Merge branch 'dev-23.05'

.github/workflows/openwrt-awg.yml

@@ -36,7 +36,11 @@ jobs:
           rm -rf bin/targets/${target}/${subtarget}/packages/  || true
 
           wget https://downloads.openwrt.org/releases/${{ matrix.tag }}/targets/${target}/${subtarget}/feeds.buildinfo -O feeds.conf
+<<<<<<< HEAD
           echo "src-git awgopenwrt https://github.com/lolo6oT/awg-openwrt.git" >> ./feeds.conf
+=======
+          echo "src-git awgopenwrt https://github.com/lolo6oT/awg-openwrt.git" >> ./feeds.conf
+>>>>>>> dev-23.05
 
           ./scripts/feeds update -a
           ./scripts/feeds install -a

amneziawg-go/Makefile

@@ -27,7 +27,7 @@ include ../../packages/lang/golang/golang-package.mk
 define Package/amneziawg-go
   SECTION:=net
   CATEGORY:=Network
-  TITLE:=amneziawg-go
+  TITLE:=AmneziaWG userspace implementation program (amneziawg-go)
   DEPENDS:=$(GO_ARCH_DEPENDS)
 endef
 

amneziawg-tools/Makefile

@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=amneziawg-tools
 PKG_VERSION:=1.0.20240213
-PKG_RELEASE:=1
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=v$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/amnezia-vpn/amneziawg-tools/archive/refs/tags/

amneziawg-tools/files/amneziawg.sh

@@ -2,8 +2,6 @@
 # Copyright 2016-2017 Dan Luedtke <mail@danrl.com>
 # Licensed to the public under the Apache License 2.0.
 
-# shellcheck disable=SC1091,SC3003,SC3043
-
 WG=/usr/bin/awg
 if [ ! -x $WG ]; then
 	logger -t "amneziawg" "error: missing amneziawg-tools (${WG})"
@@ -30,9 +28,7 @@ proto_amneziawg_init_config() {
 	proto_config_add_int "awg_h2"
 	proto_config_add_int "awg_h3"
 	proto_config_add_int "awg_h4"
-# shellcheck disable=SC2034
 	available=1
-# shellcheck disable=SC2034
 	no_proto_task=1
 }
 
@@ -139,7 +135,7 @@ ensure_key_is_generated() {
 	local private_key
 	private_key="$(uci get network."$1".private_key)"
 
-	if [ "$private_key" = "generate" ]; then
+	if [ "$private_key" == "generate" ]; then
 		local ucitmp
 		oldmask="$(umask)"
 		umask 077
@@ -201,7 +197,7 @@ proto_amneziawg_setup() {
 
 	if proto_amneziawg_is_kernel_mode; then
 		logger -t "amneziawg" "info: using kernel-space kmod-amneziawg for ${WG}"
-  	ip link del dev "${config}" 2>/dev/null
+  		ip link del dev "${config}" 2>/dev/null
 		ip link add dev "${config}" type amneziawg
 	else
 		logger -t "amneziawg" "info: using user-space amneziawg-go for ${WG}"
@@ -291,8 +287,7 @@ proto_amneziawg_setup() {
 
 	# endpoint dependency
 	if [ "${nohostroute}" != "1" ]; then
-# shellcheck disable=SC2034
-		${WG} show "${config}" endpoints | \
+		awg show "${config}" endpoints | \
 		sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
 		while IFS=$'\t ' read -r key address port; do
 			[ -n "${port}" ] || continue
@@ -305,7 +300,6 @@ proto_amneziawg_setup() {
 
 proto_amneziawg_teardown() {
 	local config="$1"
-	proto_amneziawg_check_installed
 	if proto_amneziawg_is_kernel_mode; then
 		ip link del dev "${config}" >/dev/null 2>&1
 	else

amneziawg-tools/files/amneziawg_watchdog

@@ -11,8 +11,6 @@
 # Run this script from cron every minute:
 # echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
 
