From 5028007b7aa5b6b0b771c9ea86452b7a573745fd Mon Sep 17 00:00:00 2001 From: billz Date: Mon, 20 Apr 2020 10:14:12 +0100 Subject: [PATCH 01/22] Add wireguard install option --- installers/common.sh | 44 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index a64e8d1c..e52d62d7 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -235,17 +235,35 @@ function _install_adblock() { _install_status 0 } -# Prompt to install openvpn -function _prompt_install_openvpn() { - _install_log "Configure OpenVPN support" - echo -n "Install OpenVPN and enable client configuration? [Y/n]: " +# Prompt to install VPN +function _prompt_install_vpn() { + _install_log "Configure VPN support" + echo -n "Install VPN and enable client configuration? [Y/n]: " if [ "$assume_yes" == 0 ]; then read answer < /dev/tty if [ "$answer" != "${answer#[Nn]}" ]; then echo -e else - _install_openvpn + _install_vpn fi + elif [ "$ovpn_option" == 1 ]; then + _install_vpn + else + echo "(Skipped)" + fi +} + +function _install_vpn() { + echo -n "Install [O]penVPN or [W]ireguard? [O/W]: " + if [ "$assume_yes" == 0 ]; then + read answer < /dev/tty + case $answer in + [oO]* ) + _install_openvpn; + break;; + [wW]* ) + _install_wireguard; + esac elif [ "$ovpn_option" == 1 ]; then _install_openvpn else @@ -253,6 +271,20 @@ function _prompt_install_openvpn() { fi } +# Install Wireguard from the Debian unstable distro +function _install_wireguard() { + _install_log "Configure Wireguard support" + echo "Installing Wireguard from Debian unstable distro" + echo "Adding Debian distro" + echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list" + sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr" + echo "Adding Debian distro keys" + sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys" + printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d" + sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard" + _install_status 0 +} + # Install openvpn and enable client configuration option function _install_openvpn() { _install_log "Installing OpenVPN and enabling client configuration" @@ -537,7 +569,7 @@ function _install_raspap() { _default_configuration _configure_networking _prompt_install_adblock - _prompt_install_openvpn + _prompt_install_vpn _patch_system_files _install_complete } From 7e58feeec0eae36cef5f56798d1695fe357db22c Mon Sep 17 00:00:00 2001 From: billz Date: Mon, 20 Apr 2020 11:04:36 +0100 Subject: [PATCH 02/22] Enable wg management UI --- installers/common.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index e52d62d7..a58e4ba7 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -254,7 +254,7 @@ function _prompt_install_vpn() { } function _install_vpn() { - echo -n "Install [O]penVPN or [W]ireguard? [O/W]: " + echo -n "Install [O]penVPN or [W]ireGuard? [O/W]: " if [ "$assume_yes" == 0 ]; then read answer < /dev/tty case $answer in @@ -273,15 +273,18 @@ function _install_vpn() { # Install Wireguard from the Debian unstable distro function _install_wireguard() { - _install_log "Configure Wireguard support" - echo "Installing Wireguard from Debian unstable distro" + _install_log "Configure WireGuard support" + echo "Installing WireGuard from Debian unstable distro" echo "Adding Debian distro" echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list" sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr" echo "Adding Debian distro keys" sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys" printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d" + echo "Installing WireGuard" sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard" + echo "Enabling WireGuard management option" + sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php" _install_status 0 } From 2bedbad71a89be18656f0ff89ed3e70f72715775 Mon Sep 17 00:00:00 2001 From: billz Date: Mon, 20 Apr 2020 11:05:15 +0100 Subject: [PATCH 03/22] Add wireguard constants --- config/config.php | 3 +++ includes/defaults.php | 3 +++ 2 files changed, 6 insertions(+) diff --git a/config/config.php b/config/config.php index f638b2a7..50e6442a 100755 --- a/config/config.php +++ b/config/config.php @@ -21,6 +21,8 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant'); define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf'); define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf'); define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf'); +define('RASPI_WIREGUARD_SERVER_CONFIG', '/etc/wireguard/wg0.conf'); +define('RASPI_WIREGUARD_CLIENT_CONFIG', '/etc/wireguard/wg0-client.conf'); define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc'); define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf'); @@ -34,6 +36,7 @@ define('RASPI_NETWORK_ENABLED', true); define('RASPI_DHCP_ENABLED', true); define('RASPI_ADBLOCK_ENABLED', false); define('RASPI_OPENVPN_ENABLED', false); +define('RASPI_WIREGUARD_ENABLED', false); define('RASPI_TORPROXY_ENABLED', false); define('RASPI_CONFAUTH_ENABLED', true); define('RASPI_CHANGETHEME_ENABLED', true); diff --git a/includes/defaults.php b/includes/defaults.php index 9598ce9b..ddf9ea92 100755 --- a/includes/defaults.php +++ b/includes/defaults.php @@ -25,6 +25,8 @@ $defaults = [ 'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf', 'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf', 'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf', + 'RASPI_WIREGUARD_SERVER_CONFIG' => '/etc/wireguard/wg0.conf', + 'RASPI_WIREGUARD_CLIENT_CONFIG' => '/etc/wireguard/wg0-client.conf', 'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc', 'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf', @@ -35,6 +37,7 @@ $defaults = [ 'RASPI_DHCP_ENABLED' => true, 'RASPI_ADBLOCK_ENABLED' => false, 'RASPI_OPENVPN_ENABLED' => false, + 'RASPI_WIREGUARD_ENABLED' => false, 'RASPI_TORPROXY_ENABLED' => false, 'RASPI_CONFAUTH_ENABLED' => true, 'RASPI_CHANGETHEME_ENABLED' => true, From 4c0de339560f65bed3d9e9e613a5e0e1252567d7 Mon Sep 17 00:00:00 2001 From: billz Date: Mon, 20 Apr 2020 12:52:03 +0100 Subject: [PATCH 04/22] Update w/ wg_conf --- index.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/index.php b/index.php index c2fe13ee..837ebef3 100755 --- a/index.php +++ b/index.php @@ -40,6 +40,7 @@ require_once 'includes/themes.php'; require_once 'includes/data_usage.php'; require_once 'includes/about.php'; require_once 'includes/openvpn.php'; +require_once 'includes/wireguard.php'; require_once 'includes/torproxy.php'; $output = $return = 0; @@ -164,6 +165,11 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
  • +
    • + + +
  • +
    • @@ -257,6 +263,9 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable']; case "openvpn_conf": DisplayOpenVPNConfig(); break; + case "wg_conf": + DisplayWireGuardConfig(); + break; case "torproxy_conf": DisplayTorProxyConfig(); break; From db497de7d0965cbd11ea3f02031e74e8a4b5af79 Mon Sep 17 00:00:00 2001 From: billz Date: Mon, 20 Apr 2020 12:53:46 +0100 Subject: [PATCH 05/22] Initial commit: wg templates --- includes/wireguard.php | 48 +++++++++++++++++++++++++++++++++++++ templates/wg/general.php | 0 templates/wg/logging.php | 0 templates/wireguard.php | 51 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 99 insertions(+) create mode 100644 includes/wireguard.php create mode 100644 templates/wg/general.php create mode 100644 templates/wg/logging.php create mode 100644 templates/wireguard.php diff --git a/includes/wireguard.php b/includes/wireguard.php new file mode 100644 index 00000000..a0c2ed94 --- /dev/null +++ b/includes/wireguard.php @@ -0,0 +1,48 @@ +addMessage('Attempting to start WireGuard', 'info'); + exec('sudo /bin/systemctl start wg-quick@wg0', $return); + exec('sudo /bin/systemctl enable wg-quick@wg0', $return); + foreach ($return as $line) { + $status->addMessage($line, 'info'); + } + } elseif (isset($_POST['stopwg'])) { + $status->addMessage('Attempting to stop WireGuard', 'info'); + exec('sudo /bin/systemctl stop wg-quick@wg0', $return); + exec('sudo /bin/systemctl disable wg-quick@wg0', $return); + foreach ($return as $line) { + $status->addMessage($line, 'info'); + } + } + } + + exec('pidof wg | wc -l', $wgstatus); + + $serviceStatus = $wgstatus[0] == 0 ? "down" : "up"; + + echo renderTemplate( + "wireguard", compact( + "status", + "serviceStatus" + ) + ); +} + diff --git a/templates/wg/general.php b/templates/wg/general.php new file mode 100644 index 00000000..e69de29b diff --git a/templates/wg/logging.php b/templates/wg/logging.php new file mode 100644 index 00000000..e69de29b diff --git a/templates/wireguard.php b/templates/wireguard.php new file mode 100644 index 00000000..b3f33796 --- /dev/null +++ b/templates/wireguard.php @@ -0,0 +1,51 @@ + + + "> + + "> + + "> + + + + +
    +
    +
    +
    +
    +
    + +
    +
    + +
    +
    +
    +
    + showMessages(); ?> +
    + + +
      +
      • +
      • +
    + + +
    + + +
    + + +
    +
    +
    +
    +
    +
    + From 070b1db4257785c6052f23d9a9a3d61ac63ba966 Mon Sep 17 00:00:00 2001 From: billz Date: Mon, 20 Apr 2020 22:35:16 +0100 Subject: [PATCH 06/22] Create RaspAP webfont --- dist/raspap/css/fonts/RaspAP.eot | Bin 0 -> 2392 bytes dist/raspap/css/fonts/RaspAP.svg | 12 +++++++ dist/raspap/css/fonts/RaspAP.ttf | Bin 0 -> 2232 bytes dist/raspap/css/fonts/RaspAP.woff | Bin 0 -> 2308 bytes dist/raspap/css/style.css | 54 ++++++++++++++++++++++++++++++ 5 files changed, 66 insertions(+) create mode 100755 dist/raspap/css/fonts/RaspAP.eot create mode 100755 dist/raspap/css/fonts/RaspAP.svg create mode 100755 dist/raspap/css/fonts/RaspAP.ttf create mode 100755 dist/raspap/css/fonts/RaspAP.woff create mode 100644 dist/raspap/css/style.css diff --git a/dist/raspap/css/fonts/RaspAP.eot b/dist/raspap/css/fonts/RaspAP.eot new file mode 100755 index 0000000000000000000000000000000000000000..d77690f6fda5ba960971730d722cece920d258ab GIT binary patch literal 2392 zcmaJ@O>7&-6@G7LcXqiXml92KNsAIGG9e?`q_m_+N^U|YaI9ESL>qD}2dx~Nkr~;R zL<+Ku+CdQn=q0x#w-hN5pg_@{f&gg&15FDTMGgh>gA^@L@ElQyR;f)lX_uZMwbX&! zp-s9)+u--WBxnuH9(1l#kGhm4kIFQQnTOYcQqF?(1__!ydw!-8i5kBI^D)|$jh*(c zyY`Pap_GRF;%58iF2)haYP2@D@4Wii-#>l}@@*o6u65d1lfV7LzlbDcs$T{eRAYjeDYxsMGlPS9pT!2!6I$=3*hAGaWXiH*3m-o2XVAO>We^$LozcM0bMK zEU3A9ZLUy^mpPx4X4PTLxR^oBJFo&%je0})x{CME_yoI^gsUK0v5?D8Gn5Zj!+>9v zjf1L~1Y8$pScTE3SA0gAvY0EtOTmv$b$+eQ^8zC*ugo(H`#D(zU&yH*&xUB#BR09} zo!