From 5028007b7aa5b6b0b771c9ea86452b7a573745fd Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 10:14:12 +0100
Subject: [PATCH 01/60] Add wireguard install option

---
 installers/common.sh | 44 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 6 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index a64e8d1c..e52d62d7 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -235,17 +235,35 @@ function _install_adblock() {
     _install_status 0
 }
 
-# Prompt to install openvpn
-function _prompt_install_openvpn() {
-    _install_log "Configure OpenVPN support"
-    echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
+# Prompt to install VPN
+function _prompt_install_vpn() {
+    _install_log "Configure VPN support"
+    echo -n "Install VPN and enable client configuration? [Y/n]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
         if [ "$answer" != "${answer#[Nn]}" ]; then
             echo -e
         else
-            _install_openvpn
+            _install_vpn
         fi
+    elif [ "$ovpn_option" == 1 ]; then
+        _install_vpn
+    else
+        echo "(Skipped)"
+    fi
+}
+
+function _install_vpn() {
+    echo -n "Install [O]penVPN or [W]ireguard? [O/W]: "
+    if [ "$assume_yes" == 0 ]; then
+        read answer < /dev/tty
+        case $answer in
+            [oO]* )
+                _install_openvpn;
+                break;;
+            [wW]* )
+                _install_wireguard;
+        esac
     elif [ "$ovpn_option" == 1 ]; then
         _install_openvpn
     else
@@ -253,6 +271,20 @@ function _prompt_install_openvpn() {
     fi
 }
 
+# Install Wireguard from the Debian unstable distro
+function _install_wireguard() {
+    _install_log "Configure Wireguard support"
+    echo "Installing Wireguard from Debian unstable distro"
+    echo "Adding Debian distro"
+    echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
+    sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
+    echo "Adding Debian distro keys"
+    sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
+    printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
+    sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    _install_status 0
+}
+
 # Install openvpn and enable client configuration option
 function _install_openvpn() {
     _install_log "Installing OpenVPN and enabling client configuration"
@@ -537,7 +569,7 @@ function _install_raspap() {
     _default_configuration
     _configure_networking
     _prompt_install_adblock
-    _prompt_install_openvpn
+    _prompt_install_vpn
     _patch_system_files
     _install_complete
 }

From 7e58feeec0eae36cef5f56798d1695fe357db22c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 11:04:36 +0100
Subject: [PATCH 02/60] Enable wg management UI

---
 installers/common.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index e52d62d7..a58e4ba7 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -254,7 +254,7 @@ function _prompt_install_vpn() {
 }
 
 function _install_vpn() {
-    echo -n "Install [O]penVPN or [W]ireguard? [O/W]: "
+    echo -n "Install [O]penVPN or [W]ireGuard? [O/W]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
         case $answer in
@@ -273,15 +273,18 @@ function _install_vpn() {
 
 # Install Wireguard from the Debian unstable distro
 function _install_wireguard() {
-    _install_log "Configure Wireguard support"
-    echo "Installing Wireguard from Debian unstable distro"
+    _install_log "Configure WireGuard support"
+    echo "Installing WireGuard from Debian unstable distro"
     echo "Adding Debian distro"
     echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
     sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
     echo "Adding Debian distro keys"
     sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
     printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
+    echo "Installing WireGuard"
     sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    echo "Enabling WireGuard management option"
+    sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
     _install_status 0
 }
 

From 2bedbad71a89be18656f0ff89ed3e70f72715775 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 11:05:15 +0100
Subject: [PATCH 03/60] Add wireguard constants

---
 config/config.php     | 3 +++
 includes/defaults.php | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/config/config.php b/config/config.php
index f638b2a7..50e6442a 100755
--- a/config/config.php
+++ b/config/config.php
@@ -21,6 +21,8 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
+define('RASPI_WIREGUARD_SERVER_CONFIG', '/etc/wireguard/wg0.conf');
+define('RASPI_WIREGUARD_CLIENT_CONFIG', '/etc/wireguard/wg0-client.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 
@@ -34,6 +36,7 @@ define('RASPI_NETWORK_ENABLED', true);
 define('RASPI_DHCP_ENABLED', true);
 define('RASPI_ADBLOCK_ENABLED', false);
 define('RASPI_OPENVPN_ENABLED', false);
+define('RASPI_WIREGUARD_ENABLED', false);
 define('RASPI_TORPROXY_ENABLED', false);
 define('RASPI_CONFAUTH_ENABLED', true);
 define('RASPI_CHANGETHEME_ENABLED', true);
diff --git a/includes/defaults.php b/includes/defaults.php
index 9598ce9b..ddf9ea92 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -25,6 +25,8 @@ $defaults = [
   'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
   'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
   'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
+  'RASPI_WIREGUARD_SERVER_CONFIG' => '/etc/wireguard/wg0.conf',
+  'RASPI_WIREGUARD_CLIENT_CONFIG' => '/etc/wireguard/wg0-client.conf',
   'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
   'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
 
@@ -35,6 +37,7 @@ $defaults = [
   'RASPI_DHCP_ENABLED' => true,
   'RASPI_ADBLOCK_ENABLED' => false,
   'RASPI_OPENVPN_ENABLED' => false,
+  'RASPI_WIREGUARD_ENABLED' => false,
   'RASPI_TORPROXY_ENABLED' => false,
   'RASPI_CONFAUTH_ENABLED' => true,
   'RASPI_CHANGETHEME_ENABLED' => true,

From 4c0de339560f65bed3d9e9e613a5e0e1252567d7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 12:52:03 +0100
Subject: [PATCH 04/60] Update w/ wg_conf

---
 index.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/index.php b/index.php
index c2fe13ee..837ebef3 100755
--- a/index.php
+++ b/index.php
@@ -40,6 +40,7 @@ require_once 'includes/themes.php';
 require_once 'includes/data_usage.php';
 require_once 'includes/about.php';
 require_once 'includes/openvpn.php';
+require_once 'includes/wireguard.php';
 require_once 'includes/torproxy.php';
 
 $output = $return = 0;
@@ -164,6 +165,11 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
           <?php if (RASPI_OPENVPN_ENABLED) : ?>
         <li class="nav-item">
           <a class="nav-link" href="index.php?page=openvpn_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("OpenVPN"); ?></a>
+        </li>
+          <?php endif; ?>
+          <?php if (RASPI_WIREGUARD_ENABLED) : ?>
+        <li class="nav-item">
+          <a class="nav-link" href="index.php?page=wg_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("WireGuard"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_TORPROXY_ENABLED) : ?>
@@ -257,6 +263,9 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
         case "openvpn_conf":
             DisplayOpenVPNConfig();
             break;
+        case "wg_conf":
+            DisplayWireGuardConfig();
+            break;
         case "torproxy_conf":
             DisplayTorProxyConfig();
             break;

From db497de7d0965cbd11ea3f02031e74e8a4b5af79 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 12:53:46 +0100
Subject: [PATCH 05/60] Initial commit: wg templates

---
 includes/wireguard.php   | 48 +++++++++++++++++++++++++++++++++++++
 templates/wg/general.php |  0
 templates/wg/logging.php |  0
 templates/wireguard.php  | 51 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 99 insertions(+)
 create mode 100644 includes/wireguard.php
 create mode 100644 templates/wg/general.php
 create mode 100644 templates/wg/logging.php
 create mode 100644 templates/wireguard.php

diff --git a/includes/wireguard.php b/includes/wireguard.php
new file mode 100644
index 00000000..a0c2ed94
--- /dev/null
+++ b/includes/wireguard.php
@@ -0,0 +1,48 @@
+<?php
+
+require_once 'includes/status_messages.php';
+require_once 'config.php';
+
+/**
+ * Manage WireGuard configuration
+ */
+function DisplayWireGuardConfig()
+{
+    $status = new StatusMessages();
+    if (!RASPI_MONITOR_ENABLED) {
+        if (isset($_POST['savewgettings'])) {
+            if (isset($_POST['authUser'])) {
+                $authUser = strip_tags(trim($_POST['authUser']));
+            }
+            if (isset($_POST['authPassword'])) {
+                $authPassword = strip_tags(trim($_POST['authPassword']));
+            }
+        } elseif (isset($_POST['startwg'])) {
+            $status->addMessage('Attempting to start WireGuard', 'info');
+            exec('sudo /bin/systemctl start wg-quick@wg0', $return);
+            exec('sudo /bin/systemctl enable wg-quick@wg0', $return);
+            foreach ($return as $line) {
+                $status->addMessage($line, 'info');
+            }
+        } elseif (isset($_POST['stopwg'])) {
+            $status->addMessage('Attempting to stop WireGuard', 'info');
+            exec('sudo /bin/systemctl stop wg-quick@wg0', $return);
+            exec('sudo /bin/systemctl disable wg-quick@wg0', $return);
+            foreach ($return as $line) {
+                $status->addMessage($line, 'info');
+            }
+        }
+    }
+
+    exec('pidof wg | wc -l', $wgstatus);
+
+    $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
+
+    echo renderTemplate(
+        "wireguard", compact(
+            "status",
+            "serviceStatus"
+        )
+    );
+}
+
diff --git a/templates/wg/general.php b/templates/wg/general.php
new file mode 100644
index 00000000..e69de29b
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
new file mode 100644
index 00000000..e69de29b
diff --git a/templates/wireguard.php b/templates/wireguard.php
new file mode 100644
index 00000000..b3f33796
--- /dev/null
+++ b/templates/wireguard.php
@@ -0,0 +1,51 @@
+  <?php ob_start() ?>
+    <?php if (!RASPI_MONITOR_ENABLED) : ?>
+      <input type="submit" class="btn btn-outline btn-primary" name="savewgsettings" value="<?php echo _("Save settings"); ?>">
+      <?php if ($dnsmasq_state) : ?>
+        <input type="submit" class="btn btn-warning" name="restartwg" value="<?php echo _("Restart WireGuard"); ?>">
+      <?php else : ?>
+        <input type="submit" class="btn btn-success" name="startwg" value="<?php echo _("Start WireGuard"); ?>">
+      <?php endif ?>
+    <?php endif ?>
+  <?php $buttons = ob_get_clean(); ob_end_clean() ?>
+
+  <div class="row">
+    <div class="col-lg-12">
+      <div class="card">
+        <div class="card-header">
+          <div class="row">
+            <div class="col">
+              <i class="fas fa-key fa-fw mr-2"></i><?php echo _("WireGuard"); ?>
+            </div>
+            <div class="col">
+              <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
+                <span class="icon text-gray-600"><i class="fas fa-circle service-status-<?php echo $serviceStatus ?>"></i></span>
+                <span class="text service-status">wg <?php echo _($serviceStatus) ?></span>
+              </button>
+            </div>
+          </div><!-- /.row -->
+        </div><!-- /.card-header -->
+        <div class="card-body">
+        <?php $status->showMessages(); ?>
+          <form role="form" action="?page=wg_conf" enctype="multipart/form-data" method="POST">
+            <?php echo CSRFTokenFieldTag() ?>
+            <!-- Nav tabs -->
+            <ul class="nav nav-tabs">
+                <li class="nav-item"><a class="nav-link active" id="clienttab" href="#wgsettings" data-toggle="tab"><?php echo _("WireGuard settings"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="logoutputtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
+            </ul>
+
+            <!-- Tab panes -->
+            <div class="tab-content">
+              <?php echo renderTemplate("wg/general", $__template_data) ?>
+              <?php echo renderTemplate("wg/logging", $__template_data) ?>
+            </div><!-- /.tab-content -->
+
+          <?php echo $buttons ?>
+          </form>
+        </div><!-- /.card-body -->
+        <div class="card-footer"><?php echo _("Information provided by wireguard"); ?></div>
+      </div><!-- /.card -->
+    </div><!-- /.col-lg-12 -->
+  </div><!-- /.row -->
+

From 070b1db4257785c6052f23d9a9a3d61ac63ba966 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 22:35:16 +0100
Subject: [PATCH 06/60] Create RaspAP webfont

---
 dist/raspap/css/fonts/RaspAP.eot  | Bin 0 -> 2392 bytes
 dist/raspap/css/fonts/RaspAP.svg  |  12 +++++++
 dist/raspap/css/fonts/RaspAP.ttf  | Bin 0 -> 2232 bytes
 dist/raspap/css/fonts/RaspAP.woff | Bin 0 -> 2308 bytes
 dist/raspap/css/style.css         |  54 ++++++++++++++++++++++++++++++
 5 files changed, 66 insertions(+)
 create mode 100755 dist/raspap/css/fonts/RaspAP.eot
 create mode 100755 dist/raspap/css/fonts/RaspAP.svg
 create mode 100755 dist/raspap/css/fonts/RaspAP.ttf
 create mode 100755 dist/raspap/css/fonts/RaspAP.woff
 create mode 100644 dist/raspap/css/style.css

diff --git a/dist/raspap/css/fonts/RaspAP.eot b/dist/raspap/css/fonts/RaspAP.eot
new file mode 100755
index 0000000000000000000000000000000000000000..d77690f6fda5ba960971730d722cece920d258ab
GIT binary patch
literal 2392
zcmaJ@O>7&-6@G7LcXqiXml92KNsAIGG9e?`q_m_+N^U|YaI9ESL>qD}2dx~Nkr~;R
zL<+Ku+CdQn=q0x#w-hN5pg_@{f&gg&15FDTMGgh>gA^@L<l0lvTyu-VezT+y%P~5b
zpYMJ1=DoK+^JZQO5Z$$im^3<EnBHc^ym0O?uXG0`v*5n>@ElQyR;f)lX_uZMwbX&!
zp-s9)+u--WBxnuH9(1l#kGhm4kIFQQnTOYcQqF?(1__!ydw!-8i5kBI^D)|$jh*(c
zyY`Pap_GRF;%58iF2)haYP2@D@4Wii-#>l}@@*o6u65d1lfV7LzlbDcs$T<P{#ASq
z`9sK$UEA5e?U?XJ@}H2C+r5pp_Iv&YG8#EM?c2K);swaxLC$vDJDub6BflXs;h$gI
z?cLl*oG8}2YMz96iQk4}(tf3V3g)fB$p57(<Gmj$jIa-vr-{C1aj$=mo)&1BJb3X+
zFRMD=oAQ{(++Y;GR+@C02XB*w537O8e$D;+{k~cROg`rRe_S2w9<<BE(26|3;m2q!
z_$oi>{eRAYjeDYxsMGlPS9pT!2!6I$=3*hAGaWXiH*3m-o2XVAO>We^$LozcM0bMK
zEU3A9ZLUy^mpPx4X4PTLxR^oBJFo&%je0})x{CME_yoI^gsUK0v5?D8Gn5Zj!+>9v
zjf1L~1Y8$pScTE3SA0gAvY0EtOTmv$b$+eQ^8zC*ugo(H`#D(zU&yH*&xUB#BR09}
zo!}}$$;0-5gV~c@#3LR=0Z^??a2z4x0U;C}j>ix^V5MI51{Mp_6n(?Ew6*=|A3ImC
z*tVvvZr%9m%NsW?YJC4vVS2ii%|=a4k1TplLg#=LF1Xf+#hHu{vn4ZV#Pea+Ewk(<
zIhpi+8c9dY%bqi$jbt4DwKMMMme5Vz2$`BGB5B7-g*DA!VH&ZiSS%NGgtTkNMyHNM
z^U+M!Fe;P9McY1B4u%qe+@vA(%;VB}@~N3h<zhAy4A^!#H(8kci5rOs9kW*1yrP-X
zny}2Y<yKSj_y`M)O<_fCD;8wIfl-U2X(t#DhGMohRv+WF;+b3^7C=<O(8Cjvk#wq(
z6o$|Yag0@g0gZ(&G+h%?@E5I>KdrQ$U;gO%<qK<{U07Q^|H=8)4_s-)QpvpYnB&cd
z!s9VLU_{139E}MPoXcgWOkHZBOw?pOT`FyqXC}U%*KNaFHln2z{A#bmkrB`h!-O}D
zgF-rbWFivDyW`Ew+*&3)8n7HI(#&T)DNDuDnUIi{jK+mXpPD*-E1Tl!VzG97dg_$x
zTIP6aWK0HA;ZWR;mgO=`8etjHgDK5EVrdA)2q;fLAw8hWAijX38;Erjaf^U1)aNmc
z@vvY`_we|rhzhSlL)EYwk!9@uC)jg$k-wgxXX$4u)pAVcbA{Sm9e-nSu<_zC{}&%_
zyxQDgQ;z2Ru{P)b@YTUKh{x1MkzycaSnWD&;AuA9dZk)>h|bBpqP2AQY^&RCo$da)
z;dy5g@p$5l=QZYm<B3EZcz&_jyflV#so7k7PT`|R6&^i(vf0i~2F}@q!p~P$)~r!W
zO2^!~eEFSH$!f`J^>;hnUj!3D!#-m3(N?e5Li<ZRz6AU5wG>DB0pEXrY;3*Rd~We%
zb6t5`Z=O`%fVFRv$qOe=oHAZqTH4BFxWyk9i*K&4UpHRc+IqiK1~JIB7~XRiGM6Jy
zeoH~!Pn}==?e1{}2IDZxA>kv(4hq)zIh%A-5u*P<CLL(Vfu(_<mO*A{+dgAcj3)Ts
z+8dBmzLnfiCkV=c2VWR=4t+4R&m_UA6-v{ji$g5HSBF>!-X3BD|4DR+CHT`rY|~MC
zU7ZPf089uo1FYd7e|d-n_=O?Xf%k^kz|lTF#1j1S5Zg3I@2=u>e&*bRmxHy=-p%X1
zZq_T$KKe%R<0X$^I-9q)+k1yE89!EA>~;6Eo1JcFuf5;7ntkO?c4?!x((850wCG<#
r_9=@?N(a{wbv0?zKE|uyUZFeamuLf8D`@J%QpP*>&w2lCKeGED{AoBn

