mirror
/
wg-easy
mirror of https://github.com/wg-easy/wg-easy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

add IPv6 support

pull/191/head
crazyracer98 4 years ago
parent
bbd19b7a6f
commit
00f3fff15e
9 changed files with 128 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      Dockerfile
  2. 22
      docker-compose.yml
  3. 9
      src/config.js
  4. 5
      src/lib/Server.js
  5. 7
      src/lib/Util.js
  6. 49
      src/lib/WireGuard.js
  7. 25
      src/www/index.html
  8. 7
      src/www/js/api.js
  9. 7
      src/www/js/app.js

3
Dockerfile
View File

@ -36,7 +36,8 @@ RUN npm i -g nodemon
# Install Linux packages # Install Linux packages
RUN apk add -U --no-cache \ RUN apk add -U --no-cache \
wireguard-tools \ wireguard-tools \
dumb-init dumb-init \
ip6tables
# Expose Ports # Expose Ports
EXPOSE 51820/udp EXPOSE 51820/udp

22
docker-compose.yml
View File

@ -1,4 +1,5 @@
version: "3.8" version: "3.8"
services: services:
wg-easy: wg-easy:
environment: environment:
@ -10,12 +11,18 @@ services:
# - PASSWORD=foobar123 # - PASSWORD=foobar123
# - WG_PORT=51820 # - WG_PORT=51820
# - WG_DEFAULT_ADDRESS=10.8.0.x # - WG_DEFAULT_ADDRESS=10.8.0.x
# - WG_DEFAULT_DNS=1.1.1.1 # - WG_DEFAULT_ADDRESS6=fd42:beef::x
# - WG_DEFAULT_DNS=1.0.0.1
# - WG_DEFAULT_DNS6=2606:4700:4700::1001
# - WG_MTU=1420 # - WG_MTU=1420
# - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24 # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
image: weejewel/wg-easy image: weejewel/wg-easy
container_name: wg-easy container_name: wg-easy
networks:
wg:
ipv4_address: 10.42.42.42
ipv6_address: fd00:42::42
volumes: volumes:
- .:/etc/wireguard - .:/etc/wireguard
ports: ports:
@ -28,3 +35,16 @@ services:
sysctls: sysctls:
- net.ipv4.ip_forward=1 - net.ipv4.ip_forward=1
- net.ipv4.conf.all.src_valid_mark=1 - net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv6.conf.all.forwarding=1
- net.ipv6.conf.default.forwarding=1
networks:
wg:
driver: bridge
enable_ipv6: true
ipam:
driver: default
config:
- subnet: 10.42.42.0/24
- subnet: fd00:42::/120

9
src/config.js
View File

@ -11,9 +11,13 @@ module.exports.WG_PORT = process.env.WG_PORT || 51820;
module.exports.WG_MTU = process.env.WG_MTU || null; module.exports.WG_MTU = process.env.WG_MTU || null;
module.exports.WG_PERSISTENT_KEEPALIVE = process.env.WG_PERSISTENT_KEEPALIVE || 0; module.exports.WG_PERSISTENT_KEEPALIVE = process.env.WG_PERSISTENT_KEEPALIVE || 0;
module.exports.WG_DEFAULT_ADDRESS = process.env.WG_DEFAULT_ADDRESS || '10.8.0.x'; module.exports.WG_DEFAULT_ADDRESS = process.env.WG_DEFAULT_ADDRESS || '10.8.0.x';
module.exports.WG_DEFAULT_ADDRESS6 = process.env.WG_DEFAULT_ADDRESS6 || 'fd80:cafe::x';
module.exports.WG_DEFAULT_DNS = typeof process.env.WG_DEFAULT_DNS === 'string' module.exports.WG_DEFAULT_DNS = typeof process.env.WG_DEFAULT_DNS === 'string'
? process.env.WG_DEFAULT_DNS ? process.env.WG_DEFAULT_DNS
: '1.1.1.1'; : '1.1.1.1';
module.exports.WG_DEFAULT_DNS6 = typeof process.env.WG_DEFAULT_DNS6 === 'string'
? process.env.WG_DEFAULT_DNS6
: '2606:4700:4700::1111';
module.exports.WG_ALLOWED_IPS = process.env.WG_ALLOWED_IPS || '0.0.0.0/0, ::/0'; module.exports.WG_ALLOWED_IPS = process.env.WG_ALLOWED_IPS || '0.0.0.0/0, ::/0';
module.exports.WG_POST_UP = process.env.WG_POST_UP || ` module.exports.WG_POST_UP = process.env.WG_POST_UP || `
@ -21,6 +25,11 @@ iptables -t nat -A POSTROUTING -s ${module.exports.WG_DEFAULT_ADDRESS.replace('x
iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT;
iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT;
iptables -A FORWARD -o wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
ip6tables -t nat -A POSTROUTING -s ${module.exports.WG_DEFAULT_ADDRESS6.replace('x', '')}/120 -o eth0 -j MASQUERADE;
ip6tables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT;
ip6tables -A FORWARD -i wg0 -j ACCEPT;
ip6tables -A FORWARD -o wg0 -j ACCEPT;
`.split('\n').join(' '); `.split('\n').join(' ');
module.exports.WG_POST_DOWN = process.env.WG_POST_DOWN || ''; module.exports.WG_POST_DOWN = process.env.WG_POST_DOWN || '';

5
src/lib/Server.js
View File

@ -130,6 +130,11 @@ module.exports = class Server {
const { address } = req.body; const { address } = req.body;
return WireGuard.updateClientAddress({ clientId, address }); return WireGuard.updateClientAddress({ clientId, address });
})) }))
.put('/api/wireguard/client/:clientId/address6', Util.promisify(async req => {
const { clientId } = req.params;
const { address6 } = req.body;
return WireGuard.updateClientAddress6({ clientId, address6 });
}))
.listen(PORT, () => { .listen(PORT, () => {
debug(`Listening on http://0.0.0.0:${PORT}`); debug(`Listening on http://0.0.0.0:${PORT}`);

7
src/lib/Util.js
View File

@ -17,6 +17,13 @@ module.exports = class Util {
return true; return true;
} }
static isValidIPv6(str) {
// Regex source : https://stackoverflow.com/a/17871737
const regex = new RegExp('(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))');
const matches = str.match(regex);
return !!matches;
}
static promisify(fn) { static promisify(fn) {
// eslint-disable-next-line func-names // eslint-disable-next-line func-names
return function(req, res) { return function(req, res) {

49
src/lib/WireGuard.js
View File

@ -16,7 +16,9 @@ const {
WG_PORT, WG_PORT,
WG_MTU, WG_MTU,
WG_DEFAULT_DNS, WG_DEFAULT_DNS,
WG_DEFAULT_DNS6,
WG_DEFAULT_ADDRESS, WG_DEFAULT_ADDRESS,
WG_DEFAULT_ADDRESS6,
WG_PERSISTENT_KEEPALIVE, WG_PERSISTENT_KEEPALIVE,
WG_ALLOWED_IPS, WG_ALLOWED_IPS,
WG_POST_UP, WG_POST_UP,
@ -44,12 +46,14 @@ module.exports = class WireGuard {
log: 'echo ***hidden*** | wg pubkey', log: 'echo ***hidden*** | wg pubkey',
}); });
const address = WG_DEFAULT_ADDRESS.replace('x', '1'); const address = WG_DEFAULT_ADDRESS.replace('x', '1');
const address6 = WG_DEFAULT_ADDRESS6.replace('x', '1');
config = { config = {
server: { server: {
privateKey, privateKey,
publicKey, publicKey,
address, address,
address6,
}, },
clients: {}, clients: {},
}; };
@ -69,6 +73,10 @@ module.exports = class WireGuard {
// await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT'); // await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
// await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT'); // await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
// await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT'); // await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
// await Util.exec(`ip6tables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS6.replace('x', '')}/120 -o eth0 -j MASQUERADE`);
// await Util.exec('ip6tables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
// await Util.exec('ip6tables -A FORWARD -i wg0 -j ACCEPT');
// await Util.exec('ip6tables -A FORWARD -o wg0 -j ACCEPT');
await this.__syncConfig(); await this.__syncConfig();
return config; return config;
@ -92,7 +100,7 @@ module.exports = class WireGuard {
# Server # Server
[Interface] [Interface]
PrivateKey = ${config.server.privateKey} PrivateKey = ${config.server.privateKey}
Address = ${config.server.address}/24 Address = ${config.server.address}/24, ${config.server.address6}/120
ListenPort = 51820 ListenPort = 51820
PostUp = ${WG_POST_UP} PostUp = ${WG_POST_UP}
PostDown = ${WG_POST_DOWN} PostDown = ${WG_POST_DOWN}
@ -107,7 +115,7 @@ PostDown = ${WG_POST_DOWN}
[Peer] [Peer]
PublicKey = ${client.publicKey} PublicKey = ${client.publicKey}
PresharedKey = ${client.preSharedKey} PresharedKey = ${client.preSharedKey}
AllowedIPs = ${client.address}/32`; AllowedIPs = ${client.address}/32, ${client.address6}/32`;
} }
debug('Config saving...'); debug('Config saving...');
@ -133,6 +141,7 @@ AllowedIPs = ${client.address}/32`;
name: client.name, name: client.name,
enabled: client.enabled, enabled: client.enabled,
address: client.address, address: client.address,
address6: client.address6,
publicKey: client.publicKey, publicKey: client.publicKey,
createdAt: new Date(client.createdAt), createdAt: new Date(client.createdAt),
updatedAt: new Date(client.updatedAt), updatedAt: new Date(client.updatedAt),
@ -191,12 +200,14 @@ AllowedIPs = ${client.address}/32`;
async getClientConfiguration({ clientId }) { async getClientConfiguration({ clientId }) {
const config = await this.getConfig(); const config = await this.getConfig();
const client = await this.getClient({ clientId }); const client = await this.getClient({ clientId });
const isDnsSet = WG_DEFAULT_DNS || WG_DEFAULT_DNS6;
const dnsServers = [WG_DEFAULT_DNS, WG_DEFAULT_DNS6].filter(item => !!item).join(', ')
return ` return `
[Interface] [Interface]
PrivateKey = ${client.privateKey} PrivateKey = ${client.privateKey}
Address = ${client.address}/24 Address = ${client.address}/24, ${client.address6}/120
${WG_DEFAULT_DNS ? `DNS = ${WG_DEFAULT_DNS}` : ''} ${isDnsSet ? `DNS = ${dnsServers}` : ''}
${WG_MTU ? `MTU = ${WG_MTU}` : ''} ${WG_MTU ? `MTU = ${WG_MTU}` : ''}
[Peer] [Peer]
@ -243,11 +254,28 @@ Endpoint = ${WG_HOST}:${WG_PORT}`;
throw new Error('Maximum number of clients reached.'); throw new Error('Maximum number of clients reached.');
} }
let address6;
for (let i = 2; i < 255; i++) {
const client = Object.values(config.clients).find(client => {
return client.address6 === WG_DEFAULT_ADDRESS6.replace('x', i.toString(16));
});
if (!client) {
address6 = WG_DEFAULT_ADDRESS6.replace('x', i.toString(16));
break;
}
}
if (!address6) {
throw new Error('Maximum number of clients reached.');
}
// Create Client // Create Client
const clientId = uuid.v4(); const clientId = uuid.v4();
const client = { const client = {
name, name,
address, address,
address6,
privateKey, privateKey,
publicKey, publicKey,
preSharedKey, preSharedKey,
@ -311,5 +339,18 @@ Endpoint = ${WG_HOST}:${WG_PORT}`;
await this.saveConfig(); await this.saveConfig();
} }
async updateClientAddress6({ clientId, address6 }) {
const client = await this.getClient({ clientId });
if (!Util.isValidIPv6(address6)) {
throw new ServerError(`Invalid Address6: ${address6}`, 400);
}
client.address6 = address6;
client.updatedAt = new Date();
await this.saveConfig();
}
}; };

