1 -- Copyright 2016-2017 Dan Luedtke <mail@danrl.com>
2 -- Licensed to the public under the Apache License 2.0.
5 local map, section, net = ...
6 local ifname = net:get_interface():name()
7 local private_key, listen_port
8 local metric, mtu, preshared_key
9 local peers, public_key, allowed_ips, endpoint, persistent_keepalive
12 -- general ---------------------------------------------------------------------
14 private_key = section:taboption(
18 translate("Private Key"),
19 translate("Required. Base64-encoded private key for this interface.")
21 private_key.password = true
22 private_key.datatype = "and(base64,rangelength(44, 44))"
23 private_key.optional = false
26 listen_port = section:taboption(
30 translate("Listen Port"),
31 translate("Optional. UDP port used for outgoing and incoming packets.")
33 listen_port.datatype = "port"
34 listen_port.placeholder = "51820"
35 listen_port.optional = true
37 addresses = section:taboption(
41 translate("IP Addresses"),
42 translate("Recommended. IP addresses of the WireGuard interface.")
44 addresses.datatype = "ipaddr"
45 addresses.optional = true
48 -- advanced --------------------------------------------------------------------
50 metric = section:taboption(
55 translate("Optional.")
57 metric.datatype = "uinteger"
58 metric.placeholder = "0"
59 metric.optional = true
62 mtu = section:taboption(
67 translate("Optional. Maximum Transmission Unit of tunnel interface.")
69 mtu.datatype = "range(1280,1420)"
70 mtu.placeholder = "1420"
74 preshared_key = section:taboption(
78 translate("Preshared Key"),
79 translate("Optional. Base64-encoded preshared key. " ..
80 "Adds in an additional layer of symmetric-key " ..
81 "cryptography for post-quantum resistance.")
83 preshared_key.password = true
84 preshared_key.datatype = "and(base64,rangelength(44, 44))"
85 preshared_key.optional = true
88 -- peers -----------------------------------------------------------------------
92 "wireguard_" .. ifname,
94 translate("Further information about WireGuard interfaces and peers " ..
95 "at <a href=\"http://wireguard.io\">wireguard.io</a>.")
97 peers.template = "cbi/tsection"
98 peers.anonymous = true
99 peers.addremove = true
102 public_key = peers:option(
105 translate("Public Key"),
106 translate("Required. Base64-encoded public key of peer.")
108 public_key.datatype = "and(base64,rangelength(44, 44))"
109 public_key.optional = false
112 allowed_ips = peers:option(
115 translate("Allowed IPs"),
116 translate("Required. IP addresses and prefixes that this peer is allowed " ..
117 "to use inside the tunnel. Usually the peer's tunnel IP " ..
118 "addresses and the networks the peer routes through the tunnel.")
120 allowed_ips.datatype = "ipaddr"
121 allowed_ips.optional = false
124 route_allowed_ips = peers:option(
127 translate("Route Allowed IPs"),
128 translate("Optional. Create routes for Allowed IPs for this peer.")
132 endpoint_host = peers:option(
135 translate("Endpoint Host"),
136 translate("Optional. Host of peer. Names are resolved " ..
137 "prior to bringing up the interface."))
138 endpoint_host.placeholder = "vpn.example.com"
139 endpoint_host.datatype = "host"
142 endpoint_port = peers:option(
145 translate("Endpoint Port"),
146 translate("Optional. Port of peer."))
147 endpoint_port.placeholder = "51820"
148 endpoint_port.datatype = "port"
151 persistent_keepalive = peers:option(
153 "persistent_keepalive",
154 translate("Persistent Keep Alive"),
155 translate("Optional. Seconds between keep alive messages. " ..
156 "Default is 0 (disabled). Recommended value if " ..
157 "this device is behind a NAT is 25."))
158 persistent_keepalive.datatype = "range(0, 65535)"
159 persistent_keepalive.placeholder = "0"