mirror of
https://github.com/billz/raspap-webgui.git
synced 2023-10-10 13:37:24 +02:00
Get/set pub+priv keys, create wg0.conf
This commit is contained in:
billz
parent
9bbf698b6a
commit
3ec81ba085
@ -14,9 +14,10 @@ if (isset($entity)) {
|
|||||||
$privkey_tmp = '/tmp/'.$entity.'-private.key';
|
$privkey_tmp = '/tmp/'.$entity.'-private.key';
|
||||||
|
|
||||||
exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
|
exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
|
||||||
$entity_pubkey = str_replace("\n",'',file_get_contents($pubkey_tmp));
|
$wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
|
||||||
|
$wgdata['privkey'] = str_replace("\n",'',file_get_contents($privkey_tmp));
|
||||||
exec("sudo mv $privkey_tmp $privkey", $return);
|
exec("sudo mv $privkey_tmp $privkey", $return);
|
||||||
exec("sudo mv $pubkey_tmp $pubkey", $return);
|
exec("sudo mv $pubkey_tmp $pubkey", $return);
|
||||||
|
|
||||||
echo json_encode($entity_pubkey);
|
echo json_encode($wgdata);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -351,11 +351,13 @@ function clearBlocklistStatus() {
|
|||||||
|
|
||||||
// Handler for the wireguard generate key button
|
// Handler for the wireguard generate key button
|
||||||
$('.wg-keygen').click(function(){
|
$('.wg-keygen').click(function(){
|
||||||
var entity = $(this).parent('div').prev('input[type="text"]');
|
var entity_pub = $(this).parent('div').prev('input[type="text"]');
|
||||||
var updated = entity.attr('name')+"-pubkey-status";
|
var entity_priv = $(this).parent('div').next('input[type="hidden"]');
|
||||||
$.post('ajax/networking/get_wgkey.php',{'entity':entity.attr('name') },function(data){
|
var updated = entity_pub.attr('name')+"-pubkey-status";
|
||||||
|
$.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
|
||||||
var jsonData = JSON.parse(data);
|
var jsonData = JSON.parse(data);
|
||||||
entity.val(jsonData);
|
entity_pub.val(jsonData.pubkey);
|
||||||
|
entity_priv.val(jsonData.privkey);
|
||||||
$('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
|
$('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|||||||
@ -15,26 +15,26 @@ function DisplayWireGuardConfig()
|
|||||||
$good_input = true;
|
$good_input = true;
|
||||||
$peer_id = 1;
|
$peer_id = 1;
|
||||||
// Validate input
|
// Validate input
|
||||||
if (isset($_POST['wg_port'])) {
|
if (isset($_POST['wg_srvport'])) {
|
||||||
if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
|
if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
|
||||||
$status->addMessage('Invalid value for port number', 'danger');
|
$status->addMessage('Invalid value for port number', 'danger');
|
||||||
$good_input = false;
|
$good_input = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (isset($_POST['wg_ipaddress'])) {
|
if (isset($_POST['wg_srvipaddress'])) {
|
||||||
if (!validateCidr($_POST['wg_ipaddress'])) {
|
if (!validateCidr($_POST['wg_srvipaddress'])) {
|
||||||
$status->addMessage('Invalid value for IP address', 'danger');
|
$status->addMessage('Invalid value for IP address', 'danger');
|
||||||
$good_input = false;
|
$good_input = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
|
if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
|
||||||
if (!validateCidr($_POST['wg_endpoint'])) {
|
if (!validateCidr($_POST['wg_pendpoint'])) {
|
||||||
$status->addMessage('Invalid value for endpoint address', 'danger');
|
$status->addMessage('Invalid value for endpoint address', 'danger');
|
||||||
$good_input = false;
|
$good_input = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (isset($_POST['wg_allowedips'])) {
|
if (isset($_POST['wg_pallowedips'])) {
|
||||||
if (!validateCidr($_POST['wg_allowedips'])) {
|
if (!validateCidr($_POST['wg_pallowedips'])) {
|
||||||
$status->addMessage('Invalid value for allowed IPs', 'danger');
|
$status->addMessage('Invalid value for allowed IPs', 'danger');
|
||||||
$good_input = false;
|
$good_input = false;
|
||||||
