etc/rc.d/init.d/unbound
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
+etc/rc.d/init.d/wireguard
etc/rc.d/init.d/wlanclient
#etc/rc.d/rc0.d
etc/rc.d/rc0.d/K01grub-btrfsd
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
+etc/rc.d/rc0.d/K70wireguard
etc/rc.d/rc0.d/K77conntrackd
etc/rc.d/rc0.d/K78suricata
etc/rc.d/rc0.d/K79leds
etc/rc.d/rc3.d/S30sshd
etc/rc.d/rc3.d/S32apache
etc/rc.d/rc3.d/S40fcron
+etc/rc.d/rc3.d/S50wireguard
etc/rc.d/rc3.d/S98rc.local
etc/rc.d/rc3.d/S99grub-btrfsd
#etc/rc.d/rc3.d/S99vdradmin
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
+etc/rc.d/rc6.d/K70wireguard
etc/rc.d/rc6.d/K77conntrackd
etc/rc.d/rc6.d/K78suricata
etc/rc.d/rc6.d/K79leds
etc/rc.d/init.d/unbound
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
+etc/rc.d/init.d/wireguard
etc/rc.d/init.d/wlanclient
#etc/rc.d/rc0.d
etc/rc.d/rc0.d/K01grub-btrfsd
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
+etc/rc.d/rc0.d/K70wireguard
etc/rc.d/rc0.d/K77conntrackd
etc/rc.d/rc0.d/K78suricata
etc/rc.d/rc0.d/K79leds
etc/rc.d/rc3.d/S30sshd
etc/rc.d/rc3.d/S32apache
etc/rc.d/rc3.d/S40fcron
+etc/rc.d/rc3.d/S50wireguard
etc/rc.d/rc3.d/S98rc.local
etc/rc.d/rc3.d/S99grub-btrfsd
#etc/rc.d/rc3.d/S99vdradmin
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
+etc/rc.d/rc6.d/K70wireguard
etc/rc.d/rc6.d/K77conntrackd
etc/rc.d/rc6.d/K78suricata
etc/rc.d/rc6.d/K79leds
etc/rc.d/init.d/unbound
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
+etc/rc.d/init.d/wireguard
etc/rc.d/init.d/wlanclient
#etc/rc.d/rc0.d
etc/rc.d/rc0.d/K01grub-btrfsd
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
etc/rc.d/rc0.d/K51vnstat
+etc/rc.d/rc0.d/K70wireguard
etc/rc.d/rc0.d/K77conntrackd
etc/rc.d/rc0.d/K78suricata
etc/rc.d/rc0.d/K79leds
etc/rc.d/rc3.d/S30sshd
etc/rc.d/rc3.d/S32apache
etc/rc.d/rc3.d/S40fcron
+etc/rc.d/rc3.d/S50wireguard
etc/rc.d/rc3.d/S98rc.local
etc/rc.d/rc3.d/S99grub-btrfsd
#etc/rc.d/rc3.d/S99vdradmin
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
etc/rc.d/rc6.d/K51vnstat
+etc/rc.d/rc6.d/K70wireguard
etc/rc.d/rc6.d/K77conntrackd
etc/rc.d/rc6.d/K78suricata
etc/rc.d/rc6.d/K79leds
ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock
ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc0.d/K49cyrus-sasl
ln -sf ../init.d/vnstat /etc/rc.d/rc0.d/K51vnstat
+ ln -sf ../init.d/wireguard /etc/rc.d/rc0.d/K70wireguard
ln -sf ../init.d/conntrackd /etc/rc.d/rc0.d/K77conntrackd
ln -sf ../init.d/suricata /etc/rc.d/rc0.d/K78suricata
ln -sf ../init.d/leds /etc/rc.d/rc0.d/K79leds
ln -sf ../init.d/sshd /etc/rc.d/rc3.d/S30sshd
ln -sf ../init.d/apache /etc/rc.d/rc3.d/S32apache
ln -sf ../init.d/fcron /etc/rc.d/rc3.d/S40fcron
+ ln -sf ../init.d/wireguard /etc/rc.d/rc3.d/S50wireguard
ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local
