Get/set pub+priv keys, create wg0.conf

ajax/networking/get_wgkey.php

@@ -4,7 +4,7 @@ require '../../includes/csrf.php';
 require_once '../../includes/config.php';
 
 $entity = $_POST['entity'];
-    
+
 if (isset($entity)) {
    
     // generate public/private key pairs for entity
@@ -14,9 +14,10 @@ if (isset($entity)) {
     $privkey_tmp = '/tmp/'.$entity.'-private.key';
      
     exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
-    $entity_pubkey = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    $wgdata['privkey'] = str_replace("\n",'',file_get_contents($privkey_tmp));
     exec("sudo mv $privkey_tmp $privkey", $return);
     exec("sudo mv $pubkey_tmp $pubkey", $return);
 
-    echo json_encode($entity_pubkey);
+    echo json_encode($wgdata);
 }

app/js/custom.js

@@ -351,11 +351,13 @@ function clearBlocklistStatus() {
 
 // Handler for the wireguard generate key button
 $('.wg-keygen').click(function(){
-    var entity = $(this).parent('div').prev('input[type="text"]');
-    var updated = entity.attr('name')+"-pubkey-status";
-    $.post('ajax/networking/get_wgkey.php',{'entity':entity.attr('name') },function(data){
+    var entity_pub = $(this).parent('div').prev('input[type="text"]');
+    var entity_priv = $(this).parent('div').next('input[type="hidden"]');
+    var updated = entity_pub.attr('name')+"-pubkey-status";
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
         var jsonData = JSON.parse(data);
-        entity.val(jsonData);
+        entity_pub.val(jsonData.pubkey);
+        entity_priv.val(jsonData.privkey);
         $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
 })

includes/wireguard.php

@@ -15,26 +15,26 @@ function DisplayWireGuardConfig()
             $good_input = true;
             $peer_id = 1;
             // Validate input
-            if (isset($_POST['wg_port'])) {
-                if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
+            if (isset($_POST['wg_srvport'])) {
+                if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
                     $status->addMessage('Invalid value for port number', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_ipaddress'])) {
-                if (!validateCidr($_POST['wg_ipaddress'])) {
+            if (isset($_POST['wg_srvipaddress'])) {
+                if (!validateCidr($_POST['wg_srvipaddress'])) {
                     $status->addMessage('Invalid value for IP address', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
-                if (!validateCidr($_POST['wg_endpoint'])) {
+            if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
+                if (!validateCidr($_POST['wg_pendpoint'])) {
                     $status->addMessage('Invalid value for endpoint address', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_allowedips'])) {
-                if (!validateCidr($_POST['wg_allowedips'])) {
+            if (isset($_POST['wg_pallowedips'])) {
+                if (!validateCidr($_POST['wg_pallowedips'])) {
                     $status->addMessage('Invalid value for allowed IPs', 'danger');
                     $good_input = false;
                 }
@@ -48,20 +48,18 @@ function DisplayWireGuardConfig()
             // Save settings
             if ($good_input) {
                 $config[] = '[Interface]';
-                $config[] = 'Address = '.$_POST['wg_ipaddress'];
-                $config[] = 'ListenPort = '.$_POST['wg_port'];
-
-                $config[] = '';
-                $config[] = 'PrivateKey = '.$_POST['wg_privkey'];
-                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
-                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
+                $config[] = 'Address = '.$_POST['wg_srvipaddress'];
+                $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+                $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
+                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
+                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
                 $config[] = '';
                 $config[] = '[Peer]';
-                $config[] = 'PublicKey = '.$_POST['wg_pubkey'];
-                if ($_POST['wg_endpoint'] !== '') {
-                    $config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
+                $config[] = 'PublicKey = '.$_POST['wg-peer'];
+                if ($_POST['wg_pendpoint'] !== '') {
+                    $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
                 }
-                $config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
+                $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
                 if ($_POST['wg_pkeepalive'] !== '') {
                     $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
                 }
@@ -103,14 +101,14 @@ function DisplayWireGuardConfig()
     // fetch wg config
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
+    $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
-    $wg_srvpubkey = $conf['PublicKey'];
-    $wg_srvprivkey = $conf['PrivateKey'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
     $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
     $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
-
+    $wg_peerpubkey = $conf['PublicKey'];
+ 
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
@@ -124,10 +122,10 @@ function DisplayWireGuardConfig()
             "wg_log",
             "endpoint_enable",
             "peer_id",
+            "wg_srvpubkey",
             "wg_srvport",
             "wg_srvipaddress",
-            "wg_srvpubkey",
-            "wg_srvprivkey",
+            "wg_peerpubkey",
             "wg_pendpoint",
             "wg_pallowedips",
             "wg_pkeepalive"

installers/raspap.sudoers

@@ -51,4 +51,5 @@ www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key