diff --git a/README.md b/README.md index df0079997..a4578871f 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ misc/theme-tukan -- The tukan theme - blue/white net-mgmt/collectd -- Collect system and application performance metrics periodically net-mgmt/lldpd -- LLDP allows you to know exactly on which port is a server net-mgmt/net-snmp -- Net-SNMP is a daemon for the SNMP protocol -net-mgmt/snmp -- SNMP Server via bsnmpd +net-mgmt/snmp -- End of life, superseded by Net-SNMP plugin net-mgmt/telegraf -- Agent for collecting metrics and data net-mgmt/zabbix-agent -- Enterprise-class open source distributed monitoring agent net-mgmt/zabbix-proxy -- Zabbix Proxy enables decentralized monitoring @@ -63,6 +63,7 @@ net/relayd -- Relayd Load Balancer net/shadowsocks -- Secure socks5 proxy net/siproxd -- Siproxd is a proxy daemon for the SIP protocol net/upnp -- Universal Plug and Play Service +net/wireguard -- WireGuard VPN service net/wol -- Wake on LAN Service net/zerotier -- Virtual Networks That Just Work security/acme-client -- Let's Encrypt client diff --git a/net/wireguard/Makefile b/net/wireguard/Makefile new file mode 100644 index 000000000..c899230a1 --- /dev/null +++ b/net/wireguard/Makefile @@ -0,0 +1,8 @@ +PLUGIN_NAME= wireguard +PLUGIN_VERSION= 0.1 +PLUGIN_COMMENT= WireGuard VPN service +PLUGIN_DEPENDS= wireguard +PLUGIN_MAINTAINER= m.muenz@gmail.com +PLUGIN_DEVEL= yes + +.include "../../Mk/plugins.mk" diff --git a/net/wireguard/pkg-descr b/net/wireguard/pkg-descr new file mode 100644 index 000000000..898043d41 --- /dev/null +++ b/net/wireguard/pkg-descr @@ -0,0 +1,14 @@ +WireGuard® is an extremely simple yet fast and modern VPN +that utilizes state-of-the-art cryptography. It aims to be +faster, simpler, leaner, and more useful than IPSec, while +avoiding the massive headache. It intends to be considerably +more performant than OpenVPN. WireGuard is designed as a +general purpose VPN for running on embedded interfaces and +super computers alike, fit for many different circumstances. +Initially released for the Linux kernel, it is now +cross-platform and widely deployable. It is currently under +heavy development, but already it might be regarded as the +most secure, easiest to use, and simplest VPN solution in +the industry. + +WWW: https://www.wireguard.com/ diff --git a/net/wireguard/src/etc/inc/plugins.inc.d/wireguard.inc b/net/wireguard/src/etc/inc/plugins.inc.d/wireguard.inc new file mode 100644 index 000000000..e671a1870 --- /dev/null +++ b/net/wireguard/src/etc/inc/plugins.inc.d/wireguard.inc @@ -0,0 +1,70 @@ +enabled == '1'; +} + +function wireguard_services() +{ + $services = array(); + + if (!wireguard_enabled()) { + return $services; + } + + $services[] = array( + 'description' => gettext('Wireguard VPN'), + 'configd' => array( + 'restart' => array('wireguard restart'), + 'start' => array('wireguard start'), + 'stop' => array('wireguard stop'), + ), + 'name' => 'wireguard-go' + ); + + return $services; +} + +function wireguard_interfaces() +{ + $interfaces = array(); + if (!wireguard_enabled()) { + return $interfaces; + } + $oic = array('enable' => true); + $oic['if'] = 'wg'; + $oic['descr'] = 'WireGuard'; + $oic['type'] = 'group'; + $oic['virtual'] = true; + $oic['networks'] = array(); + $interfaces['wg'] = $oic; + return $interfaces; +} diff --git a/net/wireguard/src/etc/rc.d/opnsense-wireguard b/net/wireguard/src/etc/rc.d/opnsense-wireguard new file mode 100755 index 000000000..a7578ff26 --- /dev/null +++ b/net/wireguard/src/etc/rc.d/opnsense-wireguard @@ -0,0 +1,45 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# PROVIDE: opnsense-wireguard +# REQUIRE: SERVERS +# KEYWORD: shutdown +# + +. /etc/rc.subr + +name=wireguard + +stop_cmd=wireguard_stop +start_cmd=wireguard_start +status_cmd=wireguard_status +rcvar=wireguard_enable + +load_rc_config opnsense-wireguard +command=/usr/local/bin/wg-quick + +[ -z "$wireguard_enable" ] && wireguard_enable="NO" + +# stop wireguard +wireguard_stop() +{ + echo "stopping wireguard" + for STARTER in ${wireguard_config}; do + $command down $STARTER + ifconfig destroy $STARTER + pkill -f wg-quick + done +} + +# start wireguard +wireguard_start() +{ + echo "starting wireguard" + for STARTER in ${wireguard_config}; do + $command up $STARTER + ifconfig $STARTER group wireguard + done +} + +run_rc_command $1 diff --git a/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ClientController.php b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ClientController.php new file mode 100644 index 000000000..41b2108d6 --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ClientController.php @@ -0,0 +1,64 @@ +searchBase('clients.client', array("enabled", "name", "pubkey", "tunneladdress", "serveraddress", "serverport")); + } + public function getClientAction($uuid = null) + { + $this->sessionClose(); + return $this->getBase('client', 'clients.client', $uuid); + } + public function addClientAction() + { + return $this->addBase('client', 'clients.client'); + } + public function delClientAction($uuid) + { + return $this->delBase('clients.client', $uuid); + } + public function setClientAction($uuid) + { + return $this->setBase('client', 'clients.client', $uuid); + } + public function toggleClientAction($uuid) + { + return $this->toggleBase('clients.client', $uuid); + } +} diff --git a/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/GeneralController.php b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/GeneralController.php new file mode 100644 index 000000000..55e08b48a --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/GeneralController.php @@ -0,0 +1,39 @@ +searchBase('servers.server', array("enabled", "name", "networks", "pubkey", "port", "tunneladdress")); + } + public function getServerAction($uuid = null) + { + $this->sessionClose(); + return $this->getBase('server', 'servers.server', $uuid); + } + public function addServerAction($uuid = null) + { + if ($this->request->isPost() && $this->request->hasPost("server")) { + if ($uuid != null) { + $node = $this->getModel()->getNodeByReference('servers.server.'.$uuid); + } else { + $node = $this->getModel()->servers->server->Add(); + } + $node->setNodes($this->request->getPost("server")); + if (empty((string)$node->pubkey) || empty((string)$node->privkey)) { + // generate new keypair + $backend = new Backend(); + $keyspriv = $backend->configdpRun("wireguard genkey", 'private'); + $keyspub = $backend->configdpRun("wireguard genkey", 'public'); + $node->privkey = $keyspriv; + $node->pubkey = $keyspub; + } + return $this->validateAndSave($node, 'server'); + } + return array("result"=>"failed"); + } + public function delServerAction($uuid) + { + return $this->delBase('servers.server', $uuid); + } + public function setServerAction($uuid = null) + { + if ($this->request->isPost() && $this->request->hasPost("server")) { + if ($uuid != null) { + $node = $this->getModel()->getNodeByReference('servers.server.'.$uuid); + } else { + $node = $this->getModel()->servers->server->Add(); + } + $node->setNodes($this->request->getPost("server")); + if (empty((string)$node->pubkey) || empty((string)$node->privkey)) { + // generate new keypair + $backend = new Backend(); + $keyspriv = $backend->configdpRun("wireguard genkey", 'private'); + $keyspub = $backend->configdpRun("wireguard genkey", 'public'); + $node->privkey = $keyspriv; + $node->pubkey = $keyspub; + } + return $this->validateAndSave($node, 'server'); + } + return array("result"=>"failed"); + } + public function toggleServerAction($uuid) + { + return $this->toggleBase('servers.server', $uuid); + } +} diff --git a/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ServiceController.php