mirror of
https://github.com/RaspAP/raspap-webgui.git
synced 2024-11-21 23:20:22 +00:00
Merge branch 'feature/wireguard' of https://github.com/RaspAP/raspap-insiders into feature/wireguard
This commit is contained in:
commit
9c2cd82562
17 changed files with 475 additions and 0 deletions
|
@ -75,6 +75,9 @@ h5.card-title {
|
|||
font-family: Verdana, Geneva, sans-serif;
|
||||
}
|
||||
|
||||
.sidebar-light hr.sidebar-divider {
|
||||
padding-top: 0.5rem;
|
||||
}
|
||||
|
||||
ul.nav-tabs, .nav-tabs .nav-link {
|
||||
background-color: #f6f6ef;
|
||||
|
@ -154,6 +157,7 @@ ul.nav-tabs, .nav-tabs .nav-link {
|
|||
.info-item-xs {
|
||||
font-size: 0.7rem;
|
||||
margin-left: 0.3rem;
|
||||
line-height: 1.5em;
|
||||
}
|
||||
|
||||
.info-item-wifi {
|
||||
|
@ -190,6 +194,10 @@ ul.nav-tabs, .nav-tabs .nav-link {
|
|||
}
|
||||
}
|
||||
|
||||
.fas.fa-circle {
|
||||
font-size: 0.5rem;
|
||||
}
|
||||
|
||||
.logoutput {
|
||||
width:100%;
|
||||
height:300px;
|
||||
|
|
|
@ -21,6 +21,7 @@ define('RASPI_WPA_CTRL_INTERFACE', '/var/run/wpa_supplicant');
|
|||
define('RASPI_OPENVPN_CLIENT_CONFIG', '/etc/openvpn/client/client.conf');
|
||||
define('RASPI_OPENVPN_CLIENT_LOGIN', '/etc/openvpn/client/login.conf');
|
||||
define('RASPI_OPENVPN_SERVER_CONFIG', '/etc/openvpn/server/server.conf');
|
||||
define('RASPI_WIREGUARD_CONFIG', '/etc/wireguard/wg0.conf');
|
||||
define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc');
|
||||
define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
|
||||
define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
|
||||
|
@ -37,6 +38,7 @@ define('RASPI_NETWORK_ENABLED', true);
|
|||
define('RASPI_DHCP_ENABLED', true);
|
||||
define('RASPI_ADBLOCK_ENABLED', false);
|
||||
define('RASPI_OPENVPN_ENABLED', false);
|
||||
define('RASPI_WIREGUARD_ENABLED', false);
|
||||
define('RASPI_TORPROXY_ENABLED', false);
|
||||
define('RASPI_CONFAUTH_ENABLED', true);
|
||||
define('RASPI_CHANGETHEME_ENABLED', true);
|
||||
|
|
BIN
dist/raspap/css/fonts/RaspAP.eot
vendored
Executable file
BIN
dist/raspap/css/fonts/RaspAP.eot
vendored
Executable file
Binary file not shown.
12
dist/raspap/css/fonts/RaspAP.svg
vendored
Executable file
12
dist/raspap/css/fonts/RaspAP.svg
vendored
Executable file
|
@ -0,0 +1,12 @@
|
|||
<?xml version="1.0" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" >
|
||||
<svg xmlns="http://www.w3.org/2000/svg">
|
||||
<metadata>Generated by IcoMoon</metadata>
|
||||
<defs>
|
||||
<font id="RaspAP" horiz-adv-x="1024">
|
||||
<font-face units-per-em="1024" ascent="960" descent="-64" />
|
||||
<missing-glyph horiz-adv-x="1024" />
|
||||
<glyph unicode=" " horiz-adv-x="512" d="" />
|
||||
<glyph unicode="" glyph-name="wireguard" d="M1023.147 463.147c0 0 23.595 496.853-522.453 496.853-482.859 0-497.963-476.587-497.963-476.587s-70.997-547.413 509.141-547.413c556.501 0 511.275 527.147 511.275 527.147zM347.947 636.757c102.4 62.72 233.344 24.363 282.368-69.888 9.301-17.877 10.496-45.355 4.608-64.128-20.352-64.683-68.309-100.949-134.187-116.395 19.413 16.64 34.859 35.499 39.808 61.525 1.195 5.504 1.88 11.827 1.88 18.31 0 20.027-6.533 38.528-17.584 53.488l0.174-0.246c-16.797 22.874-43.588 37.556-73.809 37.556-11.257 0-22.038-2.037-31.995-5.763l0.63 0.207c-40.533-15.36-62.72-52.395-58.752-97.877 3.712-42.24 35.797-69.632 95.787-80.043-8.96-4.736-15.872-8.235-22.613-11.989-27.988-15.524-51.374-35.995-69.74-60.451l-0.404-0.562c-6.101-8.192-10.24-8.875-19.541-3.2-120.619 73.771-128.384 258.859 3.371 339.456zM257.707 180.992c-19.413-4.949-38.187-12.203-57.984-18.688 9.685 65.365 86.229 125.568 150.997 118.699-18.043-24.598-29.583-54.982-31.551-87.945l-0.022-0.46c-21.504-3.968-41.813-6.613-61.44-11.605zM669.995 