literal 0
HcmV?d00001

diff --git a/dist/raspap/css/fonts/RaspAP.svg b/dist/raspap/css/fonts/RaspAP.svg
new file mode 100755
index 00000000..27920e40
--- /dev/null
+++ b/dist/raspap/css/fonts/RaspAP.svg
@@ -0,0 +1,12 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
+<svg xmlns="http://www.w3.org/2000/svg">
+<metadata>Generated by IcoMoon</metadata>
+<defs>
+<font id="RaspAP" horiz-adv-x="1024">
+<font-face units-per-em="1024" ascent="960" descent="-64" />
+<missing-glyph horiz-adv-x="1024" />
+<glyph unicode="&#x20;" horiz-adv-x="512" d="" />
+<glyph unicode="&#xe900;" glyph-name="wireguard" d="M1023.147 463.147c0 0 23.595 496.853-522.453 496.853-482.859 0-497.963-476.587-497.963-476.587s-70.997-547.413 509.141-547.413c556.501 0 511.275 527.147 511.275 527.147zM347.947 636.757c102.4 62.72 233.344 24.363 282.368-69.888 9.301-17.877 10.496-45.355 4.608-64.128-20.352-64.683-68.309-100.949-134.187-116.395 19.413 16.64 34.859 35.499 39.808 61.525 1.195 5.504 1.88 11.827 1.88 18.31 0 20.027-6.533 38.528-17.584 53.488l0.174-0.246c-16.797 22.874-43.588 37.556-73.809 37.556-11.257 0-22.038-2.037-31.995-5.763l0.63 0.207c-40.533-15.36-62.72-52.395-58.752-97.877 3.712-42.24 35.797-69.632 95.787-80.043-8.96-4.736-15.872-8.235-22.613-11.989-27.988-15.524-51.374-35.995-69.74-60.451l-0.404-0.562c-6.101-8.192-10.24-8.875-19.541-3.2-120.619 73.771-128.384 258.859 3.371 339.456zM257.707 180.992c-19.413-4.949-38.187-12.203-57.984-18.688 9.685 65.365 86.229 125.568 150.997 118.699-18.043-24.598-29.583-54.982-31.551-87.945l-0.022-0.46c-21.504-3.968-41.813-6.613-61.44-11.605zM669.995 819.2c19.115-0.725 38.315-0.427 57.472-0.853 5.287-0.363 10.162-1.075 14.91-2.128l-0.659 0.123c-4.574-6.938-9.348-12.986-14.582-18.599l0.076 0.082c-6.827-6.4-14.549-12.629-24.448-2.944-2.347 2.347-7.979 1.792-12.075 1.877-19.072 0.213-38.144 0.853-57.173 0.128-17.856-0.589-34.82-2.396-51.386-5.353l2.149 0.318c-3.072-0.555-7.595-10.667-6.229-14.421 3.328-8.832 8.149-18.56 15.317-24.192 26.411-20.907 54.485-39.595 81.067-60.288 25.771-20.139 49.792-42.24 64.427-72.533 19.029-39.595 19.627-81.067 11.392-122.752-13.739-69.547-48.939-127.147-105.941-169.045-22.955-16.853-51.413-26.453-77.696-38.528-23.168-10.667-46.933-19.84-70.144-30.379-41.813-19.029-65.28-64.427-58.411-111.573 6.357-43.307 44.373-79.445 87.851-86.912 52.181-8.96 106.069 25.003 118.827 78.080 14.336 59.605-18.048 112.896-78.72 129.024l-10.923 2.816c16.213 7.253 30.208 12.416 43.179 19.541q33.835 18.645 66.475 39.467c6.4 4.096 9.856 4.096 15.36-0.597 41.685-36.096 66.56-80.981 73.557-135.979 11.52-91.093-31.573-174.763-112.896-217.643-125.781-66.347-279.765 9.173-307.541 148.651-23.808 119.467 60.501 227.84 162.005 248.747 43.648 9.003 83.541 27.179 114.56 60.8 20.053 21.675 29.739 40.277 33.067 48.683 5.86 14.568 9.259 31.458 9.259 49.142 0 0.094 0 0.187 0 0.281v-0.014c-0.72 15.473-4.371 29.921-10.408 43.044l0.296-0.719c-10.581 24.149-51.2 62.549-61.227 70.656l-95.573 74.837c-3.371 2.773-7.168 2.56-15.36 2.005-9.813-0.683-34.773-2.048-45.525 0.768 8.704 6.613 32.427 16.213 42.667 23.893-30.976 20.907-66.304 13.397-98.773 19.627 7.509 13.995 44.629 35.456 65.749 37.888-1.455 13.545-3.483 25.484-6.166 37.173l0.406-2.101c-1.28 4.736-6.571 9.387-11.221 12.075-11.179 6.571-23.083 11.989-35.968 18.517 10.935 7.156 24.244 11.558 38.555 11.945l0.101 0.002c1.66 0.068 3.608 0.107 5.566 0.107 11.77 0 23.21-1.408 34.163-4.064l-0.987 0.202c23.040-5.248 41.387-1.792 59.691 13.824-14.421 5.803-28.843 11.093-42.795 17.365-16.163 7.396-29.343 14.415-42.082 22.091l1.89-1.056c36.267-5.035 71.296-18.645 108.373-13.653l0.939 5.035-86.101 20.053c51.328 4.693 99.115 5.461 144.384-16.555 12.757-6.229 26.027-11.349 38.272-18.432 5.973-3.413 9.941-10.24 14.848-15.573 3.84-4.181 6.997-9.813 11.776-12.373 18.091-9.6 37.973-9.984 58.283-9.515l0.427 6.827c20.437-6.4 43.392-29.952 43.392-47.147-33.109 0-66.133 0.128-99.2-0.171-3.541 0-7.040-2.603-10.539-4.011 3.328-1.963 6.613-5.461 10.027-5.589zM627.328 868.139c-1.461-0.899-2.42-2.488-2.42-4.302 0-1.516 0.67-2.876 1.731-3.799l0.006-0.005c1.344-2.305 3.804-3.83 6.62-3.83 1.429 0 2.767 0.393 3.91 1.076l-0.035-0.019c3.2 1.621 6.315 3.328 10.155 5.333-3.072 2.645-5.547 4.864-8.107 6.955-4.523 3.712-8.235 1.365-11.861-1.408z" />
+<glyph unicode="&#xe901;" glyph-name="raspap" horiz-adv-x="1031" d="M540.058 281.983c0-104.182-84.446-188.637-188.625-188.637-104.176 0-188.62 84.455-188.62 188.637 0 104.171 84.444 188.625 188.62 188.625 104.179 0 188.625-84.455 188.625-188.625zM351.437 550.062c-147.818 0-268.074-120.259-268.074-268.080 0-147.826 120.257-268.091 268.074-268.091s268.077 120.265 268.077 268.091c0 147.821-120.259 268.080-268.077 268.080zM351.437-58.985c-188 0-340.95 152.958-340.95 340.967 0 188.003 152.95 340.956 340.95 340.956 188.003 0 340.953-152.953 340.953-340.956 0-188.009-152.95-340.967-340.953-340.967zM404.82 698.222c185.52 0 339.484-137.497 365.479-315.929l79.208-5.253c-24.125 224.046-214.339 399.077-444.686 399.077-10.909 0-21.723-0.412-32.433-1.186l5.16-77.823c9.017 0.661 18.093 1.113 27.272 1.113zM404.989 874.303c285.73 0 520.41-222.659 539.731-503.584l78.375-5.205c-16.843 326.355-287.644 586.685-618.106 586.685-14.884 0-29.644-0.561-44.264-1.6l5.157-77.719c12.919 0.928 25.958 1.424 39.106 1.424z" />
+</font></defs></svg>
\ No newline at end of file
diff --git a/dist/raspap/css/fonts/RaspAP.ttf b/dist/raspap/css/fonts/RaspAP.ttf
new file mode 100755
index 0000000000000000000000000000000000000000..112214426e9ea9bad281acc07f2eb7fbaf327207
GIT binary patch
literal 2232
zcmaJ?QEU@O5S_Wb+dH4_b7E|tojCEu2D=Hdle1$xNvQ*(goG#t1qf9enwZ25ki?FX
zpaQB8Qh)fP{iA9nq)Ju$g^=1xNTn53#YZJ*)vA>$e*1;mU;awn*|Q_kg1X+lee-s9
zX7+qD3kU#ixC#sgj~*Y$`uxhf#N4H^u((!PH)nso27pnLPb^n9*J*AeS<Kq<>ZP|H
zet-8m$rk|>I9shOg+KY?R{%~j6wVT%e#?F!`8LVB&#rA<G*t2i{1=kLtM$c-^cnt1
zG7T`+Di_zmgCivWMY2_^tX2Dm+dc+R$v<9RuWxQqoYb@%VjUQJ4c{ZjAblV`Am(~=
z#y=p3E}^%hA%*?#wjbazvU`ntu%FSOMe#1So8<uEO^hh5HD~5%ML~vP;&sqKq920w
z7#mL;4QH427#xg^-%XkJ?X-)4q~+VeNdUzWN9CE`|8ol2xW^h4brfb`0lTq4!4IY~
zm`Wz%s(~uE2UQ+2L%D3RgvElrr%)`AXm+DmC2FXUA4;Zz8BD~vnlq4AOj@CyFvtp-
zDi(^&(G|Q+14q%!hD-rzq>}MOACmI+ZZhC>VPm@sCPc2211Q2M7P1b*Ri26`$xG6S
zPCT5RAI1@+u<Q&DAlZ-e6!FQpc+%M@T5-e@=Il|-Q78$r-Q>vZ7^dim+ffk6<-0LR
zA<_X!NEsLmQ1k?|g`C~AnB*#JD9Y)T)dyczmlkwgl4e%UKl<tX`BM@;J)P|9D_fRd
zm1N(zZG>cWY2Ku%wP_fOF*cZ1-AXXwMOjlbW*Ea^`*mN`r_S3(o75IF@FSzkkToW&
zvf@!CmHDEE5%Efrf=pEcy@5d7Z7{Cq_qO-$@+bT;OHr~tsc~K3n{j(Wu6U2a<=7ss
z?R#Y)n>}U4+%8?u#CwuGFPlCelWA4Us0)(HwQfy~YGy9N``eI7s4~s3YXLVhbhT^f
zj~ecv+Y`{G&O#^7rY7R9fQzDHitO$7wM8S@FjJVMu)Qc68IX|4Op+zW8U9$F{%X2>
zWa{%HQzvI1o}8UIe*gH)Et4yONH}5aHtb=Kw<{pK6kn$Y{Q<_@LvgEDmAT}J`Bjvo
z>GWb|p!@G(Sy${S#h;FlU+D@tQe3j4sN_vTH{*uv>-PB)W>+aTG#m4_yEH@dl@gZC
zc{-Jz@G!1%e~_{0!QMj`tO)j{Qu+SA-h-y8sa=t_PVSC)Jwe@{;ZtN%@p7N+j!610
zO`=c~m+(Z$BfDhorhmYY6^gZ;;$|+HiN8lxy1Wb}*{0)Dr>N*vNYo|DMyfJ;<38ow
z9jae1!K?5FY*5Yxcp{$64;AQZOf?fP7;rxER^sJ{nn~Fncjo+%^TFquX%GyEMB%I{
z#ZY7&C2$|AW+9u)|A&tAgrKEp?P$4HD<7?WU9|0qP%s#pu<hb7;b15fBs@G`DxL16
zcDhs=KP+%ZhrsQJ#!3~d$8}6kCf}Z(p4Hkl&JA^Ce*XP*S}XHh?$fo}JMNHM(Rb<C
zQLfj^G`<N2C&@nfnha8VhM(T-?3^o=4v&wO=7hJo(wOi@Sb7o;pBx=MsGOLbT#3c7
zjJH#%Yjbnwl*=nCH`5s+nzfdu56zL-yl>wVaLZ2VeDvL&egT?utIAQqryARAw8yF0
zAgh94jUAP=sll6;nu6FyGLp9LFggUF8-J6ok|gRa$D+7FsBL?2gx14=TP^ztoH(&V
zXsU3kg&Fa=7M2OGwy;9qiNA$8@rPPihYq+R?gZIIjE7d5SONpyY+*+HNDIq^H(FSM
z5OlRLCw{7hbr^yhGjuy2I7atD1vX(F4#2V5>c-}|dd;#kgD?wKGP4Qipbj;#z=jMA
zKELG!Om+FfYGs4$R$&<~(D^E`@x0o2y|!g7S8LUc%2svBI&;aIT&z#m>$MDwJ1)1#
n=`z`<Ie}DQi{>Tb&cG#lPQoH-P16wJW#}C{_q_AAU-<Y3z1J!4

literal 0
HcmV?d00001

diff --git a/dist/raspap/css/fonts/RaspAP.woff b/dist/raspap/css/fonts/RaspAP.woff
new file mode 100755
index 0000000000000000000000000000000000000000..875f025380b31061cacc16d0f24d63185ec7c079
GIT binary patch
literal 2308
zcmaJ?Uu+vi8lP`xcXqvNuN~L++Km%$Y_LfhJ6SunlODK5y_$q5Zk5s$aVe=uP1+{0
zt0Wa|g%A=iym7qU38YF$=<W$2aY&W;qaxq|3GM{aNhe<KUMhIyjh^o}Yxn3Kh}rpO
ze&27t`Mz&<cV=EV)oe0iC;^pOvNvuIbcz4BoH{d8W{eE57o>!v+AEv8?W^D}L4Qh$
zv-ZuaTkU<xeF$CJN{MXk+;|?`XN+l3HTKmPAHH^})4s@<0LN-ll5hXz@0UP=`w{v>
zQuI&wUoY(*TxU#op(mx-I<t0qo3PX8q1#fFKhyWS?dyoEFG6>H3DQEhz1snY{OG2X
z>G{Z8S9|*hNb6t!wc|jXKTW@v$tizSzJ&hTpr`Lxg#yqYEEIWAllVAecZuKW-(kl&
z1dRVq(aYlctsey_jWLPSXr)z}sZ6fJ#G6v^5OeQR|6acj4s-7^A5;IIjyjy-51=7N
zunPNL2AslJeZdd?Q~Y1&H2Ao~`^Y-YR@ns_CwvQ<EtIH`&t-L+bm7hFBH<(|<$8na
zHSghCy$018Cpijgu2!AP7vd$#Wrbd`2_p_hP;)lCz*W6g=f17vJqR5or<`ykgcS1G
z+!Vq1{%kn#tMqZdN+yBO`5BUF)N5s*5xOX3^N5o7vy+WqtMjx#NXskH48ea^6u{@R
zvc=kvtz2S*D&A45Ae9_^4>-6zMg=VKeii_g>Nv%bA{GdxU{gGX>;cQQiZ}3>7dr22
z+WGCBFW>K6ykMG&vbufc+pn)&Ij7LQ^ZBW%mg`1!MGZGSJE2m*2<06kVo)Z-`D{_Q
zw0JH=s-c&hBqfvHGvRbt-|*~+63N)~rafk>23K`e3+jr_!)e=2g%m|2u4}Q$SS)MV
zT$t4(Ba?@sxoF1KwDLruX_`k$RxlCBPG~~SJS>byADbzc&$$^ZV49`uM1JBoPB_d}
zj2b2Vf}#s!+|bj8Q%Q;G2yumUZbVHZW)Y{rh(Xb`ZN;r%%v45eqqJ67%m!isWW_Z#
zG#-wmQ{^PrxT5hRBnuoU#8s}S3KyLI)>`>srS;_UdrvN(UHj_n+Ul9l&#b=V2rZUM
z=In=TZ$20ri>U!EJQ}2EjB{%)>rU#bP=cALPHMVX+$_zE|9f6FHE&sq7E_3;yo5kn
zK-DxI(G;?{u+{K*IGl6F8kxDZOlTxv*haXKb3Gx7h2mn63qwTXoTpDrp1kI!XsS@C
zPESpqa2!J)OGQS7l?nypX0#-h;Zh5Uuxh0g^N^t+6)hkm0R`27DlB{fTh);32=e9u
zmCMhgYhxi!it1tcsK^ShLP1rq8*$2*{m-%IZsWv#g#DKNj_qO3#Y8Tfug=x*Hx>pP
zFCO!M@!`g+&J8x@NY?MGbN&xs8Ek`iOl}mx2U>>YuEPeNBHgK#E7kv_vmz&HCEY#M
z>ULYFx*yd&Z!r;%Cl)=gJ`WsEB;vsH%|_$=D9ZUpqxpoyhYw3Ua`ITC?M?(voB8|;
zD=TZph#`cnZ*Oe8UMw0dQK|fCxBH@%ur%|KNrzj#UJLSZJiY|~h_w_)`3c{<H9ET9
zXgtw8)>xO()*HuUG+^b2Wb*9MqbIbdmX@|N8EVnHg~F@r>zB2g+uOH_B@lzN7Tp`p
zLS`fU=nu?N{nPN<Pj634FzAP;oV<_ZH;@H${4<-Wx>R}pfs<4cxQGUx28x^ponUSH
zjLBkboc^J_3{9T5g6i@HLAf8nSB8zv-WmEQCcw!V(o$#VhM0q|46zElGsGJHljsl&
z@F$1ZWQW;H@=j0#V1gJKU<G&LvqQ|mFAT8?yf?%eOR%va7T}kM*kp6;539JrA3u%z
zpw0H#RrWYLz1G>=zufD(UTK!Cu@2nqv&*c<y3A!BE3w(1Px%F=vvqB!y$8P?w#BYt
zeQmb)bF*fzd*E($x}ClDLFc0T+zoeWv$xXgbxW-2hde;gE%@mAiL}`P`itP6V>i$)
Tu}xU5KxBF)ykmLW{z~}|xDhO%

literal 0
HcmV?d00001

diff --git a/dist/raspap/css/style.css b/dist/raspap/css/style.css
new file mode 100644
index 00000000..93eb072e
--- /dev/null
+++ b/dist/raspap/css/style.css
@@ -0,0 +1,54 @@
+ /*!
+ * RaspAP-Brands Brand Icons - https://raspap.com
+ * License - https://github.com/billz/RaspAP-Brands-webgui/blob/master/LICENSE
+ */
+@font-face {
+  font-family: 'RaspAP';
+  src:  url('fonts/RaspAP.eot?e76qs3');
+  src:  url('fonts/RaspAP.eot?e76qs3#iefix') format('embedded-opentype'),
+    url('fonts/RaspAP.ttf?e76qs3') format('truetype'),
+    url('fonts/RaspAP.woff?e76qs3') format('woff'),
+    url('fonts/RaspAP.svg?e76qs3#RaspAP') format('svg');
+  font-weight: normal;
+  font-style: normal;
+  font-display: block;
+}
+
+[class^="ra-"], [class*=" ra-"] {
+  /* use !important to prevent issues with browser extensions that change ..webfonts */
+  font-family: 'RaspAP' !important;
+  speak: none;
+  font-style: normal;
+  font-weight: normal;
+  font-variant: normal;
+  text-transform: none;
+  line-height: 1;
+
+  /* Better Font Rendering =========== */
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+.ra-wireguard:before {
+  font-size: 1.3rem;
+  content: "\e900";
+  color: #d1d3e2;
+  vertical-align: middle;
+}
+
+.card-header .ra-wireguard:before {
+  color: #fff;
+}
+
+.sidebar .nav-item.active .nav-link
+span.ra-wireguard:before {
+  color: #6e707e;
+}
+
+.ra-raspap:before {
+  font-size: 4.35rem;
+  content: "\e901";
+  color: #d8224c;
+  margin-left: 0.1em;
+}
+

From 5179847c5c208939ae4f0f8568e43889e0dd18a3 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 22:36:03 +0100
Subject: [PATCH 07/60] Update w/ project webfont

---
 index.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/index.php b/index.php
index 837ebef3..688c04c5 100755
--- a/index.php
+++ b/index.php
@@ -83,9 +83,12 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
     <!-- DataTables CSS -->
     <link href="dist/datatables/dataTables.bootstrap4.min.css" rel="stylesheet">
 
-    <!-- Custom Fonts -->
+    <!-- Font Awesome -->
     <link href="dist/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
 
+    <!-- RaspAP Fonts -->
+    <link href="dist/raspap/css/style.css" rel="stylesheet" type="text/css">
+
     <!-- Custom CSS -->
     <link href="<?php echo $theme_url; ?>" title="main" rel="stylesheet">
 
@@ -119,7 +122,7 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
         <hr class="sidebar-divider my-0">
         <div class="row">
           <div class="col-xs ml-3 sidebar-brand-icon">
-            <img src="app/img/raspAP-logo.svg" class="navbar-logo" width="64" height="64">
+            <span class="ra-raspap"></span>
           </div>
           <div class="col-xs ml-2">
             <div class="ml-1">Status</div>
@@ -169,7 +172,7 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
           <?php endif; ?>
           <?php if (RASPI_WIREGUARD_ENABLED) : ?>
         <li class="nav-item">
-          <a class="nav-link" href="index.php?page=wg_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("WireGuard"); ?></a>
+          <a class="nav-link" href="index.php?page=wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_TORPROXY_ENABLED) : ?>

From 5c4814585a79ce64acc36019e0381729df31a175 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 22:36:34 +0100
Subject: [PATCH 08/60] Style tweaks

---
 app/css/custom.css     | 4 ++++
 app/css/hackernews.css | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/app/css/custom.css b/app/css/custom.css
index 75cff67a..e5effc31 100644
--- a/app/css/custom.css
+++ b/app/css/custom.css
@@ -46,6 +46,10 @@ body {
   font-weight: 500;
 }
 
+.sidebar-light hr.sidebar-divider {
+  padding-top: 0.5rem;
+}
+
 .card .card-header {
   border-color: #d8224c;
   background-color: #d8224c;
diff --git a/app/css/hackernews.css b/app/css/hackernews.css
index 7af897a2..b2c36496 100644
--- a/app/css/hackernews.css
+++ b/app/css/hackernews.css
@@ -66,6 +66,9 @@ h5.card-title {
   font-family: Verdana, Geneva, sans-serif;
 }
 
+.sidebar-light hr.sidebar-divider {
+  padding-top: 0.5rem;
+}
 
 ul.nav-tabs, .nav-tabs .nav-link {
   background-color: #f6f6ef;
@@ -145,6 +148,7 @@ ul.nav-tabs, .nav-tabs .nav-link {
 .info-item-xs {
   font-size: 0.7rem;
   margin-left: 0.3rem;
+  line-height: 1.5em;
 }
 
 .info-item-wifi {
@@ -181,6 +185,10 @@ ul.nav-tabs, .nav-tabs .nav-link {
   }
 }
 
+.fas.fa-circle {
+    font-size: 0.5rem;
+}
+
 .logoutput {
   width:100%;
   height:300px;

From 8d73fb774f46ff3d85253cc7c789638236dabf5a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:00:34 +0100
Subject: [PATCH 09/60] Update installer + sudoers for wg

---
 installers/common.sh      | 39 +++++++++++++++++++++------------------
 installers/raspap.sudoers |  4 ++++
 installers/raspbian.sh    |  8 ++++++++
 3 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index a58e4ba7..a06dedda 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -235,37 +235,37 @@ function _install_adblock() {
     _install_status 0
 }
 
-# Prompt to install VPN
-function _prompt_install_vpn() {
-    _install_log "Configure VPN support"
-    echo -n "Install VPN and enable client configuration? [Y/n]: "
+# Prompt to install openvpn
+function _prompt_install_openvpn() {
+    _install_log "Configure OpenVPN support"
+    echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
         if [ "$answer" != "${answer#[Nn]}" ]; then
             echo -e
         else
-            _install_vpn
+            _install_openvpn
         fi
     elif [ "$ovpn_option" == 1 ]; then
-        _install_vpn
+        _install_openvpn
     else
         echo "(Skipped)"
     fi
 }
 
-function _install_vpn() {
-    echo -n "Install [O]penVPN or [W]ireGuard? [O/W]: "
+# Prompt to install WireGuard
+function _prompt_install_wireguard() {
+    _install_log "Configure WireGuard support"
+    echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
-        case $answer in
-            [oO]* )
-                _install_openvpn;
-                break;;
-            [wW]* )
-                _install_wireguard;
-        esac
-    elif [ "$ovpn_option" == 1 ]; then
-        _install_openvpn
+        if [ "$answer" != "${answer#[Nn]}" ]; then
+            echo -e
+        else
+            _install_wireguard
+        fi
+    elif [ "$wg_option" == 1 ]; then
+        _install_wireguard
     else
         echo "(Skipped)"
     fi
@@ -283,6 +283,8 @@ function _install_wireguard() {
     printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
     echo "Installing WireGuard"
     sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    echo "Enabling wg-quick@wg0"
+    sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service"
     echo "Enabling WireGuard management option"
     sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
     _install_status 0
@@ -572,7 +574,8 @@ function _install_raspap() {
     _default_configuration
     _configure_networking
     _prompt_install_adblock
-    _prompt_install_vpn
+    _prompt_install_openvpn
+    _prompt_install_wireguard
     _patch_system_files
     _install_complete
 }
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 517fbdef..ef21ec14 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -37,4 +37,8 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
+
 
diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index d0e72769..da8ca5d0 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -14,6 +14,8 @@
 #    Used with -y, --yes, sets OpenVPN install option (0=no install)
 # -a, --adblock <flag>
 #    Used with -y, --yes, sets Adblock install option (0=no install)
+# -w, --wireguard <flag>
+#    Used with -y, --yes, sets WireGuard install option (0=no install)
 # -r, --repo, --repository <name>
 #    Overrides the default GitHub repo (billz/raspap-webgui)
 # -b, --branch <name>
@@ -39,6 +41,7 @@ branch="master"
 assume_yes=0
 ovpn_option=1
 adblock_option=1
+wg_option=1
 
 # Define colors
 readonly ANSI_RED="\033[0;31m"
@@ -58,6 +61,7 @@ Usage: raspbian.sh [OPTION]\n
 -c, --cert, --certificate\n\tInstalls an SSL certificate for lighttpd
 -o, --openvpn <flag>\n\tUsed with -y, --yes, sets OpenVPN install option (0=no install)
 -a, --adblock <flag>\n\tUsed with -y, --yes, sets Adblock install option (0=no install)
+-w, --wireguard <flag>\n\tUsed with -y, --yes, sets WireGuard install option (0=no install)
 -r, --repo, --repository <name>\n\tOverrides the default GitHub repo (billz/raspap-webgui)
 -b, --branch <name>\n\tOverrides the default git branch (master)
 -h, --help\n\tOutputs usage notes and exits
@@ -80,6 +84,10 @@ while :; do
         adblock_option="$2"
         shift
         ;;
+        -w|--wireguard)
+        wg_option="$2"
+        shift
+        ;;
         -c|--cert|--certificate)
         install_cert=1
         ;;

From 7c7b8941cbabc64ee688a643a3cd34c4fb3af745 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:01:31 +0100
Subject: [PATCH 10/60] Update stop/start, status

---
 includes/wireguard.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index a0c2ed94..ed94ee34 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -19,28 +19,28 @@ function DisplayWireGuardConfig()
             }
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
-            exec('sudo /bin/systemctl start wg-quick@wg0', $return);
-            exec('sudo /bin/systemctl enable wg-quick@wg0', $return);
+            exec('sudo /usr/bin/wg-quick up wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
         } elseif (isset($_POST['stopwg'])) {
             $status->addMessage('Attempting to stop WireGuard', 'info');
-            exec('sudo /bin/systemctl stop wg-quick@wg0', $return);
-            exec('sudo /bin/systemctl disable wg-quick@wg0', $return);
+            exec('sudo /usr/bin/wg-quick down wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
         }
     }
 
-    exec('pidof wg | wc -l', $wgstatus);
+    exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
 
