mirror of
https://github.com/amnezia-vpn/amnezia-client.git
synced 2026-05-08 14:33:23 +00:00
Compare commits
8 Commits
bugfix/pre
...
feature/ne
| Author | SHA1 | Date | |
|---|---|---|---|
|
f309a358c3 | ||
|
|
be0ec37738 | ||
|
|
179c6093ce | ||
|
|
10933ce466 | ||
|
|
cd9cdd24ec | ||
|
|
144ed3c988 | ||
|
|
e046b6df04 | ||
|
|
548959752c |
@@ -13,26 +13,29 @@
|
||||
#include <openssl/x509.h>
|
||||
|
||||
#include "containers/containers_defs.h"
|
||||
#include "core/controllers/serverController.h"
|
||||
#include "core/scripts_registry.h"
|
||||
#include "core/server_defs.h"
|
||||
#include "core/controllers/serverController.h"
|
||||
#include "settings.h"
|
||||
#include "utilities.h"
|
||||
|
||||
WireguardConfigurator::WireguardConfigurator(std::shared_ptr<Settings> settings, bool isAwg, QObject *parent)
|
||||
: ConfiguratorBase(settings, parent), m_isAwg(isAwg)
|
||||
{
|
||||
m_serverConfigPath = m_isAwg ? amnezia::protocols::awg::serverConfigPath
|
||||
: amnezia::protocols::wireguard::serverConfigPath;
|
||||
m_serverPublicKeyPath = m_isAwg ? amnezia::protocols::awg::serverPublicKeyPath
|
||||
: amnezia::protocols::wireguard::serverPublicKeyPath;
|
||||
m_serverPskKeyPath = m_isAwg ? amnezia::protocols::awg::serverPskKeyPath
|
||||
: amnezia::protocols::wireguard::serverPskKeyPath;
|
||||
m_configTemplate = m_isAwg ? ProtocolScriptType::awg_template
|
||||
: ProtocolScriptType::wireguard_template;
|
||||
m_serverConfigPath =
|
||||
m_isAwg ? amnezia::protocols::awg::serverConfigPath : amnezia::protocols::wireguard::serverConfigPath;
|
||||
m_serverPublicKeyPath =
|
||||
m_isAwg ? amnezia::protocols::awg::serverPublicKeyPath : amnezia::protocols::wireguard::serverPublicKeyPath;
|
||||
m_serverPskKeyPath =
|
||||
m_isAwg ? amnezia::protocols::awg::serverPskKeyPath : amnezia::protocols::wireguard::serverPskKeyPath;
|
||||
m_configTemplate = m_isAwg ? ProtocolScriptType::awg_template : ProtocolScriptType::wireguard_template;
|
||||
|
||||
m_protocolName = m_isAwg ? config_key::awg : config_key::wireguard;
|
||||
m_defaultPort = m_isAwg ? protocols::wireguard::defaultPort : protocols::awg::defaultPort;
|
||||
|
||||
m_interfaceName = m_isAwg ? protocols::awg::interfaceName : protocols::wireguard::interfaceName;
|
||||
m_wgBinaryName = m_isAwg ? protocols::awg::wgBinaryName : protocols::wireguard::wgBinaryName;
|
||||
m_wgQuickBinaryName = m_isAwg ? protocols::awg::wgQuickBinaryName : protocols::wireguard::wgQuickBinaryName;
|
||||
}
|
||||
|
||||
WireguardConfigurator::ConnectionData WireguardConfigurator::genClientKeys()
|
||||
@@ -84,6 +87,20 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
|
||||
ErrorCode e = ErrorCode::NoError;
|
||||
ServerController serverController(m_settings);
|
||||
|
||||
if (container == DockerContainer::Awg) {
|
||||
if (serverController.isNewAwgContainer(credentials)) {
|
||||
m_serverConfigPath = amnezia::protocols::awg::serverConfigPath;
|
||||
m_interfaceName = protocols::awg::interfaceName;
|
||||
m_wgBinaryName = protocols::awg::wgBinaryName;
|
||||
m_wgQuickBinaryName = protocols::awg::wgQuickBinaryName;
|
||||
} else {
|
||||
m_serverConfigPath = "/opt/amnezia/awg/wg0.conf";
|
||||
m_interfaceName = protocols::wireguard::interfaceName;
|
||||
m_wgBinaryName = protocols::wireguard::wgBinaryName;
|
||||
m_wgQuickBinaryName = protocols::wireguard::wgQuickBinaryName;
|
||||
}
|
||||
}
|
||||
|
||||
