luci-proto-wireguard: WireGuard VPN Protocol (New)

[project/luci.git] / protocols / luci-proto-wireguard / luasrc / model / cbi / admin_network / proto_wireguard.lua

-- Copyright 2016 Dan Luedtke <mail@danrl.com>
-- Licensed to the public under the Apache License 2.0.


local map, section, net = ...
local ifname = net:get_interface():name()
local private_key, listen_port
local metric, mtu, preshared_key
local peers, public_key, allowed_ips, endpoint, persistent_keepalive


-- general ---------------------------------------------------------------------

private_key = section:taboption(
  "general",
  Value,
  "private_key",
  translate("Private Key"),
  translate("Required. Base64-encoded private key for this interface.")
)
private_key.password = true
private_key.datatype = "and(minlength(44),maxlength(44))"
private_key.optional = false


listen_port = section:taboption(
  "general",
  Value,
  "listen_port",
  translate("Listen Port"),
  translate("Optional. UDP port used for outgoing and incoming packets.")
)
listen_port.datatype = "port"
listen_port.placeholder = "51820"
listen_port.optional = true


-- advanced --------------------------------------------------------------------

metric = section:taboption(
  "advanced",
  Value,
  "metric",
  translate("Metric"),
  translate("Optional.")
)
metric.datatype = "uinteger"
metric.placeholder = "0"
metric.optional = true


mtu = section:taboption(
  "advanced",
  Value,
  "mtu",
  translate("MTU"),
  translate("Optional. Maximum Transmission Unit of tunnel interface.")
)
mtu.datatype = "range(1280,1423)"
mtu.placeholder = "1423"
mtu.optional = true


preshared_key = section:taboption(
  "advanced",
  Value,
  "preshared_key",
  translate("Preshared Key"),
  translate("Optional. Adds in an additional layer of symmetric-key " ..
            "cryptography for post-quantum resistance.")
)
preshared_key.password = true
preshared_key.datatype = "and(minlength(44),maxlength(44))"
preshared_key.optional = true


-- peers -----------------------------------------------------------------------

peers = map:section(
  TypedSection,
  "wireguard_" .. ifname,
  translate("Peers"),
  translate("Further information about WireGuard interfaces and peers " ..
            "at <a href=\"http://wireguard.io\">wireguard.io</a>.")
)
peers.template = "cbi/tsection"
peers.anonymous = true
peers.addremove = true


public_key = peers:option(
  Value,
  "public_key",
  translate("Public Key"),
  translate("Required. Public key of peer.")
)
public_key.datatype = "and(minlength(44),maxlength(44))"
public_key.optional = false


allowed_ips = peers:option(
  DynamicList,
  "allowed_ips",
  translate("Allowed IPs"),
  translate("Required. IP addresses and prefixes that this peer is allowed " ..
            "to use inside the tunnel. Routes will be added accordingly.")
)
allowed_ips.datatype = "or(ip6addr, ip4addr)"
allowed_ips.optional = false


route_allowed_ips = peers:option(
  Flag,
  "route_allowed_ips",
  translate("Route Allowed IPs"),
  translate("Optional. Create routes for Allowed IPs for this peer.")
)


endpoint_host = peers:option(
  Value,
  "endpoint_host",
  translate("Endpoint Host"),
  translate("Optional. Host of peer. Names are resolved " ..
            "prior to bringing up the interface."))
endpoint_host.placeholder = "vpn.example.com"
endpoint_host.datatype = "host"


endpoint_port = peers:option(
  Value,
  "endpoint_port",
  translate("Endpoint Port"),
  translate("Optional. Port of peer."))
endpoint_port.placeholder = "51820"
endpoint_port.datatype = "port"


persistent_keepalive = peers:option(
  Value,
  "persistent_keepalive",
  translate("Persistent Keep Alive"),
  translate("Optional. Seconds between keep alive messages. " ..
            "Default is 0 (disabled). Recommended value if " ..
            "this device is behind a NAT is 25."))
persistent_keepalive.datatype = "range(0, 65535)"
persistent_keepalive.placeholder = "0"