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
+    $wg_state = ($wgstatus[0] > 0);
 
     echo renderTemplate(
         "wireguard", compact(
             "status",
+            "wg_state",
             "serviceStatus"
         )
     );

From 292a4ed1beb109286c81b989bbb7bdfc8ab3775d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:02:07 +0100
Subject: [PATCH 11/60] Initial template setup

---
 templates/wg/general.php | 46 ++++++++++++++++++++++++++++++++++++++++
 templates/wg/logging.php | 11 ++++++++++
 templates/wg/peers.php   | 11 ++++++++++
 templates/wireguard.php  | 12 ++++++-----
 4 files changed, 75 insertions(+), 5 deletions(-)
 create mode 100644 templates/wg/peers.php

diff --git a/templates/wg/general.php b/templates/wg/general.php
index e69de29b..ec44562a 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -0,0 +1,46 @@
+<!-- wireguard settings tab -->
+<div class="tab-pane active" id="wgsettings">
+  <div class="row">
+    <div class="col-md-6">
+      <h4 class="mt-3"><?php echo _("Tunnel settings"); ?></h4>
+        <div class="input-group">
+          <input type="hidden" name="tunnel-enable" value="0">
+          <div class="custom-control custom-switch">
+            <input class="custom-control-input" id="tunnel-enable" type="checkbox" name="tunnel-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="tunnel-description">
+          <label class="custom-control-label" for="tunnel-enable"><?php echo _("Enable tunnel") ?></label>
+        </div>
+        <p id="wg-description">
+          <small><?php echo _("Enable this option to encrypt traffic on your local network by creating a tunnel between RaspAP and connected clients.") ?></small>
+        </p>
+        </div>
+        <div class="row">
+          <div class="form-group col-xs-3 col-sm-3">
+            <label for="code"><?php echo _("Local Port"); ?></label>
+            <input type="text" class="form-control" name="wgport" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+          </div>
+        </div>
+
+        <div class="row">
+          <div class="col-xs-3 col-sm-6">
+            <label for="code"><?php echo _("Local public key"); ?></label>
+          </div>
+          <div class="input-group col-md-12 mb-3">
+            <input type="text" class="form-control" name="wgpubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
+            <div class="input-group-append">
+              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+              <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+            </div>
+          </div>
+        </div>
+
+        <div class="row">
+          <div class="form-group col-md-6">
+            <label for="code"><?php echo _("IP Address"); ?></label>
+            <input type="text" class="form-control" name="RangeEnd" value="<?php echo htmlspecialchars($RangeEnd, ENT_QUOTES); ?>" />
+          </div>
+        </div>
+
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | settings tab -->
+
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
index e69de29b..eb31dd10 100644
--- a/templates/wg/logging.php
+++ b/templates/wg/logging.php
@@ -0,0 +1,11 @@
+<!-- wireguard logging tab -->
+<div class="tab-pane fade" id="wglogging">
+  <div class="row">
+    <div class="col-md-6">
+      <h4 class="mt-3"><?php echo _("Logging"); ?></h4>
+
+
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | logging tab -->
+
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
new file mode 100644
index 00000000..2edc4d2d
--- /dev/null
+++ b/templates/wg/peers.php
@@ -0,0 +1,11 @@
+<!-- wireguard peers tab -->
+<div class="tab-pane fade" id="wgpeers">
+  <div class="row">
+    <div class="col-md-6">
+      <h4 class="mt-3"><?php echo _("Peers"); ?></h4>
+
+
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | peers tab -->
+
diff --git a/templates/wireguard.php b/templates/wireguard.php
index b3f33796..0c0c0a81 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -1,8 +1,8 @@
   <?php ob_start() ?>
     <?php if (!RASPI_MONITOR_ENABLED) : ?>
       <input type="submit" class="btn btn-outline btn-primary" name="savewgsettings" value="<?php echo _("Save settings"); ?>">
-      <?php if ($dnsmasq_state) : ?>
-        <input type="submit" class="btn btn-warning" name="restartwg" value="<?php echo _("Restart WireGuard"); ?>">
+      <?php if ($wg_state) : ?>
+        <input type="submit" class="btn btn-warning" name="stopwg" value="<?php echo _("Stop WireGuard"); ?>">
       <?php else : ?>
         <input type="submit" class="btn btn-success" name="startwg" value="<?php echo _("Start WireGuard"); ?>">
       <?php endif ?>
@@ -15,7 +15,7 @@
         <div class="card-header">
           <div class="row">
             <div class="col">
-              <i class="fas fa-key fa-fw mr-2"></i><?php echo _("WireGuard"); ?>
+              <span class="ra-wireguard mr-2"></span><?php echo _("WireGuard"); ?>
             </div>
             <div class="col">
               <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
@@ -31,13 +31,15 @@
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">
-                <li class="nav-item"><a class="nav-link active" id="clienttab" href="#wgsettings" data-toggle="tab"><?php echo _("WireGuard settings"); ?></a></li>
-                <li class="nav-item"><a class="nav-link" id="logoutputtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
+                <li class="nav-item"><a class="nav-link active" id="settingstab" href="#wgsettings" data-toggle="tab"><?php echo _("Settings"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peers"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="loggingtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
             </ul>
 
             <!-- Tab panes -->
             <div class="tab-content">
               <?php echo renderTemplate("wg/general", $__template_data) ?>
+              <?php echo renderTemplate("wg/peers", $__template_data) ?>
               <?php echo renderTemplate("wg/logging", $__template_data) ?>
             </div><!-- /.tab-content -->
 

From 0fa59b3272b2abff274311c532300cea0f11a5f9 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:02:37 +0100
Subject: [PATCH 12/60] Adjust wg font-size

---
 dist/raspap/css/style.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dist/raspap/css/style.css b/dist/raspap/css/style.css
index 93eb072e..45305ca1 100644
--- a/dist/raspap/css/style.css
+++ b/dist/raspap/css/style.css
@@ -30,7 +30,7 @@
 }
 
 .ra-wireguard:before {
-  font-size: 1.3rem;
+  font-size: 1.2rem;
   content: "\e900";
   color: #d1d3e2;
   vertical-align: middle;

From 0a21695ff2a5911ed1b774fc56f569ac5fb0e348 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:08:47 +0100
Subject: [PATCH 13/60] Add cp /tmp/wgdata to sudoers

---
 installers/raspap.sudoers | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 0ceafd9b..2d6ed495 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -36,6 +36,7 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0

From dccfb991b140bd2fe6e8b0c4672b2cfb800ee1d0 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:10:50 +0100
Subject: [PATCH 14/60] Build out peer template

---
 templates/wg/general.php |  4 ++--
 templates/wg/peers.php   | 45 +++++++++++++++++++++++++++++++++++++++-
 templates/wireguard.php  |  2 +-
 3 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index ec44562a..686949bb 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -10,13 +10,13 @@
           <label class="custom-control-label" for="tunnel-enable"><?php echo _("Enable tunnel") ?></label>
         </div>
         <p id="wg-description">
-          <small><?php echo _("Enable this option to encrypt traffic on your local network by creating a tunnel between RaspAP and connected clients.") ?></small>
+          <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
         </p>
         </div>
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wgport" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wgport" placeholder="51820" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 2edc4d2d..16337a08 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -1,8 +1,51 @@
 <!-- wireguard peers tab -->
 <div class="tab-pane fade" id="wgpeers">
+
   <div class="row">
     <div class="col-md-6">
-      <h4 class="mt-3"><?php echo _("Peers"); ?></h4>
+      <h4 class="mt-3"><?php echo _("Peer"); ?></h4>
+        <div class="input-group">
+          <input type="hidden" name="endpoint-enable" value="0">
+          <input type="hidden" name="peer_id" value="1">
+          <div class="custom-control custom-switch">
+            <input class="custom-control-input" id="endpoint_enable" type="checkbox" name="endpoint-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
+          <label class="custom-control-label" for="endpoint_enable"><?php echo _("Enable endpoint") ?></label>
+        </div>
+     </div>
+
+    <div class="row">
+      <div class="form-group col-xs-3 col-sm-6 mt-3">
+        <label for="code"><?php echo _("Endpoint address"); ?></label>
+        <input type="text" class="form-control" name="wg_endpoint" value="<?php echo htmlspecialchars($wg_endpoint, ENT_QUOTES); ?>" />
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="col-xs-3 col-sm-6">
+        <label for="code"><?php echo _("Allowed IPs"); ?></label>
+        <input type="text" class="form-control mb-3" name="wg_allowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_allowedips, ENT_QUOTES); ?>" />
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="col-xs-3 col-sm-6">
+        <label for="code"><?php echo _("Persistent keepalive"); ?></label>
+        <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Peer public key"); ?></label>
+      </div>
+      <div class="input-group col-md-12 mb-3">
+        <input type="text" class="form-control" name="wg_peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+        <div class="input-group-append">
+          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+          <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+        </div>
+      </div>
+    </div>
 
 
     </div>
diff --git a/templates/wireguard.php b/templates/wireguard.php
index 0c0c0a81..3ead09c7 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -32,7 +32,7 @@
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">
                 <li class="nav-item"><a class="nav-link active" id="settingstab" href="#wgsettings" data-toggle="tab"><?php echo _("Settings"); ?></a></li>
-                <li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peers"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peer"); ?></a></li>
                 <li class="nav-item"><a class="nav-link" id="loggingtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
             </ul>
 

From 543791f7238cb40ec05ff5a4c4e6b0aad494cdb6 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:11:27 +0100
Subject: [PATCH 15/60] WIP: handle input

---
 includes/wireguard.php | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index ed94ee34..34d56ce2 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -11,12 +11,31 @@ function DisplayWireGuardConfig()
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['savewgettings'])) {
+            # Todo: validate input
             if (isset($_POST['authUser'])) {
-                $authUser = strip_tags(trim($_POST['authUser']));
+                $peer_id = strip_tags(trim($_POST'peer_id']));
             }
-            if (isset($_POST['authPassword'])) {
-                $authPassword = strip_tags(trim($_POST['authPassword']));
+            if (isset($_POST['wg_endpoint'])) {
+                $wg_endpoint = strip_tags(trim($_POST['wg_endpoint']));
             }
+            if (isset($_POST['wg_allowedips'])) {
+                $wg_allowedips = strip_tags(trim($_POST['wg_allowedips']));
+            }
+            if (isset($_POST['wg_pkeepalive'])) {
+                $wg_pkeepalive = strip_tags(trim($_POST['wg_pkeepalive']));
+            }
+            if (isset($_POST['wg_peerpubkey'])) {
+                $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey']));
+            }
+            file_put_contents("/tmp/wgdata", $config);
+            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+
+            if ($return == 0) {
+                $status->addMessage('Wireguard configuration updated successfully', 'success');
+            } else {
+                $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+            }
+
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
             exec('sudo /usr/bin/wg-quick up wg0', $return);
@@ -41,7 +60,13 @@ function DisplayWireGuardConfig()
         "wireguard", compact(
             "status",
             "wg_state",
-            "serviceStatus"
+            "serviceStatus",
+            "endpoint_enable",
+            "peer_id",
+            "wg_endpoint",
+            "wg_allowedips",
+            "wg_pkeepalive",
+            "wg_peerpubkey"
         )
     );
 }

From 22651a86b7d3b5b327f9ecd5398076a4cbee2976 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:11:57 +0100
Subject: [PATCH 16/60] Simplify wg config handling

---
 config/config.php     | 3 +--
 includes/defaults.php | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/config/config.php b/config/config.php
index 6de2822f..122b1f94 100755
--- a/config/config.php
+++ b/config/config.php
@@ -21,8 +21,7 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
-define('RASPI_WIREGUARD_SERVER_CONFIG', '/etc/wireguard/wg0.conf');
-define('RASPI_WIREGUARD_CLIENT_CONFIG', '/etc/wireguard/wg0-client.conf');
+define('RASPI_WIREGUARD_CONFIG', '/etc/wireguard/wg0.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
diff --git a/includes/defaults.php b/includes/defaults.php
index 6f6251e9..253c5619 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -26,8 +26,7 @@ $defaults = [
   'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
   'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
   'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
-  'RASPI_WIREGUARD_SERVER_CONFIG' => '/etc/wireguard/wg0.conf',
-  'RASPI_WIREGUARD_CLIENT_CONFIG' => '/etc/wireguard/wg0-client.conf',
+  'RASPI_WIREGUARD_CONFIG' => '/etc/wireguard/wg0.conf',
   'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
   'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
   'RASPI_ACCESS_CHECK_IP' => '1.1.1.1',

From aff035122b78220ef226e2b2320cc66bdb05798c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 26 Aug 2020 23:54:49 +0100
Subject: [PATCH 17/60] Validate, save & display wg config

---
 includes/wireguard.php    | 58 +++++++++++++++++++++++++++++++--------
 installers/raspap.sudoers |  2 ++
 templates/wg/general.php  |  2 +-
 3 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 34d56ce2..d2ec1088 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -11,25 +11,47 @@ function DisplayWireGuardConfig()
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['savewgettings'])) {
-            # Todo: validate input
-            if (isset($_POST['authUser'])) {
-                $peer_id = strip_tags(trim($_POST'peer_id']));
+            // Validate input
+            $good_input = true;
+            $peer_id = 1;
+            if (isset($_POST['peer_id'])) {
+                $peer_id = escapeshellarg($_POST['peer_id']);
             }
             if (isset($_POST['wg_endpoint'])) {
-                $wg_endpoint = strip_tags(trim($_POST['wg_endpoint']));
+                if (!filter_var($_POST['wg_endpoint'], FILTER_VALIDATE_IP)) {
+                    $status->addMessage('Invalid value for endpoint address', 'danger');
+                    $good_input = false;
+                } else {
+                    $wg_endpoint = escapeshellarg($_POST['wg_endpoint']);
+                }
             }
             if (isset($_POST['wg_allowedips'])) {
-                $wg_allowedips = strip_tags(trim($_POST['wg_allowedips']));
+                if (!filter_var($_POST['wg_allowedips'], FILTER_VALIDATE_IP)) {
+                    $status->addMessage('Invalid value for allowed IPs', 'danger');
+                    $good_input = false;
+                } else {
+                    $wg_allowedips = escapeshellarg($_POST['wg_allowedips']);
+                }
             }
             if (isset($_POST['wg_pkeepalive'])) {
-                $wg_pkeepalive = strip_tags(trim($_POST['wg_pkeepalive']));
+                if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
+                    $status->addMessage('Invalid value for persistent keepalive', 'danger');
+                    $good_input = false;
+                } else {
+                    $wg_pkeepalive = escapeshellarg($_POST['wg_pkeepalive']);
+                }
             }
             if (isset($_POST['wg_peerpubkey'])) {
                 $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey']));
             }
-            file_put_contents("/tmp/wgdata", $config);
-            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-
+            // Save settings
+            if ($good_input) {
+                file_put_contents("/tmp/wgdata", $config);
+                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+                foreach ($return as $line) {
+                    $status->addMessage($line, 'info');
+                }
+            }
             if ($return == 0) {
                 $status->addMessage('Wireguard configuration updated successfully', 'success');
             } else {
@@ -51,8 +73,18 @@ function DisplayWireGuardConfig()
         }
     }
 
-    exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
+    // fetch wg config
+    exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
+    $conf = ParseConfig($return);
+    $wg_port = $conf['ListenPort'];
+    $wg_ipaddress = $conf['Address'];
+    $wg_pubkey = $conf['PublicKey'];
+    $wg_endpoint = $conf['Endpoint'];
+    $wg_allowedips = $conf['AllowedIPs'];
+    $wg_pkeepalive = $conf['PersistentKeepalive'];
 
+    // fetch service status
+    exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
     $wg_state = ($wgstatus[0] > 0);
 
@@ -63,10 +95,12 @@ function DisplayWireGuardConfig()
             "serviceStatus",
             "endpoint_enable",
             "peer_id",
+            "wg_port",
+            "wg_ipaddress",
+            "wg_pubkey",
             "wg_endpoint",
             "wg_allowedips",
-            "wg_pkeepalive",
-            "wg_peerpubkey"
+            "wg_pkeepalive"
         )
     );
 }
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 2d6ed495..517b6233 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -41,5 +41,7 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
+
 
 
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 686949bb..b9763555 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -36,7 +36,7 @@
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="RangeEnd" value="<?php echo htmlspecialchars($RangeEnd, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_ipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 

From 34b5b4c1b2ea52562e87bc8217cbac641994f8a4 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 28 Aug 2020 23:40:46 +0100
Subject: [PATCH 18/60] Add validateCidr()

---
 includes/functions.php | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/includes/functions.php b/includes/functions.php
index 4d299314..c58b2b13 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -452,3 +452,30 @@ function getBridgedState()
     return  $arrHostapdConf['BridgedEnable'];
 }
 
+/**
+ * Validates the format of a CIDR notation string
+ *
+ * @param string $cidr
+ * @return bool
+ */
+function validateCidr($cidr)
+{
+    $parts = explode('/', $cidr);
+    if(count($parts) != 2) {
+        return false;
+    }
+    $ip = $parts[0];
+    $netmask = intval($parts[1]);
+
+    if($netmask < 0) {
+        return false;
+    }
+    if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+        return $netmask <= 32;
+    }
+    if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+        return $netmask <= 128;
+    }
+    return false;
+}
+

From af0721e0214361979d63938ac1eecde5c50603ba Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 28 Aug 2020 23:42:55 +0100
Subject: [PATCH 19/60] Save wg config, template fixes

---
 includes/wireguard.php   | 67 +++++++++++++++++++++++++++-------------
 templates/wg/general.php |  7 +++--
 2 files changed, 49 insertions(+), 25 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index d2ec1088..26badcd0 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -10,52 +10,73 @@ function DisplayWireGuardConfig()
 {
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
-        if (isset($_POST['savewgettings'])) {
-            // Validate input
+        if (isset($_POST['savewgsettings'])) {
+            // Set defaults
             $good_input = true;
             $peer_id = 1;
-            if (isset($_POST['peer_id'])) {
-                $peer_id = escapeshellarg($_POST['peer_id']);
+            // Validate input
+            if (isset($_POST['wg_port'])) {
+                if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
+                    $status->addMessage('Invalid value for port number', 'danger');
+                    $good_input = false;
+                }
             }
-            if (isset($_POST['wg_endpoint'])) {
-                if (!filter_var($_POST['wg_endpoint'], FILTER_VALIDATE_IP)) {
+            if (isset($_POST['wg_ipaddress'])) {
+                if (!validateCidr($_POST['wg_ipaddress'])) {
+                    $status->addMessage('Invalid value for IP address', 'danger');
+                    $good_input = false;
+                }
+            }
+            if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
+                if (!validateCidr($_POST['wg_endpoint'])) {
                     $status->addMessage('Invalid value for endpoint address', 'danger');
                     $good_input = false;
-                } else {
-                    $wg_endpoint = escapeshellarg($_POST['wg_endpoint']);
                 }
             }
             if (isset($_POST['wg_allowedips'])) {
-                if (!filter_var($_POST['wg_allowedips'], FILTER_VALIDATE_IP)) {
+                if (!validateCidr($_POST['wg_allowedips'])) {
                     $status->addMessage('Invalid value for allowed IPs', 'danger');
                     $good_input = false;
-                } else {
-                    $wg_allowedips = escapeshellarg($_POST['wg_allowedips']);
                 }
             }
-            if (isset($_POST['wg_pkeepalive'])) {
+            if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
                 if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
                     $status->addMessage('Invalid value for persistent keepalive', 'danger');
                     $good_input = false;
-                } else {
-                    $wg_pkeepalive = escapeshellarg($_POST['wg_pkeepalive']);
                 }
             }
-            if (isset($_POST['wg_peerpubkey'])) {
-                $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey']));
-            }
             // Save settings
             if ($good_input) {
+                $config[] = '[Interface]';
+                $config[] = 'Address = '.$_POST['wg_ipaddress'];
+                $config[] = 'ListenPort = '.$_POST['wg_port'];
+                $config[] = '';
+                $config[] = 'PrivateKey = '.$_POST['wg_privkey'];
+                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
+                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
+                $config[] = '';
+                $config[] = '[Peer]';
+                $config[] = 'PublicKey = '.$_POST['wg_pubkey'];
+                if ($_POST['wg_endpoint'] !== '') {
+                    $config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
+                }
+                $config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
+                if ($_POST['wg_pkeepalive'] !== '') {
+                    $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+                }
+                $config[] = '';
+                $config = join(PHP_EOL, $config);
+
                 file_put_contents("/tmp/wgdata", $config);
                 system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
                 foreach ($return as $line) {
                     $status->addMessage($line, 'info');
                 }
-            }
-            if ($return == 0) {
-                $status->addMessage('Wireguard configuration updated successfully', 'success');
-            } else {
-                $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+                if ($return == 0) {
+                    $status->addMessage('Wireguard configuration updated successfully', 'success');
+                } else {
+                    $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+                }
             }
 
         } elseif (isset($_POST['startwg'])) {
@@ -79,6 +100,7 @@ function DisplayWireGuardConfig()
     $wg_port = $conf['ListenPort'];
     $wg_ipaddress = $conf['Address'];
     $wg_pubkey = $conf['PublicKey'];
+    $wg_privkey = $conf['PrivateKey'];
     $wg_endpoint = $conf['Endpoint'];
     $wg_allowedips = $conf['AllowedIPs'];
     $wg_pkeepalive = $conf['PersistentKeepalive'];
@@ -98,6 +120,7 @@ function DisplayWireGuardConfig()
             "wg_port",
             "wg_ipaddress",
             "wg_pubkey",
+            "wg_privkey",
             "wg_endpoint",
             "wg_allowedips",
             "wg_pkeepalive"
diff --git a/templates/wg/general.php b/templates/wg/general.php
index b9763555..aa1de796 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -16,7 +16,7 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wgport" placeholder="51820" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_port" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
           </div>
         </div>
 
@@ -25,13 +25,14 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wgpubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_pubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateWgKey()"><?php echo _("Generate key"); ?></button>
               <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
         </div>
+        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_privkey, ENT_QUOTES); ?>" />
 
         <div class="row">
           <div class="form-group col-md-6">

From 7286173438e2bfc736cf359008964eeb66a4981a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 5 Sep 2020 19:27:38 +0100
Subject: [PATCH 20/60] Add rudimentary logging

