lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 16:14:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

wireguard: use syncconf in newwanip event

Browse Source 
setconf can fail for DNS resolution reasons.  It is being considered
a configuration parsing error so nothing gets set on the instance.
However, our code remembers that the instance was fully set up although
that is not the case.  The newwanip event was handling DNS renew but
does not understand that the configuration is not complete.

Replacing reresolve-dns.py by doing syncconf works, but this is used
as a cron-based script and likely does the job it is intended for.

Instead rehook the newwanip event into a simple syncconf invoke which
takes "more" time (according to the man page) but won't touch existing
peers being connected while still fixing any configuration mismatch
in the (possibly stale) instance.
This commit is contained in:
Franco Fichtner 2023-10-31 11:23:08 +01:00
parent 6f6284f32e
commit 07545a94d5
1 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/etc/inc/plugins.inc.d/wireguard.inc
View File

@ -144,7 +144,7 @@ function wireguard_prepare($device)
function wireguard_configure()
{
return [
'newwanip' => ['wireguard_renew:2'],
'newwanip' => ['wireguard_sync:2'],
'vpn' => ['wireguard_configure_do:2'],
];
}
@ -162,15 +162,32 @@ function wireguard_configure_do($verbose = false, $unused = '')
service_log("done.\n", $verbose);
}
function wireguard_renew($verbose = false, $unused = '')
function wireguard_sync($verbose = false, $unused = '')
{
if (!wireguard_enabled()) {
return;
}
service_log('Renewing WireGuard VPN...', $verbose);
$instances = [];
foreach ((new OPNsense\Wireguard\Server())->servers->server->iterateItems() as $node) {
if (!empty((string)$node->enabled)) {
$instances[(string)$node->interface] = (string)$node->cnfFilename;
}
}
configd_run('wireguard renew');
if (!count($instances)) {
return;
}
service_log('Synchronizing WireGuard VPN...', $verbose);
openlog('wireguard', LOG_ODELAY, LOG_AUTH);
foreach ($instances as $device => $config) {
mwexecf('/usr/bin/wg syncconf %s %s', [$device, $config]);
}
reopenlog();
service_log("done.\n", $verbose);
}