gluon-mesh-vpn-core: add wireguard support

2019-08-24 13:54:44 +02:00 · 2019-08-24 13:54:44 +02:00 · bf8f3040ec
commit bf8f3040ec
parent 43995c4624
2 changed files with 29 additions and 13 deletions
--- a/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/reboot/0100-mesh-vpn.lua
+++ b/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/reboot/0100-mesh-vpn.lua
@ -35,6 +35,15 @@ elseif has_fastd then
 	else
 		msg = site_i18n._translate('gluon-config-mode:novpn')
 	end
+elseif has_wireguard then
+	local wireguard_enabled = uci:get_bool("wireguard", "mesh_vpn", "enabled")
+	if wireguard_enabled then
+		local secret = util.trim(util.exec("/usr/bin/gluon-mesh-vpn-wireguard-get-or-create-secret"))
+		pubkey = util.trim(util.exec("/usr/bin/wg pubkey < " .. secret))
+		msg = site_i18n._translate('gluon-config-mode:pubkey')
+	else
+		msg = site_i18n._translate('gluon-config-mode:novpn')
+	end
 end

 if not msg then return end
--- a/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn
+++ b/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn
@ -8,16 +8,19 @@ local uci = require('simple-uci').cursor()
 local unistd = require 'posix.unistd'


-uci:section('network', 'interface', 'mesh_vpn', {
-	ifname = 'mesh-vpn',
-	proto = 'gluon_mesh',
-	transitive = true,
-	fixed_mtu = true,
-	macaddr = util.generate_mac(7),
-	mtu = site.mesh_vpn.mtu(),
-})
-
-uci:save('network')
+if not unistd.access('/lib/gluon/mesh-vpn/wireguard') then
+	-- wireguard brings its own mechanism for creating interfaces as it
+	-- requires one interface per peer.
+	uci:section('network', 'interface', 'mesh_vpn', {
+		ifname = 'mesh-vpn',
+		proto = 'gluon_mesh',
+		transitive = true,
+		fixed_mtu = true,
+		macaddr = util.generate_mac(7),
+		mtu = site.mesh_vpn.mtu(),
+	})
+	uci:save('network')
+end


 -- The previously used user and group are removed, we now have a generic group
@ -40,10 +43,13 @@ if not uci:get('gluon', 'mesh_vpn') then
 		vpn = 'fastd'
 	elseif unistd.access('/lib/gluon/mesh-vpn/tunneldigger') then
 		vpn = 'tunneldigger'
+	elseif  unistd.access('/lib/gluon/mesh-vpn/wireguard') then
+		vpn = 'wireguard'
 	end

 	local fastd_enabled = uci:get('fastd', 'mesh_vpn', 'enabled')
 	local tunneldigger_enabled = uci:get('tunneldigger', 'mesh_vpn', 'enabled')
+	local wireguard_enabled = uci:get('wireguard', 'mesh_vpn', 'enabled')

 	local enabled

@ -52,15 +58,16 @@ if not uci:get('gluon', 'mesh_vpn') then
 		enabled = fastd_enabled == '1'
 	elseif vpn == 'tunneldigger' and tunneldigger_enabled then
 		enabled = tunneldigger_enabled == '1'
+	elseif vpn == 'wireguard' and wireguard_enabled then
+		enabled = wireguard_enabled == '1'
 	-- Otherwise, migrate the other package's value if any is set
-	elseif fastd_enabled or tunneldigger_enabled then
-		enabled = fastd_enabled == '1' or tunneldigger_enabled == '1'
+	elseif fastd_enabled or tunneldigger_enabled or wireguard_enabled then
+		enabled = fastd_enabled == '1' or tunneldigger_enabled == '1' or wireguard_enabled == '1'
 	-- If nothing is set, use the default
 	else
 		enabled = site.mesh_vpn.enabled(false)
 	end

-
 	local limit_enabled = tonumber((uci:get('simple-tc', 'mesh_vpn', 'enabled')))
 	if limit_enabled == nil then
 		limit_enabled = site.mesh_vpn.bandwidth_limit.enabled(false)