Merging latest bits from devel (#22)

rcmcdonald91 · web-flow · commit 9858a0181861 · 2021-04-16T14:55:55.000-04:00
* Fixes some more interface handling bits

* Fixes an MTU war between pfSense and wg-quick. wg-quick will now always honor pfSense for assigned interfaces, and only fall back to the default 1420 for unassigned interfaces

* Syntax bug

* Created a new global variable to generalize more things
diff --git a/src/Makefile b/src/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	pfSense-pkg-WireGuard
 PORTVERSION=	0.0.5
-PORREVISION=	0
+PORREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	# empty
 DISTFILES=	# empty
diff --git a/src/files/usr/local/pkg/wireguard/wg.inc b/src/files/usr/local/pkg/wireguard/wg.inc
@@ -158,7 +158,7 @@ function wg_delete_tunnel($tunidx) {
 
 // Write new tunnel values to the configuration system
 function wg_do_post($post) {
-	global $config;
+	global $config, $wgg;
 
 	init_config_arr(array('installedpackages', 'wireguard', 'tunnel'));
 
@@ -169,12 +169,22 @@ function wg_do_post($post) {
 	$pconfig = &$config['installedpackages']['wireguard']['tunnel'][$index];
 
 	if (empty($pconfig['name'])) {
+
 		$pconfig['name'] = next_wg_if();
+
 	}
-	$pconfig['enabled'] = empty($post['enabled']) ? 'no':'yes';
+
+	if (empty($pconfig['mtu'])) {
+
+		$pconfig['mtu'] = $wgg['default_mtu'];
+
+	}
+
+	$pconfig['enabled'] = empty($post['enabled']) ? 'no' : 'yes';
+
 	$pconfig['descr'] = $post['descr'];
 
-	// Interface section
+	// Tunnel section
 	$pconfig['interface']['address'] = $post['address'];
 	$pconfig['interface']['listenport'] = $post['listenport'];
 	$pconfig['interface']['privatekey'] = $post['privatekey'];
@@ -238,7 +248,6 @@ function wg_resync() {
 		foreach ($wg_tunnels as $tunnel) {
 
 			if (isset($tunnel['enabled']) && $tunnel['enabled'] == 'yes') {
-
 				$is_assigned = is_wg_tunnel_assigned($tunnel);
 
 				wg_configure_if($tunnel, !($is_assigned));
diff --git a/src/files/usr/local/pkg/wireguard/wg_api.inc b/src/files/usr/local/pkg/wireguard/wg_api.inc
@@ -157,13 +157,13 @@ function genPSK() {
 
 // Return the next available WireGuard port
 function next_wg_port() {
-	global $config;
+	global $config, $wgg;
 
 	init_config_arr(array('installedpackages', 'wireguard', 'tunnel'));
 
 	$tunnels = &$config['installedpackages']['wireguard']['tunnel'];
 
-	for ($idx=51820; $idx<65535; $idx++) {
+	for ($idx=$wgg['default_port']; $idx<65535; $idx++) {
 
 		// Check to see if the port is already in use
 		$found = false;
@@ -189,7 +189,7 @@ function next_wg_port() {
 
 	}
 
-	return 51820;
+	return $wgg['default_port'];
 
 }
 
diff --git a/src/files/usr/local/pkg/wireguard/wg_globals.inc b/src/files/usr/local/pkg/wireguard/wg_globals.inc
@@ -39,6 +39,7 @@ $wgg = array(
         'if_group'              => 'WireGuard',
         'ifgroupentry'          => array('ifname' => 'WireGuard', 'descr' => 'Dynamic Group for WireGuard', 'members' => null),
         'default_mtu'           => 1420,
+        'default_port'          => 51820,
 
         'script_path'           => '/usr/local/etc',
         'earlyshellcmds'        => array('/usr/local/etc/rc.bootstrap_wireguard', '/usr/local/etc/rc.reload_wireguard'),
diff --git a/src/files/usr/local/www/wg/vpn_wg_edit.php b/src/files/usr/local/www/wg/vpn_wg_edit.php
@@ -58,45 +58,60 @@
 if ($_POST) {
 
 	if ($_POST['save']) {
+
 		if (empty($_POST['listenport'])) {
+
 			$_POST['listenport'] = next_wg_port();
+
 		}
-		if (empty($_POST['mtu'])) {
-			$_POST['mtu'] = $wgg['default_mtu'];
-		}
+
 		$res = wg_do_post($_POST);
+		
 		$input_errors = $res['input_errors'];
+
 		$pconfig = $res['pconfig'];
 
 		if (!$input_errors) {
+
 			// Create the new WG config files
 			wg_create_config_files();
 			
-			// Create interface group
+			// Attempt to reinstall the interface group to keep things clean
 			wg_ifgroup_install();
 
-			// Setup and start the new WG tunnel
-			if (isset($pconfig['enabled']) &&
-			($pconfig['enabled'] == 'yes')) {
-				wg_configure_if($pconfig);
+			// Configure the new WG tunnel
+			if (isset($pconfig['enabled']) && $pconfig['enabled'] == 'yes') {
+
+				// Should we soft configure?
+				$is_assigned = is_wg_tunnel_assigned($pconfig);
+
+				wg_configure_if($pconfig, !($is_assigned));
+
 			} else {
+
 				wg_destroy_if($pconfig);
+
 			}
 
 			// Go back to the tunnel table
 			header("Location: /wg/vpn_wg.php");
+
 		}
+
 	} elseif ($_POST['action'] == 'genkeys') {
+
 		// Process ajax call requesting new key pair
 		print(genKeyPair(true));
+
 		exit;
+
 	}
 
 } else {
 
 	if (isset($index)) {
 
-		if ($tunnels[$index]) {
+		if (is_array($tunnels[$index])) {
 
 			$pconfig = &$tunnels[$index];
 		}
@@ -109,6 +124,9 @@
 
 	}
 
+	// Save the MTU settings prior to re(saving)
+	$pconfig['mtu'] = get_interface_mtu($pconfig['name']);
+
 }
 
 $shortcut_section = "wireguard";
@@ -156,8 +174,17 @@
 if (is_wg_tunnel_assigned($pconfig)) {
 
 	$tun_enable->setDisabled();
+
 	$tun_enable->setHelp('<span class="text-danger">Note: </span>Tunnel cannot be <b>disabled</b> when assigned to an interface');
 
+	// We still want to POST this field, make a a hidden field now
+	$section->addInput(new Form_Input(
+		'enabled',
+		'',
+		'hidden',
+		'yes'
+	));
+
 }
 
 $section->addInput($tun_enable);
@@ -251,6 +278,14 @@
 
 }
 
+// We still need to keep track of this otherwise wg-quick and pfSense will fight
+$section->addInput(new Form_Input(
+	'mtu',
+	'',
+	'hidden',
+	$pconfig['mtu']
+));
+
 $form->add($section);
 
 print($form);
