diff options
| -rw-r--r-- | net/Makefile | 2 | ||||
| -rw-r--r-- | net/amneziawg-kmod/Makefile | 23 | ||||
| -rw-r--r-- | net/amneziawg-kmod/distinfo | 3 | ||||
| -rw-r--r-- | net/amneziawg-kmod/files/patch-Makefile | 9 | ||||
| -rw-r--r-- | net/amneziawg-kmod/files/patch-if__wg.c | 173 | ||||
| -rw-r--r-- | net/amneziawg-kmod/pkg-descr | 12 | ||||
| -rw-r--r-- | net/amneziawg-tools/Makefile | 36 | ||||
| -rw-r--r-- | net/amneziawg-tools/distinfo | 3 | ||||
| -rw-r--r-- | net/amneziawg-tools/files/amneziawg.in | 74 | ||||
| -rw-r--r-- | net/amneziawg-tools/files/patch-config.c | 11 | ||||
| -rw-r--r-- | net/amneziawg-tools/files/patch-ipc-freebsd.h | 11 | ||||
| -rw-r--r-- | net/amneziawg-tools/files/patch-wg-quick_freebsd.bash | 192 | ||||
| -rw-r--r-- | net/amneziawg-tools/pkg-descr | 2 | ||||
| -rw-r--r-- | net/amneziawg-tools/pkg-plist | 7 |
14 files changed, 558 insertions, 0 deletions
diff --git a/net/Makefile b/net/Makefile index 1d7962c2c074..07dde2dad8f7 100644 --- a/net/Makefile +++ b/net/Makefile @@ -17,6 +17,8 @@ SUBDIR += akonadi-search SUBDIR += alligator SUBDIR += aluminum + SUBDIR += amneziawg-kmod + SUBDIR += amneziawg-tools SUBDIR += amqpcat SUBDIR += aoe SUBDIR += apache-commons-net diff --git a/net/amneziawg-kmod/Makefile b/net/amneziawg-kmod/Makefile new file mode 100644 index 000000000000..c09d7aba58b0 --- /dev/null +++ b/net/amneziawg-kmod/Makefile @@ -0,0 +1,23 @@ +PORTNAME= amneziawg +PORTVERSION= 1.0.6 +DISTVERSIONPREFIX= v +CATEGORIES= net net-vpn +PKGNAMESUFFIX= -kmod + +MAINTAINER= vova@zote.me +COMMENT= AmneziaWG FreeBSD kernel module implementation +WWW= https://github.com/vgrebenschikov/wireguard-amnezia-kmod + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/COPYING + +BROKEN_FreeBSD_13= Depends on kernel sources of recent FreeBSD 14 or newer + +USES= kmod uidfix +USE_GITHUB= yes +GH_ACCOUNT= vgrebenschikov +GH_PROJECT= wireguard-amnezia-kmod + +PLIST_FILES= ${KMODDIR}/if_awg.ko + +.include <bsd.port.mk> diff --git a/net/amneziawg-kmod/distinfo b/net/amneziawg-kmod/distinfo new file mode 100644 index 000000000000..56fc58cc48dc --- /dev/null +++ b/net/amneziawg-kmod/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1753385001 +SHA256 (vgrebenschikov-wireguard-amnezia-kmod-v1.0.6_GH0.tar.gz) = 916438447143bff815d0c6617796ff12c98c25dd5439413d67faab19c4dd65fd +SIZE (vgrebenschikov-wireguard-amnezia-kmod-v1.0.6_GH0.tar.gz) = 52053 diff --git a/net/amneziawg-kmod/files/patch-Makefile b/net/amneziawg-kmod/files/patch-Makefile new file mode 100644 index 000000000000..90abd540b7f1 --- /dev/null +++ b/net/amneziawg-kmod/files/patch-Makefile @@ -0,0 +1,9 @@ +--- Makefile.orig 2025-07-22 17:42:41 UTC ++++ Makefile +@@ -1,5 +1,5 @@ + +-KMOD= if_wg ++KMOD= if_awg + + SRCS= if_wg.c wg_cookie.c wg_crypto.c wg_noise.c + SRCS+= opt_inet.h opt_inet6.h device_if.h bus_if.h diff --git a/net/amneziawg-kmod/files/patch-if__wg.c b/net/amneziawg-kmod/files/patch-if__wg.c new file mode 100644 index 000000000000..88733e895b1e --- /dev/null +++ b/net/amneziawg-kmod/files/patch-if__wg.c @@ -0,0 +1,173 @@ +--- if_wg.c.orig 2025-07-22 17:38:01 UTC ++++ if_wg.c +@@ -278,21 +278,21 @@ static volatile unsigned long peer_counter = 0; + static int clone_count; + static uma_zone_t wg_packet_zone; + static volatile unsigned long peer_counter = 0; +-static const char wgname[] = "wg"; ++static const char wgname[] = "awg"; + static unsigned wg_osd_jail_slot; + + static struct sx wg_sx; +-SX_SYSINIT(wg_sx, &wg_sx, "wg_sx"); ++SX_SYSINIT(wg_sx, &wg_sx, "awg_sx"); + + static LIST_HEAD(, wg_softc) wg_list = LIST_HEAD_INITIALIZER(wg_list); + + static TASKQGROUP_DEFINE(wg_tqg, mp_ncpus, 1); + +-MALLOC_DEFINE(M_WG, "WG", "wireguard"); ++MALLOC_DEFINE(M_WG, "AWG", "amneziawg"); + +-VNET_DEFINE_STATIC(struct if_clone *, wg_cloner); ++VNET_DEFINE_STATIC(struct if_clone *, awg_cloner); + +-#define V_wg_cloner VNET(wg_cloner) ++#define V_awg_cloner VNET(awg_cloner) + #define WG_CAPS IFCAP_LINKSTATE + + struct wg_timespec64 { +@@ -386,10 +386,10 @@ static int wg_ioctl(if_t, u_long, caddr_t); + static void wg_reassign(if_t, struct vnet *, char *unused); + static void wg_init(void *); + static int wg_ioctl(if_t, u_long, caddr_t); +-static void vnet_wg_init(const void *); +-static void vnet_wg_uninit(const void *); +-static int wg_module_init(void); +-static void wg_module_deinit(void); ++static void vnet_awg_init(const void *); ++static void vnet_awg_uninit(const void *); ++static int awg_module_init(void); ++static void awg_module_deinit(void); + + /* TODO Peer */ + static struct wg_peer * +@@ -408,7 +408,7 @@ wg_peer_alloc(struct wg_softc *sc, const uint8_t pub_k + + cookie_maker_init(&peer->p_cookie, pub_key); + +- rw_init(&peer->p_endpoint_lock, "wg_peer_endpoint"); ++ rw_init(&peer->p_endpoint_lock, "awg_peer_endpoint"); + + wg_queue_init(&peer->p_stage_queue, "stageq"); + wg_queue_init(&peer->p_encrypt_serial, "txq"); +@@ -428,9 +428,9 @@ wg_peer_alloc(struct wg_softc *sc, const uint8_t pub_k + peer->p_handshake_retries = 0; + + GROUPTASK_INIT(&peer->p_send, 0, (gtask_fn_t *)wg_deliver_out, peer); +- taskqgroup_attach(qgroup_wg_tqg, &peer->p_send, peer, NULL, NULL, "wg send"); ++ taskqgroup_attach(qgroup_wg_tqg, &peer->p_send, peer, NULL, NULL, "awg send"); + GROUPTASK_INIT(&peer->p_recv, 0, (gtask_fn_t *)wg_deliver_in, peer); +- taskqgroup_attach(qgroup_wg_tqg, &peer->p_recv, peer, NULL, NULL, "wg recv"); ++ taskqgroup_attach(qgroup_wg_tqg, &peer->p_recv, peer, NULL, NULL, "awg recv"); + + LIST_INIT(&peer->p_aips); + peer->p_aips_num = 0; +@@ -3286,26 +3286,26 @@ static void + } + + static void +-vnet_wg_init(const void *unused __unused) ++vnet_awg_init(const void *unused __unused) + { + struct if_clone_addreq req = { + .create_f = wg_clone_create, + .destroy_f = wg_clone_destroy, + .flags = IFC_F_AUTOUNIT, + }; +- V_wg_cloner = ifc_attach_cloner(wgname, &req); ++ V_awg_cloner = ifc_attach_cloner(wgname, &req); + } +-VNET_SYSINIT(vnet_wg_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, +- vnet_wg_init, NULL); ++VNET_SYSINIT(vnet_awg_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, ++ vnet_awg_init, NULL); + + static void +-vnet_wg_uninit(const void *unused __unused) ++vnet_awg_uninit(const void *unused __unused) + { +- if (V_wg_cloner) +- ifc_detach_cloner(V_wg_cloner); ++ if (V_awg_cloner) ++ ifc_detach_cloner(V_awg_cloner); + } +-VNET_SYSUNINIT(vnet_wg_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, +- vnet_wg_uninit, NULL); ++VNET_SYSUNINIT(vnet_awg_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, ++ vnet_awg_uninit, NULL); + + static int + wg_prison_remove(void *obj, void *data __unused) +@@ -3352,14 +3352,14 @@ static int + #endif + + static int +-wg_module_init(void) ++awg_module_init(void) + { + int ret; + osd_method_t methods[PR_MAXMETHOD] = { + [PR_METHOD_REMOVE] = wg_prison_remove, + }; + +- wg_packet_zone = uma_zcreate("wg packet", sizeof(struct wg_packet), ++ wg_packet_zone = uma_zcreate("awg packet", sizeof(struct wg_packet), + NULL, NULL, NULL, NULL, 0, 0); + + ret = crypto_init(); +@@ -3378,15 +3378,15 @@ static void + } + + static void +-wg_module_deinit(void) ++awg_module_deinit(void) + { + VNET_ITERATOR_DECL(vnet_iter); + VNET_LIST_RLOCK(); + VNET_FOREACH(vnet_iter) { +- struct if_clone *clone = VNET_VNET(vnet_iter, wg_cloner); ++ struct if_clone *clone = VNET_VNET(vnet_iter, awg_cloner); + if (clone) { + ifc_detach_cloner(clone); +- VNET_VNET(vnet_iter, wg_cloner) = NULL; ++ VNET_VNET(vnet_iter, awg_cloner) = NULL; + } + } + VNET_LIST_RUNLOCK(); +@@ -3401,13 +3401,13 @@ static int + } + + static int +-wg_module_event_handler(module_t mod, int what, void *arg) ++awg_module_event_handler(module_t mod, int what, void *arg) + { + switch (what) { + case MOD_LOAD: +- return wg_module_init(); ++ return awg_module_init(); + case MOD_UNLOAD: +- wg_module_deinit(); ++ awg_module_deinit(); + break; + default: + return (EOPNOTSUPP); +@@ -3415,12 +3415,12 @@ wg_module_event_handler(module_t mod, int what, void * + return (0); + } + +-static moduledata_t wg_moduledata = { +- "if_wg", +- wg_module_event_handler, ++static moduledata_t awg_moduledata = { ++ "if_awg", ++ awg_module_event_handler, + NULL + }; + +-DECLARE_MODULE(if_wg, wg_moduledata, SI_SUB_PSEUDO, SI_ORDER_ANY); +-MODULE_VERSION(if_wg, WIREGUARD_VERSION); +-MODULE_DEPEND(if_wg, crypto, 1, 1, 1); ++DECLARE_MODULE(if_awg, awg_moduledata, SI_SUB_PSEUDO, SI_ORDER_ANY); ++MODULE_VERSION(if_awg, WIREGUARD_VERSION); ++MODULE_DEPEND(if_awg, crypto, 1, 1, 1); diff --git a/net/amneziawg-kmod/pkg-descr b/net/amneziawg-kmod/pkg-descr new file mode 100644 index 000000000000..d493982cbd6e --- /dev/null +++ b/net/amneziawg-kmod/pkg-descr @@ -0,0 +1,12 @@ +AmneziaWG is a contemporary version of the popular VPN protocol, WireGuard. +It offers protection against detection by Deep Packet Inspection (DPI) systems. +At the same time, it retains the simplified architecture and high performance +of the original. + +The progenitor of AmneziaWG, WireGuard, is known for its efficiency, but +it does have issues with detection due to distinctive packet signatures. +AmneziaWG