---
 includes/wireguard.php    |  6 ++++++
 installers/raspap.sudoers |  3 +++
 templates/wg/logging.php  | 14 +++++++++++---
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 26badcd0..84956b89 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -69,6 +69,11 @@ function DisplayWireGuardConfig()
 
                 file_put_contents("/tmp/wgdata", $config);
                 system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+                
+                // handle log option
+                if ($_POST['wg_log'] == "1") {
+                    exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
+                }
                 foreach ($return as $line) {
                     $status->addMessage($line, 'info');
                 }
@@ -115,6 +120,7 @@ function DisplayWireGuardConfig()
             "status",
             "wg_state",
             "serviceStatus",
+            "wg_log",
             "endpoint_enable",
             "peer_id",
             "wg_port",
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 517b6233..4c813d0e 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -35,9 +35,12 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
+www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
+www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
index eb31dd10..c9cb4185 100644
--- a/templates/wg/logging.php
+++ b/templates/wg/logging.php
@@ -1,10 +1,18 @@
 <!-- wireguard logging tab -->
 <div class="tab-pane fade" id="wglogging">
   <div class="row">
-    <div class="col-md-6">
+    <div class="col-md-12">
       <h4 class="mt-3"><?php echo _("Logging"); ?></h4>
-
-
+          <div class="custom-control custom-switch">
+            <input class="custom-control-input" id="wg_log" type="checkbox" name="wg_log" value="1" <?php echo $wg_log ? ' checked="checked"' : "" ?> aria-describedby="wg_log">
+            <label class="custom-control-label" for="wg_log"><?php echo _("Display WireGuard status") ?></label>
+          </div>
+          <p><small><?php echo _("Enable this option to display an updated WireGuard status.") ?></small></p>
+          <?php
+              exec('sudo chmod o+r /tmp/wireguard.log');
+              $log = file_get_contents('/tmp/wireguard.log');
+              echo '<textarea class="logoutput my-3">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
+          ?>
     </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | logging tab -->

From 31edb21a764bfdc185469afb07dd295cb529d2f5 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 23 Sep 2020 09:10:44 +0100
Subject: [PATCH 21/60] Fix merge error

---
 includes/functions.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 85c69ca6..4a9e77bb 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -477,8 +477,9 @@ function validateCidr($cidr)
         return $netmask <= 128;
     }
     return false;
-    
-    // Validates a host or FQDN
+}    
+
+// Validates a host or FQDN
 function validate_host($host) {
   return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);
 }

From 06c8a2edcdc99194d18d470218a8740407b19567 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 15 Oct 2020 16:08:23 +0100
Subject: [PATCH 22/60] Install raspberrypi-kernel-headers (raspbian only)

---
 installers/common.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/installers/common.sh b/installers/common.sh
index 9c55a9f0..2eb36e89 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -283,6 +283,10 @@ function _prompt_install_wireguard() {
 # Install Wireguard from the Debian unstable distro
 function _install_wireguard() {
     _install_log "Configure WireGuard support"
+    if [ "$OS" == "Raspbian" ]; then
+        echo "Installing raspberrypi-kernel-headers"
+        sudo apt-get install $apt_option raspberrypi-kernel-headers || _install_status 1 "Unable to install raspberrypi-kernel-headers"
+    fi
     echo "Installing WireGuard from Debian unstable distro"
     echo "Adding Debian distro"
     echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"

From 1fddf4270bf7f8376c5c5c14f9c153a34b784f37 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:19:33 +0000
Subject: [PATCH 23/60] Add wg default values

---
 config/defaults.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/config/defaults.json b/config/defaults.json
index 94f80da0..b02d4022 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -33,6 +33,13 @@
     "uap0": {
       "dhcp-range": [ "192.168.50.50,192.168.50.150,12h" ]
     }
+  },
+  "wireguard": {
+    "interface": {
+      "address": [ "10.3.141.1/24" ],
+      "listenport": [ "51820" ],
+      "dns": [ "10.3.141.1" ]
+    }
   }
 }
 

From cc1c8d594ad9512ce483708405bb1e22e014e33e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:21:02 +0000
Subject: [PATCH 24/60] Update w/ fallback default values

---
 includes/wireguard.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 84956b89..a7404495 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -50,6 +50,7 @@ function DisplayWireGuardConfig()
                 $config[] = '[Interface]';
                 $config[] = 'Address = '.$_POST['wg_ipaddress'];
                 $config[] = 'ListenPort = '.$_POST['wg_port'];
+
                 $config[] = '';
                 $config[] = 'PrivateKey = '.$_POST['wg_privkey'];
                 $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
@@ -102,8 +103,8 @@ function DisplayWireGuardConfig()
     // fetch wg config
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
-    $wg_port = $conf['ListenPort'];
-    $wg_ipaddress = $conf['Address'];
+    $wg_port = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','interface','listenport') : $conf['ListenPort'];
+    $wg_ipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','interface','address') : $conf['Address'];
     $wg_pubkey = $conf['PublicKey'];
     $wg_privkey = $conf['PrivateKey'];
     $wg_endpoint = $conf['Endpoint'];

From 369f303926a1db7f66f7a518f0f5240ea9defa5f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:21:38 +0000
Subject: [PATCH 25/60] Add _prompt_install_wireguard

---
 installers/common.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/common.sh b/installers/common.sh
index 403187b5..70d52b56 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -50,6 +50,7 @@ function _install_raspap() {
     _configure_networking
     _prompt_install_adblock
     _prompt_install_openvpn
+    _prompt_install_wireguard
     _patch_system_files
     _install_complete
 }

From 2c99f9857dba12eef413e76d66b13c13eec850ba Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:22:13 +0000
Subject: [PATCH 26/60] Update page routing for wg_conf

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 8f03521f..6d4fb478 100755
--- a/index.php
+++ b/index.php
@@ -169,7 +169,7 @@ $bridgedEnabled = getBridgedState();
           <?php endif; ?>
           <?php if (RASPI_WIREGUARD_ENABLED) : ?>
         <li class="nav-item">
-          <a class="nav-link" href="index.php?page=wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
+          <a class="nav-link" href="wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_TORPROXY_ENABLED) : ?>

From d871e271effb1cafdb58952779a6829a145b2c7d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:45:26 +0000
Subject: [PATCH 27/60] Initial commit: wgkey gen

---
 ajax/networking/get_wgkey.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 ajax/networking/get_wgkey.php

diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
new file mode 100644
index 00000000..71f3af6e
--- /dev/null
+++ b/ajax/networking/get_wgkey.php
@@ -0,0 +1,22 @@
+<?php
+
+require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+
+$entity = $_POST['entity'];
+    
+if (isset($entity)) {
+   
+    // generate public/private key pairs for entity
+    $pubkey = RASPI_WIREGUARD_PATH.$entity.'-public.key';
+    $privkey = RASPI_WIREGUARD_PATH.$entity.'-private.key';
+    $pubkey_tmp = '/tmp/'.$entity.'-public.key';
+    $privkey_tmp = '/tmp/'.$entity.'-private.key';
+     
+    exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
+    $entity_pubkey = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    exec("sudo mv $privkey_tmp $privkey", $return);
+    exec("sudo mv $pubkey_tmp $pubkey", $return);
+
+    echo json_encode($entity_pubkey);
+}

From ad6a14fa50e4a482230c42a3b9c82904bd952842 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:45:53 +0000
Subject: [PATCH 28/60] Added generateWgKey()

---
 app/js/custom.js | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/app/js/custom.js b/app/js/custom.js
index 28609abe..817256a1 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -348,6 +348,19 @@ function updateBlocklist() {
 function clearBlocklistStatus() {
     $('#cbxblocklist-status').removeClass('check-updated').addClass('check-hidden');
 }
+
+// Handler for the wireguard generate key button
+function generateWgKey() {
+    var entity = $('#wg-srvpubkey').attr('name');
+    console.log(entity);
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity },function(data){
+        var jsonData = JSON.parse(data);
+        console.log(jsonData);
+        $('#wg-srvpubkey').val(jsonData);
+        $('#wg-srvpubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
+    })
+}
+
 // Static Array method
 Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
 

From c80ad85214bf63e1537472f57235529604ecd9d6 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:46:41 +0000
Subject: [PATCH 29/60] Update wireguard constants

---
 config/config.php     | 3 ++-
 includes/defaults.php | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/config/config.php b/config/config.php
index 0aeddbdb..5c906c38 100755
--- a/config/config.php
+++ b/config/config.php
@@ -21,7 +21,8 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
-define('RASPI_WIREGUARD_CONFIG', '/etc/wireguard/wg0.conf');
+define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
+define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
diff --git a/includes/defaults.php b/includes/defaults.php
index 17a4af39..d3261fca 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -26,7 +26,8 @@ $defaults = [
   'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
   'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
   'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
-  'RASPI_WIREGUARD_CONFIG' => '/etc/wireguard/wg0.conf',
+  'RASPI_WIREGUARD_PATH' => '/etc/wireguard/',
+  'RASPI_WIREGUARD_CONFIG' => RASPI_WIREGUARD_PATH.'wg0.conf',
   'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
   'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
   'RASPI_ACCESS_CHECK_IP' => '1.1.1.1',

From 6076e277c8f0a2004521702d8a0b4200e9cf8dae Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:48:07 +0000
Subject: [PATCH 30/60] Disambiguate var names

---
 includes/wireguard.php   | 16 ++++++++--------
 templates/wg/general.php | 12 ++++++------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index a7404495..a3772ed9 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -103,10 +103,10 @@ function DisplayWireGuardConfig()
     // fetch wg config
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
-    $wg_port = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','interface','listenport') : $conf['ListenPort'];
-    $wg_ipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','interface','address') : $conf['Address'];
-    $wg_pubkey = $conf['PublicKey'];
-    $wg_privkey = $conf['PrivateKey'];
+    $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
+    $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
+    $wg_srvpubkey = $conf['PublicKey'];
+    $wg_srvprivkey = $conf['PrivateKey'];
     $wg_endpoint = $conf['Endpoint'];
     $wg_allowedips = $conf['AllowedIPs'];
     $wg_pkeepalive = $conf['PersistentKeepalive'];
@@ -124,10 +124,10 @@ function DisplayWireGuardConfig()
             "wg_log",
             "endpoint_enable",
             "peer_id",
-            "wg_port",
-            "wg_ipaddress",
-            "wg_pubkey",
-            "wg_privkey",
+            "wg_srvport",
+            "wg_srvipaddress",
+            "wg_srvpubkey",
+            "wg_srvprivkey",
             "wg_endpoint",
             "wg_allowedips",
             "wg_pkeepalive"
diff --git a/templates/wg/general.php b/templates/wg/general.php
index aa1de796..68edfa5e 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -16,7 +16,7 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_port" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
           </div>
         </div>
 
@@ -25,19 +25,19 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wg_pubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateWgKey()"><?php echo _("Generate key"); ?></button>
-              <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
+              <span id="wg-srvpubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
         </div>
-        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_privkey, ENT_QUOTES); ?>" />
+        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_ipaddress, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 

From 1431d44b52b78f45b550aaeab6f8da1405cff7ff Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:48:56 +0000
Subject: [PATCH 31/60] Added /bin/mv /tmp/wg-*.key

---
 installers/raspap.sudoers | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 19b9a7a8..29266fa2 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -43,6 +43,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0

From 796ed558f77ed7241b1687dff8e48f2300ca4d30 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 09:12:31 +0000
Subject: [PATCH 32/60] Handle peer defaults

---
 app/js/custom.js         |  2 +-
 config/defaults.json     | 13 +++++++++----
 includes/wireguard.php   | 10 +++++-----
 templates/wg/general.php |  2 +-
 templates/wg/peers.php   |  9 ++++-----
 5 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 817256a1..e2c89ac6 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -357,7 +357,7 @@ function generateWgKey() {
         var jsonData = JSON.parse(data);
         console.log(jsonData);
         $('#wg-srvpubkey').val(jsonData);
-        $('#wg-srvpubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
+        $('#wg-server-pubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
 }
 
diff --git a/config/defaults.json b/config/defaults.json
index b02d4022..46fce72c 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -35,10 +35,15 @@
     }
   },
   "wireguard": {
-    "interface": {
-      "address": [ "10.3.141.1/24" ],
-      "listenport": [ "51820" ],
-      "dns": [ "10.3.141.1" ]
+    "server": {
+      "Address": [ "10.3.141.1/24" ],
+      "ListenPort": [ "51820" ],
+      "DNS": [ "10.3.141.1" ]
+    },
+    "peer": {
+      "Endpoint": [ "server ip:53" ],
+      "AllowedIPs": ["0.0.0.0/0"],
+      "PersistentKeepalive": [ "15" ]
     }
   }
 }
diff --git a/includes/wireguard.php b/includes/wireguard.php
index a3772ed9..406172b7 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -107,9 +107,9 @@ function DisplayWireGuardConfig()
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_srvpubkey = $conf['PublicKey'];
     $wg_srvprivkey = $conf['PrivateKey'];
-    $wg_endpoint = $conf['Endpoint'];
-    $wg_allowedips = $conf['AllowedIPs'];
-    $wg_pkeepalive = $conf['PersistentKeepalive'];
+    $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
+    $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
+    $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
 
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
@@ -128,8 +128,8 @@ function DisplayWireGuardConfig()
             "wg_srvipaddress",
             "wg_srvpubkey",
             "wg_srvprivkey",
-            "wg_endpoint",
-            "wg_allowedips",
+            "wg_pendpoint",
+            "wg_pallowedips",
             "wg_pkeepalive"
         )
     );
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 68edfa5e..3be32e45 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -28,7 +28,7 @@
             <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
               <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
-              <span id="wg-srvpubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+              <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
         </div>
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 16337a08..2b70680a 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -16,14 +16,14 @@
     <div class="row">
       <div class="form-group col-xs-3 col-sm-6 mt-3">
         <label for="code"><?php echo _("Endpoint address"); ?></label>
-        <input type="text" class="form-control" name="wg_endpoint" value="<?php echo htmlspecialchars($wg_endpoint, ENT_QUOTES); ?>" />
+        <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
       </div>
     </div>
 
     <div class="row">
       <div class="col-xs-3 col-sm-6">
         <label for="code"><?php echo _("Allowed IPs"); ?></label>
-        <input type="text" class="form-control mb-3" name="wg_allowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_allowedips, ENT_QUOTES); ?>" />
+        <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
       </div>
     </div>
 
@@ -39,15 +39,14 @@
           <label for="code"><?php echo _("Peer public key"); ?></label>
       </div>
       <div class="input-group col-md-12 mb-3">
-        <input type="text" class="form-control" name="wg_peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
         <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
           <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
         </div>
       </div>
     </div>
 
-
     </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | peers tab -->

From b7ed2960c129b56e8f52d41d02d41011e69a93fc Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 10:32:07 +0000
Subject: [PATCH 33/60] Update wg-keygen for server + peer

---
 app/js/custom.js         | 15 +++++++--------
 templates/wg/general.php |  2 +-
 templates/wg/peers.php   |  4 ++--
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index e2c89ac6..e0bb6134 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -350,16 +350,15 @@ function clearBlocklistStatus() {
 }
 
 // Handler for the wireguard generate key button
-function generateWgKey() {
-    var entity = $('#wg-srvpubkey').attr('name');
-    console.log(entity);
-    $.post('ajax/networking/get_wgkey.php',{'entity':entity },function(data){
+$('.wg-keygen').click(function(){
+    var entity = $(this).parent('div').prev('input[type="text"]');
+    var updated = entity.attr('name')+"-pubkey-status";
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity.attr('name') },function(data){
         var jsonData = JSON.parse(data);
-        console.log(jsonData);
-        $('#wg-srvpubkey').val(jsonData);
-        $('#wg-server-pubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
+        entity.val(jsonData);
+        $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
-}
+})
 
 // Static Array method
 Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 3be32e45..5f5417b1 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -27,7 +27,7 @@
           <div class="input-group col-md-12 mb-3">
             <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
+              <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 2b70680a..e2ff5c6f 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -41,8 +41,8 @@
       <div class="input-group col-md-12 mb-3">
         <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
         <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
-          <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
+          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
         </div>
       </div>
     </div>

From 9bbf698b6a637a20b6d5a260c0765c328c5e5842 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 18:06:18 +0000
Subject: [PATCH 34/60] Reorder template fields

---
 templates/wg/general.php | 17 +++++++++--------
 templates/wg/peers.php   | 29 +++++++++++++++--------------
 templates/wireguard.php  |  2 +-
 3 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 5f5417b1..3d0cb952 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -13,12 +13,6 @@
           <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
         </p>
         </div>
-        <div class="row">
-          <div class="form-group col-xs-3 col-sm-3">
-            <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
-          </div>
-        </div>
 
         <div class="row">
           <div class="col-xs-3 col-sm-6">
@@ -30,14 +24,21 @@
               <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
+            <input type="hidden" name="wg_srvprivkey" value="" />
+          </div>
+        </div>
+
+        <div class="row">
+          <div class="form-group col-xs-3 col-sm-3">
+            <label for="code"><?php echo _("Local Port"); ?></label>
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
           </div>
         </div>
-        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index e2ff5c6f..98298e37 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -13,6 +13,20 @@
         </div>
      </div>
 
+    <div class="row">
+      <div class="col-xs-3 col-sm-6 mt-3">
+          <label for="code"><?php echo _("Peer public key"); ?></label>
+      </div>
+      <div class="input-group col-md-12">
+        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+        <div class="input-group-append">
+          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
+          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+        </div>
+      </div>
+    </div>
+
+
     <div class="row">
       <div class="form-group col-xs-3 col-sm-6 mt-3">
         <label for="code"><?php echo _("Endpoint address"); ?></label>
@@ -34,20 +48,7 @@
       </div>
     </div>
 
-    <div class="row">
-      <div class="col-xs-3 col-sm-6">
-          <label for="code"><?php echo _("Peer public key"); ?></label>
-      </div>
-      <div class="input-group col-md-12 mb-3">
-        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
-        <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
-          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
-        </div>
-      </div>
-    </div>
-
-    </div>
+  </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | peers tab -->
 
diff --git a/templates/wireguard.php b/templates/wireguard.php
index 3ead09c7..ee28dfa1 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -27,7 +27,7 @@
         </div><!-- /.card-header -->
         <div class="card-body">
         <?php $status->showMessages(); ?>
-          <form role="form" action="?page=wg_conf" enctype="multipart/form-data" method="POST">
+          <form role="form" action="/wg_conf" enctype="multipart/form-data" method="POST">
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">

From 3ec81ba085726daba9e1a03e023ac96c4a48d5c7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 18:07:19 +0000
Subject: [PATCH 35/60] Get/set pub+priv keys, create wg0.conf

---
 ajax/networking/get_wgkey.php |  7 +++---
 app/js/custom.js              | 10 +++++---
 includes/wireguard.php        | 46 +++++++++++++++++------------------
 installers/raspap.sudoers     |  1 +
 4 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
index 71f3af6e..d3f55aac 100644
--- a/ajax/networking/get_wgkey.php
+++ b/ajax/networking/get_wgkey.php
@@ -4,7 +4,7 @@ require '../../includes/csrf.php';
 require_once '../../includes/config.php';
 
 $entity = $_POST['entity'];
-    
+
 if (isset($entity)) {
    
     // generate public/private key pairs for entity
@@ -14,9 +14,10 @@ if (isset($entity)) {
     $privkey_tmp = '/tmp/'.$entity.'-private.key';
      
     exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
-    $entity_pubkey = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    $wgdata['privkey'] = str_replace("\n",'',file_get_contents($privkey_tmp));
     exec("sudo mv $privkey_tmp $privkey", $return);
     exec("sudo mv $pubkey_tmp $pubkey", $return);
 
-    echo json_encode($entity_pubkey);
+    echo json_encode($wgdata);
 }
diff --git a/app/js/custom.js b/app/js/custom.js
index e0bb6134..89c500bc 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -351,11 +351,13 @@ function clearBlocklistStatus() {
 
 // Handler for the wireguard generate key button
 $('.wg-keygen').click(function(){
-    var entity = $(this).parent('div').prev('input[type="text"]');
-    var updated = entity.attr('name')+"-pubkey-status";
-    $.post('ajax/networking/get_wgkey.php',{'entity':entity.attr('name') },function(data){
+    var entity_pub = $(this).parent('div').prev('input[type="text"]');
+    var entity_priv = $(this).parent('div').next('input[type="hidden"]');
+    var updated = entity_pub.attr('name')+"-pubkey-status";
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
         var jsonData = JSON.parse(data);
-        entity.val(jsonData);
+        entity_pub.val(jsonData.pubkey);
+        entity_priv.val(jsonData.privkey);
         $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
 })
diff --git a/includes/wireguard.php b/includes/wireguard.php
index 406172b7..787672d0 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -15,26 +15,26 @@ function DisplayWireGuardConfig()
             $good_input = true;
             $peer_id = 1;
             // Validate input
-            if (isset($_POST['wg_port'])) {
-                if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
+            if (isset($_POST['wg_srvport'])) {
+                if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
                     $status->addMessage('Invalid value for port number', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_ipaddress'])) {
-                if (!validateCidr($_POST['wg_ipaddress'])) {
+            if (isset($_POST['wg_srvipaddress'])) {
+                if (!validateCidr($_POST['wg_srvipaddress'])) {
                     $status->addMessage('Invalid value for IP address', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
-                if (!validateCidr($_POST['wg_endpoint'])) {
+            if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
+                if (!validateCidr($_POST['wg_pendpoint'])) {
                     $status->addMessage('Invalid value for endpoint address', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_allowedips'])) {
-                if (!validateCidr($_POST['wg_allowedips'])) {
+            if (isset($_POST['wg_pallowedips'])) {
+                if (!validateCidr($_POST['wg_pallowedips'])) {
                     $status->addMessage('Invalid value for allowed IPs', 'danger');
                     $good_input = false;
                 }
@@ -48,20 +48,18 @@ function DisplayWireGuardConfig()
             // Save settings
             if ($good_input) {
                 $config[] = '[Interface]';
-                $config[] = 'Address = '.$_POST['wg_ipaddress'];
-                $config[] = 'ListenPort = '.$_POST['wg_port'];
-
-                $config[] = '';
-                $config[] = 'PrivateKey = '.$_POST['wg_privkey'];
-                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
-                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
+                $config[] = 'Address = '.$_POST['wg_srvipaddress'];
+                $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+                $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
+                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
+                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
                 $config[] = '';
                 $config[] = '[Peer]';
-                $config[] = 'PublicKey = '.$_POST['wg_pubkey'];
-                if ($_POST['wg_endpoint'] !== '') {
-                    $config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
+                $config[] = 'PublicKey = '.$_POST['wg-peer'];
+                if ($_POST['wg_pendpoint'] !== '') {
+                    $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
                 }
-                $config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
+                $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
                 if ($_POST['wg_pkeepalive'] !== '') {
                     $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
                 }
@@ -103,14 +101,14 @@ function DisplayWireGuardConfig()
     // fetch wg config
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
+    $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
-    $wg_srvpubkey = $conf['PublicKey'];
-    $wg_srvprivkey = $conf['PrivateKey'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
     $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
     $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
-
+    $wg_peerpubkey = $conf['PublicKey'];
+ 
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
@@ -124,10 +122,10 @@ function DisplayWireGuardConfig()
             "wg_log",
             "endpoint_enable",
             "peer_id",
+            "wg_srvpubkey",
             "wg_srvport",
             "wg_srvipaddress",
-            "wg_srvpubkey",
-            "wg_srvprivkey",
+            "wg_peerpubkey",
             "wg_pendpoint",
             "wg_pallowedips",
             "wg_pkeepalive"
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 29266fa2..4c0bf163 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -51,4 +51,5 @@ www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key
 

