diff options
author | hagbard-01 <39653662+hagbard-01@users.noreply.github.com> | 2018-09-03 08:24:56 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-09-03 08:24:56 -0700 |
commit | d31d16d38c191a8973d79302b108db7276aef7fd (patch) | |
tree | a4208622bfd8f49ec1c75cc07c0ae46fde13049a /src/op_mode/wireguard.py | |
parent | c49ec1392ba68a20af13c21f8a739d7b1dbc4906 (diff) | |
parent | d6679e21bc58a37195b518e6b51bc7a50df1b947 (diff) | |
download | vyos-1x-d31d16d38c191a8973d79302b108db7276aef7fd.tar.gz vyos-1x-d31d16d38c191a8973d79302b108db7276aef7fd.zip |
Merge pull request #49 from hagbard-01/current
T793: wireguard: implement fwmark, pre-shared key
Diffstat (limited to 'src/op_mode/wireguard.py')
-rwxr-xr-x | src/op_mode/wireguard.py | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py new file mode 100755 index 000000000..14ee66aaf --- /dev/null +++ b/src/op_mode/wireguard.py @@ -0,0 +1,102 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# +# + +import argparse +import os +import sys +import subprocess +import syslog as sl + +from vyos import ConfigError + +dir = r'/config/auth/wireguard' +pk = dir + '/private.key' +pub = dir + '/public.key' +psk = dir + '/preshared.key' + +def check_kmod(): + """ check if kmod is loaded, if not load it """ + if not os.path.exists('/sys/module/wireguard'): + sl.syslog(sl.LOG_NOTICE, "loading wirguard kmod") + if os.system('sudo modprobe wireguard') != 0: + sl.syslog(sl.LOG_ERR, "modprobe wireguard failed") + raise ConfigError("modprobe wireguard failed") + +def generate_keypair(): + """ generates a keypair which is stored in /config/auth/wireguard """ + ret = subprocess.call(['wg genkey | tee ' + pk + '|wg pubkey > ' + pub], shell=True) + if ret != 0: + raise ConfigError("wireguard key-pair generation failed") + else: + sl.syslog(sl.LOG_NOTICE, "new keypair wireguard key generated in " + dir) + +def genkey(): + """ helper function to check, regenerate the keypair """ + old_umask = os.umask(0o077) + if os.path.exists(pk) and os.path.exists(pub): + choice = input("You already have a wireguard key-pair already, do you want to re-generate? [y/n] ") + if choice == 'y' or choice == 'Y': + generate_keypair() + else: + if not os.path.exists(dir): + os.mkdir(dir) + generate_keypair() + os.umask(old_umask) + +def showkey(key): + """ helper function to show privkey or pubkey """ + if key == "pub": + if os.path.exists(pub): + print ( open(pub).read().strip() ) + else: + print("no public key found") + + if key == "pk": + if os.path.exists(pk): + print ( open(pk).read().strip() ) + else: + print("no private key found") + +def genpsk(): + """ generates a preshared key and shows it on stdout, it's stroed only in the config """ + subprocess.call(['wg genpsk'], shell=True) + +if __name__ == '__main__': + check_kmod() + + parser = argparse.ArgumentParser(description='wireguard key management') + parser.add_argument('--genkey', action="store_true", help='generate key-pair') + parser.add_argument('--showpub', action="store_true", help='shows public key') + parser.add_argument('--showpriv', action="store_true", help='shows private key') + parser.add_argument('--genpsk', action="store_true", help='generates preshared-key') + args = parser.parse_args() + + try: + if args.genkey: + genkey() + if args.showpub: + showkey("pub") + if args.showpriv: + showkey("pk") + if args.genpsk: + genpsk() + + except ConfigError as e: + print(e) + sys.exit(1) + |