From 3ec81ba085726daba9e1a03e023ac96c4a48d5c7 Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 24 Feb 2021 18:07:19 +0000 Subject: [PATCH] Get/set pub+priv keys, create wg0.conf --- ajax/networking/get_wgkey.php | 7 +++--- app/js/custom.js | 10 +++++--- includes/wireguard.php | 46 +++++++++++++++++------------------ installers/raspap.sudoers | 1 + 4 files changed, 33 insertions(+), 31 deletions(-) diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php index 71f3af6e..d3f55aac 100644 --- a/ajax/networking/get_wgkey.php +++ b/ajax/networking/get_wgkey.php @@ -4,7 +4,7 @@ require '../../includes/csrf.php'; require_once '../../includes/config.php'; $entity = $_POST['entity']; - + if (isset($entity)) { // generate public/private key pairs for entity @@ -14,9 +14,10 @@ if (isset($entity)) { $privkey_tmp = '/tmp/'.$entity.'-private.key'; exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return); - $entity_pubkey = str_replace("\n",'',file_get_contents($pubkey_tmp)); + $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp)); + $wgdata['privkey'] = str_replace("\n",'',file_get_contents($privkey_tmp)); exec("sudo mv $privkey_tmp $privkey", $return); exec("sudo mv $pubkey_tmp $pubkey", $return); - echo json_encode($entity_pubkey); + echo json_encode($wgdata); } diff --git a/app/js/custom.js b/app/js/custom.js index e0bb6134..89c500bc 100644 --- a/app/js/custom.js +++ b/app/js/custom.js @@ -351,11 +351,13 @@ function clearBlocklistStatus() { // Handler for the wireguard generate key button $('.wg-keygen').click(function(){ - var entity = $(this).parent('div').prev('input[type="text"]'); - var updated = entity.attr('name')+"-pubkey-status"; - $.post('ajax/networking/get_wgkey.php',{'entity':entity.attr('name') },function(data){ + var entity_pub = $(this).parent('div').prev('input[type="text"]'); + var entity_priv = $(this).parent('div').next('input[type="hidden"]'); + var updated = entity_pub.attr('name')+"-pubkey-status"; + $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){ var jsonData = JSON.parse(data); - entity.val(jsonData); + entity_pub.val(jsonData.pubkey); + entity_priv.val(jsonData.privkey); $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700); }) }) diff --git a/includes/wireguard.php b/includes/wireguard.php index 406172b7..787672d0 100644 --- a/includes/wireguard.php +++ b/includes/wireguard.php @@ -15,26 +15,26 @@ function DisplayWireGuardConfig() $good_input = true; $peer_id = 1; // Validate input - if (isset($_POST['wg_port'])) { - if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) { + if (isset($_POST['wg_srvport'])) { + if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) { $status->addMessage('Invalid value for port number', 'danger'); $good_input = false; } } - if (isset($_POST['wg_ipaddress'])) { - if (!validateCidr($_POST['wg_ipaddress'])) { + if (isset($_POST['wg_srvipaddress'])) { + if (!validateCidr($_POST['wg_srvipaddress'])) { $status->addMessage('Invalid value for IP address', 'danger'); $good_input = false; } } - if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) { - if (!validateCidr($_POST['wg_endpoint'])) { + if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) { + if (!validateCidr($_POST['wg_pendpoint'])) { $status->addMessage('Invalid value for endpoint address', 'danger'); $good_input = false; } } - if (isset($_POST['wg_allowedips'])) { - if (!validateCidr($_POST['wg_allowedips'])) { + if (isset($_POST['wg_pallowedips'])) { + if (!validateCidr($_POST['wg_pallowedips'])) { $status->addMessage('Invalid value for allowed IPs', 'danger'); $good_input = false; } @@ -48,20 +48,18 @@ function DisplayWireGuardConfig() // Save settings if ($good_input) { $config[] = '[Interface]'; - $config[] = 'Address = '.$_POST['wg_ipaddress']; - $config[] = 'ListenPort = '.$_POST['wg_port']; - - $config[] = ''; - $config[] = 'PrivateKey = '.$_POST['wg_privkey']; - $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE'; - $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE'; + $config[] = 'Address = '.$_POST['wg_srvipaddress']; + $config[] = 'ListenPort = '.$_POST['wg_srvport']; + $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey']; + $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE'; + $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE'; $config[] = ''; $config[] = '[Peer]'; - $config[] = 'PublicKey = '.$_POST['wg_pubkey']; - if ($_POST['wg_endpoint'] !== '') { - $config[] = 'Endpoint = '.trim($_POST['wg_endpoint']); + $config[] = 'PublicKey = '.$_POST['wg-peer']; + if ($_POST['wg_pendpoint'] !== '') { + $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']); } - $config[] = 'AllowedIPs = '.$_POST['wg_allowedips']; + $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips']; if ($_POST['wg_pkeepalive'] !== '') { $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']); } @@ -103,14 +101,14 @@ function DisplayWireGuardConfig() // fetch wg config exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return); $conf = ParseConfig($return); + $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return); $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort']; $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address']; - $wg_srvpubkey = $conf['PublicKey']; - $wg_srvprivkey = $conf['PrivateKey']; $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint']; $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs']; $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive']; - + $wg_peerpubkey = $conf['PublicKey']; + // fetch service status exec('pidof wg-crypt-wg0 | wc -l', $wgstatus); $serviceStatus = $wgstatus[0] == 0 ? "down" : "up"; @@ -124,10 +122,10 @@ function DisplayWireGuardConfig() "wg_log", "endpoint_enable", "peer_id", + "wg_srvpubkey", "wg_srvport", "wg_srvipaddress", - "wg_srvpubkey", - "wg_srvprivkey", + "wg_peerpubkey", "wg_pendpoint", "wg_pallowedips", "wg_pkeepalive" diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers index 29266fa2..4c0bf163 100644 --- a/installers/raspap.sudoers +++ b/installers/raspap.sudoers @@ -51,4 +51,5 @@ www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf +www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key