// Get list of already created clients (only IP addresses)
|
||||
QString nextIpNumber;
|
||||
{
|
||||
@@ -167,8 +184,8 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
|
||||
return connData;
|
||||
}
|
||||
|
||||
QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'")
|
||||
.arg(m_serverConfigPath);
|
||||
QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c '%4 syncconf %2 <(%3 strip %1)'")
|
||||
.arg(m_serverConfigPath, m_interfaceName, m_wgQuickBinaryName, m_wgBinaryName);
|
||||
|
||||
e = serverController.runScript(
|
||||
credentials, serverController.replaceVars(script, serverController.genVarsForScript(credentials, container)));
|
||||
@@ -177,7 +194,8 @@ WireguardConfigurator::ConnectionData WireguardConfigurator::prepareWireguardCon
|
||||
}
|
||||
|
||||
QString WireguardConfigurator::genWireguardConfig(const ServerCredentials &credentials, DockerContainer container,
|
||||
const QJsonObject &containerConfig, QString &clientId, ErrorCode *errorCode)
|
||||
const QJsonObject &containerConfig, QString &clientId,
|
||||
ErrorCode *errorCode)
|
||||
{
|
||||
ServerController serverController(m_settings);
|
||||
QString scriptData = amnezia::scriptData(m_configTemplate, container);
|
||||
|
||||
@@ -44,6 +44,9 @@ private:
|
||||
amnezia::ProtocolScriptType m_configTemplate;
|
||||
QString m_protocolName;
|
||||
QString m_defaultPort;
|
||||
QString m_interfaceName;
|
||||
QString m_wgBinaryName;
|
||||
QString m_wgQuickBinaryName;
|
||||
};
|
||||
|
||||
#endif // WIREGUARD_CONFIGURATOR_H
|
||||
|
||||
@@ -855,7 +855,16 @@ ErrorCode ServerController::getAlreadyInstalledContainers(const ServerCredential
|
||||
containerConfig.insert(config_key::transport_proto, transportProto);
|
||||
|
||||
if (protocol == Proto::Awg) {
|
||||
QString serverConfig = getTextFileFromContainer(container, credentials, protocols::awg::serverConfigPath, &errorCode);
|
||||
QString serverConfigPath;
|
||||
if (container == DockerContainer::Awg) {
|
||||
if (isNewAwgContainer(credentials)) {
|
||||
serverConfigPath = amnezia::protocols::awg::serverConfigPath;
|
||||
} else {
|
||||
serverConfigPath = "/opt/amnezia/awg/wg0.conf";
|
||||
}
|
||||
}
|
||||
|
||||
QString serverConfig = getTextFileFromContainer(container, credentials, serverConfigPath, &errorCode);
|
||||
|
||||
QMap<QString, QString> serverConfigMap;
|
||||
auto serverConfigLines = serverConfig.split("\n");
|
||||
@@ -960,3 +969,24 @@ ErrorCode ServerController::getDecryptedPrivateKey(const ServerCredentials &cred
|
||||
auto error = m_sshClient.getDecryptedPrivateKey(credentials, decryptedPrivateKey, callback);
|
||||
return error;
|
||||
}
|
||||
|
||||
bool ServerController::isNewAwgContainer(const ServerCredentials &credentials)
|
||||
{
|
||||
QString stdOut;
|
||||
auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
|
||||
stdOut += data + "\n";
|
||||
return ErrorCode::NoError;
|
||||
};
|
||||
|
||||
auto cbReadStdErr = [&](const QString &data, libssh::Client &) {
|
||||
stdOut += data + "\n";
|
||||
return ErrorCode::NoError;
|
||||
};
|
||||
|
||||
QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c 'type awg'");
|
||||
|
||||
runScript(credentials, replaceVars(script, genVarsForScript(credentials, DockerContainer::Awg)), cbReadStdOut, cbReadStdErr);
|
||||
|
||||
return stdOut.contains("/usr/bin/awg");
|
||||
|
||||
}
|
||||
|
||||
@@ -62,6 +62,8 @@ public:
|
||||
