aredn/files/www/cgi-bin/vpn

827 lines
30 KiB
Plaintext
Raw Normal View History

#!/usr/bin/lua
--[[
2024-05-29 01:45:25 -06:00
Part of AREDN® -- Used for creating Amateur Radio Emergency Data Networks
Copyright (C) 2021 Tim Wilkinson
Original Perl Copyright (c) 2015 Darryl Quinn
See Contributors file for additional contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 3 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Additional Terms:
2024-05-29 01:45:25 -06:00
Additional use restrictions exist on the AREDN® trademark and logo.
See AREDNLicense.txt for more info.
2024-05-29 01:45:25 -06:00
Attributions to the AREDN® Project must be retained in the source code.
If importing this code into a new or existing project attribution
2024-05-29 01:45:25 -06:00
to the AREDN® project must be added to the source code.
You must not misrepresent the origin of the material contained within.
Modified versions must be modified to attribute to the original source
and be marked in reasonable ways as differentiate it from the original
version
--]]
require("nixio")
require("aredn.http")
require("aredn.utils")
require("aredn.html")
require("aredn.hardware")
require("aredn.info")
require("uci")
local html = aredn.html
local cursor = uci.cursor("/etc/config.mesh");
local node = aredn.info.get_nvram("node")
if node == "" then
node = "NOCALL"
end
local is_supernode = cursor:get("aredn", "@supernode[0]", "enable") == "1"
-- post_data
local parms = {}
if os.getenv("REQUEST_METHOD") == "POST" then
require('luci.http')
Update AREDN to OpenWRT 22.3.2 (Major Upgrade) (#574) * Update to Openwrt 21.02 and add support for the CPE710 v1 Update scripts to change references to ifname to device due to a change in Openwrt naming reverse-wpad-basic-wolfssl and disable SSL on Curl NOTE: The compile host must have python3-distutils installed for gpsd to build * aredn: initial working upgrade to openwrt 21.02.1 * aredn: update 1 to working upgrade to openwrt 21.02.1 * aredn: add cpe710v1 to build config * Andrew's patches * Remove duplicates + display perl * Temp disable wifi extension patch * ifname/ports support * Add spectrum patch back in * Generic function to extra interfaces * New api to get wifi ifname * Disables jails * Style link * aredn: partial upgrade to openwrt 22.0.3.0 added AC device images and partial migration to 22.0.3.0 firewall upgrade pending * aredn: update mesh-release and revert config.mk * Unused * NFT firewall rewrite * Common-isze configs * Fix network layout for hap2 * Use local packages dev (new firewall rules) * Add HAP2 * Add pause after network restart to let bridge reinitialize * Various lua fixes for new lua version * Tweak config * Re-fix networking (lost patch change) * Add new radio names * Tolerate missing wifi * Fix hap-lite switch setup * More devices * New radio id * Build Rocket 5AC lite * Remove need for luci.sys * Remove need for luci.sys * Explicitly name wlan interfaces * Handle different compatibility verisoning * Update networking for switches * ipref version bump * Extra flag for curl * Better compat_version fix * Remove wolfssl * Fix dns server * Fix device name * Unused * Remove things we dont need * Remove unused packages * Generic macaddr overrides * Fix uci commit * Fix luci.template.parser to avoid luci.http loading the real thing * Rocket-M build * Add search-domain dhcp option * Turn of ipv6 * No IPV6 in dnsmasq * Override mac addresses if devices all the same * Working from master (for now) * Put back hostap * Disable old ethmac fixup * Tweak configs * Move back to v22.03.2 Leave ipq4019 builds to master * Need IPV6 to compile nft firewall * Rocket-M fixes * Before we start * WIP * Working snapshot * Cleaned patches * Merged patch * Single patch to support HAP2 * Fix typo * Add nanostation-m * 5/10Mhz patch * 5+10MHz patch for ath10k-ct driver * Extend 2Ghz channel check to include -4 to -1 * Add chanbw setup for ath10k (like ath9k) * Added TP-Link CPE710 v1 * Override firmwares * Missing patch * Dropbear config like 3.22.8.0 * Add Ubiquiti Rocket 5AC Lite * Fix c6 * Update * Need more scan channels * Remove IPV6 * Improve mac fixups * Put back missing nft app * IPv6 removed so dont have to disable it * Fix rocket-m flash bug * Fix nanostation-m * Nanobridge is tiny * Fix wifi order for ar750 * Rocket M5 XW support * New rates * Fix firewall4 so we don't need IPv6 * Allow channel width to be restricted * Move channel list into library * Fix naming * Mechanism to block specific channels on specific radios * Refresh buttons * routerboard-sxt-5nd * CPE605 v1.0 * Improve rocket m xw * tpink * Update patch * Update to remove disable * Remove BW restrictions on cpe710 * Restrict to what has been tested * Remove test BW restrictions * sxtsq-5-ac * Update * Update * powerbeam-m5-300 support * Fix * Fix hap2 * Tidy unused patches * Remove limit * Add ubnt_bullet-m-ar7241 * Added ubnt_nanobeam-ac-gen2 * Fix typo * Tolerate missing dtd ip * Explicitly gix hap2 mac addresses * Fix some broken patches * Hap2 wont work at 5MHz * Ubiquiti LiteBeam 5AC Gen2 * Fix compat_version for sxt 5ac * Update patch * Unused * Fix lan configuration for some devices * Rolling average of noise level * Unused * Split out the ath10k rssi monitor (its very simple at the moment) * Ignore .DS_Store * Reboot if ethernet doesnt come up (but only once!) * reboot returns - add exit * Add some logging info * Fix ] * Check all possibly ethernet bridges * Improve mac fixing * Remove HostAP on small memory devices * Reduce dropbear footprint * Add setsid * Kill hostap when upgrading to save memory * Different way to detect hostapd unavailable * New build steps * Improve manager logging * Fix name conflict for the two monitors * Try to improve test mesh name resolve problem * Migrate tiny to generic (tiny doesnt work properly) * Typo * Another attempt to fix macs for Mikrotik * Protect against missing trackers * Fix wpad for ipq40xx * Remove old tunnel check code * Enable ZRAM swap to aid low memory devices * ath10k noise can something be out of range - protect against that * Updated with current devices and status * Update firmware which has been tested * Updated with more builds * More binary/README * Fix css error * Start noise at sensible base level * Unfix the css so it looks how it use to. * Save as much memory as we can on lowmem nodes * Hide some options on low memory devices * Add "eol" to 32MB devices * Restart network rather than reboot node if it seems to be broken * Fixes * Revert network reset * Fix ar750 networking * Continue to trim tiny configs * More devices * Dump IW output messages * Fix Rocket 5AC intermittent ethernet issue * Ethernet fix for PowerBeam 5AC 500 * More tiny size reduction * More support data * Fixed POE and USB power features * Add Ubiquiti NanoBeam AC (gen1) * NanoStation (not NanoBeam) * Add mii-tool package * Device updates * Bump update time to 5 minutes * Fix ethernet negotiation for rocker-5ac and nanobeam * Fix iplookup * Config changes based on call feedback * Radio listing fixes * Update with more untested builds * Fallback TxMbps extracted from iw station dump * Fix tunnel detection for low memory nodes * Remove unused feed packages * snapshot build * Update stability info * Add powerbeam-5ac-500 * Typo * Add missing 3.22.1.0 * Add MikroTik LHG 5 AC * Fix permissions * Fix permissions * AirGrid's take Bullet builds * Mikrotik AC3 * Improve supportdata structure a little to make it easier to find things * Restore WAN VLAN overrides * Fix vlan regex for hap2 and hap3 * Support old and new style poe controls * hap-ac3 is version 1.1 * Handle typo in some openwrt config files * Fix HAP AC3 install * Update hap ac3 status * Support user overrides for network ports (non-swconfig devices) * LHG 5AC support * Remove -nand * Remove non-working platform.sh change * tunnel weight override * Omit LinkQualityMult when value is 1 * Add mANTBox 19s and 15s * Support ath79 mikrotik devices which require ath10k in the initramfs Co-authored-by: apcameron <apcameron@softhome.net> Co-authored-by: Joe AE6XE <ae6xe@arrl.net> Co-authored-by: Joe Ayers <joe@arrl.net>
2022-12-22 13:22:49 -07:00
local request = luci.http.Request(nixio.getenv(),
function()
local v = io.read(1024)
if not v then
io.close()
end
return v
end
)
parms = request:formvalue()
end
-- wireguard
local wireguard_alive_time = 300 -- 5 minutes
2024-01-07 17:17:52 -07:00
local active_wgtun = {}
-- helpers start
local cli_err = {}
function err(msg)
cli_err[#cli_err + 1] = msg
end
local errors = {}
function err2(msg)
errors[#errors + 1] = msg
end
local hidden = {}
function hide(inp)
hidden[#hidden + 1] = inp
end
function get_active_tun()
local tuns = {}
local f = io.popen("ps -w | grep vtun | grep ' tun '")
if f then
for line in f:lines()
do
local m = line:match(".*:.*-(172%-.*)%stun%stun.*")
if m then
tuns[#tuns + 1] = m:gsub("-", ".")
