Timotej Lazar
501a3745bb
vpn: add default route for IPv6 in wg.conf template
...
Applied when selected during key creation. Cleave ::/0 in twain for the
whole thing sometimes works not.
2024-09-20 06:18:12 +02:00
Timotej Lazar
3c25cbe88a
vpn: add support for custom keys
...
Custom keys are created by admin and specify networks directly,
bypassing AD permissions. They are intended to join managed devices
into networks where users are not allowed to create keys themselves.
Also comprehend a set directly.
2024-07-31 09:43:32 +02:00
Timotej Lazar
1b26f0738a
vpn: refactor key handling code
...
Move JS code for listing, creating and deleting WG keys into a
separate file and improve it somewhat. Also the related Python code.
2024-07-31 09:27:59 +02:00
Timotej Lazar
25ee4e8a44
Improve rule management page
...
Address rules by name instead of index. Still problematic if the rules
are changed while someone is managing them, but with names it’s
more likely to just not work instead of enabling or disabling the
wrong rule.
Also prevent bringing down the whole network with a single click.
2024-05-29 11:10:31 +02:00
Timotej Lazar
0e9d1ce6f0
Add some words to templates
...
Also some tags. Also remove some other words and some other tags.
2024-05-02 23:33:13 +02:00
Timotej Lazar
d123db4e64
Consolidate NAT and VPN settings into IP sets
...
I have tried every possible permutation and I think this is the one.
NetBox-managed IP prefixes are pushed with ansible to firewall master.
The managed prefixes are added to custom IP sets defined in the app,
but only NAT addresses and VPN groups can be configured for them.
This way all NAT and VPN policy is (again) configured in the app. Also
both NetBox-managed and user-defined networks are treated the same.
Also improve^Wtweak config generation. Also templates.
2024-04-30 20:57:46 +02:00
Timotej Lazar
f8d71b7b06
vpn: fix key name regex
2024-04-25 12:32:39 +02:00
Timotej Lazar
2ebc87f308
firewall: tweak instructions some more
2024-04-24 10:29:49 +02:00
Timotej Lazar
880c6b4140
friwall: tweak instructions
...
For no particularly good reason.
2024-04-23 12:38:32 +02:00
Timotej Lazar
85714f83b9
Warn about deleting key for active connection
2023-12-10 13:21:52 +01:00
Timotej Lazar
ff2246df8c
vpn: configure IPv6 addresses for WG clients
2023-12-08 17:12:37 +01:00
Timotej Lazar
c09410f731
Show allowed characters when creating new WG key
2023-10-03 11:38:07 +02:00
Timotej Lazar
ea6ca9b55d
Tweak HTML templates
2023-09-15 14:57:42 +02:00
Timotej Lazar
d704202e6e
Parametrize wg.conf template
2023-09-15 14:24:22 +02:00
Timotej Lazar
9dc0fbb4fe
Switch to OIDC authentication
2023-09-07 11:46:57 +02:00
Timotej Lazar
5add39a8a7
Add form for editing ipsets
2023-07-24 16:43:57 +02:00
Timotej Lazar
8c824fe9e6
Improve admin settings page
...
The improvements are mostly cosmetic^Wquestionable.
2023-07-07 13:23:51 +02:00
Timotej Lazar
dd607dbddd
Add a nicer response for TimeoutError
2023-07-07 10:15:02 +02:00
Timotej Lazar
6b72316076
Add node status page
2023-07-07 10:13:55 +02:00
Timotej Lazar
5262c64244
Add form for editing NAT addresses
2023-07-07 08:20:35 +02:00
Timotej Lazar
8b8c675759
Rename networks.json to ipsets.json
...
Getting ready for some changes.
2023-07-06 16:28:15 +02:00
Timotej Lazar
1ff6c9d0d3
Tweak templates for editing and managing rules
2023-07-04 12:18:01 +02:00
Timotej Lazar
765d4a3ce7
Add support for managing forwarding rules
2023-05-29 12:24:21 +02:00
Timotej Lazar
9272b3f8e3
Improve landing page slightly
2023-05-19 09:00:01 +02:00
Timotej Lazar
aeae0f8a29
Rework NAT settings again
2023-05-19 08:31:49 +02:00
Timotej Lazar
968a2736d2
Rework NAT settings
...
Support static NAT for L2 server networks. Also some other minor
tweaks.
2023-05-11 10:37:54 +02:00
Timotej Lazar
9476a28674
Rename “comment”→“name” in wg key config
2023-04-24 09:54:23 +02:00
Timotej Lazar
f8c9341315
wg-fri.conf: keep standard AllowedIPs even when allowing all traffic
...
So it is easier to change later if needed.
2023-04-06 10:19:35 +02:00
Timotej Lazar
42b16c8ac5
Fix whitespace in wireguard config template
2023-02-06 16:58:59 +01:00
Timotej Lazar
3cf207047e
Remove unimplemented DNAT settings
...
For now.
2023-01-26 16:28:32 +01:00
Timotej Lazar
113992f95b
Make a squash
2023-01-26 10:51:51 +01:00