6 function validateBase64(section_id
, value
) {
10 if (value
.length
!= 44 || !value
.match(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/))
11 return _('Invalid Base64 key string');
16 return network
.registerProtocol('wireguard', {
18 return _('WireGuard VPN');
21 getIfname: function() {
22 return this._ubus('l3_device') || this.sid
;
25 getOpkgPackage: function() {
26 return 'wireguard-tools';
29 isFloating: function() {
33 isVirtual: function() {
37 getDevices: function() {
41 containsDevice: function(ifname
) {
42 return (network
.getIfnameOf(ifname
) == this.getIfname());
45 renderFormOptions: function(s
) {
48 // -- general ---------------------------------------------------------------------
50 o
= s
.taboption('general', form
.Value
, 'private_key', _('Private Key'), _('Required. Base64-encoded private key for this interface.'));
52 o
.validate
= validateBase64
;
55 o
= s
.taboption('general', form
.Value
, 'listen_port', _('Listen Port'), _('Optional. UDP port used for outgoing and incoming packets.'));
57 o
.placeholder
= _('random');
60 o
= s
.taboption('general', form
.DynamicList
, 'addresses', _('IP Addresses'), _('Recommended. IP addresses of the WireGuard interface.'));
61 o
.datatype
= 'ipaddr';
64 o
= s
.taboption('general', form
.Flag
, 'nohostroute', _('No Host Routes'), _('Optional. Do not create host routes to peers.'));
67 // -- advanced --------------------------------------------------------------------
69 o
= s
.taboption('advanced', form
.Value
, 'metric', _('Metric'), _('Optional'));
70 o
.datatype
= 'uinteger';
74 o
= s
.taboption('advanced', form
.Value
, 'mtu', _('MTU'), _('Optional. Maximum Transmission Unit of tunnel interface.'));
75 o
.datatype
= 'range(1280,1420)';
76 o
.placeholder
= '1420';
79 o
= s
.taboption('advanced', form
.Value
, 'fwmark', _('Firewall Mark'), _('Optional. 32-bit mark for outgoing encrypted packets. Enter value in hex, starting with <code>0x</code>.'));
81 o
.validate = function(section_id
, value
) {
82 if (value
.length
> 0 && !value
.match(/^0x[a-fA-F0-9]{1,4}$/))
83 return _('Invalid hexadecimal value');
89 // -- peers -----------------------------------------------------------------------
92 s
.tab('peers', _('Peers'), _('Further information about WireGuard interfaces and peers at <a href=\'http://wireguard.com\'>wireguard.com</a>.'));
96 o
= s
.taboption('peers', form
.SectionValue
, '_peers', form
.TypedSection
, 'wireguard_%s'.format(s
.section
));
97 o
.depends('proto', 'wireguard');
102 ss
.addbtntitle
= _('Add peer');
104 ss
.renderSectionPlaceholder = function() {
107 E('em', _('No peers defined yet'))
111 o
= ss
.option(form
.Value
, 'description', _('Description'), _('Optional. Description of peer.'));
112 o
.placeholder
= 'My Peer';
113 o
.datatype
= 'string';
116 o
= ss
.option(form
.Value
, 'public_key', _('Public Key'), _('Required. Base64-encoded public key of peer.'));
117 o
.validate
= validateBase64
;
120 o
= ss
.option(form
.Value
, 'preshared_key', _('Preshared Key'), _('Optional. Base64-encoded preshared key. Adds in an additional layer of symmetric-key cryptography for post-quantum resistance.'));
122 o
.validate
= validateBase64
;
125 o
= ss
.option(form
.DynamicList
, 'allowed_ips', _('Allowed IPs'), _("Required. IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel."));
126 o
.datatype
= 'ipaddr';
127 o
.validate = function(section
, value
) {
128 var opt
= this.map
.lookupOption('allowed_ips', section
);
129 var ips
= opt
[0].formvalue(section
);
130 if (ips
.length
== 0) {
131 return _('Value must not be empty');
136 o
= ss
.option(form
.Flag
, 'route_allowed_ips', _('Route Allowed IPs'), _('Optional. Create routes for Allowed IPs for this peer.'));
138 o
= ss
.option(form
.Value
, 'endpoint_host', _('Endpoint Host'), _('Optional. Host of peer. Names are resolved prior to bringing up the interface.'));
139 o
.placeholder
= 'vpn.example.com';
142 o
= ss
.option(form
.Value
, 'endpoint_port', _('Endpoint Port'), _('Optional. Port of peer.'));
143 o
.placeholder
= '51820';
146 o
= ss
.option(form
.Value
, 'persistent_keepalive', _('Persistent Keep Alive'), _('Optional. Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25.'));
147 o
.datatype
= 'range(0,65535)';
151 deleteConfiguration: function() {
152 uci
.sections('network', 'wireguard_%s'.format(this.sid
), function(s
) {
153 uci
.remove('network', s
['.name']);