b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ServiceController.php new file mode 100644 index 000000000..9e26b48d7 --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ServiceController.php @@ -0,0 +1,47 @@ +view->generalForm = $this->getForm("general"); + $this->view->formDialogEditWireguardClient = $this->getForm("dialogEditWireguardClient"); + $this->view->formDialogEditWireguardServer = $this->getForm("dialogEditWireguardServer"); + $this->view->pick('OPNsense/Wireguard/general'); + } +} diff --git a/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogEditWireguardClient.xml b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogEditWireguardClient.xml new file mode 100644 index 000000000..29a2a48d2 --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogEditWireguardClient.xml @@ -0,0 +1,40 @@ +
+ + client.enabled + + checkbox + This will enable or disable the client config. + + + client.name + + text + Set the name for this instance. + + + client.pubkey + + text + Public key of this instance. + + + client.tunneladdress + + + select_multiple + true + List of addresses to configure on the tunnel adapter. Please use CIDR notation like 10.0.0.1/24. + + + client.serveraddress + + text + Set public IP address the endpoint listens to. + + + client.serverport + + text + Set port the endpoint listens to. + +
diff --git a/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogEditWireguardServer.xml b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogEditWireguardServer.xml new file mode 100644 index 000000000..c08a6c500 --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/dialogEditWireguardServer.xml @@ -0,0 +1,53 @@ +
+ + server.enabled + + checkbox + This will enable or disable the server config. + + + server.name + + text + Set the name for this instance. + + + server.instance + + info + Set the instance number needed for interface calculation. It has to be unique for each instance. + + + server.pubkey + + info + Public key of this instance. After saving you will see here your public key. + + + server.privkey + + info + Private key of this instance. After saving you will see here your public key, please keep it safe. + + + server.port + + text + Set port for this instance to listen on. + + + server.tunneladdress + + + select_multiple + true + List of addresses to configure on the tunnel adapter. Please use CIDR notation like 10.0.0.1/24. + + + server.peers + + select_multiple + true + List of peers for this server. + +
diff --git a/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/general.xml b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/general.xml new file mode 100644 index 000000000..7a74ebf81 --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/controllers/OPNsense/Wireguard/forms/general.xml @@ -0,0 +1,8 @@ +
+ + general.enabled + + checkbox + This will activate WireGuard and start all enabled instances. + +
diff --git a/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/ACL/ACL.xml b/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/ACL/ACL.xml new file mode 100644 index 000000000..21012db80 --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/ACL/ACL.xml @@ -0,0 +1,9 @@ + + + VPN: Wireguard + + ui/wireguard/* + api/wireguard/* + + + diff --git a/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/Client.php b/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/Client.php new file mode 100644 index 000000000..4522568a8 --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/Client.php @@ -0,0 +1,31 @@ + + //OPNsense/wireguard/client + Wireguard Client configuration + 0.0.2 + + + + + 1 + Y + + + + Y + /^([0-9a-zA-Z]){1,32}$/u + Should be a string between 1 and 32 characters. Allowed characters are 0-9a-zA-Z + + + N + + + + , + Y + Y + + + N + + + N + + + + + diff --git a/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/General.php