From: Michael Tremer Date: Thu, 25 Apr 2024 15:14:27 +0000 (+0200) Subject: wireguard.cgi: Show client configuration after creating a client X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c0cddfa6feb95c13cdd84ea68253c5f025801d45;p=people%2Fstevee%2Fipfire-2.x.git wireguard.cgi: Show client configuration after creating a client Signed-off-by: Michael Tremer --- diff --git a/doc/language_issues.de b/doc/language_issues.de index b45fd1778..b2e03ec38 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -1034,6 +1034,7 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: smb daemon = SMB Daemon WARNING: untranslated string: subscription code = Subscription code WARNING: untranslated string: user management = User Management +WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File WARNING: untranslated string: wg client pool = Client Pool WARNING: untranslated string: wg create peer = Create A New Peer WARNING: untranslated string: wg edit peer = Edit Peer @@ -1050,7 +1051,9 @@ WARNING: untranslated string: wg keepalive interval = Keepalive Interval WARNING: untranslated string: wg name is already used = The name is already in use WARNING: untranslated string: wg no local subnets = No local subnets given WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: winbind daemon = Winbind Daemon WARNING: untranslated string: wio = unknown string WARNING: untranslated string: wio checked = unknown string diff --git a/doc/language_issues.en b/doc/language_issues.en index cc6c3de56..0714a8cd3 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -2141,6 +2141,7 @@ WARNING: untranslated string: web server = Web Server WARNING: untranslated string: website = Website WARNING: untranslated string: wednesday = Wednesday WARNING: untranslated string: weeks = Weeks +WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File WARNING: untranslated string: wg client pool = Client Pool WARNING: untranslated string: wg create peer = Create A New Peer WARNING: untranslated string: wg edit peer = Edit Peer @@ -2157,7 +2158,9 @@ WARNING: untranslated string: wg keepalive interval = Keepalive Interval WARNING: untranslated string: wg name is already used = The name is already in use WARNING: untranslated string: wg no local subnets = No local subnets given WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_issues.es b/doc/language_issues.es index 4ca0d4fd9..f9cbc9a6e 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1101,6 +1101,7 @@ WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: total = Total WARNING: untranslated string: transport mode does not support vti = VTI is not support in transport mode WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File WARNING: untranslated string: wg client pool = Client Pool WARNING: untranslated string: wg create peer = Create A New Peer WARNING: untranslated string: wg edit peer = Edit Peer @@ -1117,7 +1118,9 @@ WARNING: untranslated string: wg keepalive interval = Keepalive Interval WARNING: untranslated string: wg name is already used = The name is already in use WARNING: untranslated string: wg no local subnets = No local subnets given WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: wio = unknown string WARNING: untranslated string: wio checked = unknown string diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 3e3b6096e..d0545fc34 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -1041,6 +1041,7 @@ WARNING: untranslated string: system time = System Time (as of last page load) WARNING: untranslated string: timeformat = %Y-%m-%d at %H:%M:%S %Z WARNING: untranslated string: total = Total WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File WARNING: untranslated string: wg client pool = Client Pool WARNING: untranslated string: wg create peer = Create A New Peer WARNING: untranslated string: wg edit peer = Edit Peer @@ -1057,7 +1058,9 @@ WARNING: untranslated string: wg keepalive interval = Keepalive Interval WARNING: untranslated string: wg name is already used = The name is already in use WARNING: untranslated string: wg no local subnets = No local subnets given WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: wio = unknown string WARNING: untranslated string: wio checked = unknown string diff --git a/doc/language_issues.it b/doc/language_issues.it index 30226d1a1..482546b51 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1387,6 +1387,7 @@ WARNING: untranslated string: vpn weak = Weak WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File WARNING: untranslated string: wg client pool = Client Pool WARNING: untranslated string: wg create peer = Create A New Peer WARNING: untranslated string: wg edit peer = Edit Peer @@ -1403,7 +1404,9 @@ WARNING: untranslated string: wg keepalive interval = Keepalive Interval WARNING: untranslated string: wg name is already used = The name is already in use WARNING: untranslated string: wg no local subnets = No local subnets given WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 14f92a8f1..125211290 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1408,6 +1408,7 @@ WARNING: untranslated string: vpn weak = Weak WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File WARNING: untranslated string: wg client pool = Client Pool WARNING: untranslated string: wg create peer = Create A New Peer WARNING: untranslated string: wg edit peer = Edit Peer @@ -1424,7 +1425,9 @@ WARNING: untranslated string: wg keepalive interval = Keepalive Interval WARNING: untranslated string: wg name is already used = The name is already in use WARNING: untranslated string: wg no local subnets = No local subnets given WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 7d92546b4..2b3a9f3b8 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1650,6 +1650,7 @@ WARNING: untranslated string: vpn weak = Weak WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File WARNING: untranslated string: wg client pool = Client Pool WARNING: untranslated string: wg create peer = Create A New Peer WARNING: untranslated string: wg edit peer = Edit Peer @@ -1666,7 +1667,9 @@ WARNING: untranslated string: wg keepalive interval = Keepalive Interval WARNING: untranslated string: wg name is already used = The name is already in use WARNING: untranslated string: wg no local subnets = No local subnets given WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 4e6b60db8..15af06525 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1643,6 +1643,7 @@ WARNING: untranslated string: vpn weak = Weak WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File WARNING: untranslated string: wg client pool = Client Pool WARNING: untranslated string: wg create peer = Create A New Peer WARNING: untranslated string: wg edit peer = Edit Peer @@ -1659,7 +1660,9 @@ WARNING: untranslated string: wg keepalive interval = Keepalive Interval WARNING: untranslated string: wg name is already used = The name is already in use WARNING: untranslated string: wg no local subnets = No local subnets given WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 4feea2d53..1cb9134dd 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1270,6 +1270,7 @@ WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: warning = Warning +WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File WARNING: untranslated string: wg client pool = Client Pool WARNING: untranslated string: wg create peer = Create A New Peer WARNING: untranslated string: wg edit peer = Edit Peer @@ -1286,7 +1287,9 @@ WARNING: untranslated string: wg keepalive interval = Keepalive Interval WARNING: untranslated string: wg name is already used = The name is already in use WARNING: untranslated string: wg no local subnets = No local subnets given WARNING: untranslated string: wg no remote subnets = No remote subnets given +WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_missings b/doc/language_missings index 6a6226cc5..9e2df8913 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -115,6 +115,7 @@ < user management < vpn configuration main < wg +< wg client configuration file < wg client pool < wg create peer < wg edit peer @@ -131,8 +132,10 @@ < wg name is already used < wg no local subnets < wg no remote subnets +< wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg warning configuration only shown once < winbind daemon < wireguard < wlanap 802.11w disabled @@ -202,6 +205,7 @@ < transport mode does not support vti < warning < wg +< wg client configuration file < wg client pool < wg create peer < wg edit peer @@ -218,8 +222,10 @@ < wg name is already used < wg no local subnets < wg no remote subnets +< wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg warning configuration only shown once < whitelisted < wireguard < wlanap @@ -267,6 +273,7 @@ < upload fcdsl.o < warning < wg +< wg client configuration file < wg client pool < wg create peer < wg edit peer @@ -283,8 +290,10 @@ < wg name is already used < wg no local subnets < wg no remote subnets +< wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg warning configuration only shown once < whitelisted < wireguard < wlanap hide ssid @@ -786,6 +795,7 @@ < warning < Weekly < wg +< wg client configuration file < wg client pool < wg create peer < wg edit peer @@ -802,8 +812,10 @@ < wg name is already used < wg no local subnets < wg no remote subnets +< wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg warning configuration only shown once < whitelisted < whois results from < winbind daemon @@ -1381,6 +1393,7 @@ < warning < Weekly < wg +< wg client configuration file < wg client pool < wg create peer < wg edit peer @@ -1397,8 +1410,10 @@ < wg name is already used < wg no local subnets < wg no remote subnets +< wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg warning configuration only shown once < whitelisted < whois results from < winbind daemon @@ -2392,6 +2407,7 @@ < warning < Weekly < wg +< wg client configuration file < wg client pool < wg create peer < wg edit peer @@ -2408,8 +2424,10 @@ < wg name is already used < wg no local subnets < wg no remote subnets +< wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg warning configuration only shown once < whitelisted < whois results from < winbind daemon @@ -3440,6 +3458,7 @@ < week-graph < Weekly < wg +< wg client configuration file < wg client pool < wg create peer < wg edit peer @@ -3456,8 +3475,10 @@ < wg name is already used < wg no local subnets < wg no remote subnets +< wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg warning configuration only shown once < whitelisted < whois results from < winbind daemon @@ -3865,6 +3886,7 @@ < warning < Weekly < wg +< wg client configuration file < wg client pool < wg create peer < wg edit peer @@ -3881,8 +3903,10 @@ < wg name is already used < wg no local subnets < wg no remote subnets +< wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg warning configuration only shown once < whitelisted < whois results from < winbind daemon diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi index 057c7c1a7..e8d33b486 100644 --- a/html/cgi-bin/wireguard.cgi +++ b/html/cgi-bin/wireguard.cgi @@ -272,6 +272,7 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) { } elsif ($cgiparams{"ACTION"} eq "SAVE-PEER-HOST") { my @local_subnets = (); + my $private_key; # Fetch or allocate a new key my $key = $cgiparams{'KEY'} || &General::findhasharraykey(\%peers); @@ -305,21 +306,24 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) { # If there are any errors, we go back to the editor goto EDITHOST if (scalar @errormessages); - # Fetch some configuration parts - if (exists $peers{$key}) { - $cgiparams{"PUBLIC_KEY"} = $peers{$key}[3]; - $cgiparams{"PSK"} = $peers{$key}[9]; + # Is this a new connection? + my $is_new = !exists $peers{$key}; - # Set some things if we are creating a new peer - } else { + # Generate things for a new peer + if ($is_new) { # Generate a new private key - my $private_key = &generate_private_key(); + $private_key = &generate_private_key(); # Derive the public key $cgiparams{"PUBLIC_KEY"} = &derive_public_key($private_key); # Generate a new PSK $cgiparams{"PSK"} = &generate_private_key(); + + # Fetch some configuration parts + } else { + $cgiparams{"PUBLIC_KEY"} = $peers{$key}[3]; + $cgiparams{"PSK"} = $peers{$key}[9]; } # Save the connection @@ -356,6 +360,9 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) { &General::system("/usr/local/bin/wireguardctrl", "reload"); } + # Show the client configuration when creating a new peer + &show_peer_configuration($key, $private_key) if ($is_new); + } elsif ($cgiparams{"ACTION"} eq $Lang::tr{'add'}) { if ($cgiparams{"TYPE"} eq "net") { goto EDITNET; @@ -867,6 +874,52 @@ END exit(0); +sub show_peer_configuration($$) { + my $key = shift; + my $private_key = shift; + + # Send HTTP Headers + &Header::showhttpheaders(); + + # Open the page + &Header::openpage($Lang::tr{'wireguard'}, 1, ''); + + # Load the configuration + my %peer = ( + "NAME" => $peers{$key}[2], + "PUBLIC_KEY" => $peers{$key}[3], + "CLIENT_ADDRESS" => $peers{$key}[6], + "LOCAL_SUBNETS" => &decode_subnets($peers{$key}[8]), + "PSK" => $peers{$key}[9], + + # Other stuff + "PRIVATE_KEY" => $private_key, + ); + + # Generate the client configuration + my $config = &generate_client_configuration(\%peer); + + # Open a new box + &Header::openbox('100%', '', "$Lang::tr{'wg peer configuration'}: $peer{'NAME'}"); + + print <$Lang::tr{'wg client configuration file'} + + 
$config
+END
+
+	&Header::closebox();
+
+	# Show a note that this configuration cannot be shown again
+	&Header::errorbox((
+		$Lang::tr{'wg warning configuration only shown once'},
+	));
+
+	&Header::closepage();
+
+	exit(0);
+}
+
 # This function generates a set of keys for this host if none exist
 sub generate_keys($) {
 	my $force = shift || 0;
@@ -1078,3 +1131,23 @@ sub pool_is_in_use($) {
 	# No match found
 	return 0;
 }
+
+sub generate_client_configuration($) {
+	my $peer = shift;
+
+	my @conf = (
+		"[Interface]",
+		"PrivateKey = $peer->{'PRIVATE_KEY'}",
+		"Address = $peer->{'CLIENT_ADDRESS'}",
+		"",
+
+		"[Peer]",
+		"Endpoint = $General::main{'HOSTNAME'}.$General::main{'DOMAINNAME'}",
+		"PublicKey = $settings{'PUBLIC_KEY'}",
+		"PresharedKey = $peer->{'PSK'}",
+		"AllowedIPs = $peer->{'LOCAL_SUBNETS'}",
+		"PersistentKeepalive = $DEFAULT_KEEPALIVE",
+	);
+
+	return join("\n", @conf);
+}
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 0567e4dc8..cf82ff8d2 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -3038,6 +3038,7 @@
 'weekly firewallhits' => 'weekly firewallhits',
 'weeks' => 'Weeks',
 'wg' => 'WireGuard',
+'wg client configuration file' => 'WireGuard Client Configuration File',
 'wg client pool' => 'Client Pool',
 'wg create peer' => 'Create A New Peer',
 'wg edit peer' => 'Edit Peer',
@@ -3054,8 +3055,10 @@
 'wg name is already used' => 'The name is already in use',
 'wg no local subnets' => 'No local subnets given',
 'wg no remote subnets' => 'No remote subnets given',
+'wg peer configuration' => 'Peer Configuration',
 'wg peer does not exist' => 'Peer does not exist',
 'wg pre-shared key (optional)' => 'Pre-Shared Key (optional)',
+'wg warning configuration only shown once' => 'Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.',
 'whitelisted' => 'Whitelisted',
 'whois results from' => 'WHOIS results from',
 'wildcards' => 'Wildcards',