frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-03-01 10:31:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improved private key handling (security)

Browse Source
This commit is contained in:
billz
2021-03-04 23:44:45 +00:00
parent 6b002e3d4c
commit 4515ac95fb
5 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
includes/wireguard.php
View File

@@ -110,11 +110,15 @@ function SaveWireGuardConfig($status)
}
// Save settings
if ($good_input) {
// fetch private keys from filesytem
$wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
$wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
// server (wg0.conf)
$config[] = '[Interface]';
$config[] = 'Address = '.$_POST['wg_srvipaddress'];
$config[] = 'ListenPort = '.$_POST['wg_srvport'];
$config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
$config[] = 'PrivateKey = '.$wg_srvprivkey;
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
$config[] = '';
@@ -139,7 +143,7 @@ function SaveWireGuardConfig($status)
if ($_POST['wg_pendpoint'] !== '') {
$config[] = 'Address = '.trim($_POST['wg_pendpoint']);
}
$config[] = 'PrivateKey = '.$_POST['wg_peerprivkey'];
$config[] = 'PrivateKey = '.$wg_peerprivkey;
$config[] = '';
$config[] = '[Peer]';
$config[] = 'PublicKey = '.$_POST['wg-server'];