Members of the KDE Community are recommended to subscribe to the kde-community mailing list at https://mail.kde.org/mailman/listinfo/kde-community to allow them to participate in important discussions and receive other important announcements

Commit 389a5e19 authored by Bruce Anderson's avatar Bruce Anderson Committed by Jan Grulich

Add WireGuard capability.

Summary:
FEATURE: 397572
FIXED-IN: 5.14.0

Reviewers: #plasma, jgrulich, pino

Reviewed By: jgrulich

Subscribers: acrouthamel, K900, pino, lbeltrame, ngraham, plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D15093
parent 1609375d
......@@ -90,7 +90,9 @@ QVariant KcmIdentityModel::data(const QModelIndex &index, int role) const
return tooltip;
} else if (role == KcmVpnConnectionExportable) {
if (type == NetworkManager::ConnectionSettings::Vpn && vpnSetting) {
return (vpnSetting->serviceType().endsWith(QLatin1String("vpnc")) || vpnSetting->serviceType().endsWith(QLatin1String("openvpn")));
return (vpnSetting->serviceType().endsWith(QLatin1String("vpnc")) ||
vpnSetting->serviceType().endsWith(QLatin1String("openvpn")) ||
vpnSetting->serviceType().endsWith(QLatin1String("wireguard")));
}
return false;
} else {
......
......@@ -11,4 +11,5 @@ add_subdirectory(ssh)
add_subdirectory(sstp)
add_subdirectory(strongswan)
add_subdirectory(vpnc)
add_subdirectory(wireguard)
add_definitions(-DTRANSLATION_DOMAIN=\"plasmanetworkmanagement_wireguardui\")
set(wireguard_SRCS
../../libs/debug.cpp
wireguard.cpp
wireguardwidget.cpp
wireguardauth.cpp
wireguardadvancedwidget.cpp
wireguardkeyvalidator.cpp
)
ki18n_wrap_ui(wireguard_SRCS wireguard.ui wireguardadvanced.ui wireguardauth.ui)
add_library(plasmanetworkmanagement_wireguardui ${wireguard_SRCS})
kcoreaddons_desktop_to_json(plasmanetworkmanagement_wireguardui plasmanetworkmanagement_wireguardui.desktop)
target_link_libraries(plasmanetworkmanagement_wireguardui
plasmanm_internal
plasmanm_editor
KF5::ConfigCore
KF5::CoreAddons
KF5::I18n
KF5::KIOWidgets
KF5::WidgetsAddons
KF5::ConfigWidgets
)
install(TARGETS plasmanetworkmanagement_wireguardui DESTINATION ${PLUGIN_INSTALL_DIR})
install(FILES plasmanetworkmanagement_wireguardui.desktop DESTINATION ${SERVICES_INSTALL_DIR})
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
/* nm-wireguard-service - WireGuard integration with NetworkManager
*
* Copyright 2018 Bruce Anderson <banderson19com@san.rr.com>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
*/
#ifndef NM_WIREGUARD_SERVICE_H
#define NM_WIREGUARD_SERVICE_H
#define NM_DBUS_SERVICE_WIREGUARD "org.freedesktop.NetworkManager.wireguard"
#define NM_DBUS_INTERFACE_WIREGUARD "org.freedesktop.NetworkManager.wireguard"
#define NM_DBUS_PATH_WIREGUARD "/org/freedesktop/NetworkManager/wireguard"
#define NM_WG_KEY_ADDR_IP4 "local-ip4"
#define NM_WG_KEY_ADDR_IP6 "local-ip6"
#define NM_WG_KEY_LISTEN_PORT "local-listen-port"
#define NM_WG_KEY_PRIVATE_KEY "local-private-key"
#define NM_WG_KEY_DNS "connection-dns"
#define NM_WG_KEY_MTU "connection-mtu"
#define NM_WG_KEY_TABLE "connection_table"
#define NM_WG_KEY_PUBLIC_KEY "peer-public-key"
#define NM_WG_KEY_ALLOWED_IPS "peer-allowed-ips"
#define NM_WG_KEY_ENDPOINT "peer-endpoint"
#define NM_WG_KEY_PRESHARED_KEY "peer-preshared-key"
#define NM_WG_KEY_FWMARK "fwmark"
#define NM_WG_KEY_PRE_UP "script-pre-up"
#define NM_WG_KEY_POST_UP "script-post-up"
#define NM_WG_KEY_PRE_DOWN "script-pre-down"
#define NM_WG_KEY_POST_DOWN "script-post-down"
#define NM_WG_KEY_PERSISTENT_KEEPALIVE "peer-persistent-keep-alive"
#endif /* NM_WIREGUARD_SERVICE_H */
[Desktop Entry]
Type=Service
Icon=
ServiceTypes=PlasmaNetworkManagement/VpnUiPlugin
X-KDE-Library=plasmanetworkmanagement_wireguardui
X-NetworkManager-Services=org.freedesktop.NetworkManager.wireguard
X-KDE-PluginInfo-Author=Bruce Anderson
X-KDE-PluginInfo-Email=banderson19com@san.rr.com
X-KDE-PluginInfo-Name=plasmanetworkmanagement_wireguardui
X-KDE-PluginInfo-Version=0.1
X-KDE-PluginInfo-Website=
X-KDE-PluginInfo-Category=VPNService
X-KDE-PluginInfo-Depends=
X-KDE-PluginInfo-License=GPL
X-KDE-PluginInfo-EnabledByDefault=false
Name=WireGuard based VPN
Comment=Compatible with WireGuard VPN servers
This diff is collapsed.
