2019-07-06 23:52:40 +02:00
|
|
|
. /lib/functions.sh
|
|
|
|
. /lib/functions/fff/network
|
|
|
|
. /lib/functions/fff/babel
|
|
|
|
|
|
|
|
#load board specific properties
|
|
|
|
BOARD="$(uci get board.model.name)"
|
|
|
|
. /etc/network.$BOARD
|
|
|
|
|
|
|
|
configure() {
|
|
|
|
# remove peers missing in gateway config
|
|
|
|
remove_wgpeer() {
|
|
|
|
local name="$1"
|
|
|
|
|
|
|
|
# check prefix
|
|
|
|
if [ "$name" = "${name#wg_}" ]; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! uci -q get gateway.${name#wg_} > /dev/null; then
|
|
|
|
# remove interface
|
|
|
|
uci -q del network.$name
|
|
|
|
# remove wireguard config
|
|
|
|
uci -q del network.@wireguard_$name[0]
|
|
|
|
|
|
|
|
# remove iif-rules
|
|
|
|
babel_delete_iifrules "$name"
|
|
|
|
# remove babel interface
|
|
|
|
babel_delete_interface "$name"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2021-02-15 00:32:53 +01:00
|
|
|
config_load network
|
2019-07-06 23:52:40 +02:00
|
|
|
config_foreach remove_wgpeer interface
|
|
|
|
|
|
|
|
|
|
|
|
# add new peers
|
|
|
|
add_wgpeer() {
|
|
|
|
local name="$1"
|
|
|
|
local prefixname="wg_$name"
|
|
|
|
|
|
|
|
# ensure name length
|
|
|
|
if [ ${#name} -gt 12 ]; then
|
|
|
|
echo "ERROR: name $name is too long!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
# get rxcost
|
|
|
|
if rxcost=$(uci -q get gateway.$name.rxcost); then
|
|
|
|
rxcost="$rxcost"
|
|
|
|
else
|
|
|
|
rxcost=16384
|
|
|
|
fi
|
|
|
|
|
|
|
|
# get wireguard properties
|
|
|
|
local privkey
|
|
|
|
local pubkey
|
|
|
|
local endpoint_host
|
|
|
|
local endpoint_port
|
|
|
|
local persistent_keepalive
|
|
|
|
local mtu
|
|
|
|
|
2019-08-19 22:02:55 +02:00
|
|
|
if ! privkey=$(uci -q get gateway.$name.local_private_key); then
|
2019-07-06 23:52:40 +02:00
|
|
|
privkey=$(wg genkey)
|
2019-08-19 22:02:55 +02:00
|
|
|
uci set gateway.$name.local_private_key="$privkey"
|
2019-07-06 23:52:40 +02:00
|
|
|
fi
|
|
|
|
|
2019-08-19 22:02:55 +02:00
|
|
|
if ! pubkey=$(uci get gateway.$name.remote_public_key); then
|
2019-07-06 23:52:40 +02:00
|
|
|
echo "ERROR: publickey for ${name} missing!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! endpoint_host=$(uci get gateway.$name.endpoint_host); then
|
|
|
|
echo "ERROR: endpoint_host for ${name} missing!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! endpoint_port=$(uci get gateway.$name.endpoint_port); then
|
|
|
|
echo "ERROR: endpoint_port for ${name} missing!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
persistent_keepalive=$(uci -q get gateway.$name.persistent_keepalive)
|
|
|
|
mtu=$(uci -q get gateway.$name.mtu)
|
|
|
|
|
|
|
|
|
|
|
|
# add interface
|
|
|
|
uci set network.$prefixname=interface
|
|
|
|
uci set network.$prefixname.proto=wireguard
|
|
|
|
uci set network.$prefixname.nohostroute='1'
|
|
|
|
uci set network.$prefixname.fwmark='0xc8'
|
|
|
|
uci set network.$prefixname.mtu="${mtu:-1420}"
|
|
|
|
|
|
|
|
uci set network.$prefixname.private_key="$privkey"
|
2019-08-19 22:02:55 +02:00
|
|
|
echo "INFO: publickey for wireguardpeer ${name}: $(uci get gateway.$name.local_private_key | wg pubkey)"
|
2019-07-06 23:52:40 +02:00
|
|
|
|
|
|
|
|
|
|
|
# add wireguard properties
|
|
|
|
if uci -q get network.@wireguard_$prefixname[0] > /dev/null; then
|
|
|
|
#config already exists
|
|
|
|
cfg="@wireguard_$prefixname[0]"
|
|
|
|
else
|
|
|
|
#create new config
|
|
|
|
cfg=$(uci add network wireguard_$prefixname)
|
|
|
|
fi
|
|
|
|
|
|
|
|
uci set network.$cfg.public_key="$pubkey"
|
|
|
|
uci set network.$cfg.endpoint_host="$endpoint_host"
|
|
|
|
uci set network.$cfg.endpoint_port="$endpoint_port"
|
|
|
|
uci set network.$cfg.persistent_keepalive="$persistent_keepalive"
|
|
|
|
uci -q delete network.$cfg.allowed_ips
|
|
|
|
uci add_list network.$cfg.allowed_ips='::/0'
|
|
|
|
uci add_list network.$cfg.allowed_ips='0.0.0.0/0'
|
|
|
|
|
|
|
|
|
|
|
|
# remove old addresses
|
|
|
|
uci -q del network.$prefixname.addresses
|
|
|
|
|
|
|
|
# add link local address
|
2021-01-13 21:12:54 +01:00
|
|
|
uci add_list network.$prefixname.addresses="$(owipcalc "fe80::/64" add "::$(ipEUISuffix "$ROUTERMAC")")"
|
2019-07-06 23:52:40 +02:00
|
|
|
|
|
|
|
# add peer_ip
|
|
|
|
babel_add_peeraddr "network.$prefixname.addresses"
|
|
|
|
babel_add_peer6addr "network.$prefixname.addresses"
|
|
|
|
|
|
|
|
# add iif-rules
|
|
|
|
babel_add_iifrules "$prefixname" || { echo "ERROR: Could not add iif-rules for wgpeer $name"; exit 1; }
|
|
|
|
|
|
|
|
# add babel interface
|
2021-02-15 00:34:56 +01:00
|
|
|
babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babel interface for wgpeer $name"; exit 1; }
|
2019-07-06 23:52:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
config_load gateway
|
|
|
|
config_foreach add_wgpeer wireguardpeer
|
|
|
|
}
|
|
|
|
|
2019-12-30 12:05:56 +01:00
|
|
|
apply() {
|
2019-07-06 23:52:40 +02:00
|
|
|
uci commit network
|
|
|
|
uci commit gateway
|
2021-02-15 00:43:54 +01:00
|
|
|
babel_apply
|
|
|
|
}
|
|
|
|
|
|
|
|
reload() {
|
|
|
|
babel_reload
|
2019-07-06 23:52:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
revert() {
|
|
|
|
uci revert network
|
|
|
|
uci revert gateway
|
2021-02-15 00:43:54 +01:00
|
|
|
babel_revert
|
2019-07-06 23:52:40 +02:00
|
|
|
}
|