819.2c19.115-0.725 38.315-0.427 57.472-0.853 5.287-0.363 10.162-1.075 14.91-2.128l-0.659 0.123c-4.574-6.938-9.348-12.986-14.582-18.599l0.076 0.082c-6.827-6.4-14.549-12.629-24.448-2.944-2.347 2.347-7.979 1.792-12.075 1.877-19.072 0.213-38.144 0.853-57.173 0.128-17.856-0.589-34.82-2.396-51.386-5.353l2.149 0.318c-3.072-0.555-7.595-10.667-6.229-14.421 3.328-8.832 8.149-18.56 15.317-24.192 26.411-20.907 54.485-39.595 81.067-60.288 25.771-20.139 49.792-42.24 64.427-72.533 19.029-39.595 19.627-81.067 11.392-122.752-13.739-69.547-48.939-127.147-105.941-169.045-22.955-16.853-51.413-26.453-77.696-38.528-23.168-10.667-46.933-19.84-70.144-30.379-41.813-19.029-65.28-64.427-58.411-111.573 6.357-43.307 44.373-79.445 87.851-86.912 52.181-8.96 106.069 25.003 118.827 78.080 14.336 59.605-18.048 112.896-78.72 129.024l-10.923 2.816c16.213 7.253 30.208 12.416 43.179 19.541q33.835 18.645 66.475 39.467c6.4 4.096 9.856 4.096 15.36-0.597 41.685-36.096 66.56-80.981 73.557-135.979 11.52-91.093-31.573-174.763-112.896-217.643-125.781-66.347-279.765 9.173-307.541 148.651-23.808 119.467 60.501 227.84 162.005 248.747 43.648 9.003 83.541 27.179 114.56 60.8 20.053 21.675 29.739 40.277 33.067 48.683 5.86 14.568 9.259 31.458 9.259 49.142 0 0.094 0 0.187 0 0.281v-0.014c-0.72 15.473-4.371 29.921-10.408 43.044l0.296-0.719c-10.581 24.149-51.2 62.549-61.227 70.656l-95.573 74.837c-3.371 2.773-7.168 2.56-15.36 2.005-9.813-0.683-34.773-2.048-45.525 0.768 8.704 6.613 32.427 16.213 42.667 23.893-30.976 20.907-66.304 13.397-98.773 19.627 7.509 13.995 44.629 35.456 65.749 37.888-1.455 13.545-3.483 25.484-6.166 37.173l0.406-2.101c-1.28 4.736-6.571 9.387-11.221 12.075-11.179 6.571-23.083 11.989-35.968 18.517 10.935 7.156 24.244 11.558 38.555 11.945l0.101 0.002c1.66 0.068 3.608 0.107 5.566 0.107 11.77 0 23.21-1.408 34.163-4.064l-0.987 0.202c23.040-5.248 41.387-1.792 59.691 13.824-14.421 5.803-28.843 11.093-42.795 17.365-16.163 7.396-29.343 14.415-42.082 22.091l1.89-1.056c36.267-5.035 71.296-18.645 108.373-13.653l0.939 5.035-86.101 20.053c51.328 4.693 99.115 5.461 144.384-16.555 12.757-6.229 26.027-11.349 38.272-18.432 5.973-3.413 9.941-10.24 14.848-15.573 3.84-4.181 6.997-9.813 11.776-12.373 18.091-9.6 37.973-9.984 58.283-9.515l0.427 6.827c20.437-6.4 43.392-29.952 43.392-47.147-33.109 0-66.133 0.128-99.2-0.171-3.541 0-7.040-2.603-10.539-4.011 3.328-1.963 6.613-5.461 10.027-5.589zM627.328 868.139c-1.461-0.899-2.42-2.488-2.42-4.302 0-1.516 0.67-2.876 1.731-3.799l0.006-0.005c1.344-2.305 3.804-3.83 6.62-3.83 1.429 0 2.767 0.393 3.91 1.076l-0.035-0.019c3.2 1.621 6.315 3.328 10.155 5.333-3.072 2.645-5.547 4.864-8.107 6.955-4.523 3.712-8.235 1.365-11.861-1.408z" />
|
||||
<glyph unicode="" glyph-name="raspap" horiz-adv-x="1031" d="M540.058 281.983c0-104.182-84.446-188.637-188.625-188.637-104.176 0-188.62 84.455-188.62 188.637 0 104.171 84.444 188.625 188.62 188.625 104.179 0 188.625-84.455 188.625-188.625zM351.437 550.062c-147.818 0-268.074-120.259-268.074-268.080 0-147.826 120.257-268.091 268.074-268.091s268.077 120.265 268.077 268.091c0 147.821-120.259 268.080-268.077 268.080zM351.437-58.985c-188 0-340.95 152.958-340.95 340.967 0 188.003 152.95 340.956 340.95 340.956 188.003 0 340.953-152.953 340.953-340.956 0-188.009-152.95-340.967-340.953-340.967zM404.82 698.222c185.52 0 339.484-137.497 365.479-315.929l79.208-5.253c-24.125 224.046-214.339 399.077-444.686 399.077-10.909 0-21.723-0.412-32.433-1.186l5.16-77.823c9.017 0.661 18.093 1.113 27.272 1.113zM404.989 874.303c285.73 0 520.41-222.659 539.731-503.584l78.375-5.205c-16.843 326.355-287.644 586.685-618.106 586.685-14.884 0-29.644-0.561-44.264-1.6l5.157-77.719c12.919 0.928 25.958 1.424 39.106 1.424z" />