end
end
f:close()
end
return tuns
end
function get_active_wgtun()
local tuns = {}
local f = io.popen("/usr/bin/wg show all latest-handshakes")
if f then
for line in f:lines()
do
local k,v = line:match("^%S+%s+(%S+)%s+(%S+)%s*$")
if k then
tuns[k] = tonumber(v) -- time in seconds
end
end
f:close()
end
return tuns
end
function is_tunnel_active(ip, tunnels)
for _, aip in ipairs(tunnels)
do
if ip == aip then
return true
end
end
return false
end
2024-01-07 17:17:52 -07:00
function is_wgtunnel_active(client_pub)
local v = active_wgtun[client_pub]
if v and v + wireguard_alive_time > os.time() then
return true
end
return false
end
function get_server_network_address()
local server_net = cursor:get("vtun", "@network[0]", "start")
if not server_net then
local mac = aredn.hardware.get_interface_mac("eth0")
local a, b = mac:match("^..:..:..:..:(..):(..)$")
local net_base = "172.31."
if is_supernode then
net_base = "172.30."
end
server_net = net_base .. tonumber(b, 16) .. "." .. ((tonumber(a, 16) * 4) % 256)
end
local a, b, c, d = server_net:match("^(%d+).(%d+).(%d+).(%d+)$")
return { a, b, c, d }
end
function get_wireguard_network_address(netw)
local c = netw[3] + 1
if c > 255 then
c = 0
end
2024-01-07 17:17:52 -07:00
return { netw[1], netw[2], c, netw[4] }
end
function get_server_dns()
local dns = cursor:get("vtun", "@network[0]", "dns")
return dns and dns or ""
end
-- helper end
local newui_detected = false
-- load client info from uci
local gci_vars = { "enabled", "name", "passwd", "netip", "contact" }
function get_client_info()
local c = 0
local netw = get_server_network_address()
2022-03-11 14:59:50 -07:00
cursor:foreach("vtun", "client",
function(section)
for _, var in ipairs(gci_vars)
do
local key = "client" .. c .. "_" .. var
parms[key] = section[var]
if not parms[key] then
parms[key] = ""
end
end
if section.netip ~= netw[1] .. "." .. netw[2] .. "." .. netw[3] .. "." .. netw[4] then
newui_detected = true
end
netw[4] = netw[4] + 4
if netw[4] > 252 then
netw[3] = netw[3] + 1
if netw[3] == 256 then
netw[3] = 0
end
netw[4] = 0
end
2022-03-11 14:59:50 -07:00
c = c + 1
end
2022-03-11 14:59:50 -07:00
)
parms.client_num = c
end
-- wireguard
local gci_vars = { "enabled", "name", "key", "clientip", "contact" }
function get_wgclient_info()
local c = 0
local netwg = get_wireguard_network_address(get_server_network_address())
local wg_port = tonumber(cursor:get("vtun", "@options[0]", "port") or 5525)
if is_supernode then
wg_port = wg_port + 1000
end
cursor:foreach("wireguard", "client",
function(section)
for _, var in ipairs(gci_vars)
do
local key = "wgclient" .. c .. "_" .. var
parms[key] = section[var]
if not parms[key] then
parms[key] = ""
end
end
local netwg4 = tonumber(netwg[4]) + 2 * c
if netwg4 >= 254 then
netwg4 = netwg4 - 252
end
if section.clientip ~= netwg[1] .. "." .. netwg[2] .. "." .. netwg[3] .. "." .. netwg4 .. ":" .. (wg_port + c) then
newui_detected = true
end
c = c + 1
end
)
parms.wgclient_num = c
end
if parms.button_reboot then
aredn.html.reboot()
end
if nixio.fs.stat("/tmp/reboot-required") then
http_header();
html.header(node .. " setup", true);
html.print("<body><center>")
html.alert_banner()
html.navbar_admin("vpn")
html.print("<table width=790><tr><td>")
html.print("<tr><td align=center><br>")
html.print("<b>The configuration has been changed.<br>This page will not be available until the node is rebooted.</b>")
html.print("<form method='post' action='/cgi-bin/vpn' enctype='multipart/form-data'>")
html.print("<input type=submit name=button_reboot value='Click to REBOOT' />")
html.print("</form>")
html.print("</td></tr>")
html.print("</table></center></body></html>")
http_footer()
os.exit();
end
if parms.button_reset then
cursor:revert("vtun")
cursor:delete("vtun", "@options[0]", "port")
cursor:delete("vtun", "@network[0]", "start")
cursor:delete("vtun", "@network[0]", "dns")
end
-- get vtun network address
local netw = get_server_network_address()
local dns = get_server_dns()
-- if RESET or FIRST TIME load client/servers from file into parms
if parms.button_reset or not parms.reload then
cursor:revert("vtun")
get_client_info()
get_wgclient_info()
parms.server_net1 = netw[3]
parms.server_net2 = netw[4]
parms.dns = dns
-- initialize the "add" entries to clear them
parms.client_add_enabled = "0"
parms.client_add_name = ""
parms.client_add_passwd = ""
parms.wgclient_add_enabled = "0"
parms.wgclient_add_name = ""
parms.wgclient_add_key = ""
end
local list = {}
for i = 0,parms.client_num-1
do
list[#list + 1] = i
end
list[#list + 1] = "_add"
local client_num = 0
local vars = { "enabled", "name", "passwd", "netip", "contact" }
local vars2 = { "net", "enabled", "name", "passwd", "netip", "contact" }
for _, val in ipairs(list)
do
for _ = 1,1
do
for _, var in ipairs(vars)
do
local varname = "client" .. val .. "_" .. var
if var == "enabled" and not parms[varname] then
parms[varname] = "0"
elseif not parms[varname] then
parms[varname] = ""
elseif var == "contact" then
parms[varname] = parms[varname]:gsub("^%s+", ""):gsub("%s+$", ""):sub(1,210):gsub('"',"&quot;"):gsub("'","&apos;"):gsub("<","&lt;"):gsub(">","&gt;")
