mirror of
https://github.com/RaspAP/raspap-webgui.git
synced 2024-11-25 00:50:29 +00:00
Create SaveWireGuardConfig()
This commit is contained in:
billz
parent
6b484d383c
commit
0dbfb5c44f
1 changed files with 106 additions and 90 deletions
|
|
@ -4,102 +4,14 @@ require_once 'includes/status_messages.php';
|
|||
require_once 'config.php';
|
||||
|
||||
/**
|
||||
* Manage WireGuard configuration
|
||||
* Displays wireguard server & peer configuration
|
||||
*/
|
||||
function DisplayWireGuardConfig()
|
||||
{
|
||||
$status = new StatusMessages();
|
||||
if (!RASPI_MONITOR_ENABLED) {
|
||||
if (isset($_POST['savewgsettings'])) {
|
||||
// Set defaults
|
||||
$good_input = true;
|
||||
$peer_id = 1;
|
||||
// Validate input
|
||||
if (isset($_POST['wg_srvport'])) {
|
||||
if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
|
||||
$status->addMessage('Invalid value for port number', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_srvipaddress'])) {
|
||||
if (!validateCidr($_POST['wg_srvipaddress'])) {
|
||||
$status->addMessage('Invalid value for IP address', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
|
||||
if (!validateCidr($_POST['wg_pendpoint'])) {
|
||||
$status->addMessage('Invalid value for endpoint address', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_pallowedips'])) {
|
||||
if (!validateCidr($_POST['wg_pallowedips'])) {
|
||||
$status->addMessage('Invalid value for allowed IPs', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
|
||||
if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
|
||||
$status->addMessage('Invalid value for persistent keepalive', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
// Save settings
|
||||
if ($good_input) {
|
||||
// server (wg0.conf)
|
||||
$config[] = '[Interface]';
|
||||
$config[] = 'Address = '.$_POST['wg_srvipaddress'];
|
||||
$config[] = 'ListenPort = '.$_POST['wg_srvport'];
|
||||
$config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
|
||||
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
|
||||
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
|
||||
$config[] = '';
|
||||
$config[] = '[Peer]';
|
||||
$config[] = 'PublicKey = '.$_POST['wg-peer'];
|
||||
if ($_POST['wg_pendpoint'] !== '') {
|
||||
$config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
|
||||
}
|
||||
$config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
|
||||
if ($_POST['wg_pkeepalive'] !== '') {
|
||||
$config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
|
||||
}
|
||||
$config[] = '';
|
||||
$config = join(PHP_EOL, $config);
|
||||
|
||||
file_put_contents("/tmp/wgdata", $config);
|
||||
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
|
||||
|
||||
// client1 (client.conf)
|
||||
$config = [];
|
||||
$config[] = '[Interface]';
|
||||
$config[] = 'Address = ';
|
||||
$config[] = 'PrivateKey = ';
|
||||
$config[] = '';
|
||||
$config[] = '[Peer]';
|
||||
$config[] = 'PublicKey = ';
|
||||
$config[] = 'AllowedIPs = ';
|
||||
$config[] = 'Endpoint = ';
|
||||
$config[] = '';
|
||||
$config = join(PHP_EOL, $config);
|
||||
|
||||
file_put_contents("/tmp/wgdata", $config);
|
||||
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
|
||||
|
||||
// handle log option
|
||||
if ($_POST['wg_log'] == "1") {
|
||||
exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
|
||||
}
|
||||
foreach ($return as $line) {
|
||||
$status->addMessage($line, 'info');
|
||||
}
|
||||
if ($return == 0) {
|
||||
$status->addMessage('Wireguard configuration updated successfully', 'success');
|
||||
} else {
|
||||
$status->addMessage('Wireguard configuration failed to be updated.', 'danger');
|
||||
}
|
||||
}
|
||||
|
||||
SaveWireGuardConfig($status);
|
||||
} elseif (isset($_POST['startwg'])) {
|
||||
$status->addMessage('Attempting to start WireGuard', 'info');
|
||||
exec('sudo /usr/bin/wg-quick up wg0', $return);
|
||||
|
|
@ -119,6 +31,8 @@ function DisplayWireGuardConfig()
|
|||
exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
|
||||
$conf = ParseConfig($return);
|
||||
$wg_srvpubkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-public.key', $return);
|
||||
$wg_srvprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-server-private.key', $return);
|
||||