b/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/General.php new file mode 100644 index 000000000..bb1b3214f --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/General.php @@ -0,0 +1,35 @@ + + //OPNsense/wireguard/general + WireGuard configuration + 0.0.1 + + + 0 + Y + + + diff --git a/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/Menu/Menu.xml b/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/Menu/Menu.xml new file mode 100644 index 000000000..397c2dc7e --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/Menu/Menu.xml @@ -0,0 +1,5 @@ + + + + + diff --git a/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/Server.php b/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/Server.php new file mode 100644 index 000000000..b735829f9 --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/models/OPNsense/Wireguard/Server.php @@ -0,0 +1,31 @@ + + //OPNsense/wireguard/server + Wireguard Server configuration + 0.0.1 + + + + + 1 + Y + + + + Y + /^([0-9a-zA-Z]){1,32}$/u + Should be a string between 1 and 32 characters. Allowed characters are 0-9a-zA-Z + + + 0 + 19 + Maximum number of instances reached + Y + + + N + + + N + + + 51820 + Y + + + + , + Y + Y + + + + + + Y + N + Choose an Peer. + + + + + diff --git a/net/wireguard/src/opnsense/mvc/app/views/OPNsense/Wireguard/general.volt b/net/wireguard/src/opnsense/mvc/app/views/OPNsense/Wireguard/general.volt new file mode 100644 index 000000000..1d95b849d --- /dev/null +++ b/net/wireguard/src/opnsense/mvc/app/views/OPNsense/Wireguard/general.volt @@ -0,0 +1,166 @@ +{# + +OPNsense® is Copyright © 2014 – 2018 by Deciso B.V. +This file is Copyright © 2018 by Michael Muenz +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +#} + + + + +
+
+
+ {{ partial("layout_partials/base_form",['fields':generalForm,'id':'frm_general_settings'])}} +
+
+ +
+
+
+
+ + + + + + + + + + + + + + + + + + + +
{{ lang._('Enabled') }}{{ lang._('Name') }}{{ lang._('Endpoint Address') }}{{ lang._('Tunnel Address') }}{{ lang._('ID') }}{{ lang._('Commands') }}
+ +
+
+
+ +

+
+
+
+ + + + + + + + + + + + + + + + + + + +
{{ lang._('Enabled') }}{{ lang._('Name') }}{{ lang._('Port') }}{{ lang._('Tunnel Address') }}{{ lang._('ID') }}{{ lang._('Commands') }}
+ +
+
+
+ +

+
+
+
+ +{{ partial("layout_partials/base_dialog",['fields':formDialogEditWireguardClient,'id':'dialogEditWireguardClient','label':lang._('Edit Endpoint')])}} +{{ partial("layout_partials/base_dialog",['fields':formDialogEditWireguardServer,'id':'dialogEditWireguardServer','label':lang._('Edit Server')])}} + + diff --git a/net/wireguard/src/opnsense/scripts/OPNsense/Wireguard/genkey.sh b/net/wireguard/src/opnsense/scripts/OPNsense/Wireguard/genkey.sh new file mode 100755 index 000000000..1cb5e5920 --- /dev/null +++ b/net/wireguard/src/opnsense/scripts/OPNsense/Wireguard/genkey.sh @@ -0,0 +1,55 @@ +#!/bin/sh + +# Copyright (c) 2018 Michael Muenz +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +TMPDIR="/tmp" +GENPRIV="/usr/local/bin/wg genkey" +GENPUB="/usr/local/bin/wg pubkey" + +cleanup() { + # Delete old files + rm -f $TMPDIR/wireguard.* +} + +private() { + # Generate a private key and put it to /tmp + umask 077 && ${GENPRIV} | tee ${TMPDIR}/wireguard.priv +} + +public() { + # Generate a public key and put it to /tmp + ${GENPUB} < ${TMPDIR}/wireguard.priv | tee ${TMPDIR}/wireguard.pub +} + +case "$1" in + private) + cleanup + private + ;; + public) + public + ;; +esac diff --git a/net/wireguard/src/opnsense/scripts/OPNsense/Wireguard/setup.sh b/net/wireguard/src/opnsense/scripts/OPNsense/Wireguard/setup.sh new file mode 100755 index 000000000..75ba580c9 --- /dev/null +++ b/net/wireguard/src/opnsense/scripts/OPNsense/Wireguard/setup.