else
parms[varname] = parms[varname]:gsub("^%s+", ""):gsub("%s+$", "")
end
if val ~= "_add" and parms[varname] == "" and var == "enabled" then
parms[varname] = "0"
end
_G[var] = parms[varname]
end
if val == "_add" and not ((enabled ~= "0" or name ~= "" or passwd ~= "" or contact ~= "") and (parms.client_add or parms.button_save)) then
break
end
if val == "_add" and parms.button_save then
err(val .. " this client must be added or cleared out before saving changes")
break
end
if passwd == "" then
err("A client password is required")
end
if passwd:match("[^%w@]") then
err("The password cannot contain non-alphanumeric characters (#" .. client_num .. ")")
end
if not passwd:match("%a") then
err("The password must contain at least one alphabetic character (#" .. client_num .. ")")
end
if name == "" then
err("A client name is required")
end
if val == "_add" and #cli_err > 0 and cli_err[#cli_err]:match("^" .. val .. " ") then
break
end
parms["client" .. client_num .. "_enabled"] = enabled
parms["client" .. client_num .. "_name"] = name:upper()
parms["client" .. client_num .. "_passwd"] = passwd
parms["client" .. client_num .. "_netip"] = netip
parms["client" .. client_num .. "_contact"] = contact
-- commit the data from this client
client_num = client_num + 1
-- clear out the ADD values
if val == "_add" then
for _, var in ipairs(vars2)
do
parms["client_add_" .. var] = ""
end
end
end
end
parms.client_num = client_num
local is_new_supernode = false
if client_num == 0 and is_supernode then
is_new_supernode = true
end
-- wireguard
local vars = { "enabled", "name", "key", "clientip", "contact" }
local wgclient_num = 0
for val = 0, parms.wgclient_num
do
if val == tonumber(parms.wgclient_num) then
val = "_add"
end
for _ = 1,1
do
for _, var in ipairs(vars)
do
local varname = "wgclient" .. val .. "_" .. var
if var == "enabled" and not parms[varname] then
parms[varname] = "0"
elseif not parms[varname] then
parms[varname] = ""
elseif var == "contact" then
parms[varname] = parms[varname]:gsub("^%s+", ""):gsub("%s+$", ""):sub(1,210):gsub('"',"&quot;"):gsub("'","&apos;"):gsub("<","&lt;"):gsub(">","&gt;")
else
parms[varname] = parms[varname]:gsub("^%s+", ""):gsub("%s+$", "")
end
if val ~= "_add" and parms[varname] == "" and var == "enabled" then
parms[varname] = "0"
end
_G[var] = parms[varname]
end
if val == "_add" and not ((enabled ~= "0" or name ~= "" or contact ~= "") and (parms.wgclient_add or parms.button_save)) then
break
end
if val == "_add" and parms.button_save then
err(val .. " this wireguard client must be added or cleared out before saving changes")
break
end
if name == "" then
err("A client name is required")
end
if val == "_add" and #cli_err > 0 and cli_err[#cli_err]:match("^" .. val .. " ") then
break
end
-- Generate a new key if we chance the client name
local cname = cursor:get("wireguard", "client_" .. wgclient_num, "name") or ""
local ckey = cursor:get("wireguard", "client_" .. wgclient_num, "key") or ""
if key == ckey and name ~= cname and name ~= "" then
key = ""
end
if key == "" then
2024-01-07 17:17:52 -07:00
local privS = capture("/usr/bin/wg genkey"):match("(%S+)")
local pubS = capture("echo " .. privS .. " | /usr/bin/wg pubkey"):match("(%S+)")
local privC = capture("/usr/bin/wg genkey"):match("(%S+)")
local pubC = capture("echo " .. privC .. " | /usr/bin/wg pubkey"):match("(%S+)")
key = privS .. pubS .. privC .. pubC
end
parms["wgclient" .. wgclient_num .. "_enabled"] = enabled
parms["wgclient" .. wgclient_num .. "_name"] = name:upper()
parms["wgclient" .. wgclient_num .. "_key"] = key
parms["wgclient" .. wgclient_num .. "_clientip"] = clientip
2024-01-07 17:17:52 -07:00
parms["wgclient" .. wgclient_num .. "_port"] = port
parms["wgclient" .. wgclient_num .. "_contact"] = contact
-- commit the data from this client
wgclient_num = wgclient_num + 1
-- clear out the ADD values
if val == "_add" then
for _, var in ipairs(vars)
do
parms["wgclient_add_" .. var] = ""
end
end
end
end
parms.wgclient_num = wgclient_num
-- SAVE the server network numbers and dns into the UCI
if parms.server_wgnet1 then
netw[3] = parms.server_wgnet1 - 1
if netw[3] < 0 then
netw[3] = 255
end
else
netw[3] = parms.server_net1
end
if not tonumber(netw[3]) or tonumber(netw[3]) < 0 or tonumber(netw[3]) > 255 then
err("The third octet of the network MUST be from 0 to 255")
end
if parms.server_wgnet2 then
netw[4] = parms.server_wgnet2
if not tonumber(netw[4]) or tonumber(netw[4]) % 4 ~= 0 then
err("The last octet of the network MUST be a multiple of 2 (ie. 2,4,6,8,10,...)")
end
else
netw[4] = parms.server_net2
if not tonumber(netw[4]) or tonumber(netw[4]) % 4 ~= 0 then
err("The last octet of the network MUST be a multiple of 4 (ie. 0,4,8,12,16,...)")
end
end
if not tonumber(netw[4]) or tonumber(netw[4]) < 0 or tonumber(netw[4]) > 255 then
err("The last octet of the network MUST be from 0 to 255")
end
dns = parms.dns
if not validate_fqdn(dns) then
err("Not a valid DNS name")
end
if #cli_err == 0 then
local net_base = "172.31."
if is_supernode then
net_base = "172.30."
