protocols/luci-proto-wireguard/luasrc/model/cbi/admin_network/proto_wireguard.lua

   1 -- Copyright 2016-2017 Dan Luedtke <mail@danrl.com>
   2 -- Licensed to the public under the Apache License 2.0.
   3
   4
   5 local map, section, net = ...
   6 local ifname = net:get_interface():name()
   7 local private_key, listen_port
   8 local metric, mtu, preshared_key
   9 local peers, public_key, allowed_ips, endpoint, persistent_keepalive
  10
  11
  12 -- general ---------------------------------------------------------------------
  13
  14 private_key = section:taboption(
  15   "general",
  16   Value,
  17   "private_key",
  18   translate("Private Key"),
  19   translate("Required. Base64-encoded private key for this interface.")
  20 )
  21 private_key.password = true
  22 private_key.datatype = "and(base64,rangelength(44,44))"
  23 private_key.optional = false
  24
  25
  26 listen_port = section:taboption(
  27   "general",
  28   Value,
  29   "listen_port",
  30   translate("Listen Port"),
  31   translate("Optional. UDP port used for outgoing and incoming packets.")
  32 )
  33 listen_port.datatype = "port"
  34 listen_port.placeholder = "51820"
  35 listen_port.optional = true
  36
  37 addresses = section:taboption(
  38   "general",
  39   DynamicList,
  40   "addresses",
  41   translate("IP Addresses"),
  42   translate("Recommended. IP addresses of the WireGuard interface.")
  43 )
  44 addresses.datatype = "ipaddr"
  45 addresses.optional = true
  46
  47
  48 -- advanced --------------------------------------------------------------------
  49
  50 metric = section:taboption(
  51   "advanced",
  52   Value,
  53   "metric",
  54   translate("Metric"),
  55   translate("Optional.")
  56 )
  57 metric.datatype = "uinteger"
  58 metric.placeholder = "0"
  59 metric.optional = true
  60
  61
  62 mtu = section:taboption(
  63   "advanced",
  64   Value,
  65   "mtu",
  66   translate("MTU"),
  67   translate("Optional. Maximum Transmission Unit of tunnel interface.")
  68 )
  69 mtu.datatype = "range(1280,1420)"
  70 mtu.placeholder = "1420"
  71 mtu.optional = true
  72
  73
  74 preshared_key = section:taboption(
  75   "advanced",
  76   Value,
  77   "preshared_key",
  78   translate("Preshared Key"),
  79   translate("Optional. Base64-encoded preshared key. " ..
  80             "Adds in an additional layer of symmetric-key " ..
  81             "cryptography for post-quantum resistance.")
  82 )
  83 preshared_key.password = true
  84 preshared_key.datatype = "and(base64,rangelength(44,44))"
  85 preshared_key.optional = true
  86
  87
  88 fwmark = section:taboption(
  89   "advanced",
  90   Value,
  91   "fwmark",
  92   translate("Firewall Mark"),
  93   translate("Optional. 32-bit mark for outgoing encrypted packets. " ..
  94             "Enter value in hex, starting with <code>0x</code>.")
  95 )
  96 fwmark.datatype = "hex(4)"
  97 fwmark.optional = true
  98
  99
 100 -- peers -----------------------------------------------------------------------
 101
 102 peers = map:section(
 103   TypedSection,
 104   "wireguard_" .. ifname,
 105   translate("Peers"),
 106   translate("Further information about WireGuard interfaces and peers " ..
 107             "at <a href=\"http://wireguard.io\">wireguard.io</a>.")
 108 )
 109 peers.template = "cbi/tsection"
 110 peers.anonymous = true
 111 peers.addremove = true
 112
 113
 114 public_key = peers:option(
 115   Value,
 116   "public_key",
 117   translate("Public Key"),
 118   translate("Required. Base64-encoded public key of peer.")
 119 )
 120 public_key.datatype = "and(base64,rangelength(44,44))"
 121 public_key.optional = false
 122
 123
 124 allowed_ips = peers:option(
 125   DynamicList,
 126   "allowed_ips",
 127   translate("Allowed IPs"),
 128   translate("Required. IP addresses and prefixes that this peer is allowed " ..
 129             "to use inside the tunnel. Usually the peer's tunnel IP " ..
 130             "addresses and the networks the peer routes through the tunnel.")
 131 )
 132 allowed_ips.datatype = "ipaddr"
 133 allowed_ips.optional = false
 134
 135
 136 route_allowed_ips = peers:option(
 137   Flag,
 138   "route_allowed_ips",
 139   translate("Route Allowed IPs"),
 140   translate("Optional. Create routes for Allowed IPs for this peer.")
 141 )
 142
 143
 144 endpoint_host = peers:option(
 145   Value,
 146   "endpoint_host",
 147   translate("Endpoint Host"),
 148   translate("Optional. Host of peer. Names are resolved " ..
 149             "prior to bringing up the interface."))
 150 endpoint_host.placeholder = "vpn.example.com"
 151 endpoint_host.datatype = "host"
 152
 153
 154 endpoint_port = peers:option(
 155   Value,
 156   "endpoint_port",
 157   translate("Endpoint Port"),
 158   translate("Optional. Port of peer."))
 159 endpoint_port.placeholder = "51820"
 160 endpoint_port.datatype = "port"
 161
 162
 163 persistent_keepalive = peers:option(
 164   Value,
 165   "persistent_keepalive",
 166   translate("Persistent Keep Alive"),
 167   translate("Optional. Seconds between keep alive messages. " ..
 168             "Default is 0 (disabled). Recommended value if " ..
 169             "this device is behind a NAT is 25."))
 170 persistent_keepalive.datatype = "range(0,65535)"
 171 persistent_keepalive.placeholder = "0"