diff --git a/README.md b/README.md index 2e43fbb7..871c3ad2 100644 --- a/README.md +++ b/README.md @@ -87,6 +87,9 @@ These options can be configured in `docker-compose.yml` under `environment`. | `WG_DEFAULT_ADDRESS` | `10.8.0.x` | `10.6.0.x` | Clients IP address range | | `WG_DEFAULT_DNS` | `1.1.1.1` | `8.8.8.8, 8.8.4.4` | DNS server clients will use | | `WG_ALLOWED_IPS` | `0.0.0.0/0, ::/0` | `192.168.15.0/24, 10.0.1.0/24` | Allowed IPs clients will use | +| `WG_NAT` | `true` | `false` | Enable or disable NAT iptables rules +| `WG_SHOWDETAILS` | `true` | `false` | Enable or disable details +| `THEME` | `black` | `white` | Skin > If you change `WG_PORT`, make sure to also change the exposed port. diff --git a/src/config.js b/src/config.js index d9cf5af4..f7b2597e 100644 --- a/src/config.js +++ b/src/config.js @@ -14,3 +14,6 @@ module.exports.WG_DEFAULT_DNS = typeof process.env.WG_DEFAULT_DNS === 'string' ? process.env.WG_DEFAULT_DNS : '1.1.1.1'; module.exports.WG_ALLOWED_IPS = process.env.WG_ALLOWED_IPS || '0.0.0.0/0, ::/0'; +module.exports.WG_NAT = process.env.WG_NAT || true; +module.exports.WG_SHOWDETAILS = process.env.WG_SHOWDETAILS || false; +module.exports.THEME = process.env.THEME || 'white'; diff --git a/src/lib/Server.js b/src/lib/Server.js index cf6b26ed..b59c879f 100644 --- a/src/lib/Server.js +++ b/src/lib/Server.js @@ -14,6 +14,7 @@ const { PORT, RELEASE, PASSWORD, + THEME, } = require('../config'); module.exports = class Server { @@ -22,7 +23,7 @@ module.exports = class Server { // Express this.app = express() .disable('etag') - .use('/', express.static(path.join(__dirname, '..', 'www'))) + .use('/', express.static(path.join(__dirname,'../www'),{index:'index.'+THEME+'.html'})) .use(express.json()) .use(expressSession({ secret: String(Math.random()), diff --git a/src/lib/WireGuard.js b/src/lib/WireGuard.js index 18d51c4e..1021c52c 100644 --- a/src/lib/WireGuard.js +++ b/src/lib/WireGuard.js @@ -18,6 +18,8 @@ const { WG_DEFAULT_ADDRESS, WG_PERSISTENT_KEEPALIVE, WG_ALLOWED_IPS, + WG_NAT, + WG_SHOWDETAILS, } = require('../config'); module.exports = class WireGuard { @@ -39,12 +41,14 @@ module.exports = class WireGuard { const privateKey = await Util.exec('wg genkey'); const publicKey = await Util.exec(`echo ${privateKey} | wg pubkey`); const address = WG_DEFAULT_ADDRESS.replace('x', '1'); + const port = WG_PORT; config = { server: { privateKey, publicKey, address, + port, }, clients: {}, }; @@ -54,10 +58,14 @@ module.exports = class WireGuard { await this.__saveConfig(config); await Util.exec('wg-quick down wg0').catch(() => {}); await Util.exec('wg-quick up wg0'); - await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o eth0 -j MASQUERADE`); - await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT'); - await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT'); - await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT'); + if (WG_NAT) { + await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o eth0 -j MASQUERADE`); + await Util.exec(`iptables -A INPUT -p udp -m udp --dport ${WG_PORT} -j ACCEPT`); + //await Util.exec(`iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT`) + //await Util.exec(`iptables -A FORWARD -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -j ACCEPT`) + await Util.exec(`iptables -A FORWARD -i wg0 -j ACCEPT`); + await Util.exec(`iptables -A FORWARD -o wg0 -j ACCEPT`); + } await this.__syncConfig(); return config; @@ -82,7 +90,7 @@ module.exports = class WireGuard { [Interface] PrivateKey = ${config.server.privateKey} Address = ${config.server.address}/24 -ListenPort = 51820`; +ListenPort = ${config.server.port}`; for (const [clientId, client] of Object.entries(config.clients)) { if (!client.enabled) continue; @@ -119,6 +127,9 @@ AllowedIPs = ${client.address}/32`; createdAt: new Date(client.createdAt), updatedAt: new Date(client.updatedAt), allowedIPs: client.allowedIPs, + peerIPs: client.peerIPs, + showDetails: client.showDetails, + clientEndpoint: client.clientEndpoint, persistentKeepalive: null, latestHandshakeAt: null, @@ -153,6 +164,11 @@ AllowedIPs = ${client.address}/32`; client.transferRx = Number(transferRx); client.transferTx = Number(transferTx); client.persistentKeepalive = persistentKeepalive; + client.allowedIPs = allowedIps; + client.peerIPs = WG_ALLOWED_IPS; + client.showDetails = WG_SHOWDETAILS; + client.clientEndpoint = endpoint; + endpoint }); return clients; @@ -204,6 +220,7 @@ Endpoint = ${WG_HOST}:${WG_PORT}`; const privateKey = await Util.exec('wg genkey'); const publicKey = await Util.exec(`echo ${privateKey} | wg pubkey`); const preSharedKey = await Util.exec('wg genpsk'); + const peerIps = WG_ALLOWED_IPS // Calculate next IP let address; @@ -227,6 +244,7 @@ Endpoint = ${WG_HOST}:${WG_PORT}`; const client = { name, address, + peerIps, privateKey, publicKey, preSharedKey, diff --git a/src/www/img/logo.black.png b/src/www/img/logo.black.png new file mode 100644 index 00000000..df1a3479 Binary files /dev/null and b/src/www/img/logo.black.png differ diff --git a/src/www/index.black.html b/src/www/index.black.html new file mode 100644 index 00000000..474d9a49 --- /dev/null +++ b/src/www/index.black.html @@ -0,0 +1,475 @@ + + + +
+
+ WireGuard
+ There is an update available!
+{{latestRelease.changelog}}
+Clients
+There are no clients yet.
+
+
+ +
+
+ Are you sure you want to delete {{clientDelete.name}}?
+
This action cannot be undone.
+
Made by Emile Nijssen · Donate · GitHub
+ + +
+ WireGuard
+ There is an update available!
+{{latestRelease.changelog}}
+Clients
+There are no clients yet.
+
+
+ +
++ Are you sure you want to delete {{clientDelete.name}}? + This action cannot be undone. +
+Made by Emile Nijssen · Donate · GitHub
+ + +