$wg_peerprivkey = exec('sudo cat '. RASPI_WIREGUARD_PATH .'wg-peer-private.key', $return);
|
||||
$wg_srvport = ($conf['ListenPort'] == '') ? getDefaultNetValue('wireguard','server','ListenPort') : $conf['ListenPort'];
|
||||
$wg_srvipaddress = ($conf['Address'] == '') ? getDefaultNetValue('wireguard','server','Address') : $conf['Address'];
|
||||
$wg_pendpoint = ($conf['Endpoint'] == '') ? getDefaultNetValue('wireguard','peer','Endpoint') : $conf['Endpoint'];
|
||||
|
|
@ -140,6 +54,8 @@ function DisplayWireGuardConfig()
|
|||
"endpoint_enable",
|
||||
"peer_id",
|
||||
"wg_srvpubkey",
|
||||
"wg_srvprivkey",
|
||||
"wg_peerprivkey",
|
||||
"wg_srvport",
|
||||
"wg_srvipaddress",
|
||||
"wg_peerpubkey",
|
||||
|
|
@ -150,3 +66,103 @@ function DisplayWireGuardConfig()
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate user input, save wireguard configuration
|
||||
*
|
||||
* @param object $status
|
||||
* @return boolean
|
||||
*/
|
||||
function SaveWireGuardConfig($status)
|
||||
{
|
||||
// Set defaults
|
||||
$good_input = true;
|
||||
$peer_id = 1;
|
||||
// Validate input
|
||||
if (isset($_POST['wg_srvport'])) {
|
||||
if (strlen($_POST['wg_srvport']) > 5 || !is_numeric($_POST['wg_srvport'])) {
|
||||
$status->addMessage('Invalid value for port number', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_srvipaddress'])) {
|
||||
if (!validateCidr($_POST['wg_srvipaddress'])) {
|
||||
$status->addMessage('Invalid value for IP address', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
|
||||
if (!validateCidr($_POST['wg_pendpoint'])) {
|
||||
$status->addMessage('Invalid value for endpoint address', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_pallowedips'])) {
|
||||
if (!validateCidr($_POST['wg_pallowedips'])) {
|
||||
$status->addMessage('Invalid value for allowed IPs', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
|
||||
if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
|
||||
$status->addMessage('Invalid value for persistent keepalive', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
// Save settings
|
||||
if ($good_input) {
|
||||
// server (wg0.conf)
|
||||
$config[] = '[Interface]';
|
||||
$config[] = 'Address = '.$_POST['wg_srvipaddress'];
|
||||
$config[] = 'ListenPort = '.$_POST['wg_srvport'];
|
||||
$config[] = 'PrivateKey = '.$_POST['wg_srvprivkey'];
|
||||
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE';
|
||||
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o wlan0 -j MASQUERADE';
|
||||
$config[] = '';
|
||||
$config[] = '[Peer]';
|
||||
$config[] = 'PublicKey = '.$_POST['wg-peer'];
|
||||
if ($_POST['wg_pendpoint'] !== '') {
|
||||
$config[] = 'Endpoint = '.trim($_POST['wg_pendpoint']);
|
||||
}
|
||||
$config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
|
||||
if ($_POST['wg_pkeepalive'] !== '') {
|
||||
$config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
|
||||
}
|
||||
$config[] = '';
|
||||
$config = join(PHP_EOL, $config);
|
||||
|
||||
file_put_contents("/tmp/wgdata", $config);
|
||||
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
|
||||
|
||||
// client1 (client.conf)
|
||||
$config = [];
|
||||
$config[] = '[Interface]';
|
||||
if ($_POST['wg_pendpoint'] !== '') {
|
||||
$config[] = 'Address = '.trim($_POST['wg_pendpoint']);
|
||||
}
|
||||
$config[] = 'PrivateKey = '.$_POST['wg_peerprivkey'];
|
||||
$config[] = '';
|
||||
$config[] = '[Peer]';
|
||||
$config[] = 'PublicKey = '.$_POST['wg-server'];
|
||||
$config[] = 'AllowedIPs = '.$_POST['wg_pallowedips'];
|
||||
$config[] = 'Endpoint = '.$_POST['wg_srvipaddress'];
|
||||
$config[] = '';
|
||||
$config = join(PHP_EOL, $config);
|
||||
|
||||
file_put_contents("/tmp/wgdata", $config);
|
||||
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_PATH.'client.conf', $return);
|
||||
|
||||
// handle log option
|
||||
if ($_POST['wg_log'] == "1") {
|
||||
exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
|
||||
}
|
||||
foreach ($return as $line) {
|
||||
$status->addMessage($line, 'info');
|
||||
}
|
||||
if ($return == 0) {
|
||||
$status->addMessage('Wireguard configuration updated successfully', 'success');
|
||||
} else {
|
||||
$status->addMessage('Wireguard configuration failed to be updated.', 'danger');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue