Verified Commit 38230b9b authored by Štěpán Henek's avatar Štěpán Henek 🐻 Committed by Josef Schlehofer
Browse files

patches/openwrt: enable/disable wireguard peers based on uci option

parent f6eb9ae3
Pipeline #80342 passed with stages
in 28 minutes and 44 seconds
From 8e3df6837f45deeaa4a0194188a1c2ee50cb0705 Mon Sep 17 00:00:00 2001
From: Stepan Henek <stepan.henek@nic.cz>
Date: Thu, 22 Apr 2021 16:08:22 +0200
Subject: [PATCH] wireguard: enable/disable peer based on uci option
Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
---
package/network/utils/wireguard-tools/Makefile | 2 +-
package/network/utils/wireguard-tools/files/wireguard.sh | 7 +++++++
.../network/utils/wireguard-tools/files/wireguard_watchdog | 7 +++++++
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/package/network/utils/wireguard-tools/Makefile b/package/network/utils/wireguard-tools/Makefile
index ff0207d6da..a009acf472 100644
--- a/package/network/utils/wireguard-tools/Makefile
+++ b/package/network/utils/wireguard-tools/Makefile
@@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=wireguard-tools
PKG_VERSION:=1.0.20191226
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=wireguard-tools-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-tools/snapshot/
diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh
index 4c811c6ba9..6ae1803a70 100644
--- a/package/network/utils/wireguard-tools/files/wireguard.sh
+++ b/package/network/utils/wireguard-tools/files/wireguard.sh
@@ -26,6 +26,7 @@ proto_wireguard_init_config() {
proto_wireguard_setup_peer() {
local peer_config="$1"
+ local enabled
local public_key
local preshared_key
local allowed_ips
@@ -34,6 +35,7 @@ proto_wireguard_setup_peer() {
local endpoint_port
local persistent_keepalive
+ config_get_bool enabled "${peer_config}" "enabled" 1
config_get public_key "${peer_config}" "public_key"
config_get preshared_key "${peer_config}" "preshared_key"
config_get allowed_ips "${peer_config}" "allowed_ips"
@@ -42,6 +44,11 @@ proto_wireguard_setup_peer() {
config_get endpoint_port "${peer_config}" "endpoint_port"
config_get persistent_keepalive "${peer_config}" "persistent_keepalive"
+ if [ "${enabled}" -eq 0 ]; then
+ # skip disabled peers
+ return
+ fi
+
echo "[Peer]" >> "${wg_cfg}"
echo "PublicKey=${public_key}" >> "${wg_cfg}"
if [ "${preshared_key}" ]; then
diff --git a/package/network/utils/wireguard-tools/files/wireguard_watchdog b/package/network/utils/wireguard-tools/files/wireguard_watchdog
index 5fbbeafec1..3d12d00b80 100644
--- a/package/network/utils/wireguard-tools/files/wireguard_watchdog
+++ b/package/network/utils/wireguard-tools/files/wireguard_watchdog
@@ -17,6 +17,7 @@
check_peer_activity() {
local cfg=$1
local iface=$2
+ local enabled
local public_key
local endpoint_host
local endpoint_port
@@ -24,9 +25,15 @@ check_peer_activity() {
local last_handshake
local idle_seconds
+ config_get_bool enabled "${cfg}" "enabled" 1
config_get public_key "${cfg}" "public_key"
config_get endpoint_host "${cfg}" "endpoint_host"
config_get endpoint_port "${cfg}" "endpoint_port"
+
+ if [ "${enabled}" -eq 0 ]; then
+ # skip disabled peers
+ return
+ fi
persistent_keepalive=`wg show ${iface} persistent-keepalive | grep ${public_key} | awk '{print $2}'`
# only process peers with endpoints and keepalive set
--
2.30.1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment