joseantmazonsb / linguard Goto Github PK

Page breaks if I put linguard to subdirectory of nginx reverse proxy.
It would be nice to have added support for reverse proxy subdirectory support.

IP addresses must be within the same network for all peers of a given interface

Via email maybe?

Debian 10

└>lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 10 (buster)
Release:	10
Codename:	buster
└>uname -a
Linux wginterface 4.19.0-17-amd64 #1 SMP Debian 4.19.194-2 (2021-06-21) x86_64 GNU/Linux

    If you did intend to build this package from source, try installing a Rust compiler from your system package manager and ensure it is on the PATH during installation. Alternatively, rustup (available at https://rustup.rs) is the recommended way to download and update the Rust compiler toolchain.
    
    This package requires Rust >=1.41.0.
    
    ----------------------------------------
  Can't roll back cryptography; was not uninstalled
Command "/usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-jewgzdeg/cryptography/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-k3nzuegy/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-install-jewgzdeg/cryptography/
[FATAL] Unable to install requirements.

also

[INFO] Setting up virtual environment...
./install.sh: line 102: virtualenv: command not found
./install.sh: line 103: /var/www/linguard/venv/bin/activate: No such file or directory

The profile page will show basic info about the user and will allow change of password.

When implementing SQL drivers, maybe implement an interface for additional connection types.

Add an option to import peers and interfaces from a wireguard file.
Also add an option to download the wireguard configuration files of interfaces just like it's done with peers.

Page breaks if I put linguard to subdirectory of nginx reverse proxy.
It would be nice to have added support for reverse proxy subdirectory support.

Linguard is great, it just lacks a way to control the total traffic of the connecting user. In my case I do not want to exceed the traffic of my vps

After installing and configuring (interface and peer), I connect correctly. But I don't have internet access.
Those. I can ping the interface and other peers, but I can't open or ping sites.
Installed on VPS.

Help, please, to solve a problem.

Describe the bug:

In the UI, the column to show when the last handshake for a peer was is always showing none even when wg show lists it.

To Reproduce:

Steps to reproduce the behavior:

1. Create a peer for an interface if you do not already have one.
2. Go to the Network tab on the left navigation bar.
3. Click the More button at the bottom of your Wireguard interface.
4. Scroll down to the peers section.
5. Observe that the last handshake displays None
6. Open a CLI to the server running your Linguard instance and run the wg show command. As long as a peer has connected previously it should show the latest handshake time.

Expected behavior:

The UI should show the same time as the CLI wg show command when looking at the peers Last Handshake column.

Screenshots:

CLI Result:

UI Display:

Desktop:

• OS: macOS Monterey
• Browser: Firefox 96.0.2

Server:

• OS: Ubuntu 20.04
• wireguard-tools: v1.0.20200513
• Linguard: v1.1.0 (bare-metal install)

Describe the bug
/usr/sbin/iptables is mapped to container's iptables, so it adds iptables rules to container's, they aren't added to host's iptables, and so the routing does not work. I found a workaround by making it use /usr/sbin/iptables-legacy instead.

I think the solution would be to use a different base image.

To Reproduce
Steps to reproduce the behavior:

1. Create new server
2. See iptables rule not being added to host's iptables

Server:

• OS: Alpine 3.15

Is your feature request related to a problem? Please describe.
I would like to add an optional field when adding peers - AllowedIPs configuration

Describe the solution you'd like
Would also be great if it was based upon templates/pre-existing/pre-used (autocomplete maybe??) values.

Describe alternatives you've considered
Currently I'm manually edit each peer-config, which unfortunately makes the pre-existing QR-code generator unusable.

Additional context
I'm not that great of a python developer, but i'll make an effort in modifying this myself later this week...

The docker compose has both a ports section and network_mode = "host". You can have one or the other, but not both.

The dashboard will show a traffic chart for peers and interfaces.
The dashboard will show information of every wg interface and peer.
The dashboard will show last login's date.
The dashboard will indicate the date Linguard was last started (this will reset every time linguard is restarted)

The user will be able to edit the uwsgi TLS settings via Linguard's UX.

Coverage will only be reported for the main and dev branches.

The readme should not have a Docs page. Instead, the user will be referred to a a wiki

Describe the bug
With systemd install, doesn't automatically set ip forwarding for ipv4. cat /proc/sys/net/ipv4/ip_forward output is 0.
To Reproduce
Steps to reproduce the behavior:

1. cat /proc/sys/net/ipv4/ip_forward

Expected behavior
cat /proc/sys/net/ipv4/ip_forward output is 1.