From 9eadd28df1b90dda47c56f4e40b3d7b3df32d49d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 14:16:43 +0000
Subject: [PATCH 36/60] Save client.conf

---
 includes/wireguard.php | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 787672d0..44b2bc74 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -47,6 +47,7 @@ function DisplayWireGuardConfig()
             }
             // Save settings
             if ($good_input) {
+                // server (wg0.conf)
                 $config[] = '[Interface]';
                 $config[] = 'Address = '.$_POST['wg_srvipaddress'];
                 $config[] = 'ListenPort = '.$_POST['wg_srvport'];
@@ -68,7 +69,23 @@ function DisplayWireGuardConfig()
 
                 file_put_contents("/tmp/wgdata", $config);
                 system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-                
+
+                // client1 (client.conf)
+                $config = [];
+                $config[] = '[Interface]';
+                $config[] = 'Address = ';
+                $config[] = 'PrivateKey = ';
+                $config[] = '';
+                $config[] = '[Peer]';
+                $config[] = 'PublicKey = ';
+                $config[] = 'AllowedIPs = ';
+                $config[] = 'Endpoint = ';
+                $config[] = '';
+                $config = join(PHP_EOL, $config);
+
+                file_put_contents("/tmp/wgdata", $config);
+                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+
                 // handle log option
                 if ($_POST['wg_log'] == "1") {
                     exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");

From 0d2f02e3fbdc25d74d72618a4f149768d8ebc342 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 14:17:13 +0000
Subject: [PATCH 37/60] Update sudoers wireguard/*.conf

---
 installers/raspap.sudoers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 4c0bf163..be9cc7dc 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -42,7 +42,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
-www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log

From cd045a34b8d27c42309ddc4e0551d29ce414a6be Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 14:18:32 +0000
Subject: [PATCH 38/60] Reorder inputs, QR client.conf WIP

---
 templates/wg/general.php |  2 +-
 templates/wg/peers.php   | 63 ++++++++++++++++++++++------------------
 2 files changed, 35 insertions(+), 30 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 3d0cb952..5b3e4c17 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -21,7 +21,7 @@
           <div class="input-group col-md-12 mb-3">
             <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
+              <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
             <input type="hidden" name="wg_srvprivkey" value="" />
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 98298e37..a155b920 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -1,6 +1,5 @@
 <!-- wireguard peers tab -->
 <div class="tab-pane fade" id="wgpeers">
-
   <div class="row">
     <div class="col-md-6">
       <h4 class="mt-3"><?php echo _("Peer"); ?></h4>
@@ -13,42 +12,48 @@
         </div>
      </div>
 
-    <div class="row">
-      <div class="col-xs-3 col-sm-6 mt-3">
+      <div class="row">
+        <div class="col-xs-3 col-sm-6 mt-3">
           <label for="code"><?php echo _("Peer public key"); ?></label>
+        </div>
+        <div class="input-group col-md-12">
+          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+          <div class="input-group-append">
+            <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
+            <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+          </div>
+        </div>
       </div>
-      <div class="input-group col-md-12">
-        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
-        <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
-          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+
+      <div class="row">
+        <div class="form-group col-xs-3 col-sm-6 mt-3">
+          <label for="code"><?php echo _("Endpoint address"); ?></label>
+          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Allowed IPs"); ?></label>
+          <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Persistent keepalive"); ?></label>
+          <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
         </div>
       </div>
     </div>
 
-
-    <div class="row">
-      <div class="form-group col-xs-3 col-sm-6 mt-3">
-        <label for="code"><?php echo _("Endpoint address"); ?></label>
-        <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
-      </div>
+    <div class="col-md-6 mt-5">
+      <figure class="figure">
+        <img src="app/img/wifi-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
+        <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
+      </figure>
     </div>
 
-    <div class="row">
-      <div class="col-xs-3 col-sm-6">
-        <label for="code"><?php echo _("Allowed IPs"); ?></label>
-        <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
-      </div>
-    </div>
-
-    <div class="row">
-      <div class="col-xs-3 col-sm-6">
-        <label for="code"><?php echo _("Persistent keepalive"); ?></label>
-        <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
-      </div>
-    </div>
-
-  </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | peers tab -->
 

From 6b484d383c48b0c86a0583fbd459c04dc22accdc Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 23:15:47 +0000
Subject: [PATCH 39/60] Progress commit: wg-qr-code

---
 app/img/wg-qr-code.php    | 27 +++++++++++++++++++++++++++
 includes/functions.php    |  8 ++++++++
 installers/raspap.sudoers |  2 +-
 templates/wg/peers.php    |  2 +-
 4 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 app/img/wg-qr-code.php

diff --git a/app/img/wg-qr-code.php b/app/img/wg-qr-code.php
new file mode 100644
index 00000000..83cda725
--- /dev/null
+++ b/app/img/wg-qr-code.php
@@ -0,0 +1,27 @@
+<?php
+
+require_once '../../includes/config.php';
+require_once '../../includes/defaults.php';
+require_once '../../includes/functions.php';
+
+// prevent direct file access
+if (!isset($_SERVER['HTTP_REFERER'])) {
+    header('HTTP/1.0 403 Forbidden');
+    exit;
+}
+
+exec("sudo cat " .RASPI_WIREGUARD_PATH.'client.conf', $return);
+$peer_conf = qr_encode(implode($return));
+$command = "qrencode -t svg -m 0 -o - " . mb_escapeshellarg($peer_conf);
+$svg = shell_exec($command);
+$etag = hash('sha256', $peer_conf);
+$content_length = strlen($svg);
+$last_modified = date("Y-m-d H:i:s");
+
+header("Content-Type: image/svg+xml");
+header("Content-Length: $content_length");
+header("Last-Modified: $last_modified");
+header("ETag: \"$etag\"");
+header("X-QR-Code-Content: $peer_conf");
+echo shell_exec($command);
+
diff --git a/includes/functions.php b/includes/functions.php
index 183f1552..98c85bf5 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -757,3 +757,11 @@ function getNightmode(){
     }
 }
 
+// Sanitizes a string for QR encoding
+// @param string $str
+// @return string
+function qr_encode($str)
+{
+    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
+}
+
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index be9cc7dc..18fb9187 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -50,6 +50,6 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
-www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index a155b920..cbdad128 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -49,7 +49,7 @@
 
     <div class="col-md-6 mt-5">
       <figure class="figure">
-        <img src="app/img/wifi-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
+        <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
         <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
       </figure>
     </div>

From 0dbfb5c44f17148ed8eb181ca55e0e1ac74ee4c2 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:06:27 +0000
Subject: [PATCH 40/60] Create SaveWireGuardConfig()

---
 includes/wireguard.php | 196 ++++++++++++++++++++++-------------------
 1 file changed, 106 insertions(+), 90 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 44b2bc74..a9ade3d0 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -4,102 +4,14 @@ require_once 'includes/status_messages.php';
 require_once 'config.php';
 
 /**
- * Manage WireGuard configuration
+ * Displays wireguard server & peer configuration
  */
 function DisplayWireGuardConfig()
 {
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['savewgsettings'])) {
-            // Set defaults
-            $good_input = true;
-            $peer_id = 1;
-            // Validate input
-            if (isset($_POST['wg_srvport'])) {
-                if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
-                    $status->addMessage('Invalid value for port number', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_srvipaddress'])) {
-                if (!validateCidr($_POST['wg_srvipaddress'])) {
-                    $status->addMessage('Invalid value for IP address', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-                if (!validateCidr($_POST['wg_pendpoint'])) {
-                    $status->addMessage('Invalid value for endpoint address', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_pallowedips'])) {
-                if (!validateCidr($_POST['wg_pallowedips'])) {
-                    $status->addMessage('Invalid value for allowed IPs', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
-                if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
-                    $status->addMessage('Invalid value for persistent keepalive', 'danger');
-                    $good_input = false;
-                }
-            }
-            // Save settings
-            if ($good_input) {
-                // server (wg0.conf)
-                $config[] = '[Interface]';
-                $config[] = 'Address = '.$_POST['wg_srvipaddress'];
-                $config[] = 'ListenPort = '.$_POST['wg_srvport'];
-                $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
-                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
-                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
-                $config[] = '';
-                $config[] = '[Peer]';
-                $config[] = 'PublicKey = '.$_POST['wg-peer'];
-                if ($_POST['wg_pendpoint'] !== '') {
-                    $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
-                }
-                $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-                if ($_POST['wg_pkeepalive'] !== '') {
-                    $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
-                }
-                $config[] = '';
-                $config = join(PHP_EOL, $config);
-
-                file_put_contents("/tmp/wgdata", $config);
-                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-
-                // client1 (client.conf)
-                $config = [];
-                $config[] = '[Interface]';
-                $config[] = 'Address = ';
-                $config[] = 'PrivateKey = ';
-                $config[] = '';
-                $config[] = '[Peer]';
-                $config[] = 'PublicKey = ';
-                $config[] = 'AllowedIPs = ';
-                $config[] = 'Endpoint = ';
-                $config[] = '';
-                $config = join(PHP_EOL, $config);
-
-                file_put_contents("/tmp/wgdata", $config);
-                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
-
-                // handle log option
-                if ($_POST['wg_log'] == "1") {
-                    exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
-                }
-                foreach ($return as $line) {
-                    $status->addMessage($line, 'info');
-                }
-                if ($return == 0) {
-                    $status->addMessage('Wireguard configuration updated successfully', 'success');
-                } else {
-                    $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
-                }
-            }
-
+            SaveWireGuardConfig($status);
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
             exec('sudo /usr/bin/wg-quick up wg0', $return);
@@ -119,6 +31,8 @@ function DisplayWireGuardConfig()
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
     $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
+    $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+    $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
@@ -140,6 +54,8 @@ function DisplayWireGuardConfig()
             "endpoint_enable",
             "peer_id",
             "wg_srvpubkey",
+            "wg_srvprivkey",
+            "wg_peerprivkey",
             "wg_srvport",
             "wg_srvipaddress",
             "wg_peerpubkey",
@@ -150,3 +66,103 @@ function DisplayWireGuardConfig()
     );
 }
 
+/**
+ * Validate user input, save wireguard configuration
+ *
+ * @param object $status
+ * @return boolean
+ */
+function SaveWireGuardConfig($status)
+{
+    // Set defaults
+    $good_input = true;
+    $peer_id = 1;
+    // Validate input
+    if (isset($_POST['wg_srvport'])) {
+        if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
+            $status->addMessage('Invalid value for port number', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_srvipaddress'])) {
+        if (!validateCidr($_POST['wg_srvipaddress'])) {
+            $status->addMessage('Invalid value for IP address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
+        if (!validateCidr($_POST['wg_pendpoint'])) {
+            $status->addMessage('Invalid value for endpoint address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pallowedips'])) {
+        if (!validateCidr($_POST['wg_pallowedips'])) {
+            $status->addMessage('Invalid value for allowed IPs', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
+        if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
+            $status->addMessage('Invalid value for persistent keepalive', 'danger');
+            $good_input = false;
+        }
+    }
+    // Save settings
+    if ($good_input) {
+        // server (wg0.conf)
+        $config[] = '[Interface]';
+        $config[] = 'Address = '.$_POST['wg_srvipaddress'];
+        $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+        $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
+        $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
+        $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
+        $config[] = '';
+        $config[] = '[Peer]';
+        $config[] = 'PublicKey = '.$_POST['wg-peer'];
+        if ($_POST['wg_pendpoint'] !== '') {
+            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
+        }
+        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+        if ($_POST['wg_pkeepalive'] !== '') {
+            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+        }
+        $config[] = '';
+        $config = join(PHP_EOL, $config);
+
+        file_put_contents("/tmp/wgdata", $config);
+        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+
+        // client1 (client.conf)
+        $config = [];
+        $config[] = '[Interface]';
+        if ($_POST['wg_pendpoint'] !== '') {
+            $config[] = 'Address = '.trim($_POST['wg_pendpoint']);
+        }
+        $config[] = 'PrivateKey = '.$_POST['wg_peerprivkey'];
+        $config[] = '';
+        $config[] = '[Peer]';
+        $config[] = 'PublicKey = '.$_POST['wg-server'];
+        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+        $config[] = 'Endpoint = '.$_POST['wg_srvipaddress'];
+        $config[] = '';
+        $config = join(PHP_EOL, $config);
+
+        file_put_contents("/tmp/wgdata", $config);
+        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+
+        // handle log option
+        if ($_POST['wg_log'] == "1") {
+            exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
+        }
+        foreach ($return as $line) {
+            $status->addMessage($line, 'info');
+        }
+        if ($return == 0) {
+            $status->addMessage('Wireguard configuration updated successfully', 'success');
+        } else {
+            $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+        }
+    }
+}
+

From 858edb065b0e718f17483585daa945b7a003c6f2 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:07:04 +0000
Subject: [PATCH 41/60] Update sudoers wg-*.key

---
 installers/raspap.sudoers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 18fb9187..b05be96a 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -51,5 +51,5 @@ www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
-www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
 

From 9beab1d2e768bd7313128c74495ae06421fc7dce Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:08:23 +0000
Subject: [PATCH 42/60] Update server + peer hidden fields

---
 templates/wg/general.php | 2 +-
 templates/wg/peers.php   | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 5b3e4c17..9ff217d2 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -24,7 +24,7 @@
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
-            <input type="hidden" name="wg_srvprivkey" value="" />
+            <input type="hidden" name="wg_srvprivkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index cbdad128..ae60a973 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -22,6 +22,7 @@
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
           </div>
+          <input type="hidden" name="wg_peerprivkey" value="<?php echo htmlspecialchars($wg_peerprivkey, ENT_QUOTES); ?>" />
         </div>
       </div>
 

From 6b002e3d4cef1b4cb2eafe3047a2f77186cf3e4a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:23:05 +0000
Subject: [PATCH 43/60] Update wg placeholder values

---
 config/defaults.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/defaults.json b/config/defaults.json
index 46fce72c..f87223cf 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -36,12 +36,12 @@
   },
   "wireguard": {
     "server": {
-      "Address": [ "10.3.141.1/24" ],
+      "Address": [ "10.253.3.1/24" ],
       "ListenPort": [ "51820" ],
       "DNS": [ "10.3.141.1" ]
     },
     "peer": {
-      "Endpoint": [ "server ip:53" ],
+      "Endpoint": [ "10.253.3.1/24:51820" ],
       "AllowedIPs": ["0.0.0.0/0"],
       "PersistentKeepalive": [ "15" ]
     }

From 4515ac95fb4f9ace712fc99410054ff455f7a180 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:44:45 +0000
Subject: [PATCH 44/60] Improved private key handling (security)

---
 ajax/networking/get_wgkey.php | 1 -
 app/js/custom.js              | 1 -
 includes/wireguard.php        | 8 ++++++--
 templates/wg/general.php      | 1 -
 templates/wg/peers.php        | 1 -
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
index d3f55aac..840d59f0 100644
--- a/ajax/networking/get_wgkey.php
+++ b/ajax/networking/get_wgkey.php
@@ -15,7 +15,6 @@ if (isset($entity)) {
      
     exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
     $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
-    $wgdata['privkey'] = str_replace("\n",'',file_get_contents($privkey_tmp));
     exec("sudo mv $privkey_tmp $privkey", $return);
     exec("sudo mv $pubkey_tmp $pubkey", $return);
 
diff --git a/app/js/custom.js b/app/js/custom.js
index 89c500bc..25260e81 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -357,7 +357,6 @@ $('.wg-keygen').click(function(){
     $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
         var jsonData = JSON.parse(data);
         entity_pub.val(jsonData.pubkey);
-        entity_priv.val(jsonData.privkey);
         $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
 })
diff --git a/includes/wireguard.php b/includes/wireguard.php
index a9ade3d0..41b67c7f 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -110,11 +110,15 @@ function SaveWireGuardConfig($status)
     }
     // Save settings
     if ($good_input) {
+        // fetch private keys from filesytem
+        $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+        $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+
         // server (wg0.conf)
         $config[] = '[Interface]';
         $config[] = 'Address = '.$_POST['wg_srvipaddress'];
         $config[] = 'ListenPort = '.$_POST['wg_srvport'];
-        $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
+        $config[] = 'PrivateKey = '.$wg_srvprivkey;
         $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
         $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
         $config[] = '';
@@ -139,7 +143,7 @@ function SaveWireGuardConfig($status)
         if ($_POST['wg_pendpoint'] !== '') {
             $config[] = 'Address = '.trim($_POST['wg_pendpoint']);
         }
-        $config[] = 'PrivateKey = '.$_POST['wg_peerprivkey'];
+        $config[] = 'PrivateKey = '.$wg_peerprivkey;
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-server'];
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 9ff217d2..db00ab21 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -24,7 +24,6 @@
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
-            <input type="hidden" name="wg_srvprivkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index ae60a973..cbdad128 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -22,7 +22,6 @@
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
           </div>
-          <input type="hidden" name="wg_peerprivkey" value="<?php echo htmlspecialchars($wg_peerprivkey, ENT_QUOTES); ?>" />
         </div>
       </div>
 

From 0e89de206659ae66f5c60b9a568fb296f159f205 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:50:16 +0000
Subject: [PATCH 45/60] Remove private keys from payload

---
 includes/wireguard.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 41b67c7f..0707efbb 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -31,8 +31,6 @@ function DisplayWireGuardConfig()
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
     $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
-    $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
-    $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
@@ -54,8 +52,6 @@ function DisplayWireGuardConfig()
             "endpoint_enable",
             "peer_id",
             "wg_srvpubkey",
-            "wg_srvprivkey",
-            "wg_peerprivkey",
             "wg_srvport",
             "wg_srvipaddress",
             "wg_peerpubkey",

From 18729edd1e750f078e64878e7d2d5b8d41d1d9cb Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:54:21 +0000
Subject: [PATCH 46/60] Update wg endpoint default value

---
 config/defaults.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/defaults.json b/config/defaults.json
index f87223cf..3c584ed0 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -41,7 +41,7 @@
       "DNS": [ "10.3.141.1" ]
     },
     "peer": {
-      "Endpoint": [ "10.253.3.1/24:51820" ],
+      "Endpoint": [ "10.253.3.1:51820" ],
       "AllowedIPs": ["0.0.0.0/0"],
       "PersistentKeepalive": [ "15" ]
     }

From 333d447c6bfbe9b8767fa6ce3729e75ea6abefd0 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 5 Mar 2021 08:32:00 +0000
Subject: [PATCH 47/60] Add defaults for wg server PostUp/Down

---
 config/defaults.json   |  6 ++++--
 includes/wireguard.php | 10 +++++-----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/config/defaults.json b/config/defaults.json
index 3c584ed0..55dd0938 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -38,10 +38,12 @@
     "server": {
       "Address": [ "10.253.3.1/24" ],
       "ListenPort": [ "51820" ],
-      "DNS": [ "10.3.141.1" ]
+      "DNS": [ "10.3.141.1" ],
+      "PostUp": [ "iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE" ],
+      "PostDown": [ "iptables -D FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D  POSTROUTING -o wg0 -j MASQUERADE" ]
     },
     "peer": {
-      "Endpoint": [ "10.253.3.1:51820" ],
+      "Endpoint": [ "10.253.3.1" ],
       "AllowedIPs": ["0.0.0.0/0"],
       "PersistentKeepalive": [ "15" ]
     }
diff --git a/includes/wireguard.php b/includes/wireguard.php
index 0707efbb..63b26827 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -87,12 +87,12 @@ function SaveWireGuardConfig($status)
         }
     }
     if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-        if (!validateCidr($_POST['wg_pendpoint'])) {
+        if (!filter_var($_POST['wg_pendpoint'],FILTER_VALIDATE_IP)) {
             $status->addMessage('Invalid value for endpoint address', 'danger');
             $good_input = false;
         }
     }
-    if (isset($_POST['wg_pallowedips'])) {
+    if (isset($_POST['wg_pallowedips']) && strlen(trim($_POST['wg_pallowedips']) >0)) {
         if (!validateCidr($_POST['wg_pallowedips'])) {
             $status->addMessage('Invalid value for allowed IPs', 'danger');
             $good_input = false;
@@ -115,13 +115,13 @@ function SaveWireGuardConfig($status)
         $config[] = 'Address = '.$_POST['wg_srvipaddress'];
         $config[] = 'ListenPort = '.$_POST['wg_srvport'];
         $config[] = 'PrivateKey = '.$wg_srvprivkey;
-        $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
-        $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
+        $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
+        $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-peer'];
         if ($_POST['wg_pendpoint'] !== '') {
-            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
+            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']).':'.$_POST['wg_srvport'];
         }
         $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
         if ($_POST['wg_pkeepalive'] !== '') {

From 4a50687e7963bca546b420f91a529d2fceaa1a93 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:24:34 +0000
Subject: [PATCH 48/60] Add wg peer default values

---
 config/defaults.json | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/config/defaults.json b/config/defaults.json
index 55dd0938..69993673 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -36,15 +36,17 @@
   },
   "wireguard": {
     "server": {
-      "Address": [ "10.253.3.1/24" ],
+      "Address": [ "10.8.2.1/24" ],
       "ListenPort": [ "51820" ],
-      "DNS": [ "10.3.141.1" ],
+      "DNS": [ "9.9.9.9" ],
       "PostUp": [ "iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE" ],
       "PostDown": [ "iptables -D FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D  POSTROUTING -o wg0 -j MASQUERADE" ]
     },
     "peer": {
-      "Endpoint": [ "10.253.3.1" ],
-      "AllowedIPs": ["0.0.0.0/0"],
+      "Address": [ "10.8.1.2/24" ],
+      "Endpoint": [ "10.8.2.1" ],
+      "ListenPort": [ "21841" ],
+      "AllowedIPs": ["10.8.2.0/24"],
       "PersistentKeepalive": [ "15" ]
     }
   }

From ddc8c427462ef7c6860fa1f625406f30c22ee7fa Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:25:21 +0000
Subject: [PATCH 49/60] Update peer template w/ additional fields

---
 templates/wg/general.php |  7 +++++++
 templates/wg/peers.php   | 16 +++++++++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index db00ab21..de5555f0 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -41,6 +41,13 @@
           </div>
         </div>
 
+        <div class="row">
+          <div class="form-group col-md-6">
+            <label for="code"><?php echo _("DNS"); ?></label>
+            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
+          </div>
+        </div>
+
     </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | settings tab -->
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index cbdad128..91e0500a 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -26,7 +26,21 @@
       </div>
 
