frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Code Issues Releases Wiki Activity

Create SaveWireGuardConfig()

Browse Source
This commit is contained in:
billz 2021-03-04 23:06:27 +00:00
parent 6b484d383c
commit 0dbfb5c44f
1 changed files with 106 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

196
includes/wireguard.php
View File

@ -4,102 +4,14 @@ require_once 'includes/status_messages.php';
require_once 'config.php'; require_once 'config.php';
/** /**
* Manage WireGuard configuration * Displays wireguard server & peer configuration
*/ */
function DisplayWireGuardConfig() function DisplayWireGuardConfig()
{ {
$status = new StatusMessages(); $status = new StatusMessages();
if (!RASPI_MONITOR_ENABLED) { if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['savewgsettings'])) { if (isset($_POST['savewgsettings'])) {
// Set defaults SaveWireGuardConfig($status);
$good_input = true;
$peer_id = 1;
// Validate input
if (isset($_POST['wg_srvport'])) {
if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
$status->addMessage('Invalid value for port number', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_srvipaddress'])) {
if (!validateCidr($_POST['wg_srvipaddress'])) {
$status->addMessage('Invalid value for IP address', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
if (!validateCidr($_POST['wg_pendpoint'])) {
$status->addMessage('Invalid value for endpoint address', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_pallowedips'])) {
if (!validateCidr($_POST['wg_pallowedips'])) {
$status->addMessage('Invalid value for allowed IPs', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
$status->addMessage('Invalid value for persistent keepalive', 'danger');
$good_input = false;
}
}
// Save settings
if ($good_input) {
// server (wg0.conf)
$config[] = '[Interface]';
$config[] = 'Address = '.$_POST['wg_srvipaddress'];
$config[] = 'ListenPort = '.$_POST['wg_srvport'];
$config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
$config[] = '';
$config[] = '[Peer]';
$config[] = 'PublicKey = '.$_POST['wg-peer'];
if ($_POST['wg_pendpoint'] !== '') {
$config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
}
$config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
if ($_POST['wg_pkeepalive'] !== '') {
$config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
}
$config[] = '';
$config = join(PHP_EOL, $config);
file_put_contents("/tmp/wgdata", $config);
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
// client1 (client.conf)
$config = [];
$config[] = '[Interface]';
$config[] = 'Address = ';
$config[] = 'PrivateKey = ';
$config[] = '';
$config[] = '[Peer]';
$config[] = 'PublicKey = ';
$config[] = 'AllowedIPs = ';
$config[] = 'Endpoint = ';
$config[] = '';
$config = join(PHP_EOL, $config);
file_put_contents("/tmp/wgdata", $config);
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
// handle log option
if ($_POST['wg_log'] == "1") {
exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
}
foreach ($return as $line) {
$status->addMessage($line, 'info');
}
if ($return == 0) {
$status->addMessage('Wireguard configuration updated successfully', 'success');
} else {
$status->addMessage('Wireguard configuration failed to be updated.', 'danger');
}
}
} elseif (isset($_POST['startwg'])) { } elseif (isset($_POST['startwg'])) {
$status->addMessage('Attempting to start WireGuard', 'info'); $status->addMessage('Attempting to start WireGuard', 'info');
exec('sudo /usr/bin/wg-quick up wg0', $return); exec('sudo /usr/bin/wg-quick up wg0', $return);
@ -119,6 +31,8 @@ function DisplayWireGuardConfig()
exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return); exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
$conf = ParseConfig($return); $conf = ParseConfig($return);
$wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return); $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
$wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
$wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
$wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort']; $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
$wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address']; $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
$wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint']; $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
@ -140,6 +54,8 @@ function DisplayWireGuardConfig()
"endpoint_enable", "endpoint_enable",
"peer_id", "peer_id",
"wg_srvpubkey", "wg_srvpubkey",
"wg_srvprivkey",
"wg_peerprivkey",
"wg_srvport", "wg_srvport",
"wg_srvipaddress", "wg_srvipaddress",
"wg_peerpubkey", "wg_peerpubkey",
@ -150,3 +66,103 @@ function DisplayWireGuardConfig()
); );
} }
/**
* Validate user input, save wireguard configuration
*
* @param object $status
* @return boolean
*/
function SaveWireGuardConfig($status)
{
// Set defaults
$good_input = true;
$peer_id = 1;
// Validate input
if (isset($_POST['wg_srvport'])) {
if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
$status->addMessage('Invalid value for port number', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_srvipaddress'])) {
if (!validateCidr($_POST['wg_srvipaddress'])) {
$status->addMessage('Invalid value for IP address', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
if (!validateCidr($_POST['wg_pendpoint'])) {
$status->addMessage('Invalid value for endpoint address', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_pallowedips'])) {
if (!validateCidr($_POST['wg_pallowedips'])) {
$status->addMessage('Invalid value for allowed IPs', 'danger');
$good_input = false;
}
}
if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
$status->addMessage('Invalid value for persistent keepalive', 'danger');
$good_input = false;
}
}
// Save settings
if ($good_input) {
// server (wg0.conf)
$config[] = '[Interface]';
$config[] = 'Address = '.$_POST['wg_srvipaddress'];
$config[] = 'ListenPort = '.$_POST['wg_srvport'];
$config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
$config[] = '';
$config[] = '[Peer]';
$config[] = 'PublicKey = '.$_POST['wg-peer'];
if ($_POST['wg_pendpoint'] !== '') {
$config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
}
$config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
if ($_POST['wg_pkeepalive'] !== '') {
$config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
}
$config[] = '';
$config = join(PHP_EOL, $config);
file_put_contents("/tmp/wgdata", $config);
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
// client1 (client.conf)
$config = [];
$config[] = '[Interface]';
if ($_POST['wg_pendpoint'] !== '') {
$config[] = 'Address = '.trim($_POST['wg_pendpoint']);
}
$config[] = 'PrivateKey = '.$_POST['wg_peerprivkey'];
$config[] = '';
$config[] = '[Peer]';
$config[] = 'PublicKey = '.$_POST['wg-server'];
$config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
$config[] = 'Endpoint = '.$_POST['wg_srvipaddress'];
$config[] = '';
$config = join(PHP_EOL, $config);
file_put_contents("/tmp/wgdata", $config);
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
// handle log option
if ($_POST['wg_log'] == "1") {
exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
}
foreach ($return as $line) {
$status->addMessage($line, 'info');
}
if ($return == 0) {
$status->addMessage('Wireguard configuration updated successfully', 'success');
} else {
$status->addMessage('Wireguard configuration failed to be updated.', 'danger');
}
}
}