/*
Copyright 2018 Bruce Anderson <banderson19com@san.rr.com>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
published by the Free Software Foundation; either version 2 of
the License or (at your option) version 3 or any later version
accepted by the membership of KDE e.V. (or its successor approved
by the membership of KDE e.V.), which shall act as a proxy
defined in Section 14 of version 3 of the license.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef PLASMANM_WIREGUARD_H
#define PLASMANM_WIREGUARD_H
#include "vpnuiplugin.h"
class Q_DECL_EXPORT WireGuardUiPlugin : public VpnUiPlugin
{
Q_OBJECT
public:
explicit WireGuardUiPlugin(QObject *parent = nullptr, const QVariantList& = QVariantList());
~WireGuardUiPlugin() override;
SettingWidget *widget(const NetworkManager::VpnSetting::Ptr &setting,
QWidget *parent = nullptr) override;
SettingWidget *askUser(const NetworkManager::VpnSetting::Ptr &setting,
QWidget *parent = nullptr) override;
QString suggestedFileName(const NetworkManager::ConnectionSettings::Ptr &connection) const override;
QString supportedFileExtensions() const override;
NMVariantMapMap importConnectionSettings(const QString &fileName) override;
bool exportConnectionSettings(const NetworkManager::ConnectionSettings::Ptr &connection,
const QString &fileName) override;
};
#endif // PLASMANM_WIREGUARD_H
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>WireGuardProp</class>
<widget class="QWidget" name="WireGuardProp">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>495</width>
<height>454</height>
</rect>
</property>
<property name="windowTitle">
<string>WireGuard Settings</string>
</property>
<layout class="QVBoxLayout" name="verticalLayout_2">
<item>
<widget class="QGroupBox" name="groupBox">
<property name="title">
<string>Interface</string>
</property>
<layout class="QFormLayout" name="form1Layout">
<item row="0" column="0">
<widget class="QLabel" name="addressIPv4Label">
<property name="text">
<string>Address (IPv4):</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QLineEdit" name="addressIPv4LineEdit">
<property name="toolTip">
<string>IPv4 Internet address with
CIDR (example: 10.22.13.123/32)
assigned to the local interface.
IPv4 or IPv6 address (or both) required</string>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="addressIPv6Label">
<property name="text">
<string>Address (IPv6):</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLineEdit" name="addressIPv6LineEdit">
<property name="toolTip">
<string>IPv6 Internet address with
CIDR assigned to the local interface.
(example: fc00:aaaa:aaaa:aa03::1bc9/128)
IPv4 or IPv6 address (or both) required</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="privateKeyLabel">
<property name="text">
<string>Private key:</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="PasswordField" name="privateKeyLineEdit">
<property name="toolTip">
<string>Required.
A base64 private key generated by wg genkey.</string>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="dNSLabel">
<property name="text">
<string>DNS:</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QLineEdit" name="dNSLineEdit">
<property name="toolTip">
<string>Optional.
IPv4 or IPv6 address to set the interface's DNS server.</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<widget class="QGroupBox" name="groupBox_2">
<property name="title">
<string>Peer</string>
</property>
<layout class="QFormLayout" name="form2Layout">
<item row="0" column="0">
<widget class="QLabel" name="publicKeyLabel">
<property name="text">
<string>Public key:</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QLineEdit" name="publicKeyLineEdit">
<property name="toolTip">
<string>Required.
