add IPv6 support

4 years ago · 00f3fff15e
9 changed files with 128 additions and 6 deletions
--- a/3
+++ b/3
@ -36,7 +36,8 @@ RUN npm i -g nodemon
 # Install Linux packages
 RUN apk add -U --no-cache \
  wireguard-tools \
-  dumb-init
+  dumb-init \
+  ip6tables

 # Expose Ports
 EXPOSE 51820/udp
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,4 +1,5 @@
 version: "3.8"
+
 services:
  wg-easy:
    environment:
@ -10,12 +11,18 @@ services:
      # - PASSWORD=foobar123
      # - WG_PORT=51820
      # - WG_DEFAULT_ADDRESS=10.8.0.x
-      # - WG_DEFAULT_DNS=1.1.1.1
+      # - WG_DEFAULT_ADDRESS6=fd42:beef::x
+      # - WG_DEFAULT_DNS=1.0.0.1
+      # - WG_DEFAULT_DNS6=2606:4700:4700::1001
      # - WG_MTU=1420
      # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
      
    image: weejewel/wg-easy
    container_name: wg-easy
+    networks:
+      wg:
+        ipv4_address: 10.42.42.42
+        ipv6_address: fd00:42::42
    volumes:
      - .:/etc/wireguard
    ports:
@ -28,3 +35,16 @@ services:
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
+      - net.ipv6.conf.all.disable_ipv6=0
+      - net.ipv6.conf.all.forwarding=1
+      - net.ipv6.conf.default.forwarding=1
+
+networks:
+  wg:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.42.42.0/24
+        - subnet: fd00:42::/120
--- a/src/config.js
+++ b/src/config.js
@ -11,9 +11,13 @@ module.exports.WG_PORT = process.env.WG_PORT || 51820;
 module.exports.WG_MTU = process.env.WG_MTU || null;
 module.exports.WG_PERSISTENT_KEEPALIVE = process.env.WG_PERSISTENT_KEEPALIVE || 0;
 module.exports.WG_DEFAULT_ADDRESS = process.env.WG_DEFAULT_ADDRESS || '10.8.0.x';
+module.exports.WG_DEFAULT_ADDRESS6 = process.env.WG_DEFAULT_ADDRESS6 || 'fd80:cafe::x';
 module.exports.WG_DEFAULT_DNS = typeof process.env.WG_DEFAULT_DNS === 'string'
  ? process.env.WG_DEFAULT_DNS
  : '1.1.1.1';
+module.exports.WG_DEFAULT_DNS6 = typeof process.env.WG_DEFAULT_DNS6 === 'string'
+    ? process.env.WG_DEFAULT_DNS6
+    : '2606:4700:4700::1111';
 module.exports.WG_ALLOWED_IPS = process.env.WG_ALLOWED_IPS || '0.0.0.0/0, ::/0';

 module.exports.WG_POST_UP = process.env.WG_POST_UP || `
@ -21,6 +25,11 @@ iptables -t nat -A POSTROUTING -s ${module.exports.WG_DEFAULT_ADDRESS.replace('x
 iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT;
 iptables -A FORWARD -i wg0 -j ACCEPT;
 iptables -A FORWARD -o wg0 -j ACCEPT;
+ip6tables -t nat -A POSTROUTING -s ${module.exports.WG_DEFAULT_ADDRESS6.replace('x', '')}/120 -o eth0 -j MASQUERADE;
+ip6tables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT;
+ip6tables -A FORWARD -i wg0 -j ACCEPT;
+ip6tables -A FORWARD -o wg0 -j ACCEPT;
 `.split('\n').join(' ');

+
 module.exports.WG_POST_DOWN = process.env.WG_POST_DOWN || '';
--- a/src/lib/Server.js
+++ b/src/lib/Server.js
@ -130,6 +130,11 @@ module.exports = class Server {
        const { address } = req.body;
        return WireGuard.updateClientAddress({ clientId, address });
      }))
+      .put('/api/wireguard/client/:clientId/address6', Util.promisify(async req => {
+        const { clientId } = req.params;
+        const { address6 } = req.body;
+        return WireGuard.updateClientAddress6({ clientId, address6 });
+      }))