}}$$;0-5gV~c@#3LR=0Z^??a2z4x0U;C}j>ix^V5MI51{Mp_6n(?Ew6*=|A3ImC z*tVvvZr%9m%NsW?YJC4vVS2ii%|=a4k1TplLg#=LF1Xf+#hHu{vn4ZV#Pea+Ewk(< zIhpi+8c9dY%bqi$jbt4DwKMMMme5Vz2$`BGB5B7-g*DA!VH&ZiSS%NGgtTkNMyHNM z^U+M!Fe;P9McY1B4u%qe+@vA(%;VB}@~N3hKdrQ$U;gO%h|bBpqP2AQY^&RCo$da) z;dy5g@p$5l=QZYm;hnUj!3D!#-m3(N?e5LiDB0pEXrY;3*Rd~We% zb6t5`Z=O`%fVFRv$qOe=oHAZqTH4BFxWyk9i*K&4UpHRc+IqiK1~JIB7~XRiGM6Jy zeoH~!Pn}==?e1{}2IDZxA>kv(4hq)zIh%A-5u*P!-X3BD|4DR+CHT`rY|~MC zU7ZPf089uo1FYd7e|d-n_=O?Xf%k^kz|lTF#1j1S5Zg3I@2=u>e&*bRmxHy=-p%X1 zZq_T$KKe%R<0X$^I-9q)+k1yE89!EA>~;6Eo1JcFuf5;7ntkO?c4?!x((850wCG<# r_9=@?N(a{wbv0?zKE|uyUZFeamuLf8D`@J%QpP*>&w2lCKeGED{AoBn literal 0 HcmV?d00001 diff --git a/dist/raspap/css/fonts/RaspAP.svg b/dist/raspap/css/fonts/RaspAP.svg new file mode 100755 index 00000000..27920e40 --- /dev/null +++ b/dist/raspap/css/fonts/RaspAP.svg @@ -0,0 +1,12 @@ + + + +Generated by IcoMoon + + + + + + + + \ No newline at end of file diff --git a/dist/raspap/css/fonts/RaspAP.ttf b/dist/raspap/css/fonts/RaspAP.ttf new file mode 100755 index 0000000000000000000000000000000000000000..112214426e9ea9bad281acc07f2eb7fbaf327207 GIT binary patch literal 2232 zcmaJ?QEU@O5S_Wb+dH4_b7E|tojCEu2D=Hdle1$xNvQ*(goG#t1qf9enwZ25ki?FX zpaQB8Qh)fP{iA9nq)Ju$g^=1xNTn53#YZJ*)vA>$e*1;mU;awn*|Q_kg1X+lee-s9 zX7+qD3kU#ixC#sgj~*Y$`uxhf#N4H^u((!PH)nso27pnLPb^n9*J*AeSZP|H zet-8m$rk|>I9shOg+KY?R{%~j6wVT%e#?F!`8LVB&#rA}MOACmI+ZZhC>VPm@sCPc2211Q2M7P1b*Ri26`$xG6S zPCT5RAI1@+uvZ7^dim+ffk6<-0LR zA<_X!NEsLmQ1k?|g`C~AnB*#JD9Y)T)dyczmlkwgl4e%UKlcWY2Ku%wP_fOF*cZ1-AXXwMOjlbW*Ea^`*mN`r_S3(o75IF@FSzkkToW& zvf@!CmHDEE5%Efrf=pEcy@5d7Z7{Cq_qO-$@+bT;OHr~tsc~K3n{j(Wu6U2a<=7ss z?R#Y)n>}U4+%8?u#CwuGFPlCelWA4Us0)(HwQfy~YGy9N``eI7s4~s3YXLVhbhT^f zj~ecv+Y`{G&O#^7rY7R9fQzDHitO$7wM8S@FjJVMu)Qc68IX|4Op+zW8U9$F{%X2> zWa{%HQzvI1o}8UIe*gH)Et4yONH}5aHtb=Kw<{pK6kn$Y{Q<_@LvgEDmAT}J`Bjvo z>GWb|p!@G(Sy${S#h;FlU+D@tQe3j4sN_vTH{*uv>-PB)W>+aTG#m4_yEH@dl@gZC zc{-Jz@G!1%e~_{0!QMj`tO)j{Qu+SA-h-y8sa=t_PVSC)Jwe@{;ZtN%@p7N+j!610 zO`=c~m+(Z$BfDhorhmYY6^gZ;;$|+HiN8lxy1Wb}*{0)Dr>N*vNYo|DMyfJ;<38ow z9jae1!K?5FY*5Yxcp{$64;AQZOf?fP7;rxER^sJ{nn~Fncjo+%^TFquX%GyEMB%I{ z#ZY7&C2$|AW+9u)|A&tAgrKEp?P$4HD<7?WU9|0qP%s#puwVaLZ2VeDvL&egT?utIAQqryARAw8yF0 zAgh94jUAP=sll6;nu6FyGLp9LFggUF8-J6ok|gRa$D+7FsBL?2gx14=TP^ztoH(&V zXsU3kg&Fa=7M2OGwy;9qiNA$8@rPPihYq+R?gZIIjE7d5SONpyY+*+HNDIq^H(FSM z5OlRLCw{7hbr^yhGjuy2I7atD1vX(F4#2V5>c-}|dd;#kgD?wKGP4Qipbj;#z=jMA zKELG!Om+FfYGs4$R$&<~(D^E`@x0o2y|!g7S8LUc%2svBI&;aIT&z#m>$MDwJ1)1# n=`z`Tb&cG#lPQoH-P16wJW#}C{_q_AAU-!v+AEv8?W^D}L4Qh$ zv-ZuaTkU zQuI&wUoY(*TxU#op(mx-IH3DQEhz1snY{OG2X z>G{Z8S9|*hNb6t!wc|jXKTW@v$tizSzJ&hTpr`Lxg#yqYEEIWAllVAecZuKW-(kl& z1dRVq(aYlctsey_jWLPSXr)z}sZ6fJ#G6v^5OeQR|6acj4s-7^A5;IIjyjy-51=7N zunPNL2AslJeZdd?Q~Y1&H2Ao~`^Y-YR@ns_CwvQ-6zMg=VKeii_g>Nv%bA{GdxU{gGX>;cQQiZ}3>7dr22 z+WGCBFW>K6ykMG&vbufc+pn)&Ij7LQ^ZBW%mg`1!MGZGSJE2m*2<06kVo)Z-`D{_Q zw0JH=s-c&hBqfvHGvRbt-|*~+63N)~rafk>23K`e3+jr_!)e=2g%m|2u4}Q$SS)MV zT$t4(Ba?@sxoF1KwDLruX_`k$RxlCBPG~~SJS>byADbzc&$$^ZV49`uM1JBoPB_d} zj2b2Vf}#s!+|bj8Q%Q;G2yumUZbVHZW)Y{rh(Xb`ZN;r%%v45eqqJ67%m!isWW_Z# zG#-wmQ{^PrxT5hRBnuoU#8s}S3KyLI)>`>srS;_UdrvN(UHj_n+Ul9l&#b=V2rZUM z=In=TZ$20ri>U!EJQ}2EjB{%)>rU#bP=cALPHMVX+$_zE|9f6FHE&sq7E_3;yo5kn zK-DxI(G;?{u+{K*IGl6F8kxDZOlTxv*haXKb3Gx7h2mn63qwTXoTpDrp1kI!XsS@C zPESpqa2!J)OGQS7l?nypX0#-h;Zh5Uuxh0g^N^t+6)hkm0R`27DlB{fTh);32=e9u zmCMhgYhxi!it1tcsK^ShLP1rq8*$2*{m-%IZsWv#g#DKNj_qO3#Y8Tfug=x*Hx>pP zFCO!M@!`g+&J8x@NY?MGbN&xs8Ek`iOl}mx2U>>YuEPeNBHgK#E7kv_vmz&HCEY#M z>ULYFx*yd&Z!r;%Cl)=gJ`WsEB;vsH%|_$=D9ZUpqxpoyhYw3Ua`ITC?M?(voB8|; zD=TZph#`cnZ*Oe8UMw0dQK|fCxBH@%ur%|KNrzj#UJLSZJiY|~h_w_)`3c{xO()*HuUG+^b2Wb*9MqbIbdmX@|N8EVnHg~F@r>zB2g+uOH_B@lzN7Tp`p zLS`fU=nu?N{nPNR}pfs<4cxQGUx28x^ponUSH zjLBkboc^J_3{9T5g6i@HLAf8nSB8zv-WmEQCcw!V(o$#VhM0q|46zElGsGJHljsl& z@F$1ZWQW;H@=j0#V1gJKU=zufD(UTK!Cu@2nqv&*ci$) Tu}xU5KxBF)ykmLW{z~}|xDhO% literal 0 HcmV?d00001 diff --git a/dist/raspap/css/style.css b/dist/raspap/css/style.css new file mode 100644 index 00000000..93eb072e --- /dev/null +++ b/dist/raspap/css/style.css @@ -0,0 +1,54 @@ + /*! + * RaspAP-Brands Brand Icons - https://raspap.com + * License - https://github.com/billz/RaspAP-Brands-webgui/blob/master/LICENSE + */ +@font-face { + font-family: 'RaspAP'; + src: url('fonts/RaspAP.eot?e76qs3'); + src: url('fonts/RaspAP.eot?e76qs3#iefix') format('embedded-opentype'), + url('fonts/RaspAP.ttf?e76qs3') format('truetype'), + url('fonts/RaspAP.woff?e76qs3') format('woff'), + url('fonts/RaspAP.svg?e76qs3#RaspAP') format('svg'); + font-weight: normal; + font-style: normal; + font-display: block; +} + +[class^="ra-"], [class*=" ra-"] { + /* use !important to prevent issues with browser extensions that change ..webfonts */ + font-family: 'RaspAP' !important; + speak: none; + font-style: normal; + font-weight: normal; + font-variant: normal; + text-transform: none; + line-height: 1; + + /* Better Font Rendering =========== */ + -webkit-font-smoothing: antialiased; + -moz-osx-font-smoothing: grayscale; +} + +.ra-wireguard:before { + font-size: 1.3rem; + content: "\e900"; + color: #d1d3e2; + vertical-align: middle; +} + +.card-header .ra-wireguard:before { + color: #fff; +} + +.sidebar .nav-item.active .nav-link +span.ra-wireguard:before { + color: #6e707e; +} + +.ra-raspap:before { + font-size: 4.35rem; + content: "\e901"; + color: #d8224c; + margin-left: 0.1em; +} + From 5179847c5c208939ae4f0f8568e43889e0dd18a3 Mon Sep 17 00:00:00 2001 From: billz Date: Mon, 20 Apr 2020 22:36:03 +0100 Subject: [PATCH 07/22] Update w/ project webfont --- index.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/index.php b/index.php index 837ebef3..688c04c5 100755 --- a/index.php +++ b/index.php @@ -83,9 +83,12 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable']; - + + + + @@ -119,7 +122,7 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
