5 function validateBase64(section_id, value) {
6 if (value.length != 44 || !value.match(/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/))
7 return _('Invalid Base64 key string');
12 return network.registerProtocol('wireguard', {
14 return _('WireGuard VPN');
17 getIfname: function() {
18 return this._ubus('l3_device') || this.sid;
21 getOpkgPackage: function() {
22 return 'wireguard-tools';
25 isFloating: function() {
29 isVirtual: function() {
33 getDevices: function() {
37 containsDevice: function(ifname) {
38 return (network.getIfnameOf(ifname) == this.getIfname());
41 renderFormOptions: function(s) {
44 // -- general ---------------------------------------------------------------------
46 o = s.taboption('general', form.Value, 'private_key', _('Private Key'), _('Required. Base64-encoded private key for this interface.'));
48 o.validate = validateBase64;
51 o = s.taboption('general', form.Value, 'listen_port', _('Listen Port'), _('Optional. UDP port used for outgoing and incoming packets.'));
53 o.placeholder = _('random');
56 o = s.taboption('general', form.DynamicList, 'addresses', _('IP Addresses'), _('Recommended. IP addresses of the WireGuard interface.'));
57 o.datatype = 'ipaddr';
61 // -- advanced --------------------------------------------------------------------
63 o = s.taboption('advanced', form.Value, 'metric', _('Metric'), _('Optional'));
64 o.datatype = 'uinteger';
68 o = s.taboption('advanced', form.Value, 'mtu', _('MTU'), _('Optional. Maximum Transmission Unit of tunnel interface.'));
69 o.datatype = 'range(1280,1420)';
70 o.placeholder = '1420';
73 o = s.taboption('advanced', form.Value, 'fwmark', _('Firewall Mark'), _('Optional. 32-bit mark for outgoing encrypted packets. Enter value in hex, starting with <code>0x</code>.'));
75 o.validate = function(section_id, value) {
76 if (value.length > 0 && !value.match(/^0x[a-fA-F0-9]{1,4}$/))
77 return _('Invalid hexadecimal value');
83 // -- peers -----------------------------------------------------------------------
86 s.tab('peers', _('Peers'), _('Further information about WireGuard interfaces and peers at <a href=\'http://wireguard.com\'>wireguard.com</a>.'));
90 o = s.taboption('peers', form.SectionValue, '_peers', form.TypedSection, 'wireguard_%s'.format(s.section));
91 o.depends('proto', 'wireguard');
96 ss.addbtntitle = _('Add peer');
98 ss.renderSectionPlaceholder = function() {
101 E('em', _('No peers defined yet'))
105 o = ss.option(form.Value, 'description', _('Description'), _('Optional. Description of peer.'));
106 o.placeholder = 'My Peer';
107 o.datatype = 'string';
110 o = ss.option(form.Value, 'public_key', _('Public Key'), _('Required. Base64-encoded public key of peer.'));
111 o.validate = validateBase64;
114 o = ss.option(form.Value, 'preshared_key', _('Preshared Key'), _('Optional. Base64-encoded preshared key. Adds in an additional layer of symmetric-key cryptography for post-quantum resistance.'));
116 o.validate = validateBase64;
119 o = ss.option(form.DynamicList, 'allowed_ips', _('Allowed IPs'), _("Required. IP addresses and prefixes that this peer is allowed to use inside the tunnel. Usually the peer's tunnel IP addresses and the networks the peer routes through the tunnel."));
120 o.datatype = 'ipaddr';
123 o = ss.option(form.Flag, 'route_allowed_ips', _('Route Allowed IPs'), _('Optional. Create routes for Allowed IPs for this peer.'));
125 o = ss.option(form.Value, 'endpoint_host', _('Endpoint Host'), _('Optional. Host of peer. Names are resolved prior to bringing up the interface.'));
126 o.placeholder = 'vpn.example.com';
129 o = ss.option(form.Value, 'endpoint_port', _('Endpoint Port'), _('Optional. Port of peer.'));
130 o.placeholder = '51820';
133 o = ss.option(form.Value, 'persistent_keepalive', _('Persistent Keep Alive'), _('Optional. Seconds between keep alive messages. Default is 0 (disabled). Recommended value if this device is behind a NAT is 25.'));
134 o.datatype = 'range(0,65535)';