      .listen(PORT, () => {
        debug(`Listening on http://0.0.0.0:${PORT}`);
--- a/src/lib/Util.js
+++ b/src/lib/Util.js
@ -17,6 +17,13 @@ module.exports = class Util {
    return true;
  }

+  static isValidIPv6(str) {
+    // Regex source : https://stackoverflow.com/a/17871737
+    const regex = new RegExp('(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))');
+    const matches = str.match(regex);
+    return !!matches;
+  }
+
  static promisify(fn) {
    // eslint-disable-next-line func-names
    return function(req, res) {
--- a/src/lib/WireGuard.js
+++ b/src/lib/WireGuard.js
@ -16,7 +16,9 @@ const {
  WG_PORT,
  WG_MTU,
  WG_DEFAULT_DNS,
+  WG_DEFAULT_DNS6,
  WG_DEFAULT_ADDRESS,
+  WG_DEFAULT_ADDRESS6,
  WG_PERSISTENT_KEEPALIVE,
  WG_ALLOWED_IPS,
  WG_POST_UP,
@ -44,12 +46,14 @@ module.exports = class WireGuard {
            log: 'echo ***hidden*** | wg pubkey',
          });
          const address = WG_DEFAULT_ADDRESS.replace('x', '1');
+          const address6 = WG_DEFAULT_ADDRESS6.replace('x', '1');

          config = {
            server: {
              privateKey,
              publicKey,
              address,
+              address6,
            },
            clients: {},
          };
@ -69,6 +73,10 @@ module.exports = class WireGuard {
        // await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
        // await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
        // await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
+        // await Util.exec(`ip6tables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS6.replace('x', '')}/120 -o eth0 -j MASQUERADE`);
+        // await Util.exec('ip6tables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
+        // await Util.exec('ip6tables -A FORWARD -i wg0 -j ACCEPT');
+        // await Util.exec('ip6tables -A FORWARD -o wg0 -j ACCEPT');
        await this.__syncConfig();

        return config;
@ -92,7 +100,7 @@ module.exports = class WireGuard {
 # Server
 [Interface]
 PrivateKey = ${config.server.privateKey}
-Address = ${config.server.address}/24
+Address = ${config.server.address}/24, ${config.server.address6}/120
 ListenPort = 51820
 PostUp = ${WG_POST_UP}
 PostDown = ${WG_POST_DOWN}
@ -107,7 +115,7 @@ PostDown = ${WG_POST_DOWN}
 [Peer]
 PublicKey = ${client.publicKey}
 PresharedKey = ${client.preSharedKey}
-AllowedIPs = ${client.address}/32`;
+AllowedIPs = ${client.address}/32, ${client.address6}/32`;
    }

    debug('Config saving...');
@ -133,6 +141,7 @@ AllowedIPs = ${client.address}/32`;
      name: client.name,
      enabled: client.enabled,
      address: client.address,
+      address6: client.address6,
      publicKey: client.publicKey,
      createdAt: new Date(client.createdAt),
      updatedAt: new Date(client.updatedAt),
@ -191,12 +200,14 @@ AllowedIPs = ${client.address}/32`;
  async getClientConfiguration({ clientId }) {
    const config = await this.getConfig();
    const client = await this.getClient({ clientId });
+    const isDnsSet = WG_DEFAULT_DNS || WG_DEFAULT_DNS6;
+    const dnsServers = [WG_DEFAULT_DNS, WG_DEFAULT_DNS6].filter(item => !!item).join(', ')

    return `
 [Interface]
 PrivateKey = ${client.privateKey}
-Address = ${client.address}/24
-${WG_DEFAULT_DNS ? `DNS = ${WG_DEFAULT_DNS}` : ''}
+Address = ${client.address}/24, ${client.address6}/120
+${isDnsSet ? `DNS = ${dnsServers}` : ''}
 ${WG_MTU ? `MTU = ${WG_MTU}` : ''}

 [Peer]
@ -243,11 +254,28 @@ Endpoint = ${WG_HOST}:${WG_PORT}`;
      throw new Error('Maximum number of clients reached.');
    }