A base64 public key calculated by wg pubkey
from a private key, and usually transmitted
out of band to the author of the configuration file.</string>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="allowedIPsLabel">
<property name="text">
<string>Allowed IPs:</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLineEdit" name="allowedIPsLineEdit">
<property name="toolTip">
<string>Required.
A comma-separated list of IP (v4 or v6) addresses
with CIDR masks from which incoming traffic for
this peer is allowed and to which outgoing traffic
for this peer is directed. The catch-all 0.0.0.0/0
may be specified for matching all IPv4 addresses,
and ::/0 may be specified for matching all IPv6 addresses.</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="endpointLabel">
<property name="text">
<string>Endpoint:</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QLineEdit" name="endpointLineEdit">
<property name="toolTip">
<string>Optional.
An endpoint IP followed by a colon, and then a port number.</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<layout class="QHBoxLayout" name="horizontalLayout">
<item>
<spacer name="horizontalSpacer">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item>
<widget class="QPushButton" name="btnAdvanced">
<property name="text">
<string>Advanced...</string>
</property>
</widget>
</item>
</layout>
</item>
<item>
<spacer name="verticalSpacer">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>0</height>
</size>
</property>
</spacer>
</item>
</layout>
</widget>
<customwidgets>
<customwidget>
<class>PasswordField</class>
<extends>QLineEdit</extends>
<header location="global">passwordfield.h</header>
</customwidget>
</customwidgets>
<resources/>
<connections/>
</ui>
<?xml version="1.0" encoding="UTF-8"?>
<ui version="4.0">
<class>WireGuardAdvancedWidget</class>
<widget class="QWidget" name="WireGuardAdvancedWidget">
<property name="geometry">
<rect>
<x>0</x>
<y>0</y>
<width>398</width>
<height>380</height>
</rect>
</property>
<property name="windowTitle">
<string>WireGuard Advanced</string>
</property>
<layout class="QVBoxLayout" name="verticalLayout_2">
<item>
<widget class="QGroupBox" name="groupBox">
<property name="title">
<string>Interface</string>
</property>
<layout class="QFormLayout" name="formLayout_1">
<item row="0" column="0">
<widget class="QLabel" name="listenPortLabel">
<property name="text">
<string>Listen port:</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QLineEdit" name="listenPortLineEdit">
<property name="toolTip">
<string>Listen port number. Chosen randomly if left as 'Automatic'.</string>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="mTULabel">
<property name="text">
<string>MTU:</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLineEdit" name="mtuLineEdit">
<property name="toolTip">
<string>Optional.
If not specified, the MTU is automatically determined
from the endpoint addresses or the system default route,
which is usually a sane choice. However, to manually
specify an MTU and to override this automatic discovery,
this value may be specified explicitly.</string>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="tableLabel">
<property name="text">
<string>Table:</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QLineEdit" name="tableLineEdit">
<property name="toolTip">
<string>Controls the routing table to which routes are added.
There are two special values: `off' disables the
creation of routes altogether, and `auto' (the default)
adds routes to the default table and enables special
handling of default routes</string>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="fwMarkLabel">
<property name="text">
<string>FwMark:</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QLineEdit" name="fwMarkLineEdit">
<property name="toolTip">
<string>Optional.
An fwmark for outgoing packets. If set to 0 or 'off', this
option is disabled. May be specified in hexadecimal by
prepending '0x'.</string>
</property>
</widget>
</item>
<item row="4" column="0">
<widget class="QLabel" name="preUpLabel">
<property name="text">
<string>Pre-up command:</string>
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QLineEdit" name="preUpLineEdit">
<property name="toolTip">
<string>Optional.
Script snippet which will be executed by bash(1)
before setting up the interface. Most commonly used
to configure custom DNS options or firewall rules.
The special string `%i' is expanded to INTERFACE.</string>
</property>
</widget>
</item>
<item row="5" column="0">
<widget class="QLabel" name="postUpLabel">
<property name="text">
<string>Post-up command:</string>
</property>
</widget>
</item>
<item row="5" column="1">
<widget class="QLineEdit" name="postUpLineEdit">
<property name="toolTip">
<string>Optional.
Script snippet which will be executed by bash(1)
after setting up the interface. Most commonly used
to configure custom DNS options or firewall rules.
The special string `%i' is expanded to INTERFACE.</string>
</property>
</widget>
</item>
<item row="6" column="0">
<widget class="QLabel" name="preDownLabel">
<property name="text">
<string>Pre-down command:</string>
</property>
</widget>
</item>
<item row="6" column="1">
<widget class="QLineEdit" name="preDownLineEdit">
<property name="toolTip">
<string>Optional.