       <div class="row">
-        <div class="form-group col-xs-3 col-sm-6 mt-3">
+        <div class="form-group col-xs-3 col-sm-3 mt-3">
+          <label for="code"><?php echo _("Local Port"); ?></label>
+          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="form-group col-md-6">
+          <label for="code"><?php echo _("IP Address"); ?></label>
+          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="form-group col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Endpoint address"); ?></label>
           <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
         </div>

From cbab3f2825c1711f3303b34a70e5ff00478f2e3d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:27:08 +0000
Subject: [PATCH 50/60] Update peer input handling, write wg configs

---
 includes/wireguard.php | 53 ++++++++++++++++++++++++++++++++----------
 1 file changed, 41 insertions(+), 12 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 63b26827..4c4d838d 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -33,11 +33,18 @@ function DisplayWireGuardConfig()
     $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
+    $wg_srvdns = ($conf['DNS'] == '') ? getDefaultNetValue('wireguard','server','DNS') : $conf['DNS'];
+    $wg_peerpubkey = $conf['PublicKey'];
+
+    // todo: iterate multiple peer configs
+    exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $preturn);
+    $conf = ParseConfig($preturn);
+    $wg_pipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','peer','Address') : $conf['Address'];
+    $wg_plistenport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','peer','ListenPort') : $conf['ListenPort'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
     $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
     $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
-    $wg_peerpubkey = $conf['PublicKey'];
- 
+
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
@@ -54,6 +61,9 @@ function DisplayWireGuardConfig()
             "wg_srvpubkey",
             "wg_srvport",
             "wg_srvipaddress",
+            "wg_srvdns",
+            "wg_pipaddress",
+            "wg_plistenport",
             "wg_peerpubkey",
             "wg_pendpoint",
             "wg_pallowedips",
@@ -76,18 +86,37 @@ function SaveWireGuardConfig($status)
     // Validate input
     if (isset($_POST['wg_srvport'])) {
         if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
-            $status->addMessage('Invalid value for port number', 'danger');
+            $status->addMessage('Invalid value for server local port', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_plistenport'])) {
+        if (strlen($_POST['wg_plistenport']) > 5 || !is_numeric($_POST['wg_plistenport'])) {
+            $status->addMessage('Invalid value for peer local port', 'danger');
             $good_input = false;
         }
     }
     if (isset($_POST['wg_srvipaddress'])) {
         if (!validateCidr($_POST['wg_srvipaddress'])) {
-            $status->addMessage('Invalid value for IP address', 'danger');
+            $status->addMessage('Invalid value for server IP address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pipaddress'])) {
+        if (!validateCidr($_POST['wg_pipaddress'])) {
+            $status->addMessage('Invalid value for peer IP address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_srvdns'])) {
+        if (!filter_var($_POST['wg_srvdns'],FILTER_VALIDATE_IP)) {
+            $status->addMessage('Invalid value for DNS', 'danger');
             $good_input = false;
         }
     }
     if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-        if (!filter_var($_POST['wg_pendpoint'],FILTER_VALIDATE_IP)) {
+        $wg_pendpoint_seg = substr($_POST['wg_pendpoint'],0,strpos($_POST['wg_pendpoint'],':'));
+        if (!filter_var($wg_pendpoint_seg,FILTER_VALIDATE_IP)) {
             $status->addMessage('Invalid value for endpoint address', 'danger');
             $good_input = false;
         }
@@ -114,15 +143,13 @@ function SaveWireGuardConfig($status)
         $config[] = '[Interface]';
         $config[] = 'Address = '.$_POST['wg_srvipaddress'];
         $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+        $config[] = 'DNS = '.$_POST['wg_srvdns'];
         $config[] = 'PrivateKey = '.$wg_srvprivkey;
         $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
         $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-peer'];
-        if ($_POST['wg_pendpoint'] !== '') {
-            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']).':'.$_POST['wg_srvport'];
-        }
         $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
         if ($_POST['wg_pkeepalive'] !== '') {
             $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
@@ -136,15 +163,17 @@ function SaveWireGuardConfig($status)
         // client1 (client.conf)
         $config = [];
         $config[] = '[Interface]';
-        if ($_POST['wg_pendpoint'] !== '') {
-            $config[] = 'Address = '.trim($_POST['wg_pendpoint']);
-        }
+        $config[] = 'Address = '.trim($_POST['wg_pipaddress']);
         $config[] = 'PrivateKey = '.$wg_peerprivkey;
+        $config[] = 'ListenPort = '.$_POST['wg_plistenport'];
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-server'];
         $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-        $config[] = 'Endpoint = '.$_POST['wg_srvipaddress'];
+        $config[] = 'Endpoint = '.$_POST['wg_pendpoint'];
+        if ($_POST['wg_pkeepalive'] !== '') {
+            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+        }
         $config[] = '';
         $config = join(PHP_EOL, $config);
 

From 3ac70a3a3cb7d13349aa36d7639012dbf19d3520 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:28:14 +0000
Subject: [PATCH 51/60] Move qr_encode() to inc/functions

---
 app/img/wifi-qr-code.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/app/img/wifi-qr-code.php b/app/img/wifi-qr-code.php
index 21092f82..e23e1bed 100644
--- a/app/img/wifi-qr-code.php
+++ b/app/img/wifi-qr-code.php
@@ -10,11 +10,6 @@ if (!isset($_SERVER['HTTP_REFERER'])) {
     exit;
 }
 
-function qr_encode($str)
-{
-    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
-}
-
 $hostapd = parse_ini_file(RASPI_HOSTAPD_CONFIG, false, INI_SCANNER_RAW);
 
 // assume wpa encryption and get the passphrase

From 55e94adb2b6afd099349fc1f71f60adfd9ebb55a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:39:33 +0000
Subject: [PATCH 52/60] Add PHP_EOLs to parsed client.conf

---
 app/img/wg-qr-code.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/img/wg-qr-code.php b/app/img/wg-qr-code.php
index 83cda725..7a66e6fc 100644
--- a/app/img/wg-qr-code.php
+++ b/app/img/wg-qr-code.php
@@ -11,7 +11,8 @@ if (!isset($_SERVER['HTTP_REFERER'])) {
 }
 
 exec("sudo cat " .RASPI_WIREGUARD_PATH.'client.conf', $return);
-$peer_conf = qr_encode(implode($return));
+$peer_conf = implode(PHP_EOL,$return);
+$peer_conf.= PHP_EOL;
 $command = "qrencode -t svg -m 0 -o - " . mb_escapeshellarg($peer_conf);
 $svg = shell_exec($command);
 $etag = hash('sha256', $peer_conf);

From 96bd34f07fe5dcc3b4107f4dd7834bc23591f160 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 13:19:56 +0000
Subject: [PATCH 53/60] Add event listener for Bootstrap form validation

---
 app/js/custom.js | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/app/js/custom.js b/app/js/custom.js
index 25260e81..7ad6b166 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -361,6 +361,22 @@ $('.wg-keygen').click(function(){
     })
 })
 
+// Event listener for Bootstrap's form validation
+window.addEventListener('load', function() {
+    // Fetch all the forms we want to apply custom Bootstrap validation styles to
+    var forms = document.getElementsByClassName('needs-validation');
+    // Loop over them and prevent submission
+    var validation = Array.prototype.filter.call(forms, function(form) {
+        form.addEventListener('submit', function(event) {
+          if (form.checkValidity() === false) {
+            event.preventDefault();
+            event.stopPropagation();
+          }
+          form.classList.add('was-validated');
+        }, false);
+    });
+}, false);
+
 // Static Array method
 Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
 

From 0b3307ce1f3bbd0d5bc06daa757de3014206257c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 13:20:52 +0000
Subject: [PATCH 54/60] Add required fields for validation

---
 templates/wg/general.php |  9 +++++----
 templates/wg/peers.php   | 12 ++++++------
 templates/wireguard.php  |  2 +-
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index de5555f0..51eb5309 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -19,7 +19,7 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" required />
             <div class="input-group-append">
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -30,21 +30,21 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" required />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" required />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("DNS"); ?></label>
-            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" required />
           </div>
         </div>
 
@@ -52,3 +52,4 @@
   </div><!-- /.row -->
 </div><!-- /.tab-pane | settings tab -->
 
+
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 91e0500a..c259e541 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -17,7 +17,7 @@
           <label for="code"><?php echo _("Peer public key"); ?></label>
         </div>
         <div class="input-group col-md-12">
-          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" required />
           <div class="input-group-append">
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -28,35 +28,35 @@
       <div class="row">
         <div class="form-group col-xs-3 col-sm-3 mt-3">
           <label for="code"><?php echo _("Local Port"); ?></label>
-          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-md-6">
           <label for="code"><?php echo _("IP Address"); ?></label>
-          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Endpoint address"); ?></label>
-          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Allowed IPs"); ?></label>
-          <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control mb-3" name="wg_pallowedips" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Persistent keepalive"); ?></label>
-          <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
         </div>
       </div>
     </div>
diff --git a/templates/wireguard.php b/templates/wireguard.php
index ee28dfa1..45554655 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -27,7 +27,7 @@
         </div><!-- /.card-header -->
         <div class="card-body">
         <?php $status->showMessages(); ?>
-          <form role="form" action="/wg_conf" enctype="multipart/form-data" method="POST">
+          <form class="needs-validation" role="form" action="/wg_conf" enctype="multipart/form-data" method="POST" novalidate>
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">

From 7c1ef85bb821c9e69ac2e51b85d3748ff13503d9 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 13:22:26 +0000
Subject: [PATCH 55/60] Update wg-quick w/ systemd start/stop

---
 includes/wireguard.php    | 4 ++--
 installers/raspap.sudoers | 4 +---
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 4c4d838d..86665a48 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -14,13 +14,13 @@ function DisplayWireGuardConfig()
             SaveWireGuardConfig($status);
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
-            exec('sudo /usr/bin/wg-quick up wg0', $return);
+            exec('sudo /bin/systemctl start wg-quick@wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
         } elseif (isset($_POST['stopwg'])) {
             $status->addMessage('Attempting to stop WireGuard', 'info');
-            exec('sudo /usr/bin/wg-quick down wg0', $return);
+            exec('sudo /bin/systemctl stop wg-quick@wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index b05be96a..9aded5a3 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -46,9 +46,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
-www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0
-www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
-www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl * wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key

From 1e7438da23e079bda2172a5c88066783fcd5276b Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 19:06:53 +0000
Subject: [PATCH 56/60] Code cleanup, update Endpoint default value

---
 app/js/custom.js         |  1 +
 config/defaults.json     |  2 +-
 includes/wireguard.php   |  5 ++++-
 templates/wg/general.php |  8 ++++----
 templates/wg/peers.php   | 12 +++++++-----
 templates/wireguard.php  |  2 +-
 6 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 7ad6b166..b2214c9c 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -368,6 +368,7 @@ window.addEventListener('load', function() {
     // Loop over them and prevent submission
     var validation = Array.prototype.filter.call(forms, function(form) {
         form.addEventListener('submit', function(event) {
+          //console.log(event.submitter);
           if (form.checkValidity() === false) {
             event.preventDefault();
             event.stopPropagation();
diff --git a/config/defaults.json b/config/defaults.json
index 69993673..faab15b6 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -44,7 +44,7 @@
     },
     "peer": {
       "Address": [ "10.8.1.2/24" ],
-      "Endpoint": [ "10.8.2.1" ],
+      "Endpoint": [ "10.8.2.1:51820" ],
       "ListenPort": [ "21841" ],
       "AllowedIPs": ["10.8.2.0/24"],
       "PersistentKeepalive": [ "15" ]
diff --git a/includes/wireguard.php b/includes/wireguard.php
index 86665a48..b0d0aacd 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -44,6 +44,9 @@ function DisplayWireGuardConfig()
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
     $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
     $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
+    if (sizeof($conf) >0) {
+        $wg_penabled = true;
+    }
 
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
@@ -56,12 +59,12 @@ function DisplayWireGuardConfig()
             "wg_state",
             "serviceStatus",
             "wg_log",
-            "endpoint_enable",
             "peer_id",
             "wg_srvpubkey",
             "wg_srvport",
             "wg_srvipaddress",
             "wg_srvdns",
+            "wg_penabled",
             "wg_pipaddress",
             "wg_plistenport",
             "wg_peerpubkey",
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 51eb5309..b3235e88 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -19,7 +19,7 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -30,21 +30,21 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("DNS"); ?></label>
-            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index c259e541..a4d80f5a 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -17,7 +17,7 @@
           <label for="code"><?php echo _("Peer public key"); ?></label>
         </div>
         <div class="input-group col-md-12">
-          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
           <div class="input-group-append">
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -28,28 +28,28 @@
       <div class="row">
         <div class="form-group col-xs-3 col-sm-3 mt-3">
           <label for="code"><?php echo _("Local Port"); ?></label>
-          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-md-6">
           <label for="code"><?php echo _("IP Address"); ?></label>
-          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Endpoint address"); ?></label>
-          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
         </div>
       </div>
 
       <div class="row">
         <div class="col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Allowed IPs"); ?></label>
-          <input type="text" class="form-control mb-3" name="wg_pallowedips" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control mb-3" name="wg_pallowedips" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
         </div>
       </div>
 
@@ -63,8 +63,10 @@
 
     <div class="col-md-6 mt-5">
       <figure class="figure">
+        <?php if ($wg_penabled == true ) : ?>
         <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
         <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
+        <?php endif; ?>
       </figure>
     </div>
 
diff --git a/templates/wireguard.php b/templates/wireguard.php
index 45554655..ee28dfa1 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -27,7 +27,7 @@
         </div><!-- /.card-header -->
         <div class="card-body">
         <?php $status->showMessages(); ?>
-          <form class="needs-validation" role="form" action="/wg_conf" enctype="multipart/form-data" method="POST" novalidate>
+          <form role="form" action="/wg_conf" enctype="multipart/form-data" method="POST">
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">

From 50901948e0a4bb8694fc80148cd0d0ca4197085a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 8 Mar 2021 08:44:17 +0000
Subject: [PATCH 57/60] Added wg strings to en_US locale

