Get VPN state from active tun/wg device

2021-07-25 17:27:31 +02:00 · 2021-07-25 17:27:31 +02:00 · 882535b130
parent 2f1a6af0ba
commit 882535b130
2 changed files with 29 additions and 9 deletions
--- a/includes/firewall.php
+++ b/includes/firewall.php
@ -142,28 +142,47 @@ function ReadFirewallConf() {
       $conf["client-device"] = "";
       $conf["restricted-ips"] = "";
    }
+    exec('ifconfig | grep -E -i "tun+"', $ret);
+    $conf["openvpn-enable"] = !empty($ret);
+    unset($ret);
+    exec('ifconfig | grep -E -i "wg+"', $ret);
+    $conf["wireguard-enable"] = !empty($ret);
    return $conf;
 }

 function getVPN_IPs() {
    $ips = "";
-    # get openvpn server IPs for UDP (if existing)
+    # get openvpn and wireguard server IPs
    if ( RASPI_OPENVPN_ENABLED && ($fconf = glob(RASPI_OPENVPN_CLIENT_PATH ."/*.conf")) !== false && !empty($fconf) ) {
      foreach ( $fconf as $f ) {
-         unset($result);
-         exec('cat '.$f.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1/ip" ', $result);
-         $ip = (isset($result[0])) ? $result[0] : "";
-         unset($result);
-         exec('cat '.$f.' |  sed -rn "s/^proto\s*([a-z]*).*$/\1/ip" ', $result);
-         $proto = (isset($result[0])) ? $result[0] : "";
-         if ( !empty($ip) && trim(strtolower($proto)) === "udp" ) {
+        unset($result);
+        exec('cat '.$f.' |  sed -rn "s/^remote\s*([a-z0-9\.\-\_]*)\s*([0-9]*).*$/\1 \2/ip" ', $result);
+        if ( !empty($result) ) {
+          $result = explode(" ",$result[0]);
+          $ip = (isset($result[0])) ? $result[0] : "";
+          $port = (isset($result[1])) ? $result[1] : "";
+          if ( !empty($ip) ) {
            $ip = gethostbyname($ip);
            if ( filter_var($ip,FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) $ips .= " $ip";
+          }
        }
      }
    }
-    # get wireguard server IPs for UDP (if existing)
+    # get wireguard server IPs
    if ( RASPI_WIREGUARD_ENABLED && ($fconf = glob(RASPI_WIREGUARD_PATH ."/*.conf")) !== false && !empty($fconf) ) {
+      foreach ( $fconf as $f ) {
+        unset($result);
+        exec('sudo /bin/cat '.$f.' |  sed -rn "s/^endpoint\s*=\s*([a-z0-9\.\-\_]*:[0-9]*).*$/\1/ip" ', $result);
+        if ( !empty($result) ) {
+          $result = explode(":",$result[0]);
+          $ip = (isset($result[0])) ? $result[0] : "";
+          $port = (isset($result[1])) ? $result[1] : "";
+          if ( !empty($ip) ) {
+             $ip = gethostbyname($ip);
+             if ( filter_var($ip,FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) $ips .= " $ip";
+          }
+        }
+      }
    }
    return trim($ips);
 }
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@ -63,3 +63,4 @@ www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/tmp/iptables_raspap.sh
+www-data ALL=(ALL) NOPASSWD:/tmp/ip6tables_raspap.sh