"KEY_OWN_CREATE_CN": "",
"KEY_OWN_CREATE_EMAIL": ""
}
-#: UI defaults for a VPN connection instance
-vpnconn_defaults = {
+#: UI defaults for an [IPSec] VPN connection instance
+vpnconn_ipsec_defaults = {
"VPNCONN_ACTIVATION": "ALWAYS",
"VPNCONN_DISABLED": "0",
"VPNCONN_DNS_RELAYING_ALLOWED": "1",
"VPNCONN_XAUTH_SERVER_ENABLE": "0"
}
+# defaults for a WireGuard connection (roadwarrior)
+vpnconn_wireguard_defaults = dict(
+ # proto-independent:
+ VPNCONN_DISABLED=0,
+ VPNCONN_ACTIVATION="PASSIVE",
+ VPNCONN_FIREWALL_RULESET_REF=5,
+ VPNCONN_DNS_RELAYING_ALLOWED=1,
+ VPNCONN_EMAIL_RELAYING_ALLOWED=1,
+ VPNCONN_KEY_FOREIGN_REF=1,
+ VPNCONN_PROXY_PROFILE_REF=-2,
+ VPNCONN_REMOTE_INET_NAT=0,
+ # WireGuard-specific:
+ VPNCONN_PROTO="WIREGUARD",
+ VPNCONN_VPN_WG_INTERFACE_REF=1,
+ # VPNCONN_WG_ENDPOINT_HOST="", # cannot be empty; must be set ...
+ # VPNCONN_WG_ENDPOINT_PORT="", # ... or be completely absent
+ VPNCONN_OFFLINE_DETECTION_SEC=60,
+ VPNCONN_WG_LOCAL_NET=dict(
+ value="NIC",
+ children=[
+ ("VPNCONN_WG_LOCAL_NET_NIC_REF", "0"),
+ ],
+ ),
+ VPNCONN_WG_LOCAL_TYPE="CONFIGURED",
+ VPNCONN_WG_PSK="",
+ VPNCONN_WG_REMOTE_NET=dict(
+ value="",
+ children=[
+ ("VPNCONN_WG_REMOTE_NET_IP", "192.168.40.1"),
+ ("VPNCONN_WG_REMOTE_NET_NETMASK", "255.255.255.255"),
+ ],
+ ),
+)
+
###############################################################################
# MINOR CONFIGURATION
prefix = name.lower() + "_"
for key in kwargs.keys():
if key.lower().startswith(prefix):
- log.warning(f"For overwriting template params, omit the leading name "
- f"(here: {name}_) from keys (here: {key})")
+ log.warning(
+ f"For overwriting template params, omit the leading name "
+ f"(here: {name}_) from keys (here: {key})"
+ )
cnf.children.single_with_name(f"{prefix}{key}").value = kwargs[key]
return cnf
"""
Generate a vpn connection cnf variable.
+ Creates an IPSec vpn connection per default, will create a
+ WireGuard VPN from different template if a different `VPNCONN_PROTO`
+ is set (via argument `proto="wireguard"`).
