Open Flole998 opened 2 months ago
Can you please share your data-scrubbed wireguard object?
I need to see what xml tags are contained in the wireguard object and likely write an exception for it.
One thing I saw that might need changing or removal is this:
<system>
<earlyshellcmd>service wireguardd start</earlyshellcmd>
<earlyshellcmd>/usr/local/bin/php-cgi -f /usr/local/bin/apply_patches.php</earlyshellcmd>
....
</system>
the original config looks similar to this
<installedpackages>
<wireguard>
<config>
<enable>on</enable>
<keep_conf>yes</keep_conf>
<resolve_interval>300</resolve_interval>
<resolve_interval_track>no</resolve_interval_track>
<interface_group>all</interface_group>
<hide_secrets>yes</hide_secrets>
<hide_peers>yes</hide_peers>
</config>
<tunnels>
<item>
<addresses></addresses>
<name>tun_wg1</name>
<enabled>yes</enabled>
<descr><![CDATA[Wireguard]]></descr>
<listenport>1234</listenport>
<privatekey>XXXXXXXXXXX</privatekey>
<publickey>XXXXXXXXXXX</publickey>
<mtu>1500</mtu>
</item>
<item>
<addresses>
<row>
<address>1.2.3.4</address>
<mask>24</mask>
<descr></descr>
</row>
</addresses>
<name>tun_wg0</name>
<enabled>yes</enabled>
<descr><![CDATA[Test]]></descr>
<listenport>1925</listenport>
<privatekey>XXXXXXXXX</privatekey>
<publickey>XXXXXXXXX</publickey>
<mtu>1420</mtu>
</item>
</tunnels>
<peers>
<item>
<allowedips>
<row>
<address>0.0.0.0</address>
<mask>0</mask>
<descr></descr>
</row>
</allowedips>
<enabled>yes</enabled>
<tun>tun_wg1</tun>
<descr><![CDATA[Test]]></descr>
<endpoint>XXXXXX</endpoint>
<port>1234</port>
<persistentkeepalive>25</persistentkeepalive>
<publickey>XXXXXXXXX</publickey>
<presharedkey>XXXXXXXXX</presharedkey>
</item>
</peers>
</wireguard>
Seems like it needs to be moved and translated partially:
<OPNsense>
<wireguard>
<general version="0.0.1">
<enabled>1</enabled>
</general>
<client version="1.0.0">
<clients/>
</client>
<server version="1.0.0">
<servers>
<server uuid="e83cd5a0-21ab-4223-9778-de4de56819b1">
<enabled>1</enabled>
<name>Test</name>
<instance>0</instance>
<pubkey>N/JFUsYRBmG31r07uEtYehBwbNAOgkAc4O2LcN3Mr0Q=</pubkey>
<privkey>YONcweRoHucFilhUVr6KSbf9SOYKyHei8ePb7ZbUZHA=</privkey>
<port>1234</port>
<mtu/>
<dns/>
<tunneladdress/>
<disableroutes>0</disableroutes>
<gateway/>
<carp_depend_on/>
<peers/>
<endpoint/>
<peer_dns/>
</server>
</servers>
</server>
</wireguard>
(Those keys are left in there intentionally, it's just a test instance)
These are definitely not mapped - I've never seen this before.
I'll see if I can write a handler for this in the next day or so.
I am using wireguard on pfSense and on opnSense the wireguard settings are empty after importing the converted config. It should contain the wireguard config from pfSense,