25
src/www/index.html
View File

@ -153,6 +153,31 @@
</span> </span>
</span> </span>
<!-- Address6 -->
<span class="group">
<!-- Show -->
<input v-show="clientEditAddress6Id === client.id" v-model="clientEditAddress6"
v-on:keyup.enter="updateClientAddress6(client, clientEditAddress6); clientEditAddress6 = null; clientEditAddress6Id = null;"
v-on:keyup.escape="clientEditAddress6 = null; clientEditAddress6Id = null;"
:ref="'client-' + client.id + '-address6'"
class="rounded border-2 border-gray-100 focus:border-gray-200 outline-none w-20 text-black" />
<span v-show="clientEditAddress6Id !== client.id"
class="inline-block border-t-2 border-b-2 border-transparent">{{client.address6}}</span>
<!-- Edit -->
<span v-show="clientEditAddress6Id !== client.id"
@click="clientEditAddress6 = client.address6; clientEditAddress6Id = client.id; setTimeout(() => $refs['client-' + client.id + '-address6'][0].select(), 1);"
class="cursor-pointer opacity-0 group-hover:opacity-100 transition-opacity">
<svg xmlns="http://www.w3.org/2000/svg"
class="h-4 w-4 inline align-middle opacity-25 hover:opacity-100" fill="none"
viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z" />
</svg>
</span>
</span>
<!-- Transfer TX --> <!-- Transfer TX -->
<span v-if="client.transferTx":title="'Total Download: ' + bytes(client.transferTx)"> <span v-if="client.transferTx":title="'Total Download: ' + bytes(client.transferTx)">
· ·

7
src/www/js/api.js
View File

@ -117,4 +117,11 @@ class API {
}); });
} }
async updateClientAddress6({ clientId, address6 }) {
return this.call({
method: 'put',
path: `/wireguard/client/${clientId}/address6/`,
body: { address6 },
});
}
} }

7
src/www/js/app.js
View File

@ -43,6 +43,8 @@ new Vue({
clientEditNameId: null, clientEditNameId: null,
clientEditAddress: null, clientEditAddress: null,
clientEditAddressId: null, clientEditAddressId: null,
clientEditAddress6: null,
clientEditAddress6Id: null,
qrcode: null, qrcode: null,
currentRelease: null, currentRelease: null,
@ -243,6 +245,11 @@ new Vue({
.catch(err => alert(err.message || err.toString())) .catch(err => alert(err.message || err.toString()))
.finally(() => this.refresh().catch(console.error)); .finally(() => this.refresh().catch(console.error));
}, },
updateClientAddress6(client, address6) {
this.api.updateClientAddress6({ clientId: client.id, address6 })
.catch(err => alert(err.message || err.toString()))
.finally(() => this.refresh().catch(console.error));
},
}, },
filters: { filters: {
bytes, bytes,

Write Preview
Loading…
Cancel
Save