ErrorCode getDecryptedPrivateKey(const ServerCredentials &credentials, QString &decryptedPrivateKey,
|
||||
const std::function<QString()> &callback);
|
||||
|
||||
bool isNewAwgContainer(const ServerCredentials &credentials);
|
||||
|
||||
private:
|
||||
ErrorCode installDockerWorker(const ServerCredentials &credentials, DockerContainer container);
|
||||
ErrorCode prepareHostWorker(const ServerCredentials &credentials, DockerContainer container,
|
||||
|
||||
@@ -152,6 +152,9 @@ namespace amnezia
|
||||
constexpr char serverPublicKeyPath[] = "/opt/amnezia/wireguard/wireguard_server_public_key.key";
|
||||
constexpr char serverPskKeyPath[] = "/opt/amnezia/wireguard/wireguard_psk.key";
|
||||
|
||||
constexpr char interfaceName[] = "wg0";
|
||||
constexpr char wgBinaryName[] = "wg";
|
||||
constexpr char wgQuickBinaryName[] = "wg-quick";
|
||||
}
|
||||
|
||||
namespace sftp
|
||||
@@ -164,7 +167,7 @@ namespace amnezia
|
||||
{
|
||||
constexpr char defaultPort[] = "55424";
|
||||
|
||||
constexpr char serverConfigPath[] = "/opt/amnezia/awg/wg0.conf";
|
||||
constexpr char serverConfigPath[] = "/opt/amnezia/awg/awg0.conf";
|
||||
constexpr char serverPublicKeyPath[] = "/opt/amnezia/awg/wireguard_server_public_key.key";
|
||||
constexpr char serverPskKeyPath[] = "/opt/amnezia/awg/wireguard_psk.key";
|
||||
|
||||
@@ -177,6 +180,10 @@ namespace amnezia
|
||||
constexpr char defaultResponsePacketMagicHeader[] = "3288052141";
|
||||
constexpr char defaultTransportPacketMagicHeader[] = "2528465083";
|
||||
constexpr char defaultUnderloadPacketMagicHeader[] = "1766607858";
|
||||
|
||||
constexpr char interfaceName[] = "awg0";
|
||||
constexpr char wgBinaryName[] = "awg";
|
||||
constexpr char wgQuickBinaryName[] = "awg-quick";
|
||||
}
|
||||
|
||||
} // namespace protocols
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM amneziavpn/amnezia-wg:latest
|
||||
FROM amneziavpn/amneziawg-go:latest
|
||||
|
||||
LABEL maintainer="AmneziaVPN"
|
||||
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
mkdir -p /opt/amnezia/awg
|
||||
cd /opt/amnezia/awg
|
||||
WIREGUARD_SERVER_PRIVATE_KEY=$(wg genkey)
|
||||
WIREGUARD_SERVER_PRIVATE_KEY=$(awg genkey)
|
||||
echo $WIREGUARD_SERVER_PRIVATE_KEY > /opt/amnezia/awg/wireguard_server_private_key.key
|
||||
|
||||
WIREGUARD_SERVER_PUBLIC_KEY=$(echo $WIREGUARD_SERVER_PRIVATE_KEY | wg pubkey)
|
||||
WIREGUARD_SERVER_PUBLIC_KEY=$(echo $WIREGUARD_SERVER_PRIVATE_KEY | awg pubkey)
|
||||
echo $WIREGUARD_SERVER_PUBLIC_KEY > /opt/amnezia/awg/wireguard_server_public_key.key
|
||||
|
||||
WIREGUARD_PSK=$(wg genpsk)
|
||||
WIREGUARD_PSK=$(awg genpsk)
|
||||
echo $WIREGUARD_PSK > /opt/amnezia/awg/wireguard_psk.key
|
||||
|
||||
cat > /opt/amnezia/awg/wg0.conf <<EOF
|
||||
cat > /opt/amnezia/awg/awg0.conf <<EOF
|
||||
[Interface]
|
||||
PrivateKey = $WIREGUARD_SERVER_PRIVATE_KEY
|
||||
Address = $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR
|
||||
|
||||
@@ -6,19 +6,19 @@ echo "Container startup"
|
||||
#ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up
|
||||
|
||||
# kill daemons in case of restart
|
||||
wg-quick down /opt/amnezia/awg/wg0.conf
|
||||
awg-quick down /opt/amnezia/awg/awg0.conf
|
||||
|
||||
# start daemons if configured
|
||||
if [ -f /opt/amnezia/awg/wg0.conf ]; then (wg-quick up /opt/amnezia/awg/wg0.conf); fi
|
||||
if [ -f /opt/amnezia/awg/awg0.conf ]; then (awg-quick up /opt/amnezia/awg/awg0.conf); fi
