81 lines
2.6 KiB
Plaintext
81 lines
2.6 KiB
Plaintext
|
#!/usr/bin/perl -w
|
||
|
|
||
|
package esmith;
|
||
|
|
||
|
use strict;
|
||
|
use Errno;
|
||
|
use esmith::ConfigDB;
|
||
|
use esmith::AccountsDB;
|
||
|
use NetAddr::IP;
|
||
|
use Net::Netmask;
|
||
|
use NetAddr::IP;
|
||
|
|
||
|
my $conf = esmith::ConfigDB->open;
|
||
|
my $netdb = esmith::ConfigDB->open('networks');
|
||
|
my $accounts = esmith::AccountsDB->open;
|
||
|
esmith::ConfigDB->create('/home/e-smith/db/wireguard') unless (-f '/home/e-smith/db/wireguard');
|
||
|
my $wg = esmith::ConfigDB->open('/home/e-smith/db/wireguard') or die 'wireguard db missing';
|
||
|
my $wg0 = $conf->get('wg-quick@wg0');
|
||
|
my $wgip = $wg0->prop('ip') or die 'wireguard IP not configured';
|
||
|
my $wgmask = $wg0->prop('mask') or die 'wireguard network mask not configured';
|
||
|
#wg-quick@wg0=service
|
||
|
# ip=172.16.0.1
|
||
|
# mask=22
|
||
|
my $block = Net::Netmask->new("$wgip/$wgmask", shortnet => 1);
|
||
|
my $ip = $block->base;
|
||
|
my $mask = $block->mask;
|
||
|
|
||
|
#count clients
|
||
|
my @client = $wg->get_all_by_prop(type=>"wg0");
|
||
|
my $clients = scalar @client;
|
||
|
|
||
|
#check is_rfc1918
|
||
|
#if yes proceed
|
||
|
my $skipme = 0;
|
||
|
my $rfc=NetAddr::IP->new($wgip,$wgmask);
|
||
|
unless ( $rfc->is_rfc1918() ) {
|
||
|
if ($clients == 0 ) {
|
||
|
#if not and no clients make it compliant 172.16.0.1/22 as default
|
||
|
my $minimum=16;
|
||
|
my $maximum=32;
|
||
|
my $x = $minimum + int(rand($maximum - $minimum));
|
||
|
warn("$wgip/$wgmask is not considered as a LAN addressing, set default to 172.$x.0.1/22");
|
||
|
$wgip="172.$x.0.1";$wgmask="22";
|
||
|
$wg0->set_prop('ip',$wgip); $wg0->set_prop('mask',$wgmask);
|
||
|
$block = Net::Netmask->new("$wgip/$wgmask", shortnet => 1);
|
||
|
$ip = $block->base;
|
||
|
$mask = $block->mask;
|
||
|
}
|
||
|
else {
|
||
|
#if not and clients configured, disable service delete network
|
||
|
warn("$wgip/$wgmask is not considered as a LAN addressing, adding this network to SME trusted network could allow email relaying. Disabling service.");
|
||
|
warn("Please remove configured client and start your configuration from scratch");
|
||
|
$wg0->set_prop('status','disabled');
|
||
|
$skipme=1; $ip="nop";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
#if yes proceed
|
||
|
#if not and no clients make it compliant 172.16.0.1/22 as default
|
||
|
#if not and clients configured, disable service delete network
|
||
|
|
||
|
#First delete any already there.
|
||
|
my @wg = $netdb->get_all_by_prop(Wireguard=>"wg0");
|
||
|
foreach my $netwg (@wg) {
|
||
|
next if ($netwg->key eq $ip and $netwg->prop('Mask') eq $mask);
|
||
|
print "delete " . $netwg->key;
|
||
|
$netwg->delete();
|
||
|
}
|
||
|
# and then create one from the wireguard server ip
|
||
|
my $iswg=$netdb->get($ip);
|
||
|
unless ($iswg or $skipme == 1) {
|
||
|
$netdb->new_record("$ip",{ type => "network",
|
||
|
Mask => "$mask",
|
||
|
Wireguard => "wg0",
|
||
|
});
|
||
|
system("/sbin/e-smith/signal-event network-create $ip");
|
||
|
print "creating $ip network with $mask for $wgip/$wgmask";
|
||
|
exit;
|
||
|
}
|
||
|
|