-15.524-51.374-35.995-69.74-60.451l-0.404-0.562c-6.101-8.192-10.24-8.875-19.541-3.2-120.619 73.771-128.384 258.859 3.371 339.456zM257.707 180.992c-19.413-4.949-38.187-12.203-57.984-18.688 9.685 65.365 86.229 125.568 150.997 118.699-18.043-24.598-29.583-54.982-31.551-87.945l-0.022-0.46c-21.504-3.968-41.813-6.613-61.44-11.605zM669.995 819.2c19.115-0.725 38.315-0.427 57.472-0.853 5.287-0.363 10.162-1.075 14.91-2.128l-0.659 0.123c-4.574-6.938-9.348-12.986-14.582-18.599l0.076 0.082c-6.827-6.4-14.549-12.629-24.448-2.944-2.347 2.347-7.979 1.792-12.075 1.877-19.072 0.213-38.144 0.853-57.173 0.128-17.856-0.589-34.82-2.396-51.386-5.353l2.149 0.318c-3.072-0.555-7.595-10.667-6.229-14.421 3.328-8.832 8.149-18.56 15.317-24.192 26.411-20.907 54.485-39.595 81.067-60.288 25.771-20.139 49.792-42.24 64.427-72.533 19.029-39.595 19.627-81.067 11.392-122.752-13.739-69.547-48.939-127.147-105.941-169.045-22.955-16.853-51.413-26.453-77.696-38.528-23.168-10.667-46.933-19.84-70.144-30.379-41.813-19.029-65.28-64.427-58.411-111.573 6.357-43.307 44.373-79.445 87.851-86.912 52.181-8.96 106.069 25.003 118.827 78.080 14.336 59.605-18.048 112.896-78.72 129.024l-10.923 2.816c16.213 7.253 30.208 12.416 43.179 19.541q33.835 18.645 66.475 39.467c6.4 4.096 9.856 4.096 15.36-0.597 41.685-36.096 66.56-80.981 73.557-135.979 11.52-91.093-31.573-174.763-112.896-217.643-125.781-66.347-279.765 9.173-307.541 148.651-23.808 119.467 60.501 227.84 162.005 248.747 43.648 9.003 83.541 27.179 114.56 60.8 20.053 21.675 29.739 40.277 33.067 48.683 5.86 14.568 9.259 31.458 9.259 49.142 0 0.094 0 0.187 0 0.281v-0.014c-0.72 15.473-4.371 29.921-10.408 43.044l0.296-0.719c-10.581 24.149-51.2 62.549-61.227 70.656l-95.573 74.837c-3.371 2.773-7.168 2.56-15.36 2.005-9.813-0.683-34.773-2.048-45.525 0.768 8.704 6.613 32.427 16.213 42.667 23.893-30.976 20.907-66.304 13.397-98.773 19.627 7.509 13.995 44.629 35.456 65.749 37.888-1.455 13.545-3.483 25.484-6.166 37.173l0.406-2.101c-1.28 4.736-6.571 9.387-11.221 12.075-11.179 6.571-23.083 11.989-35.968 18.517 10.935 7.156 24.244 11.558 38.555 11.945l0.101 0.002c1.66 0.068 3.608 0.107 5.566 0.107 11.77 0 23.21-1.408 34.163-4.064l-0.987 0.202c23.040-5.248 41.387-1.792 59.691 13.824-14.421 5.803-28.843 11.093-42.795 17.365-16.163 7.396-29.343 14.415-42.082 22.091l1.89-1.056c36.267-5.035 71.296-18.645 108.373-13.653l0.939 5.035-86.101 20.053c51.328 4.693 99.115 5.461 144.384-16.555 12.757-6.229 26.027-11.349 38.272-18.432 5.973-3.413 9.941-10.24 14.848-15.573 3.84-4.181 6.997-9.813 11.776-12.373 18.091-9.6 37.973-9.984 58.283-9.515l0.427 6.827c20.437-6.4 43.392-29.952 43.392-47.147-33.109 0-66.133 0.128-99.2-0.171-3.541 0-7.040-2.603-10.539-4.011 3.328-1.963 6.613-5.461 10.027-5.589zM627.328 868.139c-1.461-0.899-2.42-2.488-2.42-4.302 0-1.516 0.67-2.876 1.731-3.799l0.006-0.005c1.344-2.305 3.804-3.83 6.62-3.83 1.429 0 2.767 0.393 3.91 1.076l-0.035-0.019c3.2 1.621 6.315 3.328 10.155 5.333-3.072 2.645-5.547 4.864-8.107 6.955-4.523 3.712-8.235 1.365-11.861-1.408z" />
<glyph unicode="&#xe901;" glyph-name="raspap" horiz-adv-x="1031" d="M540.058 281.983c0-104.182-84.446-188.637-188.625-188.637-104.176 0-188.62 84.455-188.62 188.637 0 104.171 84.444 188.625 188.62 188.625 104.179 0 188.625-84.455 188.625-188.625zM351.437 550.062c-147.818 0-268.074-120.259-268.074-268.080 0-147.826 120.257-268.091 268.074-268.091s268.077 120.265 268.077 268.091c0 147.821-120.259 268.080-268.077 268.080zM351.437-58.985c-188 0-340.95 152.958-340.95 340.967 0 188.003 152.95 340.956 340.95 340.956 188.003 0 340.953-152.953 340.953-340.956 0-188.009-152.95-340.967-340.953-340.967zM404.82 698.222c185.52 0 339.484-137.497 365.479-315.929l79.208-5.253c-24.125 224.046-214.339 399.077-444.686 399.077-10.909 0-21.723-0.412-32.433-1.186l5.16-77.823c9.017 0.661 18.093 1.113 27.272 1.113zM404.989 874.303c285.73 0 520.41-222.659 539.731-503.584l78.375-5.205c-16.843 326.355-287.644 586.685-618.106 586.685-14.884 0-29.644-0.561-44.264-1.6l5.157-77.719c12.919 0.928 25.958 1.424 39.106 1.424z" />
</font></defs></svg>
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