cursor:set("vtun", "@options[0]", "port", "5526")
else
cursor:delete("vtun", "@options[0]", "port")
end
local net = net_base .. netw[3] .. "." .. netw[4]
cursor:set("vtun", "@network[0]", "start", net)
cursor:set("vtun", "@network[0]", "dns", dns)
end
local netwg = get_wireguard_network_address(netw)
-- SAVE the clients
local enabled_count = 0
for i = 0,client_num-1
do
local clientx = "client" .. i
local client_x = "client_" .. i
local net = parms[clientx .. "_netip"]
local vtun_node_name = (parms[clientx .. "_name"]:sub(1,23) .. "-" .. net:gsub("%.", "-")):upper()
local base = ip_to_decimal(net)
local clientip = decimal_to_ip(base + 1)
local serverip = decimal_to_ip(base + 2)
if not cursor:get("vtun", client_x) then
cursor:set("vtun", client_x, 'client')
end
cursor:set("vtun", client_x, "netip", net)
cursor:set("vtun", client_x, "enabled", parms[clientx .. "_enabled"])
cursor:set("vtun", client_x, "name", parms[clientx .. "_name"])
cursor:set("vtun", client_x, "contact", parms[clientx .. "_contact"])
cursor:set("vtun", client_x, "passwd", parms[clientx .. "_passwd"])
cursor:set("vtun", client_x, "clientip", clientip)
cursor:set("vtun", client_x, "serverip", serverip)
cursor:set("vtun", client_x, "node", vtun_node_name)
if parms[clientx .. "_enabled"] == "1" then
enabled_count = enabled_count + 1
end
end
-- wireguard
for i = 0,wgclient_num-1
do
local clientx = "wgclient" .. i
local client_x = "client_" .. i
if not cursor:get("wireguard", client_x) then
cursor:set("wireguard", client_x, 'client')
end
cursor:set("wireguard", client_x, "enabled", parms[clientx .. "_enabled"])
cursor:set("wireguard", client_x, "name", parms[clientx .. "_name"])
cursor:set("wireguard", client_x, "contact", parms[clientx .. "_contact"])
cursor:set("wireguard", client_x, "key", parms[clientx .. "_key"])
cursor:set("wireguard", client_x, "clientip", parms[clientx .. "_clientip"])
end
-- save configuration (commit)
if parms.button_save and #cli_err == 0 then
cursor:commit("vtun")
cursor:commit("wireguard")
os.execute("/usr/local/bin/node-setup > /dev/null 2>&1")
os.execute("/usr/local/bin/restart-services.sh network tunnels firewall olsrd > /dev/null 2>&1")
end
local active_tun = get_active_tun()
2024-01-07 17:17:52 -07:00
active_wgtun = get_active_wgtun()
-- generate the page
http_header()
html.header(node .. " setup", true)
html.print("<body><center>")
html.alert_banner()
html.print("<form id=vpn method=post action=/cgi-bin/vpn enctype='multipart/form-data'>")
-- navigation bar
html.navbar_admin("vpn")
html.print("<table width=850>")
-- control buttons
html.print("<tr><td align=center>")
html.print("<a href='/help.html#tunnels' target='_blank'>Help</a>")
html.print("&nbsp;&nbsp;&nbsp;")
html.print("<input type=submit name=button_save value='Save Changes' title='Save and use these settings now (takes about 20 seconds)'>&nbsp;")
html.print("<input type=submit name=button_reset value='Reset Values' title='Revert to the last saved settings'>&nbsp;")
Update AREDN to OpenWRT 22.3.2 (Major Upgrade) (#574) * Update to Openwrt 21.02 and add support for the CPE710 v1 Update scripts to change references to ifname to device due to a change in Openwrt naming reverse-wpad-basic-wolfssl and disable SSL on Curl NOTE: The compile host must have python3-distutils installed for gpsd to build * aredn: initial working upgrade to openwrt 21.02.1 * aredn: update 1 to working upgrade to openwrt 21.02.1 * aredn: add cpe710v1 to build config * Andrew's patches * Remove duplicates + display perl * Temp disable wifi extension patch * ifname/ports support * Add spectrum patch back in * Generic function to extra interfaces * New api to get wifi ifname * Disables jails * Style link * aredn: partial upgrade to openwrt 22.0.3.0 added AC device images and partial migration to 22.0.3.0 firewall upgrade pending * aredn: update mesh-release and revert config.mk * Unused * NFT firewall rewrite * Common-isze configs * Fix network layout for hap2 * Use local packages dev (new firewall rules) * Add HAP2 * Add pause after network restart to let bridge reinitialize * Various lua fixes for new lua version * Tweak config * Re-fix networking (lost patch change) * Add new radio names * Tolerate missing wifi * Fix hap-lite switch setup * More devices * New radio id * Build Rocket 5AC lite * Remove need for luci.sys * Remove need for luci.sys * Explicitly name wlan interfaces * Handle different compatibility verisoning * Update networking for switches * ipref version bump * Extra flag for curl * Better compat_version fix * Remove wolfssl * Fix dns server * Fix device name * Unused * Remove things we dont need * Remove unused packages * Generic macaddr overrides * Fix uci commit * Fix luci.template.parser to avoid luci.http loading the real thing * Rocket-M build * Add search-domain dhcp option * Turn of ipv6 * No IPV6 in dnsmasq * Override mac addresses if devices all the same * Working from master (for now) * Put back hostap * Disable old ethmac fixup * Tweak configs * Move back to v22.03.2 Leave ipq4019 builds to master * Need IPV6 to compile nft firewall * Rocket-M fixes * Before we start * WIP * Working snapshot * Cleaned patches * Merged patch * Single patch to support HAP2 * Fix typo * Add nanostation-m * 5/10Mhz patch * 5+10MHz patch for ath10k-ct driver * Extend 2Ghz channel check to include -4 to -1 * Add chanbw setup for ath10k (like ath9k) * Added TP-Link CPE710 v1 * Override firmwares * Missing patch * Dropbear config like 3.22.8.0 * Add Ubiquiti Rocket 5AC Lite * Fix c6 * Update * Need more scan channels * Remove IPV6 * Improve mac fixups * Put back missing nft app * IPv6 removed so dont have to disable it * Fix rocket-m flash bug * Fix nanostation-m * Nanobridge is tiny * Fix wifi order for ar750 * Rocket M5 XW support * New rates * Fix firewall4 so we don't need IPv6 * Allow channel width to be restricted * Move channel list into library * Fix naming * Mechanism to block specific channels on specific radios * Refresh buttons * routerboard-sxt-5nd * CPE605 v1.0 * Improve rocket m xw * tpink * Update patch * Update to remove disable * Remove BW restrictions on cpe710 * Restrict to what has been tested * Remove test BW restrictions * sxtsq-5-ac * Update * Update * powerbeam-m5-300 support * Fix * Fix hap2 * Tidy unused patches * Remove limit * Add ubnt_bullet-m-ar7241 * Added ubnt_nanobeam-ac-gen2 * Fix typo * Tolerate missing dtd ip * Explicitly gix hap2 mac addresses * Fix some broken patches * Hap2 wont work at 5MHz * Ubiquiti LiteBeam 5AC Gen2 * Fix compat_version for sxt 5ac * Update patch * Unused * Fix lan configuration for some devices * Rolling average of noise level * Unused * Split out the ath10k rssi monitor (its very simple at the moment) * Ignore .DS_Store * Reboot if ethernet doesnt come up (but only once!) * reboot returns - add exit * Add some logging info * Fix ] * Check all possibly ethernet bridges * Improve mac fixing * Remove HostAP on small memory devices * Reduce dropbear footprint * Add setsid * Kill hostap when upgrading to save memory * Different way to detect hostapd unavailable * New build steps * Improve manager logging * Fix name conflict for the two monitors * Try to improve test mesh name resolve problem * Migrate tiny to generic (tiny doesnt work properly) * Typo * Another attempt to fix macs for Mikrotik * Protect against missing trackers * Fix wpad for