+
:param str name: name for the vpn connection
:param int instance: instance number for the vpn connection
:returns: generated cnf variable
:rtype: :py:class:`Cnf`
"""
- log.info(f"Generating a vpn connection {name} cnfvar")
- vpnconn_cnf = template("vpnconn", name, instance=instance,
- defaults=vpnconn_defaults, **kwargs)
- if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
- vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
- if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
- vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
- if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
- vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
+ # since wireguard and ipsec use very different cnfvars, we first check for
+ # the protocol. Use IPSec as default
+ proto = "ipsec"
+ for key, value in kwargs.items():
+ if key.lower() == "proto":
+ proto = value.lower()
+
+ # create an IPSec connection
+ if proto == "ipsec":
+ log.info(f"Generating an IPSec vpn connection {name} cnfvar")
+ vpnconn_cnf = template("vpnconn", name, instance=instance,
+ defaults=vpnconn_ipsec_defaults, **kwargs)
+ if vpnconn_cnf.children.single_with_name("vpnconn_lan_type").value not in ["NIC", "CUSTOM"]:
+ vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_lan_net")
+ if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "CUSTOM":
+ vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_net")
+ if vpnconn_cnf.children.single_with_name("vpnconn_remote_type").value != "MODECONFIG":
+ vpnconn_cnf.children.remove_where(lambda c: c.name == "vpnconn_remote_modeconfig_ip")
+
+ # create a WireGuard connection
+ elif proto == "wireguard":
+ log.info(f"Generating a WireGuard vpn connection {name} cnfvar")
+ vpnconn_cnf = template("vpnconn", name, instance=instance,
+ defaults=vpnconn_wireguard_defaults, **kwargs)
+
+ else:
+ raise ValueError(f"Invalid vpn connection protocol: {proto!r}")
return vpnconn_cnf
1348 (1346) VPN_ENCRYPTION_PROFILE_IPSEC_HASH,0: "MD5"
1349 (1304) VPN_ENCRYPTION_PROFILE_PFSGROUP,0: "None"
1350 VPN_NAT_T,0: "1"
+1351 KEY_OWN,2: "wireguard key"
+1352 (1351) KEY_OWN_PRIVATE_KEY,0: "mDJzyGuSJm8QPlEEIdLd9K5BfTmLUzwuPx5h9t7ILH8="
+1353 (1351) KEY_OWN_PUBLIC_KEY,0: "Pw7eCPgCjAEXtQ1jQ3/So+envZaG9nUDiDBd4PI3XHQ="
+1354 (1351) KEY_OWN_TYPE,0: "WIREGUARD"
+1355 (1351) KEY_OWN_VALIDFROM,0: "20221129T143552"
+1357 VPN_WG_INTERFACE,1: "wireguard interface"
+1358 (1357) VPN_WG_INTERFACE_KEY_OWN_REF,0: "2"
+1359 (1357) VPN_WG_INTERFACE_NIC_REF,0: "0"
+1360 (1357) VPN_WG_INTERFACE_PORT,0: "800"
+1361 VPNCONN,1: "wireguard roadwarrior"
+1362 (1361) VPNCONN_ACTIVATION,0: "PASSIVE"
+1363 (1361) VPNCONN_DISABLED,0: "0"
+1364 (1361) VPNCONN_DNS_RELAYING_ALLOWED,0: "1"
