improve client mode, todo: migrate peers (new db schema)

2025-08-25 14:31:14 +00:00 · 2021-04-05 20:00:11 +02:00
parent 39166250ea
commit ba768dd2c3
8 changed files with 43 additions and 79 deletions
--- a/internal/server/configuration.go
+++ b/internal/server/configuration.go
@@ -106,7 +106,7 @@ func NewConfig() *Config {
 	cfg.LDAP.DisabledAttribute = "userAccountControl"
 	cfg.LDAP.AdminLdapGroup = "CN=WireGuardAdmins,OU=_O_IT,DC=COMPANY,DC=LOCAL"

-	cfg.WG.DeviceNames = []string{"wg0"}
+	cfg.WG.DeviceNames = []string{"wg0", "wg1"}
 	cfg.WG.DefaultDeviceName = "wg0"
 	cfg.WG.ConfigDirectoryPath = "/etc/wireguard"
 	cfg.WG.ManageIPAddresses = true
--- a/internal/server/handlers_interface.go
+++ b/internal/server/handlers_interface.go
@@ -162,7 +162,6 @@ func (s *Server) GetApplyGlobalConfig(c *gin.Context) {
 		peer.PersistentKeepalive = device.DefaultPersistentKeepalive
 		peer.DNSStr = device.DNSStr
 		peer.Mtu = device.Mtu
-		peer.EndpointPublicKey = device.PublicKey

 		if err := s.peers.UpdatePeer(peer); err != nil {
 			SetFlashMessage(c, err.Error(), "danger")
--- a/internal/server/server_helper.go
+++ b/internal/server/server_helper.go
@@ -23,37 +23,37 @@ func (s *Server) PrepareNewPeer(device string) (wireguard.Peer, error) {

 	peer := wireguard.Peer{}
 	peer.IsNew = true
-	peerIPs := make([]string, len(deviceIPs))
-	for i := range deviceIPs {
-		freeIP, err := s.peers.GetAvailableIp(device, deviceIPs[i])
-		if err != nil {
-			return wireguard.Peer{}, errors.WithMessage(err, "failed to get available IP addresses")
-		}
-		peerIPs[i] = freeIP
-	}
-	peer.SetIPAddresses(peerIPs...)
-	psk, err := wgtypes.GenerateKey()
-	if err != nil {
-		return wireguard.Peer{}, errors.Wrap(err, "failed to generate key")
-	}
-	key, err := wgtypes.GeneratePrivateKey()
-	if err != nil {
-		return wireguard.Peer{}, errors.Wrap(err, "failed to generate private key")
-	}
-	peer.PresharedKey = psk.String()
-	peer.PrivateKey = key.String()
-	peer.PublicKey = key.PublicKey().String()
-	peer.UID = fmt.Sprintf("u%x", md5.Sum([]byte(peer.PublicKey)))

 	switch dev.Type {
 	case wireguard.DeviceTypeServer:
-		peer.EndpointPublicKey = dev.PublicKey
+		peerIPs := make([]string, len(deviceIPs))
+		for i := range deviceIPs {
+			freeIP, err := s.peers.GetAvailableIp(device, deviceIPs[i])
+			if err != nil {
+				return wireguard.Peer{}, errors.WithMessage(err, "failed to get available IP addresses")
+			}
+			peerIPs[i] = freeIP
+		}
+		peer.SetIPAddresses(peerIPs...)
+		psk, err := wgtypes.GenerateKey()
+		if err != nil {
+			return wireguard.Peer{}, errors.Wrap(err, "failed to generate key")
+		}
+		key, err := wgtypes.GeneratePrivateKey()
+		if err != nil {
+			return wireguard.Peer{}, errors.Wrap(err, "failed to generate private key")
+		}
+		peer.PresharedKey = psk.String()
+		peer.PrivateKey = key.String()
+		peer.PublicKey = key.PublicKey().String()
+		peer.UID = fmt.Sprintf("u%x", md5.Sum([]byte(peer.PublicKey)))
 		peer.Endpoint = dev.DefaultEndpoint
 		peer.DNSStr = dev.DNSStr
 		peer.PersistentKeepalive = dev.DefaultPersistentKeepalive
 		peer.AllowedIPsStr = dev.DefaultAllowedIPsStr
 		peer.Mtu = dev.Mtu
 	case wireguard.DeviceTypeClient:
+		peer.UID = "newendpoint"
 	}

