diff --git a/config/firewall/firewall-lib.pl b/config/firewall/firewall-lib.pl index 7d35d5686..3c6c25709 100644 --- a/config/firewall/firewall-lib.pl +++ b/config/firewall/firewall-lib.pl @@ -239,6 +239,8 @@ sub get_std_net_ip return "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"; }elsif($val eq 'RED'){ return "0.0.0.0/0"; + }elsif($val eq 'WGRW'){ + return $Wireguard::settings{'CLIENT_POOL'}; }elsif($val =~ /OpenVPN/i){ return "$ovpnsettings{'DOVPN_SUBNET'}"; }elsif($val =~ /IPsec/i){ @@ -259,6 +261,10 @@ sub get_interface if($net eq "$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}"){ return "$netsettings{'BLUE_DEV'}"; } + # Wireguard + if ($net eq $Wireguard::settings{'CLIENT_POOL'}) { + return "wg0"; + } if($net eq "0.0.0.0/0") { return &get_external_interface(); } @@ -385,6 +391,25 @@ sub get_address push(@ret, [$host_address, ""]); } + # WireGuard Peers + } elsif ($key eq 'wg_peer' || $key eq 'wg_peer_src' || $key eq 'wg_peer_tgt') { + my $peer = &Wireguard::get_peer_by_name($value); + if (defined $peer) { + my $remotes; + + # Select the remote IP addresses + if ($peer->{'TYPE'} eq 'host') { + $remotes = $peer->{'CLIENT_ADDRESS'}; + } elsif ($peer->{'TYPE'} eq 'net') { + $remotes = $peer->{'REMOTE_SUBNETS'}; + } + + # Add all remotes + foreach my $remote (@$remotes) { + push(@ret, [$remote, $peer->{'INTERFACE'}]); + } + } + # OpenVPN networks. } elsif ($key ~~ ["ovpn_net_src", "ovpn_net_tgt", "OpenVPN static network"]) { my $network_address = &get_ovpn_net_ip($value, 1); diff --git a/html/cgi-bin/fwhosts.cgi b/html/cgi-bin/fwhosts.cgi index ec6a06cde..bd68dd7c4 100644 --- a/html/cgi-bin/fwhosts.cgi +++ b/html/cgi-bin/fwhosts.cgi @@ -582,6 +582,13 @@ if ($fwhostsettings{'ACTION'} eq 'savegrp') $fwhostsettings{'grp_name'}=''; $fwhostsettings{'remark'}=''; } + # Fetch the address from a WireGuard Peer + if ($fwhostsettings{'grp2'} eq 'wg_peer' && $fwhostsettings{'WG_PEER'} ne ''){ + @target=$fwhostsettings{'WG_PEER'}; + $type='wg_peer'; + }elsif ($fwhostsettings{'grp2'} eq 'wg_peer' && $fwhostsettings{'WG_PEER'} eq ''){ + $errormessage=$Lang::tr{'fwhost err groupempty'}; + } #get address from ovpn ccd static net if ($fwhostsettings{'grp2'} eq 'ovpn_net' && $fwhostsettings{'OVPN_CCD_NET'} ne ''){ @target=$fwhostsettings{'OVPN_CCD_NET'}; @@ -1504,6 +1511,35 @@ END print""; #Inner table right print""; + # WireGuard Peers + if (%Wireguard::peers) { + print < + + + +EOF + } + #OVPN networks if (! -z $configccdnet){ print<$c" + } + } + #Check if IP is part of OpenVPN N2N subnet foreach my $key (sort keys %ccdhost){ if ($ccdhost{$key}[3] eq 'net'){ @@ -1965,13 +2009,6 @@ sub getcolor } } - # WireGuard Roadwarrior - if ($Wireguard::settings{'CLIENT_POOL'}) { - if (&Network::ip_address_in_network($sip, $Wireguard::settings{'CLIENT_POOL'})) { - return "$c" - } - } - #Check if IP is part of OpenVPN dynamic subnet my ($a,$b) = split("/",$ovpnsettings{'DOVPN_SUBNET'}); if (&General::IpInSubnet($sip,$a,$b)){ @@ -2967,6 +3004,23 @@ sub getipforgroup &deletefromgrp($name,$configgrp); } + # WireGuard Peers + if ($type eq "wg_peer") { + my $peer = &Wireguard::get_peer_by_name($name); + + if (defined $peer) { + my @addresses = (); + + if ($peer->{"TYPE"} eq "host") { + push(@addresses, @{ $peer->{"CLIENT_ADDRESS"} }); + } elsif ($peer->{"TYPE"} eq "net") { + push(@addresses, @{ $peer->{"REMOTE_SUBNETS"} }); + } + + return join(", ", @addresses); + } + } + #get address from ovpn ccd Net-2-Net if ($type eq 'OpenVPN N-2-N'){ foreach my $key (keys %ccdhost) {
+ + +