diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-26 23:15:10.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-27 17:28:48.614000000 -0400
@@ -18,7 +18,7 @@
my $minimum=16;
my $maximum=32;
my $x = $minimum + int(rand($maximum - $minimum));
-$DB->set_prop('wg-quick@wg0', 'ip', "172.$x.0.0") ;
+$DB->set_prop('wg-quick@wg0', 'ip', "172.$x.0.1") ;
}
}
diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
--- smeserver-wireguard-1.0.old/createlink 2021-10-25 23:38:29.000000000 -0400
+++ smeserver-wireguard-1.0/createlink 2021-10-27 21:20:46.985000000 -0400
@@ -69,5 +69,5 @@
));
-
+panel_link("wireguard", "manager");
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-27 21:17:33.367000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-10-27 21:18:24.898000000 -0400
@@ -6,7 +6,7 @@
$DB->set_prop('wg-quick@wg0', 'private', $value ) ;
}
# recreate public if empty or not the same
-$private=${'wg-quick@wg0'}{'private'};
+$private=$DB->get_prop('wg-quick@wg0', 'private') ;
$public=`/usr/bin/echo $private | /usr/bin/wg pubkey`;
chomp $public;
if ( ! defined ${'wg-quick@wg0'}{'public'} || ${'wg-quick@wg0'}{'public'} ne $public) {
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard 1969-12-31 19:00:00.000000000 -0500
+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/70wireguard 2021-06-28 03:17:15.000000000 -0400
@@ -0,0 +1,12 @@
+# wireguard specific configuration
+{
+$wg = $wireguard{status} || 'disabled';
+$wg0 = ${'wg-quick@wg0'}{status} || 'disabled';
+if ($wg0 eq 'enabled') {
+ $OUT .= "enable wg-quick\@wg0.service\n";
+} else {
+ $OUT .= "disable wg-quick\@wg0.service\n";
+}
+
+}
+
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard 2021-06-28 03:17:15.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/systemd/system-preset/70wireguard 1969-12-31 19:00:00.000000000 -0500
@@ -1,12 +0,0 @@
-# wireguard specific configuration
-{
-$wg = $wireguard{status} || 'disabled';
-$wg0 = ${'wg-quick@wg0'}{status} || 'disabled';
-if ($wg0 eq 'enabled') {
- $OUT .= "enable wg-quick\@wg0.service\n";
-} else {
- $OUT .= "disable wg-quick\@wg0.service\n";
-}
-
-}
-
diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
--- smeserver-wireguard-1.0.old/createlink 2021-10-27 21:37:41.284000000 -0400
+++ smeserver-wireguard-1.0/createlink 2021-10-27 21:38:21.164000000 -0400
@@ -33,7 +33,7 @@
));
event_services($event, qw(
masq restart
- 'wg-quick@wg0' restart
+ wg-quick@wg0 restart
));
event_link("wireguard-network", $event, "30");
@@ -44,7 +44,7 @@
/etc/wireguard/server_public.key
));
event_services($event, qw(
- 'wg-quick@wg0' restart
+ wg-quick@wg0 restart
));
#wireguard-user-create
@@ -65,7 +65,7 @@
/etc/wireguard/server_public.key
));
event_services($event, qw(
- 'wg-quick@wg0' restart
+ wg-quick@wg0 restart
));
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-10-26 23:15:11.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-10-27 21:41:45.296000000 -0400
@@ -239,6 +239,10 @@
You can not alter the server ip, mask, private and public key as there are already some clients configured.
+
+ NO_CONF
+ No configured client
+
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface
--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface 2021-06-28 04:41:57.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface 2021-10-27 17:41:12.223000000 -0400
@@ -4,7 +4,6 @@
PrivateKey = {${'wg-quick@wg0'}{private}}
# this should be added to masq with correct interfaces
-#eth0 should be rempalced by external interface if available or internal
-#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+PostUp = iptables -I FORWARD -i %i -j ACCEPT; iptables -I FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers
--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers 2021-06-28 04:46:01.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/50usersPeers 2021-10-27 17:41:12.429000000 -0400
@@ -1,33 +1,36 @@
{
-$OUT = "";
+use esmith::AccountsDB;
-return;
-my $wg = esmith::ConfigDB->open_ro('/etc/e-smith/db/wireguard') or return "#no peers";
-# for each user
+my $wg = esmith::ConfigDB->open_ro('/home/e-smith/db/wireguard');
my $accounts = esmith::AccountsDB->open_ro;
-for my $user ( $accounts->get_all_by_prop(type => 'wg0') ) {
+
+# for each user
+my @users = ( $accounts->users );
+push(@users, $accounts->get('admin'));
+for my $user ( @users ) {
my $username = $user->key;
+ my $count = 0;
for my $cnx ( $wg->get_all_by_prop(user => $username) ) {
+ $count++;
my $public = $cnx->prop('public');
