Turn the list of configured peers into a grid section in order to improve
the overview of the configuration form.
Fixes: #5489
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The `luci.wireguard.generateQrCode` UBUS method allows injecting
arbitrary shell code by not sanitizing the `privkey` and `allowed_ips`
arguments before concatenating them into shell command expressions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The iptables mark field is 32 bits wide, which is 4 bytes and so 8 hex
characters. Fix the fwmark validation to allow 8 characters in the hex
string.
Fixes: #5098
Suggested-by: Robert <32970961+differentblue@users.noreply.github.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The introduction of network device configuration support also implemented
all common, protocol-independent interface options directly in the
interface config view, so drop the redundant option definitions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Prepares for 5.10 migration. wireguard-tools will bring in the correct
wireguard kernel module dependency - either kmod-wireguard or
kmod-wireguard-oot.
Depends on https://github.com/openwrt/openwrt/pull/3885
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
This change allows to configure `nohostroute` option for wireguard to explicitely prevent creation
of host routes to endpoints.
By default without `option nohostroute '1'`, an explicite route to the peer's endpoint will be created in the main routing table with the next hop to the gateway. However, it causes issues with some setup. Enabling this option will inhibit this behavior. See discussions at http://lists.openwrt.org/pipermail/openwrt-devel/2019-March/016329.html.
Signed-off-by: Yuxiang Zhu <vfreex@gmail.com>
Adds support for the fwmark option.
FwMark is a 32-bit fwmark for outgoing packets.
If set to 0 or "off", this option is disabled.
Signed-off-by: Dan Luedtke <mail@danrl.com>
Enable static addresses on WireGuard tunnel interfaces without requiring
an static address interface.
This removes the requirement to use a static address interface on top of a
WireGuard tunnel interface in the majority of cases. In the past, users have
been confused by the current approach and asked for a simpler way to configure
WireGuard interfaces.
Signed-off-by: Dan Luedtke <mail@danrl.com>
Description was misleading, as the routes are not created automatically. We have
a flag to create routes. Added a hint what to fill into the AlledIPs field as
users repeatedly have struggled to use it correctly. Thanks to Stefan Agner for
providing feedback on this.
Signed-off-by: Dan Luedtke <mail@danrl.com>
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
more useful than IPSec, while avoiding the massive headache. It intends to
be considerably more performant than OpenVPN. WireGuard is designed as a
general purpose VPN for running on embedded interfaces and super computers
alike, fit for many different circumstances.
It runs over UDP.
Signed-off-by: Dan Lüdtke mail@danrl.com
Lukas Voegl
Jo-Philipp Wich
Florian Eckert
Robert Walli
Paul Dee
Keith Irwin
Ilya Lipnitskiy
Wojciech Jowsa
Yuxiang Zhu
Dan Lüdtke
rwalli
Kevin Darbyshire-Bryant
square.wf
Jason A. Donenfeld