}
|
}
|
||||||
@ -48,20 +48,18 @@ function DisplayWireGuardConfig()
|
|||||||
// Save settings
|
// Save settings
|
||||||
if ($good_input) {
|
if ($good_input) {
|
||||||
$config[] = '[Interface]';
|
$config[] = '[Interface]';
|
||||||
$config[] = 'Address = '.$_POST['wg_ipaddress'];
|
$config[] = 'Address = '.$_POST['wg_srvipaddress'];
|
||||||
$config[] = 'ListenPort = '.$_POST['wg_port'];
|
$config[] = 'ListenPort = '.$_POST['wg_srvport'];
|
||||||
|
$config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
|
||||||
$config[] = '';
|
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
|
||||||
$config[] = 'PrivateKey = '.$_POST['wg_privkey'];
|
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
|
||||||
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
|
|
||||||
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
|
|
||||||
$config[] = '';
|
$config[] = '';
|
||||||
$config[] = '[Peer]';
|
$config[] = '[Peer]';
|
||||||
$config[] = 'PublicKey = '.$_POST['wg_pubkey'];
|
$config[] = 'PublicKey = '.$_POST['wg-peer'];
|
||||||
if ($_POST['wg_endpoint'] !== '') {
|
if ($_POST['wg_pendpoint'] !== '') {
|
||||||
$config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
|
$config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
|
||||||
}
|
}
|
||||||
$config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
|
$config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
|
||||||
if ($_POST['wg_pkeepalive'] !== '') {
|
if ($_POST['wg_pkeepalive'] !== '') {
|
||||||
$config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
|
$config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
|
||||||
}
|
}
|
||||||
@ -103,13 +101,13 @@ function DisplayWireGuardConfig()
|
|||||||
// fetch wg config
|
// fetch wg config
|
||||||
exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
|
exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
|
||||||
$conf = ParseConfig($return);
|
$conf = ParseConfig($return);
|
||||||
|
$wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
|
||||||
$wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
|
$wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
|
||||||
$wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
|
$wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
|
||||||
$wg_srvpubkey = $conf['PublicKey'];
|
|
||||||
$wg_srvprivkey = $conf['PrivateKey'];
|
|
||||||
$wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
|
$wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
|
||||||
$wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
|
$wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
|
||||||
$wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
|
$wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
|
||||||
|
$wg_peerpubkey = $conf['PublicKey'];
|
||||||
|
|
||||||
// fetch service status
|
// fetch service status
|
||||||
exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
|
exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
|
||||||
@ -124,10 +122,10 @@ function DisplayWireGuardConfig()
|
|||||||
"wg_log",
|
"wg_log",
|
||||||
"endpoint_enable",
|
"endpoint_enable",
|
||||||
"peer_id",
|
"peer_id",
|
||||||
|
"wg_srvpubkey",
|
||||||
"wg_srvport",
|
"wg_srvport",
|
||||||
"wg_srvipaddress",
|
"wg_srvipaddress",
|
||||||
"wg_srvpubkey",
|
"wg_peerpubkey",
|
||||||
"wg_srvprivkey",
|
|
||||||
"wg_pendpoint",
|
"wg_pendpoint",
|
||||||
"wg_pallowedips",
|
"wg_pallowedips",
|
||||||
"wg_pkeepalive"
|
"wg_pkeepalive"
|
||||||
|
|||||||
@ -51,4 +51,5 @@ www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
|
|||||||
www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
|
www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
|
||||||
www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
|
www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
|
||||||
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
|
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user