    - +
    Status
    @@ -169,7 +172,7 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
  • - +
    • From 5c4814585a79ce64acc36019e0381729df31a175 Mon Sep 17 00:00:00 2001 From: billz Date: Mon, 20 Apr 2020 22:36:34 +0100 Subject: [PATCH 08/22] Style tweaks --- app/css/custom.css | 4 ++++ app/css/hackernews.css | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/app/css/custom.css b/app/css/custom.css index 75cff67a..e5effc31 100644 --- a/app/css/custom.css +++ b/app/css/custom.css @@ -46,6 +46,10 @@ body { font-weight: 500; } +.sidebar-light hr.sidebar-divider { + padding-top: 0.5rem; +} + .card .card-header { border-color: #d8224c; background-color: #d8224c; diff --git a/app/css/hackernews.css b/app/css/hackernews.css index 7af897a2..b2c36496 100644 --- a/app/css/hackernews.css +++ b/app/css/hackernews.css @@ -66,6 +66,9 @@ h5.card-title { font-family: Verdana, Geneva, sans-serif; } +.sidebar-light hr.sidebar-divider { + padding-top: 0.5rem; +} ul.nav-tabs, .nav-tabs .nav-link { background-color: #f6f6ef; @@ -145,6 +148,7 @@ ul.nav-tabs, .nav-tabs .nav-link { .info-item-xs { font-size: 0.7rem; margin-left: 0.3rem; + line-height: 1.5em; } .info-item-wifi { @@ -181,6 +185,10 @@ ul.nav-tabs, .nav-tabs .nav-link { } } +.fas.fa-circle { + font-size: 0.5rem; +} + .logoutput { width:100%; height:300px; From 8d73fb774f46ff3d85253cc7c789638236dabf5a Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 22 Apr 2020 10:00:34 +0100 Subject: [PATCH 09/22] Update installer + sudoers for wg --- installers/common.sh | 39 +++++++++++++++++++++------------------ installers/raspap.sudoers | 4 ++++ installers/raspbian.sh | 8 ++++++++ 3 files changed, 33 insertions(+), 18 deletions(-) diff --git a/installers/common.sh b/installers/common.sh index a58e4ba7..a06dedda 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -235,37 +235,37 @@ function _install_adblock() { _install_status 0 } -# Prompt to install VPN -function _prompt_install_vpn() { - _install_log "Configure VPN support" - echo -n "Install VPN and enable client configuration? [Y/n]: " +# Prompt to install openvpn +function _prompt_install_openvpn() { + _install_log "Configure OpenVPN support" + echo -n "Install OpenVPN and enable client configuration? [Y/n]: " if [ "$assume_yes" == 0 ]; then read answer < /dev/tty if [ "$answer" != "${answer#[Nn]}" ]; then echo -e else - _install_vpn + _install_openvpn fi elif [ "$ovpn_option" == 1 ]; then - _install_vpn + _install_openvpn else echo "(Skipped)" fi } -function _install_vpn() { - echo -n "Install [O]penVPN or [W]ireGuard? [O/W]: " +# Prompt to install WireGuard +function _prompt_install_wireguard() { + _install_log "Configure WireGuard support" + echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: " if [ "$assume_yes" == 0 ]; then read answer < /dev/tty - case $answer in - [oO]* ) - _install_openvpn; - break;; - [wW]* ) - _install_wireguard; - esac - elif [ "$ovpn_option" == 1 ]; then - _install_openvpn + if [ "$answer" != "${answer#[Nn]}" ]; then + echo -e + else + _install_wireguard + fi + elif [ "$wg_option" == 1 ]; then + _install_wireguard else echo "(Skipped)" fi @@ -283,6 +283,8 @@ function _install_wireguard() { printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d" echo "Installing WireGuard" sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard" + echo "Enabling wg-quick@wg0" + sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service" echo "Enabling WireGuard management option" sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php" _install_status 0 @@ -572,7 +574,8 @@ function _install_raspap() { _default_configuration _configure_networking _prompt_install_adblock - _prompt_install_vpn + _prompt_install_openvpn + _prompt_install_wireguard _patch_system_files _install_complete } diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers index 517fbdef..ef21ec14 100644 --- a/installers/raspap.sudoers +++ b/installers/raspap.sudoers @@ -37,4 +37,8 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh +www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0 +www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0 +www-data ALL=(ALL) NOPASSWD:/usr/bin/wg + diff --git a/installers/raspbian.sh b/installers/raspbian.sh index d0e72769..da8ca5d0 100755 --- a/installers/raspbian.sh +++ b/installers/raspbian.sh @@ -14,6 +14,8 @@ # Used with -y, --yes, sets OpenVPN install option (0=no install) # -a, --adblock # Used with -y, --yes, sets Adblock install option (0=no install) +# -w, --wireguard +# Used with -y, --yes, sets WireGuard install