Skip to content

Production Stable Release
Compare
Choose a tag to compare
@MartineauUK MartineauUK released this 09 Mar 14:36
· 32 commits to main since this release
v4.15
cce397e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

FIX: When creating Road Warrior peer 'create xxxx' eliminate spurious prompt for non-existant 'server' Peer

	Press y to ADD device Peer 'xxxx' to remote 'server' Peer () or press [Enter] to SKIP.
	y
	cat: can't open '/tmp/xxxx.conf': No such file or directory
	cat: can't open '/opt/etc/wireguard.d/_public.key': No such file or directory

FIX: 'create xxxx site=ssss' command defaults to DNS '1.1.1.1'; should include tunnel DNS servers i.e. '10.9.8.1,1.1.1.1'
FIX: 'peer xxxx del' for a Site-to-Site 'server' should delete its sibling 'device' Peer
CHANGE: Allow 'auto=S' when creating/importing Site-to-Site 'server' Peer
CHANGE: When creating a new Road Warrior Peer, only display QRCode if it is bound to its target 'server' Peer
FIX: Command 'peer xxxx comment This is a descriptive comment' request was not applied for 'device' Peers
FIX: Command 'site2site Home Cabin' now includes 'Home.conf' in list of files to be ported to remote site and instructions to then import as 'device'
CHANGE: Reorder Peer initialisation sequence during @boot 'start' command i.e. Servers first but in ascending order 'wg21' then 'wg22' etc.
CHANGE: Before appending Road Warrior Peers to 'server' Peer .conf file(s); delete all trailing blank lines.
EXPERIMENTAL: Add 'bind' option 'peer server_peer bind device_peer [allowed_ips]' e.g. peer wg21 bind iPad
FIX: When initialising 'server' Peer, route for its Subnet (say 10.50.1.1/24) is already added to 'wg2x' interface, but processing function cmd(); 'AllowedIPS=' Road Warrior 'client' Peer can generate duplicates:

		ip route add 10.50.1.2/32 dev wg21
		RTNETLINK answers: File exists

FIX: Command 'peer new wg27' fails because 'ip=' directive is not specified, so imply/use 'ip=10.50.7.0/24'

	 ***ERROR: '' must be IPv4 CIDR

CHANGE: If using wg-quick Pre*/Post* directives in the .conf files, attempt to prevent duplicate firewall rules being created on Peer initialisation.
FIX: Issue 'chmod 600 ${CONFIG_DIR}wgxx.conf' etc. for 'import xxxx/peer new' and 'site2site' commands to prevent wg-quick issuing

		"Warning: '/opt/etc/wireguard.d/wgxx.conf' is world accessible"

FIX: 'unbound' file reference corrected to 'wg_manager'
CHANGE: Change 'livin' command to allow any source IP/CIDR
NEW: 'menu [ hide | show ]' to temporarily suppress the menu being display after every command (useful on mobiles)
Uncomment 'NOMENU' in '/jffs/addons/wireguard/WireguardVPN.conf' for permanent suppression.
NEW: 'colo[u]r { on | off }' to permanently disable the ANSI/ASCII colour/attribute escape sequences
CHANGE: Suppress ANSI colours/attributes escape sequences if menu command 'colo[u]r off' was used.
FIX: Revert detection of possible duplicate 'AllowIPs' routes for Site-to-Site 'server' Peers- SNB Forums member @jgrana
FIX: 'site2site' command prevent duplicate site names
CHANGE: Recognise/allow use of '^MTU =' in 'server' .conf to override 1420 default - SNB Forums member @bearnet
FIX: 'site2site' command should not allow duplicate site names
CHANGE: 'site2site' command will (if 7z installed) now create ZIP file of remote Peer files to be copied to remote site

	WireGuard Site-to-Site Peers Home and Cabin created


    Copy Cabin/Home files: (included in ZIP '/opt/etc/wireguard.d/WireGuard_Cabin.7z')

2022-02-17 09:01:49 ....A 645 395 Cabin.conf
2022-02-17 09:01:33 ....A 45 49 Cabin_private.key
2022-02-17 09:01:33 ....A 45 49 Cabin_public.key
2022-02-17 09:01:49 ....A 642 393 Home.conf
2022-02-17 09:01:33 ....A 45 49 Home_private.key
2022-02-17 09:01:33 ....A 45 49 Home_public.key

    to remote location


    Import Home.conf on remote site using 'import Home type=device'


    Press y to import Home or press [Enter] to SKIP.