|
||||
</font></defs></svg>
|
After Width: | Height: | Size: 5 KiB |
BIN
dist/raspap/css/fonts/RaspAP.ttf
vendored
Executable file
BIN
dist/raspap/css/fonts/RaspAP.ttf
vendored
Executable file
Binary file not shown.
BIN
dist/raspap/css/fonts/RaspAP.woff
vendored
Executable file
BIN
dist/raspap/css/fonts/RaspAP.woff
vendored
Executable file
Binary file not shown.
54
dist/raspap/css/style.css
vendored
Normal file
54
dist/raspap/css/style.css
vendored
Normal file
|
@ -0,0 +1,54 @@
|
|||
/*!
|
||||
* RaspAP-Brands Brand Icons - https://raspap.com
|
||||
* License - https://github.com/billz/RaspAP-Brands-webgui/blob/master/LICENSE
|
||||
*/
|
||||
@font-face {
|
||||
font-family: 'RaspAP';
|
||||
src: url('fonts/RaspAP.eot?e76qs3');
|
||||
src: url('fonts/RaspAP.eot?e76qs3#iefix') format('embedded-opentype'),
|
||||
url('fonts/RaspAP.ttf?e76qs3') format('truetype'),
|
||||
url('fonts/RaspAP.woff?e76qs3') format('woff'),
|
||||
url('fonts/RaspAP.svg?e76qs3#RaspAP') format('svg');
|
||||
font-weight: normal;
|
||||
font-style: normal;
|
||||
font-display: block;
|
||||
}
|
||||
|
||||
[class^="ra-"], [class*=" ra-"] {
|
||||
/* use !important to prevent issues with browser extensions that change ..webfonts */
|
||||
font-family: 'RaspAP' !important;
|
||||
speak: none;
|
||||
font-style: normal;
|
||||
font-weight: normal;
|
||||
font-variant: normal;
|
||||
text-transform: none;
|
||||
line-height: 1;
|
||||
|
||||
/* Better Font Rendering =========== */
|
||||
-webkit-font-smoothing: antialiased;
|
||||
-moz-osx-font-smoothing: grayscale;
|
||||
}
|
||||
|
||||
.ra-wireguard:before {
|
||||
font-size: 1.2rem;
|
||||
content: "\e900";
|
||||
color: #d1d3e2;
|
||||
vertical-align: middle;
|
||||
}
|
||||
|
||||
.card-header .ra-wireguard:before {
|
||||
color: #fff;
|
||||
}
|
||||
|
||||
.sidebar .nav-item.active .nav-link
|
||||
span.ra-wireguard:before {
|
||||
color: #6e707e;
|
||||
}
|
||||
|
||||
.ra-raspap:before {
|
||||
font-size: 4.35rem;
|
||||
content: "\e901";
|
||||
color: #d8224c;
|
||||
margin-left: 0.1em;
|
||||
}
|
||||
|
|
@ -26,6 +26,7 @@ $defaults = [
|
|||
'RASPI_OPENVPN_CLIENT_CONFIG' => '/etc/openvpn/client/client.conf',
|
||||
'RASPI_OPENVPN_CLIENT_LOGIN' => '/etc/openvpn/client/login.conf',
|
||||
'RASPI_OPENVPN_SERVER_CONFIG' => '/etc/openvpn/server/server.conf',
|
||||
'RASPI_WIREGUARD_CONFIG' => '/etc/wireguard/wg0.conf',
|
||||
'RASPI_TORPROXY_CONFIG' => '/etc/tor/torrc',
|
||||
'RASPI_LIGHTTPD_CONFIG' => '/etc/lighttpd/lighttpd.conf',
|
||||
'RASPI_ACCESS_CHECK_IP' => '1.1.1.1',
|
||||
|
@ -42,6 +43,7 @@ $defaults = [
|
|||
'RASPI_DHCP_ENABLED' => true,
|
||||
'RASPI_ADBLOCK_ENABLED' => false,
|
||||
'RASPI_OPENVPN_ENABLED' => false,
|
||||
'RASPI_WIREGUARD_ENABLED' => false,
|
||||
'RASPI_TORPROXY_ENABLED' => false,
|
||||
'RASPI_CONFAUTH_ENABLED' => true,
|
||||
'RASPI_CHANGETHEME_ENABLED' => true,
|
||||
|
|
|
@ -715,6 +715,33 @@ function getBridgedState()
|
|||
return $arrHostapdConf['BridgedEnable'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates the format of a CIDR notation string
|
||||
*
|
||||
* @param string $cidr
|
||||
* @return bool
|
||||
*/
|
||||
function validateCidr($cidr)
|
||||
{
|
||||
$parts = explode('/', $cidr);
|
||||
if(count($parts) != 2) {
|
||||
return false;
|
||||
}
|
||||
$ip = $parts[0];
|
||||
$netmask = intval($parts[1]);
|
||||
|
||||
if($netmask < 0) {
|
||||
return false;
|
||||
}
|
||||
if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
||||
return $netmask <= 32;
|
||||
}
|
||||
if(filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
