From e44e1be465cab81a37bab7aa9ecb301b105633ee Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 25 Apr 2024 00:22:40 +0200
Subject: [PATCH] wireguard.cgi: Implement option to configure keepalive

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.de           |  2 ++
 doc/language_issues.en           |  2 ++
 doc/language_issues.es           |  2 ++
 doc/language_issues.fr           |  2 ++
 doc/language_issues.it           |  2 ++
 doc/language_issues.nl           |  2 ++
 doc/language_issues.pl           |  2 ++
 doc/language_issues.ru           |  2 ++
 doc/language_issues.tr           |  2 ++
 doc/language_missings            | 16 ++++++++++++++
 html/cgi-bin/wireguard.cgi       | 37 +++++++++++++++++++++++++++++++-
 langs/en/cgi-bin/en.pl           |  2 ++
 src/initscripts/system/wireguard |  8 ++++++-
 13 files changed, 79 insertions(+), 2 deletions(-)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index cc40436f4..53540a0b8 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -1038,11 +1038,13 @@ WARNING: untranslated string: wg create peer = Create A New Peer
 WARNING: untranslated string: wg edit peer = Edit Peer
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
 WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
 WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
 WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
 WARNING: untranslated string: wg invalid public key = Invalid public key
 WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
 WARNING: untranslated string: wg name is already used = The name is already in use
 WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 4f527dc27..1d39d085c 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -2145,11 +2145,13 @@ WARNING: untranslated string: wg create peer = Create A New Peer
 WARNING: untranslated string: wg edit peer = Edit Peer
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
 WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
 WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
 WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
 WARNING: untranslated string: wg invalid public key = Invalid public key
 WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
 WARNING: untranslated string: wg name is already used = The name is already in use
 WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
diff --git a/doc/language_issues.es b/doc/language_issues.es
index facbd5aa6..8b591e379 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1105,11 +1105,13 @@ WARNING: untranslated string: wg create peer = Create A New Peer
 WARNING: untranslated string: wg edit peer = Edit Peer
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
 WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
 WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
 WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
 WARNING: untranslated string: wg invalid public key = Invalid public key
 WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
 WARNING: untranslated string: wg name is already used = The name is already in use
 WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index cb0bea906..6d32700c5 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -1045,11 +1045,13 @@ WARNING: untranslated string: wg create peer = Create A New Peer
 WARNING: untranslated string: wg edit peer = Edit Peer
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
 WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
 WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
 WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
 WARNING: untranslated string: wg invalid public key = Invalid public key
 WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
 WARNING: untranslated string: wg name is already used = The name is already in use
 WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 40363f9b6..f0e1a2e0c 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1391,11 +1391,13 @@ WARNING: untranslated string: wg create peer = Create A New Peer
 WARNING: untranslated string: wg edit peer = Edit Peer
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
 WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
 WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
 WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
 WARNING: untranslated string: wg invalid public key = Invalid public key
 WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
 WARNING: untranslated string: wg name is already used = The name is already in use
 WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index dc0f9b4c9..e136e5e48 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1412,11 +1412,13 @@ WARNING: untranslated string: wg create peer = Create A New Peer
 WARNING: untranslated string: wg edit peer = Edit Peer
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
 WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
 WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
 WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
 WARNING: untranslated string: wg invalid public key = Invalid public key
 WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
 WARNING: untranslated string: wg name is already used = The name is already in use
 WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 610d8e29c..b7bc9972e 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1654,11 +1654,13 @@ WARNING: untranslated string: wg create peer = Create A New Peer
 WARNING: untranslated string: wg edit peer = Edit Peer
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
 WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
 WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
 WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
 WARNING: untranslated string: wg invalid public key = Invalid public key
 WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
 WARNING: untranslated string: wg name is already used = The name is already in use
 WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 61808edb4..12b7a642e 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1647,11 +1647,13 @@ WARNING: untranslated string: wg create peer = Create A New Peer
 WARNING: untranslated string: wg edit peer = Edit Peer
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
 WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
 WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
 WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
 WARNING: untranslated string: wg invalid public key = Invalid public key
 WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
 WARNING: untranslated string: wg name is already used = The name is already in use
 WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 45516c4ff..59f5cf651 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1274,11 +1274,13 @@ WARNING: untranslated string: wg create peer = Create A New Peer
 WARNING: untranslated string: wg edit peer = Edit Peer
 WARNING: untranslated string: wg invalid endpoint address = Invalid endpoint address
 WARNING: untranslated string: wg invalid endpoint port = Invalid endpoint port
+WARNING: untranslated string: wg invalid keepalive interval = Invalid Keepalive Interval (Must be between 0 and 65535)
 WARNING: untranslated string: wg invalid local subnet = Invalid local subnet
 WARNING: untranslated string: wg invalid name = Invalid name (Only letters, numbers, space and hyphen are allowed)
 WARNING: untranslated string: wg invalid psk = Invalid pre-shared key
 WARNING: untranslated string: wg invalid public key = Invalid public key
 WARNING: untranslated string: wg invalid remote subnet = Invalid remote subnet
+WARNING: untranslated string: wg keepalive interval = Keepalive Interval
 WARNING: untranslated string: wg name is already used = The name is already in use
 WARNING: untranslated string: wg no local subnets = No local subnets given
 WARNING: untranslated string: wg no remote subnets = No remote subnets given
diff --git a/doc/language_missings b/doc/language_missings
index 98e28608d..cb46f879a 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -119,11 +119,13 @@
 < wg edit peer
 < wg invalid endpoint address
 < wg invalid endpoint port
+< wg invalid keepalive interval
 < wg invalid local subnet
 < wg invalid name
 < wg invalid psk
 < wg invalid public key
 < wg invalid remote subnet
+< wg keepalive interval
 < wg name is already used
 < wg no local subnets
 < wg no remote subnets
@@ -202,11 +204,13 @@
 < wg edit peer
 < wg invalid endpoint address
 < wg invalid endpoint port
+< wg invalid keepalive interval
 < wg invalid local subnet
 < wg invalid name
 < wg invalid psk
 < wg invalid public key
 < wg invalid remote subnet
+< wg keepalive interval
 < wg name is already used
 < wg no local subnets
 < wg no remote subnets
@@ -263,11 +267,13 @@
 < wg edit peer
 < wg invalid endpoint address
 < wg invalid endpoint port
+< wg invalid keepalive interval
 < wg invalid local subnet
 < wg invalid name
 < wg invalid psk
 < wg invalid public key
 < wg invalid remote subnet
+< wg keepalive interval
 < wg name is already used
 < wg no local subnets
 < wg no remote subnets
@@ -778,11 +784,13 @@
 < wg edit peer
 < wg invalid endpoint address
 < wg invalid endpoint port
+< wg invalid keepalive interval
 < wg invalid local subnet
 < wg invalid name
 < wg invalid psk
 < wg invalid public key
 < wg invalid remote subnet
+< wg keepalive interval
 < wg name is already used
 < wg no local subnets
 < wg no remote subnets
@@ -1369,11 +1377,13 @@
 < wg edit peer
 < wg invalid endpoint address
 < wg invalid endpoint port
+< wg invalid keepalive interval
 < wg invalid local subnet
 < wg invalid name
 < wg invalid psk
 < wg invalid public key
 < wg invalid remote subnet
+< wg keepalive interval
 < wg name is already used
 < wg no local subnets
 < wg no remote subnets
@@ -2376,11 +2386,13 @@
 < wg edit peer
 < wg invalid endpoint address
 < wg invalid endpoint port
+< wg invalid keepalive interval
 < wg invalid local subnet
 < wg invalid name
 < wg invalid psk
 < wg invalid public key
 < wg invalid remote subnet
+< wg keepalive interval
 < wg name is already used
 < wg no local subnets
 < wg no remote subnets
@@ -3420,11 +3432,13 @@
 < wg edit peer
 < wg invalid endpoint address
 < wg invalid endpoint port
+< wg invalid keepalive interval
 < wg invalid local subnet
 < wg invalid name
 < wg invalid psk
 < wg invalid public key
 < wg invalid remote subnet
+< wg keepalive interval
 < wg name is already used
 < wg no local subnets
 < wg no remote subnets
@@ -3841,11 +3855,13 @@
 < wg edit peer
 < wg invalid endpoint address
 < wg invalid endpoint port
+< wg invalid keepalive interval
 < wg invalid local subnet
 < wg invalid name
 < wg invalid psk
 < wg invalid public key
 < wg invalid remote subnet
+< wg keepalive interval
 < wg name is already used
 < wg no local subnets
 < wg no remote subnets
diff --git a/html/cgi-bin/wireguard.cgi b/html/cgi-bin/wireguard.cgi
index e2e70256f..235404555 100644
--- a/html/cgi-bin/wireguard.cgi
+++ b/html/cgi-bin/wireguard.cgi
@@ -30,7 +30,8 @@ require "/var/ipfire/general-functions.pl";
 require "${General::swroot}/header.pl";
 require "${General::swroot}/location-functions.pl";
 
