From ca479eb8bfdd6d1c154c8bea1b823fd940727533 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 25 Apr 2024 19:50:45 +0200
Subject: [PATCH] wireguard.cgi: Implement DNS configuration for clients

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.de     |  3 +++
 doc/language_issues.en     |  3 +++
 doc/language_issues.es     |  3 +++
 doc/language_issues.fr     |  3 +++
 doc/language_issues.it     |  3 +++
 doc/language_issues.nl     |  3 +++
 doc/language_issues.pl     |  3 +++
 doc/language_issues.ru     |  3 +++
 doc/language_issues.tr     |  3 +++
 doc/language_missings      | 24 ++++++++++++++++++
 html/cgi-bin/wireguard.cgi | 52 +++++++++++++++++++++++++++++++++++---
 langs/en/cgi-bin/en.pl     |  3 +++
 12 files changed, 102 insertions(+), 4 deletions(-)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 1dc31d6e7..3e61e176b 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -1038,7 +1038,10 @@ WARNING: untranslated string: user management = User Management
 WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File
 WARNING: untranslated string: wg client pool = Client Pool
 WARNING: untranslated string: wg create peer = Create A New Peer
+WARNING: untranslated string: wg dns = DNS
 WARNING: untranslated string: wg edit peer = Edit Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
 WARNING: untranslated string: wg invalid client pool = Invalid client pool
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 49d51e046..0a81010b2 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -2145,7 +2145,10 @@ WARNING: untranslated string: weeks = Weeks
 WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File
 WARNING: untranslated string: wg client pool = Client Pool
 WARNING: untranslated string: wg create peer = Create A New Peer
+WARNING: untranslated string: wg dns = DNS
 WARNING: untranslated string: wg edit peer = Edit Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
 WARNING: untranslated string: wg invalid client pool = Invalid client pool
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 9e6ce3b90..2d9a925b2 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1105,7 +1105,10 @@ WARNING: untranslated string: warning = Warning
 WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File
 WARNING: untranslated string: wg client pool = Client Pool
 WARNING: untranslated string: wg create peer = Create A New Peer
+WARNING: untranslated string: wg dns = DNS
 WARNING: untranslated string: wg edit peer = Edit Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
 WARNING: untranslated string: wg invalid client pool = Invalid client pool
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index f87f98eb7..0ccbe945f 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -1045,7 +1045,10 @@ WARNING: untranslated string: warning = Warning
 WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File
 WARNING: untranslated string: wg client pool = Client Pool
 WARNING: untranslated string: wg create peer = Create A New Peer
+WARNING: untranslated string: wg dns = DNS
 WARNING: untranslated string: wg edit peer = Edit Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
 WARNING: untranslated string: wg invalid client pool = Invalid client pool
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
diff --git a/doc/language_issues.it b/doc/language_issues.it
index e47ac4624..0fe19599d 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1391,7 +1391,10 @@ WARNING: untranslated string: warning = Warning
 WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File
 WARNING: untranslated string: wg client pool = Client Pool
 WARNING: untranslated string: wg create peer = Create A New Peer
+WARNING: untranslated string: wg dns = DNS
 WARNING: untranslated string: wg edit peer = Edit Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
 WARNING: untranslated string: wg invalid client pool = Invalid client pool
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 832bb3805..87c69961d 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1412,7 +1412,10 @@ WARNING: untranslated string: warning = Warning
 WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File
 WARNING: untranslated string: wg client pool = Client Pool
 WARNING: untranslated string: wg create peer = Create A New Peer
+WARNING: untranslated string: wg dns = DNS
 WARNING: untranslated string: wg edit peer = Edit Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
 WARNING: untranslated string: wg invalid client pool = Invalid client pool
