diff --git a/wirescale/communications/systemd.py b/wirescale/communications/systemd.py index e5d6af9..a3a257b 100644 --- a/wirescale/communications/systemd.py +++ b/wirescale/communications/systemd.py @@ -33,6 +33,8 @@ def __init__(self): self.remote_interface: str = None self.remote_local_port: int = None self.iptables_accept: bool = None + self.iptables_forward: bool = None + self.iptables_masquerade: bool = None self.recover_tries: int = None self.recreate_tries: int = None @@ -53,8 +55,10 @@ def create_from_autoremove(cls, unit: str) -> 'Systemd': res.remote_interface = args[11] res.remote_local_port = int(args[12]) res.iptables_accept = bool(int(args[13])) - res.recover_tries = int(args[14]) - res.recreate_tries = int(args[15]) + res.iptables_forward = bool(int(args[14])) + res.iptables_masquerade = bool(int(args[15])) + res.recover_tries = int(args[16]) + res.recreate_tries = int(args[17]) return res @classmethod @@ -111,8 +115,8 @@ def launch_autoremove(cls, config: Union['WGConfig', 'RecoverConfig'], pair: 'Co running_in_remote: bool = config.running_in_remote if hasattr(config, 'running_in_remote') else pair.running_in_remote listen_port: int = config.new_port if hasattr(config, 'new_port') else config.listen_port args = [config.interface, str(config.suffix), str(pair.peer_ip), remote_pubkey, str(wg_ip), str(int(running_in_remote)), str(config.start_time), str(listen_port), - str(config.listen_ext_port), str(int(config.nat)), config.remote_interface, str(config.remote_local_port), str(int(config.iptables_accept)), str(config.recover_tries), - str(config.recreate_tries)] + str(config.listen_ext_port), str(int(config.nat)), config.remote_interface, str(config.remote_local_port), str(int(config.iptables_accept)), + str(int(config.iptables_forward)), str(int(config.iptables_masquerade)), str(config.recover_tries), str(config.recreate_tries)] systemd = subprocess.run(['systemd-run', '-u', unit, '/bin/sh', '/run/wirescale/wirescale-autoremove', 'start', *args], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True) diff --git a/wirescale/scripts/wirescale-autoremove b/wirescale/scripts/wirescale-autoremove index f7addd7..e504ee2 100644 --- a/wirescale/scripts/wirescale-autoremove +++ b/wirescale/scripts/wirescale-autoremove @@ -77,7 +77,7 @@ finish() { if [ "$recreate_tries" -ne 0 ]; then echo "Launching a unit to create a new tunnel with the same settings" systemd-run -u recreate-"$interface" /bin/sh /run/wirescale/wirescale-autoremove new_upgrade "$interface" "$suffix" "$ts_ip" \ - "$remote_interface" "$iptables" "$recover_tries" "$recreate_tries" + "$remote_interface" "$iptables_accept" "$iptables_forward" "$iptables_masquerade" "$recover_tries" "$recreate_tries" fi exit 0 } @@ -116,13 +116,15 @@ start() { nat=${10} remote_interface=${11} remote_port=${12} - iptables=${13} - recover_tries=${14} - recreate_tries=${15} + iptables_accept=${13} + iptables_forward=${14} + iptables_masquerade=${15} + recover_tries=${16} + recreate_tries=${17} flag_file_stop="/run/wirescale/control/$interface-stop" start_time=$(date +%s) - export interface suffix ts_ip remote_pubkey wg_ip running_in_remote local_port remote_interface - export remote_port start_time iptables recover_tries recreate_tries flag_file_stop + export interface suffix ts_ip remote_pubkey wg_ip running_in_remote local_port remote_interface remote_port + export start_time iptables_accept iptables_forward iptables_masquerade recover_tries recreate_tries flag_file_stop rm -rf "$flag_file_stop" ping_wg_periodic & @@ -137,9 +139,11 @@ new_upgrade() { interface=$(echo "$1" | sed "s/$suffix\$//") ts_ip=$3 remote_interface=$4 - iptables=$5 - recover_tries=$6 - recreate_tries=$7 + iptables_accept=$5 + iptables_forward=$6 + iptables_masquerade=$7 + recover_tries=$8 + recreate_tries=$9 status=1 