---
 includes/wireguard.php               |   4 +-
 locale/en_US/LC_MESSAGES/messages.mo | Bin 18271 -> 21077 bytes
 locale/en_US/LC_MESSAGES/messages.po |  77 ++++++++++++++++++++++++---
 templates/wg/peers.php               |   2 +-
 4 files changed, 74 insertions(+), 9 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index b0d0aacd..00b4e962 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -191,9 +191,9 @@ function SaveWireGuardConfig($status)
             $status->addMessage($line, 'info');
         }
         if ($return == 0) {
-            $status->addMessage('Wireguard configuration updated successfully', 'success');
+            $status->addMessage('WireGuard configuration updated successfully', 'success');
         } else {
-            $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+            $status->addMessage('WireGuard configuration failed to be updated', 'danger');
         }
     }
 }
diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 451dd153e80dabdc3f40fdae6f029c35256d88ea..23c18e522906eee2d279c4e0bd2565f0ffd271c1 100644
GIT binary patch
literal 21077
zcmeI3dw?88oyR+b1lR-!j{pG@npYl>-E0ybA;iFD^Mq`&WH&?-HTKN(?lzg39;Rn@
zvqU@&qQ{8}Du@b-3Kv09P!w{A3Mi;3C%zF-M8y{uUw}^@_xV;;&&+PJ-swO0&o=qZ
zr>m;F>Q}$|)w7o$9lZCo9@oq<o_92S&3>NuHtugYSh1e>=n<sBZ^9z{D?9*3Q#@}X
z+zR)FZ-R%zx5L$N2V4uEgUYJ?NY9%9&xc3B3>*vJ2q(kKpx%EE+y~wP4}&|Q^8W@r
z2tEdt&#&R3@Q+aXOdwOee<Yj==RuXz>6nMg?+U1T-UxZsyVvpiQ2G1;DxWbtG!9OI
zia!P(2wR}^TMSjN<u3jLxQ1{9rSDG1`{8)P4@24On^5on2vU^yb11#`LTOCzO@U4D
zc&K`|K$W`?Zi44P>9xc0HYoi*1<UY$C_9}p&6c+us=O{2-UMe8?t_!ywQxDy0a3-<
z1yyd-G1k6^LABG#P<qXQDu1C%KO0K#^)7ugRC`_srT3+9JG>go4wHSGel(m<cpk(>
zydHQWycEiQJ0Py+-40KJUxBjIb5M3~I@anv6{512bG#h#i1%SAJA4tUJ--X3&n_r?
zy#(jNiO2CXhW3P2ZqGU%Tf)!44Y2P7>I(0Jo8jN!0=Nlf#cSaH@DV6GKLJ(FPoc_x
z4$98srdvG^gR<|bP<pjN)$0O?iM$e2eXfS%;q6fNy$kLQ?}K{&K^Om|3;!I-E-yjZ
zZ_*5Fhbd5cErjFY5~%iB1=XILq5Sef#{ozd-gYQ`KIZr}$7iAJHesese-)G;zZOdG
zL5OL+_dw}=4^(+yg0lPLQ2q8-Q1y5j%1)DKS-Z`EhY&s;?hDU_JmPgjHPt0>KlnkY
z^p8U2b0<_j4@1@KNvL}K0;+xo;6&2%D5&()q1t5$)O%e}?G{4mS%qq+?T%MN`RNU?
z3Et)6?}xJMBXA%19VmUCgiY`{sPbQi8gC|?Z1tWF_52)Y>I-F;a~)p~jUG_`wH+#-
zcS6<UMmQUO7Al`#LY4bFC_mVTMD^Pvq4byr<v+8a>e&KS-eNcbcDeM;P<G8h9~PkU
zdplG;KLnNEEl~R131!Czp!E1Q90#9p=}$ww_dBS1{>g<WG~4jOQ2I=FJk7-~hthW=
zRQqp+`@<{XBKU47J--dreow;v;cp;K?!D;Zr?*%=7eMK^0;)c1q3V%=D!%|#-X&1}
zdl^*zH^YhW<51<?169t~;ePOOsP}*7;-7ciYmT++B&d2H4fT90R6Yx#@>va~$401f
zLa1`f@Bp~Y#lOYzI;iJwhHAIlp~mgcIz9$f&ljNV{t{Gu_inZQ@Ng(UZib3q0aeaM
zDE%TAPGCUzGS~rs23Np&b3Jbvycl-D`=IJ`=se5mQ1x8^mG5eJAlw8`fLoxRzZy!v
z4@1@GRw#e`w2S{LlpP+0>Nh`t{PUjYN8{#<`8MCPpzN>~s@zRb{Ue4NFRp}Z;U`@9
zWrz!U$DU%j21>teQ0;Lgl>Ocd<qsc%DsPA5=Ux2wpzQSo)br0c?t*&}egU33#`FFR
zXA*8X&90v|K-uLXsP_IYR6TzJRnD_;H5_}o)w>fOO!$LP^}G|ReqVs<-%mh|uTR0l
z;R{gu?9b$M7@Q21|7<9`p9+=F3V0~&g3_lC>iq%862iL*s+^BIeibUeXQ2G;MW}X}
za)#w8Q2DHd%I9@Z<3PWQe*=`AuY}U?dZ>Ec<l^swYY0CCrSD`WU2z(epUi-=R}0kp
zXF}=M4yD&-sP^cG@~2Co>Ukwpx!1u>@FP%qjXl$HKPbHqgk?Al%1-ZqD(@z!^6qfq
zop3hc2jL|62e=%LWl)k`&Veeo7s|c~R6AV(rPo`b%D>K~zaL8PPr3Aaq1yAyP<sCm
zZil;|>`;D{O&^4~vUe4n0>21Pgg=C`+t|f+{WKAtMEFD~J9R?Yy%$RFi{UhQzvGXg
zPxuumJNReW_M8W$&pA-`+6d>u2zvPW^{~qA4QJc+)4^?a{q!Kj<lfXJcK!5fi0gPe
z9e)qi?@nsBc3uEg&e>4qcS6}Y1E;|R%D(S}^0N;>)$1;J415IYxm{59nz+>3_YkQ5
zJQeEs<6Qh1F5C`fmyJ;ND?lIiL$&{PQ2E^m)jm6*+Vfs0Kl!rbci?owPebXm?=s7o
zjw_+;*5|_SgGUj*2TJen!DHbIP=0YZjimC9g|hqUP=2)>sveu5>{N!b+je*eyauWs
zx4@b3lkhnBI8?qbx%7Qj*nB2I<ue1SUT47Ra4A&%wm|8*)umqp)h;(ey>|yx`42$p
z`7Nk+dfIUpl%M_uD*r=P+Vp8~JmHhzK5#Bnz0QDot`n;KP4GzA2ls`SLp}diXzB}P
zms=b^2aO(3{`E9eKEH*k$BS?_JYtp2XBkwv9Z-IdgJa<UlpfpQ-tf&(^}G_Qyz8Or
zd525C7w${=e(1x8q4Ikcs-7=H<u~petKTFjJ01g7pH?^yE^z6Kq2B9&s%N(g_qlKk
zrO)M#?{e`sLFs!poC)uRvcofwp~QO*O3&7FZTp=8m3}Uq1ut;%mqXd{S}6T)hN{nP
zunB$vs{Dtc%6lBjf1iTNf6QuY_a-PmIUK5-S#UpiI@J4ZF8(~n&2R$o1*m!tLOuUB
zsC=%2%I8)nJ?@4R;R8_RegjJH$6Wj`9G{1JeoTkWe<D1Z@DYxuLe+B}l-)N%)i;3Z
zhZQJ4ev6C08LFJSq4aymg&&0h;in+~ytXxV{d5(iYkS{^U2y7JTc3*@FNdn{wNUxq
z3J-)k;R*07Q1#yhrQa)1^%>u3{qZ2E_~}q~Xol)Hr@?vfJg9MVJ3J8H0A=Ufpvv6|
z)jz%tHD3G@QiM0*JR9BwXA^#-<Hw-#c?|Ba=b`NPM<{=I8LGUo>nx9gik}Z<uLV%g
zFL68v?nQVV90T8sOwvumRp9=ONQf*)jvJOvly?g<6_L%ZLSBdDk^7JqMAOzR<o8G)
zl3pis^CZGFYV<zMCH&Y?7(gyT?oz;At?=u}n~)cga}e3{Ey#n&=aET>u4j;=(D?@@
z#2OghjogGB@9Odb_c^5T!ez`k-A+jNGM8+4kh@QzcG!e0aS=a<lgW2IJQ|KgF6I7y
zq=fj$&yX{bUm>?5XCpDvhUoeh@>O$Ze^$8r_rlAN8<2y@*GK-y{UPvbI1wHXb*Y_o
zX`DTf_@BZbDuPSCs_QGrrxE#-`pthL|BdX!^Q&Qc?M-+d0rinzyU2Gyjmh0E+=$Bw
z{0njtvKWbwe@B{-UC6b_?~s+q>yiD*e>*H9^N|w>>%yJA{kWgz!g~?E7x@748RUzI
zt|=~E_a8+*hI~%}t}i1?&7JL274E<9!he8QB8T$+1@Ix{)yTet-wN+UbX|db7dao9
zgZv4}A`c_F)aP$UIu&qNKRg||2Kfb&LEeU(f#{lP;T=m^J={Oy!ta6KNz>rBk+&mS
z-#msK$@5#Fu79)eZiXL3CXhA=PlUs-am2lg$iw0D@U_U+hKFVlKf{F&Zit`4{YDr5
z4V>PPrrY<WVcvg~`>!ESBkx2GCT<=42{IS?Eu!lP<Woo)nT$+C#v{{tei=-!2i(o$
zX$1TPau4zv7k483D{>w3uSgSlJPXGmpF{3I4j}G7;NHkzkc$vq*IRfWaTH#0_lNP$
z$GQJA@*`xnix(C(-0L<$o<m+zfa?p$c;0V^??z5V#t_!kj4VVxs{q&07G5u0fJ{Kv
zB0G>($jityr13h6z*O@4B)kyWhIApio<jbHd;_@=(e(s!49{<dA3`=D??<Z0e<4SZ
zHWsGWDcpP$36P7CUm{;ZbiD!Di|21sU{PlAs?PpX{BUbfDCNV2i{@k&`>ieJKR*-X
z`r@S0l8p=AqNGxei@l52#1%c|LjHzjoqmwbhDqX=;;2|j{Ge0{gR&na{*1MyusEZ|
zUl$~$woX46hlyW|D}J_GE{DZRe$Y><rBYlbCN37kY$Yo8`juFDdOY6|Wc{{Wu1wxu
zTPChnTt;3SPxc3uuy*6Cpz}M|_}P3!#`Sm`R`xwnZ?zm$qPTdL-`y7_{y>z^`{Z2-
zD8JGd`Z0O*mx|5qog^&xN7=9?%}lxl4LQZd-LqJfjdS7Rp&2cjV<P>b`Gx+{mF=B=
zJ`9qO+U5Ku`8d0UGPn;)m9Xru>P#!|cZC(1M$hFWK1x@jY(o|%wpyZ5!l2+UUDIWX
z3(JbP_RAHbqF)M<WFRi*{AwwO{ghdMP|P;m@LpP0J|7Q+IrO01JQ@{w!(`osWt4TP
zq!z3_U#WzJQrd*ptlewZd2M@$-w>6<71f}O0((g9iz`VfrWN;)=4`uLT3qt?R2b1C
zmqp@8MUhl1sfu$HF}HCZuWd-MUi~FO5@kK}+YlKBxSmh9z+^$*TM||9!O$~}osW`A
z!=vRW*NeIF`vOknEg2g2@z}5!Wb$FI#a|wm{gw2~Vo(VEpr|&QO-`Xd7+1@FnVu4s
zXV4K{oA=_x?VaoW)p3wBH{CRp*RF=od+mKeu{WekgoV%qiY79S6SDR*@=Bv<sT}u5
zIhwt_&!uT(Kw<f{qD{~9S1nENR>!^RtujdOYyM(iP(Q5nQBsL+7-g$@MvgulV<0Gp
zen(q7l`szMXM>_2<OhPm#Lu7^&Pjt%yn1dTJJ4U;v(z?^`d)jSk5R0#?<cijn3z`!
z!Pd>iYGE_}N{efF@Z%obf^Z2-V-`Ob_5{^@#Tc5$qe8Wy)|l7YdU}h$s>het5BfAo
z>ui%{?Rok~6eeh62RD>m8fr)}N@%zvraM-066d9EwOA<+`t54|G@!A=FI4dqYMsdk
z#VsnSG7$S&%oLDEne6O%T6ZQFLH7*$gD5Yz88$>V3}n<9U%}kDC@JNGLA1(*^nDbk
z+_=!-1RA`lUQ}enFyogS3e3HAgt`)pLY_vV^cfTx^p@(^rx*0}Fn|RG)tShoFB5Ax
zSQ^j{)g<T*8*b?k#i$aOH99VJjj@8p#~Bnx8)g)vsoITpjjge8UDaifj)R%Z_+7+J
znCvhiJS}w?zbAHs9S;Y^L4Tkxs)R`?$cFw*gTz=p$Rx9j8_4NYmaiVzf)e?VUTrbV
z&}r=7nTc?18I}gF7ISe?8Ag~V^jC)Yd;!0wZ%~eD>ZMU)TGP%nv=}3LoZU=wZ4R<q
z++4%^<|*uHo3uU%nyI6jcuR{(AxJJ7>IUhwz_e^;^qy*7P39iO=cQ)3S}dBDs7KeL
zV)I0*Rip{SOjYu*3^QHMr+<Z8wOWY!L%9K&L<ETL!85ANRn$H%1d-mT4L<n*Tc>l@
zGBXU?$*)J9L9@9TVtZ&X&m}Ksh{#|Pc|(_-F4vm=ojy>@JxODn6V(#Z_^_BWOPe&D
zk9&J%0ap^vz*uPq5955KTkTwrpqEDdQDv~D{stPm(I)EAsO=8~#dLWijaii$HGFlT
za(GddbxMMpvaHG_3^Vk6Ef$P3#wbws`=fHD8sz=npq!!mXc^byFG($EJ9uxPM`?wg
zGTpkspcb*@o6Y(S1w;C!>|Q~5Bw;F{olFTqm0>_D4s1G@w!>@|TVcSXvrSbB(Z#%_
z$w<?eW;xT?fuA!yp4N|O+M3D!4+e;Oi!q~;`lIbUiCLS{H?vF_q{thSQkaeCD>*#C
z&IPuu?ZV2}%=3?xn$X(D>e#%@@U7NRceibs)H)0$no&~joUh8A^MlUlgS9EcEqsG~
z5;LliSwt(=muXr7+I*R<&1CLM`3F>{|6{0z*^g4_O;+W+on&gAV~_b#L3*r4er%n#
z?rtN-NUw&)Y<aN63fc|njG$Q-p=KQz_!S0=Fps4w17TQ9Hv;k!)<tGXjvY%Olh{c4
zt25cb&P~ecdiwA7D(X~!(XHf0e$goDd@~14jWi~850*5b<kZ#b>v6@H0U@0~yk%R%
zY}HiRwYb`mnO>t`xk7S@1+QO;SYj=wJ5Xm7G--a$4x>ZjS$*yvZHGUKY+T4Uyynse
z=neHbn3W<O*IRCekYaYwTge*E{P<m6tCp(MWXdcHvkb7_%5+9EcWs>{4;}LLfQwFt
zd_~D~%`3VYaoAqzR`n|xSeR8TYHs6J0u4qs6Lq?MF|&0oP-Gy~cti`iWvQ9w=Oly4
zoGf!iGN%|;yj3GS=H{~z(}SEDdPhumemG)!R5HV0G+<zcS`=e*G~yfSR%0ZMS^JFm
zZhuiT?1;$&I9{*WX|2*C$jp$nJHMeoa&YPX8ntIVXlBoZ(LZU34DxjH93x#kP;7|C
zVRnzHmh2NWin_ho=*R9Y?TS_v`HdJ7>>{qdkY~bUMWo>@uSMSQ2h|Y6A2~M+OKo{Z
zV{bM4nyMC(=}p=z*e>+5ejOg2c&oJ;_q)|gS4V}2)g8lDT;7tNZ`eMIA=3GX$5@Y_
z$F$4r?rD3afnr<hB`kJ|xq&Fh&PL1h3Te!pekVsA?zU9T<jH7DsQ27*A)V)K3=_Yb
zf)wsy)bQEZm8um_+oH5DbTpiibhyn4`<V<Y0`@U(-t;=cLd?!$J)5HXZI1g&nN4d)
zT&(obB^`(N$u-srTJfw22Wn>sLjr1cGau6}vwhy0D7(ds3Tt9tOL`C1yEgk*npJTP
zHK|8-RWtIGjv(1mi!_eo<_lh|`4R27HqQ*=&NYSv>gP>XskKEGFClwXW7k2yeoC_Y
ztnRI~2TCc2kAyB+(dkIo*>$ehi5{iCGH&E`GO3v#zoDr+ndn%Nupgo2!xDajqjpCA
zI`)NH1bfCqI?Hh-&c=DqO(q*Oq_az`A7L3!qUSU|pjQ<YW@64x)`i)S%>9lf=`BZ0
zgKTQ*!A{nYVMP%=EW7(4O91<ub`>QSVsu;=a;B#a(a`?u!i1d*Np>P@Ji|)k(&H6{
z@ig|(W?$j0Lq)&6&CiBx`q>DwTJ$s@nV<T0*R2}nnt^owyv8kW7k#*{WtUC|%s$|}
zbqq0Vna!z!ISz3fFFLOqd+dsima~f!uZy|6tPY&sH00}&{E8L=U2OBHL)!M~3dT-E
zri0FGi8(=>l|C8xY}oA}<lbdPWDZ)ow92Gyy3FCpP&?QtmM>{)?Z~97FCOsplMXXf
zYTMjP)YG@kyF}Yutyp=YS}~(=7b`=Coz*yf-eVZ&ptG@+Y)tCuHl#x|dsja<v*C0_
zVnb=m+Ry;?Y_;zVTPl&R0drNSQtcfE)YOfhHpUFQE@Y>ft_mxlx?TjVTHG{h)v!!5
zZ`5@n#i>*uOT4azO|4ygu@0-%YG`828Fpi0p%9dD5Ic=q_>GgNi?W?hCRh^>9P6I<
z)gESXxRlA#rcj^ZLyC(^hZ6-^+-x26y5%u-pEQTpZu7{2SK?O3^2TO4VQra<huMWQ
zPZgUrS+aq$XVLhLHVCfrwY9kM<Q58~bL?J1t}k0M*`&ERe@k~r|3q$fi<jp2Pia+*
zo68~RXZ`<VE({zaSt-Zb$?S~(w;FOD!0cQM`XhGO8pgYIu+bCpl_MQ>8)MRe*TiX^
z(aAx3+3U7@rCM)aZ_hcfiWV%4Xv_l6#p~X%zPP0*uZq&uo44K^?K?0h4{*ENcY%aR
zvmIecz`;H%p7h3!zV1BA9Bq0VI@`<)YiG9IhUW!lcs^}@<M6y8%%GzVhW$*0BjSRz
zQsOnl>${J)AzB`}RZ8Q1?G)TheJkzGp;l?PfHP^SwaoF6-B;-x&3)b&`iP75Gki&M
zXKpBEhQ*mK9GZ<>=+77^1)G^UID1Kl`H(-g-*bLLPRnWo)X-ivl78+x$gqb~O?S&V
zukUQ__9K@{GT{y#7^k}yeb@2Qu9&XU(?Ml;Jcp(l=sYu9)LkfjJWXZ+&zj^yIz#iS
zT=V%_#Kgsg{@j*%EpwY#8qku>9Z7GLYhF_AO`5yoh5izKUE3HH3L!f+x>$zr#cA;D
zUJjb_`l`6NsdH^}y83BmsTeNgV0~U|bL;%(d1v^otqWUEJ-L;uX?2iPnoW<%2keLb
zffCY%esee9#uobIWas3COqiS3cQtja>R8rTsn(`;7Q_s0&D#Di^ef@k${dbIqT-px
z#c{b;t?ypmyrBM^>+a1Q9mLuLEc6#-qDs@~$JNn~tD_%R_w=ncw%^)^eN7z}tPS|~
zv+C%_RW?X=?DshlNN-0!uDVaDqaRmCKdv^Mk+?teaSOZAkE^2}SIr-xv7H+IxSCl!
z`f-)-aSi7jd;SbR`f-(So#yXN8f`@v;&jp-o4A!+dit{aSJ}~ztD_%R&7TgMZ?x$#
zMZ@9gkZ-u7A6NOSf%MpB_fM(2$Bcel<@4z1$JP2Di;sR>9sRgE`f+vi<Lc<g)rLP-
m9{spF`f*i%h?;&b^hQ6fhW2ab=*Ly_KRMJsrv86?T>T%#$L`+%

literal 18271
zcmeI2eViRtdB+C`<OKs5A&3DvgqI|c-E3Y65Fli;n~*iTn<cv;LX|Lk@9gf7duJ|p
z=I&;RKtT#9MZt=^R4cxKLTRwPC@mtsP@xg4qO?U6EiDvL3u>#Pg8lx^oVoWVVf(55
zv!9*KbH8)WoH^$?&w0){&&=eRSyOKCIA-kSd56Q&G|wC6{PPDX*Yn;!+w<nbb6^B7
zhX=r)!8btfP|xEQZzklQH=Cbs*a|nm?Qj<S8r&Z~1LwdO;XZJ`H+$Y8a0VpHGjJ+A
z8PbHe3ab9i@Qv_%crdI&>2Vd*eIJ6VcZcInsQaIXZ-K8mzWK21zNJw2t%m!;b6x)V
z@IcZrlpdEt>3@~WzXkS^z7tBXR~+}Ik^M;T4`r8GQ1>4RrPn+teLCQDcrKg)i%@on
zq1xRJrO!2v*F*L5Mp%WnL)qalDpfltKx;3TUIiDD-vc#-7s0jg8mRGo0;;{2pzQct
zC_N71qS~DUm46hJp39-GuYww<^-y~H@CtY#RKI`euD=SGl77<>=m^h*$3h><URS~6
z;dM~<co53IPeAGU9DFNW$d9<59|JFd>i0EJ<Mt6KyW9^K!$+Wp-~JNb!|AV%#Ao20
z248}EAC=kZR4DyBpz7;~x;22Z%N0=dUk9b%ry*5&4?~sv0aSlqgR;-Qb3JbgJP@k<
z!BF`pxb%ro{p*J6{}yQA2-LW}2dcj7q3nAT)VS_&d=MT-`Y|XyUUEF}=q$Yms{b2Y
z`ZCCndLM(*_aP{Kz6VwR^H6sC9n?7Qe@v#gfwIR*Q1<D9Z-VDQ>0O5N;V47}@1s!l
ze%W1r9IF3MLe=vVD8G3Psz1|l0_imy>iQC>b~>T-8Gy2X!7+yNpY2ff+~D$Wg|gRO
zQ1-hQT0ep+_XJdX--k>U??ov6_r-`Re*jd!W<&M=c*irK)dS8XzW`Owg;0850vEzt
zpz3)Ps@-oujqmetANUHC9<M_6XWG2XKMsb{<1lF8T&Vjx;C}FIsQcatrN;=={2hZ+
z;ni?ocpcRB4?*2`8&rSpa_KL+^rKMrecGje45yI(J=8c(;Ya;!fzs<#sB!6Z`Deog
zq>C>9eNgS*3a7%mq4fV8l-@g`+IteJo#!A^#Cs7=gKwZR+4B&ncIHC0zYI=?t6jR=
z@mwhTjX?D;h122HQ1^cT>i$ncwSNy({SQI4x6`G+?f65eazBNt_t%i6%A0b0#-pJ6
zwGzs%YoYqr12u2Xhw{f!mwz3UJw5@a!+Tu%^Ux>#HMj=0oWL3b6DYkOb$kk{Uq6Pb
z=l77Q;vImKsoYX1J=VY(up7!>H@o~2R6i3aKYtfo0&j#`zji{6$Fp#M_;aZCUW4-I
zSuNQ-ZiO32pXJgYgSzh#I1_#c$}Z1Bjq8h0^}pmewKdB>63Pz8K$UNGTn_gpy%L_d
zm*=%ZT*4b$l*JRb!UISj*p`joTcP@O0#rN8U^ncB((`7harqHczkUbRpJ|J;`F9M|
zc+H2pe<hSYXG6``^PuXl!8gK7pzL}blpeQ1-FF{Uy^lM-0CoQqj4XT4aa;~{-&s)i
zoewonx4HaFpzL`qlpY^}v*2wm{{h%b`Y|ZI4qckjK#l(b_y*Vpb^qy5daZ%d$A_}}
zHYh*29Lg@&LbZD{ls<Pj-VLSi{jdrjfp3H-Ez8>Jg4SLxeICSRyshvccoSR;?|_;=
zFGICA^Tf=Khe7Gl3f1l@F8>TDJqO(N^WY(*Lnu8jg;&7$L-qUM<=OQ)5EZ?}Q1dT<
z$HGgY>~$Mts(Cx$Z1@zM1z(2JbDxv4eei9LAvEM)4b|^E;GytAD7$<cGSuF)Q1QgU
z1P}LcddMkRJn<M*JYiO3b~*=2e;=y83!(PicSG6b<52bQfYR@)Q2Y4zp~}4q)!)NU
z&FphD)I4i}D!;_#ce!*wRR1o3>i@;iz$>A~?Nd<o-3?{m&qDdn<Bm_k<48XbrN_+E
zGPXGOK=r@u(jSF$NIwjv@6%A@_#3GDr<|VI?Je+N(hH#UUI}H7O;Gk3hHrvnP<mej
z=fe*|#S;%f)%!zt{Y9vHegRd_jFp*R9S+r>c~E*SgSy@a)y^Q)I98$Tf0^U8Q2ui>
zlz-mq^1lFOuboi#`xaEYPeGM?8LGYC!neR_XJq;x4OM<2RKJ!%^?#k?JE7GB&Lsab
zsCwQHrT2&7LihkwJ<mb4`%|d#ow6!h&klvsV-8e*j)U@#B~W%e2^zQx>OLQ;KPl9G
z+oANh5^Db50M*{@Q1f#K)b;zI?)wT<e|Ea`GcNrclzm@u>FMp69!Efp<6NkIu7}d=
z9H?;_bonV<K>Bi*e-~7{Ux3o*>rnbX38nW7Q0@H!s=xcJ&f<w_Q1u@VWzVHh?W}@o
ze<PG1o$t~YIBtWo-<44P`v6qA+oA6N4AlK!hHC$tQ1w3z)!qv({WHhcpvvvvk<~jJ
z9!`3$;~7x>dIywUi%|XB3N>#of%3->y8Inb_V^N%Uf*=-??RvSkKh`(zB7v_u7}e5
zImcf?^=mqXRL>Fc7`PCs+*we16rl9J0Lou$F8{qy{k$H^&u@WC;QdhR*9%bNp+!}8
zJP4}2!=e1S4bFw#a0858`eCU1o`tgS&!Oz%otcg6G^qM#Iv(rtPlvL@YB&{kI}X6T
zNxuW`1s5SdKy)x9cFZ)d-ifFm%?C@C_XzS+<Xq(E$O_~ikpS5bnW9QL{sQ@!J<EQ6
z4Ze=Zw(W@e@*BiQhLFET#*vN4zaaM`$08p={tMBe`KRN9`q_&y7CD|l?m)hQJdEfV
z%V2-M!fz{b4{{|Ud*#PGPX5v*UWMOv=MOmw|BPIM{0ezD@@?d!h>oR*{3Ab};6&q>
zA1p`SG<5wUT#tMec^~p=<d?`FBbOujv7D0-S%BP&ychW)qGJ<sy*+FE+{x)Gm)wtb
z?&iD)`4gnu<qMxdK7hOxVJg_;Kz=Vpev&1<|Aaq6zJTmYT{~U=2)q!Pi@b!$Z}&$2
z4VjK~A#X$e4mk?3^8%KUvykTFLnQtPITiU=<hRJ9$VJHSkUvBI9GQcxMc#qzgXnlX
zgZCZy_wHQyKC;cFx58_YsmRBXBatb{DDoO|A95VheB4Unh2{*-uS0G?wjetY9lgju
zA*Ucyv5$`DGI$rm1i1_Oyvut(Ji(p63_puJi2T^)3Fjc6Lxz=b$2IUv?tDA^o;z<w
zg~VmZzq`!6(dTH+7b6!Shahi8<|F$fM<7ol`%o^1KST24%kHEPeiGT&rQ6^y-1+hF
zCggVHbVTnvb-ai?g>)jvAO^VwnTA|}oQddIhrA2fjNFFYjOh4%2Jb)MCy*4m8hHSD
zJEG$%WYC_m{=(<o`Fk8&;1c9y<Xgz$$e$u-BRXaw=OcfM=r{~H5qSlffviN<AWtHH
zh3MGJ^-t$tL#oJmN^ty52Kzp@#Q8}`KXRkXUj{$r&L4AZ#y^mljSL{qx(h`(-L?5)
z<()RTva4@&nF+S}<w_}7aoVE6m8PxL{+U6)I1(pmYauRsrzL4Mj)qtE#;HoVl-azd
z&-jHxkR+xOhf$gszfuYOs__#uZ$l-B=CzuQeo|@gGsQSaOcbZ4P^(shC@qbfq*kfK
zRdV7e3JPf$4VyGpogU?T{DNsO7OT|lwGYO%)K%oQQ*zW#gZhb4LudE(nnEe0;zoX!
zR`o;SaINa6VH}-d21dffjD@9=q3+bD{d6QSF?Ebqq84{g5>!XSLeQF5Cf)p|n&N2B
zDo!iJ#bD*G6`i)oW}02=3ry#_jy_Wg{3M`vMYFmT7q-#{=YAy(s-~+i@4V>`Qkh2O
ziV}m;X;^5g!sga03`*daO=oYvZ7!%PKeJ!497d+%C&^e`Et*=Ti2YRAs2>%YPPi{`
ztArL2rEGQmSVPrSDjKzVnKTW`m3-JTQx0s{=(WF2{z#lAm6)-4oomiwdt8ev=Jl#0
zd!pL7RIjYYs7Bbyj=I;rOR~|2)qWBdJp0>}8Tj~&!Jp~3U-DLmDb5pkc9cqCk~S5s
zhQ;BaXmHpvqwlTWHEnRUAo2%GL9x}WjjLuI6Dsn{f$^gvgS?QM0y7@hs-}vI2i1AZ
zAU9aUcwa}~Cet1JMSC)UwY?6FSjp=c@uT4YUk=KFO++>`juWajgK{UUXr&sDhDFA%
zW5iw4lty7Wq_XXlF<qVcS$8~~pQ?iVyguk1C7SR$;!@1b%@ZrBCxgV!sItFpOH?aw
z!7&&W%{>zjF?6IWSOe8fF&Oe|rPLaO;$gW~mc^E|wVl*zx`vG0YusSAwuQFJdU+f%
z3=-^<tsL~HGthjsN@y)1XCT()BrZwaT9j7DO^1dkPiSJAa*fd(46v9VZB<L@SZoR-
ze$}UrD%E9+Rb#+i2J^rl^}~{ecDMDXX_cVQjAxaOhDoL5kE7LKP>RP;oOa`K(?Dru
zq<dk+bhL|un{)O&8?1&Bn&SC&lo<Cq^=t6bp&?cVzpVa}nT!m^ew7M+#-Nt?!$H$2
z4jYAOT-CDE=?3CV+<eTZKC1~!wbfE%#+b&Lp>QqrV;slEM0R0}aAkH8%m<g_!FJg(
zLve}DW`+G|+>DKcX^>R>LSW`wB-Y~oV6wovfYxEPWi&%tQKA$u>oV+S<UIF(SmFzQ
zB%?C8wWt_JsxZVnfms)nN@ZW`VU>35Fn5ND9m#A7XS7%<<H8oS-{Kdxx<#D(Z7J*-
zC1pRkaMzK}msPekyCV+ON*Wng6t|W()mju;gEzA4S+OmVHy&#7wM)I6Xpo(vXqZC5
zHtn|IXrR%il8^-1LpVT<wVqDKWk1v%^);a6W72%hUt?FJZ1WhBziT(NE8P&|;<?Lf
z{ZeU=o@>ziv+ZVsox*v6dhJP`<9wxlA<r+x!^7&atC=xoiOSXk>r-6Mv~f<(#0y8m
zbiB232O7EsBplLWX~z604+o?nQH*WYXkJu<3v2A_3EoE-QcPGmn9SN-t&hbhP&K1r
zHLdw2GwfFfnH36qTFvU*V%eM>_Ei+C4^^3|W!9;X5NRRt4hjZLH`zHwD3Y*(GcL9T
zzsAhg4vh`RbGt7jI0<};F0@@KhZk{|_5ke~+Fb15`le_nGNT<bly#H+FAR_bRHpvZ
z`zmXr?4tRUSv9G<Dh=5sNRCvh$&pIquKVNl_1J}MekqArHmEGbo{a!Qu}fAj+m+qT
zTq}Qo%1p3uSnEc<TF?r9oT*&OR`9x8zHYsAP`;B*S+}j^;nwa>RK%8r>Ug#b4UAXh
z=ta3iBhK>HYzqoC8_l@xt5fVLnuOJq%axFoJPp}!*D^{N5)JG%Q_N=bF8RbFduC^|
zu)f7-@mSMs?)q3b6gF0S;s*T5TWdW#DvW#U*wO8e>F@9AWcHfDDnUYldG4*t*H3%a
z-pA!#R~{8`+4;(&EDfW*MJE%k9_w5fw+?@2am%p#zGL@-JoL01LOl^NDK$43X&0H;
zon%omo-8V`P9=+?AoaQ?DCXAE39tJ_y9`Wt-8spG*TagPlHr(zo%Se3kUQZWd9*o^
z#%!+>-a8s;b>}iWkX?K0XQrvT#&y%HA!-z|>vF<6lQd=eC7uC_%;b11YRbk3_ROhO
zvJ#kF%Y%Ici``ucd%Gfj!(tu<G^Q#`D_g3jYl+p*>|Ri2-o42BAgHvLSZ%y+0@s=%
zk^Cfgbd&g_1V6iHCtkN6lgxl7UUx{8b`~o)8-%C8SaW!L+r{jUQE@CRrXx0ZOS$HD
zm3%wMavJNS(nHK*L)cxZrCv{ahsoWv`O&k-g{4HYgKQi`uvy5Fcs)TmCZ^m(INUfb
za-LRsr09vGbc8A5xceOG4G1)=_K~kQ7^^>;dCdupnGFe;F@+JYH!N(mv$Quh3g|r8
zSiX3=U`&+P)RRVLe{E31+~X%(>zQ`c?UONP@70re9!+~2O2vjw&56cie5TZfh&?Xg
zNy6?s<8}v{Xv^_7WY6h2cVC&@Wo73pQ(ymjua9M+GE&6{yuQ$EB+ggF<Mr|8!0W5V
zX<Ud)o?EgvYvCm7Z#?fCmBX2v3*=eBV9X=w#-I==p6XehpYl9DPN3RI_7Ok?sWOI$
zu|^=leD<4ruP&Bj{Ci`-3lKus=26`kBt)ZJ%C?K<2mU-Sf27@rN~WXT6oP6>XLx)K
zJgxHfr}4Og`vgH`7Tc9->5}G0mVTyDL#uu^wW?-IezNB!lWIfkC)zHgjWBx`BiflV
zzcuC!$%4G3Z+K?Prn0-&*Y?dU?N=;<Is5H1=B{1Ive>xutMw<#{*idh(@#F9*<QCV
zzF1Rk`;v?Gw4u0$61CK>W&OktgmB$>U&&)J<V8-iVY8gv<+7AsCuC>&)|{ns<7cTc
z`qh?|+bu-ky578W_33JMhQYL*p;wk;7b};_7U%wyP@tg)iA;^A0Kpb%D8Ut{Lu1x@
z{Y_65S=d1YQt!sD7h_(+HD4^3{VE=i?PVEE^B&`}HrffHKKI6BN4fGw2Df2RCwoeE
zg%0dKd0kdMag}6;-!|?I$R!$1XWzcLXrAZ9#KmtcJwq+>vU&uE3uU1lrJ@$?DM^0K
zg|@Eq_0ZPF6|FSb2$!2$h~gIJZd@AuKi0wn<3#!t2@LH+K^}BZq#2Jw>^PA>8uD<V
zMQlLNa6<tvMDsPLIVWFsY+gA`S<A+Ps<$b7gj4jXscwTs=R6HNZ;G}?8n1c`?QODe
z{T$d=#yH*Mm0?1r4RP7lc>l*_&QG$n$30Qo7c<`GzIMAyWUKQYi_^(=aaz8#d2!kt
z45Fi6J(<CfA!dLWmBeex*DGOfbGSCl-{&@+*Wa_*g??QYjn+HuA_#jeUsmjsaTcrV
zO@MpzxoZ)ZYX*7A?A{unlwDEgyL4b54gxc8tm1DW0^l)IF00qd!Mp{i+Z3?pt?c?D
zU^7lq(u?x!l^eIXbdO$2<)N!y%zC-|<iT7%sdmrj<%}k}XP3jqK<CBt%fxx?lNaEk
zEnUTyvw5wB>#Z=0TbHyhp22p7y<2*c;jq}Ux;C7&48$wUYP}vmH!PO}!gU;fkn}})
za@8<Tz9oGYSUIC_LrcCRw-A&BD|mUgq^+fGY0HvROk3NEwi8ci<CxLyCuxiI<C0HM
z{0Fp<$Ac{cyxd-4s43fYR<I*%+0;Lyr>kd8bEn#7u>Ys*7A<<tTVc{*Te^ssZ(($*
zbwnKF^i2b6TTX72bCa-zXT(?$<qC81V3^LB{5mrEb!77E$mG|N$*&`mUq|d`s>!b-
zgeoiZ4-}JMM-=Y6$G+?-khjYAGgAE{$mG|N$*&{zZ!oX>731~4Xia_{X}o@Hd~BKg
zIx_ingzs_9Z>}1jLngnDOnx2F`>M&WBa>f8Ccln&lV3-gKY%p;Ll&P-CclpC`Tb?`
U>&WESk^H;G1Ya}$|9&0$ZznK{ng9R*