return $netmask <= 128;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// Validates a host or FQDN
|
||||
function validate_host($host) {
|
||||
return preg_match('/^([a-z\d](-*[a-z\d])*)(\.([a-z\d](-*[a-z\d])*))*$/i', $host);
|
||||
|
|
136
includes/wireguard.php
Normal file
136
includes/wireguard.php
Normal file
|
@ -0,0 +1,136 @@
|
|||
<?php
|
||||
|
||||
require_once 'includes/status_messages.php';
|
||||
require_once 'config.php';
|
||||
|
||||
/**
|
||||
* Manage WireGuard configuration
|
||||
*/
|
||||
function DisplayWireGuardConfig()
|
||||
{
|
||||
$status = new StatusMessages();
|
||||
if (!RASPI_MONITOR_ENABLED) {
|
||||
if (isset($_POST['savewgsettings'])) {
|
||||
// Set defaults
|
||||
$good_input = true;
|
||||
$peer_id = 1;
|
||||
// Validate input
|
||||
if (isset($_POST['wg_port'])) {
|
||||
if (strlen($_POST['wg_port']) > 5 || !is_numeric($_POST['wg_port'])) {
|
||||
$status->addMessage('Invalid value for port number', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_ipaddress'])) {
|
||||
if (!validateCidr($_POST['wg_ipaddress'])) {
|
||||
$status->addMessage('Invalid value for IP address', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_endpoint']) && strlen(trim($_POST['wg_endpoint']) >0 )) {
|
||||
if (!validateCidr($_POST['wg_endpoint'])) {
|
||||
$status->addMessage('Invalid value for endpoint address', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_allowedips'])) {
|
||||
if (!validateCidr($_POST['wg_allowedips'])) {
|
||||
$status->addMessage('Invalid value for allowed IPs', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
if (isset($_POST['wg_pkeepalive']) && strlen(trim($_POST['wg_pkeepalive']) >0 )) {
|
||||
if (strlen($_POST['wg_pkeepalive']) > 4 || !is_numeric($_POST['wg_pkeepalive'])) {
|
||||
$status->addMessage('Invalid value for persistent keepalive', 'danger');
|
||||
$good_input = false;
|
||||
}
|
||||
}
|
||||
// Save settings
|
||||
if ($good_input) {
|
||||
$config[] = '[Interface]';
|
||||
$config[] = 'Address = '.$_POST['wg_ipaddress'];
|
||||
$config[] = 'ListenPort = '.$_POST['wg_port'];
|
||||
$config[] = '';
|
||||
$config[] = 'PrivateKey = '.$_POST['wg_privkey'];
|
||||
$config[] = 'PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE';
|
||||
$config[] = 'PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE';
|
||||
$config[] = '';
|
||||
$config[] = '[Peer]';
|
||||
$config[] = 'PublicKey = '.$_POST['wg_pubkey'];
|
||||
if ($_POST['wg_endpoint'] !== '') {
|
||||
$config[] = 'Endpoint = '.trim($_POST['wg_endpoint']);
|
||||
}
|
||||
$config[] = 'AllowedIPs = '.$_POST['wg_allowedips'];
|
||||
if ($_POST['wg_pkeepalive'] !== '') {
|
||||
$config[] = 'PersistentKeepalive = '.trim($_POST['wg_pkeepalive']);
|
||||
}
|
||||
$config[] = '';
|
||||
$config = join(PHP_EOL, $config);
|
||||
|
||||
file_put_contents("/tmp/wgdata", $config);
|
||||
system('sudo cp /tmp/wgdata '.RASPI_WIREGUARD_CONFIG, $return);
|
||||
|
||||
// handle log option
|
||||
if ($_POST['wg_log'] == "1") {
|
||||
exec("sudo /bin/systemctl status wg-quick@wg0 | sudo tee /tmp/wireguard.log > /dev/null");
|
||||
}
|
||||
foreach ($return as $line) {
|
||||
$status->addMessage($line, 'info');
|
||||
}
|
||||
if ($return == 0) {
|
||||
$status->addMessage('Wireguard configuration updated successfully', 'success');
|
||||
} else {
|
||||
$status->addMessage('Wireguard configuration failed to be updated.', 'danger');
|
||||
}
|
||||
}
|
||||
|
||||
} elseif (isset($_POST['startwg'])) {
|
||||
$status->addMessage('Attempting to start WireGuard', 'info');
|
||||
exec('sudo /usr/bin/wg-quick up wg0', $return);
|
||||
foreach ($return as $line) {
|
||||
$status->addMessage($line, 'info');
|
||||
}
|
||||
