From 5f7bac0ef519be80450acecec0e2851ec3f2286f Mon Sep 17 00:00:00 2001 From: Joshua K <22075247+joshuakraitberg@users.noreply.github.com> Date: Sun, 31 Oct 2021 07:50:30 +0000 Subject: [PATCH] Change allowed IPs client configuration (#3) * Turned allowedIPs into per-client entry AllowedIPs is no longer global set through ENV. It is configured during new client configuration. * Added buttons for quickly setting allowedIPs * Made WG_DEFAULT_DNS required in ENV * Added buttons for quickly setting allowedIPs --- .idea/.gitignore | 8 ++++++++ .../inspectionProfiles/profiles_settings.xml | 6 ++++++ .idea/misc.xml | 4 ++++ .idea/modules.xml | 8 ++++++++ .idea/sonarlint/issuestore/index.pb | 0 .idea/vcs.xml | 6 ++++++ .idea/wg-easy.iml | 8 ++++++++ docker-compose.yml | 2 +- src/config.js | 9 ++------- src/lib/Server.js | 7 +++++-- src/lib/WireGuard.js | 12 +++++++++-- src/www/index.html | 16 ++++++++++++--- src/www/js/api.js | 11 ++++++++-- src/www/js/app.js | 20 ++++++++++++++++++- 14 files changed, 99 insertions(+), 18 deletions(-) create mode 100644 .idea/.gitignore create mode 100644 .idea/inspectionProfiles/profiles_settings.xml create mode 100644 .idea/misc.xml create mode 100644 .idea/modules.xml create mode 100644 .idea/sonarlint/issuestore/index.pb create mode 100644 .idea/vcs.xml create mode 100644 .idea/wg-easy.iml diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 00000000..13566b81 --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,8 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml diff --git a/.idea/inspectionProfiles/profiles_settings.xml b/.idea/inspectionProfiles/profiles_settings.xml new file mode 100644 index 00000000..105ce2da --- /dev/null +++ b/.idea/inspectionProfiles/profiles_settings.xml @@ -0,0 +1,6 @@ + + + + \ No newline at end of file diff --git a/.idea/misc.xml b/.idea/misc.xml new file mode 100644 index 00000000..da90fcff --- /dev/null +++ b/.idea/misc.xml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml new file mode 100644 index 00000000..8c40e30d --- /dev/null +++ b/.idea/modules.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/sonarlint/issuestore/index.pb b/.idea/sonarlint/issuestore/index.pb new file mode 100644 index 00000000..e69de29b diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 00000000..94a25f7f --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/.idea/wg-easy.iml b/.idea/wg-easy.iml new file mode 100644 index 00000000..d0876a78 --- /dev/null +++ b/.idea/wg-easy.iml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 0a13accc..f9db1ec1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,7 @@ services: # ⚠️ Required: # Change this to your host's public address - WG_HOST=raspberrypi.local - + - WG_DEFAULT_DNS=9.9.9.9 # Optional: # - PASSWORD=foobar123 # - WG_PORT=51820 diff --git a/src/config.js b/src/config.js index a08aab3b..4dd4a1ff 100644 --- a/src/config.js +++ b/src/config.js @@ -16,11 +16,6 @@ module.exports.WG_DEFAULT_DNS = typeof process.env.WG_DEFAULT_DNS === 'string' : '1.1.1.1'; module.exports.WG_ALLOWED_IPS = process.env.WG_ALLOWED_IPS || '0.0.0.0/0, ::/0'; -module.exports.WG_POST_UP = process.env.WG_POST_UP || ` -iptables -t nat -A POSTROUTING -s ${module.exports.WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o eth0 -j MASQUERADE; -iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; -iptables -A FORWARD -i wg0 -j ACCEPT; -iptables -A FORWARD -o wg0 -j ACCEPT; -`.split('\n').join(' '); - +module.exports.WG_POST_UP = process.env.WG_POST_UP || ''; module.exports.WG_POST_DOWN = process.env.WG_POST_DOWN || ''; +module.exports.WG_DEFAULT_DNS = process.env.WG_DEFAULT_DNS; diff --git a/src/lib/Server.js b/src/lib/Server.js index e204fa5f..bcb5f0a5 100644 --- a/src/lib/Server.js +++ b/src/lib/Server.js @@ -86,6 +86,9 @@ module.exports = class Server { debug(`Deleted Session: ${sessionId}`); })) + .get('/api/wireguard/dns', Util.promisify(async req => { + return WireGuard.getDns(); + })) .get('/api/wireguard/client', Util.promisify(async req => { return WireGuard.getClients(); })) @@ -105,8 +108,8 @@ module.exports = class Server { res.send(config); })) .post('/api/wireguard/client', Util.promisify(async req => { - const { name } = req.body; - return WireGuard.createClient({ name }); + const { name, allowedIPs } = req.body; + return WireGuard.createClient({ name, allowedIPs }); })) .delete('/api/wireguard/client/:clientId', Util.promisify(async req => { const { clientId } = req.params; diff --git a/src/lib/WireGuard.js b/src/lib/WireGuard.js index a5c56bfb..0cfce218 100644 --- a/src/lib/WireGuard.js +++ b/src/lib/WireGuard.js @@ -122,6 +122,10 @@ AllowedIPs = ${client.address}/32`; debug('Config synced.'); } + async getDns() { + return WG_DEFAULT_DNS ? WG_DEFAULT_DNS : null; + } + async getClients() { const config = await this.getConfig(); const clients = Object.entries(config.clients).map(([clientId, client]) => ({ @@ -198,7 +202,7 @@ ${WG_MTU ? `MTU = ${WG_MTU}` : ''} [Peer] PublicKey = ${config.server.publicKey} PresharedKey = ${client.preSharedKey} -AllowedIPs = ${WG_ALLOWED_IPS} +AllowedIPs = ${client.allowedIPs} PersistentKeepalive = ${WG_PERSISTENT_KEEPALIVE} Endpoint = ${WG_HOST}:${WG_PORT}`; } @@ -211,10 +215,13 @@ Endpoint = ${WG_HOST}:${WG_PORT}`; }); } - async createClient({ name }) { + async createClient({ name, allowedIPs }) { if (!name) { throw new Error('Missing: Name'); } + if (!allowedIPs) { + throw new Error('Missing: allowedIPs'); + } const config = await this.getConfig(); @@ -247,6 +254,7 @@ Endpoint = ${WG_HOST}:${WG_PORT}`; privateKey, publicKey, preSharedKey, + allowedIPs: allowedIPs, createdAt: new Date(), updatedAt: new Date(), diff --git a/src/www/index.html b/src/www/index.html index 4080c51a..d872549c 100644 --- a/src/www/index.html +++ b/src/www/index.html @@ -54,7 +54,7 @@

