8 var generateKey
= rpc
.declare({
9 object
: 'luci.wireguard',
10 method
: 'generateKeyPair',
14 var generateQrCode
= rpc
.declare({
15 object
: 'luci.wireguard',
16 method
: 'generateQrCode',
17 params
: ['privkey', 'psk', 'allowed_ips'],
18 expect
: { qr_code
: '' }
21 function validateBase64(section_id
, value
) {
22 if (value
.length
== 0)
25 if (value
.length
!= 44 || !value
.match(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/))
26 return _('Invalid Base64 key string');
28 if (value
[43] != "=" )
29 return _('Invalid Base64 key string');
34 function findSection(sections
, name
) {
35 for (var i
= 0; i
< sections
.length
; i
++) {
36 var section
= sections
[i
];
37 if (section
['.name'] == name
) return section
;
43 function generateDescription(name
, texts
) {
44 return E('li', { 'style': 'color: inherit;' }, [
46 E('ul', texts
.map(function (text
) {
47 return E('li', { 'style': 'color: inherit;' }, text
);
52 return network
.registerProtocol('wireguard', {
54 return _('WireGuard VPN');
57 getIfname: function() {
58 return this._ubus('l3_device') || this.sid
;
61 getOpkgPackage: function() {
62 return 'wireguard-tools';
65 isFloating: function() {
69 isVirtual: function() {
73 getDevices: function() {
77 containsDevice: function(ifname
) {
78 return (network
.getIfnameOf(ifname
) == this.getIfname());
81 renderFormOptions: function(s
) {
84 // -- general ---------------------------------------------------------------------
86 o
= s
.taboption('general', form
.Value
, 'private_key', _('Private Key'), _('Required. Base64-encoded private key for this interface.'));
88 o
.validate
= validateBase64
;
91 o
= s
.taboption('general', form
.Button
, 'generate_key', _('Generate Key'));
92 o
.inputstyle
= 'apply';
93 o
.onclick
= ui
.createHandlerFn(this, function(section_id
, ev
) {
94 return generateKey().then(function(keypair
) {
95 var keyInput
= document
.getElementById('widget.cbid.network.%s.private_key'.format(section_id
)),
96 changeEvent
= new Event('change');
98 keyInput
.value
= keypair
.priv
|| '';
99 keyInput
.dispatchEvent(changeEvent
);
103 o
= s
.taboption('general', form
.Value
, 'listen_port', _('Listen Port'), _('Optional. UDP port used for outgoing and incoming packets.'));
105 o
.placeholder
= _('random');
108 o
= s
.taboption('general', form
.DynamicList
, 'addresses', _('IP Addresses'), _('Recommended. IP addresses of the WireGuard interface.'));
109 o
.datatype
= 'ipaddr';
112 o
= s
.taboption('general', form
.Flag
, 'nohostroute', _('No Host Routes'), _('Optional. Do not create host routes to peers.'));
115 // -- advanced --------------------------------------------------------------------
117 o
= s
.taboption('advanced', form
.Value
, 'mtu', _('MTU'), _('Optional. Maximum Transmission Unit of tunnel interface.'));
118 o
.datatype
= 'range(1280,1420)';
119 o
.placeholder
= '1420';
122 o
= s
.taboption('advanced', form
.Value
, 'fwmark', _('Firewall Mark'), _('Optional. 32-bit mark for outgoing encrypted packets. Enter value in hex, starting with <code>0x</code>.'));
124 o
.validate = function(section_id
, value
) {
125 if (value
.length
> 0 && !value
.match(/^0x[a-fA-F0-9]{1,8}$/))
126 return _('Invalid hexadecimal value');
132 // -- peers -----------------------------------------------------------------------
135 s
.tab('peers', _('Peers'), _('Further information about WireGuard interfaces and peers at <a href=\'http://wireguard.com\'>wireguard.com</a>.'));
139 o
= s
.taboption('peers', form
.SectionValue
, '_peers', form
.TypedSection
, 'wireguard_%s'.format(s
.section
));
140 o
.depends('proto', 'wireguard');
145 ss
.addbtntitle
= _('Add peer');
147 ss
.renderSectionPlaceholder = function() {
150 E('em', _('No peers defined yet'))
154 o
= ss
.option(form
.Value
