smecontribs/smeserver-wireguard
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for smeserver-wireguard on Sat Sep 7 16:45:37 AEST 2024

Browse Source
This commit is contained in:
Trevor Batley
2024-09-07 16:45:37 +10:00
parent 224708b82c
commit b7eed5fe86
69 changed files with 9053 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
root/etc/e-smith/events/actions/wireguard-network Executable file
View File

@@ -0,0 +1,80 @@
#!/usr/bin/perl -w
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::AccountsDB;
use NetAddr::IP;
use Net::Netmask;
use NetAddr::IP;
my $conf = esmith::ConfigDB->open;
my $netdb = esmith::ConfigDB->open('networks');
my $accounts = esmith::AccountsDB->open;
esmith::ConfigDB->create('/home/e-smith/db/wireguard') unless (-f '/home/e-smith/db/wireguard');
my $wg = esmith::ConfigDB->open('/home/e-smith/db/wireguard') or die 'wireguard db missing';
my $wg0 = $conf->get('wg-quick@wg0');
my $wgip = $wg0->prop('ip') or die 'wireguard IP not configured';
my $wgmask = $wg0->prop('mask') or die 'wireguard network mask not configured';
#wg-quick@wg0=service
# ip=172.16.0.1
# mask=22
my $block = Net::Netmask->new("$wgip/$wgmask", shortnet => 1);
my $ip = $block->base;
my $mask = $block->mask;
#count clients
my @client = $wg->get_all_by_prop(type=>"wg0");
my $clients = scalar @client;
#check is_rfc1918
#if yes proceed
my $skipme = 0;
my $rfc=NetAddr::IP->new($wgip,$wgmask);
unless ( $rfc->is_rfc1918() ) {
if ($clients == 0 ) {
#if not and no clients make it compliant 172.16.0.1/22 as default
my $minimum=16;
my $maximum=32;
my $x = $minimum + int(rand($maximum - $minimum));
warn("$wgip/$wgmask is not considered as a LAN addressing, set default to 172.$x.0.1/22");
$wgip="172.$x.0.1";$wgmask="22";
$wg0->set_prop('ip',$wgip); $wg0->set_prop('mask',$wgmask);
$block = Net::Netmask->new("$wgip/$wgmask", shortnet => 1);
$ip = $block->base;
$mask = $block->mask;
}
else {
#if not and clients configured, disable service delete network
warn("$wgip/$wgmask is not considered as a LAN addressing, adding this network to SME trusted network could allow email relaying. Disabling service.");
warn("Please remove configured client and start your configuration from scratch");
$wg0->set_prop('status','disabled');
$skipme=1; $ip="nop";
}
}
#if yes proceed
#if not and no clients make it compliant 172.16.0.1/22 as default
#if not and clients configured, disable service delete network
#First delete any already there.
my @wg = $netdb->get_all_by_prop(Wireguard=>"wg0");
foreach my $netwg (@wg) {
next if ($netwg->key eq $ip and $netwg->prop('Mask') eq $mask);
print "delete " . $netwg->key;
$netwg->delete();
}
# and then create one from the wireguard server ip
my $iswg=$netdb->get($ip);
unless ($iswg or $skipme == 1) {
$netdb->new_record("$ip",{ type => "network",
Mask => "$mask",
Wireguard => "wg0",
});
system("/sbin/e-smith/signal-event network-create $ip");
print "creating $ip network with $mask for $wgip/$wgmask";
exit;
}

104
root/etc/e-smith/events/actions/wireguard-user-create Executable file
View File

@@ -0,0 +1,104 @@
#!/usr/bin/perl -w
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::AccountsDB;
#use Net::IP;
use NetAddr::IP;
my $conf = esmith::ConfigDB->open_ro;
my $accounts = esmith::AccountsDB->open;
esmith::ConfigDB->create('/home/e-smith/db/wireguard') unless (-f '/home/e-smith/db/wireguard');
my $wg = esmith::ConfigDB->open('/home/e-smith/db/wireguard') or die 'wireguard db missing';
my $wg0 = $conf->get('wg-quick@wg0');
my $wgip = $wg0->prop('ip') or die 'wireguard IP not configured';
my $wgmask = $wg0->prop('mask') or die 'wireguard network mask not configured';
my $clientmask = 32;
#wg-quick@wg0=service
# ip=172.16.0.1
# mask=22
my $event = $ARGV [0];
my $userName = $ARGV [1];
my $info = $ARGV [2];
#------------------------------------------------------------
# Create a wireguard peer for the user
#------------------------------------------------------------
die "username argument missing" unless defined ($userName);
# check username exists in accounts as user or die
#TODO get network ip/bit if mask is not a bitmask
#TODO array of already used IP
my @rec = ( defined $wg ) ? $wg->keys() : undef;
push @rec, $wgip;
my @out= map { (my $foo = $_) =~s/\/32//; $foo;} @rec;
@rec= @out;
# get next available IP
my $nextip=undef;
#my $mid = new Net::IP($wgip, 4);
#my $mask = Net::IP::ip_get_mask($wgmask, 4);
#my $first = Net::IP::ip_bintoip($mid->binip() & $mask,4);
#my $ip = new Net::IP("$first/$wgmask", 4) or die (Net::IP::Error());
#do {
# print $ip->ip(), "\n";
# $nextip=$ip->ip();
# exit unless (@rec ~~ $nextip);
#} while (++$ip);
sub make_ip_iterator {
my $ip = shift;
my $mask = NetAddr::IP->new($ip);
my $i = 0;
return sub {
return $mask->nth($i++);
}
}
my $iterator = make_ip_iterator("$wgip/$wgmask");
while (my $ip = NetAddr::IP->new($iterator->())->addr() ) {
print "$ip \n";
next if ( $ip ~~ @rec );
$nextip=$ip;
last;
}
die "no IP available in defined range" unless defined($nextip);
print "$nextip\n";
# generate private
my $private= `/usr/bin/wg genkey`;
chomp $private;
my $public=`/usr/bin/echo $private | /usr/bin/wg pubkey`;
chomp $public;
# wireguard
# #private;public;ips;info#private;public;ips;info
# #private and public is base64 : +/= could be in it
# #ips can be v4 or v6 with subnet ./:,
# #info could have letters, digit and space
# # to separate multiple #
my $allowedips ="";
# create db entry
# db wireguard set IP/mask wg0 user $userName private $private public $public allowedips $allowedips info $info status disabled
# do we want lan access ; do we want redirect gw/dns
#print "db wireguard set $nextip/$clientmask wg0 user $userName private $private public $public allowedips $allowedips info $info status enabled\n";
my %props = (
'type', "wg0",
'user', $userName,
'private', $private,
'public', $public,
'allowedips', $allowedips,
'info', $info,
'status', 'enabled'
);
$wg->new_record( "$nextip/$clientmask", \%props );