aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils/wireguard-tools
diff options
context:
space:
mode:
Diffstat (limited to 'package/network/utils/wireguard-tools')
-rw-r--r--package/network/utils/wireguard-tools/Makefile8
-rw-r--r--package/network/utils/wireguard-tools/files/wireguard.sh26
-rw-r--r--package/network/utils/wireguard-tools/files/wireguard_watchdog10
3 files changed, 38 insertions, 6 deletions
diff --git a/package/network/utils/wireguard-tools/Makefile b/package/network/utils/wireguard-tools/Makefile
index 5f8da147c16..e2a86c97d8d 100644
--- a/package/network/utils/wireguard-tools/Makefile
+++ b/package/network/utils/wireguard-tools/Makefile
@@ -7,16 +7,15 @@
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=wireguard-tools
-PKG_VERSION:=1.0.20210223
-PKG_RELEASE:=2
+PKG_VERSION:=1.0.20210914
+PKG_RELEASE:=3
PKG_SOURCE:=wireguard-tools-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-tools/snapshot/
-PKG_HASH:=1f72da217044622d79e0bab57779e136a3df795e3761a3fc1dc0941a9055877c
+PKG_HASH:=97ff31489217bb265b7ae850d3d0f335ab07d2652ba1feec88b734bc96bd05ac
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
@@ -24,7 +23,6 @@ PKG_LICENSE_FILES:=COPYING
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
-include $(INCLUDE_DIR)/package-defaults.mk
MAKE_PATH:=src
MAKE_VARS += PLATFORM=linux
diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh
index 63261aea71d..f6ad967b404 100644
--- a/package/network/utils/wireguard-tools/files/wireguard.sh
+++ b/package/network/utils/wireguard-tools/files/wireguard.sh
@@ -26,6 +26,7 @@ proto_wireguard_init_config() {
proto_wireguard_setup_peer() {
local peer_config="$1"
+ local disabled
local public_key
local preshared_key
local allowed_ips
@@ -34,6 +35,7 @@ proto_wireguard_setup_peer() {
local endpoint_port
local persistent_keepalive
+ config_get_bool disabled "${peer_config}" "disabled" 0
config_get public_key "${peer_config}" "public_key"
config_get preshared_key "${peer_config}" "preshared_key"
config_get allowed_ips "${peer_config}" "allowed_ips"
@@ -42,6 +44,11 @@ proto_wireguard_setup_peer() {
config_get endpoint_port "${peer_config}" "endpoint_port"
config_get persistent_keepalive "${peer_config}" "persistent_keepalive"
+ if [ "${disabled}" -eq 1 ]; then
+ # skip disabled peers
+ return 0
+ fi
+
if [ -z "$public_key" ]; then
echo "Skipping peer config $peer_config because public key is not defined."
return 0
@@ -95,6 +102,23 @@ proto_wireguard_setup_peer() {
fi
}
+ensure_key_is_generated() {
+ local private_key
+ private_key="$(uci get network."$1".private_key)"
+
+ if [ "$private_key" == "generate" ]; then
+ local ucitmp
+ oldmask="$(umask)"
+ umask 077
+ ucitmp="$(mktemp -d)"
+ private_key="$("${WG}" genkey)"
+ uci -q -t "$ucitmp" set network."$1".private_key="$private_key" && \
+ uci -q -t "$ucitmp" commit network
+ rm -rf "$ucitmp"
+ umask "$oldmask"
+ fi
+}
+
proto_wireguard_setup() {
local config="$1"
local wg_dir="/tmp/wireguard"
@@ -104,6 +128,8 @@ proto_wireguard_setup() {
local listen_port
local mtu
+ ensure_key_is_generated "${config}"
+
config_load network
config_get private_key "${config}" "private_key"
config_get listen_port "${config}" "listen_port"
diff --git a/package/network/utils/wireguard-tools/files/wireguard_watchdog b/package/network/utils/wireguard-tools/files/wireguard_watchdog
index c0a5a0aa33c..fc90f4a25b3 100644
--- a/package/network/utils/wireguard-tools/files/wireguard_watchdog
+++ b/package/network/utils/wireguard-tools/files/wireguard_watchdog
@@ -17,6 +17,7 @@
check_peer_activity() {
local cfg=$1
local iface=$2
+ local disabled
local public_key
local endpoint_host
local endpoint_port
@@ -24,9 +25,16 @@ check_peer_activity() {
local last_handshake
local idle_seconds
+ config_get_bool disabled "${cfg}" "disabled" 0
config_get public_key "${cfg}" "public_key"
config_get endpoint_host "${cfg}" "endpoint_host"
config_get endpoint_port "${cfg}" "endpoint_port"
+
+ if [ "${disabled}" -eq 1 ]; then
+ # skip disabled peers
+ return 0
+ fi
+
persistent_keepalive=$(wg show ${iface} persistent-keepalive | grep ${public_key} | awk '{print $2}')
# only process peers with endpoints and keepalive set
@@ -51,7 +59,7 @@ check_peer_activity() {
}
# query ubus for all active wireguard interfaces
-wg_ifaces=$(ubus -S call network.interface dump | jsonfilter -e '@.interface[@.up=true]' | jsonfilter -a -e '@[@.proto="wireguard"].interface' | tr "\n" " ")
+eval $(ubus -S call network.interface dump | jsonfilter -e 'wg_ifaces=@.interface[@.up=true && @.proto="wireguard"].interface')
# check every peer in every active wireguard interface
config_load network
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-15 18:55:14 +0000