ipq40xx * Remove old tunnel check code * Enable ZRAM swap to aid low memory devices * ath10k noise can something be out of range - protect against that * Updated with current devices and status * Update firmware which has been tested * Updated with more builds * More binary/README * Fix css error * Start noise at sensible base level * Unfix the css so it looks how it use to. * Save as much memory as we can on lowmem nodes * Hide some options on low memory devices * Add "eol" to 32MB devices * Restart network rather than reboot node if it seems to be broken * Fixes * Revert network reset * Fix ar750 networking * Continue to trim tiny configs * More devices * Dump IW output messages * Fix Rocket 5AC intermittent ethernet issue * Ethernet fix for PowerBeam 5AC 500 * More tiny size reduction * More support data * Fixed POE and USB power features * Add Ubiquiti NanoBeam AC (gen1) * NanoStation (not NanoBeam) * Add mii-tool package * Device updates * Bump update time to 5 minutes * Fix ethernet negotiation for rocker-5ac and nanobeam * Fix iplookup * Config changes based on call feedback * Radio listing fixes * Update with more untested builds * Fallback TxMbps extracted from iw station dump * Fix tunnel detection for low memory nodes * Remove unused feed packages * snapshot build * Update stability info * Add powerbeam-5ac-500 * Typo * Add missing 3.22.1.0 * Add MikroTik LHG 5 AC * Fix permissions * Fix permissions * AirGrid's take Bullet builds * Mikrotik AC3 * Improve supportdata structure a little to make it easier to find things * Restore WAN VLAN overrides * Fix vlan regex for hap2 and hap3 * Support old and new style poe controls * hap-ac3 is version 1.1 * Handle typo in some openwrt config files * Fix HAP AC3 install * Update hap ac3 status * Support user overrides for network ports (non-swconfig devices) * LHG 5AC support * Remove -nand * Remove non-working platform.sh change * tunnel weight override * Omit LinkQualityMult when value is 1 * Add mANTBox 19s and 15s * Support ath79 mikrotik devices which require ath10k in the initramfs Co-authored-by: apcameron <apcameron@softhome.net> Co-authored-by: Joe AE6XE <ae6xe@arrl.net> Co-authored-by: Joe Ayers <joe@arrl.net>
2022-12-22 13:22:49 -07:00
html.print("<input type=button name=button_refresh value='Refresh' title='Refresh this page' onclick='window.location.reload();'>&nbsp;")
html.print("<tr><td>&nbsp;</td></tr>")
hide("<input type=hidden name=reload value=1></td></tr>")
Update AREDN to OpenWRT 22.3.2 (Major Upgrade) (#574) * Update to Openwrt 21.02 and add support for the CPE710 v1 Update scripts to change references to ifname to device due to a change in Openwrt naming reverse-wpad-basic-wolfssl and disable SSL on Curl NOTE: The compile host must have python3-distutils installed for gpsd to build * aredn: initial working upgrade to openwrt 21.02.1 * aredn: update 1 to working upgrade to openwrt 21.02.1 * aredn: add cpe710v1 to build config * Andrew's patches * Remove duplicates + display perl * Temp disable wifi extension patch * ifname/ports support * Add spectrum patch back in * Generic function to extra interfaces * New api to get wifi ifname * Disables jails * Style link * aredn: partial upgrade to openwrt 22.0.3.0 added AC device images and partial migration to 22.0.3.0 firewall upgrade pending * aredn: update mesh-release and revert config.mk * Unused * NFT firewall rewrite * Common-isze configs * Fix network layout for hap2 * Use local packages dev (new firewall rules) * Add HAP2 * Add pause after network restart to let bridge reinitialize * Various lua fixes for new lua version * Tweak config * Re-fix networking (lost patch change) * Add new radio names * Tolerate missing wifi * Fix hap-lite switch setup * More devices * New radio id * Build Rocket 5AC lite * Remove need for luci.sys * Remove need for luci.sys * Explicitly name wlan interfaces * Handle different compatibility verisoning * Update networking for switches * ipref version bump * Extra flag for curl * Better compat_version fix * Remove wolfssl * Fix dns server * Fix device name * Unused * Remove things we dont need * Remove unused packages * Generic macaddr overrides * Fix uci commit * Fix luci.template.parser to avoid luci.http loading the real thing * Rocket-M build * Add search-domain dhcp option * Turn of ipv6 * No IPV6 in dnsmasq * Override mac addresses if devices all the same * Working from master (for now) * Put back hostap * Disable old ethmac fixup * Tweak configs * Move back to v22.03.2 Leave ipq4019 builds to master * Need IPV6 to compile nft firewall * Rocket-M fixes * Before we start * WIP * Working snapshot * Cleaned patches * Merged patch * Single patch to support HAP2 * Fix typo * Add nanostation-m * 5/10Mhz patch * 5+10MHz patch for ath10k-ct driver * Extend 2Ghz channel check to include -4 to -1 * Add chanbw setup for ath10k (like ath9k) * Added TP-Link CPE710 v1 * Override firmwares * Missing patch * Dropbear config like 3.22.8.0 * Add Ubiquiti Rocket 5AC Lite * Fix c6 * Update * Need more scan channels * Remove IPV6 * Improve mac fixups * Put back missing nft app * IPv6 removed so dont have to disable it * Fix rocket-m flash bug * Fix nanostation-m * Nanobridge is tiny * Fix wifi order for ar750 * Rocket M5 XW support * New rates * Fix firewall4 so we don't need IPv6 * Allow channel width to be restricted * Move channel list into library * Fix naming * Mechanism to block specific channels on specific radios * Refresh buttons * routerboard-sxt-5nd * CPE605 v1.0 * Improve rocket m xw * tpink * Update patch * Update to remove disable * Remove BW restrictions on cpe710 * Restrict to what has been tested * Remove test BW restrictions * sxtsq-5-ac * Update * Update * powerbeam-m5-300 support * Fix * Fix hap2 * Tidy unused patches * Remove limit * Add ubnt_bullet-m-ar7241 * Added ubnt_nanobeam-ac-gen2 * Fix typo * Tolerate missing dtd ip * Explicitly gix hap2 mac addresses * Fix some broken patches * Hap2 wont work at 5MHz * Ubiquiti LiteBeam 5AC Gen2 * Fix compat_version for sxt 5ac * Update patch * Unused * Fix lan configuration for some devices * Rolling average of noise level * Unused * Split out the ath10k rssi monitor (its very simple at the moment) * Ignore .DS_Store * Reboot if ethernet doesnt come up (but only once!) * reboot returns - add exit * Add some logging info * Fix ] * Check all possibly ethernet bridges * Improve mac fixing * Remove HostAP on small memory devices * Reduce dropbear footprint * Add setsid * Kill hostap when upgrading to save memory * Different way to detect hostapd unavailable * New build steps * Improve manager logging * Fix name conflict for the two monitors * Try to improve test mesh name resolve problem * Migrate tiny to generic (tiny doesnt work properly) * Typo * Another attempt to fix macs for Mikrotik * Protect against missing trackers * Fix wpad for ipq40xx * Remove old tunnel check code * Enable ZRAM swap to aid low memory devices * ath10k noise can something be out of range - protect against that * Updated with current devices and status * Update firmware which has been tested * Updated with more builds * More binary/README * Fix css error * Start noise at sensible base level * Unfix the css so it looks how it use to. * Save as much memory as we can on lowmem nodes * Hide some options on low memory devices * Add "eol" to 32MB devices * Restart network rather than reboot node if it seems to be broken * Fixes * Revert network reset * Fix ar750 networking * Continue to trim tiny configs * More devices * Dump IW output messages * Fix Rocket 5AC intermittent ethernet issue * Ethernet fix for PowerBeam 5AC 500 * More tiny size reduction * More support data * Fixed POE and USB power features * Add Ubiquiti NanoBeam AC (gen1) * NanoStation (not NanoBeam) * Add mii-tool package * Device updates * Bump update time to 5 minutes * Fix ethernet negotiation for rocker-5ac and nanobeam * Fix iplookup * Config changes based on call feedback * Radio listing fixes * Update with more untested builds * Fallback TxMbps extracted from iw station dump * Fix tunnel detection for low memory nodes * Remove unused feed packages * snapshot build * Update stability info * Add powerbeam-5ac-500 * Typo * Add missing 3.22.1.0 * Add MikroTik LHG 5 AC * Fix permissions * Fix permissions * AirGrid's take Bullet builds * Mikrotik AC3 * Improve supportdata structure a little to make it easier to find things * Restore WAN VLAN overrides * Fix vlan regex for hap2 and hap3 * Support old and new style poe controls * hap-ac3 is version 1.1 * Handle typo in some openwrt config files * Fix HAP AC3 install * Update hap ac3 status * Support user overrides for network ports (non-swconfig devices) * LHG 5AC support * Remove -nand * Remove non-working platform.sh change * tunnel weight override * Omit LinkQualityMult when value is 1 * Add mANTBox 19s and 15s * Support ath79 mikrotik devices which require ath10k in the initramfs Co-authored-by: apcameron <apcameron@softhome.net> Co-authored-by: Joe AE6XE <ae6xe@arrl.net> Co-authored-by: Joe Ayers <joe@arrl.net>
2022-12-22 13:22:49 -07:00
-- unsupported tunnels
local notunnels = not nixio.fs.stat("/usr/sbin/vtund")
if notunnels then
html.print("<tr><td align=center><span style=background-color:cyan;font-size:140%;>&nbsp; Tunnels are no longer supported on this hardware &nbsp;</span></td></tr>")
cli_err = {}
2022-10-14 14:32:22 -06:00
-- low memory warning
Update AREDN to OpenWRT 22.3.2 (Major Upgrade) (#574) * Update to Openwrt 21.02 and add support for the CPE710 v1 Update scripts to change references to ifname to device due to a change in Openwrt naming reverse-wpad-basic-wolfssl and disable SSL on Curl NOTE: The compile host must have python3-distutils installed for gpsd to build * aredn: initial working upgrade to openwrt 21.02.1 * aredn: update 1 to working upgrade to openwrt 21.02.1 * aredn: add cpe710v1 to build config * Andrew's patches * Remove duplicates + display perl * Temp disable wifi extension patch * ifname/ports support * Add spectrum patch back in * Generic function to extra interfaces * New api to get wifi ifname * Disables jails * Style link * aredn: partial upgrade to openwrt 22.0.3.0 added AC device images and partial migration to 22.0.3.0 firewall upgrade pending * aredn: update mesh-release and revert config.mk * Unused * NFT firewall rewrite * Common-isze configs * Fix network layout for hap2 * Use local packages dev (new firewall rules) * Add HAP2 * Add pause after network restart to let bridge reinitialize * Various lua fixes for new lua version * Tweak config * Re-fix networking (lost patch change) * Add new radio names * Tolerate missing wifi * Fix hap-lite switch setup * More devices * New radio id * Build Rocket 5AC lite * Remove need for luci.sys * Remove need for luci.sys * Explicitly name wlan interfaces * Handle different compatibility verisoning * Update networking for switches * ipref version bump * Extra flag for curl * Better compat_version fix * Remove wolfssl * Fix dns server * Fix device name * Unused * Remove things we dont need * Remove unused packages * Generic macaddr overrides * Fix uci commit * Fix luci.template.parser to avoid luci.http loading the real thing * Rocket-M build * Add search-domain dhcp option * Turn of ipv6 * No IPV6 in dnsmasq * Override mac addresses if devices all the same * Working from master (for now) * Put back hostap * Disable old ethmac fixup * Tweak configs * Move back to v22.03.2 Leave ipq4019 builds to master * Need IPV6 to compile nft firewall * Rocket-M fixes * Before we start * WIP * Working snapshot * Cleaned patches * Merged patch * Single patch to support HAP2 * Fix typo * Add nanostation-m * 5/10Mhz patch * 5+10MHz patch for ath10k-ct driver * Extend 2Ghz channel check to include -4 to -1 * Add chanbw setup for ath10k (like ath9k) * Added TP-Link CPE710 v1 * Override firmwares * Missing patch * Dropbear config like 3.22.8.0 * Add Ubiquiti Rocket 5AC Lite * Fix c6 * Update * Need more scan channels * Remove IPV6 * Improve mac fixups * Put back missing nft app * IPv6 removed so dont have to disable it * Fix rocket-m flash bug * Fix nanostation-m * Nanobridge is tiny * Fix wifi order for ar750 * Rocket M5 XW support * New rates * Fix firewall4 so we don't need IPv6 * Allow channel width to be restricted * Move channel list into library * Fix naming * Mechanism to block specific channels on specific radios * Refresh buttons * routerboard-sxt-5nd * CPE605 v1.0 * Improve rocket m xw * tpink * Update patch * Update to remove disable * Remove BW restrictions on cpe710 * Restrict to what has been tested * Remove test BW restrictions * sxtsq-5-ac * Update * Update * powerbeam-m5-300 support * Fix * Fix hap2 * Tidy unused patches * Remove limit * Add ubnt_bullet-m-ar7241 * Added ubnt_nanobeam-ac-gen2 * Fix typo * Tolerate missing dtd ip * Explicitly gix hap2 mac addresses * Fix some broken patches * Hap2 wont work at 5MHz * Ubiquiti LiteBeam 5AC Gen2 * Fix compat_version for sxt 5ac * Update patch * Unused * Fix lan configuration for some devices * Rolling average of noise level * Unused * Split out the ath10k rssi monitor (its very simple at the moment) * Ignore .DS_Store * Reboot if ethernet doesnt come up (but only once!) * reboot returns - add exit * Add some logging info * Fix ] * Check all possibly ethernet bridges * Improve mac fixing * Remove HostAP on small memory devices * Reduce dropbear footprint * Add setsid * Kill hostap when upgrading to save memory * Different way to detect hostapd unavailable * New build steps * Improve manager logging * Fix name conflict for the two monitors * Try to improve test mesh name resolve problem * Migrate tiny to generic (tiny doesnt work properly) * Typo * Another attempt to fix macs for Mikrotik * Protect against missing trackers * Fix wpad for ipq40xx * Remove old tunnel check code * Enable ZRAM swap to aid low memory devices * ath10k noise can something be out of range - protect against that * Updated with current devices and status * Update firmware which has been tested * Updated with more builds * More binary/README * Fix css error * Start noise at sensible base level * Unfix the css so it looks how it use to. * Save as much memory as we can on lowmem nodes * Hide some options on low memory devices * Add "eol" to 32MB devices * Restart network rather than reboot node if it seems to be broken * Fixes * Revert network reset * Fix ar750 networking * Continue to trim tiny configs * More devices * Dump IW output messages * Fix Rocket 5AC intermittent ethernet issue * Ethernet fix for PowerBeam 5AC 500 * More tiny size reduction * More support data * Fixed POE and USB power features * Add Ubiquiti NanoBeam AC (gen1) * NanoStation (not NanoBeam) * Add mii-tool