BIN
dist/raspap/css/fonts/RaspAP.ttf vendored Executable file
View File

Binary file not shown.

BIN
dist/raspap/css/fonts/RaspAP.woff vendored Executable file
View File

Binary file not shown.

54
dist/raspap/css/style.css vendored Normal file
View File

@ -0,0 +1,54 @@
/*!
* RaspAP-Brands Brand Icons - https://raspap.com
* License - https://github.com/billz/RaspAP-Brands-webgui/blob/master/LICENSE
*/
@font-face {
font-family: 'RaspAP';
src: url('fonts/RaspAP.eot?e76qs3');
src: url('fonts/RaspAP.eot?e76qs3#iefix') format('embedded-opentype'),
url('fonts/RaspAP.ttf?e76qs3') format('truetype'),
url('fonts/RaspAP.woff?e76qs3') format('woff'),
url('fonts/RaspAP.svg?e76qs3#RaspAP') format('svg');
font-weight: normal;
font-style: normal;
font-display: block;
}
[class^="ra-"], [class*=" ra-"] {
/* use !important to prevent issues with browser extensions that change ..webfonts */
font-family: 'RaspAP' !important;
speak: none;
font-style: normal;
font-weight: normal;
font-variant: normal;
text-transform: none;
line-height: 1;
/* Better Font Rendering =========== */
-webkit-font-smoothing: antialiased;
-moz-osx-font-smoothing: grayscale;
}
.ra-wireguard:before {
font-size: 1.2rem;
content: "\e900";
color: #d1d3e2;
vertical-align: middle;
}
.card-header .ra-wireguard:before {
color: #fff;
}
.sidebar .nav-item.active .nav-link
span.ra-wireguard:before {
color: #6e707e;
}
.ra-raspap:before {
font-size: 4.35rem;
content: "\e901";
color: #d8224c;
margin-left: 0.1em;
}

