Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
FIX: Regression, reinstate multiple Passthru binds per 'client' Peer (also allows multiple 'server' Peer binds) - Thanks SNB Forum member @Archiel FIX: Torguard client profiles contain 'ListenPort = 51820' which conflicts with 'wg21' 'server' Peer default (51820), so during 'peer import' command; remove the conflicting clause. CHANGE: 'WireGuard' messages changed to 'WireGuard®' to respect Registered Trademark Owner. FIX: The SQL database maintenence function 'trimdb' cron job stupidly references non-existent script 'wireguard_manager.sh' rather than 'wg_manager.sh' - Thanks SNB Forum member @Cam cru l 59 * * * * /jffs/addons/wireguard/wg_manager.sh generatestats #WireGuard# 0 7 * * 6 /jffs/addons/wireguard/wireguard_manager.sh trimdb 90 #WireGuard_DB# CHANGE: Importing a 'client' Peer config that doesn't have a valid 'Address = ' directive is now rejected. e = Exit Script [?] E:Option ==> peer import Mullvad_BAD ***ERROR: WireGuard® 'client' Peer (/opt/etc/wireguard.d/Mullvad_BAD.conf) is missing valid 'Address =' directive?....skipping import request CHANGE: Importing a 'client' Peer that doesn't have 'MTU =' directive in the .conf, will now have 'MTU = Auto' inserted into the SQL Database for cosmetic info tagging i.e. 'peer wg1X mtu=auto' will now show 'Auto' for ALL future imported Peers. Legacy mtu=' ' means mtu='auto'; Command 'peer wg1X mtu=auto' now allowed to cosmetically make the displayed Peers consistent. CHANGE: 'WireGuard-serverwg2x' and 'WireGuard-clientwg1x' PID console messages changed to 'wg_manager-serverwg2X' and 'wg_manager-clientwg1x' respectively CHANGE: For command 'qrcode'/'7' request, if only one Road-Warrior 'device' Peer is defined, it will now automatically be selected/displayed. CHANGE: If a 'client' Peer attribute is changed say 'peer wg11 mtu=1492'; then the Peer will now be immediately displayed to allow visual confirmation of the expected modification. CHANGE: Issue warning alert if legacy '/opt/etc/init.d/S50wireguard' detected e = Exit Script [?] E:Option ==> ? Router RT-AX58U Firmware (v386.5_0) [✔] Entware Architecture arch=arm v4.17b2 WireGuard® Session Manager (Change Log: https://github.com/MartineauUK/wireguard/commits/dev/wg_manager.sh) MD5=50d64f1c89117e422a2ece2995dfc03a /jffs/addons/wireguard/wg_manager.sh [✔] WireGuard® Kernel module/User Space Tools included in Firmware (1.0.20210124) <snip> [✖] Warning '/opt/etc/init.d/S50wireguard' detected! ***MAY*** conflict with wireguard_manager EXPERIMENTAL: 'peer wg2X passthru [add|del] wg1X' command should no longer ask if Passthru 'client' Peer should be restarted if UP - i.e. apply RPDB/iptables rules immediately. Shellcheck - eek!! CHANGE: Directive 'AllowedIPs = ' cannot contain a comment e.g. 'AllowedIPs = 0.0.0.0/0 # ALL Traffic' results in 'AllowedIPs = (none)' being used by wg - Thanks SNB Forums member @chongnt wireguard_manager will now not initialise a Peer if the illegal comment is still present in the .conf file. e = Exit Script [?] E:Option ==> start wg16 Requesting WireGuard® VPN Peer start (wg16) ***ERROR: Directive 'AllowedIPs = 0.0.0.0/0,::0/0 # ALL Traffic' cannot contain comments (use command 'formatwg-quick'); Initialisation ABORTed! Command 'formatwg-quick' can now also be used to sanitise/remove the illegal 'AllowedIPs =' comment from all .conf files CHANGE: Auto delete rogue PRIO 220 rule(s) if 'ROGUE220DELETE' specified in '/jffs/addons/wireguard/WireguardVPN.conf' Ignore check for rogue PRIO 220 rule(s) if 'ROGUE220IGNORE' specified in '/jffs/addons/wireguard/WireguardVPN.conf' FIX: Prevent multiple 'INIT' requests for wireguard_manager from firing (via multiple firewall-start executions) during BOOT process when 'INITDELAY nn' directive is ACTIVE logger -st "($(basename $0))" $$ "Martineau Firewall customisation Starting.... " $0${*:+ $*} MYROUTER=$(nvram get computer_name) # With DUAL-WAN and TrendMicro ?, this event gets triggered twice!!! # Prevent script from running twice at boot up # 'flock' is a better solution!! in our psuedo Autoit wrapper function #Singleton $LOCKFILE LOCKFILE="/tmp/$(basename $0)-flock" FD=201 eval exec "$FD>$LOCKFILE" flock -n $FD || { logger -st "($(basename $0))" $$ "Martineau Firewall customisation ALREADY running...ABORTing"; exit; } <snip> CHANGE: Allow 'INITDELAY nn[s]' to specify sleep duration (seconds) during BOOT process to eliminate unnecssary 'wgm stop'/'wgm start' sequence - Thanks SNB Forums member @chongnt NOTE: Will default to 10s[econds] if the following is issued. e = Exit Script [?] E:Option ==> createconfig Warning: WireGuard® configuration file '/jffs/addons/wireguard/WireguardVPN.conf' already exists!...renamed to 'WireguardVPN.conf20220516-102903' CHANGE: Auto-tag ''/jffs/addons/wireguard/WireguardVPN.conf'' revision header with wireguard_version number #24 is ALWAYS