addresses this problem by employing advanced obfuscation methods, +allowing its traffic to blend seamlessly with regular internet traffic. +As a result, AmneziaWG maintains high performance while adding an extra layer +of stealth, making it a superb choice for those seeking a fast and discreet +VPN connection. diff --git a/net/amneziawg-tools/Makefile b/net/amneziawg-tools/Makefile new file mode 100644 index 000000000000..99af37f70786 --- /dev/null +++ b/net/amneziawg-tools/Makefile @@ -0,0 +1,36 @@ +PORTNAME= amneziawg-tools +PORTVERSION= 1.0.20241018 +CATEGORIES= net net-vpn +MASTER_SITES= https://github.com/amnezia-vpn/amneziawg-tools/ + +MAINTAINER= vova@zote.me +COMMENT= Fast, modern and secure VPN Tunnel with AmneziaVPN anti-detection +WWW= https://github.com/amnezia-vpn/amneziawg-tools/ + +LICENSE= GPLv2 + +RUN_DEPENDS= bash:shells/bash + +USES= gmake +USE_GITHUB= yes +GH_ACCOUNT= amnezia-vpn +GH_TAGNAME= v${PORTVERSION} + +WRKSRC_SUBDIR= src +MAKE_ARGS+= DEBUG=no WITH_BASHCOMPLETION=yes WITH_SYSTEMDUNITS=no +MAKE_ENV+= MANDIR="${PREFIX}/share/man" \ + SYSCONFDIR="${PREFIX}/etc" + +USE_RC_SUBR= amneziawg + +.include <bsd.port.options.mk> + +post-patch: + @${REINPLACE_CMD} -e 's|wg s|awg s|g' \ + ${WRKSRC}/completion/wg-quick.bash-completion + +post-install: + @${MKDIR} ${STAGEDIR}${PREFIX}/etc/amnezia/amneziawg + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/awg + +.include <bsd.port.mk> diff --git a/net/amneziawg-tools/distinfo b/net/amneziawg-tools/distinfo new file mode 100644 index 000000000000..3703c8bf36a2 --- /dev/null +++ b/net/amneziawg-tools/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1744661306 +SHA256 (amnezia-vpn-amneziawg-tools-1.0.20241018-v1.0.20241018_GH0.tar.gz) = 60f1cec1774fb871a2d8dc24e4f731625516d90f663d6e0d2c77d9247222f2f9 +SIZE (amnezia-vpn-amneziawg-tools-1.0.20241018-v1.0.20241018_GH0.tar.gz) = 156259 diff --git a/net/amneziawg-tools/files/amneziawg.in b/net/amneziawg-tools/files/amneziawg.in new file mode 100644 index 000000000000..beb12e026827 --- /dev/null +++ b/net/amneziawg-tools/files/amneziawg.in @@ -0,0 +1,74 @@ +#!/bin/sh + +# PROVIDE: amneziawg +# REQUIRE: NETWORKING +# KEYWORD: shutdown +# +# amneziawg_enable (bool): Set to "YES" to enable amneziawg. +# (default: "NO") +# +# amneziawg_interfaces (str): List of interfaces to bring up/down +# on start/stop. (eg: "awg0 awg1") +# (default: "") +# amneziawg_env (str): Environment variables for the userspace +# implementation. (eg: "LOG_LEVEL=debug") + +. /etc/rc.subr + +name=amneziawg +rcvar=amneziawg_enable +extra_commands="reload status" + +start_cmd="${name}_start" +stop_cmd="${name}_stop" +reload_cmd="${name}_reload" +status_cmd="${name}_status" + +amneziawg_start() +{ + ${amneziawg_env:+eval export $amneziawg_env} + kldload -n if_awg + + for interface in ${amneziawg_interfaces}; do + %%PREFIX%%/bin/awg-quick up ${interface} + done +} + +amneziawg_stop() +{ + for interface in ${amneziawg_interfaces}; do + %%PREFIX%%/bin/awg-quick down ${interface} + done +} + +amneziawg_reload() +{ + ${amneziawg_env:+eval export $amneziawg_env} + + for interface in ${amneziawg_interfaces}; do + tmpfile="`mktemp`" + %%PREFIX%%/bin/awg-quick strip ${interface} > ${tmpfile} + %%PREFIX%%/bin/awg syncconf ${interface} ${tmpfile} + rm -f ${tmpfile} + done +} + +amneziawg_status() +{ + ${amneziawg_env:+eval export $amneziawg_env} + amneziawg_status="0" + + for interface in ${amneziawg_interfaces}; do + %%PREFIX%%/bin/awg show ${interface} || amneziawg_status="1" + done + + return ${amneziawg_status} +} + +load_rc_config $name + +: ${amneziawg_enable="NO"} +: ${amneziawg_interfaces=""} +: ${amneziawg_env=""} + +run_rc_command "$1" diff --git a/net/amneziawg-tools/files/patch-config.c b/net/amneziawg-tools/files/patch-config.c new file mode 100644 index 000000000000..6e00e1f19d4d --- /dev/null +++ b/net/amneziawg-tools/files/patch-config.c @@ -0,0 +1,11 @@ +--- config.c.orig 2025-06-13 09:33:11 UTC ++++ config.c +@@ -252,7 +252,7 @@ static inline bool parse_endpoint(struct sockaddr *end + * + * So this is what we do, except FreeBSD removed EAI_NODATA some time ago, so that's conditional. + */ +- if (ret == EAI_NONAME || ret == EAI_FAIL || ++ if (/* ret == EAI_NONAME || */ ret == EAI_FAIL || + #ifdef EAI_NODATA + ret == EAI_NODATA || + #endif diff --git a/net/amneziawg-tools/files/patch-ipc-freebsd.h b/net/amneziawg-tools/files/patch-ipc-freebsd.h new file mode 100644 index 000000000000..9660fa0126ed --- /dev/null +++ b/net/amneziawg-tools/files/patch-ipc-freebsd.h @@ -0,0 +1,11 @@ +--- ipc-freebsd.h.orig 2025-07-22 19:01:39 UTC ++++ ipc-freebsd.h +@@ -21,7 +21,7 @@ static int kernel_get_wireguard_interfaces(struct stri + + static int kernel_get_wireguard_interfaces(struct string_list *list) + { +- struct ifgroupreq ifgr = { .ifgr_name = "wg" }; ++ struct ifgroupreq ifgr = { .ifgr_name = "awg" }; + struct ifg_req *ifg; + int s = get_dgram_socket(), ret = 0; + diff --git a/net/amneziawg-tools/files/patch-wg-quick_freebsd.bash b/net/amneziawg-tools/files/patch-wg-quick_freebsd.bash new file mode 100644 index 000000000000..c259697256a7 --- /dev/null +++ b/net/amneziawg-tools/files/patch-wg-quick_freebsd.bash @@ -0,0 +1,192 @@ +--- wg-quick/freebsd.bash.orig 2024-10-01 13:02:42 UTC ++++ wg-quick/freebsd.bash +@@ -25,11 +25,17 @@ CONFIG_FILE="" + POST_DOWN=( ) + SAVE_CONFIG=0 + CONFIG_FILE="" ++DESCRIPTION="" ++USERLAND=0 + PROGRAM="${0##*/}" + ARGS=( "$@" ) + + IS_ASESCURITY_ON=0 + ++ ++declare -A ROUTES ++ ++ + cmd() { + echo "[#] $*" >&3 + "$@" +@@ -40,7 +46,7 @@ die() { + exit 1 + } + +-CONFIG_SEARCH_PATHS=( /etc/amnezia/amneziawg /usr/local/etc/amnezia/amneziawg ) ++CONFIG_SEARCH_PATHS=( /usr/local/etc/amnezia/amneziawg /usr/local/etc/wireguard ) + + unset ORIGINAL_TMPDIR + make_temp() { +@@ -64,7 +70,7 @@ parse_options() { + } + + parse_options() { +- local interface_section=0 line key value stripped path v ++ local interface_section=0 line key value stripped path v last_public_key + CONFIG_FILE="$1" + if [[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]]; then + for path in "${CONFIG_SEARCH_PATHS[@]}"; do +@@ -82,7 +88,7 @@ parse_options() { + stripped="${line%%\#*}" + key="${stripped%%=*}"; key="${key##*([[:space:]])}"; key="${key%%*([[:space:]])}" + value="${stripped#*=}"; value="${value##*([[:space:]])}"; value="${value%%*([[:space:]])}" +- [[ $key == "["* ]] && interface_section=0 ++ [[ $key == "["* ]] && interface_section=0 && last_public_key="" + [[ $key == "[Interface]" ]] && interface_section=1 + if [[ $interface_section -eq 1 ]]; then + case "$key" in +@@ -96,9 +102,12 @@ parse_options() { + PreDown) PRE_DOWN+=( "$value" ); continue ;; + PostUp) POST_UP+=( "$value" ); continue ;; + PostDown) POST_DOWN+=( "$value" ); continue ;; ++ Description) DESCRIPTION="$value"; continue ;; + SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;; ++ UserLand) read_bool USERLAND "$value"; continue ;; + esac + case "$key" in ++ + Jc);& + Jmin);& + Jmax);& +@@ -109,6 +118,12 @@ parse_options() { + H3);& + H4) IS_ASESCURITY_ON=1;; + esac ++ else ++ case "$key" in ++ PublicKey) last_public_key="$value" ;; ++ Routes) ROUTES["$last_public_key"]="$value"; continue ;; ++ DynamicRoutes) continue ;; ++ esac + fi + WG_CONFIG+="$line"$'\n' + done < "$CONFIG_FILE" +@@ -130,11 +145,14 @@ add_if() { + add_if() { + local ret rc +- local cmd="ifconfig wg create name "$INTERFACE"" +- if [[ $IS_ASESCURITY_ON == 1 ]]; then ++ local cmd="ifconfig awg create name "$INTERFACE"" ++ if [[ $USERLAND == 1 ]]; then + cmd="amneziawg-go "$INTERFACE""; + fi +- if ret="$(cmd $cmd 2>&1 >/dev/null)"; then +- return 0 ++ if [ -n "$DESCRIPTION" ]; then ++ ret="$(cmd $cmd description "$DESCRIPTION" 2>&1 >/dev/null)" && return 0 ++ else ++ ++ ret="$(cmd $cmd 2>&1 >/dev/null)" && return 0 + fi + rc=$? + if [[ $ret == *"ifconfig: ioctl SIOCSIFNAME (set name): File exists"* ]]; then +@@ -209,7 +227,7 @@ set_mtu() { + [[ ${BASH_REMATCH[1]} == *:* ]] && family=inet6 + output="$(route -n get "-$family" "${BASH_REMATCH[1]}" || true)" + [[ $output =~ interface:\ ([^ ]+)$'\n' && $(ifconfig "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}" +- done < <(wg show "$INTERFACE" endpoints) ++ done < <(awg show "$INTERFACE" endpoints) + if [[ $mtu -eq 0 ]]; then + read -r output < <(route -n get default || true) || true + [[ $output =~ interface:\ ([^ ]+)$'\n' && $(ifconfig "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}" +@@ -242,7 +260,7 @@ collect_endpoints() { + while read -r _ endpoint; do + [[ $endpoint =~ ^\[?([a-z0-9:.]+)\]?:[0-9]+$ ]] || continue + ENDPOINTS+=( "${BASH_REMATCH[1]}" ) +- done < <(wg show "$INTERFACE" endpoints) ++ done < <(awg show "$INTERFACE" endpoints) + } + + set_endpoint_direct_route() { +@@ -301,14 +319,13 @@ monitor_daemon() { + (make_temp + trap 'del_routes; clean_temp; exit 0' INT TERM EXIT + exec >/dev/null 2>&1 +- exec 19< <(exec route -n monitor) ++ exec 19< <(exec stdbuf -oL route -n monitor) + local event pid=$! + # TODO: this should also check to see if the endpoint actually changes + # in response to incoming packets, and then