option (0=no install) # -r, --repo, --repository # Overrides the default GitHub repo (billz/raspap-webgui) # -b, --branch @@ -39,6 +41,7 @@ branch="master" assume_yes=0 ovpn_option=1 adblock_option=1 +wg_option=1 # Define colors readonly ANSI_RED="\033[0;31m" @@ -58,6 +61,7 @@ Usage: raspbian.sh [OPTION]\n -c, --cert, --certificate\n\tInstalls an SSL certificate for lighttpd -o, --openvpn \n\tUsed with -y, --yes, sets OpenVPN install option (0=no install) -a, --adblock \n\tUsed with -y, --yes, sets Adblock install option (0=no install) +-w, --wireguard \n\tUsed with -y, --yes, sets WireGuard install option (0=no install) -r, --repo, --repository \n\tOverrides the default GitHub repo (billz/raspap-webgui) -b, --branch \n\tOverrides the default git branch (master) -h, --help\n\tOutputs usage notes and exits @@ -80,6 +84,10 @@ while :; do adblock_option="$2" shift ;; + -w|--wireguard) + wg_option="$2" + shift + ;; -c|--cert|--certificate) install_cert=1 ;; From 7c7b8941cbabc64ee688a643a3cd34c4fb3af745 Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 22 Apr 2020 10:01:31 +0100 Subject: [PATCH 10/22] Update stop/start, status --- includes/wireguard.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/includes/wireguard.php b/includes/wireguard.php index a0c2ed94..ed94ee34 100644 --- a/includes/wireguard.php +++ b/includes/wireguard.php @@ -19,28 +19,28 @@ function DisplayWireGuardConfig() } } elseif (isset($_POST['startwg'])) { $status->addMessage('Attempting to start WireGuard', 'info'); - exec('sudo /bin/systemctl start wg-quick@wg0', $return); - exec('sudo /bin/systemctl enable wg-quick@wg0', $return); + exec('sudo /usr/bin/wg-quick up wg0', $return); foreach ($return as $line) { $status->addMessage($line, 'info'); } } elseif (isset($_POST['stopwg'])) { $status->addMessage('Attempting to stop WireGuard', 'info'); - exec('sudo /bin/systemctl stop wg-quick@wg0', $return); - exec('sudo /bin/systemctl disable wg-quick@wg0', $return); + exec('sudo /usr/bin/wg-quick down wg0', $return); foreach ($return as $line) { $status->addMessage($line, 'info'); } } } - exec('pidof wg | wc -l', $wgstatus); + exec('pidof wg-crypt-wg0 | wc -l', $wgstatus); $serviceStatus = $wgstatus[0] == 0 ? "down" : "up"; + $wg_state = ($wgstatus[0] > 0); echo renderTemplate( "wireguard", compact( "status", + "wg_state", "serviceStatus" ) ); From 292a4ed1beb109286c81b989bbb7bdfc8ab3775d Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 22 Apr 2020 10:02:07 +0100 Subject: [PATCH 11/22] Initial template setup --- templates/wg/general.php | 46 ++++++++++++++++++++++++++++++++++++++++ templates/wg/logging.php | 11 ++++++++++ templates/wg/peers.php | 11 ++++++++++ templates/wireguard.php | 12 ++++++----- 4 files changed, 75 insertions(+), 5 deletions(-) create mode 100644 templates/wg/peers.php diff --git a/templates/wg/general.php b/templates/wg/general.php index e69de29b..ec44562a 100644 --- a/templates/wg/general.php +++ b/templates/wg/general.php @@ -0,0 +1,46 @@ + +
    +
    +
    +

    +
    + +
    + aria-describedby="tunnel-description"> + +
    +

    + +

    +
    +
    +
    + + +
    +
    + +
    +
    + +
    +
    + +
    + + +
    +
    +
    + +
    +
    + + +
    +
    + +
    +
    +
    + diff --git a/templates/wg/logging.php b/templates/wg/logging.php index e69de29b..eb31dd10 100644 --- a/templates/wg/logging.php +++ b/templates/wg/logging.php @@ -0,0 +1,11 @@ + +
    +
    +
    +

    + + +
    +
    +
    + diff --git a/templates/wg/peers.php b/templates/wg/peers.php new file mode 100644 index 00000000..2edc4d2d --- /dev/null +++ b/templates/wg/peers.php @@ -0,0 +1,11 @@ + +
    +
    +
    +

    + + +
    +
    +
    + diff --git a/templates/wireguard.php b/templates/wireguard.php index b3f33796..0c0c0a81 100644 --- a/templates/wireguard.php +++ b/templates/wireguard.php @@ -1,8 +1,8 @@ "> - - "> + + "> "> @@ -15,7 +15,7 @@
    - +

    - +

    - +
    diff --git a/templates/wg/peers.php b/templates/wg/peers.php index 2edc4d2d..16337a08 100644 --- a/templates/wg/peers.php +++ b/templates/wg/peers.php @@ -1,8 +1,51 @@
    +
    -

    +

    +
    + + +
    + aria-describedby="endpoint-description"> + +
    +
    + +
    +
    + + +
    +
    + +
    +
    + + +
    +
    + +
    +
    + + +
    +
    + +
    +
    + +
    +
    + +
    + + +
    +
    +
    diff --git a/templates/wireguard.php b/templates/wireguard.php index 0c0c0a81..3ead09c7 100644 --- a/templates/wireguard.php +++ b/templates/wireguard.php @@ -32,7 +32,7 @@
      • -
      • +