2
includes/defaults.php
View File

@ -26,6 +26,7 @@ $defaults = [
'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
'RASPI_WIREGUARD_CONFIG' => '/etc/wireguard/wg0.conf',
'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
'RASPI_ACCESS_CHECK_IP' => '1.1.1.1',
@ -38,6 +39,7 @@ $defaults = [
'RASPI_DHCP_ENABLED' => true,
'RASPI_ADBLOCK_ENABLED' => false,
'RASPI_OPENVPN_ENABLED' => false,
'RASPI_WIREGUARD_ENABLED' => false,
'RASPI_TORPROXY_ENABLED' => false,
'RASPI_CONFAUTH_ENABLED' => true,
'RASPI_CHANGETHEME_ENABLED' => true,

27
includes/functions.php
View File

@ -452,6 +452,33 @@ function getBridgedState()
return $arrHostapdConf['BridgedEnable'];
}
/**
* Validates the format of a CIDR notation string
*
* @param string $cidr
* @return bool
*/
function validateCidr($cidr)
{
$parts = explode('/', $cidr);
if(count($parts) != 2) {
return false;
}
$ip = $parts[0];
$netmask = intval($parts[1]);
if($netmask < 0) {
return false;
}
if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
return $netmask <= 32;
}
if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
return $netmask <= 128;
}
return false;
}
// Validates a host or FQDN
function validate_host($host) {
return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);

136
includes/wireguard.php Normal file
View File

@ -0,0 +1,136 @@
<?php
require_once 'includes/status_messages.php';
require_once 'config.php';
/**
* Manage WireGuard configuration
*/
function DisplayWireGuardConfig()
{
$status = new StatusMessages();
if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['savewgsettings'])) {
// Set defaults
$good_input = true;
$peer_id = 1;
// Validate input
if (isset($_POST['wg_port'])) {
if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
$status->addMessage('Invalid value for port number', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_ipaddress'])) {
if (!validateCidr($_POST['wg_ipaddress'])) {
$status->addMessage('Invalid value for IP address', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
if (!validateCidr($_POST['wg_endpoint'])) {
$status->addMessage('Invalid value for endpoint address', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_allowedips'])) {
if (!validateCidr($_POST['wg_allowedips'])) {
$status->addMessage('Invalid value for allowed IPs', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
$status->addMessage('Invalid value for persistent keepalive', 'danger');
$good_input = false;
}
}
// Save settings
if ($good_input) {
$config[] = '[Interface]';
$config[] = 'Address = '.$_POST['wg_ipaddress'];
$config[] = 'ListenPort = '.$_POST['wg_port'];
$config[] = '';
$config[] = 'PrivateKey = '.$_POST['wg_privkey'];
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
$config[] = '';
$config[] = '[Peer]';
$config[] = 'PublicKey = '.$_POST['wg_pubkey'];
if ($_POST['wg_endpoint'] !== '') {
$config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
}
$config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
if ($_POST['wg_pkeepalive'] !== '') {
$config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
}
$config[] = '';
$config = join(PHP_EOL, $config);
file_put_contents("/tmp/wgdata", $config);
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
// handle log option
if ($_POST['wg_log'] == "1") {
exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
}
foreach ($return as $line) {
$status->addMessage($line, 'info');
}
if ($return == 0) {
$status->addMessage('Wireguard configuration updated successfully', 'success');
} else {
$status->addMessage('Wireguard configuration failed to be updated.', 'danger');
}
}
} elseif (isset($_POST['startwg'])) {
$status->addMessage('Attempting to start WireGuard', 'info');
exec('sudo /usr/bin/wg-quick up wg0', $return);
foreach ($return as $line) {
$status->addMessage($line, 'info');
}
} elseif (isset($_POST['stopwg'])) {
$status->addMessage('Attempting to stop WireGuard', 'info');
exec('sudo /usr/bin/wg-quick down wg0', $return);
foreach ($return as $line) {
$status->addMessage($line, 'info');
}
}
}
// fetch wg config
exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
$conf = ParseConfig($return);
$wg_port = $conf['ListenPort'];
$wg_ipaddress = $conf['Address'];
$wg_pubkey = $conf['PublicKey'];
$wg_privkey = $conf['PrivateKey'];
$wg_endpoint = $conf['Endpoint'];
$wg_allowedips = $conf['AllowedIPs'];
$wg_pkeepalive = $conf['PersistentKeepalive'];
// fetch service status
exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
$serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
$wg_state = ($wgstatus[0] > 0);
echo renderTemplate(
"wireguard", compact(
"status",
"wg_state",
"serviceStatus",
"wg_log",
"endpoint_enable",
"peer_id",
"wg_port",
"wg_ipaddress",
"wg_pubkey",
"wg_privkey",
"wg_endpoint",
"wg_allowedips",
"wg_pkeepalive"
)
);
}

