From: Michael Tremer Date: Tue, 16 Apr 2024 16:06:47 +0000 (+0200) Subject: wireguard.cgi: Add a basic CGI to configure the global settings X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=06dbc836a47160d51ab10f8b9d4ca356beaa7cdb;p=ipfire-2.x.git wireguard.cgi: Add a basic CGI to configure the global settings Signed-off-by: Michael Tremer --- diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index 816241dae..aa31491d2 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -87,6 +87,7 @@ srv/web/ipfire/cgi-bin/wakeonlan.cgi srv/web/ipfire/cgi-bin/webaccess.cgi #srv/web/ipfire/cgi-bin/wio.cgi #srv/web/ipfire/cgi-bin/wiographs.cgi +srv/web/ipfire/cgi-bin/wireguard.cgi srv/web/ipfire/cgi-bin/wireless.cgi srv/web/ipfire/cgi-bin/wirelessclient.cgi #srv/web/ipfire/cgi-bin/wlanap.cgi diff --git a/doc/language_issues.de b/doc/language_issues.de index b5309f41b..12ccc22c8 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -1012,6 +1012,7 @@ WARNING: untranslated string: oops something went wrong = Oops, something went w WARNING: untranslated string: optional = Optional WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Server WARNING: untranslated string: pakfire invalid tree = Invalid repository selected +WARNING: untranslated string: public key = unknown string WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. diff --git a/doc/language_issues.en b/doc/language_issues.en index 28eb622a6..ef477b13a 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1533,6 +1533,7 @@ WARNING: untranslated string: proxy reports today = Today WARNING: untranslated string: proxy reports weekly = Weekly reports WARNING: untranslated string: ptr = PTR WARNING: untranslated string: ptr lookup failed = Reverse lookup failed +WARNING: untranslated string: public key = unknown string WARNING: untranslated string: pulse = Pulse WARNING: untranslated string: pulse dial = Pulse dial: WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! diff --git a/doc/language_issues.es b/doc/language_issues.es index 00297e3ec..b77ea1e25 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1077,6 +1077,7 @@ WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Serv WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: password has quotation mark = Password contains an illegal double quotation mark. WARNING: untranslated string: processors = Processors +WARNING: untranslated string: public key = unknown string WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: regenerate host certificate = Renew Host Certificate WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025. diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 2ffa0a8dd..0262b2e4b 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -1025,6 +1025,7 @@ WARNING: untranslated string: ovpn roadwarrior server = OpenVPN Roadwarrior Serv WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: password has quotation mark = Password contains an illegal double quotation mark. WARNING: untranslated string: processors = Processors +WARNING: untranslated string: public key = unknown string WARNING: untranslated string: reg_file_data_sampling = Register File Data Sampling (RFDS) WARNING: untranslated string: routing config added = unknown string WARNING: untranslated string: routing config changed = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index 46f735637..459e8de86 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1287,6 +1287,7 @@ WARNING: untranslated string: pptp route = PPTP Route WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: processors = Processors WARNING: untranslated string: ptr = PTR +WARNING: untranslated string: public key = unknown string WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check diff --git a/doc/language_issues.nl b/doc/language_issues.nl index c1b076dcc..999097cca 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1310,6 +1310,7 @@ WARNING: untranslated string: pptp route = PPTP Route WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: processors = Processors WARNING: untranslated string: ptr = PTR +WARNING: untranslated string: public key = unknown string WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 8bf0fa0db..a47f83697 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1486,6 +1486,7 @@ WARNING: untranslated string: proxy reports monthly = Monthly reports WARNING: untranslated string: proxy reports today = Today WARNING: untranslated string: proxy reports weekly = Weekly reports WARNING: untranslated string: ptr = PTR +WARNING: untranslated string: public key = unknown string WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ diff --git a/doc/language_issues.ru b/doc/language_issues.ru index bce016c27..5cb6b6474 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1479,6 +1479,7 @@ WARNING: untranslated string: proxy reports monthly = Monthly reports WARNING: untranslated string: proxy reports today = Today WARNING: untranslated string: proxy reports weekly = Weekly reports WARNING: untranslated string: ptr = PTR +WARNING: untranslated string: public key = unknown string WARNING: untranslated string: qos enter bandwidths = You will need to enter your downstream and upstream bandwidth! WARNING: untranslated string: rdns = rDNS WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 8dc81778d..f2136be15 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1197,6 +1197,7 @@ WARNING: untranslated string: please reboot to apply your changes = Please reboo WARNING: untranslated string: processor vulnerability mitigations = Processor Vulnerability Mitigations WARNING: untranslated string: processors = Processors WARNING: untranslated string: ptr = PTR +WARNING: untranslated string: public key = unknown string WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’ WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check WARNING: untranslated string: received = Received diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi new file mode 100644 index 000000000..c49f11687 --- /dev/null +++ b/html/cgi-bin/wireguard.cgi @@ -0,0 +1,195 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2024 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +use strict; + +# enable only the following on debugging purpose +use warnings; +use CGI::Carp 'fatalsToBrowser'; + +require "/var/ipfire/general-functions.pl"; +require "${General::swroot}/header.pl"; + +my @errormessages = (); + +# Read the global configuration +my %settings = (); +&General::readhash("/var/ipfire/wireguard/settings", \%settings); + +# Set any defaults +&General::set_defaults(\%settings, { + "ENABLED" => "off", + "PORT" => 51820, +}); + +# Generate keys +&generate_keys(); + +# Fetch CGI parameters +my %cgiparams = (); +&Header::getcgihash(\%cgiparams); + +# Save on main page +if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) { + # Store whether enabled or not + if ($cgiparams{'ENABLED'} =~ m/^(on|off)$/) { + $settings{'ENABLED'} = $cgiparams{'ENABLED'}; + } + + # Check port + if (&General::validport($cgiparams{'PORT'})) { + $settings{'PORT'} = $cgiparams{'PORT'}; + } else { + push(@errormessages, $Lang::tr{'invalid port'}); + } + + # Don't continue on error + goto MAIN if (@errormessages); + + # Store the configuration file + &General::writehash("/var/ipfire/wireguard/settings", \%settings); + + # Start if enabled + if ($settings{'ENABLED'} eq "on") { + &General::system("/usr/local/bin/wireguardctl", "start"); + } else { + &General::system("/usr/local/bin/wireguardctl", "stop"); + } +} + +# The main page starts here +MAIN: + # Send HTTP Headers + &Header::showhttpheaders(); + + # Open the page + &Header::openpage($Lang::tr{'wireguard'}, 1, ''); + + # Show any error messages + &Header::errorbox(@errormessages); + + # Open a box for Global Settings + &Header::openbox('100%', '', $Lang::tr{'global settings'}); + + my %checked = { + "ENABLED" => ($settings{'ENABLED'} eq "on") ? "checked" : "", + }; + + print < + + + + + + + + + + + + + + + + + + + +
$Lang::tr{'enabled'} + +
$Lang::tr{'public key'} + +
$Lang::tr{'port'} + +
+ +
+ +END + + &Header::closebox(); + &Header::closepage(); + +# This function generates a set of keys for this host if none exist +sub generate_keys($) { + my $force = shift || 0; + my @output = (); + + # Reset any previous keys if re-generation forced + if ($force) { + $settings{"PRIVATE_KEY"} = undef; + $settings{"PUBLIC_KEY"} = undef; + } + + # Return if we already have keys + return if (defined $settings{"PRIVATE_KEY"} && defined $settings{"PUBLIC_KEY"}); + + # Generate a new private key + unless (defined $settings{'PRIVATE_KEY'}) { + # Generate a new private key + @output = &General::system_output("wg", "genkey"); + + # Store the key + foreach (@output) { + chomp; + + $settings{"PRIVATE_KEY"} = $_; + last; + } + + # Reset the public key + $settings{"PUBLIC_KEY"} = undef; + } + + # Derive the public key + unless (defined $settings{"PUBLIC_KEY"}) { + # Derive the public key + $settings{"PUBLIC_KEY"} = &derive_public_key($settings{"PRIVATE_KEY"}); + } + + # Store the configuration file + &General::writehash("/var/ipfire/wireguard/settings", \%settings); +} + +sub derive_public_key($) { + my $private_key = shift; + my @output = (); + + # Derive the public key + if (open(STDIN, "-|")) { + @output = &General::system_output("wg", "pubkey"); + } else { + print $private_key . "\n"; + exit (0); + } + + # Return the first line + foreach (@output) { + chomp; + + return $_; + } + + # Return on undefined on error + return undef; +}