+1365 (1361) VPNCONN_EMAIL_RELAYING_ALLOWED,0: "1"
+1366 (1361) VPNCONN_FIREWALL_RULESET_REF,0: "9"
+1367 (1361) VPNCONN_GENERATED_PROFILE,0: "WGQUICK"
+1368 (1361) VPNCONN_KEY_FOREIGN_REF,0: "1"
+1369 (1361) VPNCONN_OFFLINE_DETECTION_SEC,0: "60"
+1370 (1361) VPNCONN_PROTO,0: "WIREGUARD"
+1371 (1361) VPNCONN_PROXY_PROFILE_REF,0: "-1"
+1372 (1361) VPNCONN_REMOTE_INET_NAT,0: "0"
+1373 (1361) VPNCONN_VPN_WG_INTERFACE_REF,0: "1"
+1374 (1361) VPNCONN_WG_LOCAL_NET,0: "NIC"
+1375 (1374) VPNCONN_WG_LOCAL_NET_NIC_REF,0: "2"
+1376 (1361) VPNCONN_WG_LOCAL_TYPE,0: "CONFIGURED"
+1377 (1361) VPNCONN_WG_PSK,0: "9ZdjkFSNcDAIOwwMQZ/6bBNFc35Rd4bWyPeIpJpm5qI="
+1378 (1361) VPNCONN_WG_REMOTE_NET,0: ""
+1379 (1378) VPNCONN_WG_REMOTE_NET_IP,0: "192.168.40.5"
+1380 (1378) VPNCONN_WG_REMOTE_NET_NETMASK,0: "255.255.255.255"
+1381 VPNCONN,2: "wg site2site"
+1382 (1381) VPNCONN_ACTIVATION,0: "ALWAYS"
+1383 (1381) VPNCONN_DISABLED,0: "1"
+1384 (1381) VPNCONN_DNS_RELAYING_ALLOWED,0: "1"
+1385 (1381) VPNCONN_EMAIL_RELAYING_ALLOWED,0: "1"
+1386 (1381) VPNCONN_FIREWALL_RULESET_REF,0: "9"
+1387 (1381) VPNCONN_GENERATED_PROFILE,0: "WGI2N"
+1388 (1381) VPNCONN_KEY_FOREIGN_REF,0: "2"
+1389 (1381) VPNCONN_OFFLINE_DETECTION_SEC,0: "60"
+1390 (1381) VPNCONN_PROTO,0: "WIREGUARD"
+1391 (1381) VPNCONN_PROXY_PROFILE_REF,0: "4"
+1392 (1381) VPNCONN_REMOTE_INET_NAT,0: "0"
+1393 (1381) VPNCONN_VPN_WG_INTERFACE_REF,0: "1"
+1394 (1381) VPNCONN_WG_ENDPOINT_HOST,0: "hauptsitz.meine-firma.de"
+1395 (1381) VPNCONN_WG_ENDPOINT_PORT,0: "51821"
+1396 (1381) VPNCONN_WG_LOCAL_NET,0: "NIC"
+1397 (1396) VPNCONN_WG_LOCAL_NET_NIC_REF,0: "2"
+1398 (1381) VPNCONN_WG_LOCAL_TYPE,0: "CONFIGURED"
+1399 (1381) VPNCONN_WG_PSK,0: "g42DVjQz1gu4LAhWfedKGAOzevZu3Daos6ukSReYw7c="
+1400 (1381) VPNCONN_WG_REMOTE_NET,0: ""
+1401 (1400) VPNCONN_WG_REMOTE_NET_IP,0: "192.168.10.0"
+1402 (1400) VPNCONN_WG_REMOTE_NET_NETMASK,0: "255.255.255.0"
+1403 KEY_FOREIGN,1: "wireguard roadwarrior"
+1404 (1403) KEY_FOREIGN_AUTOCREATE_TYPE,0: "WGQUICK"
+1405 (1403) KEY_FOREIGN_PRIVATE_KEY,0: "Nm9fIqDI/sgQNJDbM+bTJTYP6pDjaHIEjMyVyprVlIE="
+1406 (1403) KEY_FOREIGN_PUBLIC_KEY,0: "xw2eBw6e/yReSvGlVDknp/1+BJua9qMzpEDA6LQRUDc="
+1407 (1403) KEY_FOREIGN_TYPE,0: "WIREGUARD"
+1408 (1403) KEY_FOREIGN_VALIDFROM,0: "20241105T100559"
+1409 KEY_FOREIGN,2: "wireguard site2site"
+1410 (1409) KEY_FOREIGN_AUTOCREATE_TYPE,0: "WGQUICK"
+1411 (1409) KEY_FOREIGN_PRIVATE_KEY,0: "Nm9fIqDI/sgQNJDbM+bTJTYP6pDjaHIEjMyVyprVlIE="
+1412 (1409) KEY_FOREIGN_PUBLIC_KEY,0: "xw2eBw6e/yReSvGlVDknp/1+BJua9qMzpEDA6LQRUDc="
+1413 (1409) KEY_FOREIGN_TYPE,0: "WIREGUARD"
+1414 (1409) KEY_FOREIGN_VALIDFROM,0: "20241105T100559"
git://developer.intra2net.com / pyi2ncommon / commitdiff