From: Michael Tremer Date: Fri, 20 Sep 2024 15:12:26 +0000 (+0200) Subject: wireguard.cgi: Allow to configure a custom endpoint X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b611b775dd1780cb59c8fde77f7ebb8722b79ecd;p=people%2Fms%2Fipfire-2.x.git wireguard.cgi: Allow to configure a custom endpoint Signed-off-by: Michael Tremer --- diff --git a/config/cfgroot/wireguard-functions.pl b/config/cfgroot/wireguard-functions.pl index 7e237c88c..366d4c19d 100644 --- a/config/cfgroot/wireguard-functions.pl +++ b/config/cfgroot/wireguard-functions.pl @@ -317,11 +317,13 @@ sub generate_client_configuration($) { push(@allowed_ips, "${netaddress}/${prefix}"); } - # Build the FQDN of the firewall - my $fqdn = join(".", ( - $General::mainsettings{'HOSTNAME'}, - $General::mainsettings{'DOMAINNAME'}, - )); + my $endpoint = $settings{'ENDPOINT'}; + + # If no endpoint is set, we fall back to the FQDN of the firewall + if ($endpoint eq "") { + $endpoint = $General::mainsettings{'HOSTNAME'} . "." . $General::mainsettings{'DOMAINNAME'}; + } + my $port = $settings{'PORT'}; # Fetch any DNS servers @@ -344,7 +346,7 @@ sub generate_client_configuration($) { # Add peer configuration push(@conf, ( "[Peer]", - "Endpoint = ${fqdn}:${port}", + "Endpoint = ${endpoint}:${port}", "PublicKey = $settings{'PUBLIC_KEY'}", "PresharedKey = $peer->{'PSK'}", "AllowedIPs = " . join(", ", @allowed_ips), diff --git a/doc/language_issues.en b/doc/language_issues.en index 79ee56307..8268b9e8a 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1099,6 +1099,7 @@ WARNING: untranslated string: invalid characters found in pre-shared key = Inval WARNING: untranslated string: invalid default lease time = Invalid default lease time. WARNING: untranslated string: invalid domain name = Invalid domain name. WARNING: untranslated string: invalid end address = Invalid end address. +WARNING: untranslated string: invalid endpoint = Invalid Endpoint WARNING: untranslated string: invalid fixed ip address = Invalid fixed IP address WARNING: untranslated string: invalid fixed mac address = Invalid fixed MAC address WARNING: untranslated string: invalid hostname = Invalid hostname. diff --git a/doc/language_issues.es b/doc/language_issues.es index bb366eba0..23da45c89 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1067,6 +1067,7 @@ WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: ids provider eol = (EOL) WARNING: untranslated string: ids rulesets = Rulesets WARNING: untranslated string: info messages = unknown string +WARNING: untranslated string: invalid endpoint = Invalid Endpoint WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname WARNING: untranslated string: ips throughput = Throughput WARNING: untranslated string: last updated = Last Updated diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 14a2e031a..c1baa4abc 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -1021,6 +1021,7 @@ WARNING: untranslated string: guardian service = unknown string WARNING: untranslated string: hostile networks total = Total Hostile Networks WARNING: untranslated string: ids provider eol = (EOL) WARNING: untranslated string: ids rulesets = Rulesets +WARNING: untranslated string: invalid endpoint = Invalid Endpoint WARNING: untranslated string: ips throughput = Throughput WARNING: untranslated string: last updated = Last Updated WARNING: untranslated string: load average = Load Average diff --git a/doc/language_issues.it b/doc/language_issues.it index 2ae166187..c6a5b17fc 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1181,6 +1181,7 @@ WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: inodes = Index-Nodes WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System +WARNING: untranslated string: invalid endpoint = Invalid Endpoint WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout WARNING: untranslated string: invalid input for interface address = Invalid input for interface address WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode diff --git a/doc/language_issues.nl b/doc/language_issues.nl index db7272f9f..f040045b3 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1188,6 +1188,7 @@ WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: inodes = Index-Nodes WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System +WARNING: untranslated string: invalid endpoint = Invalid Endpoint WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout WARNING: untranslated string: invalid input for interface address = Invalid input for interface address WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 19093a22b..8663a1d6f 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1328,6 +1328,7 @@ WARNING: untranslated string: inodes = Index-Nodes WARNING: untranslated string: integrity = Integrity: WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System +WARNING: untranslated string: invalid endpoint = Invalid Endpoint WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout diff --git a/doc/language_issues.ru b/doc/language_issues.ru index b7e599b36..133b71e4c 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1324,6 +1324,7 @@ WARNING: untranslated string: inodes = Index-Nodes WARNING: untranslated string: integrity = Integrity: WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System +WARNING: untranslated string: invalid endpoint = Invalid Endpoint WARNING: untranslated string: invalid input for dpd delay = Invalid input for DPD delay WARNING: untranslated string: invalid input for dpd timeout = Invalid input for DPD timeout WARNING: untranslated string: invalid input for inactivity timeout = Invalid input for Inactivity Timeout diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 16a8bcf7e..844f4835f 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1120,6 +1120,7 @@ WARNING: untranslated string: info messages = unknown string WARNING: untranslated string: inodes = Index-Nodes WARNING: untranslated string: interface mode = Interface WARNING: untranslated string: intrusion prevention system = Intrusion Prevention System +WARNING: untranslated string: invalid endpoint = Invalid Endpoint WARNING: untranslated string: invalid input for interface address = Invalid input for interface address WARNING: untranslated string: invalid input for interface mode = Invalid input for interface mode WARNING: untranslated string: invalid input for interface mtu = Invalid input to interface MTU diff --git a/doc/language_missings b/doc/language_missings index 69b38c233..459be4689 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -187,6 +187,7 @@ < ids provider eol < ids rulesets < ids unsupported provider +< invalid endpoint < invalid ip or hostname < ips throughput < last updated @@ -276,6 +277,7 @@ < ids provider eol < ids rulesets < ids unsupported provider +< invalid endpoint < ips throughput < last updated < load average @@ -607,6 +609,7 @@ < inodes < interface mode < intrusion prevention system +< invalid endpoint < invalid input for inactivity timeout < invalid input for interface address < invalid input for interface mode @@ -1198,6 +1201,7 @@ < inodes < interface mode < intrusion prevention system +< invalid endpoint < invalid input for inactivity timeout < invalid input for interface address < invalid input for interface mode @@ -2093,6 +2097,7 @@ < integrity < interface mode < intrusion prevention system +< invalid endpoint < invalid input for dpd delay < invalid input for dpd timeout < invalid input for inactivity timeout @@ -3156,6 +3161,7 @@ < integrity < interface mode < intrusion prevention system +< invalid endpoint < invalid input for dpd delay < invalid input for dpd timeout < invalid input for inactivity timeout @@ -3803,6 +3809,7 @@ < inodes < interface mode < intrusion prevention system +< invalid endpoint < invalid input for interface address < invalid input for interface mode < invalid input for interface mtu diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi index 2f244804b..a626358ec 100644 --- a/html/cgi-bin/wireguard.cgi +++ b/html/cgi-bin/wireguard.cgi @@ -50,6 +50,13 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) { $Wireguard::settings{'ENABLED'} = $cgiparams{'ENABLED'}; } + # Check endpoint + if (&General::validfqdn($cgiparams{'ENDPOINT'}) || &Network::check_ip_address($cgiparams{'ENDPOINT'}) || ($cgiparams{'ENDPOINT'} eq '')) { + $Wireguard::settings{'ENDPOINT'} = $cgiparams{'ENDPOINT'}; + } else { + push(@errormessages, $Lang::tr{'invalid endpoint'}); + } + # Check port if (&General::validport($cgiparams{'PORT'})) { $Wireguard::settings{'PORT'} = $cgiparams{'PORT'}; @@ -449,6 +456,13 @@ MAIN: + + $Lang::tr{'endpoint'} + + + + + $Lang::tr{'public key'} diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 35d5bfa13..b175f4f6c 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1471,6 +1471,7 @@ 'invalid domain name' => 'Ungültiger Domainname.', 'invalid downlink speed' => 'Ungültige Downlink-Gerschwindigkeit.', 'invalid end address' => 'Ungültige Endadresse.', +'invalid endpoint' => 'Ungültige Gegenstelle', 'invalid fixed ip address' => 'Ungültige feste IP-Adresse', 'invalid fixed mac address' => 'Ungültige feste MAC-Adresse', 'invalid hostname' => 'Ungültiger Hostname.', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 8763b2c7c..93479b820 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1529,6 +1529,7 @@ 'invalid domain name' => 'Invalid domain name.', 'invalid downlink speed' => 'Invalid downlink speed.', 'invalid end address' => 'Invalid end address.', +'invalid endpoint' => 'Invalid Endpoint', 'invalid fixed ip address' => 'Invalid fixed IP address', 'invalid fixed mac address' => 'Invalid fixed MAC address', 'invalid hostname' => 'Invalid hostname.',