]> git.ipfire.org Git - people/ms/ipfire-2.x.git/commitdiff
projects / people / ms / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5abfabb)
wireguard: Support having a local IP address
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 26 Apr 2025 12:25:27 +0000 (14:25 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 26 Apr 2025 12:25:27 +0000 (14:25 +0200)
This is what we need to support VPN providers.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/cfgroot/wireguard-functions.pl patch | blob | blame | history
html/cgi-bin/wireguard.cgi patch | blob | blame | history
src/initscripts/system/wireguard patch | blob | blame | history

diff --git a/config/cfgroot/wireguard-functions.pl b/config/cfgroot/wireguard-functions.pl
index 909b33a29096d53b361fbccbde87c14e38bcc5f3..53e8f1a3808d60d8b6716530db7419c592e3db09 100644 (file)
--- a/config/cfgroot/wireguard-functions.pl
+++ b/config/cfgroot/wireguard-functions.pl
@@ -190,6 +190,7 @@ sub load_peer($) {
                "LOCAL_SUBNETS"         => &decode_subnets($peers{$key}[10]),
                "PSK"                   => $peers{$key}[11],
                "KEEPALIVE"             => $peers{$key}[12],
+               "LOCAL_ADDRESS"         => $peers{$key}[13],
                "INTERFACE"                             => ($type eq "host") ? "wg0" : "wg${key}",
        );
 
@@ -506,7 +507,7 @@ sub parse_configuration($$) {
                        # Address
                        if ($key eq "Address") {
                                if (&Network::check_ip_address($val)) {
-                                       $peer{'CLIENT_ADDRESS'} = $val;
+                                       $peer{'LOCAL_ADDRESS'} = $val;
                                } else {
                                        push(@errormessages, $Lang::tr{'invalid ip address'});
                                }
diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi
index e8836439d0467079dd6a6f45e679b55c869c275a..2bef8dcde8d57fad78771645fa41946ea8b551f9 100644 (file)
--- a/html/cgi-bin/wireguard.cgi
+++ b/html/cgi-bin/wireguard.cgi
@@ -153,6 +153,7 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
                "LOCAL_SUBNETS"         => join(", ", @$local_subnets),
                "PSK"                           => $Wireguard::peers{$key}[11],
                "KEEPALIVE"                     => $Wireguard::peers{$key}[12],
+               "LOCAL_ADDRESS"                 => $Wireguard::peers{$key}[13],
        );
 
        # Jump to the editor
@@ -221,6 +222,8 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
                $peer->{"PSK"},
                # 12 = Keepalive
                $peer->{"KEEPALIVE"} || $Wireguard::DEFAULT_KEEPALIVE,
+               # 13 = Local Address
+               $peer->{"LOCAL_ADDRESS"},
        ];
 
        # Store the configuration
@@ -338,6 +341,8 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
                $psk,
                # 12 = Keepalive
                $Wireguard::DEFAULT_KEEPALIVE,
+               # 13 = Local Address
+               "",
        ];
 
        # Store the configuration
@@ -521,6 +526,8 @@ END
                $cgiparams{"PSK"} || "",
                # 12 = Keepalive
                $cgiparams{"KEEPALIVE"} || 0,
+               # 13 = Local Address
+               "",
        ];
 
        # Store the configuration
@@ -634,6 +641,8 @@ END
                $cgiparams{"PSK"},
                # 12 = Keepalive
                0,
+               # 13 = Local Address
+               "",
        ];
 
        # Store the configuration
diff --git a/src/initscripts/system/wireguard b/src/initscripts/system/wireguard
index 9321b09c459a8f1b333fbcb1f74ae77945c380cf..d8c869b9d6841c72b093731122f6c85e6a705aa6 100644 (file)
--- a/src/initscripts/system/wireguard
+++ b/src/initscripts/system/wireguard
@@ -148,6 +148,7 @@ generate_config() {
        local local_subnets
        local psk
        local keepalive
+       local local_address
        local _rest
 
        # Handles the special case of the RW interface
@@ -166,7 +167,7 @@ generate_config() {
                fi
 
                while read -r id enabled type name pubkey privkey port endpoint_addr endpoint_port \
-                               remote_subnets remarks local_subnets psk keepalive _rest; do
+                               remote_subnets remarks local_subnets psk keepalive local_address _rest; do
                        # Skip peers that are not hosts or not enabled
                        [ "${type}" = "host" ] || continue
                        [ "${enabled}" = "on" ] || continue
@@ -194,7 +195,7 @@ generate_config() {
        local remote_subnet
 
        while read -r id enabled type name pubkey privkey port endpoint_addr endpoint_port \
-                       remote_subnets remarks local_subnets psk keepalive _rest; do
+                       remote_subnets remarks local_subnets psk keepalive local_address _rest; do
                # Check for the matching connection
                [ "${type}" = "net" ] || continue
                [ "${intf}" = "wg${id}" ] || continue
@@ -205,6 +206,14 @@ generate_config() {
                # Update the interface alias
                ip link set "${intf}" alias "${name}"
 
+               # Flush any addresses
+               ip addr flush dev "${intf}"
+
+               # Assign the local address
+               if [ -n "${local_address}" ]; then
+                       ip addr add "${local_address}" dev "${intf}"
+               fi
+
                echo "[Interface]"
 
                if [ -n "${privkey}" ]; then
Michael's tree of IPFire 2.x.