8 var generateKey
= rpc
.declare({
9 object
: 'luci.wireguard',
10 method
: 'generateKeyPair',
14 function validateBase64(section_id
, value
) {
15 if (value
.length
== 0)
18 if (value
.length
!= 44 || !value
.match(/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?$/))
19 return _('Invalid Base64 key string');
21 if (value
[43] != "=" )
22 return _('Invalid Base64 key string');
27 return network
.registerProtocol('wireguard', {
29 return _('WireGuard VPN');
32 getIfname: function() {
33 return this._ubus('l3_device') || this.sid
;
36 getOpkgPackage: function() {
37 return 'wireguard-tools';
40 isFloating: function() {
44 isVirtual: function() {
48 getDevices: function() {
52 containsDevice: function(ifname
) {
53 return (network
.getIfnameOf(ifname
) == this.getIfname());
56 renderFormOptions: function(s
) {
59 // -- general ---------------------------------------------------------------------
61 o
= s
.taboption('general', form
.Value
, 'private_key', _('Private Key'), _('Required. Base64-encoded private key for this interface.'));
63 o
.validate
= validateBase64
;
66 o
= s
.taboption('general', form
.Button
, 'generate_key', _('Generate Key'));
67 o
.inputstyle
= 'apply';
68 o
.onclick
= ui
.createHandlerFn(this, function(section_id
, ev
) {
69 return generateKey().then(function(keypair
) {
70 var keyInput
= document
.getElementById('widget.cbid.network.%s.private_key'.format(section_id
)),
71 changeEvent
= new Event('change');
73 keyInput
.value
= keypair
.priv
|| '';
74 keyInput
.dispatchEvent(changeEvent
);
78 o
= s
.taboption('general', form
.Value
, 'listen_port', _('Listen Port'), _('Optional. UDP port used for outgoing and incoming packets.'));
80 o
.placeholder
= _('random');
83 o
= s
.taboption('general', form
.DynamicList
, 'addresses', _('IP Addresses'), _('Recommended. IP addresses of the WireGuard interface.'));
84 o
.datatype
= 'ipaddr';
87 o
= s
.taboption('general', form
.Flag
, 'nohostroute', _('No Host Routes'), _('Optional. Do not create host routes to peers.'));
90 // -- advanced --------------------------------------------------------------------
92 o
= s
.taboption('advanced', form
.Value
, 'mtu', _('MTU'), _('Optional. Maximum Transmission Unit of tunnel interface.'));
93 o
.datatype
= 'range(1280,1420)';
94 o
.placeholder
= '1420';
97 o
= s
.taboption('advanced', form
.Value
, 'fwmark', _('Firewall Mark'), _('Optional. 32-bit mark for outgoing encrypted packets. Enter value in hex, starting with <code>0x</code>.'));
99 o
.validate = function(section_id
, value
) {
100 if (value
.length
> 0 && !value
.match(/^0x[a-fA-F0-9]{1,8}$/))
101 return _('Invalid hexadecimal value');
107 // -- peers -----------------------------------------------------------------------
110 s
.tab('peers', _('Peers'), _('Further information about WireGuard interfaces and peers at <a href=\'http://wireguard.com\'>wireguard.com</a>.'));
114 o
= s
.taboption('peers', form
.SectionValue
, '_peers', form
.TypedSection
, 'wireguard_%s'.format(s
.section
));
115 o
.depends('proto', 'wireguard');
120 ss
.addbtntitle
= _('Add peer');
122 ss
.renderSectionPlaceholder = function() {
125 E('em', _('No peers defined yet'))
129 o
= ss
.option(form
.Value
, 'description', _('Description'), _('Optional. Description of peer.'));
130 o
.placeholder
= 'My Peer';
131 o
.datatype
= 'string';
134 o
= ss
.option(form
.Value
, 'public_key', _('Public Key'), _('Required. Base64-encoded public key of peer.'));
135 o
.validate
= validateBase64
;
138 o
= ss
.option(form
.Value
, 'preshared_key', _('Preshared Key'), _('Optional. Base64-encoded preshared key. Adds in an additional layer of symmetric-key cryptography for post-quantum resistance.'));
140 o
.validate
= validateBase64
;
143 o
= ss
.option(form
.DynamicList
, 'allowed_ips', _('Allowed IPs'), _("Optional. IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel."));
144 o
.datatype
= 'ipaddr';
147 o
= ss
.option(form
.Flag
, 'route_allowed_ips', _('Route Allowed IPs'), _('Optional. Create routes for Allowed IPs for this peer.'));
149 o
= ss
.option(form
.Value
, 'endpoint_host', _('Endpoint Host'), _('Optional. Host of peer. Names are resolved prior to bringing up the interface.'));
150 o
.placeholder
= 'vpn.example.com';
153 o
= ss
.option(form
.Value
, 'endpoint_port', _('Endpoint Port'), _('Optional. Port of peer.'));
154 o
.placeholder
= '51820';
157 o
= ss
.option(form
.Value
, 'persistent_keepalive', _('Persistent Keep Alive'), _('Optional. Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25.'));
158 o
.datatype
= 'range(0,65535)';
162 deleteConfiguration: function() {
163 uci
.sections('network', 'wireguard_%s'.format(this.sid
), function(s
) {
164 uci
.remove('network', s
['.name']);