used)e = Exit Script Press y to Create 'server' Peer (wg22) 10.50.2.1/24:11502 or press [Enter] to SKIP. CHANGE: Imported .conf files (such as generated by Unraid server) may be free format white-space (except '[Interface]' and '[Peer]') and comments may be present at the end of each directive - Thanks SNB Forums member @endiz i.e. # TorGuard USA, Miami [Interface] PrivateKey =cABV/T/uOJ3Kp/gKEMiO9+DoDOOV9J350B3YimoA+HA= #ListenPort = 51820 MTU = 1292 DNS =1.1.1.1 , 2606:4700:4700::1111 # Cloudflare Address= 10.13.55.61/24 [Peer] PublicKey=p/EATiwrAp/nL2j4/Qmp/Th3+Pc/0SFPT+yGK1aUywI= AllowedIPs= 0.0.0.0/0 , ::/0 # ALL Traffic Endpoint =146.70.51.98:1443 # Welcome to Miami PersistentKeepalive=25 FIX: Allow 'dns =' as provided by Integrity VPN (https://integrity.st/) rather than standard 'DNS =' in 'xxxxxx.conf' - Thanks SNB Forums member @Johndoe85 FIX: Command 'peer import xxxxxx' now removes embedded spaces from DNS,Address and AllowedIPs directives e.g. '1.1.1.1 , 2606:4700:4700::1111' ===> '1.1.1.1,2606:4700:4700::1111' FIX: Regression; Cron 'cru a WireGuard_ChkDDNSwg1X */5 * * * * /jffs/addons/wireguard/wg_ChkEndpointDDNS.sh wg1X' unnecessarily scheduled for non-DDNS Endpoints CHANGE: Command 'uf dev' will now Auto-update '/jffs/addons/wireguard/WireguardVPN.conf' if NEW directive(s) APPENDED/ADDED. Command 'createconfig [force]' added to manually FORCE updating '/jffs/addons/wireguard/WireguardVPN.conf' if the previous existing default value has changed. NEW: 'client' Peer 'Post*/Pre*/' .conf directives can now use '%num' to be substituted by the wg1X instance 'X' e.g. 'ip rule add ..... prio 998%num' FIX: Regression; Command 'peer wg1X allowedips=xxxxxx' fails due to syntax error FIX: Modifying free-format directive value fails e.g. 'dNs= 1.1.1.1 # Cloudflare' 'peer wg1X dns=9.9.9.9' incorrectly generates 'dNs= 1.1.1.1 9.9.9.9 Cloudflare' NEW: Command 'peer wg1X endpoint=' to allow changing 'client' Peer Endpoint (say from DDNS to specific IP etc.) e = Exit Script [?] E:Option ==> peer wg17 endpoint=146.70.51.98:1443 [✔] Updated 'client' Peer Endpoint Client Auto IP Endpoint DNS MTU Annotate wg17 N 10.13.55.61/24 146.70.51.98:1443 1.1.1.1 1292 # TorGuard USA, Miami Server Client Passthru wg22 wg17 10.50.2.1/24 Configuration rules for Peer wg17 PostUp = ip rule add from 10.50.2.4/32 lookup main prio 998%num PostDown = ip rule del from 10.50.2.4/32 lookup main prio 998%num FIX: Peer display (see above) incorrectly shows '#Pre*/#Post*' commands as ACTIVE (when in fact they are actually commented out! in .conf) so suppress them. FIX: Finally! - Command 'wgm help' now displays the corrected subset of available command line commands and syntax with examples wgm [ help | -h ] wgm [ { start | stop | restart } [wg_interface]... ] wgm [ list | show | ? | diag | import {xxxxx[.conf]} | uninstall ] wgm [ menu { hide | show } ] [ colo[u]r { off | on } ] NEW: Add banner during install that WireGuard® is currently incompatible with Hardware Acceleration (fc disable) Flow Cache EXPERIMENTAL: WebUI 'wg_manager.asp' added to allow wg_manager commands to be submitted via the Addons WebUI TAB. e = Exit Script [?] E:Option ==> uf dev the repeat to physically download 'wg_manager.asp' that was defind in the previous 'wg_manager.sh' update e = Exit Script [?] E:Option ==> uf dev e = Exit Script [?] E:Option ==> www mount Hopefully the 'WireGuard Manager' ADDon Tab will be present To permanently use the WEbUI, then update the configuration to set the 'WEBUI' directive e = Exit Script [?] E:Option ==> createconfig To remove the WebUI ......Comment out 'WEBUI' configuration file using 'vx' then e = Exit Script [?] E:Option ==> www unmount EXPERIMENTAL: WebUI 'wg_manager.asp' added to allow wg_manager commands to be submitted via the Addons WebUI TAB. NEW Add WebuI support for ALL commands (except QRCODE) FIX: Config options such as USE_ENTWARE_KERNEL_MODULE, NOIPV6 etc. should now have the appropriate radio button highlighted. NEW: Support Importing WireGuard 'client' configurations direct from say a Win Laptop. FIX: IPv6 DNS for 'client' Peers in Policy not set - Thanks SNB Forums member @ZebMcKayhan CHANGE: As part of WebUI implementation (it makes sense to) automatically set auto=y for new Peer profile .conf imports. NEW: Add esoteric 'vi' editor as alternative to default (much more human-friendly) 'nano' - SNB Forums member @jgrana 'feature' request View the .conf e = Exit Script [?] E:Option ==> vi and to edit/modify e = Exit Script [?] E:Option ==> vix CHANGE: Command 'peer import' will now assume command is 'peer import ?' to list available .confs for import. NEW: Include version numbers of the auxilliary scripts wg_client/wg_manager for the 'About/?' command NEW: Command '?' can now also be invoked using 'About' to conform to menu description/colour used by other menu options
- Loading branch information