-my $DEFAULT_PORT = 51820;
+my $DEFAULT_PORT		= 51820;
+my $DEFAULT_KEEPALIVE	= 25;
 
 my $INTF = "wg0";
 my @errormessages = ();
@@ -133,6 +134,7 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
 		"REMARKS"			=> &decode_base64($peers{$key}[7]),
 		"LOCAL_SUBNETS"		=> join(", ", @local_subnets),
 		"PSK"				=> $peers{$key}[9],
+		"KEEPALIVE"			=> $peers{$key}[10],
 	);
 
 	# Jump to the editor
@@ -177,6 +179,11 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
 		push(@errormessages, $Lang::tr{'wg invalid endpoint port'});
 	}
 
+	# Check keepalive
+	unless (&keepalive_is_valid($cgiparams{'KEEPALIVE'})) {
+		push(@errormessages, $Lang::tr{'wg invalid keepalive interval'});
+	}
+
 	# Check local subnets
 	if (defined $cgiparams{'LOCAL_SUBNETS'}) {
 		@local_subnets = split(/,/, $cgiparams{'LOCAL_SUBNETS'});
@@ -234,6 +241,8 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
 		&encode_subnets(@local_subnets),
 		# 9 = PSK
 		$cgiparams{"PSK"} || "",
+		# 10 = Keepalive
+		$cgiparams{"KEEPALIVE"} || 0,
 	];
 
 	# Store the configuration
@@ -531,6 +540,7 @@ EDITOR:
 			"LOCAL_SUBNETS" =>
 				$Network::ethernet{"GREEN_NETADDRESS"}
 				. "/" . $Network::ethernet{"GREEN_NETMASK"},
+			"KEEPALIVE"		=> $DEFAULT_KEEPALIVE,
 		});
 	}
 
@@ -604,6 +614,18 @@ EDITOR:
 							value="$cgiparams{'PSK'}" />
 					</td>
 				</tr>
+
+				<tr>
+					<td>
+						$Lang::tr{'wg keepalive interval'}
+					</td>
+
+					<td>
+						<input type="number" name="KEEPALIVE"
+							value="$cgiparams{'KEEPALIVE'}" required
+							min="0" max="65535" />
+					</td>
+				</tr>
 			</table>
 
 			<h6>$Lang::tr{'routing'}</h6>
@@ -784,6 +806,19 @@ sub publickey_is_valid($) {
 	return length($key) == 32;
 }
 
+sub keepalive_is_valid($) {
+	my $keepalive = shift;
+
+	# Must be a number
+	return 0 unless ($keepalive =~ m/^[0-9]+$/);
+
+	# Must be between 0 and 65535 (inclusive)
+	return 0 if ($keepalive lt 0);
+	return 0 if ($keepalive gt 65535);
+
+	return 1;
+}
+
 sub encode_remarks($) {
 	my $remarks = shift;
 
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index ff735f215..613a5e147 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -3042,11 +3042,13 @@
 'wg edit peer' => 'Edit Peer',
 'wg invalid endpoint address' => 'Invalid endpoint address',
 'wg invalid endpoint port' => 'Invalid endpoint port',
+'wg invalid keepalive interval' => 'Invalid Keepalive Interval (Must be between 0 and 65535)',
 'wg invalid local subnet' => 'Invalid local subnet',
 'wg invalid name' => 'Invalid name (Only letters, numbers, space and hyphen are allowed)',
 'wg invalid psk' => 'Invalid pre-shared key',
 'wg invalid public key' => 'Invalid public key',
 'wg invalid remote subnet' => 'Invalid remote subnet',
+'wg keepalive interval' => 'Keepalive Interval',
 'wg name is already used' => 'The name is already in use',
 'wg no local subnets' => 'No local subnets given',
 'wg no remote subnets' => 'No remote subnets given',
diff --git a/src/initscripts/system/wireguard b/src/initscripts/system/wireguard
index 6c44b770d..baf829248 100644
--- a/src/initscripts/system/wireguard
+++ b/src/initscripts/system/wireguard
@@ -48,6 +48,7 @@ generate_config() {
 	local remarks
 	local local_subnets
 	local psk
+	local keepalive
 	local _rest
 
 	local route
@@ -56,7 +57,7 @@ generate_config() {
 	ip route flush dev "${INTF}"
 
 	while read -r id enabled type name pubkey endpoint port routes \
-			remarks local_subnets psk _rest; do
+			remarks local_subnets psk keepalive _rest; do
 		# Skip peers that are not enabled
 		[ "${enabled}" = "on" ] || continue
 
@@ -84,6 +85,11 @@ generate_config() {
 				done
 			fi
 		fi
+
+		# Set keepalive
+		if [ -n "${keepalive}" ]; then
+			echo "PersistentKeepalive = ${keepalive}"
+		fi
 	done < /var/ipfire/wireguard/peers
 }
 
-- 
2.39.5