|
||||
|
||||
# Allow traffic on the TUN interface.
|
||||
iptables -A INPUT -i wg0 -j ACCEPT
|
||||
iptables -A FORWARD -i wg0 -j ACCEPT
|
||||
iptables -A OUTPUT -o wg0 -j ACCEPT
|
||||
iptables -A INPUT -i awg0 -j ACCEPT
|
||||
iptables -A FORWARD -i awg0 -j ACCEPT
|
||||
iptables -A OUTPUT -o awg0 -j ACCEPT
|
||||
|
||||
# Allow forwarding traffic only from the VPN.
|
||||
iptables -A FORWARD -i wg0 -o eth0 -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
|
||||
iptables -A FORWARD -i wg0 -o eth1 -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
|
||||
iptables -A FORWARD -i awg0 -o eth0 -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
|
||||
iptables -A FORWARD -i awg0 -o eth1 -s $WIREGUARD_SUBNET_IP/$WIREGUARD_SUBNET_CIDR -j ACCEPT
|
||||
|
||||
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
|
||||
|
||||
@@ -10,7 +10,8 @@ namespace
|
||||
{
|
||||
Logger logger("ClientManagementModel");
|
||||
|
||||
namespace configKey {
|
||||
namespace configKey
|
||||
{
|
||||
constexpr char clientId[] = "clientId";
|
||||
constexpr char clientName[] = "clientName";
|
||||
constexpr char container[] = "container";
|
||||
@@ -61,7 +62,6 @@ void ClientManagementModel::migration(const QByteArray &clientsTableString)
|
||||
|
||||
m_clientsTable.push_back(client);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
ErrorCode ClientManagementModel::updateModel(DockerContainer container, ServerCredentials credentials)
|
||||
@@ -121,7 +121,8 @@ ErrorCode ClientManagementModel::updateModel(DockerContainer container, ServerCr
|
||||
return error;
|
||||
}
|
||||
|
||||
ErrorCode ClientManagementModel::getOpenVpnClients(ServerController &serverController, DockerContainer container, ServerCredentials credentials, int &count)
|
||||
ErrorCode ClientManagementModel::getOpenVpnClients(ServerController &serverController, DockerContainer container,
|
||||
ServerCredentials credentials, int &count)
|
||||
{
|
||||
ErrorCode error = ErrorCode::NoError;
|
||||
QString stdOut;
|
||||
@@ -163,12 +164,13 @@ ErrorCode ClientManagementModel::getOpenVpnClients(ServerController &serverContr
|
||||
return error;
|
||||
}
|
||||
|
||||
ErrorCode ClientManagementModel::getWireGuardClients(ServerController &serverController, DockerContainer container, ServerCredentials credentials, int &count)
|
||||
ErrorCode ClientManagementModel::getWireGuardClients(ServerController &serverController, DockerContainer container,
|
||||
ServerCredentials credentials, int &count)
|
||||
{
|
||||
ErrorCode error = ErrorCode::NoError;
|
||||
|
||||
const QString wireGuardConfigFile =
|
||||
QString("opt/amnezia/%1/wg0.conf").arg(container == DockerContainer::WireGuard ? "wireguard" : "awg");
|
||||
const QString wireGuardConfigFile = DockerContainer::WireGuard ? amnezia::protocols::wireguard::serverConfigPath
|
||||
: amnezia::protocols::awg::serverConfigPath;
|
||||
const QString wireguardConfigString =
|
||||
serverController.getTextFileFromContainer(container, credentials, wireGuardConfigFile, &error);
|
||||
if (error != ErrorCode::NoError) {
|
||||
@@ -314,13 +316,16 @@ ErrorCode ClientManagementModel::revokeClient(const int row, const DockerContain
|
||||
