Commit graph

31 commits

Author SHA1 Message Date
Timotej Lazar 501a3745bb vpn: add default route for IPv6 in wg.conf template
Applied when selected during key creation. Cleave ::/0 in twain for the
whole thing sometimes works not.
2024-09-20 06:18:12 +02:00
Timotej Lazar 3c25cbe88a vpn: add support for custom keys
Custom keys are created by admin and specify networks directly,
bypassing AD permissions. They are intended to join managed devices
into networks where users are not allowed to create keys themselves.

Also comprehend a set directly.
2024-07-31 09:43:32 +02:00
Timotej Lazar 1b26f0738a vpn: refactor key handling code
Move JS code for listing, creating and deleting WG keys into a
separate file and improve it somewhat. Also the related Python code.
2024-07-31 09:27:59 +02:00
Timotej Lazar 25ee4e8a44 Improve rule management page
Address rules by name instead of index. Still problematic if the rules
are changed while someone is managing them, but with names it’s
more likely to just not work instead of enabling or disabling the
wrong rule.

Also prevent bringing down the whole network with a single click.
2024-05-29 11:10:31 +02:00
Timotej Lazar 0e9d1ce6f0 Add some words to templates
Also some tags. Also remove some other words and some other tags.
2024-05-02 23:33:13 +02:00
Timotej Lazar d123db4e64 Consolidate NAT and VPN settings into IP sets
I have tried every possible permutation and I think this is the one.

NetBox-managed IP prefixes are pushed with ansible to firewall master.
The managed prefixes are added to custom IP sets defined in the app,
but only NAT addresses and VPN groups can be configured for them.

This way all NAT and VPN policy is (again) configured in the app. Also
both NetBox-managed and user-defined networks are treated the same.

Also improve^Wtweak config generation. Also templates.
2024-04-30 20:57:46 +02:00
Timotej Lazar f8d71b7b06 vpn: fix key name regex 2024-04-25 12:32:39 +02:00
Timotej Lazar 2ebc87f308 firewall: tweak instructions some more 2024-04-24 10:29:49 +02:00
Timotej Lazar 880c6b4140 friwall: tweak instructions
For no particularly good reason.
2024-04-23 12:38:32 +02:00
Timotej Lazar 85714f83b9 Warn about deleting key for active connection 2023-12-10 13:21:52 +01:00
Timotej Lazar ff2246df8c vpn: configure IPv6 addresses for WG clients 2023-12-08 17:12:37 +01:00
Timotej Lazar c09410f731 Show allowed characters when creating new WG key 2023-10-03 11:38:07 +02:00
Timotej Lazar ea6ca9b55d Tweak HTML templates 2023-09-15 14:57:42 +02:00
Timotej Lazar d704202e6e Parametrize wg.conf template 2023-09-15 14:24:22 +02:00
Timotej Lazar 9dc0fbb4fe Switch to OIDC authentication 2023-09-07 11:46:57 +02:00
Timotej Lazar 5add39a8a7 Add form for editing ipsets 2023-07-24 16:43:57 +02:00
Timotej Lazar 8c824fe9e6 Improve admin settings page
The improvements are mostly cosmetic^Wquestionable.
2023-07-07 13:23:51 +02:00
Timotej Lazar dd607dbddd Add a nicer response for TimeoutError 2023-07-07 10:15:02 +02:00
Timotej Lazar 6b72316076 Add node status page 2023-07-07 10:13:55 +02:00
Timotej Lazar 5262c64244 Add form for editing NAT addresses 2023-07-07 08:20:35 +02:00
Timotej Lazar 8b8c675759 Rename networks.json to ipsets.json
Getting ready for some changes.
2023-07-06 16:28:15 +02:00
Timotej Lazar 1ff6c9d0d3 Tweak templates for editing and managing rules 2023-07-04 12:18:01 +02:00
Timotej Lazar 765d4a3ce7 Add support for managing forwarding rules 2023-05-29 12:24:21 +02:00
Timotej Lazar 9272b3f8e3 Improve landing page slightly 2023-05-19 09:00:01 +02:00
Timotej Lazar aeae0f8a29 Rework NAT settings again 2023-05-19 08:31:49 +02:00
Timotej Lazar 968a2736d2 Rework NAT settings
Support static NAT for L2 server networks. Also some other minor
tweaks.
2023-05-11 10:37:54 +02:00
Timotej Lazar 9476a28674 Rename “comment”→“name” in wg key config 2023-04-24 09:54:23 +02:00
Timotej Lazar f8c9341315 wg-fri.conf: keep standard AllowedIPs even when allowing all traffic
So it is easier to change later if needed.
2023-04-06 10:19:35 +02:00
Timotej Lazar 42b16c8ac5 Fix whitespace in wireguard config template 2023-02-06 16:58:59 +01:00
Timotej Lazar 3cf207047e Remove unimplemented DNAT settings
For now.
2023-01-26 16:28:32 +01:00
Timotej Lazar 113992f95b Make a squash 2023-01-26 10:51:51 +01:00