12
index.php
View File

@ -45,6 +45,7 @@ require_once 'includes/themes.php';
require_once 'includes/data_usage.php';
require_once 'includes/about.php';
require_once 'includes/openvpn.php';
require_once 'includes/wireguard.php';
require_once 'includes/torproxy.php';
$output = $return = 0;
@ -81,6 +82,9 @@ $bridgedEnabled = getBridgedState();
<!-- Custom Fonts -->
<link href="dist/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
<!-- RaspAP Fonts -->
<link href="dist/raspap/css/style.css" rel="stylesheet" type="text/css">
<!-- Custom CSS -->
<link href="<?php echo $theme_url; ?>" title="main" rel="stylesheet">
@ -160,6 +164,11 @@ $bridgedEnabled = getBridgedState();
<?php if (RASPI_OPENVPN_ENABLED) : ?>
<li class="nav-item">
<a class="nav-link" href="index.php?page=openvpn_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("OpenVPN"); ?></a>
</li>
<?php endif; ?>
<?php if (RASPI_WIREGUARD_ENABLED) : ?>
<li class="nav-item">
<a class="nav-link" href="index.php?page=wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
</li>
<?php endif; ?>
<?php if (RASPI_TORPROXY_ENABLED) : ?>
@ -253,6 +262,9 @@ $bridgedEnabled = getBridgedState();
case "openvpn_conf":
DisplayOpenVPNConfig();
break;
case "wg_conf":
DisplayWireGuardConfig();
break;
case "torproxy_conf":
DisplayTorProxyConfig();
break;

38
installers/common.sh
View File

@ -262,6 +262,43 @@ function _prompt_install_openvpn() {
fi
}
# Prompt to install WireGuard
function _prompt_install_wireguard() {
_install_log "Configure WireGuard support"
echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
_install_wireguard
fi
elif [ "$wg_option" == 1 ]; then
_install_wireguard
else
echo "(Skipped)"
fi
}
# Install Wireguard from the Debian unstable distro
function _install_wireguard() {
_install_log "Configure WireGuard support"
echo "Installing WireGuard from Debian unstable distro"
echo "Adding Debian distro"
echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
echo "Adding Debian distro keys"
sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
echo "Installing WireGuard"
sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
echo "Enabling wg-quick@wg0"
sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service"
echo "Enabling WireGuard management option"
sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
_install_status 0
}
# Install openvpn and enable client configuration option
function _install_openvpn() {
_install_log "Installing OpenVPN and enabling client configuration"
@ -568,6 +605,7 @@ function _install_raspap() {
_configure_networking
_prompt_install_adblock
_prompt_install_openvpn
_prompt_install_wireguard
_patch_system_files
_install_complete
}

8
installers/raspap.sudoers
View File

@ -35,7 +35,15 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0
www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf