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 26677ce7..c10c8da2 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -725,12 +725,6 @@ msgstr "Cancel"
 msgid "Enable this option to log <code>openvpn</code> activity."
 msgstr "Enable this option to log <code>openvpn</code> activity."
 
-msgid "Cancel"
-msgstr "Cancel"
-
-msgid "Cancel"
-msgstr "Cancel"
-
 #: includes/torproxy.php
 msgid "TOR is not running"
 msgstr "TOR is not running"
@@ -856,3 +850,74 @@ msgstr "Invalid custom IP address found on line "
 msgid "Invalid custom host found on line "
 msgstr "Invalid custom host found on line "
 
+#: includes/wireguard.php
+
+msgid "Tunnel settings"
+msgstr "Tunnel settings"
+
+msgid "Enable tunnel"
+msgstr "Enable tunnel"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
+msgstr "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
+
+msgid "Local public key"
+msgstr "Local public key"
+
+msgid "Local Port"
+msgstr "Local Port"
+
+msgid "IP Address"
+msgstr "IP Address"
+
+msgid "DNS"
+msgstr "DNS"
+
+msgid "Peer"
+msgstr "Peer"
+
+msgid "Enable endpoint"
+msgstr "Enable endpoint"
+
+msgid "Peer public key"
+msgstr "Peer public key"
+
+msgid "Endpoint address"
+msgstr "Endpoint address"
+
+msgid "Allowed IPs"
+msgstr "Allowed IPs"
+
+msgid "Persistent keepalive"
+msgstr "Persistent keepalive"
+
+msgid "Display WireGuard status"
+msgstr "Display WireGuard status"
+
+msgid "Enable this option to display an updated WireGuard status."
+msgstr "Enable this option to display an updated WireGuard status."
+
+msgid "Scan this QR code with your client to connect to this tunnel"
+msgstr "Scan this QR code with your client to connect to this tunnel"
+
+msgid "Start WireGuard"
+msgstr "Start WireGuard"
+
+msgid "Stop WireGuard"
+msgstr "Stop WireGuard"
+
+msgid "Information provided by wireguard"
+msgstr "Information provided by wireguard"
+
+msgid "Attempting to start WireGuard"
+msgstr "Attempting to start WireGuard"
+
+msgid "Attempting to stop WireGuard"
+msgstr "Attempting to stop WireGuard"
+
+msgid "WireGuard configuration updated successfully"
+msgstr "WireGuard configuration updated successfully"
+
+msgid "WireGuard configuration failed to be updated"
+msgstr "WireGuard configuration failed to be updated"
+
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index a4d80f5a..0d29b429 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -65,7 +65,7 @@
       <figure class="figure">
         <?php if ($wg_penabled == true ) : ?>
         <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
-        <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
+        <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this tunnel"); ?></figcaption>
         <?php endif; ?>
       </figure>
     </div>

From 03acf8f92c481d9e545769231525d267e0183409 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 8 Mar 2021 08:59:38 +0000
Subject: [PATCH 58/60] Minor: update timestamp

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 21077 -> 21077 bytes
 locale/en_US/LC_MESSAGES/messages.po |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 23c18e522906eee2d279c4e0bd2565f0ffd271c1..fd81791e6c75dcabb201ea6f86cf88f95198c69e 100644
GIT binary patch
delta 28
kcmcb*gz@SU#tmtvyoS04#<~U;3I>)|1_qmpO&`es0FLMh9{>OV

delta 28
kcmcb*gz@SU#tmtvyau`k#=1t93I+yN2Bw>fO&`es0FKEC9RL6T

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index c10c8da2..3170fa4e 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: 1.2.1\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2020-03-29 00:05+0000\n"
+"PO-Revision-Date: 2021-03-08 09:00+0000\n"
 "Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "Language-Team: \n"
 "Language: en_US\n"

From cb58e310895e45b26e592521a52050ac81632382 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 15:35:48 +0000
Subject: [PATCH 59/60] Handle server/peer enable states

---
 includes/wireguard.php    | 190 +++++++++++++++++++++-----------------
 installers/raspap.sudoers |   2 +
 templates/wg/general.php  |   6 +-
 templates/wg/peers.php    |   9 +-
 4 files changed, 117 insertions(+), 90 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 00b4e962..c7f56cdd 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -34,7 +34,10 @@ function DisplayWireGuardConfig()
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_srvdns = ($conf['DNS'] == '') ? getDefaultNetValue('wireguard','server','DNS') : $conf['DNS'];
-    $wg_peerpubkey = $conf['PublicKey'];
+    $wg_peerpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-public.key', $return);
+    if (sizeof($conf) >0) {
+        $wg_senabled = true;
+    }
 
     // todo: iterate multiple peer configs
     exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $preturn);
@@ -64,6 +67,7 @@ function DisplayWireGuardConfig()
             "wg_srvport",
             "wg_srvipaddress",
             "wg_srvdns",
+            "wg_senabled",
             "wg_penabled",
             "wg_pipaddress",
             "wg_plistenport",
@@ -86,102 +90,120 @@ function SaveWireGuardConfig($status)
     // Set defaults
     $good_input = true;
     $peer_id = 1;
-    // Validate input
-    if (isset($_POST['wg_srvport'])) {
-        if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
-            $status->addMessage('Invalid value for server local port', 'danger');
-            $good_input = false;
+    // Validate server input
+    if ($_POST['wg_senabled'] == 1) {
+        if (isset($_POST['wg_srvport'])) {
+            if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
+                $status->addMessage('Invalid value for server local port', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_plistenport'])) {
+            if (strlen($_POST['wg_plistenport']) > 5 || !is_numeric($_POST['wg_plistenport'])) {
+                $status->addMessage('Invalid value for peer local port', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_srvipaddress'])) {
+            if (!validateCidr($_POST['wg_srvipaddress'])) {
+                $status->addMessage('Invalid value for server IP address', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_srvdns'])) {
+            if (!filter_var($_POST['wg_srvdns'],FILTER_VALIDATE_IP)) {
+                $status->addMessage('Invalid value for DNS', 'danger');
+                $good_input = false;
+            }
         }
     }
-    if (isset($_POST['wg_plistenport'])) {
-        if (strlen($_POST['wg_plistenport']) > 5 || !is_numeric($_POST['wg_plistenport'])) {
-            $status->addMessage('Invalid value for peer local port', 'danger');
-            $good_input = false;
+    // Validate peer input
+    if ($_POST['wg_penabled'] == 1) {
+        if (isset($_POST['wg_pipaddress'])) {
+            if (!validateCidr($_POST['wg_pipaddress'])) {
+                $status->addMessage('Invalid value for peer IP address', 'danger');
+                $good_input = false;
+            }
         }
-    }
-    if (isset($_POST['wg_srvipaddress'])) {
-        if (!validateCidr($_POST['wg_srvipaddress'])) {
-            $status->addMessage('Invalid value for server IP address', 'danger');
-            $good_input = false;
+        if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
+            $wg_pendpoint_seg = substr($_POST['wg_pendpoint'],0,strpos($_POST['wg_pendpoint'],':'));
+            if (!filter_var($wg_pendpoint_seg,FILTER_VALIDATE_IP)) {
+                $status->addMessage('Invalid value for endpoint address', 'danger');
+                $good_input = false;
+            }
         }
-    }
-    if (isset($_POST['wg_pipaddress'])) {
-        if (!validateCidr($_POST['wg_pipaddress'])) {
-            $status->addMessage('Invalid value for peer IP address', 'danger');
-            $good_input = false;
+        if (isset($_POST['wg_pallowedips']) && strlen(trim($_POST['wg_pallowedips']) >0)) {
+            if (!validateCidr($_POST['wg_pallowedips'])) {
+                $status->addMessage('Invalid value for allowed IPs', 'danger');
+                $good_input = false;
+            }
         }
-    }
-    if (isset($_POST['wg_srvdns'])) {
-        if (!filter_var($_POST['wg_srvdns'],FILTER_VALIDATE_IP)) {
-            $status->addMessage('Invalid value for DNS', 'danger');
-            $good_input = false;
-        }
-    }
-    if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-        $wg_pendpoint_seg = substr($_POST['wg_pendpoint'],0,strpos($_POST['wg_pendpoint'],':'));
-        if (!filter_var($wg_pendpoint_seg,FILTER_VALIDATE_IP)) {
-            $status->addMessage('Invalid value for endpoint address', 'danger');
-            $good_input = false;
-        }
-    }
-    if (isset($_POST['wg_pallowedips']) && strlen(trim($_POST['wg_pallowedips']) >0)) {
-        if (!validateCidr($_POST['wg_pallowedips'])) {
-            $status->addMessage('Invalid value for allowed IPs', 'danger');
-            $good_input = false;
-        }
-    }
-    if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
-        if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
-            $status->addMessage('Invalid value for persistent keepalive', 'danger');
-            $good_input = false;
+        if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
+            if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
+                $status->addMessage('Invalid value for persistent keepalive', 'danger');
+                $good_input = false;
+            }
         }
     }
     // Save settings
     if ($good_input) {
-        // fetch private keys from filesytem
-        $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
-        $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
-
         // server (wg0.conf)
-        $config[] = '[Interface]';
-        $config[] = 'Address = '.$_POST['wg_srvipaddress'];
-        $config[] = 'ListenPort = '.$_POST['wg_srvport'];
-        $config[] = 'DNS = '.$_POST['wg_srvdns'];
-        $config[] = 'PrivateKey = '.$wg_srvprivkey;
-        $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
-        $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
-        $config[] = '';
-        $config[] = '[Peer]';
-        $config[] = 'PublicKey = '.$_POST['wg-peer'];
-        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-        if ($_POST['wg_pkeepalive'] !== '') {
-            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+        if ($_POST['wg_senabled'] == 1) {
+            // fetch server private key from filesytem
+            $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+            $config[] = '[Interface]';
+            $config[] = 'Address = '.$_POST['wg_srvipaddress'];
+            $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+            $config[] = 'DNS = '.$_POST['wg_srvdns'];
+            $config[] = 'PrivateKey = '.$wg_srvprivkey;
+            $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
+            $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
+            $config[] = '';
+            $config[] = '[Peer]';
+            $config[] = 'PublicKey = '.$_POST['wg-peer'];
+            $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+            if ($_POST['wg_pkeepalive'] !== '') {
+                $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+            }
+            $config[] = '';
+            $config = join(PHP_EOL, $config);
+
+            file_put_contents("/tmp/wgdata", $config);
+            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+        } else {
+            # remove selected conf + keys
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_CONFIG, $return);
         }
-        $config[] = '';
-        $config = join(PHP_EOL, $config);
-
-        file_put_contents("/tmp/wgdata", $config);
-        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-
         // client1 (client.conf)
-        $config = [];
-        $config[] = '[Interface]';
-        $config[] = 'Address = '.trim($_POST['wg_pipaddress']);
-        $config[] = 'PrivateKey = '.$wg_peerprivkey;
-        $config[] = 'ListenPort = '.$_POST['wg_plistenport'];
-        $config[] = '';
-        $config[] = '[Peer]';
-        $config[] = 'PublicKey = '.$_POST['wg-server'];
-        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-        $config[] = 'Endpoint = '.$_POST['wg_pendpoint'];
-        if ($_POST['wg_pkeepalive'] !== '') {
-            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
-        }
-        $config[] = '';
-        $config = join(PHP_EOL, $config);
+        if ($_POST['wg_penabled'] == 1) {
+            // fetch peer private key from filesystem 
+            $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+            $config = [];
+            $config[] = '[Interface]';
+            $config[] = 'Address = '.trim($_POST['wg_pipaddress']);
+            $config[] = 'PrivateKey = '.$wg_peerprivkey;
+            $config[] = 'ListenPort = '.$_POST['wg_plistenport'];
+            $config[] = '';
+            $config[] = '[Peer]';
+            $config[] = 'PublicKey = '.$_POST['wg-server'];
+            $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+            $config[] = 'Endpoint = '.$_POST['wg_pendpoint'];
+            if ($_POST['wg_pkeepalive'] !== '') {
+                $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+            }
+            $config[] = '';
+            $config = join(PHP_EOL, $config);
 
-        file_put_contents("/tmp/wgdata", $config);
-        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+            file_put_contents("/tmp/wgdata", $config);
+            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+        } else {
+             # remove selected conf + keys
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-peer-public.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH.'client.conf', $return);
+        }
 
         // handle log option
         if ($_POST['wg_log'] == "1") {
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 9aded5a3..18e4ddf8 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -50,4 +50,6 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl * wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
 
diff --git a/templates/wg/general.php b/templates/wg/general.php
index b3235e88..06d09811 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -4,13 +4,13 @@
     <div class="col-md-6">
       <h4 class="mt-3"><?php echo _("Tunnel settings"); ?></h4>
         <div class="input-group">
-          <input type="hidden" name="tunnel-enable" value="0">
           <div class="custom-control custom-switch">
-            <input class="custom-control-input" id="tunnel-enable" type="checkbox" name="tunnel-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="tunnel-description">
-          <label class="custom-control-label" for="tunnel-enable"><?php echo _("Enable tunnel") ?></label>
+            <input class="custom-control-input" id="server_enabled" type="checkbox" name="wg_senabled" value="1" <?php echo $wg_senabled ? ' checked="checked"' : "" ?> aria-describedby="server-description">
+          <label class="custom-control-label" for="server_enabled"><?php echo _("Enable server") ?></label>
         </div>
         <p id="wg-description">
           <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
+          <small><?php echo _("This option adds <code>wg0.conf</code> to the WireGuard configuration.") ?></small>
         </p>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 0d29b429..319cc0f9 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -4,12 +4,15 @@
     <div class="col-md-6">
       <h4 class="mt-3"><?php echo _("Peer"); ?></h4>
         <div class="input-group">
-          <input type="hidden" name="endpoint-enable" value="0">
           <input type="hidden" name="peer_id" value="1">
           <div class="custom-control custom-switch">
-            <input class="custom-control-input" id="endpoint_enable" type="checkbox" name="endpoint-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
-          <label class="custom-control-label" for="endpoint_enable"><?php echo _("Enable endpoint") ?></label>
+            <input class="custom-control-input" id="peer_enabled" type="checkbox" name="wg_penabled" value="1" <?php echo $wg_penabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
+          <label class="custom-control-label" for="peer_enabled"><?php echo _("Enable peer") ?></label>
         </div>
+        <p id="wg-description">
+          <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer.") ?></small>
+          <small><?php echo _("This option adds <code>client.conf</code> to the WireGuard configuration.") ?></small>
+        </p>
      </div>
 
       <div class="row">

From 63267cd225fbb9863082a964454a70ab7a455513 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 15:41:03 +0000
Subject: [PATCH 60/60] Update en_US locale

---
 locale/en_US/LC_MESSAGES/messages.po | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 3170fa4e..dcd00a5c 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -855,12 +855,15 @@ msgstr "Invalid custom host found on line "
 msgid "Tunnel settings"
 msgstr "Tunnel settings"
 
-msgid "Enable tunnel"
-msgstr "Enable tunnel"
+msgid "Enable server"
+msgstr "Enable server"
 
 msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
 msgstr "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
 
+msgid "This option adds <code>wg0.conf</code> to the WireGuard configuration."
+msgstr "This option adds <code>wg0.conf</code> to the WireGuard configuration."
+
 msgid "Local public key"
 msgstr "Local public key"
 
@@ -876,8 +879,14 @@ msgstr "DNS"
 msgid "Peer"
 msgstr "Peer"
 
-msgid "Enable endpoint"
-msgstr "Enable endpoint"
+msgid "Enable peer"
+msgstr "Enable peer"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer."
+msgstr "Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer."
+
+msgid "This option adds <code>client.conf</code> to the WireGuard configuration."
+msgstr "This option adds <code>client.conf</code> to the WireGuard configuration."
 
 msgid "Peer public key"
 msgstr "Peer public key"