projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
luci-proto-wireguard: add warning that allowed_ips must not be empty
[project/luci.git] / protocols / luci-proto-wireguard / htdocs / luci-static / resources / protocol / wireguard.js
1 'use strict';
2 'require uci';
3 'require form';
4 'require network';
5
6 function validateBase64(section_id, value) {
7 if (value.length == 0)
8 return true;
9
10 if (value.length != 44 || !value.match(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/))
11 return _('Invalid Base64 key string');
12
13 return true;
14 }
15
16 return network.registerProtocol('wireguard', {
17 getI18n: function() {
18 return _('WireGuard VPN');
19 },
20
21 getIfname: function() {
22 return this._ubus('l3_device') || this.sid;
23 },
24
25 getOpkgPackage: function() {
26 return 'wireguard-tools';
27 },
28
29 isFloating: function() {
30 return true;
31 },
32
33 isVirtual: function() {
34 return true;
35 },
36
37 getDevices: function() {
38 return null;
39 },
40
41 containsDevice: function(ifname) {
42 return (network.getIfnameOf(ifname) == this.getIfname());
43 },
44
45 renderFormOptions: function(s) {
46 var o, ss;
47
48 // -- general ---------------------------------------------------------------------
49
50 o = s.taboption('general', form.Value, 'private_key', _('Private Key'), _('Required. Base64-encoded private key for this interface.'));
51 o.password = true;
52 o.validate = validateBase64;
53 o.rmempty = false;
54
55 o = s.taboption('general', form.Value, 'listen_port', _('Listen Port'), _('Optional. UDP port used for outgoing and incoming packets.'));
56 o.datatype = 'port';
57 o.placeholder = _('random');
58 o.optional = true;
59
60 o = s.taboption('general', form.DynamicList, 'addresses', _('IP Addresses'), _('Recommended. IP addresses of the WireGuard interface.'));
61 o.datatype = 'ipaddr';
62 o.optional = true;
63
64 o = s.taboption('general', form.Flag, 'nohostroute', _('No Host Routes'), _('Optional. Do not create host routes to peers.'));
65 o.optional = true;
66
67 // -- advanced --------------------------------------------------------------------
68
69 o = s.taboption('advanced', form.Value, 'metric', _('Metric'), _('Optional'));
70 o.datatype = 'uinteger';
71 o.placeholder = '0';
72 o.optional = true;
73
74 o = s.taboption('advanced', form.Value, 'mtu', _('MTU'), _('Optional. Maximum Transmission Unit of tunnel interface.'));
75 o.datatype = 'range(1280,1420)';
76 o.placeholder = '1420';
77 o.optional = true;
78
79 o = s.taboption('advanced', form.Value, 'fwmark', _('Firewall Mark'), _('Optional. 32-bit mark for outgoing encrypted packets. Enter value in hex, starting with <code>0x</code>.'));
80 o.optional = true;
81 o.validate = function(section_id, value) {
82 if (value.length > 0 && !value.match(/^0x[a-fA-F0-9]{1,4}$/))
83 return _('Invalid hexadecimal value');
84
85 return true;
86 };
87
88
89 // -- peers -----------------------------------------------------------------------
90
91 try {
92 s.tab('peers', _('Peers'), _('Further information about WireGuard interfaces and peers at <a href=\'http://wireguard.com\'>wireguard.com</a>.'));
93 }
94 catch(e) {}
95
96 o = s.taboption('peers', form.SectionValue, '_peers', form.TypedSection, 'wireguard_%s'.format(s.section));
97 o.depends('proto', 'wireguard');
98
99 ss = o.subsection;
100 ss.anonymous = true;
101 ss.addremove = true;
102 ss.addbtntitle = _('Add peer');
103
104 ss.renderSectionPlaceholder = function() {
105 return E([], [
106 E('br'),
107 E('em', _('No peers defined yet'))
108 ]);
109 };
110
111 o = ss.option(form.Value, 'description', _('Description'), _('Optional. Description of peer.'));
112 o.placeholder = 'My Peer';
113 o.datatype = 'string';
114 o.optional = true;
115
116 o = ss.option(form.Value, 'public_key', _('Public Key'), _('Required. Base64-encoded public key of peer.'));
117 o.validate = validateBase64;
118 o.rmempty = false;
119
120 o = ss.option(form.Value, 'preshared_key', _('Preshared Key'), _('Optional. Base64-encoded preshared key. Adds in an additional layer of symmetric-key cryptography for post-quantum resistance.'));
121 o.password = true;
122 o.validate = validateBase64;
123 o.optional = true;
124
125 o = ss.option(form.DynamicList, 'allowed_ips', _('Allowed IPs'), _("Required. IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel."));
126 o.datatype = 'ipaddr';
127 o.validate = function(section, value) {
128 var opt = this.map.lookupOption('allowed_ips', section);
129 var ips = opt[0].formvalue(section);
130 if (ips.length == 0) {
131 return _('Value must not be empty');
132 }
133 return true;
134 };
135
136 o = ss.option(form.Flag, 'route_allowed_ips', _('Route Allowed IPs'), _('Optional. Create routes for Allowed IPs for this peer.'));
137
138 o = ss.option(form.Value, 'endpoint_host', _('Endpoint Host'), _('Optional. Host of peer. Names are resolved prior to bringing up the interface.'));
139 o.placeholder = 'vpn.example.com';
140 o.datatype = 'host';
141
142 o = ss.option(form.Value, 'endpoint_port', _('Endpoint Port'), _('Optional. Port of peer.'));
143 o.placeholder = '51820';
144 o.datatype = 'port';
145
146 o = ss.option(form.Value, 'persistent_keepalive', _('Persistent Keep Alive'), _('Optional. Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25.'));
147 o.datatype = 'range(0,65535)';
148 o.placeholder = '0';
149 },
150
151 deleteConfiguration: function() {
152 uci.sections('network', 'wireguard_%s'.format(this.sid), function(s) {
153 uci.remove('network', s['.name']);
154 });
155 }
156 });
Lua Configuration Interface (mirror)