diff options
-rw-r--r-- | op-mode-definitions/wireguard.xml.in | 42 | ||||
-rwxr-xr-x | src/op_mode/wireguard_client.py | 42 |
2 files changed, 65 insertions, 19 deletions
diff --git a/op-mode-definitions/wireguard.xml.in b/op-mode-definitions/wireguard.xml.in index 9cc979b7b..7e16d87e9 100644 --- a/op-mode-definitions/wireguard.xml.in +++ b/op-mode-definitions/wireguard.xml.in @@ -26,33 +26,53 @@ </properties> <command>sudo ${vyos_op_scripts_dir}/wireguard.py --genkey --location "$4"</command> </tagNode> - <tagNode name="mobile-config"> + <tagNode name="client-config"> <properties> - <help>Generate QR code and movile configuration for Wireguard interface</help> + <help>Generate Client config QR code</help> <completionHelp> - <script>${vyos_completion_dir}/list_interfaces.py --type wireguard</script> + <list><client-name></list> </completionHelp> </properties> <children> - <tagNode name="server"> + <tagNode name="interface"> <properties> - <help>IP address or FQDN the client will connect to</help> + <help>Local interface used for connection</help> <completionHelp> - <script>${vyos_completion_dir}/list_local_ips.sh --both</script> - <list><hostname></list> + <script>${vyos_completion_dir}/list_interfaces.py --type wireguard</script> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --interface "$4" --server "$6"</command> <children> - <tagNode name="address"> + <tagNode name="server"> <properties> - <help>IPv4/IPv6 address used on the client side</help> + <help>IP address/FQDN used for client connection</help> <completionHelp> <script>${vyos_completion_dir}/list_local_ips.sh --both</script> <list><hostname></list> </completionHelp> </properties> - <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --interface "$4" --server "$6" --address "$8"</command> + <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8"</command> + <children> + <tagNode name="address"> + <properties> + <help>IPv4/IPv6 address used by client</help> + <completionHelp> + <list><x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}"</command> + <children> + <tagNode name="address"> + <properties> + <help>IPv4/IPv6 address used by client</help> + <completionHelp> + <list><x.x.x.x> <h:h:h:h:h:h:h:h></list> + </completionHelp> + </properties> + <command>sudo ${vyos_op_scripts_dir}/wireguard_client.py --name "$4" --interface "$6" --server "$8" --address "${10}" --address "${12}"</command> + </tagNode> + </children> + </tagNode> + </children> </tagNode> </children> </tagNode> diff --git a/src/op_mode/wireguard_client.py b/src/op_mode/wireguard_client.py index b25aac2c8..7a620a01e 100755 --- a/src/op_mode/wireguard_client.py +++ b/src/op_mode/wireguard_client.py @@ -20,6 +20,7 @@ import os from jinja2 import Template from ipaddress import ip_interface +from vyos.ifconfig import Section from vyos.template import is_ipv4 from vyos.template import is_ipv6 from vyos.util import cmd @@ -28,27 +29,47 @@ from vyos.util import popen if os.geteuid() != 0: exit("You need to have root privileges to run this script.\nPlease try again, this time using 'sudo'. Exiting.") -tmpl = """ +server_config = """WireGuard client configuration for interface: {{ interface }} + +To enable this configuration on a VyOS router you can use the following commands: + +=== VyOS (server) configurtation === + +{% for addr in address if address is defined %} +set interfaces wireguard {{ interface }} peer {{ name }} allowed-ips '{{ addr }}' +{% endfor %} +set interfaces wireguard {{ interface }} peer {{ name }} pubkey '{{ pubkey }}' +""" + +client_config = """ +=== RoadWarrior (client) configuration === + [Interface] PrivateKey = {{ privkey }} {% if address is defined and address|length > 0 %} Address = {{ address | join(', ')}} {% endif %} +DNS = 1.1.1.1 [Peer] PublicKey = {{ system_pubkey }} Endpoint = {{ server }}:{{ port }} AllowedIPs = 0.0.0.0/0, ::/0 + """ if __name__ == '__main__': parser = argparse.ArgumentParser() + parser.add_argument("-n", "--name", type=str, help='WireGuard peer name', required=True) parser.add_argument("-i", "--interface", type=str, help='WireGuard interface the client is connecting to', required=True) parser.add_argument("-s", "--server", type=str, help='WireGuard server IPv4/IPv6 address or FQDN', required=True) parser.add_argument("-a", "--address", type=str, help='WireGuard client IPv4/IPv6 address', action='append') args = parser.parse_args() interface = args.interface + if interface not in Section.interfaces('wireguard'): + exit(f'WireGuard interface "{interface}" does not exist!') + wg_pubkey = cmd(f'wg show {interface} | grep "public key"').split(':')[-1].lstrip() wg_port = cmd(f'wg show {interface} | grep "listening port"').split(':')[-1].lstrip() @@ -58,6 +79,8 @@ if __name__ == '__main__': pubkey,_ = popen('wg pubkey', input=privkey) config = { + 'name' : args.name, + 'interface' : interface, 'system_pubkey' : wg_pubkey, 'privkey': privkey, 'pubkey' : pubkey, @@ -71,10 +94,12 @@ if __name__ == '__main__': v6_addr = 0 for tmp in args.address: try: - config['address'].append(str(ip_interface(tmp))) + ip = str(ip_interface(tmp).ip) if is_ipv4(tmp): + config['address'].append(f'{ip}/32') v4_addr += 1 elif is_ipv6(tmp): + config['address'].append(f'{ip}/128') v6_addr += 1 except: print(tmp) @@ -83,10 +108,11 @@ if __name__ == '__main__': if (v4_addr > 1) or (v6_addr > 1): exit('Client can only have one IPv4 and one IPv6 address.') - tmp = Template(tmpl, trim_blocks=True).render(config) - qrcode,err = popen('qrencode -t ansiutf8', input=tmp) - - print(f'\nWireGuard client configuration for interface: {interface}') - print(tmp) - print('\n') + # Clear out terminal first + print('\x1b[2J\x1b[H') + server = Template(server_config, trim_blocks=True).render(config) + print(server) + client = Template(client_config, trim_blocks=True).render(config) + print(client) + qrcode,err = popen('qrencode -t ansiutf8', input=client) print(qrcode) |