summaryrefslogtreecommitdiff
path: root/src/op_mode/wireguard.py
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2019-10-21 14:57:38 -0700
committerhagbard <vyosdev@derith.de>2019-10-21 14:57:38 -0700
commit034c68aa62b5a9a493e77e8ac18f4e38ee621b25 (patch)
tree3a7f72cd71bd7530bf4e1b65968538ea28d35c16 /src/op_mode/wireguard.py
parenta16ee44ac1c25145d3e938eff0ab3e66923e2513 (diff)
parent0bc3e9f3d87d35c9bbf55bed1caa6f24a3678a95 (diff)
downloadvyos-1x-034c68aa62b5a9a493e77e8ac18f4e38ee621b25.tar.gz
vyos-1x-034c68aa62b5a9a493e77e8ac18f4e38ee621b25.zip
Merge branch 'current' into equuleus
Diffstat (limited to 'src/op_mode/wireguard.py')
-rwxr-xr-xsrc/op_mode/wireguard.py42
1 files changed, 41 insertions, 1 deletions
diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py
index 4e93ec6aa..f6978554d 100755
--- a/src/op_mode/wireguard.py
+++ b/src/op_mode/wireguard.py
@@ -22,14 +22,16 @@ import sys
import shutil
import subprocess
import syslog as sl
+import re
+import time
from vyos import ConfigError
+from vyos.config import Config
dir = r'/config/auth/wireguard'
psk = dir + '/preshared.key'
-
def check_kmod():
""" check if kmod is loaded, if not load it """
if not os.path.exists('/sys/module/wireguard'):
@@ -39,6 +41,40 @@ def check_kmod():
raise ConfigError("modprobe wireguard failed")
+def showint(interface):
+ output = subprocess.check_output(["wg", "show", interface], universal_newlines=True)
+ c = Config()
+ c.set_level("interfaces wireguard {}".format(interface))
+ description = c.return_effective_value("description".format(interface))
+ """ if the interface has a description, modify the output to include it """
+ if (description):
+ output = re.sub(r"interface: {}".format(re.escape(interface)),"interface: {}\n Description: {}".format(interface,description),output)
+
+ """ pull the last handshake times. Assume if the handshake was greater than 5 minutes, the tunnel is down """
+ peer_timeouts = {}
+ last_hs_output = subprocess.check_output(["wg", "show", interface, "latest-handshakes"], universal_newlines=True)
+ for match in re.findall(r'(\S+)\s+(\d+)',last_hs_output):
+ peer_timeouts[match[0]] = match[1]
+
+ """ modify all the peers, reformat to provide VyOS config provided peername, whether the tunnel is up/down """
+ for peer in c.list_effective_nodes(' peer'):
+ pubkey = c.return_effective_value("peer {} pubkey".format(peer))
+ status = ""
+ if int(peer_timeouts[pubkey]) > 0:
+ #Five minutes and the tunnel is still up
+ if (time.time() - int(peer_timeouts[pubkey]) < (60*5)):
+ status = "UP"
+ else:
+ status = "DOWN"
+ elif (peer_timeouts[pubkey] is None):
+ status = "DOWN"
+ elif (int(peer_timeouts[pubkey]) == 0):
+ status = "DOWN"
+
+ output = re.sub(r"peer: {}".format(re.escape(pubkey)),"peer: {}\n Status: {}\n public key: {}".format(peer,status,pubkey),output)
+
+ print(output)
+
def generate_keypair(pk, pub):
""" generates a keypair which is stored in /config/auth/wireguard """
old_umask = os.umask(0o027)
@@ -124,6 +160,8 @@ if __name__ == '__main__':
'--listkdir', action="store_true", help='lists named keydirectories')
parser.add_argument(
'--delkdir', action="store_true", help='removes named keydirectories')
+ parser.add_argument(
+ '--showinterface', action="store", help='shows interface details')
args = parser.parse_args()
try:
@@ -146,6 +184,8 @@ if __name__ == '__main__':
genpsk()
if args.listkdir:
list_key_dirs()
+ if args.showinterface:
+ showint(args.showinterface)
if args.delkdir:
if args.location:
del_key_dir(args.location)