} elseif (isset($_POST['stopwg'])) {
|
||||
$status->addMessage('Attempting to stop WireGuard', 'info');
|
||||
exec('sudo /usr/bin/wg-quick down wg0', $return);
|
||||
foreach ($return as $line) {
|
||||
$status->addMessage($line, 'info');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// fetch wg config
|
||||
exec('sudo cat '. RASPI_WIREGUARD_CONFIG, $return);
|
||||
$conf = ParseConfig($return);
|
||||
$wg_port = $conf['ListenPort'];
|
||||
$wg_ipaddress = $conf['Address'];
|
||||
$wg_pubkey = $conf['PublicKey'];
|
||||
$wg_privkey = $conf['PrivateKey'];
|
||||
$wg_endpoint = $conf['Endpoint'];
|
||||
$wg_allowedips = $conf['AllowedIPs'];
|
||||
$wg_pkeepalive = $conf['PersistentKeepalive'];
|
||||
|
||||
// fetch service status
|
||||
exec('pidof wg-crypt-wg0 | wc -l', $wgstatus);
|
||||
$serviceStatus = $wgstatus[0] == 0 ? "down" : "up";
|
||||
$wg_state = ($wgstatus[0] > 0);
|
||||
|
||||
echo renderTemplate(
|
||||
"wireguard", compact(
|
||||
"status",
|
||||
"wg_state",
|
||||
"serviceStatus",
|
||||
"wg_log",
|
||||
"endpoint_enable",
|
||||
"peer_id",
|
||||
"wg_port",
|
||||
"wg_ipaddress",
|
||||
"wg_pubkey",
|
||||
"wg_privkey",
|
||||
"wg_endpoint",
|
||||
"wg_allowedips",
|
||||
"wg_pkeepalive"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
12
index.php
12
index.php
|
@ -45,6 +45,7 @@ require_once 'includes/themes.php';
|
|||
require_once 'includes/data_usage.php';
|
||||
require_once 'includes/about.php';
|
||||
require_once 'includes/openvpn.php';
|
||||
require_once 'includes/wireguard.php';
|
||||
require_once 'includes/torproxy.php';
|
||||
|
||||
$config = getConfig();
|
||||
|
@ -82,6 +83,9 @@ $bridgedEnabled = getBridgedState();
|
|||
<!-- Custom Fonts -->
|
||||
<link href="dist/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
|
||||
|
||||
<!-- RaspAP Fonts -->
|
||||
<link href="dist/raspap/css/style.css" rel="stylesheet" type="text/css">
|
||||
|
||||
<!-- Custom CSS -->
|
||||
<link href="<?php echo $theme_url; ?>" title="main" rel="stylesheet">
|
||||
|
||||
|
@ -161,6 +165,11 @@ $bridgedEnabled = getBridgedState();
|
|||
<?php if (RASPI_OPENVPN_ENABLED) : ?>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="openvpn_conf"><i class="fas fa-key fa-fw mr-2"></i><span class="nav-label"><?php echo _("OpenVPN"); ?></a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
<?php if (RASPI_WIREGUARD_ENABLED) : ?>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="index.php?page=wg_conf"><span class="ra-wireguard mr-2"></span><span class="nav-label"><?php echo _("WireGuard"); ?></a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
<?php if (RASPI_TORPROXY_ENABLED) : ?>
|
||||
|
@ -259,6 +268,9 @@ $bridgedEnabled = getBridgedState();
|
|||
case "/openvpn_conf":
|
||||
DisplayOpenVPNConfig();
|
||||
break;
|
||||
case "/wg_conf":
|
||||
DisplayWireGuardConfig();
|
||||
break;
|
||||
case "/torproxy_conf":
|
||||
DisplayTorProxyConfig();
|
||||
break;
|
||||
|
|
|
@ -297,6 +297,47 @@ function _prompt_install_openvpn() {
|
|||
fi
|
||||
}
|
||||
|
||||
# Prompt to install WireGuard
|
||||
function _prompt_install_wireguard() {
|
||||
_install_log "Configure WireGuard support"
|
||||
echo -n "Install WireGuard and enable VPN tunnel configuration? [Y/n]: "
|
||||
if [ "$assume_yes" == 0 ]; then
|
||||
read answer < /dev/tty
|
||||
if [ "$answer" != "${answer#[Nn]}" ]; then
|
||||
echo -e
|
||||
else
|
||||
_install_wireguard
|
||||
fi
|
||||
elif [ "$wg_option" == 1 ]; then
|
||||
_install_wireguard
|
||||
else
|
||||
echo "(Skipped)"
|
||||
fi
|
||||
}
|
||||
|
||||
# Install Wireguard from the Debian unstable distro
|
||||
function _install_wireguard() {
|
||||
