From 5a1c02df8973b3acc5c3101a94e86fe6df4b43b6 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 12 Sep 2024 19:39:26 +0200 Subject: [PATCH] firewall: Add WireGuard RW to the UI Signed-off-by: Michael Tremer --- config/cfgroot/general-functions.pl | 8 +++++++ doc/language_issues.de | 1 + doc/language_issues.en | 1 + doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + doc/language_missings | 8 +++++++ html/cgi-bin/firewall.cgi | 33 ++++++++++++++++++++++++----- html/cgi-bin/fwhosts.cgi | 11 ++++++++++ langs/en/cgi-bin/en.pl | 1 + 14 files changed, 65 insertions(+), 5 deletions(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index a86bade53..cc5d9fd81 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -24,6 +24,7 @@ $General::swroot = 'CONFIG_ROOT'; $General::noipprefix = 'noipg-'; require "${General::swroot}/network-functions.pl"; +require "${General::swroot}/wireguard-functions.pl"; # Load the main settings file our %mainsettings = (); @@ -256,6 +257,13 @@ sub setup_default_networks $defaultNetworks->{"IPsec RW (${netaddress}/${prefix})"}{'NET'} = $netaddress; } } + + # WireGuard + if ($Wireguard::settings{'CLIENT_POOL'}) { + my $name = $Lang::tr{'wg rw peers'}; + + $defaultNetworks->{$name}{'NAME'} = "WGRW"; + } } sub get_aliases { diff --git a/doc/language_issues.de b/doc/language_issues.de index 90f9ab1ea..8c3f8b2a0 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -1059,6 +1059,7 @@ WARNING: untranslated string: wg no more free addresses in pool = No more free a WARNING: untranslated string: wg no remote subnets = No remote subnets given WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: winbind daemon = Winbind Daemon diff --git a/doc/language_issues.en b/doc/language_issues.en index c136b8bcd..79ee56307 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -2167,6 +2167,7 @@ WARNING: untranslated string: wg no more free addresses in pool = No more free a WARNING: untranslated string: wg no remote subnets = No remote subnets given WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted diff --git a/doc/language_issues.es b/doc/language_issues.es index 2b2c79f86..bb366eba0 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1126,6 +1126,7 @@ WARNING: untranslated string: wg no more free addresses in pool = No more free a WARNING: untranslated string: wg no remote subnets = No remote subnets given WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted diff --git a/doc/language_issues.fr b/doc/language_issues.fr index fb21be048..14a2e031a 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -1066,6 +1066,7 @@ WARNING: untranslated string: wg no more free addresses in pool = No more free a WARNING: untranslated string: wg no remote subnets = No remote subnets given WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted diff --git a/doc/language_issues.it b/doc/language_issues.it index 5d661aa34..2ae166187 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1412,6 +1412,7 @@ WARNING: untranslated string: wg no more free addresses in pool = No more free a WARNING: untranslated string: wg no remote subnets = No remote subnets given WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 4fcfa89f0..db7272f9f 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1433,6 +1433,7 @@ WARNING: untranslated string: wg no more free addresses in pool = No more free a WARNING: untranslated string: wg no remote subnets = No remote subnets given WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 2fb06b495..19093a22b 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1675,6 +1675,7 @@ WARNING: untranslated string: wg no more free addresses in pool = No more free a WARNING: untranslated string: wg no remote subnets = No remote subnets given WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 17172b90b..b7e599b36 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1668,6 +1668,7 @@ WARNING: untranslated string: wg no more free addresses in pool = No more free a WARNING: untranslated string: wg no remote subnets = No remote subnets given WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted diff --git a/doc/language_issues.tr b/doc/language_issues.tr index d8d081613..16a8bcf7e 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1295,6 +1295,7 @@ WARNING: untranslated string: wg no more free addresses in pool = No more free a WARNING: untranslated string: wg no remote subnets = No remote subnets given WARNING: untranslated string: wg peer configuration = Peer Configuration WARNING: untranslated string: wg peer does not exist = Peer does not exist +WARNING: untranslated string: wg rw peers = WireGuard Roadwarrior Peers WARNING: untranslated string: wg scan the qr code = Scan the QR code to import the WireGuard configuration into a mobile client. WARNING: untranslated string: wg warning configuration only shown once = Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire. WARNING: untranslated string: whitelisted = Whitelisted diff --git a/doc/language_missings b/doc/language_missings index fbf4b43eb..69b38c233 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -142,6 +142,7 @@ < wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg rw peers < wg scan the qr code < wg warning configuration only shown once < winbind daemon @@ -242,6 +243,7 @@ < wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg rw peers < wg scan the qr code < wg warning configuration only shown once < whitelisted @@ -320,6 +322,7 @@ < wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg rw peers < wg scan the qr code < wg warning configuration only shown once < whitelisted @@ -852,6 +855,7 @@ < wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg rw peers < wg scan the qr code < wg warning configuration only shown once < whitelisted @@ -1460,6 +1464,7 @@ < wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg rw peers < wg scan the qr code < wg warning configuration only shown once < whitelisted @@ -2484,6 +2489,7 @@ < wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg rw peers < wg scan the qr code < wg warning configuration only shown once < whitelisted @@ -3545,6 +3551,7 @@ < wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg rw peers < wg scan the qr code < wg warning configuration only shown once < whitelisted @@ -3983,6 +3990,7 @@ < wg peer configuration < wg peer does not exist < wg pre-shared key (optional) +< wg rw peers < wg scan the qr code < wg warning configuration only shown once < whitelisted diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index e87a7fed0..f7cd1899d 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -33,6 +33,7 @@ no warnings 'uninitialized'; require '/var/ipfire/general-functions.pl'; require '/var/ipfire/network-functions.pl'; +require '/var/ipfire/wireguard-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "${General::swroot}/location-functions.pl"; @@ -875,8 +876,14 @@ sub checkrule $hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr
"; } }else{ + $errormessage .= $sip; + $errormessage .= $scidr; + + $errormessage .= $tip; + $errormessage .= $tcidr; + if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){ - $errormessage.=$Lang::tr{'fwdfw err samesub'}; + $errormessage.=$Lang::tr{'fwdfw err samesub'} . $fwdfwsettings{'grp1'} .$fwdfwsettings{$fwdfwsettings{'grp1'}} . $fwdfwsettings{'grp2'} . $fwdfwsettings{$fwdfwsettings{'grp2'}}; } } } @@ -1261,19 +1268,23 @@ sub get_ip if ($fwdfwsettings{$grp} eq $val.'_addr'){ ($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}}); }elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){ - if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){ + if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "GREEN"){ $a=$netsettings{'GREEN_NETADDRESS'}; $b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'}); - }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){ + }elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "ORANGE"){ $a=$netsettings{'ORANGE_NETADDRESS'}; $b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'}); - }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){ + }elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "BLUE"){ $a=$netsettings{'BLUE_NETADDRESS'}; $b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'}); - }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){ + }elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "OpenVPN-Dyn"){ &General::readhash("$configovpn",\%ovpnsettings); ($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'}); $b=&General::iporsubtocidr($b); + + # WireGuard + } elsif ($fwdfwsettings{$fwdfwsettings{$grp}} eq "WGRW") { + return $Wireguard::settings{'CLIENT_POOL'}; } }elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){ &General::readhasharray("$confignet", \%customnetwork); @@ -1424,6 +1435,9 @@ sub getcolor }elsif ($val eq 'IPsec RW' ){ $tdcolor="style='background-color: $Header::colourvpn;color:white;'"; return; + }elsif ($val eq "WGRW") { + $tdcolor="style='background-color: $Header::colourwg; color: white;'"; + return; }elsif($val =~ /^(.*?)\/(.*?)$/){ my ($sip,$scidr) = split ("/",$val); if ( &Header::orange_used() && &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){ @@ -1490,6 +1504,14 @@ sub getcolor } } } + + # WireGuard Roadwarrior + if ($Wireguard::settings{'CLIENT_POOL'}) { + if (&Network::ip_address_in_network($c, $Wireguard::settings{'CLIENT_POOL'})) { + $tdcolor="style='background-color: $Header::colourwg; color:white;'"; + return; + } + } } #VPN networks if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){ @@ -1500,6 +1522,7 @@ sub getcolor $tdcolor="style='background-color: $Header::colourvpn;color:white;'"; return; } + #ALIASE foreach my $alias (sort keys %aliases) { diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index d29940b8d..bbe2acc3c 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -1973,6 +1973,14 @@ sub getcolor $tdcolor="$c"; return $tdcolor; } + + # WireGuard Roadwarrior + if ($Wireguard::settings{'CLIENT_POOL'}) { + if (&Network::ip_address_in_network($sip, $Wireguard::settings{'CLIENT_POOL'})) { + return "$c" + } + } + #Check if IP is part of OpenVPN N2N subnet foreach my $key (sort keys %ccdhost){ if ($ccdhost{$key}[3] eq 'net'){ @@ -3055,6 +3063,9 @@ sub getipforgroup &General::readhash("${General::swroot}/ethernet/settings",\%hash); return $hash{'ORANGE_NETADDRESS'}."/".&Network::convert_netmask2prefix($hash{'ORANGE_NETMASK'}) || $hash{'ORANGE_NETMASK'}; } + if ($name eq "WGRW") { + return $Wireguard::settings{'CLIENT_POOL'}; + } if ($name eq 'ALL'){ return "0.0.0.0/0"; } diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 220d99c7b..8763b2c7c 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -3066,6 +3066,7 @@ 'wg peer configuration' => 'Peer Configuration', 'wg peer does not exist' => 'Peer does not exist', 'wg pre-shared key (optional)' => 'Pre-Shared Key (optional)', +'wg rw peers' => 'WireGuard Roadwarrior Peers', 'wg scan the qr code' => 'Scan the QR code to import the WireGuard configuration into a mobile client.', 'wg warning configuration only shown once' => 'Attention: This WireGuard configuration file will only be shown this one time as it contains private key material that is not being stored on IPFire.', 'whitelisted' => 'Whitelisted', -- 2.39.5