• OS: Ubuntu 20.04 fresh install (in aws ec2)
• Version [1.1.0]

Is your feature request related to a problem? Please describe:

Not really, it is just something I have noticed that I then change manually in every config file for my clients before enabling them. This would save time and make it easier.

Describe the solution you'd like:

When creating a peer, if a user enters an IP address without an subnet mask then upon saving it should automatically append /32 to that address to keep in inline with what Wireguard can accept/expect from those fields. If a user enters an IP address with their own /xx subnet mask then upon saving it will simply save what they have entered.

This would allow it so when downloading a config file, the Interface Address would be properly formatted in a CIDR format even if the user did not manually add the subnet mask.

Describe alternatives you've considered:

Another consideration is to have this split into two field, a IP address and a CIDR range field. The IP field would be left as is but put a format validator on it to validate it is only IP addresses entered then have another field for a integer that is the CIDR range. This would default to 32 but allow the user to enter a valid CIDR range (0-32).

When exporting a configuration file or managing the server this would automatically be converted to a CIDR formatted field with the IP and CIDR range field being combined.

Additional context:

Either of the two above ideas would be fine in my books, and can just help police the values being exported and saved for the config values to a common format.

Testing on a fresh hyper-v debian 11 guest vm.

I see how to set the port but what about the bind nic/adapter? Reason I ask is, It start and it looks like its running but on 127.0.0.1:8080 and I cant access via http://192.168.1.100:8080/. maybe im missing something. It's a headless vm with only ssh access.

either way im excited to play with this some more. looks promising.

Also found a type-o in install.sh on line 105 - replace requirements.txts with requirements.txt
pip3 install -r "${INSTALLATION_PATH}"/requirements.txt

Awesome work all around! 👍

~SOL

Is your feature request related to a problem? Please describe.
Yes and no, I am on dev branc and importing my existing config fails because i am using pre-shared keys i had to remove them

Describe the solution you'd like
The ability to use pre shared keys when setting up peers

If I press save to try and change the username or password, the banner will say "Logged in ."

Allow an option to display a QR code based on the configuration file of a given peer.

Something similar to the display of the secret key used for authentication.

Linguard not showing correctly when configured to be served via nginx subdir reverse proxy.

Used configuration:

location /linguard/ {
#    rewrite ^/linguard/(.*) /$1  break;
    proxy_pass http://127.0.0.1:8080;
#    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}

adding rewrite rule doesn't help.

Use github actions/jenkins or any other CD/CI technology to automatize the process of building and testing the project

Only administrators will be able to interact with the UX.
Hence, the first time linguard is launched it will ask the user to create a password for the admin role. The user will be able to change its password later on through the profile page.

The settings page will allow the user to view and edit all global options available through the configuration file.

If the interfaces folder is changed, all interfaces will be stopped, the old folder will be deleted and the interfaces that were running before the changes will be brought up again,
If any log option is changed, the logger will apply the changes immediately.

The first time Linguard starts, after the admin password is set, a setup page will be displayed to help the user set the main global options.

The user will be able to select the gateway of their wireguard interfaces from a list when creating or editing such interfaces.

Probably caused by the settings refactor

Is your feature request related to a problem? Please describe.
Adding IPv6 Adresses needs editing the config files since theres no option in GUI.

Describe the solution you'd like
Adding the Option next to the IPv4 window so the VPN can listen on both.
(For Server and Peer settings)

Describe alternatives you've considered
Maybe change the IPv4 bracket to "IP" and make it optional to add IPv6 Adresses to this bracket.

Additional context

in conf file it looks like this (example of course)

[Interface]
Address = 127.0.0.1/24, ::1/64

Thanks :)

If overwrite was disabled and is now enabled, the log file will be overwritten the next time the app boots up. Currently the log file is overwritten whenever the log settings are saved if overwrite is set to true.

Make linguard platform agnostic and provide installation scripts for linux, windows and macOs

I use Keycloak and would love to have built in support. Using Flask-OIDC is probably the easiest to integrate.

Is your feature request related to a problem? Please describe.
When adding or removing peer the wireguard interface gets restarted causing everyone on vpn to got frozen connections for couple of seconds, which sometimes result in ssh sessions terminated. That is unnecessary, thare are commands to add new peer and to remove peer without reloading the whole configuration.

Describe the solution you'd like
Commands to add new peer and to remove peer without reloading the whole configuration:
wg set "wg-interface" peer "peer-public-key" remove
wg set "wg-interface" peer "peer-public-key" allowed-ips "ip_address"