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +mkdir -p /var/run/wireguard +chmod 755 /var/run/wireguard diff --git a/net/wireguard/src/opnsense/service/conf/actions.d/actions_wireguard.conf b/net/wireguard/src/opnsense/service/conf/actions.d/actions_wireguard.conf new file mode 100644 index 000000000..46932513f --- /dev/null +++ b/net/wireguard/src/opnsense/service/conf/actions.d/actions_wireguard.conf @@ -0,0 +1,23 @@ +[start] +command:/usr/local/opnsense/scripts/OPNsense/Wireguard/setup.sh;/usr/local/etc/rc.d/opnsense-wireguard start +parameters: +type:script +message:starting Wireguard + +[stop] +command:/usr/local/etc/rc.d/opnsense-wireguard stop +parameters: +type:script +message:stopping Wireguard + +[restart] +command:/usr/local/opnsense/scripts/OPNsense/Wireguard/setup.sh;/usr/local/etc/rc.d/opnsense-wireguard restart +parameters: +type:script +message:restarting Wireguard + +[genkey] +command:/usr/local/opnsense/scripts/OPNsense/Wireguard/genkey.sh +parameters: %s +type:script_output +message:generating Wireguard keys diff --git a/net/wireguard/src/opnsense/service/templates/OPNsense/Wireguard/+TARGETS b/net/wireguard/src/opnsense/service/templates/OPNsense/Wireguard/+TARGETS new file mode 100644 index 000000000..ca42cbdba --- /dev/null +++ b/net/wireguard/src/opnsense/service/templates/OPNsense/Wireguard/+TARGETS @@ -0,0 +1,2 @@ +opnsense-wireguard:/etc/rc.conf.d/opnsense-wireguard +wireguard-server.conf:/usr/local/etc/wireguard/wg[OPNsense.wireguard.server.servers.server.%.instance].conf diff --git a/net/wireguard/src/opnsense/service/templates/OPNsense/Wireguard/opnsense-wireguard b/net/wireguard/src/opnsense/service/templates/OPNsense/Wireguard/opnsense-wireguard new file mode 100644 index 000000000..215e9958e --- /dev/null +++ b/net/wireguard/src/opnsense/service/templates/OPNsense/Wireguard/opnsense-wireguard @@ -0,0 +1,15 @@ +{% if helpers.exists('OPNsense.wireguard.general.enabled') and OPNsense.wireguard.general.enabled == '1' %} +wireguard_var_script="/usr/local/opnsense/scripts/OPNsense/Wireguard/setup.sh" +wireguard_enable="YES" +{% if helpers.exists('OPNsense.wireguard.server.servers.server') %} +{% set activeservers=[] %} +{% for servers in helpers.toList('OPNsense.wireguard.server.servers.server') %} +{% if servers.enabled == '1' %} +{% do activeservers.append("wg" + servers.instance) %} +{% endif %} +{% endfor %} +{% endif %} +wireguard_config="{{ activeservers | join(' ') }}" +{% else %} +wireguard_enable="NO" +{% endif %} diff --git a/net/wireguard/src/opnsense/service/templates/OPNsense/Wireguard/wireguard-server.conf b/net/wireguard/src/opnsense/service/templates/OPNsense/Wireguard/wireguard-server.conf new file mode 100644 index 000000000..ca3e5a84d --- /dev/null +++ b/net/wireguard/src/opnsense/service/templates/OPNsense/Wireguard/wireguard-server.conf @@ -0,0 +1,29 @@ +{% if helpers.exists('OPNsense.wireguard.general.enabled') and OPNsense.wireguard.general.enabled == '1' %} + +{% if helpers.exists('OPNsense.wireguard.server.servers.server') %} +{% for server_list in helpers.toList('OPNsense.wireguard.server.servers.server') %} +{% if TARGET_FILTERS['OPNsense.wireguard.server.servers.server.' ~ loop.index0] or TARGET_FILTERS['OPNsense.wireguard.server.servers.server'] %} +{% if server_list.enabled == '1' %} +[Interface] +Address = {{ server_list.tunneladdress }} +PrivateKey = {{ server_list.privkey }} +ListenPort = {{ server_list.port }} +{% if server_list.peers|default('') != '' %} +{% for peerlist in server_list.peers.split(",") %} +{% set peerlist2_data = helpers.getUUID(peerlist) %} +{% if peerlist2_data != {} and peerlist2_data.enabled == '1' %} +[Peer] +PublicKey = {{ peerlist2_data.pubkey }} +AllowedIPs = {{ peerlist2_data.tunneladdress }} +{% if peerlist2_data.serveraddress|default('') != '' %} +Endpoint = {{ peerlist2_data.serveraddress }}:{{ peerlist2_data.serverport }} +{% endif %} +{% endif %} +{% endfor %} +{% endif %} +{% endif %} +{% endif %} +{% endfor %} +{% endif %} + +{% endif %}