From 5028007b7aa5b6b0b771c9ea86452b7a573745fd Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 10:14:12 +0100
Subject: [PATCH 01/74] Add wireguard install option

---
 installers/common.sh | 44 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 6 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index a64e8d1c..e52d62d7 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -235,17 +235,35 @@ function _install_adblock() {
     _install_status 0
 }
 
-# Prompt to install openvpn
-function _prompt_install_openvpn() {
-    _install_log "Configure OpenVPN support"
-    echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
+# Prompt to install VPN
+function _prompt_install_vpn() {
+    _install_log "Configure VPN support"
+    echo -n "Install VPN and enable client configuration? [Y/n]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
         if [ "$answer" != "${answer#[Nn]}" ]; then
             echo -e
         else
-            _install_openvpn
+            _install_vpn
         fi
+    elif [ "$ovpn_option" == 1 ]; then
+        _install_vpn
+    else
+        echo "(Skipped)"
+    fi
+}
+
+function _install_vpn() {
+    echo -n "Install [O]penVPN or [W]ireguard? [O/W]: "
+    if [ "$assume_yes" == 0 ]; then
+        read answer < /dev/tty
+        case $answer in
+            [oO]* )
+                _install_openvpn;
+                break;;
+            [wW]* )
+                _install_wireguard;
+        esac
     elif [ "$ovpn_option" == 1 ]; then
         _install_openvpn
     else
@@ -253,6 +271,20 @@ function _prompt_install_openvpn() {
     fi
 }
 
+# Install Wireguard from the Debian unstable distro
+function _install_wireguard() {
+    _install_log "Configure Wireguard support"
+    echo "Installing Wireguard from Debian unstable distro"
+    echo "Adding Debian distro"
+    echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
+    sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
+    echo "Adding Debian distro keys"
+    sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
+    printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
+    sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    _install_status 0
+}
+
 # Install openvpn and enable client configuration option
 function _install_openvpn() {
     _install_log "Installing OpenVPN and enabling client configuration"
@@ -537,7 +569,7 @@ function _install_raspap() {
     _default_configuration
     _configure_networking
     _prompt_install_adblock
-    _prompt_install_openvpn
+    _prompt_install_vpn
     _patch_system_files
     _install_complete
 }

From 7e58feeec0eae36cef5f56798d1695fe357db22c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 11:04:36 +0100
Subject: [PATCH 02/74] Enable wg management UI

---
 installers/common.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index e52d62d7..a58e4ba7 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -254,7 +254,7 @@ function _prompt_install_vpn() {
 }
 
 function _install_vpn() {
-    echo -n "Install [O]penVPN or [W]ireguard? [O/W]: "
+    echo -n "Install [O]penVPN or [W]ireGuard? [O/W]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
         case $answer in
@@ -273,15 +273,18 @@ function _install_vpn() {
 
 # Install Wireguard from the Debian unstable distro
 function _install_wireguard() {
-    _install_log "Configure Wireguard support"
-    echo "Installing Wireguard from Debian unstable distro"
+    _install_log "Configure WireGuard support"
+    echo "Installing WireGuard from Debian unstable distro"
     echo "Adding Debian distro"
     echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
     sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
     echo "Adding Debian distro keys"
     sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
     printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
+    echo "Installing WireGuard"
     sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    echo "Enabling WireGuard management option"
+    sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
     _install_status 0
 }
 

From 2bedbad71a89be18656f0ff89ed3e70f72715775 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 11:05:15 +0100
Subject: [PATCH 03/74] Add wireguard constants

---
 config/config.php     | 3 +++
 includes/defaults.php | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/config/config.php b/config/config.php
index f638b2a7..50e6442a 100755
--- a/config/config.php
+++ b/config/config.php
@@ -21,6 +21,8 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
+define('RASPI_WIREGUARD_SERVER_CONFIG', '/etc/wireguard/wg0.conf');
+define('RASPI_WIREGUARD_CLIENT_CONFIG', '/etc/wireguard/wg0-client.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 
@@ -34,6 +36,7 @@ define('RASPI_NETWORK_ENABLED', true);
 define('RASPI_DHCP_ENABLED', true);
 define('RASPI_ADBLOCK_ENABLED', false);
 define('RASPI_OPENVPN_ENABLED', false);
+define('RASPI_WIREGUARD_ENABLED', false);
 define('RASPI_TORPROXY_ENABLED', false);
 define('RASPI_CONFAUTH_ENABLED', true);
 define('RASPI_CHANGETHEME_ENABLED', true);
diff --git a/includes/defaults.php b/includes/defaults.php
index 9598ce9b..ddf9ea92 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -25,6 +25,8 @@ $defaults = [
   'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
   'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
   'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
+  'RASPI_WIREGUARD_SERVER_CONFIG' => '/etc/wireguard/wg0.conf',
+  'RASPI_WIREGUARD_CLIENT_CONFIG' => '/etc/wireguard/wg0-client.conf',
   'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
   'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
 
@@ -35,6 +37,7 @@ $defaults = [
   'RASPI_DHCP_ENABLED' => true,
   'RASPI_ADBLOCK_ENABLED' => false,
   'RASPI_OPENVPN_ENABLED' => false,
+  'RASPI_WIREGUARD_ENABLED' => false,
   'RASPI_TORPROXY_ENABLED' => false,
   'RASPI_CONFAUTH_ENABLED' => true,
   'RASPI_CHANGETHEME_ENABLED' => true,

From 4c0de339560f65bed3d9e9e613a5e0e1252567d7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 12:52:03 +0100
Subject: [PATCH 04/74] Update w/ wg_conf

---
 index.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/index.php b/index.php
index c2fe13ee..837ebef3 100755
--- a/index.php
+++ b/index.php
@@ -40,6 +40,7 @@ require_once 'includes/themes.php';
 require_once 'includes/data_usage.php';
 require_once 'includes/about.php';
 require_once 'includes/openvpn.php';
+require_once 'includes/wireguard.php';
 require_once 'includes/torproxy.php';
 
 $output = $return = 0;
@@ -164,6 +165,11 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
           <?php if (RASPI_OPENVPN_ENABLED) : ?>
         <li class="nav-item">
           <a class="nav-link" href="index.php?page=openvpn_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("OpenVPN"); ?></a>
+        </li>
+          <?php endif; ?>
+          <?php if (RASPI_WIREGUARD_ENABLED) : ?>
+        <li class="nav-item">
+          <a class="nav-link" href="index.php?page=wg_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("WireGuard"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_TORPROXY_ENABLED) : ?>
@@ -257,6 +263,9 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
         case "openvpn_conf":
             DisplayOpenVPNConfig();
             break;
+        case "wg_conf":
+            DisplayWireGuardConfig();
+            break;
         case "torproxy_conf":
             DisplayTorProxyConfig();
             break;

From db497de7d0965cbd11ea3f02031e74e8a4b5af79 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 12:53:46 +0100
Subject: [PATCH 05/74] Initial commit: wg templates

---
 includes/wireguard.php   | 48 +++++++++++++++++++++++++++++++++++++
 templates/wg/general.php |  0
 templates/wg/logging.php |  0
 templates/wireguard.php  | 51 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 99 insertions(+)
 create mode 100644 includes/wireguard.php
 create mode 100644 templates/wg/general.php
 create mode 100644 templates/wg/logging.php
 create mode 100644 templates/wireguard.php

diff --git a/includes/wireguard.php b/includes/wireguard.php
new file mode 100644
index 00000000..a0c2ed94
--- /dev/null
+++ b/includes/wireguard.php
@@ -0,0 +1,48 @@
+<?php
+
+require_once 'includes/status_messages.php';
+require_once 'config.php';
+
+/**
+ * Manage WireGuard configuration
+ */
+function DisplayWireGuardConfig()
+{
+    $status = new StatusMessages();
+    if (!RASPI_MONITOR_ENABLED) {
+        if (isset($_POST['savewgettings'])) {
+            if (isset($_POST['authUser'])) {
+                $authUser = strip_tags(trim($_POST['authUser']));
+            }
+            if (isset($_POST['authPassword'])) {
+                $authPassword = strip_tags(trim($_POST['authPassword']));
+            }
+        } elseif (isset($_POST['startwg'])) {
+            $status->addMessage('Attempting to start WireGuard', 'info');
+            exec('sudo /bin/systemctl start wg-quick@wg0', $return);
+            exec('sudo /bin/systemctl enable wg-quick@wg0', $return);
+            foreach ($return as $line) {
+                $status->addMessage($line, 'info');
+            }
+        } elseif (isset($_POST['stopwg'])) {
+            $status->addMessage('Attempting to stop WireGuard', 'info');
+            exec('sudo /bin/systemctl stop wg-quick@wg0', $return);
+            exec('sudo /bin/systemctl disable wg-quick@wg0', $return);
+            foreach ($return as $line) {
+                $status->addMessage($line, 'info');
+            }
+        }
+    }
+
+    exec('pidof wg | wc -l', $wgstatus);
+
+    $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
+
+    echo renderTemplate(
+        "wireguard", compact(
+            "status",
+            "serviceStatus"
+        )
+    );
+}
+
diff --git a/templates/wg/general.php b/templates/wg/general.php
new file mode 100644
index 00000000..e69de29b
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
new file mode 100644
index 00000000..e69de29b
diff --git a/templates/wireguard.php b/templates/wireguard.php
new file mode 100644
index 00000000..b3f33796
--- /dev/null
+++ b/templates/wireguard.php
@@ -0,0 +1,51 @@
+  <?php ob_start() ?>
+    <?php if (!RASPI_MONITOR_ENABLED) : ?>
+      <input type="submit" class="btn btn-outline btn-primary" name="savewgsettings" value="<?php echo _("Save settings"); ?>">
+      <?php if ($dnsmasq_state) : ?>
+        <input type="submit" class="btn btn-warning" name="restartwg" value="<?php echo _("Restart WireGuard"); ?>">
+      <?php else : ?>
+        <input type="submit" class="btn btn-success" name="startwg" value="<?php echo _("Start WireGuard"); ?>">
+      <?php endif ?>
+    <?php endif ?>
+  <?php $buttons = ob_get_clean(); ob_end_clean() ?>
+
+  <div class="row">
+    <div class="col-lg-12">
+      <div class="card">
+        <div class="card-header">
+          <div class="row">
+            <div class="col">
+              <i class="fas fa-key fa-fw mr-2"></i><?php echo _("WireGuard"); ?>
+            </div>
+            <div class="col">
+              <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
+                <span class="icon text-gray-600"><i class="fas fa-circle service-status-<?php echo $serviceStatus ?>"></i></span>
+                <span class="text service-status">wg <?php echo _($serviceStatus) ?></span>
+              </button>
+            </div>
+          </div><!-- /.row -->
+        </div><!-- /.card-header -->
+        <div class="card-body">
+        <?php $status->showMessages(); ?>
+          <form role="form" action="?page=wg_conf" enctype="multipart/form-data" method="POST">
+            <?php echo CSRFTokenFieldTag() ?>
+            <!-- Nav tabs -->
+            <ul class="nav nav-tabs">
+                <li class="nav-item"><a class="nav-link active" id="clienttab" href="#wgsettings" data-toggle="tab"><?php echo _("WireGuard settings"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="logoutputtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
+            </ul>
+
+            <!-- Tab panes -->
+            <div class="tab-content">
+              <?php echo renderTemplate("wg/general", $__template_data) ?>
+              <?php echo renderTemplate("wg/logging", $__template_data) ?>
+            </div><!-- /.tab-content -->
+
+          <?php echo $buttons ?>
+          </form>
+        </div><!-- /.card-body -->
+        <div class="card-footer"><?php echo _("Information provided by wireguard"); ?></div>
+      </div><!-- /.card -->
+    </div><!-- /.col-lg-12 -->
+  </div><!-- /.row -->
+

From 070b1db4257785c6052f23d9a9a3d61ac63ba966 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 22:35:16 +0100
Subject: [PATCH 06/74] Create RaspAP webfont

---
 dist/raspap/css/fonts/RaspAP.eot  | Bin 0 -> 2392 bytes
 dist/raspap/css/fonts/RaspAP.svg  |  12 +++++++
 dist/raspap/css/fonts/RaspAP.ttf  | Bin 0 -> 2232 bytes
 dist/raspap/css/fonts/RaspAP.woff | Bin 0 -> 2308 bytes
 dist/raspap/css/style.css         |  54 ++++++++++++++++++++++++++++++
 5 files changed, 66 insertions(+)
 create mode 100755 dist/raspap/css/fonts/RaspAP.eot
 create mode 100755 dist/raspap/css/fonts/RaspAP.svg
 create mode 100755 dist/raspap/css/fonts/RaspAP.ttf
 create mode 100755 dist/raspap/css/fonts/RaspAP.woff
 create mode 100644 dist/raspap/css/style.css

diff --git a/dist/raspap/css/fonts/RaspAP.eot b/dist/raspap/css/fonts/RaspAP.eot
new file mode 100755
index 0000000000000000000000000000000000000000..d77690f6fda5ba960971730d722cece920d258ab
GIT binary patch
literal 2392
zcmaJ@O>7&-6@G7LcXqiXml92KNsAIGG9e?`q_m_+N^U|YaI9ESL>qD}2dx~Nkr~;R
zL<+Ku+CdQn=q0x#w-hN5pg_@{f&gg&15FDTMGgh>gA^@L<l0lvTyu-VezT+y%P~5b
zpYMJ1=DoK+^JZQO5Z$$im^3<EnBHc^ym0O?uXG0`v*5n>@ElQyR;f)lX_uZMwbX&!
zp-s9)+u--WBxnuH9(1l#kGhm4kIFQQnTOYcQqF?(1__!ydw!-8i5kBI^D)|$jh*(c
zyY`Pap_GRF;%58iF2)haYP2@D@4Wii-#>l}@@*o6u65d1lfV7LzlbDcs$T<P{#ASq
z`9sK$UEA5e?U?XJ@}H2C+r5pp_Iv&YG8#EM?c2K);swaxLC$vDJDub6BflXs;h$gI
z?cLl*oG8}2YMz96iQk4}(tf3V3g)fB$p57(<Gmj$jIa-vr-{C1aj$=mo)&1BJb3X+
zFRMD=oAQ{(++Y;GR+@C02XB*w537O8e$D;+{k~cROg`rRe_S2w9<<BE(26|3;m2q!
z_$oi>{eRAYjeDYxsMGlPS9pT!2!6I$=3*hAGaWXiH*3m-o2XVAO>We^$LozcM0bMK
zEU3A9ZLUy^mpPx4X4PTLxR^oBJFo&%je0})x{CME_yoI^gsUK0v5?D8Gn5Zj!+>9v
zjf1L~1Y8$pScTE3SA0gAvY0EtOTmv$b$+eQ^8zC*ugo(H`#D(zU&yH*&xUB#BR09}
zo!}}$$;0-5gV~c@#3LR=0Z^??a2z4x0U;C}j>ix^V5MI51{Mp_6n(?Ew6*=|A3ImC
z*tVvvZr%9m%NsW?YJC4vVS2ii%|=a4k1TplLg#=LF1Xf+#hHu{vn4ZV#Pea+Ewk(<
zIhpi+8c9dY%bqi$jbt4DwKMMMme5Vz2$`BGB5B7-g*DA!VH&ZiSS%NGgtTkNMyHNM
z^U+M!Fe;P9McY1B4u%qe+@vA(%;VB}@~N3h<zhAy4A^!#H(8kci5rOs9kW*1yrP-X
zny}2Y<yKSj_y`M)O<_fCD;8wIfl-U2X(t#DhGMohRv+WF;+b3^7C=<O(8Cjvk#wq(
z6o$|Yag0@g0gZ(&G+h%?@E5I>KdrQ$U;gO%<qK<{U07Q^|H=8)4_s-)QpvpYnB&cd
z!s9VLU_{139E}MPoXcgWOkHZBOw?pOT`FyqXC}U%*KNaFHln2z{A#bmkrB`h!-O}D
zgF-rbWFivDyW`Ew+*&3)8n7HI(#&T)DNDuDnUIi{jK+mXpPD*-E1Tl!VzG97dg_$x
zTIP6aWK0HA;ZWR;mgO=`8etjHgDK5EVrdA)2q;fLAw8hWAijX38;Erjaf^U1)aNmc
z@vvY`_we|rhzhSlL)EYwk!9@uC)jg$k-wgxXX$4u)pAVcbA{Sm9e-nSu<_zC{}&%_
zyxQDgQ;z2Ru{P)b@YTUKh{x1MkzycaSnWD&;AuA9dZk)>h|bBpqP2AQY^&RCo$da)
z;dy5g@p$5l=QZYm<B3EZcz&_jyflV#so7k7PT`|R6&^i(vf0i~2F}@q!p~P$)~r!W
zO2^!~eEFSH$!f`J^>;hnUj!3D!#-m3(N?e5Li<ZRz6AU5wG>DB0pEXrY;3*Rd~We%
zb6t5`Z=O`%fVFRv$qOe=oHAZqTH4BFxWyk9i*K&4UpHRc+IqiK1~JIB7~XRiGM6Jy
zeoH~!Pn}==?e1{}2IDZxA>kv(4hq)zIh%A-5u*P<CLL(Vfu(_<mO*A{+dgAcj3)Ts
z+8dBmzLnfiCkV=c2VWR=4t+4R&m_UA6-v{ji$g5HSBF>!-X3BD|4DR+CHT`rY|~MC
zU7ZPf089uo1FYd7e|d-n_=O?Xf%k^kz|lTF#1j1S5Zg3I@2=u>e&*bRmxHy=-p%X1
zZq_T$KKe%R<0X$^I-9q)+k1yE89!EA>~;6Eo1JcFuf5;7ntkO?c4?!x((850wCG<#
r_9=@?N(a{wbv0?zKE|uyUZFeamuLf8D`@J%QpP*>&w2lCKeGED{AoBn

literal 0
HcmV?d00001

diff --git a/dist/raspap/css/fonts/RaspAP.svg b/dist/raspap/css/fonts/RaspAP.svg
new file mode 100755
index 00000000..27920e40
--- /dev/null
+++ b/dist/raspap/css/fonts/RaspAP.svg
@@ -0,0 +1,12 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
+<svg xmlns="http://www.w3.org/2000/svg">
+<metadata>Generated by IcoMoon</metadata>
+<defs>
+<font id="RaspAP" horiz-adv-x="1024">
+<font-face units-per-em="1024" ascent="960" descent="-64" />
+<missing-glyph horiz-adv-x="1024" />
+<glyph unicode="&#x20;" horiz-adv-x="512" d="" />
+<glyph unicode="&#xe900;" glyph-name="wireguard" d="M1023.147 463.147c0 0 23.595 496.853-522.453 496.853-482.859 0-497.963-476.587-497.963-476.587s-70.997-547.413 509.141-547.413c556.501 0 511.275 527.147 511.275 527.147zM347.947 636.757c102.4 62.72 233.344 24.363 282.368-69.888 9.301-17.877 10.496-45.355 4.608-64.128-20.352-64.683-68.309-100.949-134.187-116.395 19.413 16.64 34.859 35.499 39.808 61.525 1.195 5.504 1.88 11.827 1.88 18.31 0 20.027-6.533 38.528-17.584 53.488l0.174-0.246c-16.797 22.874-43.588 37.556-73.809 37.556-11.257 0-22.038-2.037-31.995-5.763l0.63 0.207c-40.533-15.36-62.72-52.395-58.752-97.877 3.712-42.24 35.797-69.632 95.787-80.043-8.96-4.736-15.872-8.235-22.613-11.989-27.988-15.524-51.374-35.995-69.74-60.451l-0.404-0.562c-6.101-8.192-10.24-8.875-19.541-3.2-120.619 73.771-128.384 258.859 3.371 339.456zM257.707 180.992c-19.413-4.949-38.187-12.203-57.984-18.688 9.685 65.365 86.229 125.568 150.997 118.699-18.043-24.598-29.583-54.982-31.551-87.945l-0.022-0.46c-21.504-3.968-41.813-6.613-61.44-11.605zM669.995 819.2c19.115-0.725 38.315-0.427 57.472-0.853 5.287-0.363 10.162-1.075 14.91-2.128l-0.659 0.123c-4.574-6.938-9.348-12.986-14.582-18.599l0.076 0.082c-6.827-6.4-14.549-12.629-24.448-2.944-2.347 2.347-7.979 1.792-12.075 1.877-19.072 0.213-38.144 0.853-57.173 0.128-17.856-0.589-34.82-2.396-51.386-5.353l2.149 0.318c-3.072-0.555-7.595-10.667-6.229-14.421 3.328-8.832 8.149-18.56 15.317-24.192 26.411-20.907 54.485-39.595 81.067-60.288 25.771-20.139 49.792-42.24 64.427-72.533 19.029-39.595 19.627-81.067 11.392-122.752-13.739-69.547-48.939-127.147-105.941-169.045-22.955-16.853-51.413-26.453-77.696-38.528-23.168-10.667-46.933-19.84-70.144-30.379-41.813-19.029-65.28-64.427-58.411-111.573 6.357-43.307 44.373-79.445 87.851-86.912 52.181-8.96 106.069 25.003 118.827 78.080 14.336 59.605-18.048 112.896-78.72 129.024l-10.923 2.816c16.213 7.253 30.208 12.416 43.179 19.541q33.835 18.645 66.475 39.467c6.4 4.096 9.856 4.096 15.36-0.597 41.685-36.096 66.56-80.981 73.557-135.979 11.52-91.093-31.573-174.763-112.896-217.643-125.781-66.347-279.765 9.173-307.541 148.651-23.808 119.467 60.501 227.84 162.005 248.747 43.648 9.003 83.541 27.179 114.56 60.8 20.053 21.675 29.739 40.277 33.067 48.683 5.86 14.568 9.259 31.458 9.259 49.142 0 0.094 0 0.187 0 0.281v-0.014c-0.72 15.473-4.371 29.921-10.408 43.044l0.296-0.719c-10.581 24.149-51.2 62.549-61.227 70.656l-95.573 74.837c-3.371 2.773-7.168 2.56-15.36 2.005-9.813-0.683-34.773-2.048-45.525 0.768 8.704 6.613 32.427 16.213 42.667 23.893-30.976 20.907-66.304 13.397-98.773 19.627 7.509 13.995 44.629 35.456 65.749 37.888-1.455 13.545-3.483 25.484-6.166 37.173l0.406-2.101c-1.28 4.736-6.571 9.387-11.221 12.075-11.179 6.571-23.083 11.989-35.968 18.517 10.935 7.156 24.244 11.558 38.555 11.945l0.101 0.002c1.66 0.068 3.608 0.107 5.566 0.107 11.77 0 23.21-1.408 34.163-4.064l-0.987 0.202c23.040-5.248 41.387-1.792 59.691 13.824-14.421 5.803-28.843 11.093-42.795 17.365-16.163 7.396-29.343 14.415-42.082 22.091l1.89-1.056c36.267-5.035 71.296-18.645 108.373-13.653l0.939 5.035-86.101 20.053c51.328 4.693 99.115 5.461 144.384-16.555 12.757-6.229 26.027-11.349 38.272-18.432 5.973-3.413 9.941-10.24 14.848-15.573 3.84-4.181 6.997-9.813 11.776-12.373 18.091-9.6 37.973-9.984 58.283-9.515l0.427 6.827c20.437-6.4 43.392-29.952 43.392-47.147-33.109 0-66.133 0.128-99.2-0.171-3.541 0-7.040-2.603-10.539-4.011 3.328-1.963 6.613-5.461 10.027-5.589zM627.328 868.139c-1.461-0.899-2.42-2.488-2.42-4.302 0-1.516 0.67-2.876 1.731-3.799l0.006-0.005c1.344-2.305 3.804-3.83 6.62-3.83 1.429 0 2.767 0.393 3.91 1.076l-0.035-0.019c3.2 1.621 6.315 3.328 10.155 5.333-3.072 2.645-5.547 4.864-8.107 6.955-4.523 3.712-8.235 1.365-11.861-1.408z" />
+<glyph unicode="&#xe901;" glyph-name="raspap" horiz-adv-x="1031" d="M540.058 281.983c0-104.182-84.446-188.637-188.625-188.637-104.176 0-188.62 84.455-188.62 188.637 0 104.171 84.444 188.625 188.62 188.625 104.179 0 188.625-84.455 188.625-188.625zM351.437 550.062c-147.818 0-268.074-120.259-268.074-268.080 0-147.826 120.257-268.091 268.074-268.091s268.077 120.265 268.077 268.091c0 147.821-120.259 268.080-268.077 268.080zM351.437-58.985c-188 0-340.95 152.958-340.95 340.967 0 188.003 152.95 340.956 340.95 340.956 188.003 0 340.953-152.953 340.953-340.956 0-188.009-152.95-340.967-340.953-340.967zM404.82 698.222c185.52 0 339.484-137.497 365.479-315.929l79.208-5.253c-24.125 224.046-214.339 399.077-444.686 399.077-10.909 0-21.723-0.412-32.433-1.186l5.16-77.823c9.017 0.661 18.093 1.113 27.272 1.113zM404.989 874.303c285.73 0 520.41-222.659 539.731-503.584l78.375-5.205c-16.843 326.355-287.644 586.685-618.106 586.685-14.884 0-29.644-0.561-44.264-1.6l5.157-77.719c12.919 0.928 25.958 1.424 39.106 1.424z" />
+</font></defs></svg>
\ No newline at end of file
diff --git a/dist/raspap/css/fonts/RaspAP.ttf b/dist/raspap/css/fonts/RaspAP.ttf
new file mode 100755
index 0000000000000000000000000000000000000000..112214426e9ea9bad281acc07f2eb7fbaf327207
GIT binary patch
literal 2232
zcmaJ?QEU@O5S_Wb+dH4_b7E|tojCEu2D=Hdle1$xNvQ*(goG#t1qf9enwZ25ki?FX
zpaQB8Qh)fP{iA9nq)Ju$g^=1xNTn53#YZJ*)vA>$e*1;mU;awn*|Q_kg1X+lee-s9
zX7+qD3kU#ixC#sgj~*Y$`uxhf#N4H^u((!PH)nso27pnLPb^n9*J*AeS<Kq<>ZP|H
zet-8m$rk|>I9shOg+KY?R{%~j6wVT%e#?F!`8LVB&#rA<G*t2i{1=kLtM$c-^cnt1
zG7T`+Di_zmgCivWMY2_^tX2Dm+dc+R$v<9RuWxQqoYb@%VjUQJ4c{ZjAblV`Am(~=
z#y=p3E}^%hA%*?#wjbazvU`ntu%FSOMe#1So8<uEO^hh5HD~5%ML~vP;&sqKq920w
z7#mL;4QH427#xg^-%XkJ?X-)4q~+VeNdUzWN9CE`|8ol2xW^h4brfb`0lTq4!4IY~
zm`Wz%s(~uE2UQ+2L%D3RgvElrr%)`AXm+DmC2FXUA4;Zz8BD~vnlq4AOj@CyFvtp-
zDi(^&(G|Q+14q%!hD-rzq>}MOACmI+ZZhC>VPm@sCPc2211Q2M7P1b*Ri26`$xG6S
zPCT5RAI1@+u<Q&DAlZ-e6!FQpc+%M@T5-e@=Il|-Q78$r-Q>vZ7^dim+ffk6<-0LR
zA<_X!NEsLmQ1k?|g`C~AnB*#JD9Y)T)dyczmlkwgl4e%UKl<tX`BM@;J)P|9D_fRd
zm1N(zZG>cWY2Ku%wP_fOF*cZ1-AXXwMOjlbW*Ea^`*mN`r_S3(o75IF@FSzkkToW&
zvf@!CmHDEE5%Efrf=pEcy@5d7Z7{Cq_qO-$@+bT;OHr~tsc~K3n{j(Wu6U2a<=7ss
z?R#Y)n>}U4+%8?u#CwuGFPlCelWA4Us0)(HwQfy~YGy9N``eI7s4~s3YXLVhbhT^f
zj~ecv+Y`{G&O#^7rY7R9fQzDHitO$7wM8S@FjJVMu)Qc68IX|4Op+zW8U9$F{%X2>
zWa{%HQzvI1o}8UIe*gH)Et4yONH}5aHtb=Kw<{pK6kn$Y{Q<_@LvgEDmAT}J`Bjvo
z>GWb|p!@G(Sy${S#h;FlU+D@tQe3j4sN_vTH{*uv>-PB)W>+aTG#m4_yEH@dl@gZC
zc{-Jz@G!1%e~_{0!QMj`tO)j{Qu+SA-h-y8sa=t_PVSC)Jwe@{;ZtN%@p7N+j!610
zO`=c~m+(Z$BfDhorhmYY6^gZ;;$|+HiN8lxy1Wb}*{0)Dr>N*vNYo|DMyfJ;<38ow
z9jae1!K?5FY*5Yxcp{$64;AQZOf?fP7;rxER^sJ{nn~Fncjo+%^TFquX%GyEMB%I{
z#ZY7&C2$|AW+9u)|A&tAgrKEp?P$4HD<7?WU9|0qP%s#pu<hb7;b15fBs@G`DxL16
zcDhs=KP+%ZhrsQJ#!3~d$8}6kCf}Z(p4Hkl&JA^Ce*XP*S}XHh?$fo}JMNHM(Rb<C
zQLfj^G`<N2C&@nfnha8VhM(T-?3^o=4v&wO=7hJo(wOi@Sb7o;pBx=MsGOLbT#3c7
zjJH#%Yjbnwl*=nCH`5s+nzfdu56zL-yl>wVaLZ2VeDvL&egT?utIAQqryARAw8yF0
zAgh94jUAP=sll6;nu6FyGLp9LFggUF8-J6ok|gRa$D+7FsBL?2gx14=TP^ztoH(&V
zXsU3kg&Fa=7M2OGwy;9qiNA$8@rPPihYq+R?gZIIjE7d5SONpyY+*+HNDIq^H(FSM
z5OlRLCw{7hbr^yhGjuy2I7atD1vX(F4#2V5>c-}|dd;#kgD?wKGP4Qipbj;#z=jMA
zKELG!Om+FfYGs4$R$&<~(D^E`@x0o2y|!g7S8LUc%2svBI&;aIT&z#m>$MDwJ1)1#
n=`z`<Ie}DQi{>Tb&cG#lPQoH-P16wJW#}C{_q_AAU-<Y3z1J!4

literal 0
HcmV?d00001

diff --git a/dist/raspap/css/fonts/RaspAP.woff b/dist/raspap/css/fonts/RaspAP.woff
new file mode 100755
index 0000000000000000000000000000000000000000..875f025380b31061cacc16d0f24d63185ec7c079
GIT binary patch
literal 2308
zcmaJ?Uu+vi8lP`xcXqvNuN~L++Km%$Y_LfhJ6SunlODK5y_$q5Zk5s$aVe=uP1+{0
zt0Wa|g%A=iym7qU38YF$=<W$2aY&W;qaxq|3GM{aNhe<KUMhIyjh^o}Yxn3Kh}rpO
ze&27t`Mz&<cV=EV)oe0iC;^pOvNvuIbcz4BoH{d8W{eE57o>!v+AEv8?W^D}L4Qh$
zv-ZuaTkU<xeF$CJN{MXk+;|?`XN+l3HTKmPAHH^})4s@<0LN-ll5hXz@0UP=`w{v>
zQuI&wUoY(*TxU#op(mx-I<t0qo3PX8q1#fFKhyWS?dyoEFG6>H3DQEhz1snY{OG2X
z>G{Z8S9|*hNb6t!wc|jXKTW@v$tizSzJ&hTpr`Lxg#yqYEEIWAllVAecZuKW-(kl&
z1dRVq(aYlctsey_jWLPSXr)z}sZ6fJ#G6v^5OeQR|6acj4s-7^A5;IIjyjy-51=7N
zunPNL2AslJeZdd?Q~Y1&H2Ao~`^Y-YR@ns_CwvQ<EtIH`&t-L+bm7hFBH<(|<$8na
zHSghCy$018Cpijgu2!AP7vd$#Wrbd`2_p_hP;)lCz*W6g=f17vJqR5or<`ykgcS1G
z+!Vq1{%kn#tMqZdN+yBO`5BUF)N5s*5xOX3^N5o7vy+WqtMjx#NXskH48ea^6u{@R
zvc=kvtz2S*D&A45Ae9_^4>-6zMg=VKeii_g>Nv%bA{GdxU{gGX>;cQQiZ}3>7dr22
z+WGCBFW>K6ykMG&vbufc+pn)&Ij7LQ^ZBW%mg`1!MGZGSJE2m*2<06kVo)Z-`D{_Q
zw0JH=s-c&hBqfvHGvRbt-|*~+63N)~rafk>23K`e3+jr_!)e=2g%m|2u4}Q$SS)MV
zT$t4(Ba?@sxoF1KwDLruX_`k$RxlCBPG~~SJS>byADbzc&$$^ZV49`uM1JBoPB_d}
zj2b2Vf}#s!+|bj8Q%Q;G2yumUZbVHZW)Y{rh(Xb`ZN;r%%v45eqqJ67%m!isWW_Z#
zG#-wmQ{^PrxT5hRBnuoU#8s}S3KyLI)>`>srS;_UdrvN(UHj_n+Ul9l&#b=V2rZUM
z=In=TZ$20ri>U!EJQ}2EjB{%)>rU#bP=cALPHMVX+$_zE|9f6FHE&sq7E_3;yo5kn
zK-DxI(G;?{u+{K*IGl6F8kxDZOlTxv*haXKb3Gx7h2mn63qwTXoTpDrp1kI!XsS@C
zPESpqa2!J)OGQS7l?nypX0#-h;Zh5Uuxh0g^N^t+6)hkm0R`27DlB{fTh);32=e9u
zmCMhgYhxi!it1tcsK^ShLP1rq8*$2*{m-%IZsWv#g#DKNj_qO3#Y8Tfug=x*Hx>pP
zFCO!M@!`g+&J8x@NY?MGbN&xs8Ek`iOl}mx2U>>YuEPeNBHgK#E7kv_vmz&HCEY#M
z>ULYFx*yd&Z!r;%Cl)=gJ`WsEB;vsH%|_$=D9ZUpqxpoyhYw3Ua`ITC?M?(voB8|;
zD=TZph#`cnZ*Oe8UMw0dQK|fCxBH@%ur%|KNrzj#UJLSZJiY|~h_w_)`3c{<H9ET9
zXgtw8)>xO()*HuUG+^b2Wb*9MqbIbdmX@|N8EVnHg~F@r>zB2g+uOH_B@lzN7Tp`p
zLS`fU=nu?N{nPN<Pj634FzAP;oV<_ZH;@H${4<-Wx>R}pfs<4cxQGUx28x^ponUSH
zjLBkboc^J_3{9T5g6i@HLAf8nSB8zv-WmEQCcw!V(o$#VhM0q|46zElGsGJHljsl&
z@F$1ZWQW;H@=j0#V1gJKU<G&LvqQ|mFAT8?yf?%eOR%va7T}kM*kp6;539JrA3u%z
zpw0H#RrWYLz1G>=zufD(UTK!Cu@2nqv&*c<y3A!BE3w(1Px%F=vvqB!y$8P?w#BYt
zeQmb)bF*fzd*E($x}ClDLFc0T+zoeWv$xXgbxW-2hde;gE%@mAiL}`P`itP6V>i$)
Tu}xU5KxBF)ykmLW{z~}|xDhO%

literal 0
HcmV?d00001

diff --git a/dist/raspap/css/style.css b/dist/raspap/css/style.css
new file mode 100644
index 00000000..93eb072e
--- /dev/null
+++ b/dist/raspap/css/style.css
@@ -0,0 +1,54 @@
+ /*!
+ * RaspAP-Brands Brand Icons - https://raspap.com
+ * License - https://github.com/billz/RaspAP-Brands-webgui/blob/master/LICENSE
+ */
+@font-face {
+  font-family: 'RaspAP';
+  src:  url('fonts/RaspAP.eot?e76qs3');
+  src:  url('fonts/RaspAP.eot?e76qs3#iefix') format('embedded-opentype'),
+    url('fonts/RaspAP.ttf?e76qs3') format('truetype'),
+    url('fonts/RaspAP.woff?e76qs3') format('woff'),
+    url('fonts/RaspAP.svg?e76qs3#RaspAP') format('svg');
+  font-weight: normal;
+  font-style: normal;
+  font-display: block;
+}
+
+[class^="ra-"], [class*=" ra-"] {
+  /* use !important to prevent issues with browser extensions that change ..webfonts */
+  font-family: 'RaspAP' !important;
+  speak: none;
+  font-style: normal;
+  font-weight: normal;
+  font-variant: normal;
+  text-transform: none;
+  line-height: 1;
+
+  /* Better Font Rendering =========== */
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+.ra-wireguard:before {
+  font-size: 1.3rem;
+  content: "\e900";
+  color: #d1d3e2;
+  vertical-align: middle;
+}
+
+.card-header .ra-wireguard:before {
+  color: #fff;
+}
+
+.sidebar .nav-item.active .nav-link
+span.ra-wireguard:before {
+  color: #6e707e;
+}
+
+.ra-raspap:before {
+  font-size: 4.35rem;
+  content: "\e901";
+  color: #d8224c;
+  margin-left: 0.1em;
+}
+