    From 543791f7238cb40ec05ff5a4c4e6b0aad494cdb6 Mon Sep 17 00:00:00 2001 From: billz Date: Tue, 25 Aug 2020 22:11:27 +0100 Subject: [PATCH 15/22] WIP: handle input --- includes/wireguard.php | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/includes/wireguard.php b/includes/wireguard.php index ed94ee34..34d56ce2 100644 --- a/includes/wireguard.php +++ b/includes/wireguard.php @@ -11,12 +11,31 @@ function DisplayWireGuardConfig() $status = new StatusMessages(); if (!RASPI_MONITOR_ENABLED) { if (isset($_POST['savewgettings'])) { + # Todo: validate input if (isset($_POST['authUser'])) { - $authUser = strip_tags(trim($_POST['authUser'])); + $peer_id = strip_tags(trim($_POST'peer_id'])); } - if (isset($_POST['authPassword'])) { - $authPassword = strip_tags(trim($_POST['authPassword'])); + if (isset($_POST['wg_endpoint'])) { + $wg_endpoint = strip_tags(trim($_POST['wg_endpoint'])); } + if (isset($_POST['wg_allowedips'])) { + $wg_allowedips = strip_tags(trim($_POST['wg_allowedips'])); + } + if (isset($_POST['wg_pkeepalive'])) { + $wg_pkeepalive = strip_tags(trim($_POST['wg_pkeepalive'])); + } + if (isset($_POST['wg_peerpubkey'])) { + $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey'])); + } + file_put_contents("/tmp/wgdata", $config); + system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return); + + if ($return == 0) { + $status->addMessage('Wireguard configuration updated successfully', 'success'); + } else { + $status->addMessage('Wireguard configuration failed to be updated.', 'danger'); + } + } elseif (isset($_POST['startwg'])) { $status->addMessage('Attempting to start WireGuard', 'info'); exec('sudo /usr/bin/wg-quick up wg0', $return); @@ -41,7 +60,13 @@ function DisplayWireGuardConfig() "wireguard", compact( "status", "wg_state", - "serviceStatus" + "serviceStatus", + "endpoint_enable", + "peer_id", + "wg_endpoint", + "wg_allowedips", + "wg_pkeepalive", + "wg_peerpubkey" ) ); } From 22651a86b7d3b5b327f9ecd5398076a4cbee2976 Mon Sep 17 00:00:00 2001 From: billz Date: Tue, 25 Aug 2020 22:11:57 +0100 Subject: [PATCH 16/22] Simplify wg config handling --- config/config.php | 3 +-- includes/defaults.php | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/config/config.php b/config/config.php index 6de2822f..122b1f94 100755 --- a/config/config.php +++ b/config/config.php @@ -21,8 +21,7 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant'); define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf'); define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf'); define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf'); -define('RASPI_WIREGUARD_SERVER_CONFIG', '/etc/wireguard/wg0.conf'); -define('RASPI_WIREGUARD_CLIENT_CONFIG', '/etc/wireguard/wg0-client.conf'); +define('RASPI_WIREGUARD_CONFIG', '/etc/wireguard/wg0.conf'); define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc'); define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf'); define('RASPI_ACCESS_CHECK_IP', '1.1.1.1'); diff --git a/includes/defaults.php b/includes/defaults.php index 6f6251e9..253c5619 100755 --- a/includes/defaults.php +++ b/includes/defaults.php @@ -26,8 +26,7 @@ $defaults = [ 'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf', 'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf', 'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf', - 'RASPI_WIREGUARD_SERVER_CONFIG' => '/etc/wireguard/wg0.conf', - 'RASPI_WIREGUARD_CLIENT_CONFIG' => '/etc/wireguard/wg0-client.conf', + 'RASPI_WIREGUARD_CONFIG' => '/etc/wireguard/wg0.conf', 'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc', 'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf', 'RASPI_ACCESS_CHECK_IP' => '1.1.1.1', From aff035122b78220ef226e2b2320cc66bdb05798c Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 26 Aug 2020 23:54:49 +0100 Subject: [PATCH 17/22] Validate, save & display wg config --- includes/wireguard.php | 58 +++++++++++++++++++++++++++++++-------- installers/raspap.sudoers | 2 ++ templates/wg/general.php | 2 +- 3 files changed, 49 insertions(+), 13 deletions(-) diff --git a/includes/wireguard.php b/includes/wireguard.php index 34d56ce2..d2ec1088 100644 --- a/includes/wireguard.php +++ b/includes/wireguard.php @@ -11,25 +11,47 @@ function DisplayWireGuardConfig() $status = new StatusMessages(); if (!RASPI_MONITOR_ENABLED) { if (isset($_POST['savewgettings'])) { - # Todo: validate input - if (isset($_POST['authUser'])) { - $peer_id = strip_tags(trim($_POST'peer_id'])); + // Validate input + $good_input = true; + $peer_id = 1; + if (isset($_POST['peer_id'])) { + $peer_id = escapeshellarg($_POST['peer_id']); } if (isset($_POST['wg_endpoint'])) { - $wg_endpoint = strip_tags(trim($_POST['wg_endpoint'])); + if (!filter_var($_POST['wg_endpoint'], FILTER_VALIDATE_IP)) { + $status->addMessage('Invalid value for endpoint address', 'danger'); + $good_input = false; + } else { + $wg_endpoint = escapeshellarg($_POST['wg_endpoint']); + } } if (isset($_POST['wg_allowedips'])) { - $wg_allowedips = strip_tags(trim($_POST['wg_allowedips'])); + if (!filter_var($_POST['wg_allowedips'], FILTER_VALIDATE_IP)) { + $status->addMessage('Invalid value for allowed IPs', 'danger'); + $good_input = false; + } else { + $wg_allowedips = escapeshellarg($_POST['wg_allowedips']); + } } if (isset($_POST['wg_pkeepalive'])) { - $wg_pkeepalive = strip_tags(trim($_POST['wg_pkeepalive'])); + if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) { + $status->addMessage('Invalid value for persistent keepalive', 'danger'); + $good_input = false; + } else { + $wg_pkeepalive = escapeshellarg($_POST['wg_pkeepalive']); + } } if (isset($_POST['wg_peerpubkey'])) { $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey'])); } - file_put_contents("/tmp/wgdata", $config); - system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return); - + // Save