diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 8ba6e3f79..16e592141 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -25,6 +25,7 @@ $General::swroot = 'CONFIG_ROOT';
$General::noipprefix = 'noipg-';
require "${General::swroot}/network-functions.pl";
+require "${General::swroot}/wireguard-functions.pl";
# This function executes a shell command without forking a shell or do any other
# Perl-voodoo before it. It deprecates the "system" command and is the only way
@@ -253,6 +254,13 @@ sub setup_default_networks
$defaultNetworks->{"IPsec RW (${netaddress}/${prefix})"}{'NET'} = $netaddress;
}
}
+
+ # WireGuard
+ if ($Wireguard::settings{'CLIENT_POOL'}) {
+ my $name = $Lang::tr{'wg rw peers'};
+
+ $defaultNetworks->{$name}{'NAME'} = "WGRW";
+ }
}
sub get_aliases
{
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 374cf4d66..22ef67c03 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -33,6 +33,7 @@ no warnings 'uninitialized';
require '/var/ipfire/general-functions.pl';
require '/var/ipfire/network-functions.pl';
+require '/var/ipfire/wireguard-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
require "${General::swroot}/location-functions.pl";
@@ -881,8 +882,14 @@ sub checkrule
$hint.=$Lang::tr{'fwdfw hint ip2'}." Source: $networkip1/$scidr Target: $networkip2/$tcidr
";
}
}else{
+ $errormessage .= $sip;
+ $errormessage .= $scidr;
+
+ $errormessage .= $tip;
+ $errormessage .= $tcidr;
+
if ( &General::IpInSubnet($networkip2,$sip,&General::iporsubtodec($scidr)) ){
- $errormessage.=$Lang::tr{'fwdfw err samesub'};
+ $errormessage.=$Lang::tr{'fwdfw err samesub'} . $fwdfwsettings{'grp1'} .$fwdfwsettings{$fwdfwsettings{'grp1'}} . $fwdfwsettings{'grp2'} . $fwdfwsettings{$fwdfwsettings{'grp2'}};
}
}
}
@@ -1267,20 +1274,24 @@ sub get_ip
if ($fwdfwsettings{$grp} eq $val.'_addr'){
($a,$b) = split (/\//, $fwdfwsettings{$fwdfwsettings{$grp}});
}elsif($fwdfwsettings{$grp} eq 'std_net_'.$val){
- if ($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Gr/i){
+ if ($fwdfwsettings{$fwdfwsettings{$grp}} eq "GREEN"){
$a=$netsettings{'GREEN_NETADDRESS'};
$b=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'});
- }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Ora/i){
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "ORANGE"){
$a=$netsettings{'ORANGE_NETADDRESS'};
$b=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'});
- }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /Bl/i){
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "BLUE"){
$a=$netsettings{'BLUE_NETADDRESS'};
$b=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'});
- }elsif($fwdfwsettings{$fwdfwsettings{$grp}} =~ /OpenVPN/i){
+ }elsif($fwdfwsettings{$fwdfwsettings{$grp}} eq "OpenVPN-Dyn"){
&General::readhash("$configovpn",\%ovpnsettings);
($a,$b) = split (/\//, $ovpnsettings{'DOVPN_SUBNET'});
$b=&General::iporsubtocidr($b);
}
+ # WireGuard
+ } elsif ($fwdfwsettings{$fwdfwsettings{$grp}} eq "WGRW") {
+ return $Wireguard::settings{'CLIENT_POOL'};
+ }
}elsif($fwdfwsettings{$grp} eq 'cust_net_'.$val){
&General::readhasharray("$confignet", \%customnetwork);
foreach my $key (keys %customnetwork){
@@ -1430,6 +1441,9 @@ sub getcolor
}elsif ($val eq 'IPsec RW' ){
$tdcolor="style='background-color: $Header::colourvpn;color:white;'";
return;
+ }elsif ($val eq "WGRW") {
+ $tdcolor="style='background-color: $Header::colourwg; color: white;'";
+ return;
}elsif($val =~ /^(.*?)\/(.*?)$/){
my ($sip,$scidr) = split ("/",$val);
if ( &Header::orange_used() && &General::IpInSubnet($sip,$netsettings{'ORANGE_ADDRESS'},$netsettings{'ORANGE_NETMASK'})){
@@ -1496,6 +1510,14 @@ sub getcolor
}
}
}
+
+ # WireGuard Roadwarrior
+ if ($Wireguard::settings{'CLIENT_POOL'}) {
+ if (&Network::ip_address_in_network($c, $Wireguard::settings{'CLIENT_POOL'})) {
+ $tdcolor="style='background-color: $Header::colourwg; color:white;'";
+ return;
+ }
+ }
}
#VPN networks
if ($nettype eq 'ovpn_n2n_src' || $nettype eq 'ovpn_n2n_tgt' || $nettype eq 'ovpn_net_src' || $nettype eq 'ovpn_net_tgt'|| $nettype eq 'ovpn_host_src' || $nettype eq 'ovpn_host_tgt'){
diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi
index d6be6c40e..ec6a06cde 100644
--- a/html/cgi-bin/fwhosts.cgi
+++ b/html/cgi-bin/fwhosts.cgi
@@ -1965,6 +1965,13 @@ sub getcolor
}
}
+ # WireGuard Roadwarrior
+ if ($Wireguard::settings{'CLIENT_POOL'}) {
+ if (&Network::ip_address_in_network($sip, $Wireguard::settings{'CLIENT_POOL'})) {
+ return "$c"
+ }
+ }
+
#Check if IP is part of OpenVPN dynamic subnet
my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'});
if (&General::IpInSubnet($sip,$a,$b)){
@@ -3036,6 +3043,9 @@ sub getipforgroup
&General::readhash("${General::swroot}/ethernet/settings",\%hash);
return $hash{'ORANGE_NETADDRESS'}."/".&Network::convert_netmask2prefix($hash{'ORANGE_NETMASK'}) || $hash{'ORANGE_NETMASK'};
}
+ if ($name eq "WGRW") {
+ return $Wireguard::settings{'CLIENT_POOL'};
+ }
if ($name eq 'ALL'){
return "0.0.0.0/0";
}
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 319c90b8b..cf8c6e564 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1370,6 +1370,7 @@
'fwhost type' => 'Type',
'fwhost used' => 'Used',
'fwhost welcome' => 'Over here, you can group single hosts, networks and services together, which will creating new rules more easy and faster.',
+'fwhost wg peers' => 'WireGuard Peers',
'fwhost wo subnet' => '(without subnet)',
'g.dtm' => 'TO BE REMOVED',
'g.lite' => 'TO BE REMOVED',