QJsonArray containers = server.value(config_key::containers).toArray();
|
||||
for (auto i = 0; i < containers.size(); i++) {
|
||||
auto containerConfig = containers.at(i).toObject();
|
||||
auto containerType = ContainerProps::containerFromString(containerConfig.value(config_key::container).toString());
|
||||
auto containerType =
|
||||
ContainerProps::containerFromString(containerConfig.value(config_key::container).toString());
|
||||
if (containerType == container) {
|
||||
QJsonObject protocolConfig;
|
||||
if (container == DockerContainer::ShadowSocks || container == DockerContainer::Cloak) {
|
||||
protocolConfig = containerConfig.value(ContainerProps::containerTypeToString(DockerContainer::OpenVpn)).toObject();
|
||||
protocolConfig =
|
||||
containerConfig.value(ContainerProps::containerTypeToString(DockerContainer::OpenVpn)).toObject();
|
||||
} else {
|
||||
protocolConfig = containerConfig.value(ContainerProps::containerTypeToString(containerType)).toObject();
|
||||
protocolConfig =
|
||||
containerConfig.value(ContainerProps::containerTypeToString(containerType)).toObject();
|
||||
}
|
||||
|
||||
if (protocolConfig.value(config_key::last_config).toString().contains(clientId)) {
|
||||
@@ -379,8 +384,17 @@ ErrorCode ClientManagementModel::revokeWireGuard(const int row, const DockerCont
|
||||
ErrorCode error;
|
||||
ServerController serverController(m_settings);
|
||||
|
||||
const QString wireGuardConfigFile =
|
||||
QString("/opt/amnezia/%1/wg0.conf").arg(container == DockerContainer::WireGuard ? "wireguard" : "awg");
|
||||
QString wireGuardConfigFile;
|
||||
if (container == DockerContainer::Awg) {
|
||||
if (serverController.isNewAwgContainer(credentials)) {
|
||||
wireGuardConfigFile = amnezia::protocols::awg::serverConfigPath;
|
||||
} else {
|
||||
wireGuardConfigFile = "/opt/amnezia/awg/wg0.conf";
|
||||
}
|
||||
} else {
|
||||
wireGuardConfigFile = amnezia::protocols::wireguard::serverConfigPath;
|
||||
}
|
||||
|
||||
const QString wireguardConfigString =
|
||||
serverController.getTextFileFromContainer(container, credentials, wireGuardConfigFile, &error);
|
||||
if (error != ErrorCode::NoError) {
|
||||
@@ -425,7 +439,13 @@ ErrorCode ClientManagementModel::revokeWireGuard(const int row, const DockerCont
|
||||
return error;
|
||||
}
|
||||
|
||||
const QString script = "sudo docker exec -i $CONTAINER_NAME bash -c 'wg syncconf wg0 <(wg-quick strip %1)'";
|
||||
QString interfaceName =
|
||||
DockerContainer::WireGuard ? protocols::wireguard::interfaceName : protocols::awg::interfaceName;
|
||||
QString wgBinaryName = DockerContainer::WireGuard ? protocols::wireguard::wgBinaryName : protocols::awg::wgBinaryName;
|
||||
QString wgQuickBinaryName =
|
||||
DockerContainer::WireGuard ? protocols::wireguard::wgQuickBinaryName : protocols::awg::wgQuickBinaryName;
|
||||
QString script = QString("sudo docker exec -i $CONTAINER_NAME bash -c '%4 syncconf %2 <(%3 strip %1)'")
|
||||
.arg(wireGuardConfigFile, interfaceName, wgQuickBinaryName, wgBinaryName);
|
||||
error = serverController.runScript(
|
||||
credentials,
|
||||
serverController.replaceVars(script.arg(wireGuardConfigFile),
|
||||
|
||||
Reference in New Issue
Block a user