diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-04-05 14:33:34 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-04-05 14:33:34 +0200 |
| commit | 2a16c8e3f9767b1754c14e8f596a74e4bb5de72a (patch) | |
| tree | 3f97b6f607a0e4f4733ea466da4ef82c7e6911e5 | |
| parent | 67b968fcec28b544e1982f4847399cbbabd61200 (diff) | |
| parent | 792b5dcd5a33785c994065d2c7243c21470b3d29 (diff) | |
| download | vyos-1x-2a16c8e3f9767b1754c14e8f596a74e4bb5de72a.tar.gz vyos-1x-2a16c8e3f9767b1754c14e8f596a74e4bb5de72a.zip | |
Merge branch 't2206-wireguard' of github.com:c-po/vyos-1x into current
* 't2206-wireguard' of github.com:c-po/vyos-1x:
wireguard: T2228: support ports less then 1024
wireguard: T2206: add valueHelp for listen port
wireguard: T2206: split endpoint node into address and port
wwan: migrate: fix comment
| -rw-r--r-- | interface-definitions/interfaces-wireguard.xml.in | 32 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-wireguard.py | 27 | ||||
| -rwxr-xr-x | src/migration-scripts/interfaces/6-to-7 | 2 | ||||
| -rwxr-xr-x | src/migration-scripts/interfaces/7-to-8 | 58 |
4 files changed, 101 insertions, 18 deletions
diff --git a/interface-definitions/interfaces-wireguard.xml.in b/interface-definitions/interfaces-wireguard.xml.in index d461156b3..d3f084774 100644 --- a/interface-definitions/interfaces-wireguard.xml.in +++ b/interface-definitions/interfaces-wireguard.xml.in @@ -21,9 +21,13 @@ #include <include/interface-disable.xml.i> <leafNode name="port"> <properties> - <help>Local port number to accept connections</help> + <help>Local port to listen for incoming connections</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> <constraint> - <validator name="numeric" argument="--range 1024-65535"/> + <validator name="numeric" argument="--range 1-65535"/> </constraint> </properties> </leafNode> @@ -97,10 +101,28 @@ <multi/> </properties> </leafNode> - <!-- eventually check format IP:port --> - <leafNode name="endpoint"> + <leafNode name="address"> + <properties> + <help>IP address of tunnel remote end</help> + <valueHelp> + <format>ipv4</format> + <description>IP address to listen for incoming connections</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + </constraint> + </properties> + </leafNode> + <leafNode name="port"> <properties> - <help>Remote endpoint (IP:port)</help> + <help>Port number on tunnel remote end</help> + <valueHelp> + <format>1-65535</format> + <description>Numeric IP port</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-65535"/> + </constraint> </properties> </leafNode> <leafNode name="persistent-keepalive"> diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index d8c327e19..5c0c07dc4 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018 VyOS maintainers and contributors +# Copyright (C) 2018-2020 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -13,13 +13,12 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# -# import sys import os import re import subprocess + from copy import deepcopy from netifaces import interfaces @@ -30,10 +29,9 @@ from vyos.ifconfig import WireGuardIf kdir = r'/config/auth/wireguard' - def _check_kmod(): if not os.path.exists('/sys/module/wireguard'): - if os.system('sudo modprobe wireguard') != 0: + if os.system('modprobe wireguard') != 0: raise ConfigError("modprobe wireguard failed") @@ -135,7 +133,8 @@ def get_config(): { p: { 'allowed-ips': [], - 'endpoint': '', + 'address': '', + 'port': '', 'pubkey': '' } } @@ -144,10 +143,14 @@ def get_config(): if c.exists(['peer', p, 'allowed-ips']): wg['peer'][p]['allowed-ips'] = c.return_values( ['peer', p, 'allowed-ips']) - # peer endpoint - if c.exists(['peer', p, 'endpoint']): - wg['peer'][p]['endpoint'] = c.return_value( - ['peer', p, 'endpoint']) + # peer address + if c.exists(['peer', p, 'address']): + wg['peer'][p]['address'] = c.return_value( + ['peer', p, 'address']) + # peer port + if c.exists(['peer', p, 'port']): + wg['peer'][p]['port'] = c.return_value( + ['peer', p, 'port']) # persistent-keepalive if c.exists(['peer', p, 'persistent-keepalive']): wg['peer'][p]['persistent-keepalive'] = c.return_value( @@ -251,8 +254,8 @@ def apply(c): if c['fwmark']: intfc.config['fwmark'] = c['fwmark'] # endpoint - if c['peer'][p]['endpoint']: - intfc.config['endpoint'] = c['peer'][p]['endpoint'] + if c['peer'][p]['address'] and c['peer'][p]['port']: + intfc.config['endpoint'] = "{}:{}".format(c['peer'][p]['address'], c['peer'][p]['port']) # persistent-keepalive if 'persistent-keepalive' in c['peer'][p]: diff --git a/src/migration-scripts/interfaces/6-to-7 b/src/migration-scripts/interfaces/6-to-7 index b4f59c363..220c7e601 100755 --- a/src/migration-scripts/interfaces/6-to-7 +++ b/src/migration-scripts/interfaces/6-to-7 @@ -35,7 +35,7 @@ if __name__ == '__main__': # Nothing to do sys.exit(0) - # list all individual interface types like dummy, ethernet and so on + # list all individual wwan/wireless modem interfaces for i in config.list_nodes(base): iface = base + [i] diff --git a/src/migration-scripts/interfaces/7-to-8 b/src/migration-scripts/interfaces/7-to-8 new file mode 100755 index 000000000..78bd2781b --- /dev/null +++ b/src/migration-scripts/interfaces/7-to-8 @@ -0,0 +1,58 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2020 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# Remove network provider name from CLI and rather use provider APN from CLI + +from sys import exit, argv +from vyos.configtree import ConfigTree + +if __name__ == '__main__': + if (len(argv) < 1): + print("Must specify file name!") + exit(1) + + file_name = argv[1] + with open(file_name, 'r') as f: + config_file = f.read() + + config = ConfigTree(config_file) + base = ['interfaces', 'wireguard'] + + if not config.exists(base): + # Nothing to do + exit(0) + + # list all individual wireguard interface isntance + for i in config.list_nodes(base): + iface = base + [i] + for peer in config.list_nodes(iface + ['peer']): + base_peer = iface + ['peer', peer] + if config.exists(base_peer + ['endpoint']): + endpoint = config.return_value(base_peer + ['endpoint']) + address = endpoint.split(':')[0] + port = endpoint.split(':')[1] + # delete old node + config.delete(base_peer + ['endpoint']) + # setup new nodes + config.set(base_peer + ['address'], value=address) + config.set(base_peer + ['port'], value=port) + + try: + with open(file_name, 'w') as f: + f.write(config.to_string()) + except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) |