, 'description', _('Description'), _('Optional. Description of peer.'));
155 o
.placeholder
= 'My Peer';
156 o
.datatype
= 'string';
159 o
= ss
.option(form
.Value
, 'description', _('QR-Code'));
160 o
.render
= L
.bind(function (view
, section_id
) {
161 var sections
= uci
.sections('network');
162 var client
= findSection(sections
, section_id
);
163 var serverName
= this.getIfname();
164 var server
= findSection(sections
, serverName
);
166 var interfaceTexts
= [
167 'PrivateKey: ' + _('A random, on the fly generated "PrivateKey", the key will not be saved on the router')
171 'PublicKey: ' + _('The "PublicKey" of that wg interface'),
172 'AllowedIPs: ' + _('The list of this client\'s "AllowedIPs" or "0.0.0.0/0, ::/0" if not configured'),
173 'PresharedKey: ' + _('If available, the client\'s "PresharedKey"')
177 E('span', '%q<br>%q'.format(_('If there are any unsaved changes for this client, please save the configuration before generating a QR-Code'),
178 _('The QR-Code works per wg interface, it will be refreshed with every button click and transfers the following information:'))),
180 generateDescription('[Interface]', interfaceTexts
),
181 generateDescription('[Peer]', peerTexts
)
185 return E('div', { 'class': 'cbi-value' }, [
186 E('label', { 'class': 'cbi-value-title' }, _('QR-Code')),
188 'style': 'display: flex; flex-direction: column; align-items: baseline;',
189 'id': 'qr-' + section_id
192 'class': 'btn cbi-button cbi-button-apply',
193 'click': ui
.createHandlerFn(this, function (server
, client
, section_id
) {
194 var qrDiv
= document
.getElementById('qr-' + section_id
);
195 var qrEl
= qrDiv
.querySelector('value');
196 var qrBtn
= qrDiv
.querySelector('button');
197 var qrencodeErr
= '<b>%q</b>'.format(
198 _('For QR-Code support please install the qrencode package!'));
200 if (qrEl
.innerHTML
!= '' && qrEl
.innerHTML
!= qrencodeErr
) {
202 qrBtn
.innerHTML
= _('Generate New QR-Code')
204 qrEl
.innerHTML
= _('Loading QR-Code...');
206 generateQrCode(server
.private_key
, client
.preshared_key
,
207 client
.allowed_ips
).then(function (qrCode
) {
209 qrEl
.innerHTML
= qrencodeErr
;
211 qrEl
.innerHTML
= qrCode
;
212 qrBtn
.innerHTML
= _('Hide QR-Code');
216 }, server
, client
, section_id
)
217 }, _('Generate new QR-Code')),
219 'class': 'cbi-section',
220 'style': 'margin: 0;'
222 E('div', { 'class': 'cbi-value-description' }, description
)
227 o
= ss
.option(form
.Value
, 'public_key', _('Public Key'), _('Required. Base64-encoded public key of peer.'));
228 o
.validate
= validateBase64
;
231 o
= ss
.option(form
.Value
, 'preshared_key', _('Preshared Key'), _('Optional. Base64-encoded preshared key. Adds in an additional layer of symmetric-key cryptography for post-quantum resistance.'));
233 o
.validate
= validateBase64
;
236 o
= ss
.option(form
.DynamicList
, 'allowed_ips', _('Allowed IPs'), _("Optional. IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel."));
237 o
.datatype
= 'ipaddr';
240 o
= ss
.option(form
.Flag
, 'route_allowed_ips', _('Route Allowed IPs'), _('Optional. Create routes for Allowed IPs for this peer.'));
242 o
= ss
.option(form
.Value
, 'endpoint_host', _('Endpoint Host'), _('Optional. Host of peer. Names are resolved prior to bringing up the interface.'));
243 o
.placeholder
= 'vpn.example.com';
246 o
= ss
.option(form
.Value
, 'endpoint_port', _('Endpoint Port'), _('Optional. Port of peer.'));
247 o
.placeholder
= '51820';
250 o
= ss
.option(form
.Value
, 'persistent_keepalive', _('Persistent Keep Alive'), _('Optional. Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25.'));
251 o
.datatype
= 'range(0,65535)';
255 deleteConfiguration: function() {
256 uci
.sections('network', 'wireguard_%s'.format(this.sid
), function(s
) {
257 uci
.remove('network', s
['.name']);