VPN: WireGuard - hook wireguard empty devices during bootup, using wi…

…reguard_devices() plugin system. This should make sure services and components, such as the firewall, are able to use the device before being setup. closes opnsense/core#6909 A minor modification was needed in wg-service-control.php to make sure a configure would be executed if wgX exists without configuration
opnsense · Oct 4, 2023 · a7a94cc · a7a94cc
1 parent 07b652f
commit a7a94cc
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/net/wireguard/src/etc/inc/plugins.inc.d/wireguard.inc b/net/wireguard/src/etc/inc/plugins.inc.d/wireguard.inc
@@ -100,7 +100,30 @@ function wireguard_xmlrpc_sync()
 
 function wireguard_devices()
 {
-    return [['pattern' => '^wg', 'volatile' => true]];
+    $names = [];
+    foreach ((new OPNsense\Wireguard\Server())->servers->server->iterateItems() as $key => $node) {
+        if (!empty((string)$node->enabled)) {
+            $names[(string)$node->interface] = [
+                'descr' => sprintf('%s (Wireguard - %s)', (string)$node->interface, (string)$node->name),
+                'ifdescr' => (string)$node->name,
+                'name' => (string)$node->interface
+            ];
+        }
+    }
+    return [[
+        'function' => 'wireguard_prepare', /* XXX only (empty) device creation */
+        'configurable' => false,
+        'pattern' => '^wg',
+        'type' => 'wireguard',
+        'volatile' => true,
+        'names' => $names,
+    ]];
+}
+
+function wireguard_prepare($device)
+{
+    mwexecf('/sbin/ifconfig wg create name %s', $device);
+    mwexecf('/sbin/ifconfig %s group wireguard', $device);
 }
 
 function wireguard_configure()

diff --git a/net/wireguard/src/opnsense/scripts/Wireguard/wg-service-control.php b/net/wireguard/src/opnsense/scripts/Wireguard/wg-service-control.php
@@ -225,7 +225,11 @@ function get_stat_hash($fhandle)
                     case 'configure':
                         if (
                             @md5_file($node->cnfFilename) != get_stat_hash($statHandle)['file'] ||
-                            !isset($ifdetails[(string)$node->interface])
+                            !isset($ifdetails[(string)$node->interface]) || (
+                                // Interface has been setup, but without configuration
+                                empty($ifdetails[(string)$node->interface]['ipv4']) &&
+                                empty($ifdetails[(string)$node->interface]['ipv6'])
+                            )
                         ) {
                             if (get_stat_hash($statHandle)['interface'] != wg_reconfigure_hash($node)) {
                                 // Fluent reloading not supported for this instance, make sure the user is informed