_install_log "Configure WireGuard support"
|
||||
if [ "$OS" == "Raspbian" ]; then
|
||||
echo "Installing raspberrypi-kernel-headers"
|
||||
sudo apt-get install $apt_option raspberrypi-kernel-headers || _install_status 1 "Unable to install raspberrypi-kernel-headers"
|
||||
fi
|
||||
echo "Installing WireGuard from Debian unstable distro"
|
||||
echo "Adding Debian distro"
|
||||
echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list || _install_status 1 "Unable to append to sources.list"
|
||||
sudo apt-get install dirmngr || _install_status 1 "Unable to install dirmngr"
|
||||
echo "Adding Debian distro keys"
|
||||
sudo wget -q -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add - || _install_status 1 "Unable to add keys"
|
||||
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable || _install_status 1 "Unable to append to preferences.d"
|
||||
echo "Installing WireGuard"
|
||||
sudo apt-get update && sudo apt-get install $apt_option wireguard || _install_status 1 "Unable to install wireguard"
|
||||
echo "Enabling wg-quick@wg0"
|
||||
sudo systemctl enable wg-quick@wg0 || _install_status 1 "Failed to enable wg-quick service"
|
||||
echo "Enabling WireGuard management option"
|
||||
sudo sed -i "s/\('RASPI_WIREGUARD_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_status 1 "Unable to modify config.php"
|
||||
_install_status 0
|
||||
}
|
||||
|
||||
# Install openvpn and enable client configuration option
|
||||
function _install_openvpn() {
|
||||
_install_log "Installing OpenVPN and enabling client configuration"
|
||||
|
|
|
@ -39,7 +39,15 @@ www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
|
|||
www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/openvpnlog.sh
|
||||
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
|
||||
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
|
||||
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/wireguard.log
|
||||
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
|
||||
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasq_custom /etc/raspap/adblock/custom.txt
|
||||
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wgdata /etc/wireguard/wg0.conf
|
||||
www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
|
||||
www-data ALL=(ALL) NOPASSWD:/usr/bin/tee /tmp/wireguard.log
|
||||
www-data ALL=(ALL) NOPASSWD:/bin/systemctl status wg-quick@wg0
|
||||
www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick up wg0
|
||||
www-data ALL=(ALL) NOPASSWD:/usr/bin/wg-quick down wg0
|
||||
www-data ALL=(ALL) NOPASSWD:/usr/bin/wg
|
||||
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wireguard/wg0.conf
|
||||
|
||||
|
|
47
templates/wg/general.php
Normal file
47
templates/wg/general.php
Normal file
|
@ -0,0 +1,47 @@
|
|||
<!-- wireguard settings tab -->
|
||||
<div class="tab-pane active" id="wgsettings">
|
||||
<div class="row">
|
||||
<div class="col-md-6">
|
||||
<h4 class="mt-3"><?php echo _("Tunnel settings"); ?></h4>
|
||||
<div class="input-group">
|
||||
<input type="hidden" name="tunnel-enable" value="0">
|
||||
<div class="custom-control custom-switch">
|
||||
<input class="custom-control-input" id="tunnel-enable" type="checkbox" name="tunnel-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="tunnel-description">
|
||||
<label class="custom-control-label" for="tunnel-enable"><?php echo _("Enable tunnel") ?></label>
|
||||
</div>
|
||||
<p id="wg-description">
|
||||
<small><?php echo _("Enable this option to encrypt traffic by creating a tunnel between RaspAP and configured peers.") ?></small>
|
||||
</p>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="form-group col-xs-3 col-sm-3">
|
||||