From 5179847c5c208939ae4f0f8568e43889e0dd18a3 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 22:36:03 +0100
Subject: [PATCH 07/74] Update w/ project webfont

---
 index.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/index.php b/index.php
index 837ebef3..688c04c5 100755
--- a/index.php
+++ b/index.php
@@ -83,9 +83,12 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
     <!-- DataTables CSS -->
     <link href="dist/datatables/dataTables.bootstrap4.min.css" rel="stylesheet">
 
-    <!-- Custom Fonts -->
+    <!-- Font Awesome -->
     <link href="dist/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
 
+    <!-- RaspAP Fonts -->
+    <link href="dist/raspap/css/style.css" rel="stylesheet" type="text/css">
+
     <!-- Custom CSS -->
     <link href="<?php echo $theme_url; ?>" title="main" rel="stylesheet">
 
@@ -119,7 +122,7 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
         <hr class="sidebar-divider my-0">
         <div class="row">
           <div class="col-xs ml-3 sidebar-brand-icon">
-            <img src="app/img/raspAP-logo.svg" class="navbar-logo" width="64" height="64">
+            <span class="ra-raspap"></span>
           </div>
           <div class="col-xs ml-2">
             <div class="ml-1">Status</div>
@@ -169,7 +172,7 @@ $bridgedEnabled = $arrHostapdConf['BridgedEnable'];
           <?php endif; ?>
           <?php if (RASPI_WIREGUARD_ENABLED) : ?>
         <li class="nav-item">
-          <a class="nav-link" href="index.php?page=wg_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("WireGuard"); ?></a>
+          <a class="nav-link" href="index.php?page=wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_TORPROXY_ENABLED) : ?>

From 5c4814585a79ce64acc36019e0381729df31a175 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Apr 2020 22:36:34 +0100
Subject: [PATCH 08/74] Style tweaks

---
 app/css/custom.css     | 4 ++++
 app/css/hackernews.css | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/app/css/custom.css b/app/css/custom.css
index 75cff67a..e5effc31 100644
--- a/app/css/custom.css
+++ b/app/css/custom.css
@@ -46,6 +46,10 @@ body {
   font-weight: 500;
 }
 
+.sidebar-light hr.sidebar-divider {
+  padding-top: 0.5rem;
+}
+
 .card .card-header {
   border-color: #d8224c;
   background-color: #d8224c;
diff --git a/app/css/hackernews.css b/app/css/hackernews.css
index 7af897a2..b2c36496 100644
--- a/app/css/hackernews.css
+++ b/app/css/hackernews.css
@@ -66,6 +66,9 @@ h5.card-title {
   font-family: Verdana, Geneva, sans-serif;
 }
 
+.sidebar-light hr.sidebar-divider {
+  padding-top: 0.5rem;
+}
 
 ul.nav-tabs, .nav-tabs .nav-link {
   background-color: #f6f6ef;
@@ -145,6 +148,7 @@ ul.nav-tabs, .nav-tabs .nav-link {
 .info-item-xs {
   font-size: 0.7rem;
   margin-left: 0.3rem;
+  line-height: 1.5em;
 }
 
 .info-item-wifi {
@@ -181,6 +185,10 @@ ul.nav-tabs, .nav-tabs .nav-link {
   }
 }
 
+.fas.fa-circle {
+    font-size: 0.5rem;
+}
+
 .logoutput {
   width:100%;
   height:300px;

From 8d73fb774f46ff3d85253cc7c789638236dabf5a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:00:34 +0100
Subject: [PATCH 09/74] Update installer + sudoers for wg

---
 installers/common.sh      | 39 +++++++++++++++++++++------------------
 installers/raspap.sudoers |  4 ++++
 installers/raspbian.sh    |  8 ++++++++
 3 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index a58e4ba7..a06dedda 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -235,37 +235,37 @@ function _install_adblock() {
     _install_status 0
 }
 
-# Prompt to install VPN
-function _prompt_install_vpn() {
-    _install_log "Configure VPN support"
-    echo -n "Install VPN and enable client configuration? [Y/n]: "
+# Prompt to install openvpn
+function _prompt_install_openvpn() {
+    _install_log "Configure OpenVPN support"
+    echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
         if [ "$answer" != "${answer#[Nn]}" ]; then
             echo -e
         else
-            _install_vpn
+            _install_openvpn
         fi
     elif [ "$ovpn_option" == 1 ]; then
-        _install_vpn
+        _install_openvpn
     else
         echo "(Skipped)"
     fi
 }
 
-function _install_vpn() {
-    echo -n "Install [O]penVPN or [W]ireGuard? [O/W]: "
+# Prompt to install WireGuard
+function _prompt_install_wireguard() {
+    _install_log "Configure WireGuard support"
+    echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
     if [ "$assume_yes" == 0 ]; then
         read answer < /dev/tty
-        case $answer in
-            [oO]* )
-                _install_openvpn;
-                break;;
-            [wW]* )
-                _install_wireguard;
-        esac
-    elif [ "$ovpn_option" == 1 ]; then
-        _install_openvpn
+        if [ "$answer" != "${answer#[Nn]}" ]; then
+            echo -e
+        else
+            _install_wireguard
+        fi
+    elif [ "$wg_option" == 1 ]; then
+        _install_wireguard
     else
         echo "(Skipped)"
     fi
@@ -283,6 +283,8 @@ function _install_wireguard() {
     printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
     echo "Installing WireGuard"
     sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    echo "Enabling wg-quick@wg0"
+    sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service"
     echo "Enabling WireGuard management option"
     sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
     _install_status 0
@@ -572,7 +574,8 @@ function _install_raspap() {
     _default_configuration
     _configure_networking
     _prompt_install_adblock
-    _prompt_install_vpn
+    _prompt_install_openvpn
+    _prompt_install_wireguard
     _patch_system_files
     _install_complete
 }
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 517fbdef..ef21ec14 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -37,4 +37,8 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
+www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
+
 
diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index d0e72769..da8ca5d0 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -14,6 +14,8 @@
 #    Used with -y, --yes, sets OpenVPN install option (0=no install)
 # -a, --adblock <flag>
 #    Used with -y, --yes, sets Adblock install option (0=no install)
+# -w, --wireguard <flag>
+#    Used with -y, --yes, sets WireGuard install option (0=no install)
 # -r, --repo, --repository <name>
 #    Overrides the default GitHub repo (billz/raspap-webgui)
 # -b, --branch <name>
@@ -39,6 +41,7 @@ branch="master"
 assume_yes=0
 ovpn_option=1
 adblock_option=1
+wg_option=1
 
 # Define colors
 readonly ANSI_RED="\033[0;31m"
@@ -58,6 +61,7 @@ Usage: raspbian.sh [OPTION]\n
 -c, --cert, --certificate\n\tInstalls an SSL certificate for lighttpd
 -o, --openvpn <flag>\n\tUsed with -y, --yes, sets OpenVPN install option (0=no install)
 -a, --adblock <flag>\n\tUsed with -y, --yes, sets Adblock install option (0=no install)
+-w, --wireguard <flag>\n\tUsed with -y, --yes, sets WireGuard install option (0=no install)
 -r, --repo, --repository <name>\n\tOverrides the default GitHub repo (billz/raspap-webgui)
 -b, --branch <name>\n\tOverrides the default git branch (master)
 -h, --help\n\tOutputs usage notes and exits
@@ -80,6 +84,10 @@ while :; do
         adblock_option="$2"
         shift
         ;;
+        -w|--wireguard)
+        wg_option="$2"
+        shift
+        ;;
         -c|--cert|--certificate)
         install_cert=1
         ;;

From 7c7b8941cbabc64ee688a643a3cd34c4fb3af745 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:01:31 +0100
Subject: [PATCH 10/74] Update stop/start, status

---
 includes/wireguard.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index a0c2ed94..ed94ee34 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -19,28 +19,28 @@ function DisplayWireGuardConfig()
             }
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
-            exec('sudo /bin/systemctl start wg-quick@wg0', $return);
-            exec('sudo /bin/systemctl enable wg-quick@wg0', $return);
+            exec('sudo /usr/bin/wg-quick up wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
         } elseif (isset($_POST['stopwg'])) {
             $status->addMessage('Attempting to stop WireGuard', 'info');
-            exec('sudo /bin/systemctl stop wg-quick@wg0', $return);
-            exec('sudo /bin/systemctl disable wg-quick@wg0', $return);
+            exec('sudo /usr/bin/wg-quick down wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
         }
     }
 
-    exec('pidof wg | wc -l', $wgstatus);
+    exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
 
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
+    $wg_state = ($wgstatus[0] > 0);
 
     echo renderTemplate(
         "wireguard", compact(
             "status",
+            "wg_state",
             "serviceStatus"
         )
     );

From 292a4ed1beb109286c81b989bbb7bdfc8ab3775d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:02:07 +0100
Subject: [PATCH 11/74] Initial template setup

---
 templates/wg/general.php | 46 ++++++++++++++++++++++++++++++++++++++++
 templates/wg/logging.php | 11 ++++++++++
 templates/wg/peers.php   | 11 ++++++++++
 templates/wireguard.php  | 12 ++++++-----
 4 files changed, 75 insertions(+), 5 deletions(-)
 create mode 100644 templates/wg/peers.php

diff --git a/templates/wg/general.php b/templates/wg/general.php
index e69de29b..ec44562a 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -0,0 +1,46 @@
+<!-- wireguard settings tab -->
+<div class="tab-pane active" id="wgsettings">
+  <div class="row">
+    <div class="col-md-6">
+      <h4 class="mt-3"><?php echo _("Tunnel settings"); ?></h4>
+        <div class="input-group">
+          <input type="hidden" name="tunnel-enable" value="0">
+          <div class="custom-control custom-switch">
+            <input class="custom-control-input" id="tunnel-enable" type="checkbox" name="tunnel-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="tunnel-description">
+          <label class="custom-control-label" for="tunnel-enable"><?php echo _("Enable tunnel") ?></label>
+        </div>
+        <p id="wg-description">
+          <small><?php echo _("Enable this option to encrypt traffic on your local network by creating a tunnel between RaspAP and connected clients.") ?></small>
+        </p>
+        </div>
+        <div class="row">
+          <div class="form-group col-xs-3 col-sm-3">
+            <label for="code"><?php echo _("Local Port"); ?></label>
+            <input type="text" class="form-control" name="wgport" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+          </div>
+        </div>
+
+        <div class="row">
+          <div class="col-xs-3 col-sm-6">
+            <label for="code"><?php echo _("Local public key"); ?></label>
+          </div>
+          <div class="input-group col-md-12 mb-3">
+            <input type="text" class="form-control" name="wgpubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
+            <div class="input-group-append">
+              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+              <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+            </div>
+          </div>
+        </div>
+
+        <div class="row">
+          <div class="form-group col-md-6">
+            <label for="code"><?php echo _("IP Address"); ?></label>
+            <input type="text" class="form-control" name="RangeEnd" value="<?php echo htmlspecialchars($RangeEnd, ENT_QUOTES); ?>" />
+          </div>
+        </div>
+
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | settings tab -->
+
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
index e69de29b..eb31dd10 100644
--- a/templates/wg/logging.php
+++ b/templates/wg/logging.php
@@ -0,0 +1,11 @@
+<!-- wireguard logging tab -->
+<div class="tab-pane fade" id="wglogging">
+  <div class="row">
+    <div class="col-md-6">
+      <h4 class="mt-3"><?php echo _("Logging"); ?></h4>
+
+
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | logging tab -->
+
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
new file mode 100644
index 00000000..2edc4d2d
--- /dev/null
+++ b/templates/wg/peers.php
@@ -0,0 +1,11 @@
+<!-- wireguard peers tab -->
+<div class="tab-pane fade" id="wgpeers">
+  <div class="row">
+    <div class="col-md-6">
+      <h4 class="mt-3"><?php echo _("Peers"); ?></h4>
+
+
+    </div>
+  </div><!-- /.row -->
+</div><!-- /.tab-pane | peers tab -->
+
diff --git a/templates/wireguard.php b/templates/wireguard.php
index b3f33796..0c0c0a81 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -1,8 +1,8 @@
   <?php ob_start() ?>
     <?php if (!RASPI_MONITOR_ENABLED) : ?>
       <input type="submit" class="btn btn-outline btn-primary" name="savewgsettings" value="<?php echo _("Save settings"); ?>">
-      <?php if ($dnsmasq_state) : ?>
-        <input type="submit" class="btn btn-warning" name="restartwg" value="<?php echo _("Restart WireGuard"); ?>">
+      <?php if ($wg_state) : ?>
+        <input type="submit" class="btn btn-warning" name="stopwg" value="<?php echo _("Stop WireGuard"); ?>">
       <?php else : ?>
         <input type="submit" class="btn btn-success" name="startwg" value="<?php echo _("Start WireGuard"); ?>">
       <?php endif ?>
@@ -15,7 +15,7 @@
         <div class="card-header">
           <div class="row">
             <div class="col">
-              <i class="fas fa-key fa-fw mr-2"></i><?php echo _("WireGuard"); ?>
+              <span class="ra-wireguard mr-2"></span><?php echo _("WireGuard"); ?>
             </div>
             <div class="col">
               <button class="btn btn-light btn-icon-split btn-sm service-status float-right">
@@ -31,13 +31,15 @@
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">
-                <li class="nav-item"><a class="nav-link active" id="clienttab" href="#wgsettings" data-toggle="tab"><?php echo _("WireGuard settings"); ?></a></li>
-                <li class="nav-item"><a class="nav-link" id="logoutputtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
+                <li class="nav-item"><a class="nav-link active" id="settingstab" href="#wgsettings" data-toggle="tab"><?php echo _("Settings"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peers"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="loggingtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
             </ul>
 
             <!-- Tab panes -->
             <div class="tab-content">
               <?php echo renderTemplate("wg/general", $__template_data) ?>
+              <?php echo renderTemplate("wg/peers", $__template_data) ?>
               <?php echo renderTemplate("wg/logging", $__template_data) ?>
             </div><!-- /.tab-content -->
 

From 0fa59b3272b2abff274311c532300cea0f11a5f9 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Apr 2020 10:02:37 +0100
Subject: [PATCH 12/74] Adjust wg font-size

---
 dist/raspap/css/style.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dist/raspap/css/style.css b/dist/raspap/css/style.css
index 93eb072e..45305ca1 100644
--- a/dist/raspap/css/style.css
+++ b/dist/raspap/css/style.css
@@ -30,7 +30,7 @@
 }
 
 .ra-wireguard:before {
-  font-size: 1.3rem;
+  font-size: 1.2rem;
   content: "\e900";
   color: #d1d3e2;
   vertical-align: middle;

From 0a21695ff2a5911ed1b774fc56f569ac5fb0e348 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:08:47 +0100
Subject: [PATCH 13/74] Add cp /tmp/wgdata to sudoers

---
 installers/raspap.sudoers | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 0ceafd9b..2d6ed495 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -36,6 +36,7 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0

From dccfb991b140bd2fe6e8b0c4672b2cfb800ee1d0 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:10:50 +0100
Subject: [PATCH 14/74] Build out peer template

---
 templates/wg/general.php |  4 ++--
 templates/wg/peers.php   | 45 +++++++++++++++++++++++++++++++++++++++-
 templates/wireguard.php  |  2 +-
 3 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index ec44562a..686949bb 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -10,13 +10,13 @@
           <label class="custom-control-label" for="tunnel-enable"><?php echo _("Enable tunnel") ?></label>
         </div>
         <p id="wg-description">
-          <small><?php echo _("Enable this option to encrypt traffic on your local network by creating a tunnel between RaspAP and connected clients.") ?></small>
+          <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
         </p>
         </div>
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wgport" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wgport" placeholder="51820" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 2edc4d2d..16337a08 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -1,8 +1,51 @@
 <!-- wireguard peers tab -->
 <div class="tab-pane fade" id="wgpeers">
+
   <div class="row">
     <div class="col-md-6">
-      <h4 class="mt-3"><?php echo _("Peers"); ?></h4>
+      <h4 class="mt-3"><?php echo _("Peer"); ?></h4>
+        <div class="input-group">
+          <input type="hidden" name="endpoint-enable" value="0">
+          <input type="hidden" name="peer_id" value="1">
+          <div class="custom-control custom-switch">
+            <input class="custom-control-input" id="endpoint_enable" type="checkbox" name="endpoint-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
+          <label class="custom-control-label" for="endpoint_enable"><?php echo _("Enable endpoint") ?></label>
+        </div>
+     </div>
+
+    <div class="row">
+      <div class="form-group col-xs-3 col-sm-6 mt-3">
+        <label for="code"><?php echo _("Endpoint address"); ?></label>
+        <input type="text" class="form-control" name="wg_endpoint" value="<?php echo htmlspecialchars($wg_endpoint, ENT_QUOTES); ?>" />
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="col-xs-3 col-sm-6">
+        <label for="code"><?php echo _("Allowed IPs"); ?></label>
+        <input type="text" class="form-control mb-3" name="wg_allowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_allowedips, ENT_QUOTES); ?>" />
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="col-xs-3 col-sm-6">
+        <label for="code"><?php echo _("Persistent keepalive"); ?></label>
+        <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
+      </div>
+    </div>
+
+    <div class="row">
+      <div class="col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Peer public key"); ?></label>
+      </div>
+      <div class="input-group col-md-12 mb-3">
+        <input type="text" class="form-control" name="wg_peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+        <div class="input-group-append">
+          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+          <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+        </div>
+      </div>
+    </div>
 
 
     </div>
diff --git a/templates/wireguard.php b/templates/wireguard.php
index 0c0c0a81..3ead09c7 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -32,7 +32,7 @@
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">
                 <li class="nav-item"><a class="nav-link active" id="settingstab" href="#wgsettings" data-toggle="tab"><?php echo _("Settings"); ?></a></li>
-                <li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peers"); ?></a></li>
+                <li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peer"); ?></a></li>
                 <li class="nav-item"><a class="nav-link" id="loggingtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
             </ul>
 

From 543791f7238cb40ec05ff5a4c4e6b0aad494cdb6 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:11:27 +0100
Subject: [PATCH 15/74] WIP: handle input

---
 includes/wireguard.php | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index ed94ee34..34d56ce2 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -11,12 +11,31 @@ function DisplayWireGuardConfig()
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['savewgettings'])) {
+            # Todo: validate input
             if (isset($_POST['authUser'])) {
-                $authUser = strip_tags(trim($_POST['authUser']));
+                $peer_id = strip_tags(trim($_POST'peer_id']));
             }
-            if (isset($_POST['authPassword'])) {
-                $authPassword = strip_tags(trim($_POST['authPassword']));
+            if (isset($_POST['wg_endpoint'])) {
+                $wg_endpoint = strip_tags(trim($_POST['wg_endpoint']));
             }
+            if (isset($_POST['wg_allowedips'])) {
+                $wg_allowedips = strip_tags(trim($_POST['wg_allowedips']));
+            }
+            if (isset($_POST['wg_pkeepalive'])) {
+                $wg_pkeepalive = strip_tags(trim($_POST['wg_pkeepalive']));
+            }
+            if (isset($_POST['wg_peerpubkey'])) {
+                $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey']));
+            }
+            file_put_contents("/tmp/wgdata", $config);
+            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+
+            if ($return == 0) {
+                $status->addMessage('Wireguard configuration updated successfully', 'success');
+            } else {
+                $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+            }
+
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
             exec('sudo /usr/bin/wg-quick up wg0', $return);
@@ -41,7 +60,13 @@ function DisplayWireGuardConfig()
         "wireguard", compact(
             "status",
             "wg_state",
-            "serviceStatus"
+            "serviceStatus",
+            "endpoint_enable",
+            "peer_id",
+            "wg_endpoint",
+            "wg_allowedips",
+            "wg_pkeepalive",
+            "wg_peerpubkey"
         )
     );
 }

From 22651a86b7d3b5b327f9ecd5398076a4cbee2976 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 25 Aug 2020 22:11:57 +0100
Subject: [PATCH 16/74] Simplify wg config handling

---
 config/config.php     | 3 +--
 includes/defaults.php | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/config/config.php b/config/config.php
index 6de2822f..122b1f94 100755
--- a/config/config.php
+++ b/config/config.php
@@ -21,8 +21,7 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
-define('RASPI_WIREGUARD_SERVER_CONFIG', '/etc/wireguard/wg0.conf');
-define('RASPI_WIREGUARD_CLIENT_CONFIG', '/etc/wireguard/wg0-client.conf');
+define('RASPI_WIREGUARD_CONFIG', '/etc/wireguard/wg0.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
diff --git a/includes/defaults.php b/includes/defaults.php
index 6f6251e9..253c5619 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -26,8 +26,7 @@ $defaults = [
   'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
   'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
   'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
-  'RASPI_WIREGUARD_SERVER_CONFIG' => '/etc/wireguard/wg0.conf',
-  'RASPI_WIREGUARD_CLIENT_CONFIG' => '/etc/wireguard/wg0-client.conf',
+  'RASPI_WIREGUARD_CONFIG' => '/etc/wireguard/wg0.conf',
   'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
   'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
   'RASPI_ACCESS_CHECK_IP' => '1.1.1.1',

From aff035122b78220ef226e2b2320cc66bdb05798c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 26 Aug 2020 23:54:49 +0100
Subject: [PATCH 17/74] Validate, save & display wg config

---
 includes/wireguard.php    | 58 +++++++++++++++++++++++++++++++--------
 installers/raspap.sudoers |  2 ++
 templates/wg/general.php  |  2 +-
 3 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 34d56ce2..d2ec1088 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -11,25 +11,47 @@ function DisplayWireGuardConfig()
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['savewgettings'])) {
-            # Todo: validate input
-            if (isset($_POST['authUser'])) {
-                $peer_id = strip_tags(trim($_POST'peer_id']));
+            // Validate input
+            $good_input = true;
+            $peer_id = 1;
+            if (isset($_POST['peer_id'])) {
+                $peer_id = escapeshellarg($_POST['peer_id']);
             }
             if (isset($_POST['wg_endpoint'])) {
-                $wg_endpoint = strip_tags(trim($_POST['wg_endpoint']));
+                if (!filter_var($_POST['wg_endpoint'], FILTER_VALIDATE_IP)) {
+                    $status->addMessage('Invalid value for endpoint address', 'danger');
+                    $good_input = false;
+                } else {
+                    $wg_endpoint = escapeshellarg($_POST['wg_endpoint']);
+                }
             }
             if (isset($_POST['wg_allowedips'])) {
-                $wg_allowedips = strip_tags(trim($_POST['wg_allowedips']));
+                if (!filter_var($_POST['wg_allowedips'], FILTER_VALIDATE_IP)) {
+                    $status->addMessage('Invalid value for allowed IPs', 'danger');
+                    $good_input = false;
+                } else {
+                    $wg_allowedips = escapeshellarg($_POST['wg_allowedips']);
+                }
             }
             if (isset($_POST['wg_pkeepalive'])) {
-                $wg_pkeepalive = strip_tags(trim($_POST['wg_pkeepalive']));
+                if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
+                    $status->addMessage('Invalid value for persistent keepalive', 'danger');
+                    $good_input = false;
+                } else {
+                    $wg_pkeepalive = escapeshellarg($_POST['wg_pkeepalive']);
+                }
             }
             if (isset($_POST['wg_peerpubkey'])) {
                 $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey']));
             }
-            file_put_contents("/tmp/wgdata", $config);
-            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-
+            // Save settings
+            if ($good_input) {
+                file_put_contents("/tmp/wgdata", $config);
+                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+                foreach ($return as $line) {
+                    $status->addMessage($line, 'info');
+                }
+            }
             if ($return == 0) {
                 $status->addMessage('Wireguard configuration updated successfully', 'success');
             } else {
@@ -51,8 +73,18 @@ function DisplayWireGuardConfig()
         }
     }
 
-    exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
+    // fetch wg config
+    exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
+    $conf = ParseConfig($return);
+    $wg_port = $conf['ListenPort'];
+    $wg_ipaddress = $conf['Address'];
+    $wg_pubkey = $conf['PublicKey'];
+    $wg_endpoint = $conf['Endpoint'];
+    $wg_allowedips = $conf['AllowedIPs'];
+    $wg_pkeepalive = $conf['PersistentKeepalive'];
 
+    // fetch service status
+    exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
     $wg_state = ($wgstatus[0] > 0);
 
@@ -63,10 +95,12 @@ function DisplayWireGuardConfig()
             "serviceStatus",
             "endpoint_enable",
             "peer_id",
+            "wg_port",
+            "wg_ipaddress",
+            "wg_pubkey",
             "wg_endpoint",
             "wg_allowedips",
-            "wg_pkeepalive",
-            "wg_peerpubkey"
+            "wg_pkeepalive"
         )
     );
 }
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 2d6ed495..517b6233 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -41,5 +41,7 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
+
 
 
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 686949bb..b9763555 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -36,7 +36,7 @@
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="RangeEnd" value="<?php echo htmlspecialchars($RangeEnd, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_ipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 

From 34b5b4c1b2ea52562e87bc8217cbac641994f8a4 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 28 Aug 2020 23:40:46 +0100
Subject: [PATCH 18/74] Add validateCidr()

---
 includes/functions.php | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/includes/functions.php b/includes/functions.php
index 4d299314..c58b2b13 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -452,3 +452,30 @@ function getBridgedState()
     return  $arrHostapdConf['BridgedEnable'];
 }
 
+/**
+ * Validates the format of a CIDR notation string
+ *
+ * @param string $cidr
+ * @return bool
+ */
+function validateCidr($cidr)
+{
+    $parts = explode('/', $cidr);
+    if(count($parts) != 2) {
+        return false;
+    }
+    $ip = $parts[0];
+    $netmask = intval($parts[1]);
+
+    if($netmask < 0) {
+        return false;
+    }
+    if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+        return $netmask <= 32;
+    }
+    if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+        return $netmask <= 128;
+    }
+    return false;
+}
+

From af0721e0214361979d63938ac1eecde5c50603ba Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 28 Aug 2020 23:42:55 +0100
Subject: [PATCH 19/74] Save wg config, template fixes

---
 includes/wireguard.php   | 67 +++++++++++++++++++++++++++-------------
 templates/wg/general.php |  7 +++--
 2 files changed, 49 insertions(+), 25 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index d2ec1088..26badcd0 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -10,52 +10,73 @@ function DisplayWireGuardConfig()
 {
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
-        if (isset($_POST['savewgettings'])) {
-            // Validate input
+        if (isset($_POST['savewgsettings'])) {
+            // Set defaults
             $good_input = true;
             $peer_id = 1;
-            if (isset($_POST['peer_id'])) {
-                $peer_id = escapeshellarg($_POST['peer_id']);
+            // Validate input
+            if (isset($_POST['wg_port'])) {
+                if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
+                    $status->addMessage('Invalid value for port number', 'danger');
+                    $good_input = false;
+                }
             }
-            if (isset($_POST['wg_endpoint'])) {
-                if (!filter_var($_POST['wg_endpoint'], FILTER_VALIDATE_IP)) {
+            if (isset($_POST['wg_ipaddress'])) {
+                if (!validateCidr($_POST['wg_ipaddress'])) {
+                    $status->addMessage('Invalid value for IP address', 'danger');
+                    $good_input = false;
+                }
+            }
+            if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
+                if (!validateCidr($_POST['wg_endpoint'])) {
                     $status->addMessage('Invalid value for endpoint address', 'danger');
                     $good_input = false;
-                } else {
-                    $wg_endpoint = escapeshellarg($_POST['wg_endpoint']);
                 }
             }
             if (isset($_POST['wg_allowedips'])) {
-                if (!filter_var($_POST['wg_allowedips'], FILTER_VALIDATE_IP)) {
+                if (!validateCidr($_POST['wg_allowedips'])) {
                     $status->addMessage('Invalid value for allowed IPs', 'danger');
                     $good_input = false;
-                } else {
-                    $wg_allowedips = escapeshellarg($_POST['wg_allowedips']);
                 }
             }
-            if (isset($_POST['wg_pkeepalive'])) {
+            if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
                 if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
                     $status->addMessage('Invalid value for persistent keepalive', 'danger');
                     $good_input = false;
-                } else {
-                    $wg_pkeepalive = escapeshellarg($_POST['wg_pkeepalive']);
                 }
             }
-            if (isset($_POST['wg_peerpubkey'])) {
-                $wg_endpoint = strip_tags(trim($_POST['wg_peerpubkey']));
-            }
             // Save settings
             if ($good_input) {
+                $config[] = '[Interface]';
+                $config[] = 'Address = '.$_POST['wg_ipaddress'];
+                $config[] = 'ListenPort = '.$_POST['wg_port'];
+                $config[] = '';
+                $config[] = 'PrivateKey = '.$_POST['wg_privkey'];
+                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
+                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
+                $config[] = '';
+                $config[] = '[Peer]';
+                $config[] = 'PublicKey = '.$_POST['wg_pubkey'];
+                if ($_POST['wg_endpoint'] !== '') {
+                    $config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
+                }
+                $config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
+                if ($_POST['wg_pkeepalive'] !== '') {
+                    $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+                }
+                $config[] = '';
+                $config = join(PHP_EOL, $config);
+
                 file_put_contents("/tmp/wgdata", $config);
                 system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
                 foreach ($return as $line) {
                     $status->addMessage($line, 'info');
                 }
-            }
-            if ($return == 0) {
-                $status->addMessage('Wireguard configuration updated successfully', 'success');
-            } else {
-                $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+                if ($return == 0) {
+                    $status->addMessage('Wireguard configuration updated successfully', 'success');
+                } else {
+                    $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+                }
             }
 
         } elseif (isset($_POST['startwg'])) {
@@ -79,6 +100,7 @@ function DisplayWireGuardConfig()
     $wg_port = $conf['ListenPort'];
     $wg_ipaddress = $conf['Address'];
     $wg_pubkey = $conf['PublicKey'];
+    $wg_privkey = $conf['PrivateKey'];
     $wg_endpoint = $conf['Endpoint'];
     $wg_allowedips = $conf['AllowedIPs'];
     $wg_pkeepalive = $conf['PersistentKeepalive'];
@@ -98,6 +120,7 @@ function DisplayWireGuardConfig()
             "wg_port",
             "wg_ipaddress",
             "wg_pubkey",
+            "wg_privkey",
             "wg_endpoint",
             "wg_allowedips",
             "wg_pkeepalive"
diff --git a/templates/wg/general.php b/templates/wg/general.php
index b9763555..aa1de796 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -16,7 +16,7 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wgport" placeholder="51820" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_port" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
           </div>
         </div>
 
@@ -25,13 +25,14 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wgpubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_pubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateWgKey()"><?php echo _("Generate key"); ?></button>
               <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
         </div>
+        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_privkey, ENT_QUOTES); ?>" />
 
         <div class="row">
           <div class="form-group col-md-6">

From 7286173438e2bfc736cf359008964eeb66a4981a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 5 Sep 2020 19:27:38 +0100
Subject: [PATCH 20/74] Add rudimentary logging

---
 includes/wireguard.php    |  6 ++++++
 installers/raspap.sudoers |  3 +++
 templates/wg/logging.php  | 14 +++++++++++---
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 26badcd0..84956b89 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -69,6 +69,11 @@ function DisplayWireGuardConfig()
 
                 file_put_contents("/tmp/wgdata", $config);
                 system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+                
+                // handle log option
+                if ($_POST['wg_log'] == "1") {
+                    exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
+                }
                 foreach ($return as $line) {
                     $status->addMessage($line, 'info');
                 }
@@ -115,6 +120,7 @@ function DisplayWireGuardConfig()
             "status",
             "wg_state",
             "serviceStatus",
+            "wg_log",
             "endpoint_enable",
             "peer_id",
             "wg_port",
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 517b6233..4c813d0e 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -35,9 +35,12 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
+www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
+www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
diff --git a/templates/wg/logging.php b/templates/wg/logging.php
index eb31dd10..c9cb4185 100644
--- a/templates/wg/logging.php
+++ b/templates/wg/logging.php
@@ -1,10 +1,18 @@
 <!-- wireguard logging tab -->
 <div class="tab-pane fade" id="wglogging">
   <div class="row">
-    <div class="col-md-6">
+    <div class="col-md-12">
       <h4 class="mt-3"><?php echo _("Logging"); ?></h4>
-
-
+          <div class="custom-control custom-switch">
+            <input class="custom-control-input" id="wg_log" type="checkbox" name="wg_log" value="1" <?php echo $wg_log ? ' checked="checked"' : "" ?> aria-describedby="wg_log">
+            <label class="custom-control-label" for="wg_log"><?php echo _("Display WireGuard status") ?></label>
+          </div>
+          <p><small><?php echo _("Enable this option to display an updated WireGuard status.") ?></small></p>
+          <?php
+              exec('sudo chmod o+r /tmp/wireguard.log');
+              $log = file_get_contents('/tmp/wireguard.log');
+              echo '<textarea class="logoutput my-3">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
+          ?>
     </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | logging tab -->

From 31edb21a764bfdc185469afb07dd295cb529d2f5 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 23 Sep 2020 09:10:44 +0100
Subject: [PATCH 21/74] Fix merge error

---
 includes/functions.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 85c69ca6..4a9e77bb 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -477,8 +477,9 @@ function validateCidr($cidr)
         return $netmask <= 128;
     }
     return false;
-    
-    // Validates a host or FQDN
+}    
+
+// Validates a host or FQDN
 function validate_host($host) {
   return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);
 }

From 06c8a2edcdc99194d18d470218a8740407b19567 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 15 Oct 2020 16:08:23 +0100
Subject: [PATCH 22/74] Install raspberrypi-kernel-headers (raspbian only)

---
 installers/common.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/installers/common.sh b/installers/common.sh
index 9c55a9f0..2eb36e89 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -283,6 +283,10 @@ function _prompt_install_wireguard() {
 # Install Wireguard from the Debian unstable distro
 function _install_wireguard() {
     _install_log "Configure WireGuard support"
+    if [ "$OS" == "Raspbian" ]; then
+        echo "Installing raspberrypi-kernel-headers"
+        sudo apt-get install $apt_option raspberrypi-kernel-headers || _install_status 1 "Unable to install raspberrypi-kernel-headers"
+    fi
     echo "Installing WireGuard from Debian unstable distro"
     echo "Adding Debian distro"
     echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"

From 1fddf4270bf7f8376c5c5c14f9c153a34b784f37 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:19:33 +0000
Subject: [PATCH 23/74] Add wg default values

---
 config/defaults.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/config/defaults.json b/config/defaults.json
index 94f80da0..b02d4022 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -33,6 +33,13 @@
     "uap0": {
       "dhcp-range": [ "192.168.50.50,192.168.50.150,12h" ]
     }
+  },
+  "wireguard": {
+    "interface": {
+      "address": [ "10.3.141.1/24" ],
+      "listenport": [ "51820" ],
+      "dns": [ "10.3.141.1" ]
+    }
   }
 }
 

From cc1c8d594ad9512ce483708405bb1e22e014e33e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:21:02 +0000
Subject: [PATCH 24/74] Update w/ fallback default values

---
 includes/wireguard.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 84956b89..a7404495 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -50,6 +50,7 @@ function DisplayWireGuardConfig()
                 $config[] = '[Interface]';
                 $config[] = 'Address = '.$_POST['wg_ipaddress'];
                 $config[] = 'ListenPort = '.$_POST['wg_port'];
+
                 $config[] = '';
                 $config[] = 'PrivateKey = '.$_POST['wg_privkey'];
                 $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
@@ -102,8 +103,8 @@ function DisplayWireGuardConfig()
     // fetch wg config
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
-    $wg_port = $conf['ListenPort'];
-    $wg_ipaddress = $conf['Address'];
+    $wg_port = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','interface','listenport') : $conf['ListenPort'];
+    $wg_ipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','interface','address') : $conf['Address'];
     $wg_pubkey = $conf['PublicKey'];
     $wg_privkey = $conf['PrivateKey'];
     $wg_endpoint = $conf['Endpoint'];

From 369f303926a1db7f66f7a518f0f5240ea9defa5f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:21:38 +0000
Subject: [PATCH 25/74] Add _prompt_install_wireguard

---
 installers/common.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/common.sh b/installers/common.sh
index 403187b5..70d52b56 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -50,6 +50,7 @@ function _install_raspap() {
     _configure_networking
     _prompt_install_adblock
     _prompt_install_openvpn
+    _prompt_install_wireguard
     _patch_system_files
     _install_complete
 }

From 2c99f9857dba12eef413e76d66b13c13eec850ba Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 23 Feb 2021 23:22:13 +0000
Subject: [PATCH 26/74] Update page routing for wg_conf

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index 8f03521f..6d4fb478 100755
--- a/index.php
+++ b/index.php
@@ -169,7 +169,7 @@ $bridgedEnabled = getBridgedState();
           <?php endif; ?>
           <?php if (RASPI_WIREGUARD_ENABLED) : ?>
         <li class="nav-item">
-          <a class="nav-link" href="index.php?page=wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
+          <a class="nav-link" href="wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
         </li>
           <?php endif; ?>
           <?php if (RASPI_TORPROXY_ENABLED) : ?>

From d871e271effb1cafdb58952779a6829a145b2c7d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:45:26 +0000
Subject: [PATCH 27/74] Initial commit: wgkey gen

---
 ajax/networking/get_wgkey.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 ajax/networking/get_wgkey.php

diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
new file mode 100644
index 00000000..71f3af6e
--- /dev/null
+++ b/ajax/networking/get_wgkey.php
@@ -0,0 +1,22 @@
+<?php
+
+require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+
+$entity = $_POST['entity'];
+    
+if (isset($entity)) {
+   
+    // generate public/private key pairs for entity
+    $pubkey = RASPI_WIREGUARD_PATH.$entity.'-public.key';
+    $privkey = RASPI_WIREGUARD_PATH.$entity.'-private.key';
+    $pubkey_tmp = '/tmp/'.$entity.'-public.key';
+    $privkey_tmp = '/tmp/'.$entity.'-private.key';
+     
+    exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
+    $entity_pubkey = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    exec("sudo mv $privkey_tmp $privkey", $return);
+    exec("sudo mv $pubkey_tmp $pubkey", $return);
+
+    echo json_encode($entity_pubkey);
+}

From ad6a14fa50e4a482230c42a3b9c82904bd952842 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:45:53 +0000
Subject: [PATCH 28/74] Added generateWgKey()

---
 app/js/custom.js | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/app/js/custom.js b/app/js/custom.js
index 28609abe..817256a1 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -348,6 +348,19 @@ function updateBlocklist() {
 function clearBlocklistStatus() {
     $('#cbxblocklist-status').removeClass('check-updated').addClass('check-hidden');
 }
+
+// Handler for the wireguard generate key button
+function generateWgKey() {
+    var entity = $('#wg-srvpubkey').attr('name');
+    console.log(entity);
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity },function(data){
+        var jsonData = JSON.parse(data);
+        console.log(jsonData);
+        $('#wg-srvpubkey').val(jsonData);
+        $('#wg-srvpubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
+    })
+}
+
 // Static Array method
 Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
 

From c80ad85214bf63e1537472f57235529604ecd9d6 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:46:41 +0000
Subject: [PATCH 29/74] Update wireguard constants

---
 config/config.php     | 3 ++-
 includes/defaults.php | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/config/config.php b/config/config.php
index 0aeddbdb..5c906c38 100755
--- a/config/config.php
+++ b/config/config.php
@@ -21,7 +21,8 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
 define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
 define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
 define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
-define('RASPI_WIREGUARD_CONFIG', '/etc/wireguard/wg0.conf');
+define('RASPI_WIREGUARD_PATH', '/etc/wireguard/');
+define('RASPI_WIREGUARD_CONFIG', RASPI_WIREGUARD_PATH.'wg0.conf');
 define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
 define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
diff --git a/includes/defaults.php b/includes/defaults.php
index 17a4af39..d3261fca 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -26,7 +26,8 @@ $defaults = [
   'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
   'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
   'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
-  'RASPI_WIREGUARD_CONFIG' => '/etc/wireguard/wg0.conf',
+  'RASPI_WIREGUARD_PATH' => '/etc/wireguard/',
+  'RASPI_WIREGUARD_CONFIG' => RASPI_WIREGUARD_PATH.'wg0.conf',
   'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
   'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
   'RASPI_ACCESS_CHECK_IP' => '1.1.1.1',

From 6076e277c8f0a2004521702d8a0b4200e9cf8dae Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:48:07 +0000
Subject: [PATCH 30/74] Disambiguate var names

---
 includes/wireguard.php   | 16 ++++++++--------
 templates/wg/general.php | 12 ++++++------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index a7404495..a3772ed9 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -103,10 +103,10 @@ function DisplayWireGuardConfig()
     // fetch wg config
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
-    $wg_port = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','interface','listenport') : $conf['ListenPort'];
-    $wg_ipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','interface','address') : $conf['Address'];
-    $wg_pubkey = $conf['PublicKey'];
-    $wg_privkey = $conf['PrivateKey'];
+    $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
+    $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
+    $wg_srvpubkey = $conf['PublicKey'];
+    $wg_srvprivkey = $conf['PrivateKey'];
     $wg_endpoint = $conf['Endpoint'];
     $wg_allowedips = $conf['AllowedIPs'];
     $wg_pkeepalive = $conf['PersistentKeepalive'];
@@ -124,10 +124,10 @@ function DisplayWireGuardConfig()
             "wg_log",
             "endpoint_enable",
             "peer_id",
-            "wg_port",
-            "wg_ipaddress",
-            "wg_pubkey",
-            "wg_privkey",
+            "wg_srvport",
+            "wg_srvipaddress",
+            "wg_srvpubkey",
+            "wg_srvprivkey",
             "wg_endpoint",
             "wg_allowedips",
             "wg_pkeepalive"
diff --git a/templates/wg/general.php b/templates/wg/general.php
index aa1de796..68edfa5e 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -16,7 +16,7 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_port" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
           </div>
         </div>
 
@@ -25,19 +25,19 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wg_pubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateWgKey()"><?php echo _("Generate key"); ?></button>
-              <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
+              <span id="wg-srvpubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
         </div>
-        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_privkey, ENT_QUOTES); ?>" />
+        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_ipaddress, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 

From 1431d44b52b78f45b550aaeab6f8da1405cff7ff Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 08:48:56 +0000
Subject: [PATCH 31/74] Added /bin/mv /tmp/wg-*.key

---
 installers/raspap.sudoers | 1 +
 1 file changed, 1 insertion(+)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 19b9a7a8..29266fa2 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -43,6 +43,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0

From 796ed558f77ed7241b1687dff8e48f2300ca4d30 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 09:12:31 +0000
Subject: [PATCH 32/74] Handle peer defaults

---
 app/js/custom.js         |  2 +-
 config/defaults.json     | 13 +++++++++----
 includes/wireguard.php   | 10 +++++-----
 templates/wg/general.php |  2 +-
 templates/wg/peers.php   |  9 ++++-----
 5 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 817256a1..e2c89ac6 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -357,7 +357,7 @@ function generateWgKey() {
         var jsonData = JSON.parse(data);
         console.log(jsonData);
         $('#wg-srvpubkey').val(jsonData);
-        $('#wg-srvpubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
+        $('#wg-server-pubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
 }
 
diff --git a/config/defaults.json b/config/defaults.json
index b02d4022..46fce72c 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -35,10 +35,15 @@
     }
   },
   "wireguard": {
-    "interface": {
-      "address": [ "10.3.141.1/24" ],
-      "listenport": [ "51820" ],
-      "dns": [ "10.3.141.1" ]
+    "server": {
+      "Address": [ "10.3.141.1/24" ],
+      "ListenPort": [ "51820" ],
+      "DNS": [ "10.3.141.1" ]
+    },
+    "peer": {
+      "Endpoint": [ "server ip:53" ],
+      "AllowedIPs": ["0.0.0.0/0"],
+      "PersistentKeepalive": [ "15" ]
     }
   }
 }
diff --git a/includes/wireguard.php b/includes/wireguard.php
index a3772ed9..406172b7 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -107,9 +107,9 @@ function DisplayWireGuardConfig()
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_srvpubkey = $conf['PublicKey'];
     $wg_srvprivkey = $conf['PrivateKey'];
-    $wg_endpoint = $conf['Endpoint'];
-    $wg_allowedips = $conf['AllowedIPs'];
-    $wg_pkeepalive = $conf['PersistentKeepalive'];
+    $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
+    $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
+    $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
 
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
@@ -128,8 +128,8 @@ function DisplayWireGuardConfig()
             "wg_srvipaddress",
             "wg_srvpubkey",
             "wg_srvprivkey",
-            "wg_endpoint",
-            "wg_allowedips",
+            "wg_pendpoint",
+            "wg_pallowedips",
             "wg_pkeepalive"
         )
     );
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 68edfa5e..3be32e45 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -28,7 +28,7 @@
             <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
               <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
-              <span id="wg-srvpubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+              <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
         </div>
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 16337a08..2b70680a 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -16,14 +16,14 @@
     <div class="row">
       <div class="form-group col-xs-3 col-sm-6 mt-3">
         <label for="code"><?php echo _("Endpoint address"); ?></label>
-        <input type="text" class="form-control" name="wg_endpoint" value="<?php echo htmlspecialchars($wg_endpoint, ENT_QUOTES); ?>" />
+        <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
       </div>
     </div>
 
     <div class="row">
       <div class="col-xs-3 col-sm-6">
         <label for="code"><?php echo _("Allowed IPs"); ?></label>
-        <input type="text" class="form-control mb-3" name="wg_allowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_allowedips, ENT_QUOTES); ?>" />
+        <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
       </div>
     </div>
 
@@ -39,15 +39,14 @@
           <label for="code"><?php echo _("Peer public key"); ?></label>
       </div>
       <div class="input-group col-md-12 mb-3">
-        <input type="text" class="form-control" name="wg_peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
         <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
+          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
           <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
         </div>
       </div>
     </div>
 
-
     </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | peers tab -->

From b7ed2960c129b56e8f52d41d02d41011e69a93fc Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 10:32:07 +0000
Subject: [PATCH 33/74] Update wg-keygen for server + peer

---
 app/js/custom.js         | 15 +++++++--------
 templates/wg/general.php |  2 +-
 templates/wg/peers.php   |  4 ++--
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index e2c89ac6..e0bb6134 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -350,16 +350,15 @@ function clearBlocklistStatus() {
 }
 
 // Handler for the wireguard generate key button
-function generateWgKey() {
-    var entity = $('#wg-srvpubkey').attr('name');
-    console.log(entity);
-    $.post('ajax/networking/get_wgkey.php',{'entity':entity },function(data){
+$('.wg-keygen').click(function(){
+    var entity = $(this).parent('div').prev('input[type="text"]');
+    var updated = entity.attr('name')+"-pubkey-status";
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity.attr('name') },function(data){
         var jsonData = JSON.parse(data);
-        console.log(jsonData);
-        $('#wg-srvpubkey').val(jsonData);
-        $('#wg-server-pubkey-status').removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
+        entity.val(jsonData);
+        $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
-}
+})
 
 // Static Array method
 Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 3be32e45..5f5417b1 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -27,7 +27,7 @@
           <div class="input-group col-md-12 mb-3">
             <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
+              <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 2b70680a..e2ff5c6f 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -41,8 +41,8 @@
       <div class="input-group col-md-12 mb-3">
         <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
         <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="generateWgKey()"><?php echo _("Generate key"); ?></button>
-          <span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
+          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
         </div>
       </div>
     </div>

From 9bbf698b6a637a20b6d5a260c0765c328c5e5842 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 18:06:18 +0000
Subject: [PATCH 34/74] Reorder template fields

---
 templates/wg/general.php | 17 +++++++++--------
 templates/wg/peers.php   | 29 +++++++++++++++--------------
 templates/wireguard.php  |  2 +-
 3 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 5f5417b1..3d0cb952 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -13,12 +13,6 @@
           <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
         </p>
         </div>
-        <div class="row">
-          <div class="form-group col-xs-3 col-sm-3">
-            <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
-          </div>
-        </div>
 
         <div class="row">
           <div class="col-xs-3 col-sm-6">
@@ -30,14 +24,21 @@
               <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
+            <input type="hidden" name="wg_srvprivkey" value="" />
+          </div>
+        </div>
+
+        <div class="row">
+          <div class="form-group col-xs-3 col-sm-3">
+            <label for="code"><?php echo _("Local Port"); ?></label>
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
           </div>
         </div>
-        <input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index e2ff5c6f..98298e37 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -13,6 +13,20 @@
         </div>
      </div>
 
+    <div class="row">
+      <div class="col-xs-3 col-sm-6 mt-3">
+          <label for="code"><?php echo _("Peer public key"); ?></label>
+      </div>
+      <div class="input-group col-md-12">
+        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+        <div class="input-group-append">
+          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
+          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+        </div>
+      </div>
+    </div>
+
+
     <div class="row">
       <div class="form-group col-xs-3 col-sm-6 mt-3">
         <label for="code"><?php echo _("Endpoint address"); ?></label>
@@ -34,20 +48,7 @@
       </div>
     </div>
 
-    <div class="row">
-      <div class="col-xs-3 col-sm-6">
-          <label for="code"><?php echo _("Peer public key"); ?></label>
-      </div>
-      <div class="input-group col-md-12 mb-3">
-        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
-        <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
-          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
-        </div>
-      </div>
-    </div>
-
-    </div>
+  </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | peers tab -->
 
diff --git a/templates/wireguard.php b/templates/wireguard.php
index 3ead09c7..ee28dfa1 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -27,7 +27,7 @@
         </div><!-- /.card-header -->
         <div class="card-body">
         <?php $status->showMessages(); ?>
-          <form role="form" action="?page=wg_conf" enctype="multipart/form-data" method="POST">
+          <form role="form" action="/wg_conf" enctype="multipart/form-data" method="POST">
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">

From 3ec81ba085726daba9e1a03e023ac96c4a48d5c7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 24 Feb 2021 18:07:19 +0000
Subject: [PATCH 35/74] Get/set pub+priv keys, create wg0.conf

---
 ajax/networking/get_wgkey.php |  7 +++---
 app/js/custom.js              | 10 +++++---
 includes/wireguard.php        | 46 +++++++++++++++++------------------
 installers/raspap.sudoers     |  1 +
 4 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
index 71f3af6e..d3f55aac 100644
--- a/ajax/networking/get_wgkey.php
+++ b/ajax/networking/get_wgkey.php
@@ -4,7 +4,7 @@ require '../../includes/csrf.php';
 require_once '../../includes/config.php';
 
 $entity = $_POST['entity'];
-    
+
 if (isset($entity)) {
    
     // generate public/private key pairs for entity
@@ -14,9 +14,10 @@ if (isset($entity)) {
     $privkey_tmp = '/tmp/'.$entity.'-private.key';
      
     exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
-    $entity_pubkey = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    $wgdata['privkey'] = str_replace("\n",'',file_get_contents($privkey_tmp));
     exec("sudo mv $privkey_tmp $privkey", $return);
     exec("sudo mv $pubkey_tmp $pubkey", $return);
 
-    echo json_encode($entity_pubkey);
+    echo json_encode($wgdata);
 }
diff --git a/app/js/custom.js b/app/js/custom.js
index e0bb6134..89c500bc 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -351,11 +351,13 @@ function clearBlocklistStatus() {
 
 // Handler for the wireguard generate key button
 $('.wg-keygen').click(function(){
-    var entity = $(this).parent('div').prev('input[type="text"]');
-    var updated = entity.attr('name')+"-pubkey-status";
-    $.post('ajax/networking/get_wgkey.php',{'entity':entity.attr('name') },function(data){
+    var entity_pub = $(this).parent('div').prev('input[type="text"]');
+    var entity_priv = $(this).parent('div').next('input[type="hidden"]');
+    var updated = entity_pub.attr('name')+"-pubkey-status";
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
         var jsonData = JSON.parse(data);
-        entity.val(jsonData);
+        entity_pub.val(jsonData.pubkey);
+        entity_priv.val(jsonData.privkey);
         $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
 })
diff --git a/includes/wireguard.php b/includes/wireguard.php
index 406172b7..787672d0 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -15,26 +15,26 @@ function DisplayWireGuardConfig()
             $good_input = true;
             $peer_id = 1;
             // Validate input
-            if (isset($_POST['wg_port'])) {
-                if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
+            if (isset($_POST['wg_srvport'])) {
+                if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
                     $status->addMessage('Invalid value for port number', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_ipaddress'])) {
-                if (!validateCidr($_POST['wg_ipaddress'])) {
+            if (isset($_POST['wg_srvipaddress'])) {
+                if (!validateCidr($_POST['wg_srvipaddress'])) {
                     $status->addMessage('Invalid value for IP address', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
-                if (!validateCidr($_POST['wg_endpoint'])) {
+            if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
+                if (!validateCidr($_POST['wg_pendpoint'])) {
                     $status->addMessage('Invalid value for endpoint address', 'danger');
                     $good_input = false;
                 }
             }
-            if (isset($_POST['wg_allowedips'])) {
-                if (!validateCidr($_POST['wg_allowedips'])) {
+            if (isset($_POST['wg_pallowedips'])) {
+                if (!validateCidr($_POST['wg_pallowedips'])) {
                     $status->addMessage('Invalid value for allowed IPs', 'danger');
                     $good_input = false;
                 }
@@ -48,20 +48,18 @@ function DisplayWireGuardConfig()
             // Save settings
             if ($good_input) {
                 $config[] = '[Interface]';
-                $config[] = 'Address = '.$_POST['wg_ipaddress'];
-                $config[] = 'ListenPort = '.$_POST['wg_port'];
-
-                $config[] = '';
-                $config[] = 'PrivateKey = '.$_POST['wg_privkey'];
-                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
-                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
+                $config[] = 'Address = '.$_POST['wg_srvipaddress'];
+                $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+                $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
+                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
+                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
                 $config[] = '';
                 $config[] = '[Peer]';
-                $config[] = 'PublicKey = '.$_POST['wg_pubkey'];
-                if ($_POST['wg_endpoint'] !== '') {
-                    $config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
+                $config[] = 'PublicKey = '.$_POST['wg-peer'];
+                if ($_POST['wg_pendpoint'] !== '') {
+                    $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
                 }
-                $config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
+                $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
                 if ($_POST['wg_pkeepalive'] !== '') {
                     $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
                 }
@@ -103,14 +101,14 @@ function DisplayWireGuardConfig()
     // fetch wg config
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
+    $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
-    $wg_srvpubkey = $conf['PublicKey'];
-    $wg_srvprivkey = $conf['PrivateKey'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
     $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
     $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
-
+    $wg_peerpubkey = $conf['PublicKey'];
+ 
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
@@ -124,10 +122,10 @@ function DisplayWireGuardConfig()
             "wg_log",
             "endpoint_enable",
             "peer_id",
+            "wg_srvpubkey",
             "wg_srvport",
             "wg_srvipaddress",
-            "wg_srvpubkey",
-            "wg_srvprivkey",
+            "wg_peerpubkey",
             "wg_pendpoint",
             "wg_pallowedips",
             "wg_pkeepalive"
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 29266fa2..4c0bf163 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -51,4 +51,5 @@ www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key
 

From 9eadd28df1b90dda47c56f4e40b3d7b3df32d49d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 14:16:43 +0000
Subject: [PATCH 36/74] Save client.conf

---
 includes/wireguard.php | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 787672d0..44b2bc74 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -47,6 +47,7 @@ function DisplayWireGuardConfig()
             }
             // Save settings
             if ($good_input) {
+                // server (wg0.conf)
                 $config[] = '[Interface]';
                 $config[] = 'Address = '.$_POST['wg_srvipaddress'];
                 $config[] = 'ListenPort = '.$_POST['wg_srvport'];
@@ -68,7 +69,23 @@ function DisplayWireGuardConfig()
 
                 file_put_contents("/tmp/wgdata", $config);
                 system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-                
+
+                // client1 (client.conf)
+                $config = [];
+                $config[] = '[Interface]';
+                $config[] = 'Address = ';
+                $config[] = 'PrivateKey = ';
+                $config[] = '';
+                $config[] = '[Peer]';
+                $config[] = 'PublicKey = ';
+                $config[] = 'AllowedIPs = ';
+                $config[] = 'Endpoint = ';
+                $config[] = '';
+                $config = join(PHP_EOL, $config);
+
+                file_put_contents("/tmp/wgdata", $config);
+                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+
                 // handle log option
                 if ($_POST['wg_log'] == "1") {
                     exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");

From 0d2f02e3fbdc25d74d72618a4f149768d8ebc342 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 14:17:13 +0000
Subject: [PATCH 37/74] Update sudoers wireguard/*.conf

---
 installers/raspap.sudoers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 4c0bf163..be9cc7dc 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -42,7 +42,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
-www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log

From cd045a34b8d27c42309ddc4e0551d29ce414a6be Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 14:18:32 +0000
Subject: [PATCH 38/74] Reorder inputs, QR client.conf WIP

---
 templates/wg/general.php |  2 +-
 templates/wg/peers.php   | 63 ++++++++++++++++++++++------------------
 2 files changed, 35 insertions(+), 30 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 3d0cb952..5b3e4c17 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -21,7 +21,7 @@
           <div class="input-group col-md-12 mb-3">
             <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
-              <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
+              <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
             <input type="hidden" name="wg_srvprivkey" value="" />
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 98298e37..a155b920 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -1,6 +1,5 @@
 <!-- wireguard peers tab -->
 <div class="tab-pane fade" id="wgpeers">
-
   <div class="row">
     <div class="col-md-6">
       <h4 class="mt-3"><?php echo _("Peer"); ?></h4>
@@ -13,42 +12,48 @@
         </div>
      </div>
 
-    <div class="row">
-      <div class="col-xs-3 col-sm-6 mt-3">
+      <div class="row">
+        <div class="col-xs-3 col-sm-6 mt-3">
           <label for="code"><?php echo _("Peer public key"); ?></label>
+        </div>
+        <div class="input-group col-md-12">
+          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+          <div class="input-group-append">
+            <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
+            <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+          </div>
+        </div>
       </div>
-      <div class="input-group col-md-12">
-        <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
-        <div class="input-group-append">
-          <button class="btn btn-sm btn-outline-secondary rounded-right wg-keygen" type="button"><?php echo _("Generate key"); ?></button>
-          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
+
+      <div class="row">
+        <div class="form-group col-xs-3 col-sm-6 mt-3">
+          <label for="code"><?php echo _("Endpoint address"); ?></label>
+          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Allowed IPs"); ?></label>
+          <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="col-xs-3 col-sm-6">
+          <label for="code"><?php echo _("Persistent keepalive"); ?></label>
+          <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
         </div>
       </div>
     </div>
 
-
-    <div class="row">
-      <div class="form-group col-xs-3 col-sm-6 mt-3">
-        <label for="code"><?php echo _("Endpoint address"); ?></label>
-        <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
-      </div>
+    <div class="col-md-6 mt-5">
+      <figure class="figure">
+        <img src="app/img/wifi-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
+        <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
+      </figure>
     </div>
 
-    <div class="row">
-      <div class="col-xs-3 col-sm-6">
-        <label for="code"><?php echo _("Allowed IPs"); ?></label>
-        <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
-      </div>
-    </div>
-
-    <div class="row">
-      <div class="col-xs-3 col-sm-6">
-        <label for="code"><?php echo _("Persistent keepalive"); ?></label>
-        <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
-      </div>
-    </div>
-
-  </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | peers tab -->
 

From 6b484d383c48b0c86a0583fbd459c04dc22accdc Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 2 Mar 2021 23:15:47 +0000
Subject: [PATCH 39/74] Progress commit: wg-qr-code

---
 app/img/wg-qr-code.php    | 27 +++++++++++++++++++++++++++
 includes/functions.php    |  8 ++++++++
 installers/raspap.sudoers |  2 +-
 templates/wg/peers.php    |  2 +-
 4 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 app/img/wg-qr-code.php

diff --git a/app/img/wg-qr-code.php b/app/img/wg-qr-code.php
new file mode 100644
index 00000000..83cda725
--- /dev/null
+++ b/app/img/wg-qr-code.php
@@ -0,0 +1,27 @@
+<?php
+
+require_once '../../includes/config.php';
+require_once '../../includes/defaults.php';
+require_once '../../includes/functions.php';
+
+// prevent direct file access
+if (!isset($_SERVER['HTTP_REFERER'])) {
+    header('HTTP/1.0 403 Forbidden');
+    exit;
+}
+
+exec("sudo cat " .RASPI_WIREGUARD_PATH.'client.conf', $return);
+$peer_conf = qr_encode(implode($return));
+$command = "qrencode -t svg -m 0 -o - " . mb_escapeshellarg($peer_conf);
+$svg = shell_exec($command);
+$etag = hash('sha256', $peer_conf);
+$content_length = strlen($svg);
+$last_modified = date("Y-m-d H:i:s");
+
+header("Content-Type: image/svg+xml");
+header("Content-Length: $content_length");
+header("Last-Modified: $last_modified");
+header("ETag: \"$etag\"");
+header("X-QR-Code-Content: $peer_conf");
+echo shell_exec($command);
+
diff --git a/includes/functions.php b/includes/functions.php
index 183f1552..98c85bf5 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -757,3 +757,11 @@ function getNightmode(){
     }
 }
 
+// Sanitizes a string for QR encoding
+// @param string $str
+// @return string
+function qr_encode($str)
+{
+    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
+}
+
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index be9cc7dc..18fb9187 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -50,6 +50,6 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
-www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index a155b920..cbdad128 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -49,7 +49,7 @@
 
     <div class="col-md-6 mt-5">
       <figure class="figure">
-        <img src="app/img/wifi-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
+        <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
         <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
       </figure>
     </div>

From 0dbfb5c44f17148ed8eb181ca55e0e1ac74ee4c2 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:06:27 +0000
Subject: [PATCH 40/74] Create SaveWireGuardConfig()

---
 includes/wireguard.php | 196 ++++++++++++++++++++++-------------------
 1 file changed, 106 insertions(+), 90 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 44b2bc74..a9ade3d0 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -4,102 +4,14 @@ require_once 'includes/status_messages.php';
 require_once 'config.php';
 
 /**
- * Manage WireGuard configuration
+ * Displays wireguard server & peer configuration
  */
 function DisplayWireGuardConfig()
 {
     $status = new StatusMessages();
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['savewgsettings'])) {
-            // Set defaults
-            $good_input = true;
-            $peer_id = 1;
-            // Validate input
-            if (isset($_POST['wg_srvport'])) {
-                if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
-                    $status->addMessage('Invalid value for port number', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_srvipaddress'])) {
-                if (!validateCidr($_POST['wg_srvipaddress'])) {
-                    $status->addMessage('Invalid value for IP address', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-                if (!validateCidr($_POST['wg_pendpoint'])) {
-                    $status->addMessage('Invalid value for endpoint address', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_pallowedips'])) {
-                if (!validateCidr($_POST['wg_pallowedips'])) {
-                    $status->addMessage('Invalid value for allowed IPs', 'danger');
-                    $good_input = false;
-                }
-            }
-            if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
-                if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
-                    $status->addMessage('Invalid value for persistent keepalive', 'danger');
-                    $good_input = false;
-                }
-            }
-            // Save settings
-            if ($good_input) {
-                // server (wg0.conf)
-                $config[] = '[Interface]';
-                $config[] = 'Address = '.$_POST['wg_srvipaddress'];
-                $config[] = 'ListenPort = '.$_POST['wg_srvport'];
-                $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
-                $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
-                $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
-                $config[] = '';
-                $config[] = '[Peer]';
-                $config[] = 'PublicKey = '.$_POST['wg-peer'];
-                if ($_POST['wg_pendpoint'] !== '') {
-                    $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
-                }
-                $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-                if ($_POST['wg_pkeepalive'] !== '') {
-                    $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
-                }
-                $config[] = '';
-                $config = join(PHP_EOL, $config);
-
-                file_put_contents("/tmp/wgdata", $config);
-                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-
-                // client1 (client.conf)
-                $config = [];
-                $config[] = '[Interface]';
-                $config[] = 'Address = ';
-                $config[] = 'PrivateKey = ';
-                $config[] = '';
-                $config[] = '[Peer]';
-                $config[] = 'PublicKey = ';
-                $config[] = 'AllowedIPs = ';
-                $config[] = 'Endpoint = ';
-                $config[] = '';
-                $config = join(PHP_EOL, $config);
-
-                file_put_contents("/tmp/wgdata", $config);
-                system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
-
-                // handle log option
-                if ($_POST['wg_log'] == "1") {
-                    exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
-                }
-                foreach ($return as $line) {
-                    $status->addMessage($line, 'info');
-                }
-                if ($return == 0) {
-                    $status->addMessage('Wireguard configuration updated successfully', 'success');
-                } else {
-                    $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
-                }
-            }
-
+            SaveWireGuardConfig($status);
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
             exec('sudo /usr/bin/wg-quick up wg0', $return);
@@ -119,6 +31,8 @@ function DisplayWireGuardConfig()
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
     $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
+    $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+    $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
@@ -140,6 +54,8 @@ function DisplayWireGuardConfig()
             "endpoint_enable",
             "peer_id",
             "wg_srvpubkey",
+            "wg_srvprivkey",
+            "wg_peerprivkey",
             "wg_srvport",
             "wg_srvipaddress",
             "wg_peerpubkey",
@@ -150,3 +66,103 @@ function DisplayWireGuardConfig()
     );
 }
 
+/**
+ * Validate user input, save wireguard configuration
+ *
+ * @param object $status
+ * @return boolean
+ */
+function SaveWireGuardConfig($status)
+{
+    // Set defaults
+    $good_input = true;
+    $peer_id = 1;
+    // Validate input
+    if (isset($_POST['wg_srvport'])) {
+        if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
+            $status->addMessage('Invalid value for port number', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_srvipaddress'])) {
+        if (!validateCidr($_POST['wg_srvipaddress'])) {
+            $status->addMessage('Invalid value for IP address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
+        if (!validateCidr($_POST['wg_pendpoint'])) {
+            $status->addMessage('Invalid value for endpoint address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pallowedips'])) {
+        if (!validateCidr($_POST['wg_pallowedips'])) {
+            $status->addMessage('Invalid value for allowed IPs', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
+        if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
+            $status->addMessage('Invalid value for persistent keepalive', 'danger');
+            $good_input = false;
+        }
+    }
+    // Save settings
+    if ($good_input) {
+        // server (wg0.conf)
+        $config[] = '[Interface]';
+        $config[] = 'Address = '.$_POST['wg_srvipaddress'];
+        $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+        $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
+        $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
+        $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
+        $config[] = '';
+        $config[] = '[Peer]';
+        $config[] = 'PublicKey = '.$_POST['wg-peer'];
+        if ($_POST['wg_pendpoint'] !== '') {
+            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
+        }
+        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+        if ($_POST['wg_pkeepalive'] !== '') {
+            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+        }
+        $config[] = '';
+        $config = join(PHP_EOL, $config);
+
+        file_put_contents("/tmp/wgdata", $config);
+        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+
+        // client1 (client.conf)
+        $config = [];
+        $config[] = '[Interface]';
+        if ($_POST['wg_pendpoint'] !== '') {
+            $config[] = 'Address = '.trim($_POST['wg_pendpoint']);
+        }
+        $config[] = 'PrivateKey = '.$_POST['wg_peerprivkey'];
+        $config[] = '';
+        $config[] = '[Peer]';
+        $config[] = 'PublicKey = '.$_POST['wg-server'];
+        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+        $config[] = 'Endpoint = '.$_POST['wg_srvipaddress'];
+        $config[] = '';
+        $config = join(PHP_EOL, $config);
+
+        file_put_contents("/tmp/wgdata", $config);
+        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+
+        // handle log option
+        if ($_POST['wg_log'] == "1") {
+            exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
+        }
+        foreach ($return as $line) {
+            $status->addMessage($line, 'info');
+        }
+        if ($return == 0) {
+            $status->addMessage('Wireguard configuration updated successfully', 'success');
+        } else {
+            $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+        }
+    }
+}
+

From 858edb065b0e718f17483585daa945b7a003c6f2 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:07:04 +0000
Subject: [PATCH 41/74] Update sudoers wg-*.key

---
 installers/raspap.sudoers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 18fb9187..b05be96a 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -51,5 +51,5 @@ www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
-www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-server-public.key
+www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
 

From 9beab1d2e768bd7313128c74495ae06421fc7dce Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:08:23 +0000
Subject: [PATCH 42/74] Update server + peer hidden fields

---
 templates/wg/general.php | 2 +-
 templates/wg/peers.php   | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index 5b3e4c17..9ff217d2 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -24,7 +24,7 @@
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
-            <input type="hidden" name="wg_srvprivkey" value="" />
+            <input type="hidden" name="wg_srvprivkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index cbdad128..ae60a973 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -22,6 +22,7 @@
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
           </div>
+          <input type="hidden" name="wg_peerprivkey" value="<?php echo htmlspecialchars($wg_peerprivkey, ENT_QUOTES); ?>" />
         </div>
       </div>
 

From 6b002e3d4cef1b4cb2eafe3047a2f77186cf3e4a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:23:05 +0000
Subject: [PATCH 43/74] Update wg placeholder values

---
 config/defaults.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/defaults.json b/config/defaults.json
index 46fce72c..f87223cf 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -36,12 +36,12 @@
   },
   "wireguard": {
     "server": {
-      "Address": [ "10.3.141.1/24" ],
+      "Address": [ "10.253.3.1/24" ],
       "ListenPort": [ "51820" ],
       "DNS": [ "10.3.141.1" ]
     },
     "peer": {
-      "Endpoint": [ "server ip:53" ],
+      "Endpoint": [ "10.253.3.1/24:51820" ],
       "AllowedIPs": ["0.0.0.0/0"],
       "PersistentKeepalive": [ "15" ]
     }

From 4515ac95fb4f9ace712fc99410054ff455f7a180 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:44:45 +0000
Subject: [PATCH 44/74] Improved private key handling (security)

