diff options
author | hagbard <vyosdev@derith.de> | 2019-10-21 14:57:38 -0700 |
---|---|---|
committer | hagbard <vyosdev@derith.de> | 2019-10-21 14:57:38 -0700 |
commit | 034c68aa62b5a9a493e77e8ac18f4e38ee621b25 (patch) | |
tree | 3a7f72cd71bd7530bf4e1b65968538ea28d35c16 /src/op_mode/wireguard.py | |
parent | a16ee44ac1c25145d3e938eff0ab3e66923e2513 (diff) | |
parent | 0bc3e9f3d87d35c9bbf55bed1caa6f24a3678a95 (diff) | |
download | vyos-1x-034c68aa62b5a9a493e77e8ac18f4e38ee621b25.tar.gz vyos-1x-034c68aa62b5a9a493e77e8ac18f4e38ee621b25.zip |
Merge branch 'current' into equuleus
Diffstat (limited to 'src/op_mode/wireguard.py')
-rwxr-xr-x | src/op_mode/wireguard.py | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py index 4e93ec6aa..f6978554d 100755 --- a/src/op_mode/wireguard.py +++ b/src/op_mode/wireguard.py @@ -22,14 +22,16 @@ import sys import shutil import subprocess import syslog as sl +import re +import time from vyos import ConfigError +from vyos.config import Config dir = r'/config/auth/wireguard' psk = dir + '/preshared.key' - def check_kmod(): """ check if kmod is loaded, if not load it """ if not os.path.exists('/sys/module/wireguard'): @@ -39,6 +41,40 @@ def check_kmod(): raise ConfigError("modprobe wireguard failed") +def showint(interface): + output = subprocess.check_output(["wg", "show", interface], universal_newlines=True) + c = Config() + c.set_level("interfaces wireguard {}".format(interface)) + description = c.return_effective_value("description".format(interface)) + """ if the interface has a description, modify the output to include it """ + if (description): + output = re.sub(r"interface: {}".format(re.escape(interface)),"interface: {}\n Description: {}".format(interface,description),output) + + """ pull the last handshake times. Assume if the handshake was greater than 5 minutes, the tunnel is down """ + peer_timeouts = {} + last_hs_output = subprocess.check_output(["wg", "show", interface, "latest-handshakes"], universal_newlines=True) + for match in re.findall(r'(\S+)\s+(\d+)',last_hs_output): + peer_timeouts[match[0]] = match[1] + + """ modify all the peers, reformat to provide VyOS config provided peername, whether the tunnel is up/down """ + for peer in c.list_effective_nodes(' peer'): + pubkey = c.return_effective_value("peer {} pubkey".format(peer)) + status = "" + if int(peer_timeouts[pubkey]) > 0: + #Five minutes and the tunnel is still up + if (time.time() - int(peer_timeouts[pubkey]) < (60*5)): + status = "UP" + else: + status = "DOWN" + elif (peer_timeouts[pubkey] is None): + status = "DOWN" + elif (int(peer_timeouts[pubkey]) == 0): + status = "DOWN" + + output = re.sub(r"peer: {}".format(re.escape(pubkey)),"peer: {}\n Status: {}\n public key: {}".format(peer,status,pubkey),output) + + print(output) + def generate_keypair(pk, pub): """ generates a keypair which is stored in /config/auth/wireguard """ old_umask = os.umask(0o027) @@ -124,6 +160,8 @@ if __name__ == '__main__': '--listkdir', action="store_true", help='lists named keydirectories') parser.add_argument( '--delkdir', action="store_true", help='removes named keydirectories') + parser.add_argument( + '--showinterface', action="store", help='shows interface details') args = parser.parse_args() try: @@ -146,6 +184,8 @@ if __name__ == '__main__': genpsk() if args.listkdir: list_key_dirs() + if args.showinterface: + showint(args.showinterface) if args.delkdir: if args.location: del_key_dir(args.location) |