 	return peer, nil
@@ -90,7 +90,7 @@ func (s *Server) CreatePeer(device string, peer wireguard.Peer) error {
 	peerIPs := peer.GetIPAddresses()

 	peer.AllowedIPsStr = dev.DefaultAllowedIPsStr
-	if len(peerIPs) == 0 {
+	if len(peerIPs) == 0 && dev.Type == wireguard.DeviceTypeServer {
 		peerIPs = make([]string, len(deviceIPs))
 		for i := range deviceIPs {
 			freeIP, err := s.peers.GetAvailableIp(device, deviceIPs[i])
@@ -101,7 +101,7 @@ func (s *Server) CreatePeer(device string, peer wireguard.Peer) error {
 		}
 		peer.SetIPAddresses(peerIPs...)
 	}
-	if peer.PrivateKey == "" { // if private key is empty create a new one
+	if peer.PrivateKey == "" && dev.Type == wireguard.DeviceTypeServer { // if private key is empty create a new one
 		psk, err := wgtypes.GenerateKey()
 		if err != nil {
 			return errors.Wrap(err, "failed to generate key")
@@ -141,12 +141,7 @@ func (s *Server) UpdatePeer(peer wireguard.Peer, updateTime time.Time) error {
 	var err error
 	switch {
 	case peer.DeactivatedAt != nil && *peer.DeactivatedAt == updateTime:
-		switch dev.Type {
-		case wireguard.DeviceTypeServer:
-			err = s.wg.RemovePeer(peer.DeviceName, peer.PublicKey)
-		case wireguard.DeviceTypeClient:
-			err = s.wg.RemovePeer(peer.DeviceName, peer.EndpointPublicKey)
-		}
+		err = s.wg.RemovePeer(peer.DeviceName, peer.PublicKey)
 	case peer.DeactivatedAt == nil && currentPeer.Peer != nil:
 		err = s.wg.UpdatePeer(peer.DeviceName, peer.GetConfig(&dev))
 	case peer.DeactivatedAt == nil && currentPeer.Peer == nil:
@@ -156,6 +151,8 @@ func (s *Server) UpdatePeer(peer wireguard.Peer, updateTime time.Time) error {
 		return errors.WithMessage(err, "failed to update WireGuard peer")
 	}

+	peer.UID = fmt.Sprintf("u%x", md5.Sum([]byte(peer.PublicKey)))
+
 	// Update in database
 	if err := s.peers.UpdatePeer(peer); err != nil {
 		return errors.WithMessage(err, "failed to update peer")
@@ -166,18 +163,8 @@ func (s *Server) UpdatePeer(peer wireguard.Peer, updateTime time.Time) error {

 // DeletePeer removes the peer from the physical WireGuard interface and the database.
 func (s *Server) DeletePeer(peer wireguard.Peer) error {
-	dev := s.peers.GetDevice(peer.DeviceName)
-
-	var publicKey string
-	switch dev.Type {
-	case wireguard.DeviceTypeServer:
-		publicKey = peer.PublicKey
-	case wireguard.DeviceTypeClient:
-		publicKey = peer.EndpointPublicKey
-	}
-
 	// Delete WireGuard peer
-	if err := s.wg.RemovePeer(peer.DeviceName, publicKey); err != nil {
+	if err := s.wg.RemovePeer(peer.DeviceName, peer.PublicKey); err != nil {
 		return errors.WithMessage(err, "failed to remove WireGuard peer")
 	}