Initial support for the new unetd VPN daemon.
Currently this just enables seeing the VPN interface
in the LuCI network overview, plus the keys used.
No relevant config change possibilities, yet.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Add PEM inputs and file handling for user cert, key and CA cert. This
handling is largely based upon that used in luci-proto-openconnect.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
When importing a fully configuration, import all peer entries from it
instead of non-deterministically merging all peer keys into one.
When importing a remote configuration as peer, only use the setting from
the peer section matching our local interface pubkey.
Also relabel the `Import peer configuration` button to
`Import configuration as peer` in order to be more explicit.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- Reword texts in import dialogs for better clarity, use different
descriptions for full import and peer import
- Allow importing configurations without [Peer] section
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Package luci-proto-ncm depends on comgt-ncm which uses an option
called 'mode' to set the radiomode of the modem. There is no option
'service' in the comgt-ncm scripts.
Suggested-by: breenstorm <49235337+breenstorm@users.noreply.github.com>
[fix commit subject, add commit message, rebase onto master branch]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The /etc/config/ddns in particular might not be present on the system,
don't fail if it is absent.
Fixes: #5838
Fixes: 9ba20645b0 ("luci-proto-wireguard: rewrite protocol handler")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit rewrites large chunks of the WireGuard protocol handler in order
to simplify the process of importing and exporting configuration. The major
changes are:
1) The wireguard interface configuration tab (General Settings) gained an
import assistant which allows dragging or pasting a native WireGuard
configuration file in order to import required settrings into uci
2) The peer configuration tab gained a similar import assistant which allows
importing the settings for a WireGuard peer from an existing native
WireGuard configuration file
3) The QR code export feature has been rewritten to make the resulting codes
actually useful for importing into a WireGuard client application.
Additionally the plaintext native WireGuard configuration is displayed
to allow copy-pasting it for use on a Linux or OS X system
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Turn the list of configured peers into a grid section in order to improve
the overview of the configuration form.
Fixes: #5489
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The `luci.wireguard.generateQrCode` UBUS method allows injecting
arbitrary shell code by not sanitizing the `privkey` and `allowed_ips`
arguments before concatenating them into shell command expressions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- Turn IPv4-Address into IPv4 address
- Turn IPv4-Gateway into IPv4 gateway
- Turn IPv6-Address into IPv6 address
- Turn IPv6-Gateway into IPv6 gateway
- Turn MAC-Address into MAC address
Also remove related duplicate translation entries.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The iptables mark field is 32 bits wide, which is 4 bytes and so 8 hex
characters. Fix the fwmark validation to allow 8 characters in the hex
string.
Fixes: #5098
Suggested-by: Robert <32970961+differentblue@users.noreply.github.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This is required to resolve clashes with the generic "option device"
referring to netdev names in current netifd versions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Those are L2 options that are not part of interfaces (L3), should not be
set there and don't work. Setting MAC and MTU should be done at device
layer (config device) and is supported for basic types already.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The introduction of network device configuration support also implemented
all common, protocol-independent interface options directly in the
interface config view, so drop the redundant option definitions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Prepares for 5.10 migration. wireguard-tools will bring in the correct
wireguard kernel module dependency - either kmod-wireguard or
kmod-wireguard-oot.
Depends on https://github.com/openwrt/openwrt/pull/3885
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Better handling of Type of Service (IPv4), Traffic Class (IPv6) values
Optional value Local endpoint address is detected and pre-filled in the interface
Signed-off-by: Jan Bětík <jan.betik@svine.su>
legacymap causes map to use the legacy IPv6 Interface Identifier format
that was described in draft-ietf-softwire-map-00, but was eventually
changed in RFC7597. It is however still used by some major ISPs,
including in Japan.
Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
"type" is already used as a common option for all protocols. This makes
the configuration ambiguous, and Luci sees JS errors when trying to save
a MAP configuration.
Switch to "maptype" instead to avoid the conflict. MAP currently uses
"maptype" and falls back to "type" when not specified.
Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
I'm running several GRE tunnels to different locations and
the option to see and to configure GRE tunnels in LuCI was not
crucial but nice to have.
Signed-off-by: Jan Bětík <jan.betik@svine.su>
This addresses the issue of openconnect.sh from openconnect package expecting
a vpn- suffix for the files, while the frontend didn't.
Signed-off-by: Friendly fellow <DasTestament@users.noreply.github.com>
[reword commit message]
Ref: https://github.com/openwrt/packages/issues/11584
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This change allows to configure `nohostroute` option for wireguard to explicitely prevent creation
of host routes to endpoints.
By default without `option nohostroute '1'`, an explicite route to the peer's endpoint will be created in the main routing table with the next hop to the gateway. However, it causes issues with some setup. Enabling this option will inhibit this behavior. See discussions at http://lists.openwrt.org/pipermail/openwrt-devel/2019-March/016329.html.
Signed-off-by: Yuxiang Zhu <vfreex@gmail.com>
