- Currently, the value is hard-coded as /24. Instead take this as input and use
that value.
Tests:
- Entering invalid IPv4 address results in 'Enter a valid IPv4 address' error
message during form submission.
- Entering invalid prefix such as /33 results in 'Enter a valid network prefix
or net mask.' error during form submission.
- Both /32 and /255.255.255.255 formats are accepted.
- The description text for the form field 'IP address' is as expected.
- Changing the value of default route and IP address + netmask reflects in the
status page. Correct values is shown in the edit server and server status page.
- Not providing a netmask results in /32 being assigned.
- Unit and functional tests for wireguard pass. There are some intermittent
failures with functional tests that are unrelated to the patch.
- Setting the /32 prefix results in correct routing table as shown by 'ip route
show table all'. No default routes are network routes are present. 'traceroute
1.1.1.1' shows route taken via regular network.
- Setting the /24 prefix results in correct routing table. No default routes are
present. However, for the /24 network a route is present with device wg1.
'traceroute 1.1.1.1' shows route taken via regular network.
- Enabling the default route results in correct routing table. Default route is
shown for device wg1 with high priority. 'traceroute 1.1.1.1' shows route taken
via WireGuard network.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The default route is not decided by the subnet on the IP address assigned. It
is to be decided using the list of allowed peers in the wireguard settings.
Tests:
- Set the default route setting to 'on' while creating the connection. In the
edit server page, the value is shown correctly. Repeat with 'off' value.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Install WireGuard and start the server. Uninstall the app and re-install.
Without the patch, the connection remain after uninstall. With the patch, the
connections are removed after uninstall and return to pristine state after
re-install.
- Functional tests succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work (uninstall test fails to no backup component,
intermittent failure)
- Showing status information works
- In the main app page for server and clients
- When showing server details
- When showing client details
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Add a new server and delete it.
- Add a new client and delete it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Add HTML classes to help with functional testing.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When wireguard interface is not active 'wg show' does not provide any
information. In such case, get the public key by computing it from private key
by calling 'wg pubkey'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Refactor code that edits the connection to server.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Any changes done directly using 'wg' command need to be redone after a reboot
and disable/enable sequence. Let that duty be handled by network manager.
- Handle (none) values for keys and 0 values for latest handshake from 'wg'
dump command output.
- Don't store public/private keys for wireguard in /var/lib. Let Network Manager
deal with the storage of secrets.
- Create client connections in the 'external' zone.
- Show allowed IPs for each client in the main page.
- Show server connection public key only for clients. We use different key pairs
when connecting to each of the servers.
- Separate out configuration information and status information in the show
page.
- Allocate IP addresses to each of the clients.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't create network link. This don't persist across reboots and it is the job
of Network Manager.
- Move NM settings code to regular plinth process instead of superuser.
Permission for managing NM connections from the service daemon is granted by
PolKit.
- Use interface name to identify the connection as it seems to be simply to do
so than the public key. Public key is not easy to retrieve from NM connection.
- Merge code for adding and editing the connection to avoid repetition.
- Add icon to the edit button.
- Throw 404 error when incorrect client is specified.
- Fix issue with storing preshared key.
- Show formatting date in case of last connected time.
- Show formatted sizes for data transmitted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