ln -sf ../init.d/grub-btrfsd /etc/rc.d/rc3.d/S99grub-btrfsd
ln -sf ../init.d/vdradmin /etc/rc.d/rc3.d/S99vdradmin
ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock
ln -sf ../init.d/cyrus-sasl /etc/rc.d/rc6.d/K49cyrus-sasl
ln -sf ../init.d/vnstat /etc/rc.d/rc6.d/K51vnstat
+ ln -sf ../init.d/wireguard /etc/rc.d/rc6.d/K70wireguard
ln -sf ../init.d/conntrackd /etc/rc.d/rc6.d/K77conntrackd
ln -sf ../init.d/suricata /etc/rc.d/rc6.d/K78suricata
ln -sf ../init.d/leds /etc/rc.d/rc6.d/K79leds
--- /dev/null
+#!/bin/sh
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2024 Michael Tremer <michael.tremer@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+INTF="wg0"
+
+eval $(/usr/local/bin/readhash /var/ipfire/wireguard/settings)
+
+generate_config() {
+ echo "[Interface]"
+ echo "PrivateKey = ${PRIVATE_KEY}"
+
+ # Optionally set the port
+ if [ -n "${PORT}" ]; then
+ echo "ListenPort = ${PORT}"
+ fi
+
+ local IFS=','
+
+ local id
+ local enabled
+ local type
+ local name
+ local pubkey
+ local endpoint
+ local port
+ local routes
+ local _rest
+
+ local route
+
+ # Flush all previously set routes
+ ip route flush dev "${INTF}"
+
+ while read -r id enabled type name pubkey endpoint port routes _rest; do
+ # Skip peers that are not enabled
+ [ "${enabled}" = "on" ] || continue
+
+ echo "[Peer]"
+ echo "PublicKey = ${pubkey}"
+
+ # Set endpoint
+ if [ -n "${endpoint}" ]; then
+ echo "Endpoint = ${endpoint}${port:+:}${port}"
+ fi
+
+ # Set routes
+ if [ -n "${routes}" ]; then
+ echo "AllowedIPs = ${routes//|/, }"
+
+ # Apply the routes
+ if [ "${type}" = "net" ]; then
+ for route in ${routes//|/,}; do
+ ip route add "${route}" dev "${INTF}"
+ done
+ fi
+ fi
+ done < /var/ipfire/wireguard/peers
+}
+
+wg_start() {
+ # Create the interface if it does not exist
+ if [ ! -d "/sys/class/net/${INTF}" ]; then
+ ip link add "${INTF}" type wireguard || return $?
+ fi
+
+ # Set up the interface
+ ip link set "${INTF}" up
+
+ # Set the MTU
+ if [ -n "${MTU}" ]; then
+ ip link set "${INTF}" mtu "${MTU}" || return $?
+ fi
+
+ # Load the configuration into the kernel
+ wg syncconf "${INTF}" <(generate_config) || return $?
+
+ return 0
+}
+
+wg_stop() {
+ if [ -d "/sys/class/net/${INTF}" ]; then
+ ip link del "${INTF}" || return $?
+ fi
+}
+
+case "${1}" in
+ start)
+ if [ "${ENABLED}" != "on" ]; then
+ exit 0
+ fi
+
+ boot_mesg "Starting WireGuard VPN..."
+ wg_start; evaluate_retval
+ ;;
+
+ stop)
+ boot_mesg "Stopping WireGuard VPN..."
+ wg_stop; evaluate_retval
+ ;;
+
+ reload)
+ boot_mesg "Reloading WireGuard VPN..."
+ wg_start; evaluate_retval
+ ;;
+
+ restart)
+ ${0} stop
+ sleep 1
+ ${0} start
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|stop|reload|restart}"
+ exit 1
+ ;;
+esac
projects / people / stevee / ipfire-2.x.git / commitdiff
