diff options
| -rw-r--r-- | op-mode-definitions/wireguard.xml | 2 | ||||
| -rwxr-xr-x | src/op_mode/wireguard.py | 42 |
2 files changed, 42 insertions, 2 deletions
diff --git a/op-mode-definitions/wireguard.xml b/op-mode-definitions/wireguard.xml index c5c4c9914..e52d0ad76 100644 --- a/op-mode-definitions/wireguard.xml +++ b/op-mode-definitions/wireguard.xml @@ -73,7 +73,7 @@ <script>${vyos_completion_dir}/list_interfaces.py --type wireguard</script> </completionHelp> </properties> - <command>sudo wg show "$4"</command> + <command>sudo ${vyos_op_scripts_dir}/wireguard.py "$4"</command> <children> <leafNode name="allowed-ips"> <properties> diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py index 4e93ec6aa..f6978554d 100755 --- a/src/op_mode/wireguard.py +++ b/src/op_mode/wireguard.py @@ -22,14 +22,16 @@ import sys import shutil import subprocess import syslog as sl +import re +import time from vyos import ConfigError +from vyos.config import Config dir = r'/config/auth/wireguard' psk = dir + '/preshared.key' - def check_kmod(): """ check if kmod is loaded, if not load it """ if not os.path.exists('/sys/module/wireguard'): @@ -39,6 +41,40 @@ def check_kmod(): raise ConfigError("modprobe wireguard failed") +def showint(interface): + output = subprocess.check_output(["wg", "show", interface], universal_newlines=True) + c = Config() + c.set_level("interfaces wireguard {}".format(interface)) + description = c.return_effective_value("description".format(interface)) + """ if the interface has a description, modify the output to include it """ + if (description): + output = re.sub(r"interface: {}".format(re.escape(interface)),"interface: {}\n Description: {}".format(interface,description),output) + + """ pull the last handshake times. Assume if the handshake was greater than 5 minutes, the tunnel is down """ + peer_timeouts = {} + last_hs_output = subprocess.check_output(["wg", "show", interface, "latest-handshakes"], universal_newlines=True) + for match in re.findall(r'(\S+)\s+(\d+)',last_hs_output): + peer_timeouts[match[0]] = match[1] + + """ modify all the peers, reformat to provide VyOS config provided peername, whether the tunnel is up/down """ + for peer in c.list_effective_nodes(' peer'): + pubkey = c.return_effective_value("peer {} pubkey".format(peer)) + status = "" + if int(peer_timeouts[pubkey]) > 0: + #Five minutes and the tunnel is still up + if (time.time() - int(peer_timeouts[pubkey]) < (60*5)): + status = "UP" + else: + status = "DOWN" + elif (peer_timeouts[pubkey] is None): + status = "DOWN" + elif (int(peer_timeouts[pubkey]) == 0): + status = "DOWN" + + output = re.sub(r"peer: {}".format(re.escape(pubkey)),"peer: {}\n Status: {}\n public key: {}".format(peer,status,pubkey),output) + + print(output) + def generate_keypair(pk, pub): """ generates a keypair which is stored in /config/auth/wireguard """ old_umask = os.umask(0o027) @@ -124,6 +160,8 @@ if __name__ == '__main__': '--listkdir', action="store_true", help='lists named keydirectories') parser.add_argument( '--delkdir', action="store_true", help='removes named keydirectories') + parser.add_argument( + '--showinterface', action="store", help='shows interface details') args = parser.parse_args() try: @@ -146,6 +184,8 @@ if __name__ == '__main__': genpsk() if args.listkdir: list_key_dirs() + if args.showinterface: + showint(args.showinterface) if args.delkdir: if args.location: del_key_dir(args.location) |