call set_endpoint_direct_route + # then too. That function should be able to gracefully cleanup if the + # endpoints change. + while read -u 19 -r event; do +- [[ $event == RTM_* ]] || continue + ifconfig "$INTERFACE" >/dev/null 2>&1 || break + [[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]] && set_endpoint_direct_route + # TODO: set the mtu as well, but only if up +@@ -354,7 +371,7 @@ set_config() { + } + + set_config() { +- echo "$WG_CONFIG" | cmd wg setconf "$INTERFACE" /dev/stdin ++ echo "$WG_CONFIG" | cmd awg setconf "$INTERFACE" /dev/stdin + } + + save_config() { +@@ -386,7 +403,7 @@ save_config() { + done + old_umask="$(umask)" + umask 077 +- current_config="$(cmd wg showconf "$INTERFACE")" ++ current_config="$(cmd awg showconf "$INTERFACE")" + trap 'rm -f "$CONFIG_FILE.tmp"; clean_temp; exit' INT TERM EXIT + echo "${current_config/\[Interface\]$'\n'/$new_config}" > "$CONFIG_FILE.tmp" || die "Could not write configuration file" + sync "$CONFIG_FILE.tmp" +@@ -433,6 +450,20 @@ cmd_usage() { + _EOF + } + ++get_routes() { ++ while read -r pub_key i; do ++ if [[ -v "ROUTES[$pub_key]" ]]; then ++ for route in ${ROUTES[$pub_key]//,/ }; do ++ echo "$route" ++ done ++ else ++ for j in $i; do ++ [[ $j =~ ^[0-9a-z:.]+/[0-9]+$ ]] && echo "$j" ++ done ++ fi ++ done < <(awg show "$INTERFACE" allowed-ips) | sort -nr -k 2 -t / ++} ++ + cmd_up() { + local i + [[ -z $(ifconfig "$INTERFACE" 2>/dev/null) ]] || die "\`$INTERFACE' already exists" +@@ -446,7 +477,7 @@ cmd_up() { + set_mtu + up_if + set_dns +- for i in $(while read -r _ i; do for i in $i; do [[ $i =~ ^[0-9a-z:.]+/[0-9]+$ ]] && echo "$i"; done; done < <(wg show "$INTERFACE" allowed-ips) | sort -nr -k 2 -t /); do ++ for i in $(get_routes); do + add_route "$i" + done + [[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]] && set_endpoint_direct_route +@@ -456,7 +487,7 @@ cmd_down() { + } + + cmd_down() { +- [[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface" ++ [[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface" + execute_hooks "${PRE_DOWN[@]}" + [[ $SAVE_CONFIG -eq 0 ]] || save_config + del_if +@@ -465,7 +496,7 @@ cmd_save() { + } + + cmd_save() { +- [[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface" ++ [[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface" + save_config + } + diff --git a/net/amneziawg-tools/pkg-descr b/net/amneziawg-tools/pkg-descr new file mode 100644 index 000000000000..fdd8572d80a5 --- /dev/null +++ b/net/amneziawg-tools/pkg-descr @@ -0,0 +1,2 @@ +This supplies the main userspace tooling for using and configuring +WireGuard tunnels, including the wg(8) and wg-quick(8) utilities. diff --git a/net/amneziawg-tools/pkg-plist b/net/amneziawg-tools/pkg-plist new file mode 100644 index 000000000000..c0a76bc03aa3 --- /dev/null +++ b/net/amneziawg-tools/pkg-plist @@ -0,0 +1,7 @@ +bin/awg +bin/awg-quick +share/bash-completion/completions/awg +share/bash-completion/completions/awg-quick +share/man/man8/awg.8.gz +share/man/man8/awg-quick.8.gz +@dir etc/amnezia/amneziawg |