---
 ajax/networking/get_wgkey.php | 1 -
 app/js/custom.js              | 1 -
 includes/wireguard.php        | 8 ++++++--
 templates/wg/general.php      | 1 -
 templates/wg/peers.php        | 1 -
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
index d3f55aac..840d59f0 100644
--- a/ajax/networking/get_wgkey.php
+++ b/ajax/networking/get_wgkey.php
@@ -15,7 +15,6 @@ if (isset($entity)) {
      
     exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
     $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
-    $wgdata['privkey'] = str_replace("\n",'',file_get_contents($privkey_tmp));
     exec("sudo mv $privkey_tmp $privkey", $return);
     exec("sudo mv $pubkey_tmp $pubkey", $return);
 
diff --git a/app/js/custom.js b/app/js/custom.js
index 89c500bc..25260e81 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -357,7 +357,6 @@ $('.wg-keygen').click(function(){
     $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
         var jsonData = JSON.parse(data);
         entity_pub.val(jsonData.pubkey);
-        entity_priv.val(jsonData.privkey);
         $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
     })
 })
diff --git a/includes/wireguard.php b/includes/wireguard.php
index a9ade3d0..41b67c7f 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -110,11 +110,15 @@ function SaveWireGuardConfig($status)
     }
     // Save settings
     if ($good_input) {
+        // fetch private keys from filesytem
+        $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+        $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+
         // server (wg0.conf)
         $config[] = '[Interface]';
         $config[] = 'Address = '.$_POST['wg_srvipaddress'];
         $config[] = 'ListenPort = '.$_POST['wg_srvport'];
-        $config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
+        $config[] = 'PrivateKey = '.$wg_srvprivkey;
         $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
         $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
         $config[] = '';
@@ -139,7 +143,7 @@ function SaveWireGuardConfig($status)
         if ($_POST['wg_pendpoint'] !== '') {
             $config[] = 'Address = '.trim($_POST['wg_pendpoint']);
         }
-        $config[] = 'PrivateKey = '.$_POST['wg_peerprivkey'];
+        $config[] = 'PrivateKey = '.$wg_peerprivkey;
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-server'];
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 9ff217d2..db00ab21 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -24,7 +24,6 @@
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
-            <input type="hidden" name="wg_srvprivkey" value="<?php echo htmlspecialchars($wg_srvprivkey, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index ae60a973..cbdad128 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -22,7 +22,6 @@
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
           </div>
-          <input type="hidden" name="wg_peerprivkey" value="<?php echo htmlspecialchars($wg_peerprivkey, ENT_QUOTES); ?>" />
         </div>
       </div>
 

From 0e89de206659ae66f5c60b9a568fb296f159f205 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:50:16 +0000
Subject: [PATCH 45/74] Remove private keys from payload

---
 includes/wireguard.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 41b67c7f..0707efbb 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -31,8 +31,6 @@ function DisplayWireGuardConfig()
     exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
     $conf = ParseConfig($return);
     $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
-    $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
-    $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
@@ -54,8 +52,6 @@ function DisplayWireGuardConfig()
             "endpoint_enable",
             "peer_id",
             "wg_srvpubkey",
-            "wg_srvprivkey",
-            "wg_peerprivkey",
             "wg_srvport",
             "wg_srvipaddress",
             "wg_peerpubkey",

From 18729edd1e750f078e64878e7d2d5b8d41d1d9cb Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 4 Mar 2021 23:54:21 +0000
Subject: [PATCH 46/74] Update wg endpoint default value

---
 config/defaults.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/defaults.json b/config/defaults.json
index f87223cf..3c584ed0 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -41,7 +41,7 @@
       "DNS": [ "10.3.141.1" ]
     },
     "peer": {
-      "Endpoint": [ "10.253.3.1/24:51820" ],
+      "Endpoint": [ "10.253.3.1:51820" ],
       "AllowedIPs": ["0.0.0.0/0"],
       "PersistentKeepalive": [ "15" ]
     }

From 333d447c6bfbe9b8767fa6ce3729e75ea6abefd0 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 5 Mar 2021 08:32:00 +0000
Subject: [PATCH 47/74] Add defaults for wg server PostUp/Down

---
 config/defaults.json   |  6 ++++--
 includes/wireguard.php | 10 +++++-----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/config/defaults.json b/config/defaults.json
index 3c584ed0..55dd0938 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -38,10 +38,12 @@
     "server": {
       "Address": [ "10.253.3.1/24" ],
       "ListenPort": [ "51820" ],
-      "DNS": [ "10.3.141.1" ]
+      "DNS": [ "10.3.141.1" ],
+      "PostUp": [ "iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE" ],
+      "PostDown": [ "iptables -D FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D  POSTROUTING -o wg0 -j MASQUERADE" ]
     },
     "peer": {
-      "Endpoint": [ "10.253.3.1:51820" ],
+      "Endpoint": [ "10.253.3.1" ],
       "AllowedIPs": ["0.0.0.0/0"],
       "PersistentKeepalive": [ "15" ]
     }
diff --git a/includes/wireguard.php b/includes/wireguard.php
index 0707efbb..63b26827 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -87,12 +87,12 @@ function SaveWireGuardConfig($status)
         }
     }
     if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-        if (!validateCidr($_POST['wg_pendpoint'])) {
+        if (!filter_var($_POST['wg_pendpoint'],FILTER_VALIDATE_IP)) {
             $status->addMessage('Invalid value for endpoint address', 'danger');
             $good_input = false;
         }
     }
-    if (isset($_POST['wg_pallowedips'])) {
+    if (isset($_POST['wg_pallowedips']) && strlen(trim($_POST['wg_pallowedips']) >0)) {
         if (!validateCidr($_POST['wg_pallowedips'])) {
             $status->addMessage('Invalid value for allowed IPs', 'danger');
             $good_input = false;
@@ -115,13 +115,13 @@ function SaveWireGuardConfig($status)
         $config[] = 'Address = '.$_POST['wg_srvipaddress'];
         $config[] = 'ListenPort = '.$_POST['wg_srvport'];
         $config[] = 'PrivateKey = '.$wg_srvprivkey;
-        $config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
-        $config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
+        $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
+        $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-peer'];
         if ($_POST['wg_pendpoint'] !== '') {
-            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
+            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']).':'.$_POST['wg_srvport'];
         }
         $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
         if ($_POST['wg_pkeepalive'] !== '') {

From 4a50687e7963bca546b420f91a529d2fceaa1a93 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:24:34 +0000
Subject: [PATCH 48/74] Add wg peer default values

---
 config/defaults.json | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/config/defaults.json b/config/defaults.json
index 55dd0938..69993673 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -36,15 +36,17 @@
   },
   "wireguard": {
     "server": {
-      "Address": [ "10.253.3.1/24" ],
+      "Address": [ "10.8.2.1/24" ],
       "ListenPort": [ "51820" ],
-      "DNS": [ "10.3.141.1" ],
+      "DNS": [ "9.9.9.9" ],
       "PostUp": [ "iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE" ],
       "PostDown": [ "iptables -D FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D  POSTROUTING -o wg0 -j MASQUERADE" ]
     },
     "peer": {
-      "Endpoint": [ "10.253.3.1" ],
-      "AllowedIPs": ["0.0.0.0/0"],
+      "Address": [ "10.8.1.2/24" ],
+      "Endpoint": [ "10.8.2.1" ],
+      "ListenPort": [ "21841" ],
+      "AllowedIPs": ["10.8.2.0/24"],
       "PersistentKeepalive": [ "15" ]
     }
   }

From ddc8c427462ef7c6860fa1f625406f30c22ee7fa Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:25:21 +0000
Subject: [PATCH 49/74] Update peer template w/ additional fields

---
 templates/wg/general.php |  7 +++++++
 templates/wg/peers.php   | 16 +++++++++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index db00ab21..de5555f0 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -41,6 +41,13 @@
           </div>
         </div>
 
+        <div class="row">
+          <div class="form-group col-md-6">
+            <label for="code"><?php echo _("DNS"); ?></label>
+            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
+          </div>
+        </div>
+
     </div>
   </div><!-- /.row -->
 </div><!-- /.tab-pane | settings tab -->
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index cbdad128..91e0500a 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -26,7 +26,21 @@
       </div>
 
       <div class="row">
-        <div class="form-group col-xs-3 col-sm-6 mt-3">
+        <div class="form-group col-xs-3 col-sm-3 mt-3">
+          <label for="code"><?php echo _("Local Port"); ?></label>
+          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="form-group col-md-6">
+          <label for="code"><?php echo _("IP Address"); ?></label>
+          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
+        </div>
+      </div>
+
+      <div class="row">
+        <div class="form-group col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Endpoint address"); ?></label>
           <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
         </div>

From cbab3f2825c1711f3303b34a70e5ff00478f2e3d Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:27:08 +0000
Subject: [PATCH 50/74] Update peer input handling, write wg configs

---
 includes/wireguard.php | 53 ++++++++++++++++++++++++++++++++----------
 1 file changed, 41 insertions(+), 12 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 63b26827..4c4d838d 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -33,11 +33,18 @@ function DisplayWireGuardConfig()
     $wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
+    $wg_srvdns = ($conf['DNS'] == '') ? getDefaultNetValue('wireguard','server','DNS') : $conf['DNS'];
+    $wg_peerpubkey = $conf['PublicKey'];
+
+    // todo: iterate multiple peer configs
+    exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $preturn);
+    $conf = ParseConfig($preturn);
+    $wg_pipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','peer','Address') : $conf['Address'];
+    $wg_plistenport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','peer','ListenPort') : $conf['ListenPort'];
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
     $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
     $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
-    $wg_peerpubkey = $conf['PublicKey'];
- 
+
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
     $serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
@@ -54,6 +61,9 @@ function DisplayWireGuardConfig()
             "wg_srvpubkey",
             "wg_srvport",
             "wg_srvipaddress",
+            "wg_srvdns",
+            "wg_pipaddress",
+            "wg_plistenport",
             "wg_peerpubkey",
             "wg_pendpoint",
             "wg_pallowedips",
@@ -76,18 +86,37 @@ function SaveWireGuardConfig($status)
     // Validate input
     if (isset($_POST['wg_srvport'])) {
         if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
-            $status->addMessage('Invalid value for port number', 'danger');
+            $status->addMessage('Invalid value for server local port', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_plistenport'])) {
+        if (strlen($_POST['wg_plistenport']) > 5 || !is_numeric($_POST['wg_plistenport'])) {
+            $status->addMessage('Invalid value for peer local port', 'danger');
             $good_input = false;
         }
     }
     if (isset($_POST['wg_srvipaddress'])) {
         if (!validateCidr($_POST['wg_srvipaddress'])) {
-            $status->addMessage('Invalid value for IP address', 'danger');
+            $status->addMessage('Invalid value for server IP address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_pipaddress'])) {
+        if (!validateCidr($_POST['wg_pipaddress'])) {
+            $status->addMessage('Invalid value for peer IP address', 'danger');
+            $good_input = false;
+        }
+    }
+    if (isset($_POST['wg_srvdns'])) {
+        if (!filter_var($_POST['wg_srvdns'],FILTER_VALIDATE_IP)) {
+            $status->addMessage('Invalid value for DNS', 'danger');
             $good_input = false;
         }
     }
     if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-        if (!filter_var($_POST['wg_pendpoint'],FILTER_VALIDATE_IP)) {
+        $wg_pendpoint_seg = substr($_POST['wg_pendpoint'],0,strpos($_POST['wg_pendpoint'],':'));
+        if (!filter_var($wg_pendpoint_seg,FILTER_VALIDATE_IP)) {
             $status->addMessage('Invalid value for endpoint address', 'danger');
             $good_input = false;
         }
@@ -114,15 +143,13 @@ function SaveWireGuardConfig($status)
         $config[] = '[Interface]';
         $config[] = 'Address = '.$_POST['wg_srvipaddress'];
         $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+        $config[] = 'DNS = '.$_POST['wg_srvdns'];
         $config[] = 'PrivateKey = '.$wg_srvprivkey;
         $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
         $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-peer'];
-        if ($_POST['wg_pendpoint'] !== '') {
-            $config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']).':'.$_POST['wg_srvport'];
-        }
         $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
         if ($_POST['wg_pkeepalive'] !== '') {
             $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
@@ -136,15 +163,17 @@ function SaveWireGuardConfig($status)
         // client1 (client.conf)
         $config = [];
         $config[] = '[Interface]';
-        if ($_POST['wg_pendpoint'] !== '') {
-            $config[] = 'Address = '.trim($_POST['wg_pendpoint']);
-        }
+        $config[] = 'Address = '.trim($_POST['wg_pipaddress']);
         $config[] = 'PrivateKey = '.$wg_peerprivkey;
+        $config[] = 'ListenPort = '.$_POST['wg_plistenport'];
         $config[] = '';
         $config[] = '[Peer]';
         $config[] = 'PublicKey = '.$_POST['wg-server'];
         $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-        $config[] = 'Endpoint = '.$_POST['wg_srvipaddress'];
+        $config[] = 'Endpoint = '.$_POST['wg_pendpoint'];
+        if ($_POST['wg_pkeepalive'] !== '') {
+            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+        }
         $config[] = '';
         $config = join(PHP_EOL, $config);
 

From 3ac70a3a3cb7d13349aa36d7639012dbf19d3520 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:28:14 +0000
Subject: [PATCH 51/74] Move qr_encode() to inc/functions

---
 app/img/wifi-qr-code.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/app/img/wifi-qr-code.php b/app/img/wifi-qr-code.php
index 21092f82..e23e1bed 100644
--- a/app/img/wifi-qr-code.php
+++ b/app/img/wifi-qr-code.php
@@ -10,11 +10,6 @@ if (!isset($_SERVER['HTTP_REFERER'])) {
     exit;
 }
 
-function qr_encode($str)
-{
-    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
-}
-
 $hostapd = parse_ini_file(RASPI_HOSTAPD_CONFIG, false, INI_SCANNER_RAW);
 
 // assume wpa encryption and get the passphrase

From 55e94adb2b6afd099349fc1f71f60adfd9ebb55a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 10:39:33 +0000
Subject: [PATCH 52/74] Add PHP_EOLs to parsed client.conf

---
 app/img/wg-qr-code.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/img/wg-qr-code.php b/app/img/wg-qr-code.php
index 83cda725..7a66e6fc 100644
--- a/app/img/wg-qr-code.php
+++ b/app/img/wg-qr-code.php
@@ -11,7 +11,8 @@ if (!isset($_SERVER['HTTP_REFERER'])) {
 }
 
 exec("sudo cat " .RASPI_WIREGUARD_PATH.'client.conf', $return);
-$peer_conf = qr_encode(implode($return));
+$peer_conf = implode(PHP_EOL,$return);
+$peer_conf.= PHP_EOL;
 $command = "qrencode -t svg -m 0 -o - " . mb_escapeshellarg($peer_conf);
 $svg = shell_exec($command);
 $etag = hash('sha256', $peer_conf);

From 96bd34f07fe5dcc3b4107f4dd7834bc23591f160 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 13:19:56 +0000
Subject: [PATCH 53/74] Add event listener for Bootstrap form validation

---
 app/js/custom.js | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/app/js/custom.js b/app/js/custom.js
index 25260e81..7ad6b166 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -361,6 +361,22 @@ $('.wg-keygen').click(function(){
     })
 })
 
+// Event listener for Bootstrap's form validation
+window.addEventListener('load', function() {
+    // Fetch all the forms we want to apply custom Bootstrap validation styles to
+    var forms = document.getElementsByClassName('needs-validation');
+    // Loop over them and prevent submission
+    var validation = Array.prototype.filter.call(forms, function(form) {
+        form.addEventListener('submit', function(event) {
+          if (form.checkValidity() === false) {
+            event.preventDefault();
+            event.stopPropagation();
+          }
+          form.classList.add('was-validated');
+        }, false);
+    });
+}, false);
+
 // Static Array method
 Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
 

From 0b3307ce1f3bbd0d5bc06daa757de3014206257c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 13:20:52 +0000
Subject: [PATCH 54/74] Add required fields for validation

---
 templates/wg/general.php |  9 +++++----
 templates/wg/peers.php   | 12 ++++++------
 templates/wireguard.php  |  2 +-
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/templates/wg/general.php b/templates/wg/general.php
index de5555f0..51eb5309 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -19,7 +19,7 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" required />
             <div class="input-group-append">
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -30,21 +30,21 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" required />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" required />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("DNS"); ?></label>
-            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
+            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" required />
           </div>
         </div>
 
@@ -52,3 +52,4 @@
   </div><!-- /.row -->
 </div><!-- /.tab-pane | settings tab -->
 
+
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 91e0500a..c259e541 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -17,7 +17,7 @@
           <label for="code"><?php echo _("Peer public key"); ?></label>
         </div>
         <div class="input-group col-md-12">
-          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" required />
           <div class="input-group-append">
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -28,35 +28,35 @@
       <div class="row">
         <div class="form-group col-xs-3 col-sm-3 mt-3">
           <label for="code"><?php echo _("Local Port"); ?></label>
-          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-md-6">
           <label for="code"><?php echo _("IP Address"); ?></label>
-          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Endpoint address"); ?></label>
-          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Allowed IPs"); ?></label>
-          <input type="text" class="form-control mb-3" name="wg_pallowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control mb-3" name="wg_pallowedips" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" required />
         </div>
       </div>
 
       <div class="row">
         <div class="col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Persistent keepalive"); ?></label>
-          <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
+          <input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
         </div>
       </div>
     </div>
diff --git a/templates/wireguard.php b/templates/wireguard.php
index ee28dfa1..45554655 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -27,7 +27,7 @@
         </div><!-- /.card-header -->
         <div class="card-body">
         <?php $status->showMessages(); ?>
-          <form role="form" action="/wg_conf" enctype="multipart/form-data" method="POST">
+          <form class="needs-validation" role="form" action="/wg_conf" enctype="multipart/form-data" method="POST" novalidate>
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">

From 7c1ef85bb821c9e69ac2e51b85d3748ff13503d9 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 13:22:26 +0000
Subject: [PATCH 55/74] Update wg-quick w/ systemd start/stop

---
 includes/wireguard.php    | 4 ++--
 installers/raspap.sudoers | 4 +---
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 4c4d838d..86665a48 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -14,13 +14,13 @@ function DisplayWireGuardConfig()
             SaveWireGuardConfig($status);
         } elseif (isset($_POST['startwg'])) {
             $status->addMessage('Attempting to start WireGuard', 'info');
-            exec('sudo /usr/bin/wg-quick up wg0', $return);
+            exec('sudo /bin/systemctl start wg-quick@wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
         } elseif (isset($_POST['stopwg'])) {
             $status->addMessage('Attempting to stop WireGuard', 'info');
-            exec('sudo /usr/bin/wg-quick down wg0', $return);
+            exec('sudo /bin/systemctl stop wg-quick@wg0', $return);
             foreach ($return as $line) {
                 $status->addMessage($line, 'info');
             }
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index b05be96a..9aded5a3 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -46,9 +46,7 @@ www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/mv /tmp/wg-*.key /etc/wireguard/wg-*.key
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
 www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
-www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0
-www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
-www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
+www-data ALL=(ALL) NOPASSWD:/bin/systemctl * wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key

From 1e7438da23e079bda2172a5c88066783fcd5276b Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 7 Mar 2021 19:06:53 +0000
Subject: [PATCH 56/74] Code cleanup, update Endpoint default value

---
 app/js/custom.js         |  1 +
 config/defaults.json     |  2 +-
 includes/wireguard.php   |  5 ++++-
 templates/wg/general.php |  8 ++++----
 templates/wg/peers.php   | 12 +++++++-----
 templates/wireguard.php  |  2 +-
 6 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 7ad6b166..b2214c9c 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -368,6 +368,7 @@ window.addEventListener('load', function() {
     // Loop over them and prevent submission
     var validation = Array.prototype.filter.call(forms, function(form) {
         form.addEventListener('submit', function(event) {
+          //console.log(event.submitter);
           if (form.checkValidity() === false) {
             event.preventDefault();
             event.stopPropagation();
diff --git a/config/defaults.json b/config/defaults.json
index 69993673..faab15b6 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -44,7 +44,7 @@
     },
     "peer": {
       "Address": [ "10.8.1.2/24" ],
-      "Endpoint": [ "10.8.2.1" ],
+      "Endpoint": [ "10.8.2.1:51820" ],
       "ListenPort": [ "21841" ],
       "AllowedIPs": ["10.8.2.0/24"],
       "PersistentKeepalive": [ "15" ]
diff --git a/includes/wireguard.php b/includes/wireguard.php
index 86665a48..b0d0aacd 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -44,6 +44,9 @@ function DisplayWireGuardConfig()
     $wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
     $wg_pallowedips = ($conf['AllowedIPs'] == '') ? getDefaultNetValue('wireguard','peer','AllowedIPs') : $conf['AllowedIPs'];
     $wg_pkeepalive = ($conf['PersistentKeepalive'] == '') ? getDefaultNetValue('wireguard','peer','PersistentKeepalive') : $conf['PersistentKeepalive'];
+    if (sizeof($conf) >0) {
+        $wg_penabled = true;
+    }
 
     // fetch service status
     exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
@@ -56,12 +59,12 @@ function DisplayWireGuardConfig()
             "wg_state",
             "serviceStatus",
             "wg_log",
-            "endpoint_enable",
             "peer_id",
             "wg_srvpubkey",
             "wg_srvport",
             "wg_srvipaddress",
             "wg_srvdns",
+            "wg_penabled",
             "wg_pipaddress",
             "wg_plistenport",
             "wg_peerpubkey",
diff --git a/templates/wg/general.php b/templates/wg/general.php
index 51eb5309..b3235e88 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -19,7 +19,7 @@
             <label for="code"><?php echo _("Local public key"); ?></label>
           </div>
           <div class="input-group col-md-12 mb-3">
-            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg-server" id="wg-srvpubkey" value="<?php echo htmlspecialchars($wg_srvpubkey, ENT_QUOTES); ?>" />
             <div class="input-group-append">
               <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
               <span id="wg-server-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -30,21 +30,21 @@
         <div class="row">
           <div class="form-group col-xs-3 col-sm-3">
             <label for="code"><?php echo _("Local Port"); ?></label>
-            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg_srvport" value="<?php echo htmlspecialchars($wg_srvport, ENT_QUOTES); ?>" />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("IP Address"); ?></label>
-            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg_srvipaddress" value="<?php echo htmlspecialchars($wg_srvipaddress, ENT_QUOTES); ?>" />
           </div>
         </div>
 
         <div class="row">
           <div class="form-group col-md-6">
             <label for="code"><?php echo _("DNS"); ?></label>
-            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" required />
+            <input type="text" class="form-control" name="wg_srvdns" value="<?php echo htmlspecialchars($wg_srvdns, ENT_QUOTES); ?>" />
           </div>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index c259e541..a4d80f5a 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -17,7 +17,7 @@
           <label for="code"><?php echo _("Peer public key"); ?></label>
         </div>
         <div class="input-group col-md-12">
-          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
           <div class="input-group-append">
             <button class="btn btn-outline-secondary rounded-right wg-keygen" type="button"><i class="fas fa-magic"></i></button>
             <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
@@ -28,28 +28,28 @@
       <div class="row">
         <div class="form-group col-xs-3 col-sm-3 mt-3">
           <label for="code"><?php echo _("Local Port"); ?></label>
-          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg_plistenport" value="<?php echo htmlspecialchars($wg_plistenport, ENT_QUOTES); ?>" />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-md-6">
           <label for="code"><?php echo _("IP Address"); ?></label>
-          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
         </div>
       </div>
 
       <div class="row">
         <div class="form-group col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Endpoint address"); ?></label>
-          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control" name="wg_pendpoint" value="<?php echo htmlspecialchars($wg_pendpoint, ENT_QUOTES); ?>" />
         </div>
       </div>
 
       <div class="row">
         <div class="col-xs-3 col-sm-6">
           <label for="code"><?php echo _("Allowed IPs"); ?></label>
-          <input type="text" class="form-control mb-3" name="wg_pallowedips" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" required />
+          <input type="text" class="form-control mb-3" name="wg_pallowedips" value="<?php echo htmlspecialchars($wg_pallowedips, ENT_QUOTES); ?>" />
         </div>
       </div>
 
@@ -63,8 +63,10 @@
 
     <div class="col-md-6 mt-5">
       <figure class="figure">
+        <?php if ($wg_penabled == true ) : ?>
         <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
         <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
+        <?php endif; ?>
       </figure>
     </div>
 
diff --git a/templates/wireguard.php b/templates/wireguard.php
index 45554655..ee28dfa1 100644
--- a/templates/wireguard.php
+++ b/templates/wireguard.php
@@ -27,7 +27,7 @@
         </div><!-- /.card-header -->
         <div class="card-body">
         <?php $status->showMessages(); ?>
-          <form class="needs-validation" role="form" action="/wg_conf" enctype="multipart/form-data" method="POST" novalidate>
+          <form role="form" action="/wg_conf" enctype="multipart/form-data" method="POST">
             <?php echo CSRFTokenFieldTag() ?>
             <!-- Nav tabs -->
             <ul class="nav nav-tabs">

From 70989202d154647d4d0a539cabff8aa3763ffcaa Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Mon, 8 Mar 2021 09:10:05 +0100
Subject: [PATCH 57/74] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 8a4fd06f..f754d941 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ When backers were asked which feature they'd most like to see added to RaspAP, t
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
 ✅ Restrict network to static clients  
-⚙️ WireGuard support (in progress)  
+✅ WireGuard support  
 ⚙️ Traffic shaping (in progress)  
 
 Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/orgs/RaspAP/teams/insiders/discussions) and let us know!
@@ -44,7 +44,7 @@ Following is a list of funding targets. When a funding target is reached, the fe
 ✅ OpenVPN service logging  
 ✅ Night mode toggle  
 ✅ Restrict network to static clients  
-⚙️ WireGuard support (in progress)  
+✅ WireGuard support  
 ⚙️ Traffic shaping (in progress) 
 
 ## Frequently asked questions

From 50901948e0a4bb8694fc80148cd0d0ca4197085a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 8 Mar 2021 08:44:17 +0000
Subject: [PATCH 58/74] Added wg strings to en_US locale