Import Home.conf on remote site using 'import Home type=device'

CHANGE: 'site2site' command will not add remote SiteB to SQL table 'devices' unless local SiteA .config is imported.
NEW: Include @ZebMcKayhan's 'wgmExpo.sh' script during install/'uf' request
NEW: Expose 'uninstall' to command line
NEW: Expose menu option (3) 'list' to command line
FIX: Generate Stats for Site-to-Site configuration ALWAYS shows Bytes received Rx=0; Bytes sent Tx=0 for 'Period:' - Thanks SNB forums member @jgrana

     Feb 24 03:59:00 RT-AX86U-Cabin (wg_manager.sh): 21734 Home: transfer: 94.80 MiB received, 163.31 MiB sent               1 days 09:39:35 from 2022-02-22 18:19:25
     Feb 24 03:59:00 RT-AX86U-Cabin (wg_manager.sh): 21734 Home: period : 0 Bytes received, 0 Bytes sent (Rx=0;Tx=0)

NEW: If Site-to-Site configuration uses DDNS as the Endpoints rather than resolved IPv4(IPv6?) addresses, then use cru (cron) to schedule 'wg_ChkEndpointDDNS.sh' to refresh the DDNS IP address if Peer is found to be dormant.
     NOTE: This is also applicable to 'client' Peers although most WireGuard VPN ISPs such as Mullvad only use resolved IPv4(IPv6?) Endpoint addresses?
     (Road Warrior Peers will be exposed unless they can use say Tasker on Android etc. to perform a similar function otherwise force restart the Road Warrior WireGuard connection profile).

FIX: Site2-to-Site for hourly ('generatestats') Period metrics are negative???.... Beta fix to attempt to reset on interface start....
NEW: Creation of a 'server' Peer can now be IPv4 (default or forced via 'NOIPV6') or Dual-stack (IPv4+IPv6) or IPv6 ONLY.

     peer help
	 
		peer new [peer_name [options]]       - Create new server Peer             e.g. peer new wg27 ip=10.50.99.1/24 port=12345
		peer new [peer_name] {ipv6}          - Create new IPv4+IPv6  server Peer  e.g. peer new ipv6
		peer new [peer_name] {ipv6 noipv4}	 - Create new IPv6 Only  server Peer  e.g. peer new ipv6 noipv4

NEW: Creation of a Road-Warrior 'client' Peer will honour the 'server' Peer it is bound to - i.e. 'client' Peer Address = IPv4 (default) or IPv4+IPv6 or IPv6 Only
NEW: Expose menu option '?' to command line
FIX: Allow user to specify both IPv4 & IPv6 subnets when creating the Dual-stack 'server' Peer

     peer new ip=192.168.100.1/24 ipv6=fc00:192:168:100::1/64

FIX: Reinstate missing 'server' Peer rule 'iptables -I FORWARD -i $VPN_ID -j ACCEPT' - SNB Forums member @ZebMcKayhan
FIX: When creating 'server' Peer, only NAT IPv4 addresses
CHANGE: When creating 'server' Peer, add both IPv4 & IPv6 addresses to interface for Dual-stack (IPv4+IPv6)
FIX: Creating Road-Warrior 'device' Peer uses corrupted IPv6 - Thanks SNB Forums member @ZebMcKayhan
e.g. ipv6=fc00:192:168:100::1/64 used to create 'server' Peer but

	Road-Warrior 'device' Peer iPhone assigned fc00:192:168::2/128

FIX: Road-Warrior 'device' Peers get duplicate IPv6 address
NEW: Allow purging of stale statistics records using command

	trimdb { '?' | days [ 'traffic' | 'sessions' ] ['auto'] } 
	
	e.g. Manually schedule cron to purge records older than 90 days @07:00 every Sunday
	
			cru a Wireguard_Database "0 7 * * 6 /jffs/addons/wireguard/wireguard_manager.sh trimdb 90"
	
	trimdb ?
	
			Table traffic: oldest Tue Mar 8 11:09:17 2022 records 12345
			Table session: oldest Mon Mar 7 20:08:30 2022 records 45

Contributors

jgrana, bearnet, and 2 other contributors
Assets 2
Loading