-# shellcheck disable=SC1091,SC3043
-
 . /lib/functions.sh
 
 check_peer_activity() {
@@ -46,22 +44,21 @@ check_peer_activity() {
   # check taken from packages/net/ddns-scripts/files/dynamic_dns_functions.sh
   local IPV4_REGEX="[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}"
   local IPV6_REGEX="\(\([0-9A-Fa-f]\{1,4\}:\)\{1,\}\)\(\([0-9A-Fa-f]\{1,4\}\)\{0,1\}\)\(\(:[0-9A-Fa-f]\{1,4\}\)\{1,\}\)"
-	local IPV4 IPV6
-  IPV4="$(echo "${endpoint_host}" | grep -m 1 -o "$IPV4_REGEX$")"    # do not detect ip in 0.0.0.0.example.com
-  IPV6="$(echo "${endpoint_host}" | grep -m 1 -o "$IPV6_REGEX")"
-  [ -n "${IPV4}${IPV6}" ] && return 0;
+  local IPV4="$(echo "${endpoint_host}" | grep -m 1 -o "$IPV4_REGEX$")"    # do not detect ip in 0.0.0.0.example.com
+  local IPV6="$(echo "${endpoint_host}" | grep -m 1 -o "$IPV6_REGEX")"
+  [ -n "${IPV4}" -o -n "${IPV6}" ] && return 0;
 
   # re-resolve endpoint hostname if not responding for too long
   last_handshake=$(awg show "${iface}" latest-handshakes | grep "${public_key}" | awk '{print $2}')
   [ -z "${last_handshake}" ] && return 0;
-  idle_seconds=$(($(date +%s)-last_handshake))
+  idle_seconds=$(($(date +%s)-"${last_handshake}"))
   [ ${idle_seconds} -lt 150 ] && return 0;
   logger -t "amneziawg_monitor" "${iface} endpoint ${endpoint_host}:${endpoint_port} is not responding for ${idle_seconds} seconds, trying to re-resolve hostname"
   awg set "${iface}" peer "${public_key}" endpoint "${endpoint_host}:${endpoint_port}"
 }
 
 # query ubus for all active wireguard interfaces
-wg_ifaces=$(ubus -S call network.interface dump | jsonfilter -e '@.interface[@.up=true]' | jsonfilter -a -e '@[@.proto="amneziawg"].interface' | tr "\n" " ")
+eval $(ubus -S call network.interface dump | jsonfilter -e 'wg_ifaces=@.interface[@.up=true && @.proto="amneziawg"].interface')
 
 # check every peer in every active wireguard interface
 config_load network

kmod-amneziawg/Makefile

@@ -3,14 +3,14 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=kmod-amneziawg
-PKG_VERSION:=0.0.1
-PKG_RELEASE:=1
+PKG_VERSION:=1.0.0
+PKG_RELEASE:=$(AUTORELEASE)
 
 include $(INCLUDE_DIR)/package.mk
 
 define KernelPackage/amneziawg
 	SECTION:=kernel
-	CATEGORY:=Kernel Modules
+	CATEGORY:=Kernel modules
 	SUBMENU:=Network Support
 	URL:=https://amnezia.org/
 	MAINTAINER:=Amnezia Admin <admin@amnezia.org>

kmod-amneziawg/files/000-initial-amneziawg.patch

@@ -225,7 +225,7 @@ index 5506738..b45253d 100644
  		goto err_netlink;
 
 -	pr_info("WireGuard " WIREGUARD_VERSION " loaded. See www.wireguard.com for information.\n");
-+	pr_info("WireGuard " WIREGUARD_VERSION " (Amnezia VPN) loaded. See www.wireguard.com for information.\n");
++	pr_info("WireGuard " WIREGUARD_VERSION " (AmneziaWG) loaded. See www.amnezia.org for information.\n");
  	pr_info("Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.\n");
 