package * Device updates * Bump update time to 5 minutes * Fix ethernet negotiation for rocker-5ac and nanobeam * Fix iplookup * Config changes based on call feedback * Radio listing fixes * Update with more untested builds * Fallback TxMbps extracted from iw station dump * Fix tunnel detection for low memory nodes * Remove unused feed packages * snapshot build * Update stability info * Add powerbeam-5ac-500 * Typo * Add missing 3.22.1.0 * Add MikroTik LHG 5 AC * Fix permissions * Fix permissions * AirGrid's take Bullet builds * Mikrotik AC3 * Improve supportdata structure a little to make it easier to find things * Restore WAN VLAN overrides * Fix vlan regex for hap2 and hap3 * Support old and new style poe controls * hap-ac3 is version 1.1 * Handle typo in some openwrt config files * Fix HAP AC3 install * Update hap ac3 status * Support user overrides for network ports (non-swconfig devices) * LHG 5AC support * Remove -nand * Remove non-working platform.sh change * tunnel weight override * Omit LinkQualityMult when value is 1 * Add mANTBox 19s and 15s * Support ath79 mikrotik devices which require ath10k in the initramfs Co-authored-by: apcameron <apcameron@softhome.net> Co-authored-by: Joe AE6XE <ae6xe@arrl.net> Co-authored-by: Joe Ayers <joe@arrl.net>
2022-12-22 13:22:49 -07:00
elseif isLowMemNode() then
2022-10-14 14:32:22 -06:00
html.print("<tr><td align=center><span style=background-color:cyan;font-size:140%;>&nbsp; Recommend not to use tunneling due to low memory on this node &nbsp;</span></td></tr>")
end
-- detected new ui which is incompatible with old ui tunnels
if newui_detected then
html.print("<tr><td align=center><span style=background-color:red;font-size:140%;>&nbsp; Detected use of new UI to change tunnels. The information below may appear incorrect.<br>Do not change tunnel setting here. &nbsp;</span></td></tr>")
end
-- messages
if #cli_err > 0 then
html.print("<tr><td align=center><b>ERROR:<br>")
for _,msg in ipairs(cli_err)
do
html.print(msg .. "<br>")
end
html.print("</b></td></tr>")
end
if parms.button_save then
if #cli_err > 0 then
html.print("<tr><td align=center><b>Configuration NOT saved!</b></td></tr>")
for _,msg in ipairs(errors)
do
html.print(msg .. "<br>")
end
html.print("</b></td></tr>")
else
html.print("<tr><td align=center><b>Configuration saved and is now active.</b></td></tr>")
end
html.print("<tr><td>&nbsp;</td></tr>")
end
-- everything else
html.print("<tr><td align=center valign=top>")
-- print vpn clients
html.print("<table cellpadding=0 cellspacing=0>")
if is_new_supernode then
html.print("<br /><tr class=tun_network_row><td colspan=6 valign=top><div style='display:inline-block;width:175px;padding-left:50px'>Wireguard Server Network:</div>")
html.print(netwg[1] .. "." .. netwg[2] .. ".<input type='text' name='server_wgnet1' size='3' maxlen='3' value='" .. netwg[3] .. "' onChange='form.submit()' title='from 0-255' >.<input type='text' name='server_wgnet2' size='3' maxlen='3' value='" .. netwg[4] .. "' onChange='form.submit()' title='from 2-252 in multiples of 2. (ie. 2,4,6,8...252)' >")
else
html.print("<br /><tr class=tun_network_row><td colspan=6 valign=top><div style='display:inline-block;width:175px;padding-left:50px'>Tunnel Server Network:</div>")
html.print(netw[1] .. "." .. netw[2] .. ".<input type='text' name='server_net1' size='3' maxlen='3' value='" .. netw[3] .. "' onChange='form.submit()' title='from 0-255' >.<input type='text' name='server_net2' size='3' maxlen='3' value='" .. netw[4] .. "' onChange='form.submit()' title='from 4-252 in multiples of 4. (ie. 4,8,12,16...252)' >")
html.print("<br /><div style='display:inline-block;width:175px;padding:2px 0 0 50px'>Wireguard Server Network:</div>")
2024-01-07 17:17:52 -07:00
html.print(netwg[1] .. "." .. netwg[2] .. "." .. netwg[3] .. "." .. netwg[4])
end
html.print("<br /><hr>Tunnel Server DNS Name: ")
html.print("<input type='text' name='dns' size='30' value='" .. dns .. "' onChange='form.submit()' ></td></tr>")
html.print("</table>")
html.print("<table cellpadding=0 cellspacing=0>")
html.print("<tr><th colspan=6 align=center valign=top>&nbsp;</th></tr>")
if not is_new_supernode then
html.print("<tr class=tun_client_row>")
html.print("<tr><th colspan=6>Allow the following clients to connect to this server:</th></tr>")
html.print("<tr><th colspan=6><hr></th></tr>")
html.print("<tr><th>Enabled?</th><th>Client</th><th>Pwd</th><th>Net</th><th>Active&nbsp;</td><th>Action</th></tr>")
-- loop
local list = {}
for i = 0,client_num-1
do
list[#list+1] = i
end
if client_num < 100 then
list[#list+1] = "_add"
end
local keys = { "enabled", "name", "passwd", "contact" }
local cnum = 0
for _, val in ipairs(list)
do
for _, var in ipairs(keys)
do
_G[var] = parms["client" .. val .. "_" .. var]
end
html.print("<tr class='tun_client_list2 tun_client_row'>")
html.print("<td class='tun_client_center_item' rowspan='2'>")
html.print("<input type='checkbox' name='client" .. val .. "_enabled' value='1'")
if val ~= "_add" then
html.print(" onChange='form.submit()'")
end
if enabled == "1" then
html.print(" checked='checked'")
end
html.print(" title='enable this client'></td>")
html.print("<td><input type=text size=40 name=client" .. val .. "_name value='" .. name .. "'")
if val ~= "_add" then
html.print(" onChange='form.submit()'")
end
html.print(" title='client name'></td>")
html.print("<td>")
html.print("<input type=text size=25 name=client" .. val .. "_passwd value='" .. passwd .. "' title='client password' ")
if val ~= "_add" then
html.print(" onChange='form.submit()'")
end
html.print("</td>")
-- handle rollover of netw
local net
if netw[4] + cnum * 4 > 252 then
netw[3] = netw[3] + 1
if netw[3] == 256 then
netw[3] = 0
end
netw[4] = 0
net = 0
cnum = 0
else
net = cnum
end
local lastnet = netw[4] + net * 4
local fullnet = netw[1] .. "." .. netw[2] .. "." .. netw[3] .. "." .. lastnet
html.print("<td rowspan='2' class='tun_client_center_item'>")
html.print("<input style='min-width:90px;background-color:transparent;color:inherit;border:0;text-align:center;' readonly type=text size=20 name=client" .. val .. "_netip value='" .. fullnet .. "'/></td>")
html.print("<td rowspan='2' class='tun_client_center_item' align=center>&nbsp;")
if val ~= "_add" and is_tunnel_active(fullnet, active_tun) then
html.print("<img class='tun_client_active_img' src='/connected.png' title='Connected' />")
else
html.print("<img class='tun_client_inactive_img' src='/disconnected.png' title='Not connected' />")
end
html.print("</td>")
if val == "_add" then
html.print("<td rowspan='2' class='tun_client_center_item'><input type=submit name=client_add value=Add title='Add this client'></td>")
else
html.print("<td rowspan='2' class='tun_client_center_item tun_client_mailto' id=client" .. val .. "_email>")
html.print("<a href='mailto:?subject=AREDN%20Tunnel%20Connection&body=Your%20connection%20details:%0D%0AName:%20" .. name .. "%0D%0APassword:%20" .. passwd .. "%0D%0ANetwork:%20" .. fullnet .. "%0D%0AServer%20address:%20" .. dns .. "' target='_blank'>")
html.print("<img class='tun_client_mailto_img' src='/email.png' title='Email details' /></a></td>")
end
html.print("</tr><tr class='tun_client_list1 tun_client_row tun_loading_css_comment'><td colspan='2' align='right'>Contact Info/Comment (Optional): <input type=text maxlength='50' size=40 name=client" .. val .. "_contact value='" .. contact .."'")