---
 includes/wireguard.php               |   4 +-
 locale/en_US/LC_MESSAGES/messages.mo | Bin 18271 -> 21077 bytes
 locale/en_US/LC_MESSAGES/messages.po |  77 ++++++++++++++++++++++++---
 templates/wg/peers.php               |   2 +-
 4 files changed, 74 insertions(+), 9 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index b0d0aacd..00b4e962 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -191,9 +191,9 @@ function SaveWireGuardConfig($status)
             $status->addMessage($line, 'info');
         }
         if ($return == 0) {
-            $status->addMessage('Wireguard configuration updated successfully', 'success');
+            $status->addMessage('WireGuard configuration updated successfully', 'success');
         } else {
-            $status->addMessage('Wireguard configuration failed to be updated.', 'danger');
+            $status->addMessage('WireGuard configuration failed to be updated', 'danger');
         }
     }
 }
diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 451dd153e80dabdc3f40fdae6f029c35256d88ea..23c18e522906eee2d279c4e0bd2565f0ffd271c1 100644
GIT binary patch
literal 21077
zcmeI3dw?88oyR+b1lR-!j{pG@npYl>-E0ybA;iFD^Mq`&WH&?-HTKN(?lzg39;Rn@
zvqU@&qQ{8}Du@b-3Kv09P!w{A3Mi;3C%zF-M8y{uUw}^@_xV;;&&+PJ-swO0&o=qZ
zr>m;F>Q}$|)w7o$9lZCo9@oq<o_92S&3>NuHtugYSh1e>=n<sBZ^9z{D?9*3Q#@}X
z+zR)FZ-R%zx5L$N2V4uEgUYJ?NY9%9&xc3B3>*vJ2q(kKpx%EE+y~wP4}&|Q^8W@r
z2tEdt&#&R3@Q+aXOdwOee<Yj==RuXz>6nMg?+U1T-UxZsyVvpiQ2G1;DxWbtG!9OI
zia!P(2wR}^TMSjN<u3jLxQ1{9rSDG1`{8)P4@24On^5on2vU^yb11#`LTOCzO@U4D
zc&K`|K$W`?Zi44P>9xc0HYoi*1<UY$C_9}p&6c+us=O{2-UMe8?t_!ywQxDy0a3-<
z1yyd-G1k6^LABG#P<qXQDu1C%KO0K#^)7ugRC`_srT3+9JG>go4wHSGel(m<cpk(>
zydHQWycEiQJ0Py+-40KJUxBjIb5M3~I@anv6{512bG#h#i1%SAJA4tUJ--X3&n_r?
zy#(jNiO2CXhW3P2ZqGU%Tf)!44Y2P7>I(0Jo8jN!0=Nlf#cSaH@DV6GKLJ(FPoc_x
z4$98srdvG^gR<|bP<pjN)$0O?iM$e2eXfS%;q6fNy$kLQ?}K{&K^Om|3;!I-E-yjZ
zZ_*5Fhbd5cErjFY5~%iB1=XILq5Sef#{ozd-gYQ`KIZr}$7iAJHesese-)G;zZOdG
zL5OL+_dw}=4^(+yg0lPLQ2q8-Q1y5j%1)DKS-Z`EhY&s;?hDU_JmPgjHPt0>KlnkY
z^p8U2b0<_j4@1@KNvL}K0;+xo;6&2%D5&()q1t5$)O%e}?G{4mS%qq+?T%MN`RNU?
z3Et)6?}xJMBXA%19VmUCgiY`{sPbQi8gC|?Z1tWF_52)Y>I-F;a~)p~jUG_`wH+#-
zcS6<UMmQUO7Al`#LY4bFC_mVTMD^Pvq4byr<v+8a>e&KS-eNcbcDeM;P<G8h9~PkU
zdplG;KLnNEEl~R131!Czp!E1Q90#9p=}$ww_dBS1{>g<WG~4jOQ2I=FJk7-~hthW=
zRQqp+`@<{XBKU47J--dreow;v;cp;K?!D;Zr?*%=7eMK^0;)c1q3V%=D!%|#-X&1}
zdl^*zH^YhW<51<?169t~;ePOOsP}*7;-7ciYmT++B&d2H4fT90R6Yx#@>va~$401f
zLa1`f@Bp~Y#lOYzI;iJwhHAIlp~mgcIz9$f&ljNV{t{Gu_inZQ@Ng(UZib3q0aeaM
zDE%TAPGCUzGS~rs23Np&b3Jbvycl-D`=IJ`=se5mQ1x8^mG5eJAlw8`fLoxRzZy!v
z4@1@GRw#e`w2S{LlpP+0>Nh`t{PUjYN8{#<`8MCPpzN>~s@zRb{Ue4NFRp}Z;U`@9
zWrz!U$DU%j21>teQ0;Lgl>Ocd<qsc%DsPA5=Ux2wpzQSo)br0c?t*&}egU33#`FFR
zXA*8X&90v|K-uLXsP_IYR6TzJRnD_;H5_}o)w>fOO!$LP^}G|ReqVs<-%mh|uTR0l
z;R{gu?9b$M7@Q21|7<9`p9+=F3V0~&g3_lC>iq%862iL*s+^BIeibUeXQ2G;MW}X}
za)#w8Q2DHd%I9@Z<3PWQe*=`AuY}U?dZ>Ec<l^swYY0CCrSD`WU2z(epUi-=R}0kp
zXF}=M4yD&-sP^cG@~2Co>Ukwpx!1u>@FP%qjXl$HKPbHqgk?Al%1-ZqD(@z!^6qfq
zop3hc2jL|62e=%LWl)k`&Veeo7s|c~R6AV(rPo`b%D>K~zaL8PPr3Aaq1yAyP<sCm
zZil;|>`;D{O&^4~vUe4n0>21Pgg=C`+t|f+{WKAtMEFD~J9R?Yy%$RFi{UhQzvGXg
zPxuumJNReW_M8W$&pA-`+6d>u2zvPW^{~qA4QJc+)4^?a{q!Kj<lfXJcK!5fi0gPe
z9e)qi?@nsBc3uEg&e>4qcS6}Y1E;|R%D(S}^0N;>)$1;J415IYxm{59nz+>3_YkQ5
zJQeEs<6Qh1F5C`fmyJ;ND?lIiL$&{PQ2E^m)jm6*+Vfs0Kl!rbci?owPebXm?=s7o
zjw_+;*5|_SgGUj*2TJen!DHbIP=0YZjimC9g|hqUP=2)>sveu5>{N!b+je*eyauWs
zx4@b3lkhnBI8?qbx%7Qj*nB2I<ue1SUT47Ra4A&%wm|8*)umqp)h;(ey>|yx`42$p
z`7Nk+dfIUpl%M_uD*r=P+Vp8~JmHhzK5#Bnz0QDot`n;KP4GzA2ls`SLp}diXzB}P
zms=b^2aO(3{`E9eKEH*k$BS?_JYtp2XBkwv9Z-IdgJa<UlpfpQ-tf&(^}G_Qyz8Or
zd525C7w${=e(1x8q4Ikcs-7=H<u~petKTFjJ01g7pH?^yE^z6Kq2B9&s%N(g_qlKk
zrO)M#?{e`sLFs!poC)uRvcofwp~QO*O3&7FZTp=8m3}Uq1ut;%mqXd{S}6T)hN{nP
zunB$vs{Dtc%6lBjf1iTNf6QuY_a-PmIUK5-S#UpiI@J4ZF8(~n&2R$o1*m!tLOuUB
zsC=%2%I8)nJ?@4R;R8_RegjJH$6Wj`9G{1JeoTkWe<D1Z@DYxuLe+B}l-)N%)i;3Z
zhZQJ4ev6C08LFJSq4aymg&&0h;in+~ytXxV{d5(iYkS{^U2y7JTc3*@FNdn{wNUxq
z3J-)k;R*07Q1#yhrQa)1^%>u3{qZ2E_~}q~Xol)Hr@?vfJg9MVJ3J8H0A=Ufpvv6|
z)jz%tHD3G@QiM0*JR9BwXA^#-<Hw-#c?|Ba=b`NPM<{=I8LGUo>nx9gik}Z<uLV%g
zFL68v?nQVV90T8sOwvumRp9=ONQf*)jvJOvly?g<6_L%ZLSBdDk^7JqMAOzR<o8G)
zl3pis^CZGFYV<zMCH&Y?7(gyT?oz;At?=u}n~)cga}e3{Ey#n&=aET>u4j;=(D?@@
z#2OghjogGB@9Odb_c^5T!ez`k-A+jNGM8+4kh@QzcG!e0aS=a<lgW2IJQ|KgF6I7y
zq=fj$&yX{bUm>?5XCpDvhUoeh@>O$Ze^$8r_rlAN8<2y@*GK-y{UPvbI1wHXb*Y_o
zX`DTf_@BZbDuPSCs_QGrrxE#-`pthL|BdX!^Q&Qc?M-+d0rinzyU2Gyjmh0E+=$Bw
z{0njtvKWbwe@B{-UC6b_?~s+q>yiD*e>*H9^N|w>>%yJA{kWgz!g~?E7x@748RUzI
zt|=~E_a8+*hI~%}t}i1?&7JL274E<9!he8QB8T$+1@Ix{)yTet-wN+UbX|db7dao9
zgZv4}A`c_F)aP$UIu&qNKRg||2Kfb&LEeU(f#{lP;T=m^J={Oy!ta6KNz>rBk+&mS
z-#msK$@5#Fu79)eZiXL3CXhA=PlUs-am2lg$iw0D@U_U+hKFVlKf{F&Zit`4{YDr5
z4V>PPrrY<WVcvg~`>!ESBkx2GCT<=42{IS?Eu!lP<Woo)nT$+C#v{{tei=-!2i(o$
zX$1TPau4zv7k483D{>w3uSgSlJPXGmpF{3I4j}G7;NHkzkc$vq*IRfWaTH#0_lNP$
z$GQJA@*`xnix(C(-0L<$o<m+zfa?p$c;0V^??z5V#t_!kj4VVxs{q&07G5u0fJ{Kv
zB0G>($jityr13h6z*O@4B)kyWhIApio<jbHd;_@=(e(s!49{<dA3`=D??<Z0e<4SZ
zHWsGWDcpP$36P7CUm{;ZbiD!Di|21sU{PlAs?PpX{BUbfDCNV2i{@k&`>ieJKR*-X
z`r@S0l8p=AqNGxei@l52#1%c|LjHzjoqmwbhDqX=;;2|j{Ge0{gR&na{*1MyusEZ|
zUl$~$woX46hlyW|D}J_GE{DZRe$Y><rBYlbCN37kY$Yo8`juFDdOY6|Wc{{Wu1wxu
zTPChnTt;3SPxc3uuy*6Cpz}M|_}P3!#`Sm`R`xwnZ?zm$qPTdL-`y7_{y>z^`{Z2-
zD8JGd`Z0O*mx|5qog^&xN7=9?%}lxl4LQZd-LqJfjdS7Rp&2cjV<P>b`Gx+{mF=B=
zJ`9qO+U5Ku`8d0UGPn;)m9Xru>P#!|cZC(1M$hFWK1x@jY(o|%wpyZ5!l2+UUDIWX
z3(JbP_RAHbqF)M<WFRi*{AwwO{ghdMP|P;m@LpP0J|7Q+IrO01JQ@{w!(`osWt4TP
zq!z3_U#WzJQrd*ptlewZd2M@$-w>6<71f}O0((g9iz`VfrWN;)=4`uLT3qt?R2b1C
zmqp@8MUhl1sfu$HF}HCZuWd-MUi~FO5@kK}+YlKBxSmh9z+^$*TM||9!O$~}osW`A
z!=vRW*NeIF`vOknEg2g2@z}5!Wb$FI#a|wm{gw2~Vo(VEpr|&QO-`Xd7+1@FnVu4s
zXV4K{oA=_x?VaoW)p3wBH{CRp*RF=od+mKeu{WekgoV%qiY79S6SDR*@=Bv<sT}u5
zIhwt_&!uT(Kw<f{qD{~9S1nENR>!^RtujdOYyM(iP(Q5nQBsL+7-g$@MvgulV<0Gp
zen(q7l`szMXM>_2<OhPm#Lu7^&Pjt%yn1dTJJ4U;v(z?^`d)jSk5R0#?<cijn3z`!
z!Pd>iYGE_}N{efF@Z%obf^Z2-V-`Ob_5{^@#Tc5$qe8Wy)|l7YdU}h$s>het5BfAo
z>ui%{?Rok~6eeh62RD>m8fr)}N@%zvraM-066d9EwOA<+`t54|G@!A=FI4dqYMsdk
z#VsnSG7$S&%oLDEne6O%T6ZQFLH7*$gD5Yz88$>V3}n<9U%}kDC@JNGLA1(*^nDbk
z+_=!-1RA`lUQ}enFyogS3e3HAgt`)pLY_vV^cfTx^p@(^rx*0}Fn|RG)tShoFB5Ax
zSQ^j{)g<T*8*b?k#i$aOH99VJjj@8p#~Bnx8)g)vsoITpjjge8UDaifj)R%Z_+7+J
znCvhiJS}w?zbAHs9S;Y^L4Tkxs)R`?$cFw*gTz=p$Rx9j8_4NYmaiVzf)e?VUTrbV
z&}r=7nTc?18I}gF7ISe?8Ag~V^jC)Yd;!0wZ%~eD>ZMU)TGP%nv=}3LoZU=wZ4R<q
z++4%^<|*uHo3uU%nyI6jcuR{(AxJJ7>IUhwz_e^;^qy*7P39iO=cQ)3S}dBDs7KeL
zV)I0*Rip{SOjYu*3^QHMr+<Z8wOWY!L%9K&L<ETL!85ANRn$H%1d-mT4L<n*Tc>l@
zGBXU?$*)J9L9@9TVtZ&X&m}Ksh{#|Pc|(_-F4vm=ojy>@JxODn6V(#Z_^_BWOPe&D
zk9&J%0ap^vz*uPq5955KTkTwrpqEDdQDv~D{stPm(I)EAsO=8~#dLWijaii$HGFlT
za(GddbxMMpvaHG_3^Vk6Ef$P3#wbws`=fHD8sz=npq!!mXc^byFG($EJ9uxPM`?wg
zGTpkspcb*@o6Y(S1w;C!>|Q~5Bw;F{olFTqm0>_D4s1G@w!>@|TVcSXvrSbB(Z#%_
z$w<?eW;xT?fuA!yp4N|O+M3D!4+e;Oi!q~;`lIbUiCLS{H?vF_q{thSQkaeCD>*#C
z&IPuu?ZV2}%=3?xn$X(D>e#%@@U7NRceibs)H)0$no&~joUh8A^MlUlgS9EcEqsG~
z5;LliSwt(=muXr7+I*R<&1CLM`3F>{|6{0z*^g4_O;+W+on&gAV~_b#L3*r4er%n#
z?rtN-NUw&)Y<aN63fc|njG$Q-p=KQz_!S0=Fps4w17TQ9Hv;k!)<tGXjvY%Olh{c4
zt25cb&P~ecdiwA7D(X~!(XHf0e$goDd@~14jWi~850*5b<kZ#b>v6@H0U@0~yk%R%
zY}HiRwYb`mnO>t`xk7S@1+QO;SYj=wJ5Xm7G--a$4x>ZjS$*yvZHGUKY+T4Uyynse
z=neHbn3W<O*IRCekYaYwTge*E{P<m6tCp(MWXdcHvkb7_%5+9EcWs>{4;}LLfQwFt
zd_~D~%`3VYaoAqzR`n|xSeR8TYHs6J0u4qs6Lq?MF|&0oP-Gy~cti`iWvQ9w=Oly4
zoGf!iGN%|;yj3GS=H{~z(}SEDdPhumemG)!R5HV0G+<zcS`=e*G~yfSR%0ZMS^JFm
zZhuiT?1;$&I9{*WX|2*C$jp$nJHMeoa&YPX8ntIVXlBoZ(LZU34DxjH93x#kP;7|C
zVRnzHmh2NWin_ho=*R9Y?TS_v`HdJ7>>{qdkY~bUMWo>@uSMSQ2h|Y6A2~M+OKo{Z
zV{bM4nyMC(=}p=z*e>+5ejOg2c&oJ;_q)|gS4V}2)g8lDT;7tNZ`eMIA=3GX$5@Y_
z$F$4r?rD3afnr<hB`kJ|xq&Fh&PL1h3Te!pekVsA?zU9T<jH7DsQ27*A)V)K3=_Yb
zf)wsy)bQEZm8um_+oH5DbTpiibhyn4`<V<Y0`@U(-t;=cLd?!$J)5HXZI1g&nN4d)
zT&(obB^`(N$u-srTJfw22Wn>sLjr1cGau6}vwhy0D7(ds3Tt9tOL`C1yEgk*npJTP
zHK|8-RWtIGjv(1mi!_eo<_lh|`4R27HqQ*=&NYSv>gP>XskKEGFClwXW7k2yeoC_Y
ztnRI~2TCc2kAyB+(dkIo*>$ehi5{iCGH&E`GO3v#zoDr+ndn%Nupgo2!xDajqjpCA
zI`)NH1bfCqI?Hh-&c=DqO(q*Oq_az`A7L3!qUSU|pjQ<YW@64x)`i)S%>9lf=`BZ0
zgKTQ*!A{nYVMP%=EW7(4O91<ub`>QSVsu;=a;B#a(a`?u!i1d*Np>P@Ji|)k(&H6{
z@ig|(W?$j0Lq)&6&CiBx`q>DwTJ$s@nV<T0*R2}nnt^owyv8kW7k#*{WtUC|%s$|}
zbqq0Vna!z!ISz3fFFLOqd+dsima~f!uZy|6tPY&sH00}&{E8L=U2OBHL)!M~3dT-E
zri0FGi8(=>l|C8xY}oA}<lbdPWDZ)ow92Gyy3FCpP&?QtmM>{)?Z~97FCOsplMXXf
zYTMjP)YG@kyF}Yutyp=YS}~(=7b`=Coz*yf-eVZ&ptG@+Y)tCuHl#x|dsja<v*C0_
zVnb=m+Ry;?Y_;zVTPl&R0drNSQtcfE)YOfhHpUFQE@Y>ft_mxlx?TjVTHG{h)v!!5
zZ`5@n#i>*uOT4azO|4ygu@0-%YG`828Fpi0p%9dD5Ic=q_>GgNi?W?hCRh^>9P6I<
z)gESXxRlA#rcj^ZLyC(^hZ6-^+-x26y5%u-pEQTpZu7{2SK?O3^2TO4VQra<huMWQ
zPZgUrS+aq$XVLhLHVCfrwY9kM<Q58~bL?J1t}k0M*`&ERe@k~r|3q$fi<jp2Pia+*
zo68~RXZ`<VE({zaSt-Zb$?S~(w;FOD!0cQM`XhGO8pgYIu+bCpl_MQ>8)MRe*TiX^
z(aAx3+3U7@rCM)aZ_hcfiWV%4Xv_l6#p~X%zPP0*uZq&uo44K^?K?0h4{*ENcY%aR
zvmIecz`;H%p7h3!zV1BA9Bq0VI@`<)YiG9IhUW!lcs^}@<M6y8%%GzVhW$*0BjSRz
zQsOnl>${J)AzB`}RZ8Q1?G)TheJkzGp;l?PfHP^SwaoF6-B;-x&3)b&`iP75Gki&M
zXKpBEhQ*mK9GZ<>=+77^1)G^UID1Kl`H(-g-*bLLPRnWo)X-ivl78+x$gqb~O?S&V
zukUQ__9K@{GT{y#7^k}yeb@2Qu9&XU(?Ml;Jcp(l=sYu9)LkfjJWXZ+&zj^yIz#iS
zT=V%_#Kgsg{@j*%EpwY#8qku>9Z7GLYhF_AO`5yoh5izKUE3HH3L!f+x>$zr#cA;D
zUJjb_`l`6NsdH^}y83BmsTeNgV0~U|bL;%(d1v^otqWUEJ-L;uX?2iPnoW<%2keLb
zffCY%esee9#uobIWas3COqiS3cQtja>R8rTsn(`;7Q_s0&D#Di^ef@k${dbIqT-px
z#c{b;t?ypmyrBM^>+a1Q9mLuLEc6#-qDs@~$JNn~tD_%R_w=ncw%^)^eN7z}tPS|~
zv+C%_RW?X=?DshlNN-0!uDVaDqaRmCKdv^Mk+?teaSOZAkE^2}SIr-xv7H+IxSCl!
z`f-)-aSi7jd;SbR`f-(So#yXN8f`@v;&jp-o4A!+dit{aSJ}~ztD_%R&7TgMZ?x$#
zMZ@9gkZ-u7A6NOSf%MpB_fM(2$Bcel<@4z1$JP2Di;sR>9sRgE`f+vi<Lc<g)rLP-
m9{spF`f*i%h?;&b^hQ6fhW2ab=*Ly_KRMJsrv86?T>T%#$L`+%

literal 18271
zcmeI2eViRtdB+C`<OKs5A&3DvgqI|c-E3Y65Fli;n~*iTn<cv;LX|Lk@9gf7duJ|p
z=I&;RKtT#9MZt=^R4cxKLTRwPC@mtsP@xg4qO?U6EiDvL3u>#Pg8lx^oVoWVVf(55
zv!9*KbH8)WoH^$?&w0){&&=eRSyOKCIA-kSd56Q&G|wC6{PPDX*Yn;!+w<nbb6^B7
zhX=r)!8btfP|xEQZzklQH=Cbs*a|nm?Qj<S8r&Z~1LwdO;XZJ`H+$Y8a0VpHGjJ+A
z8PbHe3ab9i@Qv_%crdI&>2Vd*eIJ6VcZcInsQaIXZ-K8mzWK21zNJw2t%m!;b6x)V
z@IcZrlpdEt>3@~WzXkS^z7tBXR~+}Ik^M;T4`r8GQ1>4RrPn+teLCQDcrKg)i%@on
zq1xRJrO!2v*F*L5Mp%WnL)qalDpfltKx;3TUIiDD-vc#-7s0jg8mRGo0;;{2pzQct
zC_N71qS~DUm46hJp39-GuYww<^-y~H@CtY#RKI`euD=SGl77<>=m^h*$3h><URS~6
z;dM~<co53IPeAGU9DFNW$d9<59|JFd>i0EJ<Mt6KyW9^K!$+Wp-~JNb!|AV%#Ao20
z248}EAC=kZR4DyBpz7;~x;22Z%N0=dUk9b%ry*5&4?~sv0aSlqgR;-Qb3JbgJP@k<
z!BF`pxb%ro{p*J6{}yQA2-LW}2dcj7q3nAT)VS_&d=MT-`Y|XyUUEF}=q$Yms{b2Y
z`ZCCndLM(*_aP{Kz6VwR^H6sC9n?7Qe@v#gfwIR*Q1<D9Z-VDQ>0O5N;V47}@1s!l
ze%W1r9IF3MLe=vVD8G3Psz1|l0_imy>iQC>b~>T-8Gy2X!7+yNpY2ff+~D$Wg|gRO
zQ1-hQT0ep+_XJdX--k>U??ov6_r-`Re*jd!W<&M=c*irK)dS8XzW`Owg;0850vEzt
zpz3)Ps@-oujqmetANUHC9<M_6XWG2XKMsb{<1lF8T&Vjx;C}FIsQcatrN;=={2hZ+
z;ni?ocpcRB4?*2`8&rSpa_KL+^rKMrecGje45yI(J=8c(;Ya;!fzs<#sB!6Z`Deog
zq>C>9eNgS*3a7%mq4fV8l-@g`+IteJo#!A^#Cs7=gKwZR+4B&ncIHC0zYI=?t6jR=
z@mwhTjX?D;h122HQ1^cT>i$ncwSNy({SQI4x6`G+?f65eazBNt_t%i6%A0b0#-pJ6
zwGzs%YoYqr12u2Xhw{f!mwz3UJw5@a!+Tu%^Ux>#HMj=0oWL3b6DYkOb$kk{Uq6Pb
z=l77Q;vImKsoYX1J=VY(up7!>H@o~2R6i3aKYtfo0&j#`zji{6$Fp#M_;aZCUW4-I
zSuNQ-ZiO32pXJgYgSzh#I1_#c$}Z1Bjq8h0^}pmewKdB>63Pz8K$UNGTn_gpy%L_d
zm*=%ZT*4b$l*JRb!UISj*p`joTcP@O0#rN8U^ncB((`7harqHczkUbRpJ|J;`F9M|
zc+H2pe<hSYXG6``^PuXl!8gK7pzL}blpeQ1-FF{Uy^lM-0CoQqj4XT4aa;~{-&s)i
zoewonx4HaFpzL`qlpY^}v*2wm{{h%b`Y|ZI4qckjK#l(b_y*Vpb^qy5daZ%d$A_}}
zHYh*29Lg@&LbZD{ls<Pj-VLSi{jdrjfp3H-Ez8>Jg4SLxeICSRyshvccoSR;?|_;=
zFGICA^Tf=Khe7Gl3f1l@F8>TDJqO(N^WY(*Lnu8jg;&7$L-qUM<=OQ)5EZ?}Q1dT<
z$HGgY>~$Mts(Cx$Z1@zM1z(2JbDxv4eei9LAvEM)4b|^E;GytAD7$<cGSuF)Q1QgU
z1P}LcddMkRJn<M*JYiO3b~*=2e;=y83!(PicSG6b<52bQfYR@)Q2Y4zp~}4q)!)NU
z&FphD)I4i}D!;_#ce!*wRR1o3>i@;iz$>A~?Nd<o-3?{m&qDdn<Bm_k<48XbrN_+E
zGPXGOK=r@u(jSF$NIwjv@6%A@_#3GDr<|VI?Je+N(hH#UUI}H7O;Gk3hHrvnP<mej
z=fe*|#S;%f)%!zt{Y9vHegRd_jFp*R9S+r>c~E*SgSy@a)y^Q)I98$Tf0^U8Q2ui>
zlz-mq^1lFOuboi#`xaEYPeGM?8LGYC!neR_XJq;x4OM<2RKJ!%^?#k?JE7GB&Lsab
zsCwQHrT2&7LihkwJ<mb4`%|d#ow6!h&klvsV-8e*j)U@#B~W%e2^zQx>OLQ;KPl9G
z+oANh5^Db50M*{@Q1f#K)b;zI?)wT<e|Ea`GcNrclzm@u>FMp69!Efp<6NkIu7}d=
z9H?;_bonV<K>Bi*e-~7{Ux3o*>rnbX38nW7Q0@H!s=xcJ&f<w_Q1u@VWzVHh?W}@o
ze<PG1o$t~YIBtWo-<44P`v6qA+oA6N4AlK!hHC$tQ1w3z)!qv({WHhcpvvvvk<~jJ
z9!`3$;~7x>dIywUi%|XB3N>#of%3->y8Inb_V^N%Uf*=-??RvSkKh`(zB7v_u7}e5
zImcf?^=mqXRL>Fc7`PCs+*we16rl9J0Lou$F8{qy{k$H^&u@WC;QdhR*9%bNp+!}8
zJP4}2!=e1S4bFw#a0858`eCU1o`tgS&!Oz%otcg6G^qM#Iv(rtPlvL@YB&{kI}X6T
zNxuW`1s5SdKy)x9cFZ)d-ifFm%?C@C_XzS+<Xq(E$O_~ikpS5bnW9QL{sQ@!J<EQ6
z4Ze=Zw(W@e@*BiQhLFET#*vN4zaaM`$08p={tMBe`KRN9`q_&y7CD|l?m)hQJdEfV
z%V2-M!fz{b4{{|Ud*#PGPX5v*UWMOv=MOmw|BPIM{0ezD@@?d!h>oR*{3Ab};6&q>
zA1p`SG<5wUT#tMec^~p=<d?`FBbOujv7D0-S%BP&ychW)qGJ<sy*+FE+{x)Gm)wtb
z?&iD)`4gnu<qMxdK7hOxVJg_;Kz=Vpev&1<|Aaq6zJTmYT{~U=2)q!Pi@b!$Z}&$2
z4VjK~A#X$e4mk?3^8%KUvykTFLnQtPITiU=<hRJ9$VJHSkUvBI9GQcxMc#qzgXnlX
zgZCZy_wHQyKC;cFx58_YsmRBXBatb{DDoO|A95VheB4Unh2{*-uS0G?wjetY9lgju
zA*Ucyv5$`DGI$rm1i1_Oyvut(Ji(p63_puJi2T^)3Fjc6Lxz=b$2IUv?tDA^o;z<w
zg~VmZzq`!6(dTH+7b6!Shahi8<|F$fM<7ol`%o^1KST24%kHEPeiGT&rQ6^y-1+hF
zCggVHbVTnvb-ai?g>)jvAO^VwnTA|}oQddIhrA2fjNFFYjOh4%2Jb)MCy*4m8hHSD
zJEG$%WYC_m{=(<o`Fk8&;1c9y<Xgz$$e$u-BRXaw=OcfM=r{~H5qSlffviN<AWtHH
zh3MGJ^-t$tL#oJmN^ty52Kzp@#Q8}`KXRkXUj{$r&L4AZ#y^mljSL{qx(h`(-L?5)
z<()RTva4@&nF+S}<w_}7aoVE6m8PxL{+U6)I1(pmYauRsrzL4Mj)qtE#;HoVl-azd
z&-jHxkR+xOhf$gszfuYOs__#uZ$l-B=CzuQeo|@gGsQSaOcbZ4P^(shC@qbfq*kfK
zRdV7e3JPf$4VyGpogU?T{DNsO7OT|lwGYO%)K%oQQ*zW#gZhb4LudE(nnEe0;zoX!
zR`o;SaINa6VH}-d21dffjD@9=q3+bD{d6QSF?Ebqq84{g5>!XSLeQF5Cf)p|n&N2B
zDo!iJ#bD*G6`i)oW}02=3ry#_jy_Wg{3M`vMYFmT7q-#{=YAy(s-~+i@4V>`Qkh2O
ziV}m;X;^5g!sga03`*daO=oYvZ7!%PKeJ!497d+%C&^e`Et*=Ti2YRAs2>%YPPi{`
ztArL2rEGQmSVPrSDjKzVnKTW`m3-JTQx0s{=(WF2{z#lAm6)-4oomiwdt8ev=Jl#0
zd!pL7RIjYYs7Bbyj=I;rOR~|2)qWBdJp0>}8Tj~&!Jp~3U-DLmDb5pkc9cqCk~S5s
zhQ;BaXmHpvqwlTWHEnRUAo2%GL9x}WjjLuI6Dsn{f$^gvgS?QM0y7@hs-}vI2i1AZ
zAU9aUcwa}~Cet1JMSC)UwY?6FSjp=c@uT4YUk=KFO++>`juWajgK{UUXr&sDhDFA%
zW5iw4lty7Wq_XXlF<qVcS$8~~pQ?iVyguk1C7SR$;!@1b%@ZrBCxgV!sItFpOH?aw
z!7&&W%{>zjF?6IWSOe8fF&Oe|rPLaO;$gW~mc^E|wVl*zx`vG0YusSAwuQFJdU+f%
z3=-^<tsL~HGthjsN@y)1XCT()BrZwaT9j7DO^1dkPiSJAa*fd(46v9VZB<L@SZoR-
ze$}UrD%E9+Rb#+i2J^rl^}~{ecDMDXX_cVQjAxaOhDoL5kE7LKP>RP;oOa`K(?Dru
zq<dk+bhL|un{)O&8?1&Bn&SC&lo<Cq^=t6bp&?cVzpVa}nT!m^ew7M+#-Nt?!$H$2
z4jYAOT-CDE=?3CV+<eTZKC1~!wbfE%#+b&Lp>QqrV;slEM0R0}aAkH8%m<g_!FJg(
zLve}DW`+G|+>DKcX^>R>LSW`wB-Y~oV6wovfYxEPWi&%tQKA$u>oV+S<UIF(SmFzQ
zB%?C8wWt_JsxZVnfms)nN@ZW`VU>35Fn5ND9m#A7XS7%<<H8oS-{Kdxx<#D(Z7J*-
zC1pRkaMzK}msPekyCV+ON*Wng6t|W()mju;gEzA4S+OmVHy&#7wM)I6Xpo(vXqZC5
zHtn|IXrR%il8^-1LpVT<wVqDKWk1v%^);a6W72%hUt?FJZ1WhBziT(NE8P&|;<?Lf
z{ZeU=o@>ziv+ZVsox*v6dhJP`<9wxlA<r+x!^7&atC=xoiOSXk>r-6Mv~f<(#0y8m
zbiB232O7EsBplLWX~z604+o?nQH*WYXkJu<3v2A_3EoE-QcPGmn9SN-t&hbhP&K1r
zHLdw2GwfFfnH36qTFvU*V%eM>_Ei+C4^^3|W!9;X5NRRt4hjZLH`zHwD3Y*(GcL9T
zzsAhg4vh`RbGt7jI0<};F0@@KhZk{|_5ke~+Fb15`le_nGNT<bly#H+FAR_bRHpvZ
z`zmXr?4tRUSv9G<Dh=5sNRCvh$&pIquKVNl_1J}MekqArHmEGbo{a!Qu}fAj+m+qT
zTq}Qo%1p3uSnEc<TF?r9oT*&OR`9x8zHYsAP`;B*S+}j^;nwa>RK%8r>Ug#b4UAXh
z=ta3iBhK>HYzqoC8_l@xt5fVLnuOJq%axFoJPp}!*D^{N5)JG%Q_N=bF8RbFduC^|
zu)f7-@mSMs?)q3b6gF0S;s*T5TWdW#DvW#U*wO8e>F@9AWcHfDDnUYldG4*t*H3%a
z-pA!#R~{8`+4;(&EDfW*MJE%k9_w5fw+?@2am%p#zGL@-JoL01LOl^NDK$43X&0H;
zon%omo-8V`P9=+?AoaQ?DCXAE39tJ_y9`Wt-8spG*TagPlHr(zo%Se3kUQZWd9*o^
z#%!+>-a8s;b>}iWkX?K0XQrvT#&y%HA!-z|>vF<6lQd=eC7uC_%;b11YRbk3_ROhO
zvJ#kF%Y%Ici``ucd%Gfj!(tu<G^Q#`D_g3jYl+p*>|Ri2-o42BAgHvLSZ%y+0@s=%
zk^Cfgbd&g_1V6iHCtkN6lgxl7UUx{8b`~o)8-%C8SaW!L+r{jUQE@CRrXx0ZOS$HD
zm3%wMavJNS(nHK*L)cxZrCv{ahsoWv`O&k-g{4HYgKQi`uvy5Fcs)TmCZ^m(INUfb
za-LRsr09vGbc8A5xceOG4G1)=_K~kQ7^^>;dCdupnGFe;F@+JYH!N(mv$Quh3g|r8
zSiX3=U`&+P)RRVLe{E31+~X%(>zQ`c?UONP@70re9!+~2O2vjw&56cie5TZfh&?Xg
zNy6?s<8}v{Xv^_7WY6h2cVC&@Wo73pQ(ymjua9M+GE&6{yuQ$EB+ggF<Mr|8!0W5V
zX<Ud)o?EgvYvCm7Z#?fCmBX2v3*=eBV9X=w#-I==p6XehpYl9DPN3RI_7Ok?sWOI$
zu|^=leD<4ruP&Bj{Ci`-3lKus=26`kBt)ZJ%C?K<2mU-Sf27@rN~WXT6oP6>XLx)K
zJgxHfr}4Og`vgH`7Tc9->5}G0mVTyDL#uu^wW?-IezNB!lWIfkC)zHgjWBx`BiflV
zzcuC!$%4G3Z+K?Prn0-&*Y?dU?N=;<Is5H1=B{1Ive>xutMw<#{*idh(@#F9*<QCV
zzF1Rk`;v?Gw4u0$61CK>W&OktgmB$>U&&)J<V8-iVY8gv<+7AsCuC>&)|{ns<7cTc
z`qh?|+bu-ky578W_33JMhQYL*p;wk;7b};_7U%wyP@tg)iA;^A0Kpb%D8Ut{Lu1x@
z{Y_65S=d1YQt!sD7h_(+HD4^3{VE=i?PVEE^B&`}HrffHKKI6BN4fGw2Df2RCwoeE
zg%0dKd0kdMag}6;-!|?I$R!$1XWzcLXrAZ9#KmtcJwq+>vU&uE3uU1lrJ@$?DM^0K
zg|@Eq_0ZPF6|FSb2$!2$h~gIJZd@AuKi0wn<3#!t2@LH+K^}BZq#2Jw>^PA>8uD<V
zMQlLNa6<tvMDsPLIVWFsY+gA`S<A+Ps<$b7gj4jXscwTs=R6HNZ;G}?8n1c`?QODe
z{T$d=#yH*Mm0?1r4RP7lc>l*_&QG$n$30Qo7c<`GzIMAyWUKQYi_^(=aaz8#d2!kt
z45Fi6J(<CfA!dLWmBeex*DGOfbGSCl-{&@+*Wa_*g??QYjn+HuA_#jeUsmjsaTcrV
zO@MpzxoZ)ZYX*7A?A{unlwDEgyL4b54gxc8tm1DW0^l)IF00qd!Mp{i+Z3?pt?c?D
zU^7lq(u?x!l^eIXbdO$2<)N!y%zC-|<iT7%sdmrj<%}k}XP3jqK<CBt%fxx?lNaEk
zEnUTyvw5wB>#Z=0TbHyhp22p7y<2*c;jq}Ux;C7&48$wUYP}vmH!PO}!gU;fkn}})
za@8<Tz9oGYSUIC_LrcCRw-A&BD|mUgq^+fGY0HvROk3NEwi8ci<CxLyCuxiI<C0HM
z{0Fp<$Ac{cyxd-4s43fYR<I*%+0;Lyr>kd8bEn#7u>Ys*7A<<tTVc{*Te^ssZ(($*
zbwnKF^i2b6TTX72bCa-zXT(?$<qC81V3^LB{5mrEb!77E$mG|N$*&`mUq|d`s>!b-
zgeoiZ4-}JMM-=Y6$G+?-khjYAGgAE{$mG|N$*&{zZ!oX>731~4Xia_{X}o@Hd~BKg
zIx_ingzs_9Z>}1jLngnDOnx2F`>M&WBa>f8Ccln&lV3-gKY%p;Ll&P-CclpC`Tb?`
U>&WESk^H;G1Ya}$|9&0$ZznK{ng9R*

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 26677ce7..c10c8da2 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -725,12 +725,6 @@ msgstr "Cancel"
 msgid "Enable this option to log <code>openvpn</code> activity."
 msgstr "Enable this option to log <code>openvpn</code> activity."
 
-msgid "Cancel"
-msgstr "Cancel"
-
-msgid "Cancel"
-msgstr "Cancel"
-
 #: includes/torproxy.php
 msgid "TOR is not running"
 msgstr "TOR is not running"
@@ -856,3 +850,74 @@ msgstr "Invalid custom IP address found on line "
 msgid "Invalid custom host found on line "
 msgstr "Invalid custom host found on line "
 
+#: includes/wireguard.php
+
+msgid "Tunnel settings"
+msgstr "Tunnel settings"
+
+msgid "Enable tunnel"
+msgstr "Enable tunnel"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
+msgstr "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
+
+msgid "Local public key"
+msgstr "Local public key"
+
+msgid "Local Port"
+msgstr "Local Port"
+
+msgid "IP Address"
+msgstr "IP Address"
+
+msgid "DNS"
+msgstr "DNS"
+
+msgid "Peer"
+msgstr "Peer"
+
+msgid "Enable endpoint"
+msgstr "Enable endpoint"
+
+msgid "Peer public key"
+msgstr "Peer public key"
+
+msgid "Endpoint address"
+msgstr "Endpoint address"
+
+msgid "Allowed IPs"
+msgstr "Allowed IPs"
+
+msgid "Persistent keepalive"
+msgstr "Persistent keepalive"
+
+msgid "Display WireGuard status"
+msgstr "Display WireGuard status"
+
+msgid "Enable this option to display an updated WireGuard status."
+msgstr "Enable this option to display an updated WireGuard status."
+
+msgid "Scan this QR code with your client to connect to this tunnel"
+msgstr "Scan this QR code with your client to connect to this tunnel"
+
+msgid "Start WireGuard"
+msgstr "Start WireGuard"
+
+msgid "Stop WireGuard"
+msgstr "Stop WireGuard"
+
+msgid "Information provided by wireguard"
+msgstr "Information provided by wireguard"
+
+msgid "Attempting to start WireGuard"
+msgstr "Attempting to start WireGuard"
+
+msgid "Attempting to stop WireGuard"
+msgstr "Attempting to stop WireGuard"
+
+msgid "WireGuard configuration updated successfully"
+msgstr "WireGuard configuration updated successfully"
+
+msgid "WireGuard configuration failed to be updated"
+msgstr "WireGuard configuration failed to be updated"
+
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index a4d80f5a..0d29b429 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -65,7 +65,7 @@
       <figure class="figure">
         <?php if ($wg_penabled == true ) : ?>
         <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
-        <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this RaspAP."); ?></figcaption>
+        <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this tunnel"); ?></figcaption>
         <?php endif; ?>
       </figure>
     </div>

From 03acf8f92c481d9e545769231525d267e0183409 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 8 Mar 2021 08:59:38 +0000
Subject: [PATCH 59/74] Minor: update timestamp

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 21077 -> 21077 bytes
 locale/en_US/LC_MESSAGES/messages.po |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index 23c18e522906eee2d279c4e0bd2565f0ffd271c1..fd81791e6c75dcabb201ea6f86cf88f95198c69e 100644
GIT binary patch
delta 28
kcmcb*gz@SU#tmtvyoS04#<~U;3I>)|1_qmpO&`es0FLMh9{>OV

delta 28
kcmcb*gz@SU#tmtvyau`k#=1t93I+yN2Bw>fO&`es0FKEC9RL6T

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index c10c8da2..3170fa4e 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: 1.2.1\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2020-03-29 00:05+0000\n"
+"PO-Revision-Date: 2021-03-08 09:00+0000\n"
 "Last-Translator: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "Language-Team: \n"
 "Language: en_US\n"

From 445b0af4b56d7cda80efa5f1bc5f8cf38c149824 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 09:51:15 +0000
Subject: [PATCH 60/74] Add @zbchristian's token option, fix private repo
 handling

---
 installers/common.sh   | 78 ++++++++++++++++++++++++++++++++++++++++--
 installers/raspbian.sh | 34 ++++++++++++------
 2 files changed, 99 insertions(+), 13 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index 6acb021f..d38c0b4f 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -26,9 +26,15 @@ readonly raspap_adblock="/etc/dnsmasq.d/090_adblock.conf"
 readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
 readonly raspap_network="$raspap_dir/networking/"
 readonly rulesv4="/etc/iptables/rules.v4"
+readonly raspap_client_scripts="/usr/local/sbin"
 readonly notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
 webroot_dir="/var/www/html"
-git_source_url="https://github.com/$repo"  # $repo from install.raspap.com
+
+if [ "$insiders" == 1 ]; then
+    repo="RaspAP/raspap-insiders"
+    branch=${RASPAP_INSIDERS_LATEST}
+fi
+git_source_url="https://github.com/$repo"
 
 # NOTE: all the below functions are overloadable for system-specific installs
 function _install_raspap() {
@@ -50,6 +56,8 @@ function _install_raspap() {
     _configure_networking
     _prompt_install_adblock
     _prompt_install_openvpn
+    _prompt_install_wireguard
+    _install_client_config
     _patch_system_files
     _install_complete
 }
@@ -77,7 +85,7 @@ function _config_installation() {
     fi
     echo "${opt[1]} lighttpd directory: ${webroot_dir}"
     if [ "$upgrade" == 1 ]; then
-        echo "This will upgrade your existing install to version ${RASPAP_LATEST}"
+        echo "This will upgrade your existing install to version ${RASPAP_RELEASE}"
         echo "Your configuration will NOT be changed"
     fi
     echo -n "Complete ${opt[2]} with these values? [Y/n]: "
@@ -145,6 +153,7 @@ function _install_dependencies() {
     echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
     echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
     sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_status 1 "Unable to install dependencies"
+    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies"
     _install_status 0
 }
 
@@ -170,6 +179,11 @@ function _create_raspap_directories() {
     # Create a directory to store networking configs
     echo "Creating $raspap_dir/networking"
     sudo mkdir -p "$raspap_dir/networking"
+    # Copy existing dhcpcd.conf to use as base config
+    echo "Adding /etc/dhcpcd.conf as base configuration"
+    cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null
+    echo "Changing file ownership of $raspap_dir"
+    sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_status 1 "Unable to change file ownership for '$raspap_dir'"
 }
 
 # Generate hostapd logging and service control scripts
@@ -313,6 +327,49 @@ function _prompt_install_openvpn() {
     fi
 }
 