  	return 0;
@@ -234,7 +234,7 @@ index 5506738..b45253d 100644
  module_exit(wg_mod_exit);
  MODULE_LICENSE("GPL v2");
 -MODULE_DESCRIPTION("WireGuard secure network tunnel");
-+MODULE_DESCRIPTION("WireGuard (Amnezia VPN) secure network tunnel");
++MODULE_DESCRIPTION("WireGuard (AmneziaWG) secure network tunnel");
  MODULE_AUTHOR("Jason A. Donenfeld <Jason@zx2c4.com>");
  MODULE_VERSION(WIREGUARD_VERSION);
  MODULE_ALIAS_RTNL_LINK(KBUILD_MODNAME);

luci-proto-amneziawg/Makefile

@@ -7,10 +7,10 @@
 include $(TOPDIR)/rules.mk
 
 PKG_MAINTAINER:=Amnezia Admin <admin@amnezia.org>
-PKG_VERSION:=0.0.1-1
-LUCI_TITLE:=AmneziaWG Web UI
+PKG_VERSION:=1.0.0-$(AUTORELEASE)
+LUCI_TITLE:=Support for AmneziaWG Web UI
 LUCI_DESCRIPTION:=Provides Web UI for AmneziaWG
-LUCI_DEPENDS:=+luci-base +amneziawg-tools +ucode
+LUCI_DEPENDS:=+amneziawg-tools +ucode
 LUCI_PKGARCH:=all
 
 PKG_PROVIDES:=luci-proto-amneziawg

luci-proto-amneziawg/htdocs/luci-static/resources/protocol/amneziawg.js

@@ -298,7 +298,7 @@ return network.registerProtocol("amneziawg", {
 			return true;
 		};
 
-		// AmneziaWG
+		// AmneziaWG Settings
 
 		try {
 			s.tab(
@@ -1191,23 +1191,27 @@ return network.registerProtocol("amneziawg", {
 		o.datatype = "range(0,65535)";
 		o.placeholder = "0";
 
-		o = ss.option(
-			form.DummyValue,
-			"_keyops",
-			_("Configuration Export"),
-			_("Generates a configuration suitable for import on a AmneziaWG peer")
-		);
+		o = ss.option(form.DummyValue,"_keyops",_("Configuration Export"),
+			_("Generates a configuration suitable for import on a AmneziaWG peer"));
 
 		o.modalonly = true;
 
-		o.createPeerConfig = function (section_id, endpoint, ips) {
+		o.createPeerConfig = function (section_id, endpoint, ips, eips, dns) {
 			var pub = s.formvalue(s.section, "public_key"),
-				port = s.formvalue(s.section, "listen_port") || "51820",
-				jc = s.formvalue;
-			(prv = this.section.formvalue(section_id, "private_key")),
-				(psk = this.section.formvalue(section_id, "preshared_key")),
-				(eport = this.section.formvalue(section_id, "endpoint_port")),
-				(keep = this.section.formvalue(section_id, "persistent_keepalive"));
+			    port = s.formvalue(s.section, "listen_port") || "51820",
+			    jc = s.formvalue(s.section, "awg_jc") || "2",
+			    jmin = s.formvalue(s.section, "awg_jmin") || "1",
+			    jmax = s.formvalue(s.section, "awg_jmax") || "1000",
+			    s1 = s.formvalue(s.section, "awg_s1") || "0",
+			    s2 = s.formvalue(s.section, "awg_s2") || "0",
+			    h1 = s.formvalue(s.section, "awg_h1") || "1",
+			    h2 = s.formvalue(s.section, "awg_h2") || "2",
+			    h3 = s.formvalue(s.section, "awg_h3") || "3",
+			    h4 = s.formvalue(s.section, "awg_h4") || "4",
+			    prv = this.section.formvalue(section_id, "private_key"),
+			    psk = this.section.formvalue(section_id, "preshared_key"),
+			    eport = this.section.formvalue(section_id, "endpoint_port"),
+			    keep = this.section.formvalue(section_id, "persistent_keepalive");
 