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index b60fc6e4f..cb25ad7ea 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1654,7 +1654,10 @@ WARNING: untranslated string: warning = Warning
 WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File
 WARNING: untranslated string: wg client pool = Client Pool
 WARNING: untranslated string: wg create peer = Create A New Peer
+WARNING: untranslated string: wg dns = DNS
 WARNING: untranslated string: wg edit peer = Edit Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
 WARNING: untranslated string: wg invalid client pool = Invalid client pool
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 28e43001a..ee2eb4edd 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1647,7 +1647,10 @@ WARNING: untranslated string: warning = Warning
 WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File
 WARNING: untranslated string: wg client pool = Client Pool
 WARNING: untranslated string: wg create peer = Create A New Peer
+WARNING: untranslated string: wg dns = DNS
 WARNING: untranslated string: wg edit peer = Edit Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
 WARNING: untranslated string: wg invalid client pool = Invalid client pool
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index e1c8027ce..77b1cb12c 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1274,7 +1274,10 @@ WARNING: untranslated string: warning = Warning
 WARNING: untranslated string: wg client configuration file = WireGuard Client Configuration File
 WARNING: untranslated string: wg client pool = Client Pool
 WARNING: untranslated string: wg create peer = Create A New Peer
+WARNING: untranslated string: wg dns = DNS
 WARNING: untranslated string: wg edit peer = Edit Peer
+WARNING: untranslated string: wg host to net client settings = Host-To-Net Client Settings
+WARNING: untranslated string: wg invalid client dns = Invalid client DNS address
 WARNING: untranslated string: wg invalid client pool = Invalid client pool
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
diff --git a/doc/language_missings b/doc/language_missings
index 5d363fe71..66f31028e 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -119,7 +119,10 @@
 < wg client configuration file
 < wg client pool
 < wg create peer
+< wg dns
 < wg edit peer
+< wg host to net client settings
+< wg invalid client dns
 < wg invalid client pool
 < wg invalid endpoint address
 < wg invalid endpoint port
@@ -212,7 +215,10 @@
 < wg client configuration file
 < wg client pool
 < wg create peer
+< wg dns
 < wg edit peer
+< wg host to net client settings
+< wg invalid client dns
 < wg invalid client pool
 < wg invalid endpoint address
 < wg invalid endpoint port
@@ -283,7 +289,10 @@
 < wg client configuration file
 < wg client pool
 < wg create peer
+< wg dns
 < wg edit peer
+< wg host to net client settings
+< wg invalid client dns
 < wg invalid client pool
 < wg invalid endpoint address
 < wg invalid endpoint port
@@ -808,7 +817,10 @@
 < wg client configuration file
 < wg client pool
 < wg create peer
+< wg dns
 < wg edit peer
+< wg host to net client settings
+< wg invalid client dns
 < wg invalid client pool
 < wg invalid endpoint address
 < wg invalid endpoint port
@@ -1409,7 +1421,10 @@
 < wg client configuration file
 < wg client pool
 < wg create peer
+< wg dns
 < wg edit peer
+< wg host to net client settings
+< wg invalid client dns
 < wg invalid client pool
 < wg invalid endpoint address
 < wg invalid endpoint port
@@ -2426,7 +2441,10 @@
 < wg client configuration file
 < wg client pool
 < wg create peer
+< wg dns
 < wg edit peer
+< wg host to net client settings
+< wg invalid client dns
 < wg invalid client pool
 < wg invalid endpoint address
 < wg invalid endpoint port
@@ -3480,7 +3498,10 @@
 < wg client configuration file
 < wg client pool
 < wg create peer
+< wg dns
 < wg edit peer
+< wg host to net client settings
+< wg invalid client dns
 < wg invalid client pool
 < wg invalid endpoint address
 < wg invalid endpoint port
@@ -3911,7 +3932,10 @@
 < wg client configuration file
 < wg client pool
 < wg create peer
+< wg dns
 < wg edit peer
+< wg host to net client settings
+< wg invalid client dns
 < wg invalid client pool
 < wg invalid endpoint address
 < wg invalid endpoint port
diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi
index bcc51a7b6..8b62bfedc 100644
--- a/html/cgi-bin/wireguard.cgi
+++ b/html/cgi-bin/wireguard.cgi
@@ -47,8 +47,9 @@ my %peers = ();
 