+# Prompt to install WireGuard
+function _prompt_install_wireguard() {
+    if [ "$insiders" == 1 ]; then
+        _install_log "Configure WireGuard support"
+        echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
+        if [ "$assume_yes" == 0 ]; then
+            read answer < /dev/tty
+            if [ "$answer" != "${answer#[Nn]}" ]; then
+                echo -e
+            else
+                _install_wireguard
+            fi
+        elif [ "$wg_option" == 1 ]; then
+            _install_wireguard
+        else
+            echo "(Skipped)"
+        fi
+    fi
+}
+
+# Install Wireguard from the Debian unstable distro
+function _install_wireguard() {
+    _install_log "Configure WireGuard support"
+    if [ "$OS" == "Raspbian" ]; then
+        echo "Installing raspberrypi-kernel-headers"
+        sudo apt-get install $apt_option raspberrypi-kernel-headers || _install_status 1 "Unable to install raspberrypi-kernel-headers"
+    fi
+    echo "Installing WireGuard from Debian unstable distro"
+    echo "Adding Debian distro"
+    echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
+    sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
+    echo "Adding Debian distro keys"
+    sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
+    printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
+    echo "Installing WireGuard"
+    sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
+    echo "Enabling wg-quick@wg0"
+    sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service"
+    echo "Enabling WireGuard management option"
+    sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
+    _install_status 0
+}
+
 # Install openvpn and enable client configuration option
 function _install_openvpn() {
     _install_log "Installing OpenVPN and enabling client configuration"
@@ -464,6 +521,23 @@ function _enable_raspap_daemon() {
     sudo systemctl enable raspapd.service || _install_status 1 "Failed to enable raspap.service"
 }
 
+function _install_client_config() {
+    _install_log "Install mobile client scripts and settings"
+    # Move scripts 
+    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_client_scripts/" || _install_status 1 "Unable to move client scripts"
+    sudo chmod a+rx "$raspap_client_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts"
+    sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_client_scripts/" || _install_status 1 "Unable to move client data"
+    # wvdial settings
+    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration"
+    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings"
+    # udev rules/services to auto start mobile data services
+    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
+    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
+    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services"
+    # client configuration and udev rule templates
+    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration"
+}
+
 # Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
 function _configure_networking() {
     _install_log "Configuring networking"
diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index 469fff7f..da84a728 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -17,6 +17,7 @@
 # -a, --adblock <flag>              Used with -y, --yes, sets Adblock install option (0=no install)
 # -r, --repo, --repository <name>   Overrides the default GitHub repo (raspap/raspap-webgui)
 # -b, --branch <name>               Overrides the default git branch (master)
+# -t, --token <accesstoken>         Token to access a private repository
 # -u, --upgrade                     Upgrades an existing installation to the latest release version
 # -i, --insiders                    Installs from the Insiders Edition (raspap/raspap-insiders)
 # -v, --version                     Outputs release info and exits
@@ -36,8 +37,7 @@ set -eo pipefail
 
 function _main() {
     # set defaults
-    repo="raspap/raspap-webgui" # override with -r, --repo option
-
+    repo="RaspAP/raspap-webgui" # override with -r, --repo option
     _parse_params "$@"
     _setup_colors
     _log_output
@@ -50,6 +50,8 @@ function _parse_params() {
     upgrade=0
     ovpn_option=1
     adblock_option=1
+    insiders=0
+    acctoken=""
 
     while :; do
         case "${1-}" in
@@ -83,7 +85,10 @@ function _parse_params() {
             upgrade=1
             ;;
             -i|--insiders)
-            repo="raspap/raspap-insiders"
+            insiders=1 
+            ;;
+            -t|--token)
+            acctoken="$2"
             ;;
             -v|--version)
             _version
@@ -129,6 +134,7 @@ OPTIONS:
 -a, --adblock <flag>                Used with -y, --yes, sets Adblock install option (0=no install)
 -r, --repo, --repository <name>     Overrides the default GitHub repo (raspap/raspap-webgui)
 -b, --branch <name>                 Overrides the default git branch (latest release)
+-t, --token <accesstoken>           Token to access a private repository
 -u, --upgrade                       Upgrades an existing installation to the latest release version
 -i, --insiders                      Installs from the Insiders Edition (raspap/raspap-insiders)
 -v, --version                       Outputs release info and exits
@@ -153,7 +159,7 @@ EOF
 
 function _version() {
     _get_release
-    echo -e "RaspAP v${RASPAP_LATEST} - Simple wireless AP setup & management for Debian-based devices"
+    echo -e "RaspAP v${RASPAP_RELEASE} - Simple wireless AP setup & management for Debian-based devices"
     exit
 }
 
@@ -167,18 +173,19 @@ function _display_welcome() {
     echo -e " 88     88 88.  .88       88 88.  .88 88     88   88"
     echo -e " dP     dP  88888P8  88888P  88Y888P  88     88   dP"
     echo -e "                             88"
-    echo -e "                             dP       version ${RASPAP_LATEST}"
+    echo -e "                             dP       version ${RASPAP_RELEASE}"
     echo -e "${ANSI_GREEN}"
     echo -e "The Quick Installer will guide you through a few easy steps${ANSI_RESET}\n\n"
 }
 
 # Fetch latest release from GitHub API
 function _get_release() {
-    if [ "$repo" == "raspap/raspap-insiders" ]; then
-        readonly RASPAP_LATEST="Insiders"
-        branch="master"
+    readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
+    if [ "$insiders" == 1 ]; then
+        RASPAP_INSIDERS_LATEST=$(curl -s "https://install.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' )
+        RASPAP_RELEASE="${RASPAP_INSIDERS_LATEST} Insiders"
     else
-        readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
+        RASPAP_RELEASE="${RASPAP_LATEST}"
     fi
 }
 
@@ -214,6 +221,7 @@ function _update_system_packages() {
 
 # Fetch required installer functions
 function _load_installer() {
+
     # fetch latest release tag
     _get_release
 
@@ -223,14 +231,18 @@ function _load_installer() {
     fi
 
     UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
+    header=()
+    if [[ ! -z "$acctoken" ]]; then
+        header=(--header "Authorization: token $acctoken")
+    fi
     if [ "${install_cert:-}" = 1 ]; then
         source="mkcert"
-        wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
+        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
         source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
         _install_certificate || _install_status 1 "Unable to install certificate"
     else
         source="common"
-        wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
+        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh  -O /tmp/raspap_${source}.sh
         source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
         _install_raspap || _install_status 1 "Unable to install RaspAP"
     fi

From 76e87508bdc23cee5d10580cb2b0c00cb440269f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 09:58:05 +0000
Subject: [PATCH 61/74] Remove feature branch routines

---
 installers/common.sh | 23 -----------------------
 1 file changed, 23 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index d38c0b4f..8b532be3 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -26,7 +26,6 @@ readonly raspap_adblock="/etc/dnsmasq.d/090_adblock.conf"
 readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
 readonly raspap_network="$raspap_dir/networking/"
 readonly rulesv4="/etc/iptables/rules.v4"
-readonly raspap_client_scripts="/usr/local/sbin"
 readonly notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
 webroot_dir="/var/www/html"
 
@@ -57,7 +56,6 @@ function _install_raspap() {
     _prompt_install_adblock
     _prompt_install_openvpn
     _prompt_install_wireguard
-    _install_client_config
     _patch_system_files
     _install_complete
 }
@@ -153,7 +151,6 @@ function _install_dependencies() {
     echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
     echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
     sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_status 1 "Unable to install dependencies"
-    sudo apt-get install wvdial socat bc || _install_status 1 "Unable to install dependencies"
     _install_status 0
 }
 
@@ -179,9 +176,6 @@ function _create_raspap_directories() {
     # Create a directory to store networking configs
     echo "Creating $raspap_dir/networking"
     sudo mkdir -p "$raspap_dir/networking"
-    # Copy existing dhcpcd.conf to use as base config
-    echo "Adding /etc/dhcpcd.conf as base configuration"
-    cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null
     echo "Changing file ownership of $raspap_dir"
     sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_status 1 "Unable to change file ownership for '$raspap_dir'"
 }
@@ -521,23 +515,6 @@ function _enable_raspap_daemon() {
     sudo systemctl enable raspapd.service || _install_status 1 "Failed to enable raspap.service"
 }
 
-function _install_client_config() {
-    _install_log "Install mobile client scripts and settings"
-    # Move scripts 
-    sudo cp "$webroot_dir/config/client_config/"*.sh "$raspap_client_scripts/" || _install_status 1 "Unable to move client scripts"
-    sudo chmod a+rx "$raspap_client_scripts/"*.sh  || _install_status 1 "Unable to chmod client scripts"
-    sudo cp "$webroot_dir/config/client_config/mcc-mnc-table.csv" "$raspap_client_scripts/" || _install_status 1 "Unable to move client data"
-    # wvdial settings
-    sudo cp "$webroot_dir/config/client_config/wvdial.conf" "/etc/" || _install_status 1 "Unable to install client configuration"
-    sudo cp "$webroot_dir/config/client_config/interfaces" "/etc/network/interfaces" || _install_status 1 "Unable to install interface settings"
-    # udev rules/services to auto start mobile data services
-    sudo cp "$webroot_dir/config/client_config/70-mobile-data-sticks.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
-    sudo cp "$webroot_dir/config/client_config/80-raspap-net-devices.rules" "/etc/udev/rules.d/" || _install_status 1 "Unable to install client udev rules"
-    sudo cp "$webroot_dir/config/client_config/"*.service "/etc/systemd/system/" || _install_status 1 "Unable to install client startup services"
-    # client configuration and udev rule templates
-    sudo cp "$webroot_dir/config/client_udev_prototypes.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration"
-}
-
 # Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
 function _configure_networking() {
     _install_log "Configuring networking"

From 80c525c042a1e97f8eee00a754494010fd588ef7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 10:58:15 +0000
Subject: [PATCH 62/74] Minor: update comments

---
 installers/raspbian.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index da84a728..fed9b619 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -178,7 +178,7 @@ function _display_welcome() {
     echo -e "The Quick Installer will guide you through a few easy steps${ANSI_RESET}\n\n"
 }
 
-# Fetch latest release from GitHub API
+# Fetch latest release from GitHub or RaspAP Installer API
 function _get_release() {
     readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
     if [ "$insiders" == 1 ]; then

From cb58e310895e45b26e592521a52050ac81632382 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 15:35:48 +0000
Subject: [PATCH 63/74] Handle server/peer enable states

---
 includes/wireguard.php    | 190 +++++++++++++++++++++-----------------
 installers/raspap.sudoers |   2 +
 templates/wg/general.php  |   6 +-
 templates/wg/peers.php    |   9 +-
 4 files changed, 117 insertions(+), 90 deletions(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index 00b4e962..c7f56cdd 100644
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -34,7 +34,10 @@ function DisplayWireGuardConfig()
     $wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
     $wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
     $wg_srvdns = ($conf['DNS'] == '') ? getDefaultNetValue('wireguard','server','DNS') : $conf['DNS'];
-    $wg_peerpubkey = $conf['PublicKey'];
+    $wg_peerpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-public.key', $return);
+    if (sizeof($conf) >0) {
+        $wg_senabled = true;
+    }
 
     // todo: iterate multiple peer configs
     exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $preturn);
@@ -64,6 +67,7 @@ function DisplayWireGuardConfig()
             "wg_srvport",
             "wg_srvipaddress",
             "wg_srvdns",
+            "wg_senabled",
             "wg_penabled",
             "wg_pipaddress",
             "wg_plistenport",
@@ -86,102 +90,120 @@ function SaveWireGuardConfig($status)
     // Set defaults
     $good_input = true;
     $peer_id = 1;
-    // Validate input
-    if (isset($_POST['wg_srvport'])) {
-        if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
-            $status->addMessage('Invalid value for server local port', 'danger');
-            $good_input = false;
+    // Validate server input
+    if ($_POST['wg_senabled'] == 1) {
+        if (isset($_POST['wg_srvport'])) {
+            if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
+                $status->addMessage('Invalid value for server local port', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_plistenport'])) {
+            if (strlen($_POST['wg_plistenport']) > 5 || !is_numeric($_POST['wg_plistenport'])) {
+                $status->addMessage('Invalid value for peer local port', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_srvipaddress'])) {
+            if (!validateCidr($_POST['wg_srvipaddress'])) {
+                $status->addMessage('Invalid value for server IP address', 'danger');
+                $good_input = false;
+            }
+        }
+        if (isset($_POST['wg_srvdns'])) {
+            if (!filter_var($_POST['wg_srvdns'],FILTER_VALIDATE_IP)) {
+                $status->addMessage('Invalid value for DNS', 'danger');
+                $good_input = false;
+            }
         }
     }
-    if (isset($_POST['wg_plistenport'])) {
-        if (strlen($_POST['wg_plistenport']) > 5 || !is_numeric($_POST['wg_plistenport'])) {
-            $status->addMessage('Invalid value for peer local port', 'danger');
-            $good_input = false;
+    // Validate peer input
+    if ($_POST['wg_penabled'] == 1) {
+        if (isset($_POST['wg_pipaddress'])) {
+            if (!validateCidr($_POST['wg_pipaddress'])) {
+                $status->addMessage('Invalid value for peer IP address', 'danger');
+                $good_input = false;
+            }
         }
-    }
-    if (isset($_POST['wg_srvipaddress'])) {
-        if (!validateCidr($_POST['wg_srvipaddress'])) {
-            $status->addMessage('Invalid value for server IP address', 'danger');
-            $good_input = false;
+        if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
+            $wg_pendpoint_seg = substr($_POST['wg_pendpoint'],0,strpos($_POST['wg_pendpoint'],':'));
+            if (!filter_var($wg_pendpoint_seg,FILTER_VALIDATE_IP)) {
+                $status->addMessage('Invalid value for endpoint address', 'danger');
+                $good_input = false;
+            }
         }
-    }
-    if (isset($_POST['wg_pipaddress'])) {
-        if (!validateCidr($_POST['wg_pipaddress'])) {
-            $status->addMessage('Invalid value for peer IP address', 'danger');
-            $good_input = false;
+        if (isset($_POST['wg_pallowedips']) && strlen(trim($_POST['wg_pallowedips']) >0)) {
+            if (!validateCidr($_POST['wg_pallowedips'])) {
+                $status->addMessage('Invalid value for allowed IPs', 'danger');
+                $good_input = false;
+            }
         }
-    }
-    if (isset($_POST['wg_srvdns'])) {
-        if (!filter_var($_POST['wg_srvdns'],FILTER_VALIDATE_IP)) {
-            $status->addMessage('Invalid value for DNS', 'danger');
-            $good_input = false;
-        }
-    }
-    if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
-        $wg_pendpoint_seg = substr($_POST['wg_pendpoint'],0,strpos($_POST['wg_pendpoint'],':'));
-        if (!filter_var($wg_pendpoint_seg,FILTER_VALIDATE_IP)) {
-            $status->addMessage('Invalid value for endpoint address', 'danger');
-            $good_input = false;
-        }
-    }
-    if (isset($_POST['wg_pallowedips']) && strlen(trim($_POST['wg_pallowedips']) >0)) {
-        if (!validateCidr($_POST['wg_pallowedips'])) {
-            $status->addMessage('Invalid value for allowed IPs', 'danger');
-            $good_input = false;
-        }
-    }
-    if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
-        if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
-            $status->addMessage('Invalid value for persistent keepalive', 'danger');
-            $good_input = false;
+        if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
+            if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
+                $status->addMessage('Invalid value for persistent keepalive', 'danger');
+                $good_input = false;
+            }
         }
     }
     // Save settings
     if ($good_input) {
-        // fetch private keys from filesytem
-        $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
-        $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
-
         // server (wg0.conf)
-        $config[] = '[Interface]';
-        $config[] = 'Address = '.$_POST['wg_srvipaddress'];
-        $config[] = 'ListenPort = '.$_POST['wg_srvport'];
-        $config[] = 'DNS = '.$_POST['wg_srvdns'];
-        $config[] = 'PrivateKey = '.$wg_srvprivkey;
-        $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
-        $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
-        $config[] = '';
-        $config[] = '[Peer]';
-        $config[] = 'PublicKey = '.$_POST['wg-peer'];
-        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-        if ($_POST['wg_pkeepalive'] !== '') {
-            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+        if ($_POST['wg_senabled'] == 1) {
+            // fetch server private key from filesytem
+            $wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+            $config[] = '[Interface]';
+            $config[] = 'Address = '.$_POST['wg_srvipaddress'];
+            $config[] = 'ListenPort = '.$_POST['wg_srvport'];
+            $config[] = 'DNS = '.$_POST['wg_srvdns'];
+            $config[] = 'PrivateKey = '.$wg_srvprivkey;
+            $config[] = 'PostUp = '.getDefaultNetValue('wireguard','server','PostUp');
+            $config[] = 'PostDown = '.getDefaultNetValue('wireguard','server','PostDown');
+            $config[] = '';
+            $config[] = '[Peer]';
+            $config[] = 'PublicKey = '.$_POST['wg-peer'];
+            $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+            if ($_POST['wg_pkeepalive'] !== '') {
+                $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+            }
+            $config[] = '';
+            $config = join(PHP_EOL, $config);
+
+            file_put_contents("/tmp/wgdata", $config);
+            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
+        } else {
+            # remove selected conf + keys
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_CONFIG, $return);
         }
-        $config[] = '';
-        $config = join(PHP_EOL, $config);
-
-        file_put_contents("/tmp/wgdata", $config);
-        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
-
         // client1 (client.conf)
-        $config = [];
-        $config[] = '[Interface]';
-        $config[] = 'Address = '.trim($_POST['wg_pipaddress']);
-        $config[] = 'PrivateKey = '.$wg_peerprivkey;
-        $config[] = 'ListenPort = '.$_POST['wg_plistenport'];
-        $config[] = '';
-        $config[] = '[Peer]';
-        $config[] = 'PublicKey = '.$_POST['wg-server'];
-        $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
-        $config[] = 'Endpoint = '.$_POST['wg_pendpoint'];
-        if ($_POST['wg_pkeepalive'] !== '') {
-            $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
-        }
-        $config[] = '';
-        $config = join(PHP_EOL, $config);
+        if ($_POST['wg_penabled'] == 1) {
+            // fetch peer private key from filesystem 
+            $wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+            $config = [];
+            $config[] = '[Interface]';
+            $config[] = 'Address = '.trim($_POST['wg_pipaddress']);
+            $config[] = 'PrivateKey = '.$wg_peerprivkey;
+            $config[] = 'ListenPort = '.$_POST['wg_plistenport'];
+            $config[] = '';
+            $config[] = '[Peer]';
+            $config[] = 'PublicKey = '.$_POST['wg-server'];
+            $config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
+            $config[] = 'Endpoint = '.$_POST['wg_pendpoint'];
+            if ($_POST['wg_pkeepalive'] !== '') {
+                $config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
+            }
+            $config[] = '';
+            $config = join(PHP_EOL, $config);
 
-        file_put_contents("/tmp/wgdata", $config);
-        system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+            file_put_contents("/tmp/wgdata", $config);
+            system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
+        } else {
+             # remove selected conf + keys
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH .'wg-peer-public.key', $return);
+            system('sudo rm '. RASPI_WIREGUARD_PATH.'client.conf', $return);
+        }
 
         // handle log option
         if ($_POST['wg_log'] == "1") {
diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 9aded5a3..18e4ddf8 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -50,4 +50,6 @@ www-data ALL=(ALL) NOPASSWD:/bin/systemctl * wg-quick@wg0
 www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/*.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg-*.key
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/*.conf
+www-data ALL=(ALL) NOPASSWD:/bin/rm /etc/wireguard/wg-*.key
 
diff --git a/templates/wg/general.php b/templates/wg/general.php
index b3235e88..06d09811 100644
--- a/templates/wg/general.php
+++ b/templates/wg/general.php
@@ -4,13 +4,13 @@
     <div class="col-md-6">
       <h4 class="mt-3"><?php echo _("Tunnel settings"); ?></h4>
         <div class="input-group">
-          <input type="hidden" name="tunnel-enable" value="0">
           <div class="custom-control custom-switch">
-            <input class="custom-control-input" id="tunnel-enable" type="checkbox" name="tunnel-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="tunnel-description">
-          <label class="custom-control-label" for="tunnel-enable"><?php echo _("Enable tunnel") ?></label>
+            <input class="custom-control-input" id="server_enabled" type="checkbox" name="wg_senabled" value="1" <?php echo $wg_senabled ? ' checked="checked"' : "" ?> aria-describedby="server-description">
+          <label class="custom-control-label" for="server_enabled"><?php echo _("Enable server") ?></label>
         </div>
         <p id="wg-description">
           <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
+          <small><?php echo _("This option adds <code>wg0.conf</code> to the WireGuard configuration.") ?></small>
         </p>
         </div>
 
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 0d29b429..319cc0f9 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -4,12 +4,15 @@
     <div class="col-md-6">
       <h4 class="mt-3"><?php echo _("Peer"); ?></h4>
         <div class="input-group">
-          <input type="hidden" name="endpoint-enable" value="0">
           <input type="hidden" name="peer_id" value="1">
           <div class="custom-control custom-switch">
-            <input class="custom-control-input" id="endpoint_enable" type="checkbox" name="endpoint-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
-          <label class="custom-control-label" for="endpoint_enable"><?php echo _("Enable endpoint") ?></label>
+            <input class="custom-control-input" id="peer_enabled" type="checkbox" name="wg_penabled" value="1" <?php echo $wg_penabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
+          <label class="custom-control-label" for="peer_enabled"><?php echo _("Enable peer") ?></label>
         </div>
+        <p id="wg-description">
+          <small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer.") ?></small>
+          <small><?php echo _("This option adds <code>client.conf</code> to the WireGuard configuration.") ?></small>
+        </p>
      </div>
 
       <div class="row">

From 63267cd225fbb9863082a964454a70ab7a455513 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 15:41:03 +0000
Subject: [PATCH 64/74] Update en_US locale

---
 locale/en_US/LC_MESSAGES/messages.po | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 3170fa4e..dcd00a5c 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -855,12 +855,15 @@ msgstr "Invalid custom host found on line "
 msgid "Tunnel settings"
 msgstr "Tunnel settings"
 
-msgid "Enable tunnel"
-msgstr "Enable tunnel"
+msgid "Enable server"
+msgstr "Enable server"
 
 msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
 msgstr "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
 
+msgid "This option adds <code>wg0.conf</code> to the WireGuard configuration."
+msgstr "This option adds <code>wg0.conf</code> to the WireGuard configuration."
+
 msgid "Local public key"
 msgstr "Local public key"
 
@@ -876,8 +879,14 @@ msgstr "DNS"
 msgid "Peer"
 msgstr "Peer"
 
-msgid "Enable endpoint"
-msgstr "Enable endpoint"
+msgid "Enable peer"
+msgstr "Enable peer"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer."
+msgstr "Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer."
+
+msgid "This option adds <code>client.conf</code> to the WireGuard configuration."
+msgstr "This option adds <code>client.conf</code> to the WireGuard configuration."
 
 msgid "Peer public key"
 msgstr "Peer public key"

From 9a770329db894f53f6aa8b2e87cc890521f19c67 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 9 Mar 2021 17:54:30 +0000
Subject: [PATCH 65/74] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index f754d941..3cdbbc68 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/DpgvLIO.png)
-[![Release 2.7.1](https://img.shields.io/badge/release-v2.7.1-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.7.2](https://img.shields.io/badge/release-v2.7.2-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.
 
diff --git a/includes/defaults.php b/includes/defaults.php
index f6009f17..34e08378 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,7 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
-  'RASPI_VERSION' => '2.7.1',
+  'RASPI_VERSION' => '2.7.2',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
   'RASPI_WIFI_AP_INTERFACE' => 'wlan0',
diff --git a/index.php b/index.php
index 59549062..60c6088b 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 2.7.1
+ * @version 2.7.2
  * @link    https://github.com/raspap/raspap-insiders/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/

From 3ab90f64b7ae81131c9817bbb4e31c29358b73cb Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Fri, 12 Mar 2021 15:55:43 +0100
Subject: [PATCH 66/74] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 3cdbbc68..6a974b35 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ As part of the initial rollout of Insiders, all previous one-time backers of Ras
 > ℹ️ **Important**: If you're [sponsoring](https://github.com/sponsors/RaspAP) RaspAP through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator. <sup>[2](#footnote-2)</sup>
 
 ## Exclusive features
-When backers were asked which feature they'd most like to see added to RaspAP, the ability to manage multiple OpenVPN client configurations topped the list of requests. Therefore, we're adding this as the first feature exclusive to insiders. 
+The following features are currently available exclusively to sponsors. A tangible side benefit of sponsorship is that Insiders are able to help steer future development of RaspAP. This is done through your Insiders access to discussions, feature requests, issues and pull requests in the private GitHub repository.
 
 ✅ Manage OpenVPN client configs  
 ✅ OpenVPN service logging  
@@ -34,7 +34,7 @@ When backers were asked which feature they'd most like to see added to RaspAP, t
 ✅ WireGuard support  
 ⚙️ Traffic shaping (in progress)  
 
-Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/orgs/RaspAP/teams/insiders/discussions) and let us know!
+Look for the list above to grow as we add more exlcusive features. Have an idea or suggestion for a future enhancement? Start or join an [Insiders discussion](https://github.com/RaspAP/raspap-insiders/discussions) and let us know!
 
 ## Funding targets
 Following is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.

From 2b3d37a68ab0b2df940c15078317314dab436447 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 14 Mar 2021 19:27:13 +0000
Subject: [PATCH 67/74] Fix for -t,--token option, thx @zbchristian

---
 installers/raspbian.sh | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/installers/raspbian.sh b/installers/raspbian.sh
index fed9b619..f340b638 100755
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@@ -15,11 +15,11 @@
 # -c, --cert, --certficate          Installs mkcert and generates an SSL certificate for lighttpd
 # -o, --openvpn <flag>              Used with -y, --yes, sets OpenVPN install option (0=no install)
 # -a, --adblock <flag>              Used with -y, --yes, sets Adblock install option (0=no install)
-# -r, --repo, --repository <name>   Overrides the default GitHub repo (raspap/raspap-webgui)
+# -r, --repo, --repository <name>   Overrides the default GitHub repo (RaspAP/raspap-webgui)
 # -b, --branch <name>               Overrides the default git branch (master)
-# -t, --token <accesstoken>         Token to access a private repository
+# -t, --token <accesstoken>         Specify a GitHub token to access a private repository
 # -u, --upgrade                     Upgrades an existing installation to the latest release version
-# -i, --insiders                    Installs from the Insiders Edition (raspap/raspap-insiders)
+# -i, --insiders                    Installs from the Insiders Edition (RaspAP/raspap-insiders)
 # -v, --version                     Outputs release info and exits
 # -h, --help                        Outputs usage notes and exits
 #
@@ -45,7 +45,7 @@ function _main() {
 }
 
 function _parse_params() {
-    # default flag values
+    # default option values
     assume_yes=0
     upgrade=0
     ovpn_option=1
@@ -89,6 +89,7 @@ function _parse_params() {
             ;;
             -t|--token)
             acctoken="$2"
+            shift
             ;;
             -v|--version)
             _version
@@ -132,11 +133,11 @@ OPTIONS:
 -c, --cert, --certificate           Installs an SSL certificate for lighttpd
 -o, --openvpn <flag>                Used with -y, --yes, sets OpenVPN install option (0=no install)
 -a, --adblock <flag>                Used with -y, --yes, sets Adblock install option (0=no install)
--r, --repo, --repository <name>     Overrides the default GitHub repo (raspap/raspap-webgui)
+-r, --repo, --repository <name>     Overrides the default GitHub repo (RaspAP/raspap-webgui)
 -b, --branch <name>                 Overrides the default git branch (latest release)
--t, --token <accesstoken>           Token to access a private repository
+-t, --token <accesstoken>           Specify a GitHub token to access a private repository
 -u, --upgrade                       Upgrades an existing installation to the latest release version
--i, --insiders                      Installs from the Insiders Edition (raspap/raspap-insiders)
+-i, --insiders                      Installs from the Insiders Edition (RaspAP/raspap-insiders)
 -v, --version                       Outputs release info and exits
 -h, --help                          Outputs usage notes and exits
 
@@ -173,7 +174,7 @@ function _display_welcome() {
     echo -e " 88     88 88.  .88       88 88.  .88 88     88   88"
     echo -e " dP     dP  88888P8  88888P  88Y888P  88     88   dP"
     echo -e "                             88"
-    echo -e "                             dP       version ${RASPAP_RELEASE}"
+    echo -e "                             dP      version ${RASPAP_RELEASE}"
     echo -e "${ANSI_GREEN}"
     echo -e "The Quick Installer will guide you through a few easy steps${ANSI_RESET}\n\n"
 }
@@ -182,10 +183,10 @@ function _display_welcome() {
 function _get_release() {
     readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
     if [ "$insiders" == 1 ]; then
-        RASPAP_INSIDERS_LATEST=$(curl -s "https://install.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' )
-        RASPAP_RELEASE="${RASPAP_INSIDERS_LATEST} Insiders"
+        readonly RASPAP_INSIDERS_LATEST=$(curl -s "https://install.raspap.com/repos/RaspAP/raspap-insiders/releases/latest/" | grep -Po '"tag_name": "\K.*?(?=")' )
+        readonly RASPAP_RELEASE="${RASPAP_INSIDERS_LATEST} Insiders"
     else
-        RASPAP_RELEASE="${RASPAP_LATEST}"
+        readonly RASPAP_RELEASE="${RASPAP_LATEST}"
     fi
 }
 
@@ -221,7 +222,6 @@ function _update_system_packages() {
 
 # Fetch required installer functions
 function _load_installer() {
-
     # fetch latest release tag
     _get_release
 
@@ -230,11 +230,13 @@ function _load_installer() {
         branch=$RASPAP_LATEST
     fi
 
-    UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
+    # add optional auth token header if defined with -t, --token option
     header=()
     if [[ ! -z "$acctoken" ]]; then
         header=(--header "Authorization: token $acctoken")
     fi
+
+    UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
     if [ "${install_cert:-}" = 1 ]; then
         source="mkcert"
         wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
@@ -242,7 +244,7 @@ function _load_installer() {
         _install_certificate || _install_status 1 "Unable to install certificate"
     else
         source="common"
-        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh  -O /tmp/raspap_${source}.sh
+        wget "${header[@]}" -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
         source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
         _install_raspap || _install_status 1 "Unable to install RaspAP"
     fi

From ee634c4b50f8032290bc35e26655234b80006667 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Mar 2021 10:11:36 +0000
Subject: [PATCH 68/74] Initial commit: ajax fetch wg client.conf

---
 ajax/networking/get_wgcfg.php | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 ajax/networking/get_wgcfg.php

diff --git a/ajax/networking/get_wgcfg.php b/ajax/networking/get_wgcfg.php
new file mode 100644
index 00000000..6a9d771d
--- /dev/null
+++ b/ajax/networking/get_wgcfg.php
@@ -0,0 +1,9 @@
+<?php
+
+require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+
+// fetch wg client.conf
+exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $return);
+echo implode(PHP_EOL,$return);
+

From 1c158eade71858a7552411bf1a5d3377252129ad Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Mar 2021 10:12:18 +0000
Subject: [PATCH 69/74] Add handler for wg client.conf download

---
 app/js/custom.js | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/app/js/custom.js b/app/js/custom.js
index b2214c9c..72f363de 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -361,6 +361,26 @@ $('.wg-keygen').click(function(){
     })
 })
 
+// Handler for wireguard client.conf download
+$('.wg-client-dl').click(function(){
+    var req = new XMLHttpRequest();
+    var url = 'ajax/networking/get_wgcfg.php';
+    req.open('get', url, true);
+    req.responseType = 'blob';
+    req.setRequestHeader('Content-type', 'text/plain; charset=UTF-8');
+    console.log(req);
+    req.onreadystatechange = function (event) {
+        if(req.readyState == 4 && req.status == 200) {
+            var blob = req.response;
+            var link=document.createElement('a');
+            link.href=window.URL.createObjectURL(blob);
+            link.download = 'client.conf';
+            link.click();
+        }
+    }
+    req.send();
+})
+
 // Event listener for Bootstrap's form validation
 window.addEventListener('load', function() {
     // Fetch all the forms we want to apply custom Bootstrap validation styles to

From a89140435b570449ddec99c181a076773ec2aab4 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Mar 2021 10:30:36 +0000
Subject: [PATCH 70/74] Update peer template w/ download button

---
 templates/wg/peers.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index 319cc0f9..d4347575 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -36,7 +36,7 @@
       </div>
 
       <div class="row">
-        <div class="form-group col-md-6">
+        <div class="form-group col-xs-3 col-sm-6">
           <label for="code"><?php echo _("IP Address"); ?></label>
           <input type="text" class="form-control" name="wg_pipaddress" value="<?php echo htmlspecialchars($wg_pipaddress, ENT_QUOTES); ?>" />
         </div>
@@ -65,10 +65,14 @@
     </div>
 
     <div class="col-md-6 mt-5">
-      <figure class="figure">
+      <figure class="figure w-75 ml-3">
         <?php if ($wg_penabled == true ) : ?>
         <img src="app/img/wg-qr-code.php" class="figure-img img-fluid" alt="RaspAP Wifi QR code" style="width:100%;">
-        <figcaption class="figure-caption"><?php echo _("Scan this QR code with your client to connect to this tunnel"); ?></figcaption>
+        <figcaption class="figure-caption">
+          <?php echo _("Scan this QR code with your client to connect to this tunnel"); ?>
+          <?php echo _("or download the <code>client.conf</code> file to your device."); ?>
+        </figcaption>
+        <button class="btn btn-outline-secondary rounded-right wg-client-dl mt-2" type="button"><?php echo _("Download"); ?> <i class="fas fa-download ml-1"></i></button> 
         <?php endif; ?>
       </figure>
     </div>

From 319f917071ffb05fe2dd0f8d785fafc2ff6a942c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Mar 2021 10:31:17 +0000
Subject: [PATCH 71/74] Update w/ wg download msgs

---
 locale/en_US/LC_MESSAGES/messages.po | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index dcd00a5c..74627378 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -909,6 +909,12 @@ msgstr "Enable this option to display an updated WireGuard status."
 msgid "Scan this QR code with your client to connect to this tunnel"
 msgstr "Scan this QR code with your client to connect to this tunnel"
 
+msgid "or download the <code>client.conf</code> file to your device."
+msgstr "or download the <code>client.conf</code> file to your device."
+
+msgid "Download"
+msgstr "Download"
+
 msgid "Start WireGuard"
 msgstr "Start WireGuard"
 

From c7c8eacb0ceea8a64894897b5d3c58a93e511fc7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 15 Mar 2021 10:38:14 +0000
Subject: [PATCH 72/74] Minor: remove debug output

---
 app/js/custom.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 72f363de..d5047558 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -368,7 +368,6 @@ $('.wg-client-dl').click(function(){
     req.open('get', url, true);
     req.responseType = 'blob';
     req.setRequestHeader('Content-type', 'text/plain; charset=UTF-8');
-    console.log(req);
     req.onreadystatechange = function (event) {
         if(req.readyState == 4 && req.status == 200) {
             var blob = req.response;

From 3c83dde059c017059246f900f93cba3c9da2fdb9 Mon Sep 17 00:00:00 2001
From: Bill Zimmerman <billzimmerman@gmail.com>
Date: Thu, 18 Mar 2021 08:35:25 +0100
Subject: [PATCH 73/74] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6a974b35..df67af3e 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![](https://i.imgur.com/DpgvLIO.png)
+![](https://i.imgur.com/TCJKWT4.png)
 [![Release 2.7.2](https://img.shields.io/badge/release-v2.7.2-green)](https://github.com/raspap/raspap-insiders/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 Welcome to **RaspAP Insiders**. You, the members of the Insiders community, support the sponsorware release model, which means that new features are first exclusively released to sponsors as part of Insiders. Read on for details about how this strategy works—and *thank you* for joining us on this journey.

