From 7e7f237292383fa27b0b8f46757ccd3a1119ce17 Mon Sep 17 00:00:00 2001 From: s-hadinger <49731213+s-hadinger@users.noreply.github.com> Date: Sun, 27 Apr 2025 23:12:18 +0200 Subject: [PATCH] Wireguard default values (#23349) --- lib/lib_ssl/IniFile-Tasmota/src/IniFile.cpp | 12 ++++++---- lib/lib_ssl/IniFile-Tasmota/src/IniFile.h | 2 +- .../xdrv_80_wireguard_client.ino | 22 +++++++++++++------ 3 files changed, 24 insertions(+), 12 deletions(-) diff --git a/lib/lib_ssl/IniFile-Tasmota/src/IniFile.cpp b/lib/lib_ssl/IniFile-Tasmota/src/IniFile.cpp index 58b9571b6..07e9c4f3b 100644 --- a/lib/lib_ssl/IniFile-Tasmota/src/IniFile.cpp +++ b/lib/lib_ssl/IniFile-Tasmota/src/IniFile.cpp @@ -257,13 +257,17 @@ bool IniFile::getCIDR(const char* section, const char* key, ip_addr_t *ip, ip_ad return parseCIDR(cidr, ip, mask); } -bool IniFile::getDomainPort(const char* section, const char* key, String &domain, uint16_t &port) +bool IniFile::getDomainPort(const char* section, const char* key, String &domain, uint16_t &port, uint16_t default_port) { if (!getValueString(section, key, domain)) return false; // error int32_t colon = domain.indexOf(':'); - if (colon < 0) { return false; } - port = domain.substring(colon + 1).toInt(); - domain = domain.substring(0, colon); + if (colon == 0) { return false; } // having an empty domain is wrong + if (colon > 0) { + port = domain.substring(colon + 1).toInt(); + domain = domain.substring(0, colon); + } else { + port = default_port; + } return true; } diff --git a/lib/lib_ssl/IniFile-Tasmota/src/IniFile.h b/lib/lib_ssl/IniFile-Tasmota/src/IniFile.h index 8638eff7e..d12b98452 100644 --- a/lib/lib_ssl/IniFile-Tasmota/src/IniFile.h +++ b/lib/lib_ssl/IniFile-Tasmota/src/IniFile.h @@ -68,7 +68,7 @@ public: static bool parseCIDR(String& str, ip_addr_t *ip, ip_addr_t *mask); bool getCIDR(const char* section, const char* key, ip_addr_t *ip, ip_addr_t *mask); - bool getDomainPort(const char* section, const char* key, String &domain, uint16_t &port); + bool getDomainPort(const char* section, const char* key, String &domain, uint16_t &port, uint16_t default_port); // From the file location saved in 'state' look for the next section and read its name. // The name will be in the buffer. Returns false if no section found. diff --git a/tasmota/tasmota_xdrv_driver/xdrv_80_wireguard_client.ino b/tasmota/tasmota_xdrv_driver/xdrv_80_wireguard_client.ino index ce90e9128..04aafc7a9 100644 --- a/tasmota/tasmota_xdrv_driver/xdrv_80_wireguard_client.ino +++ b/tasmota/tasmota_xdrv_driver/xdrv_80_wireguard_client.ino @@ -85,7 +85,7 @@ bool WireguardLoadConfig(const char *filename) { valconf = valconf && ini.getCIDR("Interface", "Address", &config.address2, &config.subnet); valconf = valconf && ini.getValueBase64("Peer", "PublicKey", config.public_key2, sizeof(config.public_key2)); valconf = valconf && ini.getValueBase64("Peer", "PresharedKey", config.preshared_key2, sizeof(config.preshared_key2)); - valconf = valconf && ini.getDomainPort("Peer", "Endpoint", Wireguard.endpoint, Wireguard.config.port); + valconf = valconf && ini.getDomainPort("Peer", "Endpoint", Wireguard.endpoint, Wireguard.config.port, 51820 /*default port*/); // read optional NetMask ipaddr_aton(WIREGUARD_NETMASK, &config.netmask2); ini.getIPAddress("Tasmota", "Netmask", &Wireguard.config.netmask2); @@ -147,13 +147,21 @@ bool WireguardConnect(void) { esp_err_t err = esp_wireguard_connect(&Wireguard.ctx); if (err == ESP_OK) { Wireguard.started = true; - for (const allowed_ips_t & allowedip : Wireguard.allowed_ips) { - err = esp_wireguard_add_allowed_ip(&Wireguard.ctx, allowedip.addr, allowedip.mask); - if (err != ESP_OK) { - AddLog(LOG_LEVEL_INFO, PSTR("WG : Failed to add allowed_ips %_I/%_I, no space left"), allowedip.addr, allowedip.mask); - break; + if (!Wireguard.allowed_ips.isEmpty()) { + for (const allowed_ips_t & allowedip : Wireguard.allowed_ips) { + err = esp_wireguard_add_allowed_ip(&Wireguard.ctx, allowedip.addr, allowedip.mask); + if (err != ESP_OK) { + AddLog(LOG_LEVEL_INFO, PSTR("WG : Failed to add allowed_ips, no space left")); + break; + } + AddLog(LOG_LEVEL_DEBUG, PSTR("WG : Added allowed_ips %s/%s"), IPAddress(&allowedip.addr).toString().c_str(), + IPAddress(&allowedip.mask).toString().c_str()); } - AddLog(LOG_LEVEL_DEBUG, PSTR("WG : Added allowed_ips %_I/%_I"), allowedip.addr, allowedip.mask); + } else { + // allowed_ips is empty, so we add 0.0.0.0/0.0.0.0 + ip_addr_t ip_zero = IPADDR4_INIT_BYTES(0, 0, 0, 0); + err = esp_wireguard_add_allowed_ip(&Wireguard.ctx, ip_zero, ip_zero); + AddLog(LOG_LEVEL_DEBUG, PSTR("WG : Added default allowed_ips 0.0.0.0/0.0.0.0")); } return true; }