- my $ip = $cnx->prop('ip');
+ my $ip = $cnx->key;
my $info = $cnx->prop('info');
+ my $status = $cnx->prop('status') || "enabled";
+ if ( $status eq "disabled" ) {
+ $OUT .= "\n# $username : $info DISABLED (PublicKey = $public ; AllowedIPs = $ip)\n";
+ next;
+ }
-# wireguard
-#private;public;ips;info#private;public;ips;info
-#private and public is base64 : +/= could be in it
-#ips can be v4 or v6 with subnet ./:,
-#info could have letters, digit and space
-# to separate multiple #
-
- $OUT .= "
+ $OUT .= "
[Peer]
# $username : $info
PublicKey = $public
AllowedIPs = $ip\n";
- }
+
+ }
+ $OUT .= "# no entry for user $username\n" if $count <1;
}
}
-
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers
--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers 2021-06-08 03:56:43.000000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/60serversPeers 1969-12-31 19:00:00.000000000 -0500
@@ -1,3 +0,0 @@
-
-#TODO
-
diff -Nur --no-dereference smeserver-wireguard-1.0.old/createlink smeserver-wireguard-1.0/createlink
--- smeserver-wireguard-1.0.old/createlink 2021-10-27 23:25:06.319000000 -0400
+++ smeserver-wireguard-1.0/createlink 2021-10-27 23:33:11.426000000 -0400
@@ -16,7 +16,7 @@
event_services($event, qw(
masq restart
- 'wg-quick@wg0' restart
+ wg-quick@wg0 restart
));
event_link("wireguard-network", $event, "30");
templates2events("/etc/systemd/system-preset/49-koozali.preset", $event);
@@ -54,7 +54,7 @@
/etc/wireguard/server_public.key
));
event_services($event, qw(
- 'wg-quick@wg0' restart
+ wg-quick@wg0 restart
));
event_link("wireguard-user-create", $event, "03");
@@ -67,6 +67,11 @@
event_services($event, qw(
wg-quick@wg0 restart
));
+
+$event="remoteaccess-update";
+event_services($event, qw(
+ wg-quick@wg0 restart
+));
panel_link("wireguard", "manager");
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-10-26 23:15:10.000000000 -0400
+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-10-31 22:37:41.238000000 -0400
@@ -224,6 +224,7 @@
my $wg0 = $cdb->get('wg-quick@wg0');
my $ServPublic = $wg0->prop('public');
my $Port = $wg0->prop('UDPPort');
+my $allowedips = $wg0->prop('allowedips') || "0.0.0.0/0";
#here we guess wan IP
# are we server-gateway mode ? so external lan, should do
@@ -233,15 +234,20 @@
# dig @resolver4.opendns.com myip.opendns.com +short -4
# dig @resolver1.ipv6-sandbox.opendns.com AAAA myip.opendns.com +short -6
+#DNS
+my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
+my $dns = ($allowedips =~ /0.0.0.0\/0/)? "DNS = $IPAddress" : "" ;
+
my $fulltext ="#configuration for $key $info
[Interface]
PrivateKey = $private
Address = $key
+$dns
[Peer]
PublicKey = $ServPublic
-AllowedIPs = 0.0.0.0/0
+AllowedIPs = $allowedips
Endpoint = $ExternalIP:$Port
";
# we could add a DNS field in [Interface]
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/db/configuration/migrate/wireguard 2021-11-01 21:46:45.647000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/db/configuration/migrate/wireguard 2021-11-01 21:50:17.661000000 -0400
@@ -1,4 +1,6 @@
{
+my $wireguard = $DB->get('wg-quick@wg0') || $DB->new_record('wg-quick@wg0', {type => 'service'});
+
# add private and public key if not present
unless (defined ${'wg-quick@wg0'}{'private'}) {
$value= `/usr/bin/wg genkey`;
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard
--- smeserver-wireguard-1.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-11-03 00:04:00.688000000 -0400
+++ smeserver-wireguard-1.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/wireguard 2021-11-03 00:24:10.217000000 -0400
@@ -244,5 +244,10 @@
No configured client
+
+ INTERFACE
+ Interface
+
+
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 00:04:00.691000000 -0400
+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 00:06:45.195000000 -0400
@@ -82,7 +82,7 @@
esmith::cgi::genSmallCell($q, $fm->localise('CONF_NAME'),"header"),
esmith::cgi::genSmallCell($q, $fm->localise('USER'),"header"),
esmith::cgi::genSmallCell($q, $fm->localise('INFO'),"header"),
- esmith::cgi::genSmallCell($q, $fm->localise('STATUS'),"header"),
+ esmith::cgi::genSmallCell($q, $fm->localise('LABEL_STATUS'),"header"),
esmith::cgi::genSmallCell($q, $fm->localise('ACTION'),"header", 3),
),
"\n";
@@ -131,7 +131,12 @@
my $wgip = $wg->prop('ip');
my $wgmask = $wg->prop('mask');
my $wgport = $wg->prop('UDPPort');
+ my $sstatus = $wg->prop('status');
+ print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('INTERFACE'),"header"),