<label for="code"><?php echo _("Local Port"); ?></label>
|
||||
<input type="text" class="form-control" name="wg_port" value="<?php echo htmlspecialchars($wg_port, ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-xs-3 col-sm-6">
|
||||
<label for="code"><?php echo _("Local public key"); ?></label>
|
||||
</div>
|
||||
<div class="input-group col-md-12 mb-3">
|
||||
<input type="text" class="form-control" name="wg_pubkey" value="<?php echo htmlspecialchars($wg_pubkey, ENT_QUOTES); ?>" />
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateWgKey()"><?php echo _("Generate key"); ?></button>
|
||||
<span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<input type="hidden" name="wg_privkey" value="<?php echo htmlspecialchars($wg_privkey, ENT_QUOTES); ?>" />
|
||||
|
||||
<div class="row">
|
||||
<div class="form-group col-md-6">
|
||||
<label for="code"><?php echo _("IP Address"); ?></label>
|
||||
<input type="text" class="form-control" name="wg_ipaddress" value="<?php echo htmlspecialchars($wg_ipaddress, ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div><!-- /.row -->
|
||||
</div><!-- /.tab-pane | settings tab -->
|
||||
|
19
templates/wg/logging.php
Normal file
19
templates/wg/logging.php
Normal file
|
@ -0,0 +1,19 @@
|
|||
<!-- wireguard logging tab -->
|
||||
<div class="tab-pane fade" id="wglogging">
|
||||
<div class="row">
|
||||
<div class="col-md-12">
|
||||
<h4 class="mt-3"><?php echo _("Logging"); ?></h4>
|
||||
<div class="custom-control custom-switch">
|
||||
<input class="custom-control-input" id="wg_log" type="checkbox" name="wg_log" value="1" <?php echo $wg_log ? ' checked="checked"' : "" ?> aria-describedby="wg_log">
|
||||
<label class="custom-control-label" for="wg_log"><?php echo _("Display WireGuard status") ?></label>
|
||||
</div>
|
||||
<p><small><?php echo _("Enable this option to display an updated WireGuard status.") ?></small></p>
|
||||
<?php
|
||||
exec('sudo chmod o+r /tmp/wireguard.log');
|
||||
$log = file_get_contents('/tmp/wireguard.log');
|
||||
echo '<textarea class="logoutput my-3">'.htmlspecialchars($log, ENT_QUOTES).'</textarea>';
|
||||
?>
|
||||
</div>
|
||||
</div><!-- /.row -->
|
||||
</div><!-- /.tab-pane | logging tab -->
|
||||
|
54
templates/wg/peers.php
Normal file
54
templates/wg/peers.php
Normal file
|
@ -0,0 +1,54 @@
|
|||
<!-- wireguard peers tab -->
|
||||
<div class="tab-pane fade" id="wgpeers">
|
||||
|
||||
<div class="row">
|
||||
<div class="col-md-6">
|
||||
<h4 class="mt-3"><?php echo _("Peer"); ?></h4>
|
||||
<div class="input-group">
|
||||
<input type="hidden" name="endpoint-enable" value="0">
|
||||
<input type="hidden" name="peer_id" value="1">
|
||||
<div class="custom-control custom-switch">
|
||||
<input class="custom-control-input" id="endpoint_enable" type="checkbox" name="endpoint-enable" value="1" <?php echo $enabled ? ' checked="checked"' : "" ?> aria-describedby="endpoint-description">
|
||||
<label class="custom-control-label" for="endpoint_enable"><?php echo _("Enable endpoint") ?></label>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<div class="form-group col-xs-3 col-sm-6 mt-3">
|
||||
<label for="code"><?php echo _("Endpoint address"); ?></label>
|
||||
<input type="text" class="form-control" name="wg_endpoint" value="<?php echo htmlspecialchars($wg_endpoint, ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-xs-3 col-sm-6">
|
||||
<label for="code"><?php echo _("Allowed IPs"); ?></label>
|
||||
<input type="text" class="form-control mb-3" name="wg_allowedips" placeholder="0.0.0.0/0" value="<?php echo htmlspecialchars($wg_allowedips, ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-xs-3 col-sm-6">
