[fix] Support multiple wireguard tunnels on same device openwisp#657

Fixes openwisp#657
carbans · Jun 24, 2022 · c02d527 · c02d527
1 parent 2504eaa
commit c02d527
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 2 deletions.
diff --git a/openwisp_controller/config/base/config.py b/openwisp_controller/config/base/config.py
@@ -543,9 +543,9 @@ def get_vpn_context(self):
                     }
                 )
             if vpnclient.public_key:
-                context['public_key'] = vpnclient.public_key
+                context[f'pub_key_{vpn_id}'] = vpnclient.public_key
             if vpnclient.private_key:
-                context['private_key'] = vpnclient.private_key
+                context[f'pvt_key_{vpn_id}'] = vpnclient.private_key
             if vpn.subnet:
                 if vpnclient.ip:
                     context[vpn_context_keys['ip_address']] = vpnclient.ip.ip_address

diff --git a/openwisp_controller/config/base/vpn.py b/openwisp_controller/config/base/vpn.py
@@ -372,6 +372,7 @@ def _get_auto_context_keys(self):
                     'public_key': 'public_key_{}'.format(pk),
                     'ip_address': 'ip_address_{}'.format(pk),
                     'vpn_subnet': 'vpn_subnet_{}'.format(pk),
+                    'private_key': 'pvt_key_{}'.format(pk),
                 }
             )
         if self._is_backend_type('vxlan'):

diff --git a/openwisp_controller/config/migrations/0042_multiple_wireguard_tunnels.py b/openwisp_controller/config/migrations/0042_multiple_wireguard_tunnels.py
@@ -0,0 +1,71 @@
+# Generated by Django 4.0.5 on 2022-06-24 06:31
+
+from django.db import migrations
+
+from ..migrations import get_swapped_model
+
+
+def get_wireguard_and_vxlan_wireguard_templates(apps):
+    template_model = get_swapped_model(apps, 'config', 'Template')
+    return template_model.objects.filter(type='vpn', vpn__backend__contains='Wireguard')
+
+
+def allow_multiple_wireguard_tunneling(apps, schema_editor):
+    templates = get_wireguard_and_vxlan_wireguard_templates(apps).iterator()
+    for template in templates:
+        config = template.config
+        interfaces = config['interfaces']
+        vpn_id = template.vpn.pk.hex
+        changed = False
+        for interface in interfaces:
+            interface_type = interface.get('type', None)
+            private_key = interface.get('private_key', None)
+            if interface_type != 'wireguard' or not private_key:
+                continue
+            if private_key not in [
+                '{{private_key}}',
+                '{{ private_key }}',
+            ]:
+                continue
+            interface['private_key'] = '{{pvt_key_%s}}' % vpn_id
+            changed = True
+        if not changed:
+            continue
+        template.config = config
+        template.save(update_fields=['config'])
+
+
+def disallow_multiple_wireguard_tunneling(apps, schema_editor):
+    templates = get_wireguard_and_vxlan_wireguard_templates(apps).iterator()
+    for template in templates:
+        config = template.config
+        interfaces = config['interfaces']
+        vpn_id = template.vpn.pk.hex
+        changed = False
+        for interface in interfaces:
+            interface_type = interface.get('type', None)
+            private_key = interface.get('private_key', None)
+            if interface_type != 'wireguard' or not private_key:
+                continue
+            if f'pvt_key_{vpn_id}' not in private_key:
+                continue
+            interface['private_key'] = '{{private_key}}'
+            changed = True
+        if not changed:
+            continue
+        template.config = config
+        template.save(update_fields=['config'])
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('config', '0041_default_groups_organizationconfigsettings_permission'),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            code=allow_multiple_wireguard_tunneling,
+            reverse_code=disallow_multiple_wireguard_tunneling,
+        ),
+    ]