8
installers/raspbian.sh
View File

@ -14,6 +14,8 @@
# Used with -y, --yes, sets OpenVPN install option (0=no install)
# -a, --adblock <flag>
# Used with -y, --yes, sets Adblock install option (0=no install)
# -w, --wireguard <flag>
# Used with -y, --yes, sets WireGuard install option (0=no install)
# -r, --repo, --repository <name>
# Overrides the default GitHub repo (billz/raspap-webgui)
# -b, --branch <name>
@ -42,6 +44,7 @@ assume_yes=0
upgrade=0
ovpn_option=1
adblock_option=1
wg_option=1
# Define colors
readonly ANSI_RED="\033[0;31m"
@ -61,6 +64,7 @@ Usage: raspbian.sh [OPTION]\n
-c, --cert, --certificate\n\tInstalls an SSL certificate for lighttpd
-o, --openvpn <flag>\n\tUsed with -y, --yes, sets OpenVPN install option (0=no install)
-a, --adblock <flag>\n\tUsed with -y, --yes, sets Adblock install option (0=no install)
-w, --wireguard <flag>\n\tUsed with -y, --yes, sets WireGuard install option (0=no install)
-r, --repo, --repository <name>\n\tOverrides the default GitHub repo (billz/raspap-webgui)
-b, --branch <name>\n\tOverrides the default git branch (master)
-h, --help\n\tOutputs usage notes and exits
@ -84,6 +88,10 @@ while :; do
adblock_option="$2"
shift
;;
-w|--wireguard)
wg_option="$2"
shift
;;
-c|--cert|--certificate)
install_cert=1
;;

47
templates/wg/general.php Normal file
View File

@ -0,0 +1,47 @@
<!-- wireguard settings tab -->
<div class="tab-pane active" id="wgsettings">
<div class="row">
<div class="col-md-6">
<h4 class="mt-3"><?php echo _("Tunnel settings"); ?></h4>
<div class="input-group">
<input type="hidden" name="tunnel-enable" value="0">
<div class="custom-control custom-switch">
<input class="custom-control-input" id="tunnel-enable" type="checkbox" name="tunnel-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="tunnel-description">
<label class="custom-control-label" for="tunnel-enable"><?php echo _("Enable tunnel") ?></label>
</div>
<p id="wg-description">
<small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
</p>
</div>
<div class="row">
<div class="form-group col-xs-3 col-sm-3">
<label for="code"><?php echo _("Local Port"); ?></label>
<input type="text" class="form-control" name="wg_port" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="col-xs-3 col-sm-6">
<label for="code"><?php echo _("Local public key"); ?></label>
</div>
<div class="input-group col-md-12 mb-3">
<input type="text" class="form-control" name="wg_pubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
<div class="input-group-append">
<button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateWgKey()"><?php echo _("Generate key"); ?></button>
<span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
</div>
</div>
</div>
<input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_privkey, ENT_QUOTES); ?>" />
<div class="row">
<div class="form-group col-md-6">
<label for="code"><?php echo _("IP Address"); ?></label>
<input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_ipaddress, ENT_QUOTES); ?>" />
</div>
</div>
</div>
</div><!-- /.row -->
</div><!-- /.tab-pane | settings tab -->

19
templates/wg/logging.php Normal file
View File

@ -0,0 +1,19 @@
<!-- wireguard logging tab -->
<div class="tab-pane fade" id="wglogging">
<div class="row">
<div class="col-md-12">
<h4 class="mt-3"><?php echo _("Logging"); ?></h4>
<div class="custom-control custom-switch">
<input class="custom-control-input" id="wg_log" type="checkbox" name="wg_log" value="1" <?php echo $wg_log ? ' checked="checked"' : "" ?> aria-describedby="wg_log">
<label class="custom-control-label" for="wg_log"><?php echo _("Display WireGuard status") ?></label>
</div>
<p><small><?php echo _("Enable this option to display an updated WireGuard status.") ?></small></p>
<?php
exec('sudo chmod o+r /tmp/wireguard.log');
$log = file_get_contents('/tmp/wireguard.log');
echo '<textarea class="logoutput my-3">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
?>
</div>
</div><!-- /.row -->
</div><!-- /.tab-pane | logging tab -->