tries="$recreate_tries" call="wirescale upgrade --no-suffix --interface $interface --remote-interface $remote_interface \ @@ -147,10 +151,20 @@ new_upgrade() { if [ "$suffix" -ne 0 ]; then call="$call --suffix-number $suffix" fi - if [ "$iptables" -eq 0 ]; then - call="$call --no-iptables" + if [ "$iptables_accept" -eq 0 ]; then + call="$call --no-iptables-accept" else - call="$call --iptables" + call="$call --iptables-accept" + fi + if [ "$iptables_forward" -eq 0 ]; then + call="$call --no-iptables-forward" + else + call="$call --iptables-forward" + fi + if [ "$iptables_masquerade" -eq 0 ]; then + call="$call --no-iptables-masquerade" + else + call="$call --iptables-masquerade" fi call="$call $ts_ip" while [ "$status" -ne 0 ] && [ "$tries" -ne 0 ]; do diff --git a/wirescale/version.py b/wirescale/version.py index a4c9b2c..c1926ae 100644 --- a/wirescale/version.py +++ b/wirescale/version.py @@ -2,8 +2,8 @@ # encoding:utf-8 -VERSION = '1.0' -DATE = '2024 Dec 6' +VERSION = '1.0.1' +DATE = '2024 Dec 25' version_msg = f'''wirescale {VERSION} ({DATE}) Copyright © 2024 Fernando Enzo Guarini diff --git a/wirescale/vpn/recover.py b/wirescale/vpn/recover.py index 02a0f28..0a5b6e7 100644 --- a/wirescale/vpn/recover.py +++ b/wirescale/vpn/recover.py @@ -30,8 +30,8 @@ class RecoverConfig: - def __init__(self, interface: str, iptables_accept: bool, running_in_remote: bool, latest_handshake: int, current_port: int, recover_tries: int, - recreate_tries: int, remote_interface: str, remote_local_port: int, suffix: int, wg_ip: IPv4Address): + def __init__(self, interface: str, iptables_accept: bool, iptables_forward: bool, iptables_masquerade: bool, running_in_remote: bool, latest_handshake: int, + current_port: int, recover_tries: int, recreate_tries: int, remote_interface: str, remote_local_port: int, suffix: int, wg_ip: IPv4Address): self.current_port: int = current_port self.derived_key: bytes = None self.endpoint: Tuple[IPv4Address, int] = None @@ -39,6 +39,8 @@ def __init__(self, interface: str, iptables_accept: bool, running_in_remote: boo self.config_file: Path = None self.interface: str = interface self.iptables_accept: bool = iptables_accept + self.iptables_forward: bool = iptables_forward + self.iptables_masquerade: bool = iptables_masquerade self.running_in_remote: bool = running_in_remote self.latest_handshake: int = latest_handshake self.nat: bool = None @@ -72,9 +74,10 @@ def create_from_autoremove(cls, interface: str, latest_handshake: int): error = ErrorMessages.IP_MISMATCH.format(peer_name=pair.peer_name, peer_ip=pair.peer_ip, interface=interface, autoremove_ip=systemd.ts_ip) error_remote = ErrorMessages.REMOTE_IP_MISMATCH.format(my_name=pair.my_name, my_ip=pair.my_ip, peer_ip=pair.peer_ip, interface=interface) ErrorMessages.send_error_message(local_message=error, remote_message=error_remote) - recover = RecoverConfig(interface=interface, latest_handshake=latest_handshake, running_in_remote=systemd.running_in_remote, iptables_accept=systemd.iptables_accept, wg_ip=systemd.wg_ip, - current_port=systemd.local_port, recover_tries=systemd.recover_tries, recreate_tries=systemd.recreate_tries, remote_interface=systemd.remote_interface, - remote_local_port=systemd.remote_local_port, suffix=systemd.suffix) + recover = RecoverConfig(interface=interface, latest_handshake=latest_handshake, running_in_remote=systemd.running_in_remote, iptables_accept=systemd.iptables_accept, + iptables_forward=systemd.iptables_forward, iptables_masquerade=systemd.iptables_masquerade, wg_ip=systemd.wg_ip, current_port=systemd.local_port, + recover_tries=systemd.recover_tries, recreate_tries=systemd.recreate_tries, remote_interface=systemd.remote_interface, remote_local_port=systemd.remote_local_port, + suffix=systemd.suffix) recover.config_file = check_configfile() recover.load_keys() with file_locker():