change config syntax to match wireguard's config syntax

2025-04-29 19:01:42 +02:00 · 2022-03-29 04:44:49 +01:00 · 2022-03-29 04:44:49 +01:00 · b548a567be
commit b548a567be
parent 4937223047
3 changed files with 105 additions and 93 deletions
--- a/README.md
+++ b/README.md
@ -23,35 +23,21 @@ anything.

 # Sample config file
 ```
-# SelfSecretKey is the secret key of your wireguard peer.
-# This should be the same as the PrivateKey in your `client.conf` wireguard setting.
-SelfSecretKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q=
+# The [Interface] and [Peer] configurations follow the same sematics and meaning
+# of a wg-quick configuration. To understand what these fields mean, please refer to:
+# https://wiki.archlinux.org/title/WireGuard#Persistent_configuration
+# https://www.wireguard.com/#simple-network-interface
+[Interface]
+Address = 10.200.200.2/32
+MTU = 1420
+PrivateKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q=
+DNS = 10.200.200.1

-# SelfEndpoint is the IP of your wireguard peer.
-SelfEndpoint = 172.16.31.2
-
-# PeerPublicKey is the public key of the wireguard server you want to connect to.
-PeerPublicKey = QP+A67Z2UBrMgvNIdHv8gPel5URWNLS4B3ZQ2hQIZlg=
-
-# PeerEndpoint is the endpoint of the wireguard server you want to connect to.
-PeerEndpoint = 172.16.0.1:53
-
-# DNS is the list of nameservers that will be used by wireproxy.
-# For just a single nameserver:
-DNS = 1.1.1.1
-# For multiple nameservers:
-#DNS = 1.1.1.1, 1.0.0.1
-
-# KeepAlive is the persistent keep alive interval of the wireguard device.
-# Usually not needed.
-#KeepAlive = 25
-
-# PreSharedKey is the pre shared key of your wireguard device
-# If you don't know what this is, then you probably don't need it.
-#PreSharedKey = UItQuvLsyh50ucXHfjF0bbR4IIpVBd74lwKc8uIPXXs=
-
-# MTU is the maximum transmission unit size, By default this is set to 1420.
-# MTU = 1234
+[Peer]
+PublicKey = QP+A67Z2UBrMgvNIdHv8gPel5URWNLS4B3ZQ2hQIZlg=
+PresharedKey = UItQuvLsyh50ucXHfjF0bbR4IIpVBd74lwKc8uIPXXs=
+Endpoint = my.ddns.example.com:51820
+PersistentKeepalive = 25

 # TCPClientTunnel is a tunnel listening on your machine,
 # and it forwards any TCP traffic received to the specified target via wireguard.
--- a/config.go
+++ b/config.go
@ -120,6 +120,25 @@ func parseCommaSeperatedNetIP(section *ini.Section, keyName string) ([]netip.Add
 	return ips, nil
 }

+func parseCIDRNetIP(section *ini.Section, keyName string) (*netip.Addr, error) {
+	prefixString, err := parseString(section, keyName)
+	if err != nil {
+		return nil, err
+	}
+
+	prefix, err := netip.ParsePrefix(prefixString)
+	if err != nil {
+		return nil, err
+	}
+
+	addr := prefix.Addr()
+	if prefix.Bits() != addr.BitLen() {
+		return nil, errors.New("interface address subnet should be /32 for IPv4 and /128 for IPv6")
+	}
+
+	return &addr, nil
+}
+
 func resolveIP(ip string) (*net.IPAddr, error) {
 	return net.ResolveIPAddr("ip", ip)
 }
@ -137,76 +156,83 @@ func resolveIPPAndPort(addr string) (string, error) {
 	return net.JoinHostPort(ip.String(), port), nil
 }

-func ParseDeviceConfig(cfg *ini.File) (*DeviceConfig, error) {
-	config := &DeviceConfig{
-		PreSharedKey: "0000000000000000000000000000000000000000000000000000000000000000",
-		KeepAlive:    0,
-		MTU:          1420,
+func ParseInterface(cfg *ini.File, device *DeviceConfig) error {
+	sections, err := cfg.SectionsByName("Interface")
+	if len(sections) != 1 || err != nil {
+		return errors.New("one and only one [Interface] is expected")
 	}
-	section := cfg.Section("")
+	section := sections[0]

-	decoded, err := parseBase64KeyToHex(section, "SelfSecretKey")
+	address, err := parseCIDRNetIP(section, "Address")
 	if err != nil {
-		return nil, err
+		return err
 	}
-	config.SelfSecretKey = decoded

-	decoded, err = parseBase64KeyToHex(section, "PeerPublicKey")
+	device.SelfEndpoint = address
+
+	privKey, err := parseBase64KeyToHex(section, "PrivateKey")
 	if err != nil {
-		return nil, err
+		return err
 	}
-	config.PeerPublicKey = decoded