54
templates/wg/peers.php Normal file
View File

@ -0,0 +1,54 @@
<!-- wireguard peers tab -->
<div class="tab-pane fade" id="wgpeers">
<div class="row">
<div class="col-md-6">
<h4 class="mt-3"><?php echo _("Peer"); ?></h4>
<div class="input-group">
<input type="hidden" name="endpoint-enable" value="0">
<input type="hidden" name="peer_id" value="1">
<div class="custom-control custom-switch">
<input class="custom-control-input" id="endpoint_enable" type="checkbox" name="endpoint-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
<label class="custom-control-label" for="endpoint_enable"><?php echo _("Enable endpoint") ?></label>
</div>
</div>
<div class="row">
<div class="form-group col-xs-3 col-sm-6 mt-3">
<label for="code"><?php echo _("Endpoint address"); ?></label>
<input type="text" class="form-control" name="wg_endpoint" value="<?php echo htmlspecialchars($wg_endpoint, ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="col-xs-3 col-sm-6">
<label for="code"><?php echo _("Allowed IPs"); ?></label>
<input type="text" class="form-control mb-3" name="wg_allowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_allowedips, ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="col-xs-3 col-sm-6">
<label for="code"><?php echo _("Persistent keepalive"); ?></label>
<input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
</div>
</div>
<div class="row">
<div class="col-xs-3 col-sm-6">
<label for="code"><?php echo _("Peer public key"); ?></label>
</div>
<div class="input-group col-md-12 mb-3">
<input type="text" class="form-control" name="wg_peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
<div class="input-group-append">
<button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
<span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
</div>
</div>
</div>
</div>
</div><!-- /.row -->
</div><!-- /.tab-pane | peers tab -->

53
templates/wireguard.php Normal file
View File

@ -0,0 +1,53 @@
<?php ob_start() ?>
<?php if (!RASPI_MONITOR_ENABLED) : ?>
<input type="submit" class="btn btn-outline btn-primary" name="savewgsettings" value="<?php echo _("Save settings"); ?>">
<?php if ($wg_state) : ?>
<input type="submit" class="btn btn-warning" name="stopwg" value="<?php echo _("Stop WireGuard"); ?>">
<?php else : ?>
<input type="submit" class="btn btn-success" name="startwg" value="<?php echo _("Start WireGuard"); ?>">
<?php endif ?>
<?php endif ?>
<?php $buttons = ob_get_clean(); ob_end_clean() ?>
<div class="row">
<div class="col-lg-12">
<div class="card">
<div class="card-header">
<div class="row">
<div class="col">
<span class="ra-wireguard mr-2"></span><?php echo _("WireGuard"); ?>
</div>
<div class="col">
<button class="btn btn-light btn-icon-split btn-sm service-status float-right">
<span class="icon text-gray-600"><i class="fas fa-circle service-status-<?php echo $serviceStatus ?>"></i></span>
<span class="text service-status">wg <?php echo _($serviceStatus) ?></span>
</button>
</div>
</div><!-- /.row -->
</div><!-- /.card-header -->
<div class="card-body">
<?php $status->showMessages(); ?>
<form role="form" action="?page=wg_conf" enctype="multipart/form-data" method="POST">
<?php echo CSRFTokenFieldTag() ?>
<!-- Nav tabs -->
<ul class="nav nav-tabs">
<li class="nav-item"><a class="nav-link active" id="settingstab" href="#wgsettings" data-toggle="tab"><?php echo _("Settings"); ?></a></li>
<li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peer"); ?></a></li>
<li class="nav-item"><a class="nav-link" id="loggingtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
</ul>
<!-- Tab panes -->
<div class="tab-content">
<?php echo renderTemplate("wg/general", $__template_data) ?>
<?php echo renderTemplate("wg/peers", $__template_data) ?>
<?php echo renderTemplate("wg/logging", $__template_data) ?>
</div><!-- /.tab-content -->
<?php echo $buttons ?>
</form>
</div><!-- /.card-body -->
<div class="card-footer"><?php echo _("Information provided by wireguard"); ?></div>
</div><!-- /.card -->
</div><!-- /.col-lg-12 -->
</div><!-- /.row -->