 			// If endpoint is IPv6 we must escape it with []
 			if (endpoint.indexOf(":") > 0) {
@@ -1217,7 +1221,18 @@ return network.registerProtocol("amneziawg", {
 			return [
 				"[Interface]",
 				"PrivateKey = " + prv,
+				eips && eips.length ? "Address = " + eips.join(", ") : "# Address not defined",
 				eport ? "ListenPort = " + eport : "# ListenPort not defined",
+				dns && dns.length ? "DNS = " + dns.join(", ") : "# DNS not defined",
+				"Jc = " + jc,
+				"Jmin = " + jmin,
+				"Jmax = " + jmax,
+				"S1 = " + s1,
+				"S2 = " + s2,
+				"H1 = " + h1,
+				"H2 = " + h2,
+				"H3 = " + h3,
+				"H4 = " + h4,
 				"",
 				"[Peer]",
 				"PublicKey = " + pub,
@@ -1238,11 +1253,13 @@ return network.registerProtocol("amneziawg", {
 			var mapNode = ss.getActiveModalMap(),
 				headNode = mapNode.parentNode.querySelector("h4"),
 				configGenerator = this.createPeerConfig.bind(this, section_id),
-				parent = this.map;
+				parent = this.map,
+				    eips = this.section.formvalue(section_id, 'allowed_ips');
 
 			return Promise.all([
 				network.getWANNetworks(),
 				network.getWAN6Networks(),
+				network.getNetwork('lan'),
 				L.resolveDefault(uci.load("ddns")),
 				L.resolveDefault(uci.load("system")),
 				parent.save(null, true),
@@ -1277,10 +1294,20 @@ return network.registerProtocol("amneziawg", {
 
 				var ips = ["0.0.0.0/0", "::/0"];
 
+				var dns = [];
+
+				var lan = data[2];
+				if (lan) {
+					var lanIp = lan.getIPAddr();
+					if (lanIp) {
+						dns.unshift(lanIp)
+					}
+				}
+
 				var qrm, qrs, qro;
 
 				qrm = new form.JSONMap(
-					{ config: { endpoint: hostnames[0], allowed_ips: ips } },
+					{ config: { endpoint: hostnames[0], allowed_ips: ips, addresses: eips, dns_servers: dns } },
 					null,
 					_(
 						"The generated configuration can be imported into a AmneziaWG client application to set up a connection towards this device."
@@ -1294,12 +1321,16 @@ return network.registerProtocol("amneziawg", {
 					var code = this.map.findElement(".qr-code"),
 						conf = this.map.findElement(".client-config"),
 						endpoint = this.section.getUIElement(section_id, "endpoint"),
-						ips = this.section.getUIElement(section_id, "allowed_ips");
+						ips = this.section.getUIElement(section_id, "allowed_ips"),
+					    	eips = this.section.getUIElement(section_id, 'addresses'),
+					    	dns = this.section.getUIElement(section_id, 'dns_servers');
 
 					if (this.isValid(section_id)) {
 						conf.firstChild.data = configGenerator(
 							endpoint.getValue(),
-							ips.getValue()
+							ips.getValue(),
+							eips.getValue(),
+							dns.getValue()
 						);
 						code.style.opacity = ".5";
 
@@ -1336,6 +1367,18 @@ return network.registerProtocol("amneziawg", {
 				});
 				qro.onchange = handleConfigChange;
 
+
+				qro = qrs.option(form.DynamicList, "dns_servers", _("DNS Servers"), _("DNS servers for the remote clients using this tunnel to your openwrt device. Some AmneziaWG clients require this to be set."));
+				qro.datatype = "ipaddr";
+				qro.default = dns;
+				qro.onchange = handleConfigChange;
+
+				qro = qrs.option(form.DynamicList, "addresses", _("Addresses"), _("IP addresses for the peer to use inside the tunnel. Some clients require this setting."));
+				qro.datatype = "ipaddr";
+				qro.default = eips;
+				eips.forEach(function(eip) { qro.value(eip) });
+				qro.onchange = handleConfigChange;
+
 				qro = qrs.option(form.DummyValue, "output");
 				qro.renderWidget = function () {
 					var peer_config = configGenerator(hostnames[0], ips);