Clients

-

There are no clients yet.

- +

@@ -482,4 +492,4 @@ - \ No newline at end of file + diff --git a/src/www/js/api.js b/src/www/js/api.js index accbb579..3231b3d8 100644 --- a/src/www/js/api.js +++ b/src/www/js/api.js @@ -58,6 +58,13 @@ class API { }); } + async getDns() { + return this.call({ + method: 'get', + path: '/wireguard/dns', + }); + } + async getClients() { return this.call({ method: 'get', @@ -72,11 +79,11 @@ class API { }))); } - async createClient({ name }) { + async createClient({ name, allowedIPs }) { return this.call({ method: 'post', path: '/wireguard/client', - body: { name }, + body: { name, allowedIPs }, }); } diff --git a/src/www/js/app.js b/src/www/js/app.js index 137fb229..48343861 100644 --- a/src/www/js/app.js +++ b/src/www/js/app.js @@ -39,6 +39,19 @@ new Vue({ clientDelete: null, clientCreate: null, clientCreateName: '', + clientCreateAllowedIPs: '', + clientCreateAllowedIPsDefault: '0.0.0.0/0, ::0/0', + clientCreateAllowedIPsExclude: ( + "::/0, 1.0.0.0/8, 2.0.0.0/8, 3.0.0.0/8, " + + "4.0.0.0/6, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, " + + "16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, " + + "160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, " + + "172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, " + + "176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, " + + "192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, " + + "192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, " + + "200.0.0.0/5, 208.0.0.0/4" + ), clientEditName: null, clientEditNameId: null, clientEditAddress: null, @@ -210,11 +223,16 @@ new Vue({ alert(err.message || err.toString()); }); }, + getDns() { + return this.api.getDns() + }, createClient() { const name = this.clientCreateName; + const allowedIPs = this.clientCreateAllowedIPs; if (!name) return; + if (!allowedIPs) return; - this.api.createClient({ name }) + this.api.createClient({ name, allowedIPs }) .catch(err => alert(err.message || err.toString())) .finally(() => this.refresh().catch(console.error)); },