From 1b47fcf2a96dfcf6f3a0c57a88f30580331d3ae0 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 20 Mar 2021 14:58:06 +0000
Subject: [PATCH 74/74] Update it_IT locale, thx Ioma Taani

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 21077 -> 21775 bytes
 locale/it_IT/LC_MESSAGES/messages.mo | Bin 18771 -> 23425 bytes
 locale/it_IT/LC_MESSAGES/messages.po | 136 ++++++++++++++++++++++++++-
 3 files changed, 134 insertions(+), 2 deletions(-)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index fd81791e6c75dcabb201ea6f86cf88f95198c69e..d9fec98abcf58d48890136d8e32d629fd951ac0e 100644
GIT binary patch
literal 21775
zcmeI3eViOcna3LffrNxWcnj|h1hRqbW<z)hNeCpn30cT)mh2|s@HF<!^zJs9=^mzM
zcC#SHi}(Vby!lG-H7Y2+g5oLoisAu>9OoMxDsqbFTU1m~PE_vutE!%vO|p9G=l<K#
zXTM$5-BnLL_0&^UUEztD`@G5H*SeSI9RshP;(0f6y>q5=J+J*p&uf7TU<@yX2f_#7
zH24_YAN~*?0e=D4z{y8>-dflPRn&Xn0q~RXXm~H21fPJ1!S6%8{~X*89>hb3!&y+}
z&xZ%YMNs8j2oHrDp!C@c_5Ky`Sa=iU|K7(OAA&0H$58Ej0aBHB3<>dUsB+dpl@q{y
z;i${s3TKeM4obgwK(*^um;Y(lL;3+IeP^MBcmkXZPldAA0;u<wK~(ToLFtu)nBE(O
zQ{gM2+IbyRz1!i7;O$U)O+L<Y8kF8MVFjK5Wv4en)psjYeIIw}d*D3M_rrtWvv3uh
ze7v<wH&nfsLD_d0s-Ip5rPuXP^>26g-vy=jUGDzpq5AVdD7~MASHq{F>`?RV{g=Uo
zq;G<_jQ16IGJF!sZj(>IhHwTv6}CXxsSnETmqF=$6{HE?m!aPKflKd%KIsEawDy<>
z)vwE-?6m=^ogthKFNX`@R_N{Jd3V4Xmv^3oz?Rvbw-J6DE`|$Hb`y-@CGcUm2+ldh
z@}*FAzZuF7?}qA^JD}|TB`CeW0j0-pp!9nIs+~v7@jOiCwLv}C11G~0l)bBPANX>p
z=U?gax4ZOvq3m=IlwBT%K717J2cLr~PlH?iwI5Xf9t-6+EskeGRPt6p=@U6#<M;t6
zyFK92&qMk3(Q~cdXG6Ne+W@8a7O48RLG{C1q5SMNsCIk?%1&R0vfB^gA@EtaKb(Ry
zP=z-Ws;id3Dexsw_lKa$xg4sT*TSiAJ5)Q~2i3lZp!EDtI2Aq%)i2&@_Pv9l>OToe
z&xP;+xWcgq%5N`)dcW%Ow?f(Vbx?M`2}+;sP|w`~RsUz8;?4t5dOrpA{Li6jFO*%T
zFj&RopwR=$Usu3suotQwFNXZz8|9D6xfQD3k3jjseNf~0F(^I01LZ$If@<eZsCxbY
z4}b@^+WW^s>31UZ;b~Cit$}LiCaCfTp!B;O%8svq(&I+BFTB~^e<##?AAxG;T`v8A
zOFsgo&r^=ixcq(EtUj}#`u|us9j<~)VLz0fH$wIMc6a|n5ZCeUcKJ`i14;iDO22*Q
z+xAR{YKIS1|7lS6Spwz1=R=jBgVW$<sCu?Q>2WQTAHEgNfID3NosM6Cvg^Z8?S35U
z`CmYl^Bhz;Q`@Z`v!LoZ398<9D80{d`Kuk*L+PD^D!&Aog1k}3H$%1a<4|_L2de+>
zg&K$7g!1E`x%_<>*m`C`={Luv7r-vk=fePA3%lV?cmZ5|y63Hg+u$mAKkS1u7TWgZ
z9c%Cq@?Qhho?GAycsnGtdUwNv;rF2Q{S{REo`dqwNoUynSx|O49%>x5K&tdQpyKE-
zRJqqd+2tMZ5O_P(c=;Su{CFI$g@1JE?lbK;Dm%U%s+<R*`sZ;dd;S>8Kc0rF?^(y`
zXW9Idq3m}mJQtn;^<KsC3b;4vZSc&!JnvPoh4ejV+jZ7cQ1<C#Qjs6zpxT>2)wcz%
zfj2<u|6Mo}ww`0#dp=Y<*FcT?A$S-pLcPBYN}uiUaJU1i{7*yK|6VA&eFGi}pM=uq
zS*Z8-VG?91;vEB3&tk_7P~}yi{O}rh6ui~(i%{i!2dbQ(LB)qjOKkoWD0|O>(ys-o
zUF|Nv1NM;agVJ}0;|HPq<r7f$x(Dk0`{B{>5h%TOLiNief`<HRI#fGnLDf4Oz6hQH
zrPmFPZ-&zQZLk7A2xX_^=v>v;4prZ|F1-@YBfSnD1h+zsiyPoE@KLCGpMkQkx6Jm_
zVNiM<3041WsQafv>3yEN-v!m5{ZM*e2Cs%!K-u91cYpGEcAa$$Jd*rgc(R^{vfmAG
z7Q7jr3h#un(|4il{tT4f`<?IBAyDs?TzVM#q~8Q(k55AN>-|vndJ?Lgzl0h;&%*_9
z%5whT_e)@n%cU#qI_pljk#yK$*IA#1n@B$gFM*eI+V#~Pjz5L6`$;RU9ZrMNV+oYq
zyWw&0B~W@?1*P9LQ0;s-JRW`u>bb|D?Dsn;d;baU1NX-WdVV@o{%n_SgR;{~D7#z&
zeHcLLwGB>&*FyEzjZpo28<gMN>G*kg3h9TS^!bhBAs5*6LMXfSx%8``{Q7-RdVdj~
z0H1`?Z|~K%zG+bXa3Yi+Er4prDkwX>7|MSVsQ9=Q?hoGpTj1N^iSRzCa(@i>hrfm@
z=Xt1dW_H<j&4y~ne5m$qfYLMX?r(+amusQky9KKL4@2qsS*U(`$nh~KzkLeIZhvz5
zQ!cc2Jq+$g{xMMc%!X6p5~%uD!J}Xwl-@Da^CQr-7s@VgaC|>BdO-Q>Lr~>B4%Lny
z!Fh1fMYf!FsCpMc`N3MKc$<S$;Q*BXTn^RFVW|3E4G(~~K;6F$O1}?5AKnF3-nZan
z_!Fq|o`%xzc_=$hU1Rk)8tzN_B&hpyq25~r)z0%=y3eIAh0-T>e7VcN4oaULum#=*
zWrs%~A<ugPO3$OaZU4=Nx_=g&3p-tY45h~_pzM7;RD0e6)sEYt>c0!BzWbp3_d%%g
zcfx7#Stvi*yT{gZD4at2M5y=Yx%{P$7s3O`zXYn?1*qq@K$Wu%PKR%V(qjiyJs*au
z_ilI~{F2N6n&bDNp5F;o{_mjT_@uR#K2$r;g|hofsP?Xb8uy!^{J7@wuZIVc-T|fG
z9WH$j>>~Xj4B(-?cAYg0FChJ8NJ#RgU2Nm>I@m}0W~lc4-0=md_8+{?)^jqPLHZ0h
z8+JlHA3^DRB~<&iLHXzFUH%RzyL<p@9Nh^|hhK$?qpDox&VsT_3sk*lK#iBxQ1PPx
zX_EIEmwpt^BmH~FIsLYreyIK_K-seb<sVl-)wk90EiV6~Q1<%-WGeMO2ld_`9QRpo
z*ICoxUgV#KoQ(`4S0X&-U4yJbnCiR`IYbZglfL_K{brLQ_Cd8pzwaYk%$3#eH||<<
z)$Q&&!!eX0o9VX$d6l_h@9Fp+sIhyXt5?~w`9fXrTaN5BSN6}{pn#l!Y(~_7C-Cks
z;Z4Y|kz<kPk;jpLM;=6Em!BfpPkyjB@+9(p<UbJk^l6m!O?WUo3o-<~`;bGCS0m>j
z`c3BkHmLD)xia|8vGBeGH@fRzK>6BYB#&slq2KS3lPTjwB>UyK_%8B#m+^I&BCkcR
zK>itd1(N-K!o`=7{VC&*@a4#7kar=+lJ_~d8qrVwcyv=;FCwk6_ANv|`QxeF-w(N-
z>x1C6y20-b<lE-T{<#Xg200U9D0n9!|B4)f{1$l@Aw-xl1-uRV!|xHq#1HreWD0fM
z1NA$cYdPtuU=;ZQqBYOw5ygs|ks)Lz&s+xIf*jBFKf!k+Hz4}`57I(@_PdjduOPF@
zy9my3H-6<P{F}SJ7~bfv2jOwN^HO*ie3Q$68Qkiw_a%QW*GIXua6hsV`4Dmd_kCm%
zqTe#)P_BPwQtVe?6*-c;?V`(Xfqz1-My7FZs(b$l(*KR<_b~EC<N~CGd==?H<|F#O
z*TQ=mz8JX>ImMN8tGg#$imYi$&vMTk;kbZ%2{M=Tz3>yr6eRl{<({jMaSQSf*$p_)
z-K)90*TIvKMaa*Q6^MS*k+QjBjR6lwd?Y~h`<R7y9sC~h0y2ZL&w%R@{l0@lNT(9~
z+K{&*dpjK-Ql|SI55Iv-LT0+WQydS1Z$oq@@Bui2+=aXnITz9I84L6GDR=!v_+jK9
zkxwK4f}D>mMV24~h<-)nQRFz}?Z_XH?Dsw{K7zc&WqcHV5a~sxqt7Q@euk6CdyK@#
zUB(0Oo$mSz@U!kZhVMXrh#ZF8hGf70;-Vedi?Y53=fFPr9HQS57T%}CrMYEYy~Aht
z;g+COE{2Pj&d)9L+uO|l{9I5NO44duJ}G%i(`qG&2bc9ERXycW{>GKPevr?HY3i4g
zD6Xb{P%ei-#Sc<{&f0Pq&uR151!;MCuU|;Q)Q^*@pRZLaVO%Ya`f06PPAcRiaUABW
zQ9S5Z6P4-le0Pxdmlp~Z%J!D$l3LXj<SpmP;h-AUFML(Bp|{7+7b6O8<lD50ABYBP
zm7p3W@p*p#P?Y*3QL*S#b~T{>>QLw>lrdb6TirWpSQ(D;VOv(1bPJkFO5)v%Sej1?
z;j*y>EuC*N{jueRe&_0rUcVRyX-Mk|{)%Ff-%K4`2jyy5@w<An#`}F?Ri@E%1&NQ+
z)hORogvqUy>69=i`JFv|rn<1Ad~3f#DT@7akftL^rQp}f1?;E7hJ!fYbisRBUBzND
z5*E;ddW&cj^M)z956h_Na#=lCf4*7`OXaK!ty%lmuJe}fA%A032`{Jx6%^RR-JztK
zmJ@n$5BHpHce|IA{XJDi_V{&ibG)j!Rj;XrbHte2IFGk{OtR7Z6+s&1J@dCIGYoJ&
zpJ9Q?f}*z~s^Wv8XF9tWrPZcKD^Xz(bL00VoXA@-HtplFVI1U&VWG`ml~nxIjLSGE
zg?<pLkLFQQ=#M6~ieF)*gq1lAMAzqoIB`esdVft46wF0G9p!bX<BML$P!JD>42iH5
znnY|elO&~RKPRs=ik2(Ma8#h%JBHjnMFtd>Un|>;Jin_myIPYBW|t};yRQ3-eL>@}
zIz&xnhGCSi6^R@}IL1g&3H|Qn9W=r?u%8cNKPZj_qp6=mGn|tSp?ZznRCZvzxMyi?
z5%s-}q?n*s^Vm=8$uKpqmVzyt;#z4F{z{K4Jow1~Zb7<?r7??N2nT{%v1$y><58(r
zQg58z-hOtQ-!<UN>qmXMq<x+#vi>~dBMMWrvB3>xJ41yOqlCg8IsJ)lr%6%j*5Ybq
z)bCLDX9>j)zf{9hXmzd_#G6%9btLigm?@x)3dPxY+HfY9!SD=*gQzIC*(F3a1v1)<
zuVC&%l$MLZC|c!0#y*NuZ&GS<0tIiH7sW&j6Te(2FxS=*8cGm_JVm1H859}yI`!9Q
z6buXyz=D$6OlCTiOB4<|1Nxzs27_VKB?BUks!2uBvD0<N1#~{npfuVrqZm!qZ}e+o
zjfLx~Eu#z^%w*zsjGHjoVM2IT<}m(1;({Fy2l1#sG89$Av>fC^zr`RmRu6LNT;m3E
zI@RTC1h%0>F=SL*>|*FF_s`5kxV8*S2iM|4605)n^MwBDuvjeN_lyndF<spmrKUIS
zOhb<m(Ubfpx@%LA-|XfZ-ZxKSPur!9AZVtJTIzMiX(>oAAL|C$w7|4%X7qttQC;R9
z#pk7Fr54AgCmPxHti(K#X%%V0FjJL0EXPb&@EKp>7OfVd;ZSZsArT3(2k?v<a}}*m
zN<pMI>cOWNVC!to>P$xBqC(k96A$eyIG|CXY2C!y0eUXGy^2_o!!~k@K09x&H3L0+
zpk7Uy<v4Gu-^lWd$>5-x?kX;a#65TIqM%FRAB0aEPmDkErq$C85(aKG992i#viFVd
zE&xRX3grGs5N9hM>CQsUDCBEQRl>__EL~DOmz7o_CGrpqw0<!DnV>+$AC4;3T2S-{
zgG!DOrIlTqzalfL9rJ^M9;IUjDvb0JaV}yNIFBVA3Wf|-bww57k(Akmt}`_RH6nu+
zAy{`b>zaA2zruh==b5&bqAPey^OI&YO?;;R1HWK`01gq++jW!Cd4I_O(O{eqs5C_F
zcuLK3mEoFa4&ja*G%bhuh~ZPf7wq(4d)=<Jd`(7wU9D+I6J&L4ULm5ZHxvPEU#9gj
zM2#kJ%EOB_d3bTu8GW=qi@3FLP)rj79fd{oVq@i|MWHR13Ea%@u9m+-WkLdmYMKzK
zg#l(&F4}pgK1}vlE)8T5YcjyrS?}%^M8<nHjPsSzGK*>#<q4{J)}>}?82DA<M_9yC
z)sZlav%P`5gr$;MrDI18tv&k&s{O6yn=z)6$5ULR)CN|!0La$ve|ET{QR79oY8>xH
z1ubJ7MZEsevZ7Q$qqecySB}|9WwVpFa!Z)68S6RckxQ_SP;9MKxm{*C?N=ifaH|+u
zm=BfAJ-=Xs^q73sw!3HB;7XOv+k~dq-2D*-R%3=|9ZC%FR+(rN=SRKOtPsr~zpt;W
zQ{yjJAyVfF-`?tMzBE_Md$~P!LeT>*JDX6Hr9og`(Z#rv!fLl?SWS##&a$X`pj&4&
z8QClYvdxiM3)B-aF;$_B9&(Fbvxu0Vj;8bT%tYz@IIMbI<2>eO%W>}q1rx=`z3)74
z-1|}4MAT@+z(j2nW9v2U8`(x?JdIgdjr;C!toeJ~+aoyMpxMWDX^CZ~-TIZ^R3Rm}
z`+kr5vyn7Ya>_)KHf07y;zfa=$yDEzjl=AoQ!Cpi=oCc|^BEy=Z)wlf74tVDy4WRR
zW1GO-$$CqXv8W~Ft`Djsc75ccFf1=G64<>p?3!v?re+t}s9-ZP%<6d8?9^MMt-jx{
zQMx87MXVi(fJtR@_VvV$Sqza)Z9K+m|6*ov77Cs=ZweGwwqM0kDlUvf1@=wa1XQ`l
zH0<~CA;n#mYq=r?Z4ULGTX|$l2Ak8E&6FM>YWQp$%eAVfO;<J+x|_bhbi1t&yQLh9
z3wB9v3ii6gQo_DvJzK8EWr6Ezg)MP+5?6;9l8(EM$sTJ3EvtIMk@^>kF$s0Mnc5ka
z`5~_-%5OGNp(pXRVenvMXtO(}Tb0+;l164<EhkUu4${r_Oyf9i>fyz@AJLC%i%drD
ztI3!|<7<{xYHiFqC}byWRtckKy)fPa!CPxTS7qEa61v;U&LUxN-$h<8dX$GMxRKYZ
zrKkS*O<mo~oXO&b-3~n;mhl@LwKwwDvFp?l+cO^0TS=-(J}G)`GTEq*&K|V!fy{Uk
zBd7TRy{fD*m+)m~U6>Ck-0xnIUGf2Ilr2*u*~@Y?tSV!GMg0(DHDUi|Lq#`B2|BI|
z`C_O6(bWIz!jydxx9mjL{Dmyb%Rb&Hji<3gH@g;Z9V+@A%l&-FCk3{dEId8UN9Ips
zGwl{23rrwgczW}Ox{op3(6Ue89?at5;&p@=Hst1;h56Xxwsj0%7kljDke;*a9IubL
zyP^S{T{M;JZuwO$1p3%S(uS<>v&E2|h|B<OX-oJ%IX8PU@cA5IgOGcd#g+Mt)29V1
zebZ+?&5X5!&0@il-K~F+=^IK$JpIYS42`;S!BraRSDt>AHql!A@<gp_qHrIJOv26@
zoWAH0#`%oe+)Fkm^K_fiCpvr8_$p`9*^0!bvYxf65!%^q-`i!W#C-+Ku3p`>R~S%J
zH+tF}6Lww7PBVQ~RzMBCNLaPFXx6G}nPlE*=)@hTQX`gleN9_tyZB-qR&UkVn+adY
zn{Sp%K?Mh~)3}A-JbAh-JNRURo@C?%_q?zEFpER&i|rlSvuj9kSy?zylEuxIQLkSf
z)9}fD?V;T^jL&JQTMt_|=Nup&$d<NvhjtWolhv2+#$($kc+VwKM6296D@QATyXdCA
zxK-0GyE^;L+|}XC_<yXSFqAKwVzN@4=Vsfszo9g{@65{ko3x6P)=J2CzTv;Cl##*q
zzpoRBWaAmTz+%qq`u~!l_zJ>uAr6Kkz8+{^>DPChfsjL;Y#M0J$z}qRr-e^1=L!|C
z-|hqJ;b*=5nuBq*f+EB+Ex9q*aL@Je=2&hXWy?u#y*bHnV39Dw<!;9yDVb(}#2STj
z43=Qog`E!E=Qr~u*W1{;+)Vj)s@-kASY+mlvlceb7aPMII_f*PpNsHkJekf;y{3E}
zb9o!1RgqgZHDA|1`kT3UwcX0p8|_w<=3Ztk^R>)w^z_-#o#u>v#O3-q4$j;sMwBvf
zy2YhKv$G8SIV0s@6Jwn3O4+;<&Y6pfO}o9Uma!iP#~J?P>F17p#*XCiOD^hIvBRF}
zsV0-|*7xyj8>M3`FB{R>wjqmhyXNzaSdrH=(^tcV_=Kh$eN!|c%?^+~ggi3~<Dh2d
zFPLxnZC+McRyg|+mROfDlv=wAtsAr^OX9`;g0|D!7EEQOgCDeZr-M<UbwzD3ZS7AM
z`zv%5d1+KCg={<-pgGc4WXbaf`2<(g5$v+5y=z;u#at^Z-*7Rf5T`F_ZC}{hzQ}Js
zXK{P`Y3=-`t_jj=s~K;_fbHF1QA4(GY3=7Aaj{QHc8Rf=`G3>;zNy_^-7A|L)jqX@
z^*s@`RbMj}`_*tubv_@CqIiiJAUN!~>-$%=E^0jIf<-G|LK1Ch7W<2GQFZFXN%X`?
z^u$T@o({GX`wtU#IeOkDS)VTK8T7<SH2Xa}bNGDV$Sx;NqTRXk#7XqTNp#aEANOyf
z+_G@uBzoc`+MIt(oJ5az6hCni&52{v7oI(P%EU?Zo=>`s<t9#|n?A8N4zArv^TbIs
z2a*#f(fT*1=J<W$BznwY^~6bZ$)7lhw*Q#F{@+zhoJ4adogG2AGwOn$oj**RL{FSV
z_x9LxWOwANGwb>ZhP&eq4P2^m>Z@lbPNK~jwLftZ-Td!m#y#tvIEl{wo4Y-jXyPP#
S;v~B2Pn<-@-v8rC^#1~zV$K}^

literal 21077
zcmeI3d4L>MoyRMLa}pqgGaR9~azJJ>30E>;U^0_qAd?K436VsN)!j8SMY_A1uI`x(
zh|5BBSy4d+Q9)5*BPa@r0*k1Cf{L=@jesI5UTnMoPmcY3-+R^FGs(EC|Li|g<kz2i
z?^V6`d%yR4XAM7^zUws}*PKb7cQ|~_UY_?h?ysM&SkHU(5Ypf`VG;fn?gOJ4o;MY4
zfqTL?!Gq!3;VQTdu7S@%Wz})0=S_j<!oy$&PKIxU2f|CC-hU6=1Kth~f_FpZ{|&ew
zd<-g|U&907AEES_LZ*8EP<RAf2vtsxV;(BM%c1Id1LRfjUdQi4<?{!qd?xYGZg2)v
z{E={9*aD^B5~zADck$=J)r2D`eeZU>AMQ^0VJLfj6YBjRL5lKz4yD&FD2?g88L$Z+
z169u!sB+ujMtByKUfUdRh0^a+ung~qveQX3ZF$R~%IkIEjc^{}K{yRw1DC^X5LLYG
zP~|oqY3+LuR6CsjrPq9@^4nbcnNWJKbLpF)+VgxUy)S`V;Z;y}IMBE0hr<&IFNC;=
z*AI__mq6KX8^qPT+u-r=D^PZN4$AILM_Ij(fT--{94~`B;(Zv(4qt?7&+kI%vmMG_
zFTn+H>e2j6qCH`i+cS>AmhdxhJsdoiy2AV5CipkF2yR4K@oKm?d<4qQPe7IPQ>gNv
zgR=8(v#g#6LD~0YD81UD>UAE(L|zH1K3Bor;cZa%y%X*V?}K{&K^Om|3;!I-E-yjZ
zZ`y2YhZ#_MwZYxtQmFRnf@;rAP=0y7<1i!(Z!45OA9MVg<Fin9n=;3yzY5BaUkj!8
z2*kABd!Y2b2dca;LD~IrsDAq^sCv8%Wv2t@TD#4L`x8DD?g`I^JmU31HPyv%FZe;I
z^p8U2a|cvD4@1@KNvL}K0;+!d;6&2%FsSrXq1t6B)O)>9?G{4mS%qq+t&Ueg`RVnr
z3Et`A?}xJMBXAG+9VmUCgiY`{sPbQi8gHhYVD+8__56Hj>I-F;vmIX#jUG_`wG}F#
zcS6<U1~?CX7Al`#LY4bFC_mVPMD^Q4q4byu<v(+w>e&KS-V!(k_PX><P<G8h9~PkU
zdplG;KLnNE%~1N?0cFPrp!E1Q+zmeA(w~NU?{`r3{F4h$X}00%Q2NYrJjKN?hthWg
zRQqp&d&A4&>G0i9dVU+K{how-!{0!f+<Vc*&uX!HE`ri;1yp_3K-D7yRek}gyo;gy
z_fn|*Z-P_d$Dzu(2dbQ}!@c0+Q1AcD#Xs-3%Y19sX;Ae(9P0U2sC?R>@>vC?#|Ef!
zLa1`fa36S)i+_vbwNTIB1l4Z0L5<s=b$kq}o-aVz{UxaS?%Hbm;lWUT+zb`J0;-%1
zQ2IqKoWOwarLY_R46c9+7kJ(>cp>bC_d(U?fQ6Q`pz6B_D&JLbU$_w-3pYbOe-)H|
zABL*WEl~dWX&3)hC_6j~)o*?P`R6^)kH*c}C)#|^fU?6HsB$+#^^X{8yto3cfuC^U
zmmx0b9d(lBYAF3Kf@+T|pzQZvD1Z16RC(JRKkwqd2W77(pq_umaXZ|F@C)$dNuKv-
zIEQe{DR%v|9?C8cLACdHq3Zb)sB)f#tKj5Qt=>IwI^hpO)$<Oh`h5Yae?I{=zCHyH
zhA%+rvp18|LGVDR{O3X0{bZ<oR=@*bFO)umQ11^zmJr^RQ008w@vBhzJp<)$FG97;
zjK!8GLFKasDxcRujRQk2{tZxez5+_W>!9j&ql>>2t|t5tl)eWt>54O<{A4ziy;`8&
zKMhL14k*1gLAA#als{bpRnIG+%DonDgdc&@Yw~H9dqL^FFD%2EP<DC;RCzZ-m3O-f
z-wo#xeh^NBe}K#3WCkVK<t(Uj2cYbmK(*85P<p);s{CtR`um~u{*+6<7pgtK45jxE
z;a0dE$`0jM+4K>JD|=VM8SsnnIQT;-yG>qV*H2U7@q~|qvQrO~-3Orbz7WoY_dEU=
z`h;JBvV(tyZO?^J`kV!2uMKbkjG%{~Uk9t)UVo-tKTU79>!$}HCijk5YS&M%hPaM*
zx8v`j`rYvz*3OHd$~hCN{2nMfXW&ejK-u@5P=59SsCwNAkA#mvJ+~doUQ;`*efNjz
z&qqK#f3%BV?7|&TcG&=BzXJ5(5LEkL3zgpuQ0=n~sy*+8@{=z+eh1DX{4|t4doHt_
z<G2#aZi6oTK6n`6d!Y3G9y|)Z0Oc14(?}}sC@8z13guVJq3W>_%1&h{yKRO0!>gg{
zaWk9)KM9Y9k3;4Al1txXh0SLgR6etz>a`fof}K$H+YF`W7MFfCRJ+^&_1^7J<v#$W
z=eMBR>1oI9P=5LssQmX|Y13!I-3cEL_kata>a`f^xgMzUH^M{VAlwsP2KD?~p{XyF
zU2b;#95i}B`Pb7>`TQ2D9xuXq@Q^N>&oZcTyP^Cb2PeZ}C_OHMyTUg^)$<Cd@~(rb
z=j|^2UbrXW`=JjXhRW|*sCvE(mEUe>S^cI#+3`rI`n1B`;3Aj41nRwRsCxFf@SqFF
zQ2Jcv_%0WJBb2^(!8!0=C_6j@8A`n8p!94#+qU0gsPwbpTzH;~zYNNb*Ffoa6I6X}
zg-!4aP~|@iRo>%J{`(YE{*zW&yEj4k$-z+N%!PZwQ=#5(ck$;qZh}*YFF@6M1nT*>
zLFIETR6e&r>2VjF3Lk(f_Zv`pKjz|p;rKk%^OL%5{!`)Mgb#5%8LFOZq3pf^s=fhK
zKdeCc@mpN{O;F|B1*P9ZF8nAA2tNh+=e4i4>!&LrUEBLU?1e|HvGuvY@iM6TUIUfy
zEpT6WH#`=81*-nrq4awNsy@5-Sby9PDt;D}9h#x~%_(ppJO^sr+zR)F*F)L)R;Y6C
zhUy<*hZ-+_2`R#xa*hpeg!2f$(eYzY`8)>q*7H#I`y-S;ybM*|<h7QELB*d4Wv@k0
z&o6a63+_UAEt~}3j7-x_!&Tt^jYx<rM~)toPLy{uas(oqU5UI7$s_k6Er_PAxybL4
zK_tCS;O0q$Y1HU_ic9#hqcDtIjNGY!yISGbkvAbPB4;78=Ub2mk<TO35M9q8hoSQi
zOo%lwybHMzImXrH1@3c5<AuwZbGo}B-OF6E;ePHuh1y{wveZTV93Du%>)_#VGI9y`
z_ai05M}CH!hWrY-1vwLmk#<Daw~()zJNvW3-M<%Jid>KEN4`GtNACBBSHY?97^q9_
ztV`qUzQq3&{!kHI@>N}5K|YPhr_^u$6Zvms51wBI(`#443kj%?{Mtpn18Pj}bKyo@
zM&MtN<B=sug#0_wgltEyL4Jp<L|%{VP5xV95jhb#mas0|+1rcznJ&Bw;d_w}AfG|L
zi0GQ((sln)<YUP96yW+Y(rNB&pQ>>GeHZ=%yaG9Z_s@e5A+JXEB>Yx*2cqk8<h#hZ
z$b95aNEUe*(WO3r8`7hIyN2MY$koU%kPPxRWHF*^j)iv=W%YCahzq|5ekV<X-$ve!
zXnpe-awyMlhPwXE!n+B65Sc>S2s{psy>=t+T|^!XpNFqSwlq96oA}u-JiQ@)2KO6W
z_&0D?Lz-^imxg)&QSQHnJdL~)nNHkV_!DFS@>@jLA;_nYGIAg?71<q`#q-NxdOhH7
z9#13SCy;xP*SNUj;9rqzk$**+$m3bK8}d2ic4Qyo{sZoc`~|rH(RH1L_Yp_o6?cCS
z?|hv5KO;Xv=DB#`^oD!gCdhNhOA2s(0ok4RJK(#KlaWb;bu}Yx$Y&McI^4n=fQyhR
z$QooD(uKT?%tRWm!w4KfexHQrBNrjPh_0uQzaig1Za{QBfgH*6o8X6#^~n2?D)L{*
zA*4-)>2(q}-$VlBLgbgomk?cVKz8BzTNOAxv!ttM=p;Yf5)?}Lu<i8unI(Q}i}}yb
z1i8UDskCI{f_HjSDaXZuC9C6#o^m07{jwfE$Y#SN@k?=3tR#L=DuqGW4-$X&no?Mt
z-Quqel2Ut*pNqr9FUA!=TP>HvVkJM~C)H9ZE)x?Mi($4B6$kuEtUNuQ?+&tldoEWd
zZ?8QQS1T?fubn4{f=XDs@m0{dJ*)j}J|g3KybUY+{%D|D4k}SxJj3rBj1qr1%IAIZ
zt^|}{84UfHJcdfeX7^4KmWQHj*pg-@-GYXk;^K~3oSuzy;gZoAoj%`0`lIs;{mzvg
zJ$^n6l91Zv{H6IgyO}b$4@#A=?05B~mG^tYicF*DauOe<D^a!~3lm!{(I{b1@H<!c
zn&QH;;;sF1g{bJ4f+QJ^%Q?SV%3(icHWU=I4L7`(mX*)P!(k3RC^wHrMcy!3_hK1k
zT`H*sYtL6IVWE^Zp*3sYnzdg0PU6=`<#0tcD5JnmQU~KoQi^HCouoP2?vNIj{GAm>
z^!R0wI9^dC)k>=397W7+oX2Y)6|7f(X^=!&&-^w-h5@eU(=9MrkoT5G6?`!COk?Mx
zq|)$cIm!)SZv4K06M0KVhkZOYEC!i;m}~Ku$7O#d{jwMoLO&>~jpmV4=#RwJvR|gB
zgyq?EMAzm6IB`eMI)7Ch<jhSU4dr#H;qzX{U{D+g=@MZfG=ZXtjN^o?{fxZQC|WAV
zLs5=q?-+Dx8W~VneywQJ^Zc&P^lnu=klreT^uFdV_67CB${;0`=!Q|YnrGw~#4(10
za_D!rcTfrAz<xF;`aym;7)ksLn&F%@2*s=CCb9$l#XU=H^QiB2#Q7M-8vA}y3x<h#
zwGeFCRIC;@;jgr~h6g|H$1Mn#ury}zb76l_%~y<}c|0mq3u=vpt*xiF_+9<Jyne)|
zNm}QbENjoxKcX-}8#}n6Y-gw;#VDcSj+nk!$w{1-y47N(JmPn#`O|>L4!=;vQ>b+&
z9~3vMq{?vYXE9Si9%Zt#<7wTQTm;=S7z(1i+-A%W*)Wh%XM6>7=c1&P4@S@`6Vmrl
zoO0trgA-`*rg~A45yOmMZYVJK))DGTFba7ZiPC3KWW?*#uTL-N?`HrD3aT@a$zUed
zaL^gh4%H+W2pewc5XGnxmo++ey2e;R<KqkpqYX2P(Nyh5yT;a7xUT9lLdU^OX8bPV
zCQNpi5T24cjNc!-!H$Q6;)p*y7*)cg6l6nxjzMCq9%Pca#tr0jD$7?7Y(a^9NUydS
zW9T&Y@61HFwhT)HSBts0s0<^_6Z$K|e7=C+(>Ex`G<9c`nAWs24K2oq9%nbvT$_UI
zW;fUHzIh6J+9s_Jf@bQdCSGSTDFn#{qun5#7MPaJjNV_(tI6D>_`K9CSBpi{67}d>
zRBWC|wTd)hn5jx0mSLvL`Sh=Fi&hKKP$)MblZXJ({dh)|xr*Ayg&@)!wZSJJVC!_w
zT4shpJNfmiGiWw9Lu@|{=DFnM3=tVjB5&xm)8!h|ztab5xhH9ibD~;88Xp#OW@(d#
z^YOrdEZ|DQ85k?=;9;DPbgP}~5%kh%D5{LK)Zaj3H`+w~8nyl5pqMUiq%o^9qlT{z
zR1PnwvQ9~GQ<hb^gkgrBuf>9K#ux?4{!mn|RD--f5R@}?A1&ir{H3V{Z3iC+^eC;+
zU#43Z7}O$`eDhepp<qbAl-(-`k0eYbw38_zs4@&_#eq#n(sr1~Vk-=Ibe^e7A-a&a
zG#P37(ky2hJMeR+$J6=|O<ObB|G@y!Krv=iQh&6aCoyYN`ev31gA{pVQVO#XeI<tn
z*tx*AwOv^GntA@QQWIL+SRI>}8NSsT>h88JlUj$NL^Ddto%2<>bAH4beWW&JxP@<!
zPhv(jGK*-%`Z7%`K$|bKwVBLaDgS`V^nVQ1F#Ayoy~(Pax06h*bL=!<DoBsj$d9el
z*4<&m81L1vm@SW#SV6lXoe?z4BGjw{1HZyx5$3T}WjG9r=|(_a!n(*T$+2T8WD*-M
ze|081*ttnLT~GhrUPYbiFS?c7_%9kIop0u#sgcH{zLAm!l$^R+eLb!iGa#h%hqr7?
zn5~*ByB1eFGSh4HD_2M^vEcP95lgJ)bO-8;f+o$+*<o~4Jgd(gqwVlVk&O%ahSyyB
zFukEZ2eVS7<9f@@5K_#Jcq>`MnIFHmx2sc~CR1ivm}P+VR;DwWxohtsdGwI42V8VI
z<SR;^YhKaKxWo2Jx2j*sz{0FzQF9x&5@;~8nW)q4i<zx!fg%H;#v@wDElbTbKR+2s
z=4Y8JlKI83;&qMln48bWO%HNr=p8rR`Qf<fQOOL0(XfFTYEg{M(YSA<TaEEFX6-ZX
zyF*3Iu;V5V<9GvRr`4rJkeMNCcYZ^G<lxf%)oRar(9E6*qkqy68RY5YIYzp8xY!Vl
z!|WJSE!ih%6m@&E(U09*+7)#b`HdJ7>>{qdkY~bUMWo>@uSMS22h|W`A2~Y=OYM0^
zV{aAvnyMC(=}p=z*e(pQejOW~c&oG-_xsdKS4D-0)g8lDT;80XZ`eMIA=3GX$5@Y_
z!?ern?rD3af#Rapi&^XxbHh=NosE|171EeH{T_}w+-<3v$&=CMQ17|rLORde7$$x<
z1u5LmsNu7*D^)9=wnb@Q=x#V8>2{kF_A?n)1ngtnyy<m^g_xbiIyOc1+Z^|mGMm=!
zxL6saOFEA2ldG*2wBlJE4%f~QMg`RDW<I7{W(U31QFgN#6;{W-mh>L1cWw5sG^^qo
zYEqBvt!CsY-9fUs7HJ&E%@@2_^CQ}EO`aLVookE=)X$r&QfrDVUPAV&#;zlN{gh<K
zS>0P>50p}l9SL2sqSKMEr}u2H2R%xIW!%W?VNx?cenV6DFwwChVLw94hb8<5N9~FH
zwd@PE2=<JJ^pxXDoQ?CIn@rYgNN1N=Kf*GeM9*n_K(8t)%*33XtPQgvnfu*K(_4<1
zM%dKUgFUPv!-^vMS#}RXmH_rQ?J7zv#OSy-<V;T;qM`lQh6y_tlI%p*c!rh6rN=7@
z<7w=n&A!50i;8|nyPpl&^s^CUwdiR+GC%e0u3I%MFazm{3mdn*z4YO_mc2S1F#CXW
z)-uGfWj3b@<~YP{yy(1c?6E64TFx#`yk6$+vN~{j(~z%A@+(>h^s>#P4r$w`D;PTw
znGQOqCFTTiZu(^4vthS`kb9REkvVAT)hd&=={1KZqwQd$SiYpGwIh?>!FbryPddy{
zsf!j|te$?+!i%-d)ryrTsueQ|_p&l%*ja_s=RJmT4mulK$;PCfZbLdmvv>7#GaF7<
zBsP?`tPKrQ&sO{1n57cw8Zf(hlxpuVpr&s0v@vGbbs;;=^j25_)%7A^)#9d6tA=Hg
zd84iqDNd#OSmO0IY-;V|i*;D7R-+SR&afL33x%MJgV<@@!f%{BU6k#7GQsM2_$c?h
zul6vD!%ikkn?ilY4k<1w9ZnQvakFK_>yyXSebO9WyUim9UWr>B%Nv{JgtcWZ9%dKL
zJXLJgWXT4~o<-v~+90^f*Vf|3lUpc|&aq<&xxsA7WRvFN{4L!f{S&#_Enb@6Kc!VM
zZZ3zMpAG$!xiD~yXQdo#C$lsD-)hKt0JC#37>d|oYZ&j-!A5_`SB`YlZH!3=UK6Kv
zMh^$=Wv|cfm1@0xojvEkDq65GqA?3N7q5H6y5i=dyedjpZ{9j{wC}*2Jk0G5-vtsP
z&31$(0SEi6c+wj?`nvNdbF}HL?`bzPtex3*7@ilI;rWyk8;9rhVFn#_Fzja{91$0!
zl@hNZUf+GZ_0jUktx_8AYp395>RV}d4z)_V1)NDst!0jn?7m9pXzugI=to?vpW#cA
zJ99%RGc3+=;m~a4LVxyfDcHo!!P!eX%!mA`{m%0nby`*%phowq@$_@wLB>3sYPv(t
zd3|T=uphZpk_mU~z&PEt=(~=WcExm+o(?Kw<2f|dK<Am+qV7WJ<7qMrc-AE6(;1q(
za?R&z5fc~N`~@uwTNX62G@vD$yOV(^*SxekkTmzjZT?byUE2^93L!f+x>$zrg=z52
z0S=n-`l`63sb@`dy83BmsTj6#u)c6XbL)xCt&9BD#ci#vC$w@ktqPJ#v*|JUfc?-v
zP(r%UZ|>vUSes8yc1~_%!rZj3x2e0Uds$<pTAMmp5Hq+nYy02kSHdlo`5cc##nX(7
z<8rTB*SEZRQT;jB-J3Z&h_wf3^A}~JO4G#0)rpU*6CYQ1_N_Ly-`dA~O&t@g4fyu6
z>cq!YHb{2t_c;+rZzn#kx=*PSA6F+nt~Q*JxIgo83%iMrs}mnr%^#t$otpT#npraO
zah30J4d)y?{|rCzag}eK=I>1!ZABO2bkZH0xRqRb`m*C!*@=&<6CYR2pAMRDwCOQL
z!{O<uZ@3d5SNW@f^w?&{PpLb`OnhAB^XSCK)%qWcPkdaR__#XpadqP3>cq#@hCf!G
l__#XpaaDhantm?yCO)o)_G{+E$5rz`In+L;{(pR2{U86J?%@Cc

