When importing a fully configuration, import all peer entries from it
instead of non-deterministically merging all peer keys into one.
When importing a remote configuration as peer, only use the setting from
the peer section matching our local interface pubkey.
Also relabel the `Import peer configuration` button to
`Import configuration as peer` in order to be more explicit.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 94bfa33452ad7db683e9f47ea9921e92b5175558)
- Reword texts in import dialogs for better clarity, use different
descriptions for full import and peer import
- Allow importing configurations without [Peer] section
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2ae74b909b4acf35b72142d913f9e61090febf6d)
The /etc/config/ddns in particular might not be present on the system,
don't fail if it is absent.
Fixes: #5838
Fixes: 9ba20645b0 ("luci-proto-wireguard: rewrite protocol handler")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 340183786e5441197141efaf7d8cf0e682047bfe)
This commit rewrites large chunks of the WireGuard protocol handler in order
to simplify the process of importing and exporting configuration. The major
changes are:
1) The wireguard interface configuration tab (General Settings) gained an
import assistant which allows dragging or pasting a native WireGuard
configuration file in order to import required settrings into uci
2) The peer configuration tab gained a similar import assistant which allows
importing the settings for a WireGuard peer from an existing native
WireGuard configuration file
3) The QR code export feature has been rewritten to make the resulting codes
actually useful for importing into a WireGuard client application.
Additionally the plaintext native WireGuard configuration is displayed
to allow copy-pasting it for use on a Linux or OS X system
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 9ba20645b01aacb391ab8c69f57b3da60db8f630)
Package luci-proto-ncm depends on comgt-ncm which uses an option
called 'mode' to set the radiomode of the modem. There is no option
'service' in the comgt-ncm scripts.
Suggested-by: breenstorm <49235337+breenstorm@users.noreply.github.com>
[fix commit subject, add commit message, rebase onto master branch]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4d6642b636a9feaa173c568c99f4129c440ed8b8)
Turn the list of configured peers into a grid section in order to improve
the overview of the configuration form.
Fixes: #5489
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The `luci.wireguard.generateQrCode` UBUS method allows injecting
arbitrary shell code by not sanitizing the `privkey` and `allowed_ips`
arguments before concatenating them into shell command expressions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- Turn IPv4-Address into IPv4 address
- Turn IPv4-Gateway into IPv4 gateway
- Turn IPv6-Address into IPv6 address
- Turn IPv6-Gateway into IPv6 gateway
- Turn MAC-Address into MAC address
Also remove related duplicate translation entries.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The iptables mark field is 32 bits wide, which is 4 bytes and so 8 hex
characters. Fix the fwmark validation to allow 8 characters in the hex
string.
Fixes: #5098
Suggested-by: Robert <32970961+differentblue@users.noreply.github.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This is required to resolve clashes with the generic "option device"
referring to netdev names in current netifd versions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Those are L2 options that are not part of interfaces (L3), should not be
set there and don't work. Setting MAC and MTU should be done at device
layer (config device) and is supported for basic types already.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The introduction of network device configuration support also implemented
all common, protocol-independent interface options directly in the
interface config view, so drop the redundant option definitions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Prepares for 5.10 migration. wireguard-tools will bring in the correct
wireguard kernel module dependency - either kmod-wireguard or
kmod-wireguard-oot.
Depends on https://github.com/openwrt/openwrt/pull/3885
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
