UniqueSoft/wireadmin
2
0
Fork 0
mirror of https://github.com/wireadmin/wireadmin synced 2025-02-26 05:48:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Initials support for WireGuard as Tor

Browse Source
This commit is contained in:
Shahrad Elahi 2023-09-26 06:26:03 +03:30
parent 1ba1d58897
commit 440a6189bd
4 changed files with 63 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config/torrc
View File

@ -0,0 +1,5 @@
VirtualAddrNetwork 10.192.0.0/10
SOCKSPort 9055
ControlPort 9051
DNSPort 10.8.0.1:53530
TransPort 10.8.0.1:9040

1
src/lib/redis.ts
View File

@ -8,3 +8,4 @@ export type RedisClient = typeof client;
export const WG_SEVER_PATH = `WG::SERVERS` export const WG_SEVER_PATH = `WG::SERVERS`

61
src/lib/wireguard.ts
View File

@ -39,17 +39,26 @@ export class WGServer {
console.error('server could not be updated (reason: not exists)') console.error('server could not be updated (reason: not exists)')
return false return false
} }
await this.stop(id) await this.stop(id)
await dropInterface(server.confId) await dropInterface(server.confId)
await fs.unlink(path.join(WG_PATH, `wg${server.confId}.conf`)).catch(() => null) await fs.unlink(path.join(WG_PATH, `wg${server.confId}.conf`))
.catch(() => null)
const index = await findServerIndex(id) const index = await findServerIndex(id)
console.log('index', index)
if (typeof index !== 'number') { if (typeof index !== 'number') {
console.warn('findServerIndex: index not found') console.warn('findServerIndex: index not found')
return true return true
} else {
await client.lrem(WG_SEVER_PATH, 1, JSON.stringify(server))
} }
const element = await client.lindex(WG_SEVER_PATH, index)
if (!element) {
console.warn('remove: element not found')
return true
}
await client.lrem(WG_SEVER_PATH, 1, element)
return true return true
} }
@ -342,7 +351,7 @@ export async function generateWgServer(config: {
const confId = await maxConfId() + 1 const confId = await maxConfId() + 1
const uuid = crypto.randomUUID() const uuid = crypto.randomUUID()
const server: WgServer = { let server: WgServer = {
id: uuid, id: uuid,
confId, confId,
type: config.type, type: config.type,
@ -375,6 +384,11 @@ export async function generateWgServer(config: {
throw new Error(`Port ${config.port} is already reserved!`) throw new Error(`Port ${config.port} is already reserved!`)
} }
// setting iptables
const iptables = await makeWgIptables(server)
server.postUp = iptables.up
server.postDown = iptables.down
// save server config // save server config
if (false !== config.insertDb) { if (false !== config.insertDb) {
await client.lpush(WG_SEVER_PATH, JSON.stringify(server)) await client.lpush(WG_SEVER_PATH, JSON.stringify(server))
@ -483,3 +497,40 @@ export async function findServer(id: string | undefined, hash?: string): Promise
hash && isJson(hash) ? servers.find((s) => JSON.stringify(s) === hash) : hash && isJson(hash) ? servers.find((s) => JSON.stringify(s) === hash) :
undefined undefined
} }
async function makeWgIptables(s: WgServer): Promise<{
up: string
down: string
}> {
const inet = Shell.exec('ip route | grep default | grep -oP "(?<=dev )[^ ]+"')
const wgAddress = `${s.address}/24`
const wgInet = `wg${s.confId}`
if (s.type === 'direct') {
const up = dynaJoin([
`iptables -t nat -A POSTROUTING -s ${wgAddress} -o ${inet} -j MASQUERADE`,
`iptables -A INPUT -p udp -m udp --dport ${s.listen} -j ACCEPT`,
`iptables -A INPUT -p tcp -m tcp --dport ${s.listen} -j ACCEPT`,
`iptables -A FORWARD -i ${wgInet} -j ACCEPT`,
`iptables -A FORWARD -o ${wgInet} -j ACCEPT`,
]).join('; ')
return { up, down: up.replace(/ -A /g, ' -D ') }
}
if (s.type === 'tor') {
const up = dynaJoin([
`iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT`,
`iptables -A INPUT -i ${wgInet} -m state --state NEW -j ACCEPT`,
`iptables -t nat -A PREROUTING -i ${wgInet} -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53530`,
`iptables -t nat -A PREROUTING -i ${wgInet} -p tcp -j DNAT --to-destination 127.0.0.1:9040`,
`iptables -t nat -A PREROUTING -i ${wgInet} -p udp -j DNAT --to-destination 127.0.0.1:9040`,
`iptables -t nat -A OUTPUT -o lo -j RETURN`,
`iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP`,
`iptables -A OUTPUT -m state --state INVALID -j DROP`,
`iptables -A OUTPUT ! -o lo ! -d 127.0.0.1 ! -s 127.0.0.1 -p tcp -m tcp --tcp-flags ACK,FIN ACK,FIN -j DROP`,
]).join('; ')
return { up, down: up.replace(/-A/g, '-D') }
}
return { up: '', down: '' }
}

2
src/ui/Modal/CreateServerModal.tsx
View File

@ -150,7 +150,7 @@ const CreateServerModal = React.forwardRef<
onChange={(v) => setType(v as any)} onChange={(v) => setType(v as any)}
options={[ options={[
{ label: 'Direct', value: 'direct', icon: <i className={'fal fa-arrows-left-right-to-line'} /> }, { label: 'Direct', value: 'direct', icon: <i className={'fal fa-arrows-left-right-to-line'} /> },
{ label: 'Tor', value: 'tor', icon: <TorOnion />, disabled: true } { label: 'Tor', value: 'tor', icon: <TorOnion width={18} height={18} /> }
]} ]}
/> />
</Form.Item> </Form.Item>