if val ~= "" and val ~= "_add" then
html.print(" onChange='form.submit()'")
end
html.print(" title='client contact info'></td></tr>")
-- display any errors
while #cli_err > 0 and cli_err[1]:match("^" .. val .. " ")
do
html.print("<tr class=tun_client_error_row><th colspan=4>" .. cli_err[1]:gsub("^%S+ ", "") .. "</th></tr>")
table.remove(cli_err)
end
html.print("<tr><td colspan=4 height=4></td></tr>")
cnum = cnum + 1
end
end
-- Wireguard
html.print("<tr><th colspan=6></th></tr>")
html.print("<tr><th colspan=6 style='padding: 30px 0 0 0'>Allow the following clients to connect to this Wireguard server:</th></tr>")
html.print("<tr><th colspan=6><hr></th></tr>")
2024-08-03 10:21:36 -06:00
html.print("<tr><th>Enabled?</th><th>Client</th><th>Key</th><th>Net</th><th>Active&nbsp;</td><th>Action</th></tr>")
local keys = { "enabled", "name", "contact", "key" }
local cnum = 0
local wg_port = tonumber(cursor:get("vtun", "@options[0]", "port") or 5525)
if is_supernode then
wg_port = wg_port + 1000
end
for val = 0, wgclient_num
do
if val == wgclient_num then
val = "_add"
2024-01-07 17:17:52 -07:00
end
for _, var in ipairs(keys)
do
_G[var] = parms["wgclient" .. val .. "_" .. var]
end
html.print("<tr class='tun_client_list2 tun_client_row'>")
html.print("<td class='tun_client_center_item' rowspan='2'>")
html.print("<input type='checkbox' name='wgclient" .. val .. "_enabled' value='1'")
if val ~= "_add" then
html.print(" onChange='form.submit()'")
end
if enabled == "1" then
html.print(" checked='checked'")
end
html.print(" title='enable this client'></td>")
html.print("<td><input type=text size=40 name=wgclient" .. val .. "_name value='" .. (name or "") .. "'")
if val ~= "_add" then
html.print(" onChange='form.submit()'")
end
html.print(" title='client name'></td>")
html.print("<td>")
local _, server_pub, client_priv, client_pub = key:match("^(.+=)(.+=)(.+=)(.+=)$")
local client_key = val == "_add" and "" or (server_pub .. client_priv .. client_pub)
html.print("<input type=hidden name=wgclient" .. val .. "_key value='" .. key .. "'><input type=" .. (val == '_add' and 'hidden' or 'text') .. " readonly size=25 name=wgclient" .. val .. "_clientkey value='" .. client_key .. "' title='client key'>")
html.print("</td>")
local netwg4 = tonumber(netwg[4]) + 2 * cnum
if netwg4 >= 254 then
netwg4 = netwg4 - 252
end
local fullnet = netwg[1] .. "." .. netwg[2] .. "." .. netwg[3] .. "." .. netwg4 .. ":" .. (wg_port + cnum)
html.print("<td rowspan='2' class='tun_client_center_item'>")
html.print("<input style='min-width:90px;background-color:transparent;color:inherit;border:0;text-align:center;' readonly type=text size=20 name=wgclient" .. val .. "_clientip value='" .. fullnet .. "'/></td>")
html.print("<td rowspan='2' class='tun_client_center_item' align=center>&nbsp;")
if val ~= "_add" and is_wgtunnel_active(client_pub) then
html.print("<img class='tun_client_active_img' src='/connected.png' title='Connected' />")
else
html.print("<img class='tun_client_inactive_img' src='/disconnected.png' title='Not connected' />")
end
html.print("</td>")
if val == "_add" then
html.print("<td rowspan='2' class='tun_client_center_item'><input type=submit name=wgclient_add value=Add title='Add this client'></td>")
else
html.print("<td rowspan='2' class='tun_client_center_item tun_client_mailto' id=wgclient" .. val .. "_email>")
html.print("<a href='mailto:?subject=AREDN%20Tunnel%20Connection&body=Your%20connection%20details:%0D%0AName:%20" ..encode_uri_component(name) .. "%0D%0APassword:%20" .. encode_uri_component(server_pub .. client_priv .. client_pub) .. "%0D%0ANetwork:%20" .. encode_uri_component(fullnet) .. "%0D%0AServer%20address:%20" .. encode_uri_component(dns) .. "' target='_blank'>")
html.print("<img class='tun_client_mailto_img' src='/email.png' title='Email details' /></a></td>")
end
html.print("</tr><tr class='tun_client_list1 tun_client_row tun_loading_css_comment'><td colspan='2' align='right'>Contact Info/Comment (Optional): <input type=text maxlength='50' size=40 name=wgclient" .. val .. "_contact value='" .. (contact or "") .."'")
if val ~= "" and val ~= "_add" then
html.print(" onChange='form.submit()'")
end
html.print(" title='client contact info'></td></tr>")
-- display any errors
while #cli_err > 0 and cli_err[1]:match("^" .. val .. " ")
do
html.print("<tr class=tun_client_error_row><th colspan=4>" .. cli_err[1]:gsub("^%S+ ", "") .. "</th></tr>")
table.remove(cli_err)
end
html.print("<tr><td colspan=4 height=4></td></tr>")
cnum = cnum + 1
end
html.print("</table>")
--
html.print("</td></tr><tr><td><hr></td></tr>")
html.print("</table>")
hide("<input type=hidden name=client_num value=" .. parms.client_num .. ">")
hide("<input type=hidden name=wgclient_num value=" .. parms.wgclient_num .. ">")
-- add hidden forms fields
for _, h in ipairs(hidden)
do
html.print(h)
end
-- close the form
html.print("</form></center>")
html.footer()
html.print("</body></html>")
http_footer()