summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--op-mode-definitions/wireguard.xml.in42
-rwxr-xr-xsrc/op_mode/wireguard_client.py42
2 files changed, 65 insertions, 19 deletions
diff --git a/op-mode-definitions/wireguard.xml.in b/op-mode-definitions/wireguard.xml.in
index 9cc979b7b..7e16d87e9 100644
--- a/op-mode-definitions/wireguard.xml.in
+++ b/op-mode-definitions/wireguard.xml.in
@@ -26,33 +26,53 @@
</properties>
<command>sudo ${vyos_op_scripts_dir}/wireguard.py --genkey --location "$4"</command>
</tagNode>
- <tagNode name="mobile-config">
+ <tagNode name="client-config">
<properties>
- <help>Generate QR code and movile configuration for Wireguard interface</help>
+ <help>Generate Client config QR code</help>
<completionHelp>
- <script>${vyos_completion_dir}/list_interfaces.py --type wireguard</script>
+ <list>&lt;client-name&gt;</list>
</completionHelp>
</properties>
<children>
- <tagNode name="server">
+ <tagNode name="interface">
<properties>
- <help>IP address or FQDN the client will connect to</help>
+ <help>Local interface used for connection</help>
<completionHelp>
- <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
- <list>&lt;hostname&gt;</list>
+ <script>${vyos_completion_dir}/list_interfaces.py --type wireguard</script>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --interface "$4" --server "$6"</command>
<children>
- <tagNode name="address">
+ <tagNode name="server">
<properties>
- <help>IPv4/IPv6 address used on the client side</help>
+ <help>IP address/FQDN used for client connection</help>
<completionHelp>
<script>${vyos_completion_dir}/list_local_ips.sh --both</script>
<list>&lt;hostname&gt;</list>
</completionHelp>
</properties>
- <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --interface "$4" --server "$6" --address "$8"</command>
+ <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8"</command>
+ <children>
+ <tagNode name="address">
+ <properties>
+ <help>IPv4/IPv6 address used by client</help>
+ <completionHelp>
+ <list>&lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
+ </completionHelp>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}"</command>
+ <children>
+ <tagNode name="address">
+ <properties>
+ <help>IPv4/IPv6 address used by client</help>
+ <completionHelp>
+ <list>&lt;x.x.x.x&gt; &lt;h:h:h:h:h:h:h:h&gt;</list>
+ </completionHelp>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}" --address "${12}"</command>
+ </tagNode>
+ </children>
+ </tagNode>
+ </children>
</tagNode>
</children>
</tagNode>
diff --git a/src/op_mode/wireguard_client.py b/src/op_mode/wireguard_client.py
index b25aac2c8..7a620a01e 100755
--- a/src/op_mode/wireguard_client.py
+++ b/src/op_mode/wireguard_client.py
@@ -20,6 +20,7 @@ import os
from jinja2 import Template
from ipaddress import ip_interface
+from vyos.ifconfig import Section
from vyos.template import is_ipv4
from vyos.template import is_ipv6
from vyos.util import cmd
@@ -28,27 +29,47 @@ from vyos.util import popen
if os.geteuid() != 0:
exit("You need to have root privileges to run this script.\nPlease try again, this time using 'sudo'. Exiting.")
-tmpl = """
+server_config = """WireGuard client configuration for interface: {{ interface }}
+
+To enable this configuration on a VyOS router you can use the following commands:
+
+=== VyOS (server) configurtation ===
+
+{% for addr in address if address is defined %}
+set interfaces wireguard {{ interface }} peer {{ name }} allowed-ips '{{ addr }}'
+{% endfor %}
+set interfaces wireguard {{ interface }} peer {{ name }} pubkey '{{ pubkey }}'
+"""
+
+client_config = """
+=== RoadWarrior (client) configuration ===
+
[Interface]
PrivateKey = {{ privkey }}
{% if address is defined and address|length > 0 %}
Address = {{ address | join(', ')}}
{% endif %}
+DNS = 1.1.1.1
[Peer]
PublicKey = {{ system_pubkey }}
Endpoint = {{ server }}:{{ port }}
AllowedIPs = 0.0.0.0/0, ::/0
+
"""
if __name__ == '__main__':
parser = argparse.ArgumentParser()
+ parser.add_argument("-n", "--name", type=str, help='WireGuard peer name', required=True)
parser.add_argument("-i", "--interface", type=str, help='WireGuard interface the client is connecting to', required=True)
parser.add_argument("-s", "--server", type=str, help='WireGuard server IPv4/IPv6 address or FQDN', required=True)
parser.add_argument("-a", "--address", type=str, help='WireGuard client IPv4/IPv6 address', action='append')
args = parser.parse_args()
interface = args.interface
+ if interface not in Section.interfaces('wireguard'):
+ exit(f'WireGuard interface "{interface}" does not exist!')
+
wg_pubkey = cmd(f'wg show {interface} | grep "public key"').split(':')[-1].lstrip()
wg_port = cmd(f'wg show {interface} | grep "listening port"').split(':')[-1].lstrip()
@@ -58,6 +79,8 @@ if __name__ == '__main__':
pubkey,_ = popen('wg pubkey', input=privkey)
config = {
+ 'name' : args.name,
+ 'interface' : interface,
'system_pubkey' : wg_pubkey,
'privkey': privkey,
'pubkey' : pubkey,
@@ -71,10 +94,12 @@ if __name__ == '__main__':
v6_addr = 0
for tmp in args.address:
try:
- config['address'].append(str(ip_interface(tmp)))
+ ip = str(ip_interface(tmp).ip)
if is_ipv4(tmp):
+ config['address'].append(f'{ip}/32')
v4_addr += 1
elif is_ipv6(tmp):
+ config['address'].append(f'{ip}/128')
v6_addr += 1
except:
print(tmp)
@@ -83,10 +108,11 @@ if __name__ == '__main__':
if (v4_addr > 1) or (v6_addr > 1):
exit('Client can only have one IPv4 and one IPv6 address.')
- tmp = Template(tmpl, trim_blocks=True).render(config)
- qrcode,err = popen('qrencode -t ansiutf8', input=tmp)
-
- print(f'\nWireGuard client configuration for interface: {interface}')
- print(tmp)
- print('\n')
+ # Clear out terminal first
+ print('\x1b[2J\x1b[H')
+ server = Template(server_config, trim_blocks=True).render(config)
+ print(server)
+ client = Template(client_config, trim_blocks=True).render(config)
+ print(client)
+ qrcode,err = popen('qrencode -t ansiutf8', input=client)
print(qrcode)