 # Set any defaults
 &General::set_defaults(\%settings, {
-	"ENABLED" => "off",
-	"PORT"    => $DEFAULT_PORT,
+	"ENABLED"    => "off",
+	"PORT"       => $DEFAULT_PORT,
+	"CLIENT_DNS" => $Network::ethernet{'GREEN_ADDRESS'},
 });
 
 # Generate keys
@@ -60,6 +61,8 @@ my %cgiparams = ();
 
 # Save on main page
 if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
+	my @client_dns = ();
+
 	# Store whether enabled or not
 	if ($cgiparams{'ENABLED'} =~ m/^(on|off)?$/) {
 		$settings{'ENABLED'} = $cgiparams{'ENABLED'};
@@ -81,6 +84,20 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
 		push(@errormessages, $Lang::tr{'wg invalid client pool'});
 	}
 
+	# Check client DNS
+	if (defined $cgiparams{'CLIENT_DNS'}) {
+		@client_dns = split(/,/, $cgiparams{'CLIENT_DNS'});
+
+		foreach my $dns (@client_dns) {
+			unless (&Network::check_ip_address($dns)) {
+				push(@errormessages, "$Lang::tr{'wg invalid client dns'}: ${dns}");
+			}
+		}
+
+		# Store CLIENT_DNS
+		$settings{'CLIENT_DNS'} = join("|", @client_dns);
+	}
+
 	# Don't continue on error
 	goto MAIN if (scalar @errormessages);
 
@@ -418,6 +435,8 @@ MAIN:
 		"CLIENT_POOL" => (&pool_is_in_use($settings{'CLIENT_POOL'}) ? "readonly" : ""),
 	);
 
+	my $client_dns = $settings{'CLIENT_DNS'} =~ s/\|/, /gr;
+
 	print <<END;
 		<form method="POST" action="">
 			<table class="form">
@@ -442,7 +461,11 @@ MAIN:
 							min="1024" max="65535" />
 					</td>
 				</tr>
+			</table>
 
+			<h6>$Lang::tr{'wg host to net client settings'}</h6>
+
+			<table class="form">
 				<tr>
 					<td>$Lang::tr{'wg client pool'}</td>
 					<td>
@@ -451,6 +474,14 @@ MAIN:
 					</td>
 				</tr>
 
+				<tr>
+					<td>$Lang::tr{'wg dns'}</td>
+					<td>
+						<input type="text" name="CLIENT_DNS"
+							value="$client_dns" />
+					</td>
+				</tr>
+
 				<tr class="action">
 					<td colspan="2">
 						<input type='submit' name='ACTION' value='$Lang::tr{'save'}' />
@@ -1252,19 +1283,32 @@ sub generate_client_configuration($) {
 	));
 	my $port = $settings{'PORT'};
 
+	# Fetch any DNS servers
+	my @dns = split(/\|/, $settings{'CLIENT_DNS'});
+
 	my @conf = (
 		"[Interface]",
 		"PrivateKey = $peer->{'PRIVATE_KEY'}",
 		"Address = $peer->{'CLIENT_ADDRESS'}",
-		"",
+	);
+
+	# Optionally add DNS servers
+	if (scalar @dns) {
+		push(@conf, "DNS = " . join(", ", @dns));
+	}
 
+	# Finish the [Interface] section
+	push(@conf, "");
+
+	# Add peer configuration
+	push(@conf, (
 		"[Peer]",
 		"Endpoint = ${fqdn}:${port}",
 		"PublicKey = $settings{'PUBLIC_KEY'}",
 		"PresharedKey = $peer->{'PSK'}",
 		"AllowedIPs = " . join(", ", @allowed_ips),
 		"PersistentKeepalive = $DEFAULT_KEEPALIVE",
-	);
+	));
 
 	return join("\n", @conf);
 }
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 754a4ddb7..4b6d793e8 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -3042,7 +3042,10 @@
 'wg client configuration file' => 'WireGuard Client Configuration File',
 'wg client pool' => 'Client Pool',
 'wg create peer' => 'Create A New Peer',
+'wg dns' => 'DNS',
 'wg edit peer' => 'Edit Peer',
+'wg host to net client settings' => 'Host-To-Net Client Settings',
+'wg invalid client dns' => 'Invalid client DNS address',
 'wg invalid client pool' => 'Invalid client pool',
 'wg invalid endpoint address' => 'Invalid endpoint address',
 'wg invalid endpoint port' => 'Invalid endpoint port',
-- 
2.39.5