|
||||
<label for="code"><?php echo _("Persistent keepalive"); ?></label>
|
||||
<input type="text" class="form-control col-sm-3 mb-3" name="wg_pkeepalive" placeholder="25" value="<?php echo htmlspecialchars($wg_pkeepalive, ENT_QUOTES); ?>" />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-xs-3 col-sm-6">
|
||||
<label for="code"><?php echo _("Peer public key"); ?></label>
|
||||
</div>
|
||||
<div class="input-group col-md-12 mb-3">
|
||||
<input type="text" class="form-control" name="wg_peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
|
||||
<div class="input-group-append">
|
||||
<button class="btn btn-sm btn-outline-secondary rounded-right" type="button" onclick="updateBlocklist()"><?php echo _("Generate key"); ?></button>
|
||||
<span id="cbxblocklist-status" class="input-group-addon check-hidden ml-2 mt-1"><i class="fas fa-check"></i></span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
</div>
|
||||
</div><!-- /.row -->
|
||||
</div><!-- /.tab-pane | peers tab -->
|
||||
|
53
templates/wireguard.php
Normal file
53
templates/wireguard.php
Normal file
|
@ -0,0 +1,53 @@
|
|||
<?php ob_start() ?>
|
||||
<?php if (!RASPI_MONITOR_ENABLED) : ?>
|
||||
<input type="submit" class="btn btn-outline btn-primary" name="savewgsettings" value="<?php echo _("Save settings"); ?>">
|
||||
<?php if ($wg_state) : ?>
|
||||
<input type="submit" class="btn btn-warning" name="stopwg" value="<?php echo _("Stop WireGuard"); ?>">
|
||||
<?php else : ?>
|
||||
<input type="submit" class="btn btn-success" name="startwg" value="<?php echo _("Start WireGuard"); ?>">
|
||||
<?php endif ?>
|
||||
<?php endif ?>
|
||||
<?php $buttons = ob_get_clean(); ob_end_clean() ?>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-lg-12">
|
||||
<div class="card">
|
||||
<div class="card-header">
|
||||
<div class="row">
|
||||
<div class="col">
|
||||
<span class="ra-wireguard mr-2"></span><?php echo _("WireGuard"); ?>
|
||||
</div>
|
||||
<div class="col">
|
||||
<button class="btn btn-light btn-icon-split btn-sm service-status float-right">
|
||||
<span class="icon text-gray-600"><i class="fas fa-circle service-status-<?php echo $serviceStatus ?>"></i></span>
|
||||
<span class="text service-status">wg <?php echo _($serviceStatus) ?></span>
|
||||
</button>
|
||||
</div>
|
||||
</div><!-- /.row -->
|
||||
</div><!-- /.card-header -->
|
||||
<div class="card-body">
|
||||
<?php $status->showMessages(); ?>
|
||||
<form role="form" action="?page=wg_conf" enctype="multipart/form-data" method="POST">
|
||||
<?php echo CSRFTokenFieldTag() ?>
|
||||
<!-- Nav tabs -->
|
||||
<ul class="nav nav-tabs">
|
||||
<li class="nav-item"><a class="nav-link active" id="settingstab" href="#wgsettings" data-toggle="tab"><?php echo _("Settings"); ?></a></li>
|
||||
<li class="nav-item"><a class="nav-link" id="peertab" href="#wgpeers" data-toggle="tab"><?php echo _("Peer"); ?></a></li>
|
||||
<li class="nav-item"><a class="nav-link" id="loggingtab" href="#wglogging" data-toggle="tab"><?php echo _("Logging"); ?></a></li>
|
||||
</ul>
|
||||
|
||||
<!-- Tab panes -->
|
||||
<div class="tab-content">
|
||||
<?php echo renderTemplate("wg/general", $__template_data) ?>
|
||||
<?php echo renderTemplate("wg/peers", $__template_data) ?>
|
||||
<?php echo renderTemplate("wg/logging", $__template_data) ?>
|
||||
</div><!-- /.tab-content -->
|
||||
|
||||
<?php echo $buttons ?>
|
||||
</form>
|
||||
</div><!-- /.card-body -->
|
||||
<div class="card-footer"><?php echo _("Information provided by wireguard"); ?></div>
|
||||
</div><!-- /.card -->
|
||||
</div><!-- /.col-lg-12 -->
|
||||
</div><!-- /.row -->
|
||||
|
Loading…
Reference in a new issue