settings + if ($good_input) { + file_put_contents("/tmp/wgdata", $config); + system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return); + foreach ($return as $line) { + $status->addMessage($line, 'info'); + } + } if ($return == 0) { $status->addMessage('Wireguard configuration updated successfully', 'success'); } else { @@ -51,8 +73,18 @@ function DisplayWireGuardConfig() } } - exec('pidof wg-crypt-wg0 | wc -l', $wgstatus); + // fetch wg config + exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return); + $conf = ParseConfig($return); + $wg_port = $conf['ListenPort']; + $wg_ipaddress = $conf['Address']; + $wg_pubkey = $conf['PublicKey']; + $wg_endpoint = $conf['Endpoint']; + $wg_allowedips = $conf['AllowedIPs']; + $wg_pkeepalive = $conf['PersistentKeepalive']; + // fetch service status + exec('pidof wg-crypt-wg0 | wc -l', $wgstatus); $serviceStatus = $wgstatus[0] == 0 ? "down" : "up"; $wg_state = ($wgstatus[0] > 0); @@ -63,10 +95,12 @@ function DisplayWireGuardConfig() "serviceStatus", "endpoint_enable", "peer_id", + "wg_port", + "wg_ipaddress", + "wg_pubkey", "wg_endpoint", "wg_allowedips", - "wg_pkeepalive", - "wg_peerpubkey" + "wg_pkeepalive" ) ); } diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers index 2d6ed495..517b6233 100644 --- a/installers/raspap.sudoers +++ b/installers/raspap.sudoers @@ -41,5 +41,7 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg +www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf + diff --git a/templates/wg/general.php b/templates/wg/general.php index 686949bb..b9763555 100644 --- a/templates/wg/general.php +++ b/templates/wg/general.php @@ -36,7 +36,7 @@
    - +
    From 34b5b4c1b2ea52562e87bc8217cbac641994f8a4 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 28 Aug 2020 23:40:46 +0100 Subject: [PATCH 18/22] Add validateCidr() --- includes/functions.php | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/includes/functions.php b/includes/functions.php index 4d299314..c58b2b13 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -452,3 +452,30 @@ function getBridgedState() return $arrHostapdConf['BridgedEnable']; } +/** + * Validates the format of a CIDR notation string + * + * @param string $cidr + * @return bool + */ +function validateCidr($cidr) +{ + $parts = explode('/', $cidr); + if(count($parts) != 2) { + return false; + } + $ip = $parts[0]; + $netmask = intval($parts[1]); + + if($netmask < 0) { + return false; + } + if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { + return $netmask <= 32; + } + if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { + return $netmask <= 128; + } + return false; +} + From af0721e0214361979d63938ac1eecde5c50603ba Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 28 Aug 2020 23:42:55 +0100 Subject: [PATCH 19/22] Save wg config, template fixes --- includes/wireguard.php | 67 +++++++++++++++++++++++++++------------- templates/wg/general.php | 7 +++-- 2 files changed, 49 insertions(+), 25 deletions(-) diff --git a/includes/wireguard.php b/includes/wireguard.php index d2ec1088..26badcd0 100644 --- a/includes/wireguard.php +++ b/includes/wireguard.php @@ -10,52 +10,73 @@ function DisplayWireGuardConfig() { $status = new StatusMessages(); if (!RASPI_MONITOR_ENABLED) { - if (isset($_POST['savewgettings'])) { - // Validate input + if (isset($_POST['savewgsettings'])) { + // Set defaults $good_input = true; $peer_id = 1; - if (isset($_POST['peer_id'])) { - $peer_id = escapeshellarg($_POST['peer_id']); + // Validate input + if (isset($_POST['wg_port'])) { + if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) { + $status->addMessage('Invalid value for port number', 'danger'); + $good_input = false; + } } - if (isset($_POST['wg_endpoint'])) { - if (!filter_var($_POST['wg_endpoint'], FILTER_VALIDATE_IP)) { + if (isset($_POST['wg_ipaddress'])) { + if (!validateCidr($_POST['wg_ipaddress'])) { + $status->addMessage('Invalid value for IP address', 'danger'); + $good_input = false; + } + } + if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) { + if (!validateCidr($_POST['wg_endpoint'])) { $status->addMessage('Invalid value for endpoint address', 'danger'); $good_input = false; - } else { - $wg_endpoint = escapeshellarg($_POST['wg_endpoint']); } } if (isset($_POST['wg_allowedips'])) { - if (!filter_var($_POST['wg_allowedips'], FILTER_VALIDATE_IP)) { + if (!validateCidr($_POST['wg_allowedips'])) { $status->addMessage('Invalid value for allowed IPs', 'danger'); $good_input = false; - } else { - $wg_allowedips = escapeshellarg($_POST['wg_allowedips']); } } - if (isset($_POST['wg_pkeepalive'])) { + if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) { if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) { $status->addMessage('Invalid value for persistent keepalive', 'danger'); $good_input = false; - } else { - $wg_pkeepalive = escapeshellarg($_POST['wg_pkeepalive']); } } - if (isset($_POST['wg_peerpubkey'])) { - $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey'])); - } // Save settings if ($good_input) { + $config[] = '[Interface]'; + $config[] = 'Address = '.$_POST['wg_ipaddress']; + $config[] = 'ListenPort = '.$_POST['wg_port']; + $config[] = ''; + $config[] = 'PrivateKey = '.$_POST['wg_privkey']; + $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE'; + $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE'; + $config[] = ''; + $config[] = '[Peer]'; + $config[] = 'PublicKey = '.$_POST['wg_pubkey']; + if ($_POST['wg_endpoint'] !== '') { + $config[] = 'Endpoint = '.trim($_POST['wg_endpoint']); + } + $config[] = 'AllowedIPs = '.$_POST['wg_allowedips']; + if ($_POST['wg_pkeepalive'] !== '') { + $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']); + } + $config[] = ''; + $config = join(PHP_EOL, $config); + file_put_contents("/tmp/wgdata", $config); system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return); foreach ($return as $line) { $status->addMessage($line, 'info'); } - } - if ($return == 0) { - $status->addMessage('Wireguard configuration updated successfully', 'success'); - } else { - $status->addMessage('Wireguard configuration failed to be updated.', 'danger'); + if ($return == 0) { + $status->addMessage('Wireguard configuration updated successfully', 'success'); + } else { + $status->addMessage('Wireguard configuration failed to be updated.', 'danger'); + } } } elseif (isset($_POST['startwg'])) { @@ -79,6 +100,7 @@ function DisplayWireGuardConfig() $wg_port = $conf['ListenPort']; $wg_ipaddress = $conf['Address']; $wg_pubkey = $conf['PublicKey']; + $wg_privkey = $conf['PrivateKey']; $wg_endpoint = $conf['Endpoint']; $wg_allowedips = $conf['AllowedIPs']; $wg_pkeepalive = $conf['PersistentKeepalive']; @@ -98,6 +120,7 @@ function DisplayWireGuardConfig() "wg_port", "wg_ipaddress", "wg_pubkey", + "wg_privkey", "wg_endpoint", "wg_allowedips", "wg_pkeepalive" diff --git a/templates/wg/general.php b/templates/wg/general.php index b9763555..aa1de796 100644 --- a/templates/wg/general.php +++ b/templates/wg/general.php @@ -16,7 +16,7 @@
    - +
    @@ -25,13 +25,14 @@
    - +
    - +
    +
    From 7286173438e2bfc736cf359008964eeb66a4981a Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 5 Sep 2020 19:27:38 +0100 Subject: [PATCH 20/22] Add rudimentary logging --- includes/wireguard.php | 6 ++++++ installers/raspap.sudoers | 3 +++ templates/wg/logging.php | 14 +++++++++++--- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/includes/wireguard.php b/includes/wireguard.php index 26badcd0..84956b89 100644 --- a/includes/wireguard.php +++ b/includes/wireguard.php @@ -69,6 +69,11 @@ function DisplayWireGuardConfig() file_put_contents("/tmp/wgdata", $config); system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return); + + // handle log option + if ($_POST['wg_log'] == "1") { + exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null"); + } foreach ($return as $line) { $status->addMessage($line, 'info'); } @@ -115,6 +120,7 @@ function DisplayWireGuardConfig() "status", "wg_state", "serviceStatus", + "wg_log", "endpoint_enable", "peer_id", "wg_port", diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers index 517b6233..4c813d0e 100644 --- a/installers/raspap.sudoers +++ b/installers/raspap.sudoers @@ -35,9 +35,12 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log +www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh +www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log +www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg diff --git a/templates/wg/logging.php b/templates/wg/logging.php index eb31dd10..c9cb4185 100644 --- a/templates/wg/logging.php +++ b/templates/wg/logging.php @@ -1,10 +1,18 @@
    -
    +

    - - +
    + aria-describedby="wg_log"> + +
    +

    + '.htmlspecialchars($log, ENT_QUOTES).''; + ?>
    From 31edb21a764bfdc185469afb07dd295cb529d2f5 Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 23 Sep 2020 09:10:44 +0100 Subject: [PATCH 21/22] Fix merge error --- includes/functions.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index 85c69ca6..4a9e77bb 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -477,8 +477,9 @@ function validateCidr($cidr) return $netmask <= 128; } return false; - - // Validates a host or FQDN +} + +// Validates a host or FQDN function validate_host($host) { return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host); } From 06c8a2edcdc99194d18d470218a8740407b19567 Mon Sep 17 00:00:00 2001 From: billz Date: Thu, 15 Oct 2020 16:08:23 +0100 Subject: [PATCH 22/22] Install raspberrypi-kernel-headers (raspbian only) --- installers/common.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/installers/common.sh b/installers/common.sh index 9c55a9f0..2eb36e89 100755 --- a/installers/common.sh +++ b/installers/common.sh @@ -283,6 +283,10 @@ function _prompt_install_wireguard() { # Install Wireguard from the Debian unstable distro function _install_wireguard() { _install_log "Configure WireGuard support" + if [ "$OS" == "Raspbian" ]; then + echo "Installing raspberrypi-kernel-headers" + sudo apt-get install $apt_option raspberrypi-kernel-headers || _install_status 1 "Unable to install raspberrypi-kernel-headers" + fi echo "Installing WireGuard from Debian unstable distro" echo "Adding Debian distro" echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"