mark
/
firmware
forked from freifunk-franken/firmware
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
firmware/src/packages/fff/fff-wireguard/files/etc/layer3.d/50-wireguard

148 lines
3.6 KiB
Plaintext
Raw Blame History

. /lib/functions.sh
. /lib/functions/fff/network
. /lib/functions/fff/babel
#load board specific properties
BOARD="$(uci get board.model.name)"
. /etc/network.$BOARD
[ -n "$ROUTERMAC" ] || ROUTERMAC=$(get_mac_label)
configure() {
# remove peers missing in gateway config
remove_wgpeer() {
local name="$1"
# check prefix
if [ "$name" = "${name#wg_}" ]; then
return
fi
if ! uci -q get gateway.${name#wg_} > /dev/null; then
# remove interface
uci -q del network.$name
# remove wireguard config
uci -q del network.@wireguard_$name[0]
# remove iif-rules
babel_delete_iifrules "$name"
# remove babel interface
babel_delete_interface "$name"
fi
}
config_load babeld
config_foreach remove_wgpeer interface
# add new peers
add_wgpeer() {
local name="$1"
local prefixname="wg_$name"
# ensure name length
if [ ${#name} -gt 12 ]; then
echo "ERROR: name $name is too long!"
exit 1
fi
# get rxcost
if rxcost=$(uci -q get gateway.$name.rxcost); then
rxcost="$rxcost"
else
rxcost=16384
fi
# get wireguard properties
local privkey
local pubkey
local endpoint_host
local endpoint_port
local persistent_keepalive
local mtu
if ! privkey=$(uci -q get gateway.$name.local_private_key); then
privkey=$(wg genkey)
uci set gateway.$name.local_private_key="$privkey"
fi
if ! pubkey=$(uci get gateway.$name.remote_public_key); then
echo "ERROR: publickey for ${name} missing!"
exit 1
fi
if ! endpoint_host=$(uci get gateway.$name.endpoint_host); then
echo "ERROR: endpoint_host for ${name} missing!"
exit 1
fi
if ! endpoint_port=$(uci get gateway.$name.endpoint_port); then
echo "ERROR: endpoint_port for ${name} missing!"
exit 1
fi
persistent_keepalive=$(uci -q get gateway.$name.persistent_keepalive)
mtu=$(uci -q get gateway.$name.mtu)
# add interface
uci set network.$prefixname=interface
uci set network.$prefixname.proto=wireguard
uci set network.$prefixname.nohostroute='1'
uci set network.$prefixname.fwmark='0xc8'
uci set network.$prefixname.mtu="${mtu:-1420}"
uci set network.$prefixname.private_key="$privkey"
echo "INFO: publickey for wireguardpeer ${name}: $(uci get gateway.$name.local_private_key | wg pubkey)"
# add wireguard properties
if uci -q get network.@wireguard_$prefixname[0] > /dev/null; then
#config already exists
cfg="@wireguard_$prefixname[0]"
else
#create new config
cfg=$(uci add network wireguard_$prefixname)
fi
uci set network.$cfg.public_key="$pubkey"
uci set network.$cfg.endpoint_host="$endpoint_host"
uci set network.$cfg.endpoint_port="$endpoint_port"
uci set network.$cfg.persistent_keepalive="$persistent_keepalive"
uci -q delete network.$cfg.allowed_ips
uci add_list network.$cfg.allowed_ips='::/0'
uci add_list network.$cfg.allowed_ips='0.0.0.0/0'
# remove old addresses
uci -q del network.$prefixname.addresses
# add link local address
uci add_list network.$prefixname.addresses="$(owipcalc "fe80::/64" add "::$(ipEUISuffix "$ROUTERMAC")")"
# add peer_ip
babel_add_peeraddr "network.$prefixname.addresses"
babel_add_peer6addr "network.$prefixname.addresses"
# add iif-rules
babel_add_iifrules "$prefixname" || { echo "ERROR: Could not add iif-rules for wgpeer $name"; exit 1; }
# add babel interface
babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babeld interface for wgpeer $name"; exit 1; }
}
config_load gateway
config_foreach add_wgpeer wireguardpeer
}
apply() {
uci commit network
uci commit babeld
uci commit gateway
}
revert() {
uci revert network
uci revert babeld
uci revert gateway
}
Reference in New Issue View Git Blame Copy Permalink