+ esmith::cgi::genSmallCell($q, "wg0"),);
+ print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('LABEL_STATUS'),"header"),
+ esmith::cgi::genSmallCell($q, $sstatus),);
print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('PUBLIC_KEY'),"header"),
esmith::cgi::genSmallCell($q, $wgpub),);
print $q->Tr (esmith::cgi::genSmallCell($q,$fm->localise('IP'),"header"),
@@ -228,11 +233,10 @@
#here we guess wan IP
# are we server-gateway mode ? so external lan, should do
-my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
# else we should guess from an external service
-# dig @resolver4.opendns.com myip.opendns.com +short
-# dig @resolver4.opendns.com myip.opendns.com +short -4
-# dig @resolver1.ipv6-sandbox.opendns.com AAAA myip.opendns.com +short -6
+#my $internet_ip_address = get_internet_ip_address();
+my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
+$ExternalIP=get_internet_ip_address() unless defined $ExternalIP;
#DNS
my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
@@ -250,8 +254,6 @@
AllowedIPs = $allowedips
Endpoint = $ExternalIP:$Port
";
-# we could add a DNS field in [Interface]
-# DNS = 1.1.1.1, 1.0.0.1
print "
";
@@ -476,7 +478,7 @@
$fm->error('ERROR_OCCURED','FIRST_PAGE');
return undef;
}
- unless (system ("/sbin/e-smith/signal-event", "wireguard-client-remove") == 0 ){
+ unless (system ("/sbin/e-smith/signal-event", "wireguard-user-delete") == 0 ){
$fm->error('ERROR_OCCURED','FIRST_PAGE');
return undef;
}
@@ -539,4 +541,73 @@
}
+
+sub get_internet_ip_address {
+ #we could use DNS to do this faster but some provider will block DNS
+ #dig +short myip.opendns.com @resolver1.opendns.com
+ #also resolver1.opendns.com resolver2.opendns.com resolver3.opendns.com
+ #here a list of available site with https
+ use Net::DNS;
+ use LWP::Simple;
+ my $timeout=1;
+
+ my @httpslist=qw(
+checkip.amazonaws.com
+myexternalip.com/raw
+ifconfig.me/
+icanhazip.com/
+ident.me/
+tnx.nl/ip
+ipecho.net/plain
+wgetip.com/
+ip.tyk.nu/
+bot.whatismyipaddress.com/
+ipof.in/txt
+l2.io/ip
+eth0.me/ );
+ my @dns = (
+ ['myip.opendns.com', 'resolver1.opendns.com', 'A'],
+ ['myip.opendns.com', 'resolver2.opendns.com', 'A'],
+ ['myip.opendns.com', 'resolver3.opendns.com', 'A'],
+ ['myip.opendns.com', 'resolver4.opendns.com', 'A'],
+ ['whoami.akamai.net', 'ns1-1.akamaitech.net', 'A'],
+ ['o-o.myaddr.l.google.com', 'ns1.google.com', 'TXT']
+
+ );
+ my $ip;
+
+ #foreach my $i ( 0 .. $#dns) {
+ # dns calls; test only one random...
+ my $i = rand(@httpslist);
+ my $res = Net::DNS::Resolver->new(
+ nameservers => [ $dns[$i][1] ],
+ udp_timeout => $timeout,
+ tcp_timeout => $timeout
+ );
+ my $reply = $res->search($dns[$i][0], $dns[$i][2]);
+ if ($reply) {
+ foreach my $rr ($reply->answer) {
+ $ip= $rr->txtdata if $rr->can("txtdata");
+ $ip= $rr->address if $rr->can("address");
+ return $ip if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
+ }
+ } else {
+ warn "query failed: ", $res->errorstring, "\n";
+ }
+ #}
+
+ # https calls
+ my $ii=0;
+ my $service;
+ while ( $ii <5 ) {
+ $service=$httpslist[rand(@httpslist)];
+ $ip = (get "https://$service" );
+ chomp $ip;
+ $ii++;
+ last if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
+ }
+ return $ip;
+}
+
+
1;
diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm
--- smeserver-wireguard-1.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 14:18:15.780000000 -0400
+++ smeserver-wireguard-1.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/wireguard.pm 2021-11-03 14:18:39.640000000 -0400
@@ -234,9 +234,8 @@
#here we guess wan IP
# are we server-gateway mode ? so external lan, should do
# else we should guess from an external service
-#my $internet_ip_address = get_internet_ip_address();
my $ExternalIP = $cdb->get('ExternalInterface')->prop('IPAddress');
-$ExternalIP=get_internet_ip_address() unless defined $ExternalIP;
+$ExternalIP = get_internet_ip_address() unless defined $ExternalIP;
#DNS
my $IPAddress = $cdb->get('InternalInterface')->prop('IPAddress');
@@ -589,6 +588,8 @@
foreach my $rr ($reply->answer) {
$ip= $rr->txtdata if $rr->can("txtdata");
$ip= $rr->address if $rr->can("address");
+ # untaint, dns output is tainted
+ ($ip) = $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
return $ip if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
}
} else {
@@ -606,8 +607,9 @@
$ii++;
last if $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
}
+ # not needed but in case, untaint
+ ($ip) = $ip =~ /(\d+\.\d+\.\d+\.\d+)/;
return $ip;
}
-
1;