frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/wireguard' of https://github.com/billz/raspap-webgui into feature/wireguard

Browse Source
This commit is contained in:
billz
2020-10-15 10:46:07 +01:00
parent 39dcb5060d 0ba767c387
commit 09f65e0252
19 changed files with 484 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
includes/defaults.php
View File

@@ -26,6 +26,7 @@ $defaults = [
'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
'RASPI_WIREGUARD_CONFIG' => '/etc/wireguard/wg0.conf',
'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
'RASPI_ACCESS_CHECK_IP' => '1.1.1.1',
@@ -38,6 +39,7 @@ $defaults = [
'RASPI_DHCP_ENABLED' => true,
'RASPI_ADBLOCK_ENABLED' => false,
'RASPI_OPENVPN_ENABLED' => false,
'RASPI_WIREGUARD_ENABLED' => false,
'RASPI_TORPROXY_ENABLED' => false,
'RASPI_CONFAUTH_ENABLED' => true,
'RASPI_CHANGETHEME_ENABLED' => true,

27
includes/functions.php
View File

@@ -452,6 +452,33 @@ function getBridgedState()
return $arrHostapdConf['BridgedEnable'];
}
/**
* Validates the format of a CIDR notation string
*
* @param string $cidr
* @return bool
*/
function validateCidr($cidr)
{
$parts = explode('/', $cidr);
if(count($parts) != 2) {
return false;
}
$ip = $parts[0];
$netmask = intval($parts[1]);
if($netmask < 0) {
return false;
}
if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
return $netmask <= 32;
}
if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
return $netmask <= 128;
}
return false;
}
// Validates a host or FQDN
function validate_host($host) {
return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);

136
includes/wireguard.php Normal file
View File

@@ -0,0 +1,136 @@
<?php
require_once 'includes/status_messages.php';
require_once 'config.php';
/**
* Manage WireGuard configuration
*/
function DisplayWireGuardConfig()
{
$status = new StatusMessages();
if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['savewgsettings'])) {
// Set defaults
$good_input = true;
$peer_id = 1;
// Validate input
if (isset($_POST['wg_port'])) {
if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
$status->addMessage('Invalid value for port number', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_ipaddress'])) {
if (!validateCidr($_POST['wg_ipaddress'])) {
$status->addMessage('Invalid value for IP address', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
if (!validateCidr($_POST['wg_endpoint'])) {
$status->addMessage('Invalid value for endpoint address', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_allowedips'])) {
if (!validateCidr($_POST['wg_allowedips'])) {
$status->addMessage('Invalid value for allowed IPs', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
$status->addMessage('Invalid value for persistent keepalive', 'danger');
$good_input = false;
}
}
// Save settings
if ($good_input) {
$config[] = '[Interface]';
$config[] = 'Address = '.$_POST['wg_ipaddress'];
$config[] = 'ListenPort = '.$_POST['wg_port'];
$config[] = '';
$config[] = 'PrivateKey = '.$_POST['wg_privkey'];
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
$config[] = '';
$config[] = '[Peer]';
$config[] = 'PublicKey = '.$_POST['wg_pubkey'];
if ($_POST['wg_endpoint'] !== '') {
$config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
}
$config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
if ($_POST['wg_pkeepalive'] !== '') {
$config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
}
$config[] = '';
$config = join(PHP_EOL, $config);
file_put_contents("/tmp/wgdata", $config);
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
// handle log option
if ($_POST['wg_log'] == "1") {
exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
}
foreach ($return as $line) {
$status->addMessage($line, 'info');
}
if ($return == 0) {
$status->addMessage('Wireguard configuration updated successfully', 'success');
} else {
$status->addMessage('Wireguard configuration failed to be updated.', 'danger');
}
}
} elseif (isset($_POST['startwg'])) {
$status->addMessage('Attempting to start WireGuard', 'info');
exec('sudo /usr/bin/wg-quick up wg0', $return);
foreach ($return as $line) {
$status->addMessage($line, 'info');
}
} elseif (isset($_POST['stopwg'])) {
$status->addMessage('Attempting to stop WireGuard', 'info');
exec('sudo /usr/bin/wg-quick down wg0', $return);
foreach ($return as $line) {
$status->addMessage($line, 'info');
}
}
}
// fetch wg config
exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
$conf = ParseConfig($return);
$wg_port = $conf['ListenPort'];
$wg_ipaddress = $conf['Address'];
$wg_pubkey = $conf['PublicKey'];
$wg_privkey = $conf['PrivateKey'];
$wg_endpoint = $conf['Endpoint'];
$wg_allowedips = $conf['AllowedIPs'];
$wg_pkeepalive = $conf['PersistentKeepalive'];
// fetch service status
exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
$serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
$wg_state = ($wgstatus[0] > 0);
echo renderTemplate(
"wireguard", compact(
"status",
"wg_state",
"serviceStatus",
"wg_log",
"endpoint_enable",
"peer_id",
"wg_port",
"wg_ipaddress",
"wg_pubkey",
"wg_privkey",
"wg_endpoint",
"wg_allowedips",
"wg_pkeepalive"
)
);
}