+	device.SelfSecretKey = privKey

-	if sectionKey, err := section.GetKey("PreSharedKey"); err == nil {
-		value, err := encodeBase64ToHex(sectionKey.String())
-		if err != nil {
-			return nil, err
-		}
-		config.PreSharedKey = value
-	}
-
-	if sectionKey, err := section.GetKey("KeeyAlive"); err == nil {
-		value, err := sectionKey.Int()
-		if err != nil {
-			return nil, err
-		}
-		config.KeepAlive = value
+	dns, err := parseCommaSeperatedNetIP(section, "DNS")
+	if err != nil {
+		return err
 	}
+	device.DNS = dns

 	if sectionKey, err := section.GetKey("MTU"); err == nil {
 		value, err := sectionKey.Int()
 		if err != nil {
-			return nil, err
+			return err
 		}
-		config.MTU = value
+		device.MTU = value
 	}

-	decoded, err = parseString(section, "PeerEndpoint")
+	return nil
+}
+
+func ParsePeer(cfg *ini.File, device *DeviceConfig) error {
+	sections, err := cfg.SectionsByName("Peer")
+	if len(sections) != 1 || err != nil {
+		return errors.New("one and only one [Peer] is expected")
+	}
+	section := sections[0]
+
+	decoded, err := parseBase64KeyToHex(section, "PublicKey")
 	if err != nil {
-		return nil, err
+		return err
+	}
+	device.PeerPublicKey = decoded
+
+	if sectionKey, err := section.GetKey("PreSharedKey"); err == nil {
+		value, err := encodeBase64ToHex(sectionKey.String())
+		if err != nil {
+			return err
+		}
+		device.PreSharedKey = value
+	}
+
+	decoded, err = parseString(section, "Endpoint")
+	if err != nil {
+		return err
 	}
 	decoded, err = resolveIPPAndPort(decoded)
 	if err != nil {
-		return nil, err
+		return err
 	}
-	config.PeerEndpoint = decoded
+	device.PeerEndpoint = decoded

-	selfEndpoint, err := parseCommaSeperatedNetIP(section, "SelfEndpoint")
-	if err != nil {
-		return nil, err
+	if sectionKey, err := section.GetKey("PersistentKeepalive"); err == nil {
+		value, err := sectionKey.Int()
+		if err != nil {
+			return err
+		}
+		device.KeepAlive = value
 	}
-	if len(selfEndpoint) != 1 {
-		return nil, errors.New("SelfEndpoint must be specified with only 1 IP address")
-	}
-	config.SelfEndpoint = &selfEndpoint[0]

-	dns, err := parseCommaSeperatedNetIP(section, "DNS")
-	if err != nil {
-		return nil, err
-	}
-	config.DNS = dns
-
-	return config, nil
+	return nil
 }

 func parseTCPClientTunnelConfig(section *ini.Section) (*TCPClientTunnelConfig, error) {
@ -322,7 +348,18 @@ func ParseConfig(path string) (*Configuration, error) {
 		return nil, err
 	}

-	device, err := ParseDeviceConfig(cfg)
+	device := &DeviceConfig{
+		PreSharedKey: "0000000000000000000000000000000000000000000000000000000000000000",
+		KeepAlive:    0,
+		MTU:          1420,
+	}
+
+	err = ParseInterface(cfg, device)
+	if err != nil {
+		return nil, err
+	}
+
+	err = ParsePeer(cfg, device)
 	if err != nil {
 		return nil, err
 	}
--- a/docker/config
+++ b/docker/config
@ -1,23 +1,12 @@
-# SelfSecretKey is the secret key of your wireguard peer
-SelfSecretKey = ###Interface - PrivateKey###
-# SelfEndpoint is the IP of your wireguard peer
-SelfEndpoint = ###Interface - Address###
-# DNS is the nameservers that will be used by wireproxy.
-# Multple nameservers can be specified as such: DNS = 1.1.1.1, 1.0.0.1
+[Interface]
+Address = ###Interface - Address###
+PrivateKey = ###Interface - PrivateKey###
 DNS = ###Interface - DNS###

-# PeerPublicKey is the public key of the wireguard server you want to connec to
-PeerPublicKey = ###Peer - PublicKey###
-# PeerEndpoint is the endpoint of the wireguard server you want to connec to
-PeerEndpoint =  ###Peer - Endpoint###
-
-# KeepAlive is the persistent keep alive interval of the wireguard device
-# usually not needed
-# KeepAlive = 25
-# PreSharedKey is the pre shared key of your wireguard device
-# if you don't know what this is you don't need it
-# PreSharedKey = 
+[Peer]
+PublicKey = ###Peer - PublicKey###
+Endpoint = ###Peer - Endpoint###

 # Socks5 create a socks5 proxy on your LAN, and any traffic would be routed via wireguard
 [Socks5]
-BindAddress = 0.0.0.0:2534
+BindAddress = 0.0.0.0:2534