Script snippet which will be executed by bash(1)
before tearing down the interface. Most commonly used
to configure custom DNS options or firewall rules.
The special string `%i' is expanded to INTERFACE.</string>
</property>
</widget>
</item>
<item row="7" column="0">
<widget class="QLabel" name="postDownLabel">
<property name="text">
<string>Post-down command:</string>
</property>
</widget>
</item>
<item row="7" column="1">
<widget class="QLineEdit" name="postDownLineEdit">
<property name="toolTip">
<string>Optional.
Script snippet which will be executed by bash(1)
after tearing down the interface. Most commonly used
to configure custom DNS options or firewall rules.
The special string `%i' is expanded to INTERFACE.</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<widget class="QGroupBox" name="groupBox_2">
<property name="title">
<string>Peer</string>
</property>
<layout class="QFormLayout" name="formLayout">
<item row="0" column="0">
<widget class="QLabel" name="presharedKeyLabel">
<property name="text">
<string>Preshared key:</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="PasswordField" name="presharedKeyLineEdit">
<property name="toolTip">
<string>Optional.
A base64 preshared key generated by wg genpsk.
This option adds an additional layer of symmetric-key
cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance.</string>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="persistentKeepaliveLabel">
<property name="text">
<string>Persistent Keepalive:</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLineEdit" name="persistentKeepaliveLineEdit">
<property name="toolTip">
<string>Optional.
A seconds interval, between 1 and 65535 inclusive, of
how often to send an authenticated empty packet to
the peer for the purpose of keeping a stateful firewall
or NAT mapping valid persistently. For example, if the
interface very rarely sends traffic, but it might at
anytime receive traffic from a peer, and it is behind
NAT, the interface might benefit from having a
persistent keepalive interval of 25 seconds. If set to
0 or "off", this option is disabled. By default or
when unspecified, this option is off. Most users will not
need this.</string>
</property>
</widget>
</item>
</layout>
</widget>
</item>
<item>
<widget class="QDialogButtonBox" name="buttonBox">
<property name="standardButtons">
<set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
</property>
</widget>
</item>
<item>
<layout class="QHBoxLayout" name="horizontalLayout_2"/>
</item>
<item>
<spacer name="verticalSpacer">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
</layout>
</widget>
<customwidgets>
<customwidget>
<class>PasswordField</class>
<extends>QLineEdit</extends>
<header location="global">passwordfield.h</header>
</customwidget>
</customwidgets>
<resources/>
<connections/>
</ui>
/*
Copyright 2018 Bruce Anderson <banderson19com@san.rr.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) version 3, or any
later version accepted by the membership of KDE e.V. (or its
successor approved by the membership of KDE e.V.), which shall
act as a proxy defined in Section 6 of version 3 of the license.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library. If not, see <http://www.gnu.org/licenses/>.
*/
#include "wireguardadvancedwidget.h"
#include <QtWidgets/QPushButton>
#include <KColorScheme>
#include "ui_wireguardadvanced.h"
#include "nm-wireguard-service.h"
#include "settingwidget.h"
#include "wireguardkeyvalidator.h"
class WireGuardAdvancedWidget::Private
{
public:
NetworkManager::VpnSetting::Ptr setting;
Ui::WireGuardAdvancedWidget ui;
QPalette warningPalette;
QPalette normalPalette;
WireGuardKeyValidator *keyValidator;
QIntValidator *listenPortValidator;
QIntValidator *mtuValidator;
QRegularExpressionValidator *fwMarkValidator;
QIntValidator *persistentKeepaliveValidator;
QRegularExpressionValidator *tableValidator;
~Private();
Private();
bool fwMarkValid;
bool presharedKeyValid;
bool tableValid;
};
WireGuardAdvancedWidget::Private::Private() : fwMarkValid(true),
presharedKeyValid(true),
tableValid(true)
{
}
WireGuardAdvancedWidget::Private::~Private()
{
delete keyValidator;
delete listenPortValidator;
delete mtuValidator;
delete fwMarkValidator;
delete persistentKeepaliveValidator;
delete tableValidator;
}
WireGuardAdvancedWidget::WireGuardAdvancedWidget(const NetworkManager::VpnSetting::Ptr &setting,
QWidget *parent)
: QDialog(parent), d(new Private)
{
KSharedConfigPtr config = KSharedConfig::openConfig();
d->warningPalette = KColorScheme::createApplicationPalette(config);