+    let address6;
+    for (let i = 2; i < 255; i++) {
+      const client = Object.values(config.clients).find(client => {
+        return client.address6 === WG_DEFAULT_ADDRESS6.replace('x', i.toString(16));
+      });
+
+      if (!client) {
+        address6 = WG_DEFAULT_ADDRESS6.replace('x', i.toString(16));
+        break;
+      }
+    }
+
+    if (!address6) {
+      throw new Error('Maximum number of clients reached.');
+    }
+
    // Create Client
    const clientId = uuid.v4();
    const client = {
      name,
      address,
+      address6,
      privateKey,
      publicKey,
      preSharedKey,
@ -311,5 +339,18 @@ Endpoint = ${WG_HOST}:${WG_PORT}`;

    await this.saveConfig();
  }
+  
+  async updateClientAddress6({ clientId, address6 }) {
+    const client = await this.getClient({ clientId });
+
+    if (!Util.isValidIPv6(address6)) {
+      throw new ServerError(`Invalid Address6: ${address6}`, 400);
+    }
+
+    client.address6 = address6;
+    client.updatedAt = new Date();
+
+    await this.saveConfig();
+  }

 };
--- a/src/www/index.html
+++ b/src/www/index.html
@ -153,6 +153,31 @@
                      </span>
                    </span>

+                    <!-- Address6 -->
+                    <span class="group">
+
+                      <!-- Show -->
+                      <input v-show="clientEditAddress6Id === client.id" v-model="clientEditAddress6"
+                        v-on:keyup.enter="updateClientAddress6(client, clientEditAddress6); clientEditAddress6 = null; clientEditAddress6Id = null;"
+                        v-on:keyup.escape="clientEditAddress6 = null; clientEditAddress6Id = null;"
+                        :ref="'client-' + client.id + '-address6'"
+                        class="rounded border-2 border-gray-100 focus:border-gray-200 outline-none w-20 text-black" />
+                      <span v-show="clientEditAddress6Id !== client.id"
+                        class="inline-block border-t-2 border-b-2 border-transparent">{{client.address6}}</span>
+
+                      <!-- Edit -->
+                      <span v-show="clientEditAddress6Id !== client.id"
+                        @click="clientEditAddress6 = client.address6; clientEditAddress6Id = client.id; setTimeout(() => $refs['client-' + client.id + '-address6'][0].select(), 1);"
+                        class="cursor-pointer opacity-0 group-hover:opacity-100 transition-opacity">
+                        <svg xmlns="http://www.w3.org/2000/svg"
+                          class="h-4 w-4 inline align-middle opacity-25 hover:opacity-100" fill="none"
+                          viewBox="0 0 24 24" stroke="currentColor">
+                          <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
+                            d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
+                        </svg>
+                      </span>
+                    </span>
+
                    <!-- Transfer TX -->
                    <span v-if="client.transferTx":title="'Total Download: ' + bytes(client.transferTx)">
                      ·
--- a/src/www/js/api.js
+++ b/src/www/js/api.js
@ -117,4 +117,11 @@ class API {
    });
  }

+  async updateClientAddress6({ clientId, address6 }) {
+    return this.call({
+      method: 'put',
+      path: `/wireguard/client/${clientId}/address6/`,
+      body: { address6 },
+    });
+  }
 }
--- a/src/www/js/app.js
+++ b/src/www/js/app.js
@ -43,6 +43,8 @@ new Vue({
    clientEditNameId: null,
    clientEditAddress: null,
    clientEditAddressId: null,
+    clientEditAddress6: null,
+    clientEditAddress6Id: null,
    qrcode: null,

    currentRelease: null,
@ -243,6 +245,11 @@ new Vue({
        .catch(err => alert(err.message || err.toString()))
        .finally(() => this.refresh().catch(console.error));
    },
+    updateClientAddress6(client, address6) {
+      this.api.updateClientAddress6({ clientId: client.id, address6 })
+        .catch(err => alert(err.message || err.toString()))
+        .finally(() => this.refresh().catch(console.error));
+    },
  },
  filters: {
    bytes,