diff --git a/locale/it_IT/LC_MESSAGES/messages.mo b/locale/it_IT/LC_MESSAGES/messages.mo
index b5846ff2943291add9219750e361d479886eea0c..b894df8cefc28249c15f80a7f87b6f693a892c6b 100644
GIT binary patch
delta 9693
zcmbuE2YemHwTJh*%S|rWmTb#jTP|{uEZZ35g0XDN1sCK>HD-0Sme#(ySH4BE9Ly!A
zhL*rW0;cx>p(@}PFwJyAOK7GO+T+ne=p-b(@4q|O5|HG*-+S}(x!;+Y-I+7zoS9j{
zGiOJBx-*h}tzV~eElO#`vWCJF@+|8t^bh-~)w0S9Evp1hhH-c}><u4<J>eeM4ZZ^h
z!H?lm*k!O~9Sm1N4Rr<V0dI#x;BMH_va;4|C<ADC6Ka63VOQ9Prv}0Ts0k*)zOVvn
zpo8E(a4nQUo1os`3X9;`kbl<AhL1yy_a4+jzk`FB-x^AdIj#Mn23iR<kOMoz7So=E
z`P9#ZGVo%km0fMxe+QRSe-z5#0;~{6z%Fn+l*cARy+0ccVSZ}?iY%*vc;9M)-Qn?2
zD?Jlx;vMh^cpa2sU517131xUcn1mysJarD#gjYjN*lOx`!im%$f!RJNU!W|2U51CQ
zSq3%nMkp6IL1JZ{24&dKp$ynz`Y(kt{5I2n4^&7WgEIULcmn(c$`cto>_5iF|5Ir=
zn+Ed6dI*k&Z$P=O%Lv>E^Wk_{0_CYyP_EwyW%xG88mtGP-h0c`KZG{*9wS4KOoR&U
zY$%Vd9hnVR>eA4QhRtv?%t9+-S+~Fp>aE2HEE#24hrpNN3^)~Q*TXnG6g~+n;Mg%C
zkA`yn`B0v?3@S9YKzaWDEQ&0D7Ru$HL0R}6)Jg}9wJf}5l|enX9Cm>XP%clyPViW$
z=Z`n-J52pbC{Nu9<(Vg;4PSs=VfJej4X917n01AUaS>GVlo(Ef*ksLxGRQOhnc=li
zo_o~P{|4D%){t?b;rm0PVXcKSd<$g0thF6Qu{aMZ*{*?F$u1~YJp<*scVK_`1?&d%
zNC@Vz`awl&Cd`9JLG{-|jk6hQoKs+TxC3e-SHYgz|Bs`{(idTO_ytsKtO?<ZeW45}
zhB9<2>;dN*E{96q!=c_!oAxY}XHSE2_1RDc?SOjj7TA;dtz9TOfF6ai{B5WgK7zrD
zp*)kvrWJ?5z!0dUoeO)yYN&;*gZ#5v_|Z65Lrr`mR4zOSwVn6CtSos2MM?CZP%Hfq
zYNBsp57@Uf>@R{ca3r+h1gHU*LalT?)OZ`94BQOm$>X35ISY1%=bQdZO7Xv5ypaa2
z^fsvaqo)2eltFJBes0=3m4yZsK;=LY>;)IVS#UL!p=UwGeuwG*4J3W6J52lAW%$20
z4PVkA3p-B=SJVq?B{q}+6QDda6Do`6Kuu5sd%{gn6K#Pq<W#6+JP+o>%T4>OhWA2w
z_Q@=YR{j#y3m-!b^flB#-OEEm3ZNz`hMKq>%JAu?eUafBD8p-@CTM`%M^=mBFQFFN
z3gzkSohXXoZm9kL98@-cVA?xR4ks#rGH|S^Plk)B&w&m+6)uAx!i8|g6w9iD+u;KE
z2wVm8r-loRhRj+Sl>T&_47H*QU_QJKa>`nFz`pQxD2x9BwZgBVlC<N#VS53TXNE)V
zrV_}U);y>awFzq6God_lG3>AXe;tap&D~H3$xHBH_;*uZHZ9yvjfNLN4fGgPh+cwn
z>3dK)@(I+0Ul{h<FKizT<-zgr0Jtygs{Nmo0=L2ra69}oVp%6bylHLWM%e<dgIZbf
z^l(4VhVsZ7H~=0ASHmP+2_J^?++c31ec(h$o?Dero@#_yt-J+ANpdcfg}1^&xC`pR
z=b<Ke9csm2z=5#i%y6ZHp?1X-I2Nvke4|*$KrTdU2jl{^?uFyv+fbKT?^*a?FO;%r
z75g<%9ko!dJRWKVr@;Pj2b8C7gfifEsFghd<M2(W+*pBs6`~`do{vGrJPqZs<KS?3
z@&Wi?vATu^t^6J+Lmq|NZhN36eg{V3H&6qtn;o(i>iJFZXK*W&L7ff^4Jm~3;3%l^
zN+D6TW<Wi+Ig7Fu<s>Lqy$WS%$2nn0@}bV^iBKymhw7gR<?@A4hI>$+N<q2$L@2|r
zg_ps*pbS}G8G5cBuBM*Nq7<M!3rpZfP?ipy8yZjy%c##W^#s)Or^AEbRZxb10_Ey~
z^FjlLLAB3?GOQlja4XdN7eMC8TE8_9+y@!MdIk=PFwlGwh<aI-W&Ivr508e;3&MkE
z4_r@u<U+1qxE=D(dX*m;HhNL$nMNoBwnBO2bf{#$6pqsVzui3WG8{t3M}~Qe`B0=j
z8cu+<uq*rp%!B8_Zt!wg46irsPr;$oUxZrem!>@*t4gRBLX9&Qc42<&AQZi@0?PGq
zsHFOd;i+&8_4DCyc(36bhSn1PI-=c%>aT`cNFy8uPlqGm^{@wg0?M!#VetL`DT;PM
z$ED%E9|Dz~(_lY%kg2bO-Ki&`j@E64H=Fji3_pf4;2S8H58z_Zg2ut|umUOs(Pj9b
z9c8u9&=c;2+Sd=j!SH1$1HOcMA#Ztj01Y=Rg<8o>sOMIj_BtpRXAHN&BI+kXohw(s
z-tgDU@xNlXlLoEqWhfWD3+0hdp-#f?TnMU<f;w1cK^eRh_JM~%jk6I}z%!u?co-_Q
zPeB>_A?ye{SBIX-%c97lBB%#OLb-k>)CASAGh7E{U=)soaVXcG1vSxCFc01Ud&8Yj
z9(f2VNneC|?oFtLyl?8+4lBZmyF<NL3}x{Y*cToQ`#=XO1W71^Pl2WI45*3jgoN9A
z63UPvE5lHZh8lMkoC=pfEieoFYX6^uA`7pEiv3McFFXWg>2pv=?nhAD=W|mpS`~(3
z6jZM43wyzXp$u4O`s+-4v#Fm572<Q@0PX+FP~_U3us_@lW#RKs4}Jji;a8^Kb#++p
z4>e)2sZWM_zS3|RlqU}}Y=T;-4;6|F;UMO>u0+xP+y!m;8dNTP2ls&mYr++kLR@C;
z4{?IE7}mlI;Sw0(A|b5SGN}5+kbJY=hlju!{AgRA4Yi;fVYWZY-6(_L9}VA!)2Mei
zG;FVcvb-AV#lxTs^I$)CEY!-+f}`L?aDTWP+VHPX&ks2)e6Ac8P@i=e{@2Ra(6AqD
zhH-c!90!Xy*k#B<SPr+rz;dXG?}l>aAE1)*MW}uL8q@^en)U%lgcA>j2hu(UDs&r;
z!2e2?Gz}f#u`mKBAX-5a@)Lwe1ou04PB4HA`|Cl9T-*u$mqCs1K&UOM@+Pt+&_V-0
zGx~aXopi-NSB5gk6jQkzo@n$J4X=PY3woQ0)vT~gl|rdRJ`A+*=MJF!7=dg;w2MaY
z?w{e=$frnF?)n?@67m%C7$TRxkK~GCD(}33{2KWKqRgJaV9&w6P~lsKJcuaPCn3`j
zl`iyehdR(UtAR2$MAo_=g?tOj$NVb8XCP5TF;w|0GMYg~BDqq7@+xwMX?O;vkW-MY
z$mz&&NUr=B$^%F@#`rrt7TG2LUy4#h<K1u(qB2C%ZZgs$_-p5Rby6lG<LU2;{2aXx
zJXIZ(TacFnE&SOAPDYf-E0JR4VWdCurQ-huvK;A-sH_cPJq@+3zCwH?k4f%?Dg)7#
zspCNl@)mL^au1@@^L(Tp>Blo0;jfV4=s$&*A-_OWvfuDiLPxILit-RLinb*%-*o)N
zQ24#kSHQE3UI&Nq&e3oHJlC`z19M5<nRadK!KN?hdW7F9<TpqU9<Y&)h>AYH_Cfz3
zsD&3!8oiLV9inM3f&V~GKzh>G-Ms%A^>-1KCy{fIg-8SP1Ts&iO+rz*GKBRBT!$Ql
zj4=aUZTf`6k)`eG1?Cxjw5m)-6395}yWwvUoiVvG*gTh{;R3nluv`zEXgV{d?KC(V
zsX#tL<{~P+kj6mcKij~8h>bXi%FQ9HGvVvVcSt^C?+e!;Dz6|}kDvLfQOc0>kPgO(
z$JJ=caQH0J5$R{z#u)a27b5z92-m`9<Tm7Z<N!qF^AN%B+eW`nsc{39Baz=BJCQla
zEMz9K0a1w|FCfE^i;!=TT)7J6M&u~da1*>9sYZHX(Cwx@hhp0HP-zVs*7LU>$|a`v
zUU-+$<M3kS9b^D<4U#K=LMcZg4E9Gj7OsL{BPxSJSpVUlJK(OYlXk7jXxeK+u@7!^
z<7=yz+tHZk#?x)>Vcm`<;v2lWOwvhviTHu`>Uu9_H+!*|ope)aCz-a>^{$;@jHbqT
zsd*>mCY!vdTb3Kli`Uss+ep*XiTIDlm=#Uby0gDO(yU2Aqn#VjUpnx*Zm~qOTWc?_
z_CFoCGVc&C=`PGT$y$HXplDmI_1HmuBAuOh)Q$P47aWt-(qwnK9zz;2+lyvmPSURD
z&1NU*+RG~E*-mXOi%Qv1CvH2jW~U`(*SKi0L=;EW1}jZD4K8!%o-MQH#S$sknwN+r
zlKi&wRcde5P5DC$U!9*!VnnRPcA6Y7=G4S~==wGX$<--aX4QJB#+cK><TWnqF7v-E
zoa^s9_|J>nnET_{%@14uP2^ZwJdxJ2GV$6(+%5A*3|TTLoW$PiOPk21Gbw-LkX>Ep
zCz|82gyWAIy1iec>n5$LcwoCi;wD=!9(r_SkyjT_V5}2wF<F$FHK}H{-CXZQ@i#r1
zGu7xuy$v2q@#3K?nZ%3QG1p1CDLdw+(ydPy6-P#zH8Y%@X{-%A{{zeXr-}wHN+)bL
z9!<71l7dNR!v=<`Vg97cs6oD^Gx4|^W3B0C*NxjNom68bfs5Dfbu_j#y8dy)3g-Vm
z21{#4$TR-aMFad#hE4SM6!n6=x|&?}I}JY|FJ9Z2@ZxFPX`McNWu%*38RlB+DfZ-u
zf7FP9dCeqpof5hA_7UZgQ4L<&j$?Tuxyg2-QKcm|DlV)u3~<VSYvjbjs1viR6Unr-
zlq`+ejhUJlPi%5qT6-4niHudms`+WxK|Ptm+hilpxs6WDYx4gz>fPRK=%g3L#$Z1G
z!O<&cYAXZ_T(J_b)w<ypYDr|0#t2!(5fOKJ4>fo;bbRZ8F$Iyf9qEr5dq!KW^@g#1
zBO`+or%WeIZlec7xNVu}&mK3z-&s;$P+K2uEUizZ(zz$GKIyTuCXFla8y+3OBVj7~
zCFAz@3&$-O6ZSOMmH$t(T%W%>OqZ0KR{o?~-y3&lWJ++f?9G?p474|}eRUcnf^8IL
zsI@mk{p65Q{v{JO9*{`dwc*|gPma)(Fm&IuW&^`%w7{#iZg6t?-6oziWoqe^a(nW=
zGp1H_U+SdNrK^)pJQZ`&iR27>aiYPoS36GJvr9bmwA68}J10);kga3|O^y{J7bkPf
zn^yK@tlf#cl>>*vhTRg{cc8r@LpCJrq~|m>d2aIlOKmR}9>YBQgY%wqKA4dcMWa^j
zy)wdKQ{KNC=HDFoW&WFGuk_-eWv~>n_R^kz*Q7%VSy_Tpkwdh})5+52_s-?b{-Ndl
z+T~b7d3~g7WjvmV#T@_H$tPtO=bXWy9DwE`NN^Fj97?rb(%ZT<5nKh0iBu{P=Y&ad
z&T+DVx;Wv-1r3dA;8I{W(w%7c=HhDZgL*Gh>xCDB?geur$Q2Q<wQfqU$l9fDTSlqf
z%b8_jWIO3}#)&ns?C=KQks2??<T9zrOVNp?y1elOmSwzjqRdZCt?oE~`Ks34Q>RC=
zRWYx@ixc8tkL50T%QUls|3&y6#X0GOQH<lV#?1Y<?sZA%*R)e+RXa&;MYf|o-{Ty1
z?M1HNd)lm_%h;|-#|}J2*2>tna4nwpLf2JMhXcp)hwpdEz~FAF)H2gfF4wqUZriUZ
z;(t}qXT_|V*}>lS?9D7c<vFBPxVYf1k$Hi8%r(P}o!|hC#l~_c#-mK`df`=L4pFZ)
zzv7@sX`46YlkkL1*iK!Ymq-%u9~hlqQMeG7*j!}EAZcQ`yN6Sdn@2l<yfQbB7H@7H
zH@G3%!cI0b*4+Q&SewJm8C*IH<FA=s;TKf&fkXP><nL`Of7|rw0~YU1Zn|A_7q#9t
z{lQ3U!_27>|F)U!FQAKN#UkUEl0QTuHa5Hs0!JkE&Ee$yo^zz%ZT6aCT|o*pcMw@$
z&#}RhGc~%5a?Pzr&Yss{iY}ucJ)n~(NPs2gK9awZ4NhEJp!MQ8{UUvSXpetW<xxwx
zo>FWehnxtGE3PQMJMG}IiYtrK83Ge-fxy?gsnThe??1i+%}eIG>M?g!`|IkEc~`VM
zN<N#nAkw|<y7K=~Rn((>HgBu4{fa8LlkOn@o2v1CwrW_9_7@T_L_Gh#s*(P$s+RWt
z{<ZW^MjPzERdrFnbg=il;9xdZZe6gT!}7%qI-hhV5Dt^7|9nfgv+?_9QTvng=xK%i
zy^FRSLH36mQl1NLrGI&6r81#!^{tjjaX2?6$}GO?+>{&51P6xY@V%?=m4ubbSpN-k
C7$5Qg

delta 5937
zcmZA43w%#?1IO{-+1QPYVVbf1-F9o6&8?ZsmN5)t$fZ)PnTO11n-c1u3gyz{acblV
zPb<1d{fk<W3KgXbDkP$W^h7C7(&h8r`R(<3UY*yz|M&0r`=4`uw{!k!-eza-a>xH=
zRD*{MhvOL220Mlsb1mi6rfM~2WlLj{@L?>+x3CFjMjO)@b1@2sVI#Z|W3dc_@jm1d
zvjkgV4TfSZ^5-{i@kyWN05-#8*aFX^Itu41U3fVkx^aeeC~}IKjIGgcU4^>tW#rFn
z=c6HhVcU;kB=vI`O8>^W+?zo->Wem5h^eT7&9UB#n(<Q93|65ARD&AGRt(4e7=cGn
zD{>lj-(OGz35oG+j1}~6q9|zQ^HCkFKy~oAtv`#Y)L%vI$_dm~T|jlvg6V6;e5j7Q
zqdLm9?fIyIU2DHDMQzCp^lM}bDBO$H7=p1(i+h{)*a>^1R^ld1!KtVjSEKg+In2jx
z7>A*ZP9~ra2cRZ630ZYB3$;bd+OYna6xPyUc<4UH7b$+y)|jz4pSxt?VbqF5$9qc|
zhq_@ps-s-gO5A|zU@B^W_aJ{}6(2gU7B#^Gs1-RH?>D9ah0`?Xf*<S`AwI9(6g9&{
z)Cy!He<qI)4QL|jhGnQFtwe3%{nlzsp#B(gYqQIG+8W_+$E(B_DX0^!LsrquMU8kR
zYNVS{9lVKJy3bI1egZY{-%u+O)!tj7j@X=fH`KrfVG<T0e`Yoxy03pV1)cB&>P8z;
zH+l#4Fdab6=xfx#&e`uT>)>@1j~Y;C)E4x$7NDM?F{t~@u<dhDE4C0>LBDx`f;z57
zo%kH8!&i{!(d<AC@F;4@PoZXZ4z&UeJ9@Upx`E(jwD(2bXDDjm<1rOyqV7|J(R%-%
zrl3836N7OdY9ODZW^^1I;18&QoJSx2j=C<6S41<)L|vDK8b}`MbsdT7uml_8RMhvk
zU<m!2yC`Tz3)O)Cw)Gm+>$%C+ccKPz5Ve;_P%{nV3Ddx$QCk;}YR|-E%(3lLP#w=f
z4QLViHG}08H1c(*4mYAY+J-z=W(TT+Z&6En7S+-3sE#5Ny@#nSs-9@=j#|My)C7m4
z9=a0L_0tkre_i0GK?7Kd>R=_R!*#a)y!AEIdGDfbychM;am0EFL#fBGJR#T)HNhm*
z+tUm6P!`$tsY$HAmgG(vG_s|r`U)(@^*8{-SjSOVh#Gl~^(EBIcA~C3h&&eNl>NR*
ziZ>7+YT${ehqjAtALyqLMnfU$X&;MSumbf<whpx=TTnCp0M+3E)KmRE@<y8QD_CAk
zMb+n`u3L**;SH#j*@D{I9jN>JciF-*`^7~J=Zim47liZ9$YvOXF?h;h*)fxPNIJjg
zn1!0a3#ixmebh=FN6q+W<j+KO_9omDnSkH)qo6&!9@X(2)E>=8t;|}~-aU!B@mAEx
z_oE)p?~(spn8*z8KUQhTPlFkS`USlW6R{eb;8xrI0XES4e};ladJeU;!AwgtZiVVF
z9yNm=SdK$50&6i6cVHvjk9z37!gxH18fX~%sfqbe14zNf*b|%U{m-YM3$L*j<Neep
zqdNW()nRB?Z$+X|H;Ba^n1nj-2IMEfRG|j63bnH9QP;n1+xMVW?jZU#vP%@2VMsS`
z=`P3S)O+KjI0Cg5KO+B#F~1=%hH25=8%Q72-WH%byd8C3H5T9o)W9yHw#LV(Rqx+}
z^;gF?)8NCos0&wPKiq_^9AkdP-PD_9@efQqj03T6Pj6`#pzgB_HSikLYq-g_AHuq~
z#TuT?wS3<xoAu{GHxp^lo-aeK$V$|VYfvM8#<qWmn&AP|K!36Ak-fYXi9y|`A8Jbr
zQ0Et+_P*SD2PRNo;-{d8C1Bla{Rw%nP4nK~_jwpgy#)1C`%!zm1~rhUu_?Zddg%6H
z44%Oj7}Cf4C5%PY(^1caKaT>>mnpQ)vtPVqeFN3;F4WSVK+WVLw#0DOk)nym);Iy9
za2D$O#i$>kN39!B1Kxt1=Qp3)FHWJB?t=ACY)d^f$NR<VgmteEYD;>eW-tM@5|dFg
zuR_gyiLI|ky{21HZ_OUmN*%%ub?-j~o+r~Z*BiiKY(u>WHPUhn#)YUASd6;ST5O2V
zq6YFJ>Zf-L>b#?<37yBfw+uCbkgL2EYKdWf8j>jJ#7xu-dfIvsY5?O=7gnGKHV^f*
zuR$&GM$~WmPE5nys4e&v)p289rD%*s-6svZVsG^8VVFTdH=K`p>Q|sH_z&uW&8UIx
zL_O7CqTc^+Y`saIx5O<`&p;>Cp68+lP-yGpP+KtxwPm;FvHqID-85(kSE82gG1R~|
z+Y{eMUHG}JpG0+V-nIwz_ih+vjYF+eigh4rViQp-Jq<OXnf+P+b`+M<;KL25CI1LD
zfK#X${DE4bumRizTjLP)<5=8{dP_RwdjriuO=LK#qY~_nb8P(u)PUaeQ_##lL3MZx
zwRaa#OB6BC`z4FUE2;NFA6BBye-L%vQ>cNzjGE9M<VVw-#d1s><o#Q)8r9!6R6qWY
zD1=ftjt%fT)N6MZb;Bluz4k;@N2#c#&%$ub#~>Vm4!%K3h>mUK3l%u@Tx=rW6TN;*
z$SS@6ohb|_HxV7*l0)P-qSx#>vW94II`q8UOfHcmqJy#4{fbVmtMTAkMFmM9H<Hcd
z|Bs`3|8@LAv>ZC-lB>zJs&MS^FlX=yvVh!a+v2c>w6}FJj@&@Dk^^Kk(b3Vvl;W?%
zVY&XH{`-;Z$w_j7G$hA}4n1^NkTCKw(J_I1N7Be7GM#K8e?P9V4cf+2B=v76tflS`
z*v7qo`|@S#Pm&B$Og<nFkhh2qy<SD+UgDA!M2DXGXX;A4Rrrl9Z^y4~xt{m5|3TD#
zvMu9r1nFYyVhky;bv>955xr`CY}>0ijm)t1nbr{egLEUkZQCn2h0Gz|&ht5o%0*It
zd`01PvdcC^TW>|Zf-jQ8q&w+FbnrW5ey=O>D~ij>Wn><?og5)LvdCwoE7?Qt&?suj
zX>y$Cc$$1ls>wU#e`Fx(OX`mgDXg}Yb~u1MXzTyPv*apU--m@H+txqA$H+nA_wkWQ
z7Lxu%N3w_cFHR)ak&)zIM8`SOp|0fpJMMYP%g7M&IeDM_OimCT5#$zf7pXrgDGaUO
zh1cp^v5_s`hdph1omD(a-XuL#u}8i&#`*%@O-7L)NFvcOl?)@{s&G7B|Nb|j@)X%f
zJ|WMNP@>~uQclXqN-~?|k`1I4sUj&PowOjq<PoA{J=tGZ;=|#8?IDN!NfwjAxqQ4!
z?jg64m&jNWNp$S?FpKbQvXh)A_meNlk8WDb7Wc{4kGtby3*GIcbDK+Um$tLRr&pGm
zyy<1rD_mdPNq2aBj=MbmJNF&mU^ls4t$U{3U4aGd$2sokjz7D75|Z7u37rD_6AGL_
zN>aKLn4O&FxO-BP1I@44@3>KE$K8hMBLd6QqaF8^&I<y=G8#E<O=hwCaF<-y*L6{#
zwreftcc0`|^q8NVnbsxKmzj~>EhA!Rab;E7=!)X<%Ch3B=@r?&p)*U0eWQviCzh6#
zO$j7lnHuD_&OYP@_Zs8Q>oqyhy!Uv=t?D!1ozS;c;GVw0j(a#~cpxJ;%W?NzHQdeZ
z_o*9~w<d5XZ<-U>F(BP>a|g9@BL}s0ZyS^x*feOn6IfV~-~>J#GR1LAhK&v!8rCl;
zFk(bA$E_%u5NI>9$Z_u&^++IjbdKY`cJ)N}^)dPG$g!&fq2qFc+~=>E6+5NeS6W$G
XGIREn>E)%SxT2!8vWk(L%9-XbNJp@Y

diff --git a/locale/it_IT/LC_MESSAGES/messages.po b/locale/it_IT/LC_MESSAGES/messages.po
index 328f5ea7..63163cf1 100644
--- a/locale/it_IT/LC_MESSAGES/messages.po
+++ b/locale/it_IT/LC_MESSAGES/messages.po
@@ -3,8 +3,8 @@ msgstr ""
 "Project-Id-Version: raspap\n"
 "Report-Msgid-Bugs-To: Bill Zimmerman <billzimmerman@gmail.com>\n"
 "POT-Creation-Date: 2017-10-19 08:56+0000\n"
-"PO-Revision-Date: 2021-01-21 10:40\n"
-"Last-Translator: Luca Sasdelli\n"
+"PO-Revision-Date: 2021-03-20 14:38\n"
+"Last-Translator: Ioma Taani (iomataani)\n"
 "Language-Team: Italian\n"
 "Language: it_IT\n"
 "MIME-Version: 1.0\n"
@@ -361,6 +361,24 @@ msgstr "Registra le richieste DHCP"
 msgid "Log DNS queries"
 msgstr "Registra query DNS"
 
+msgid "Restrict access"
+msgstr "Limita l'accesso"
+
+msgid "Limit network access to static clients"
+msgstr "Limita l'accesso di rete ai client statici"
+
+msgid "Enable this option if you want RaspAP to <b>ignore any clients</b> which are not specified in the static leases list."
+msgstr "Abilita questa opzione se vuoi che RaspAP <b>ignori qualsiasi client</b> non sono specificato nell'elenco dei lease statici."
+
+msgid "This option adds <code>dhcp-ignore</code> to the dnsmasq configuration."
+msgstr "Questa opzione aggiunge <code>dhcp-ignore</code> alla configurazione di dnsmasq."
+
+msgid "Clients with a particular hardware MAC address can always be allocated the same IP address."
+msgstr "I client con un particolare indirizzo MAC possono essere assegnati sempre allo stesso indirizzo IP."
+
+msgid "This option adds <code>dhcp-host</code> entries to the dnsmasq configuration."
+msgstr "Questa opzione aggiunge <code>dhcp-host</code> alla configurazione dnsmasq."
+
 #: includes/hostapd.php
 msgid "Basic"
 msgstr "Base"
@@ -676,6 +694,36 @@ msgstr "Tentativo di avviare openvpn in corso"
 msgid "Attempting to stop openvpn"
 msgstr "Tentativo di arrestare openvpn in corso"
 
+msgid "Configurations"
+msgstr "Configurazioni"
+
+msgid "Currently available OpenVPN client configurations are displayed below."
+msgstr "Le configurazioni client OpenVPN attualmente disponibili sono visualizzate di seguito."
+
+msgid "Activating a configuraton will restart the <code>openvpn-client</code> service."
+msgstr "Attivando la configurazione si riavvierà il servizio <code>openvpn-client</code>."
+
+msgid "Delete OpenVPN client"
+msgstr "Elimina client OpenVPN"
+
+msgid "Delete client configuration? This cannot be undone."
+msgstr "Eliminare la configurazione del client? Questa operazione non può essere annullata."
+
+msgid "Activate OpenVPN client"
+msgstr "Attiva client OpenVPN"
+
+msgid "Activate client configuration? This will restart the openvpn-client service."
+msgstr "Attivare la configurazione del client? Questo riavvierà il servizio openvpn-client."
+
+msgid "Activate"
+msgstr "Attiva"
+
+msgid "Cancel"
+msgstr "Annulla"
+
+msgid "Enable this option to log <code>openvpn</code> activity."
+msgstr "Abilita questa opzione per registrare l'attività di <code>openvpn</code>."
+
 #: includes/torproxy.php
 msgid "TOR is not running"
 msgstr "TOR non è in esecuzione"
@@ -799,3 +847,87 @@ msgstr "Host personalizzato non valido trovato sulla riga "
 msgid "Invalid custom host found on line "
 msgstr "Host personalizzato non valido trovato sulla riga "
 
+msgid "Tunnel settings"
+msgstr "Impostazioni del tunnel"
+
+msgid "Enable server"
+msgstr "Abilita il server"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers."
+msgstr "Abilita questa opzione per cifrare il traffico creando un tunnel tra RaspAP e peer configurati."
+
+msgid "This option adds <code>wg0.conf</code> to the WireGuard configuration."
+msgstr "Questa opzione aggiunge <code>wg0.conf</code> alla configurazione di WireGuard."
+
+msgid "Local public key"
+msgstr "Chiave pubblica locale"
+
+msgid "Local Port"
+msgstr "Porta locale"
+
+msgid "IP Address"
+msgstr "Indirizzo IP"
+
+msgid "DNS"
+msgstr "DNS"
+
+msgid "Peer"
+msgstr "Peer"
+
+msgid "Enable peer"
+msgstr "Abilita peer"
+
+msgid "Enable this option to encrypt traffic by creating a tunnel between RaspAP and this peer."
+msgstr "Abilita questa opzione per cifrare il traffico creando un tunnel tra RaspAP e questo peer."
+
+msgid "This option adds <code>client.conf</code> to the WireGuard configuration."
+msgstr "Questa opzione aggiunge <code>client.conf</code> alla configurazione di WireGuard."
+
+msgid "Peer public key"
+msgstr "Chiave pubblica del peer"
+
+msgid "Endpoint address"
+msgstr "Indirizzo di endpoint"
+
+msgid "Allowed IPs"
+msgstr "IP consentiti"
+
+msgid "Persistent keepalive"
+msgstr "Keepalive permanente"
+
+msgid "Display WireGuard status"
+msgstr "Mostra lo stato di WireGuard"
+
+msgid "Enable this option to display an updated WireGuard status."
+msgstr "Abilita questa opzione per visualizzare lo stato aggiornato di WireGuard."
+
+msgid "Scan this QR code with your client to connect to this tunnel"
+msgstr "Scansiona questo codice QR con il tuo client per connetterti a questo tunnel"
+
+msgid "or download the <code>client.conf</code> file to your device."
+msgstr "o scarica il file <code>client.conf</code> sul tuo dispositivo."
+
+msgid "Download"
+msgstr "Scarica"
+
+msgid "Start WireGuard"
+msgstr "Avvia WireGuard"
+
+msgid "Stop WireGuard"
+msgstr "Ferma WireGuard"
+
+msgid "Information provided by wireguard"
+msgstr "Informazioni fornite da wireguard"
+
+msgid "Attempting to start WireGuard"
+msgstr "Tentativo di avviare WireGuard in corso"
+
+msgid "Attempting to stop WireGuard"
+msgstr "Tentativo di arrestare WireGuard in corso"
+
+msgid "WireGuard configuration updated successfully"
+msgstr "Configurazione WireGuard aggiornata con successo"
+
+msgid "WireGuard configuration failed to be updated"
+msgstr "Impossibile aggiornare la configurazione di WireGuard"
+