rc/friwall
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
73 commits 1 branch 0 tags 163 KiB
Commit graph

19 commits

Author SHA1 Message Date
Timotej Lazar 048195c45c Always combine IP set data with static network definitions from NetBox 
Before we relied on the combined data being present in ipsets.json
when generating a new config, but ipsets.json is only updated through
the form at /ipsets. So submitting any other form after changing
NetBox definitions might crash when trying to find an entry from
networks.json in ipsets.json.

Now we introduce a helper functon to always read both files and
combine the prefixes fron networks.json with ipsets.json. This way it
is not necessary to save a new ipsets.json before other changes.

Also don’t crash when enumerating networks for each VPN group.
 2024-08-14 11:25:07 +02:00
Timotej Lazar 3c25cbe88a vpn: add support for custom keys 
Custom keys are created by admin and specify networks directly,
bypassing AD permissions. They are intended to join managed devices
into networks where users are not allowed to create keys themselves.

Also comprehend a set directly.
 2024-07-31 09:43:32 +02:00
Timotej Lazar 1b26f0738a vpn: refactor key handling code 
Move JS code for listing, creating and deleting WG keys into a
separate file and improve it somewhat. Also the related Python code.
 2024-07-31 09:27:59 +02:00
Timotej Lazar cac7658566 Fix handling default settings 
If a setting has ben set to empty string, dict.get will return it and
not default argument. This is wrong when default is something else.
 2024-04-30 09:54:39 +02:00
Timotej Lazar f8d71b7b06 vpn: fix key name regex 2024-04-25 12:32:39 +02:00
Timotej Lazar a8abf580f9 vpn: assign an IPv6 subnet instead of a single address 
We are limited by the size of IPv4 pool (/18), so why not give
everyone an IPv4-internetful of IPv6 addresses.
 2023-12-12 19:26:55 +01:00
Timotej Lazar 85714f83b9 Warn about deleting key for active connection 2023-12-10 13:21:52 +01:00
Timotej Lazar ff2246df8c vpn: configure IPv6 addresses for WG clients 2023-12-08 17:12:37 +01:00
Timotej Lazar 32b182856d Set blueprint paths in main app 
Make blueprints more self-contained for no apparent reason.
 2023-12-04 09:46:37 +01:00
Timotej Lazar d2b08bf891 Simplify 2023-09-15 14:26:11 +02:00
Timotej Lazar d704202e6e Parametrize wg.conf template 2023-09-15 14:24:22 +02:00
Timotej Lazar f5af9eeb59 Rename a variable 2023-09-15 13:58:21 +02:00
Timotej Lazar a5df435931 Consolidate error handling 
Do or do not; there is no try. With some exceptions.
 2023-07-12 14:19:18 +02:00
Timotej Lazar dd607dbddd Add a nicer response for TimeoutError 2023-07-07 10:15:02 +02:00
Timotej Lazar 22cec64bef Simplify database locking 
Use a single lock for everything to ensure we don’t go inconsistent.
One exception is the firewall nodes table which is only accessed when
pushing updated config.
 2023-05-19 09:30:28 +02:00
Timotej Lazar 9476a28674 Rename “comment”→“name” in wg key config 2023-04-24 09:54:23 +02:00
Timotej Lazar a791e2bcdd Do not allocate wireguard server IP to clients 
It’s possible to avoid assigning any IP to the server but let’s not.
 2023-02-06 17:02:07 +01:00
Timotej Lazar 539c6ef739 Clean up imports 2023-01-26 16:28:36 +01:00
Timotej Lazar 113992f95b Make a squash 2023-01-26 10:51:51 +01:00