From 4fbdb56192f5c505958bf3869e311fd38a6f3d2c Mon Sep 17 00:00:00 2001 From: octeep Date: Tue, 29 Mar 2022 04:44:49 +0100 Subject: [PATCH] change config syntax to match wireguard's config syntax --- README.md | 42 ++++++---------- config.go | 131 ++++++++++++++++++++++++++++++++------------------ docker/config | 25 +++------- 3 files changed, 105 insertions(+), 93 deletions(-) diff --git a/README.md b/README.md index 17ca618..e2bb2e3 100644 --- a/README.md +++ b/README.md @@ -23,35 +23,21 @@ anything. # Sample config file ``` -# SelfSecretKey is the secret key of your wireguard peer. -# This should be the same as the PrivateKey in your `client.conf` wireguard setting. -SelfSecretKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q= +# The [Interface] and [Peer] configurations follow the same sematics and meaning +# of a wg-quick configuration. To understand what these fields mean, please refer to: +# https://wiki.archlinux.org/title/WireGuard#Persistent_configuration +# https://www.wireguard.com/#simple-network-interface +[Interface] +Address = 10.200.200.2/32 +MTU = 1420 +PrivateKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q= +DNS = 10.200.200.1 -# SelfEndpoint is the IP of your wireguard peer. -SelfEndpoint = 172.16.31.2 - -# PeerPublicKey is the public key of the wireguard server you want to connect to. -PeerPublicKey = QP+A67Z2UBrMgvNIdHv8gPel5URWNLS4B3ZQ2hQIZlg= - -# PeerEndpoint is the endpoint of the wireguard server you want to connect to. -PeerEndpoint = 172.16.0.1:53 - -# DNS is the list of nameservers that will be used by wireproxy. -# For just a single nameserver: -DNS = 1.1.1.1 -# For multiple nameservers: -#DNS = 1.1.1.1, 1.0.0.1 - -# KeepAlive is the persistent keep alive interval of the wireguard device. -# Usually not needed. -#KeepAlive = 25 - -# PreSharedKey is the pre shared key of your wireguard device -# If you don't know what this is, then you probably don't need it. -#PreSharedKey = UItQuvLsyh50ucXHfjF0bbR4IIpVBd74lwKc8uIPXXs= - -# MTU is the maximum transmission unit size, By default this is set to 1420. -# MTU = 1234 +[Peer] +PublicKey = QP+A67Z2UBrMgvNIdHv8gPel5URWNLS4B3ZQ2hQIZlg= +PresharedKey = UItQuvLsyh50ucXHfjF0bbR4IIpVBd74lwKc8uIPXXs= +Endpoint = my.ddns.example.com:51820 +PersistentKeepalive = 25 # TCPClientTunnel is a tunnel listening on your machine, # and it forwards any TCP traffic received to the specified target via wireguard. diff --git a/config.go b/config.go index 1420042..f5c8e50 100644 --- a/config.go +++ b/config.go @@ -120,6 +120,25 @@ func parseCommaSeperatedNetIP(section *ini.Section, keyName string) ([]netip.Add return ips, nil } +func parseCIDRNetIP(section *ini.Section, keyName string) (*netip.Addr, error) { + prefixString, err := parseString(section, keyName) + if err != nil { + return nil, err + } + + prefix, err := netip.ParsePrefix(prefixString) + if err != nil { + return nil, err + } + + addr := prefix.Addr() + if prefix.Bits() != addr.BitLen() { + return nil, errors.New("interface address subnet should be /32 for IPv4 and /128 for IPv6") + } + + return &addr, nil +} + func resolveIP(ip string) (*net.IPAddr, error) { return net.ResolveIPAddr("ip", ip) } @@ -137,76 +156,83 @@ func resolveIPPAndPort(addr string) (string, error) { return net.JoinHostPort(ip.String(), port), nil } -func ParseDeviceConfig(cfg *ini.File) (*DeviceConfig, error) { - config := &DeviceConfig{ - PreSharedKey: "0000000000000000000000000000000000000000000000000000000000000000", - KeepAlive: 0, - MTU: 1420, +func ParseInterface(cfg *ini.File, device *DeviceConfig) error { + sections, err := cfg.SectionsByName("Interface") + if len(sections) != 1 || err != nil { + return errors.New("one and only one [Interface] is expected") } - section := cfg.Section("") + section := sections[0] - decoded, err := parseBase64KeyToHex(section, "SelfSecretKey") + address, err := parseCIDRNetIP(section, "Address") if err != nil { - return nil, err + return err } - config.SelfSecretKey = decoded - decoded, err = parseBase64KeyToHex(section, "PeerPublicKey") + device.SelfEndpoint = address + + privKey, err := parseBase64KeyToHex(section, "PrivateKey") if err != nil { - return nil, err + return err } - config.PeerPublicKey = decoded + device.SelfSecretKey = privKey - if sectionKey, err := section.GetKey("PreSharedKey"); err == nil { - value, err := encodeBase64ToHex(sectionKey.String()) - if err != nil { - return nil, err - } - config.PreSharedKey = value - } - - if sectionKey, err := section.GetKey("KeeyAlive"); err == nil { - value, err := sectionKey.Int() - if err != nil { - return nil, err - } - config.KeepAlive = value + dns, err := parseCommaSeperatedNetIP(section, "DNS") + if err != nil { + return err } + device.DNS = dns if sectionKey, err := section.GetKey("MTU"); err == nil { value, err := sectionKey.Int() if err != nil { - return nil, err + return err } - config.MTU = value + device.MTU = value } - decoded, err = parseString(section, "PeerEndpoint") + return nil +} + +func ParsePeer(cfg *ini.File, device *DeviceConfig) error { + sections, err := cfg.SectionsByName("Peer") + if len(sections) != 1 || err != nil { + return errors.New("one and only one [Peer] is expected") + } + section := sections[0] + + decoded, err := parseBase64KeyToHex(section, "PublicKey") if err != nil { - return nil, err + return err + } + device.PeerPublicKey = decoded + + if sectionKey, err := section.GetKey("PreSharedKey"); err == nil { + value, err := encodeBase64ToHex(sectionKey.String()) + if err != nil { + return err + } + device.PreSharedKey = value + } + + decoded, err = parseString(section, "Endpoint") + if err != nil { + return err } decoded, err = resolveIPPAndPort(decoded) if err != nil { - return nil, err + return err } - config.PeerEndpoint = decoded + device.PeerEndpoint = decoded - selfEndpoint, err := parseCommaSeperatedNetIP(section, "SelfEndpoint") - if err != nil { - return nil, err + if sectionKey, err := section.GetKey("PersistentKeepalive"); err == nil { + value, err := sectionKey.Int() + if err != nil { + return err + } + device.KeepAlive = value } - if len(selfEndpoint) != 1 { - return nil, errors.New("SelfEndpoint must be specified with only 1 IP address") - } - config.SelfEndpoint = &selfEndpoint[0] - dns, err := parseCommaSeperatedNetIP(section, "DNS") - if err != nil { - return nil, err - } - config.DNS = dns - - return config, nil + return nil } func parseTCPClientTunnelConfig(section *ini.Section) (*TCPClientTunnelConfig, error) { @@ -322,7 +348,18 @@ func ParseConfig(path string) (*Configuration, error) { return nil, err } - device, err := ParseDeviceConfig(cfg) + device := &DeviceConfig{ + PreSharedKey: "0000000000000000000000000000000000000000000000000000000000000000", + KeepAlive: 0, + MTU: 1420, + } + + err = ParseInterface(cfg, device) + if err != nil { + return nil, err + } + + err = ParsePeer(cfg, device) if err != nil { return nil, err } diff --git a/docker/config b/docker/config index 4c71193..0e5362f 100644 --- a/docker/config +++ b/docker/config @@ -1,23 +1,12 @@ -# SelfSecretKey is the secret key of your wireguard peer -SelfSecretKey = ###Interface - PrivateKey### -# SelfEndpoint is the IP of your wireguard peer -SelfEndpoint = ###Interface - Address### -# DNS is the nameservers that will be used by wireproxy. -# Multple nameservers can be specified as such: DNS = 1.1.1.1, 1.0.0.1 +[Interface] +Address = ###Interface - Address### +PrivateKey = ###Interface - PrivateKey### DNS = ###Interface - DNS### -# PeerPublicKey is the public key of the wireguard server you want to connec to -PeerPublicKey = ###Peer - PublicKey### -# PeerEndpoint is the endpoint of the wireguard server you want to connec to -PeerEndpoint = ###Peer - Endpoint### - -# KeepAlive is the persistent keep alive interval of the wireguard device -# usually not needed -# KeepAlive = 25 -# PreSharedKey is the pre shared key of your wireguard device -# if you don't know what this is you don't need it -# PreSharedKey = +[Peer] +PublicKey = ###Peer - PublicKey### +Endpoint = ###Peer - Endpoint### # Socks5 create a socks5 proxy on your LAN, and any traffic would be routed via wireguard [Socks5] -BindAddress = 0.0.0.0:2534 \ No newline at end of file +BindAddress = 0.0.0.0:2534