mwood77 / pf2opn

An in-browser pfsense to opnsense converter.
https://www.pf2opn.com
Other
91 stars 7 forks source link

Missing wireguard import #40

Open Flole998 opened 2 months ago

Flole998 commented 2 months ago

I am using wireguard on pfSense and on opnSense the wireguard settings are empty after importing the converted config. It should contain the wireguard config from pfSense,

mwood77 commented 2 months ago

Can you please share your data-scrubbed wireguard object?

I need to see what xml tags are contained in the wireguard object and likely write an exception for it.

Flole998 commented 2 months ago

One thing I saw that might need changing or removal is this:

    <system>
        <earlyshellcmd>service wireguardd start</earlyshellcmd>
        <earlyshellcmd>/usr/local/bin/php-cgi -f /usr/local/bin/apply_patches.php</earlyshellcmd>
....
    </system>

the original config looks similar to this

    <installedpackages>
        <wireguard>
            <config>
                <enable>on</enable>
                <keep_conf>yes</keep_conf>
                <resolve_interval>300</resolve_interval>
                <resolve_interval_track>no</resolve_interval_track>
                <interface_group>all</interface_group>
                <hide_secrets>yes</hide_secrets>
                <hide_peers>yes</hide_peers>
            </config>
            <tunnels>
                <item>
                    <addresses></addresses>
                    <name>tun_wg1</name>
                    <enabled>yes</enabled>
                    <descr><![CDATA[Wireguard]]></descr>
                    <listenport>1234</listenport>
                    <privatekey>XXXXXXXXXXX</privatekey>
                    <publickey>XXXXXXXXXXX</publickey>
                    <mtu>1500</mtu>
                </item>
                <item>
                    <addresses>
                        <row>
                            <address>1.2.3.4</address>
                            <mask>24</mask>
                            <descr></descr>
                        </row>
                    </addresses>
                    <name>tun_wg0</name>
                    <enabled>yes</enabled>
                    <descr><![CDATA[Test]]></descr>
                    <listenport>1925</listenport>
                    <privatekey>XXXXXXXXX</privatekey>
                    <publickey>XXXXXXXXX</publickey>
                    <mtu>1420</mtu>
                </item>
            </tunnels>
            <peers>
                <item>
                    <allowedips>
                        <row>
                            <address>0.0.0.0</address>
                            <mask>0</mask>
                            <descr></descr>
                        </row>
                    </allowedips>
                    <enabled>yes</enabled>
                    <tun>tun_wg1</tun>
                    <descr><![CDATA[Test]]></descr>
                    <endpoint>XXXXXX</endpoint>
                    <port>1234</port>
                    <persistentkeepalive>25</persistentkeepalive>
                    <publickey>XXXXXXXXX</publickey>
                    <presharedkey>XXXXXXXXX</presharedkey>
                </item>
            </peers>
        </wireguard>
Flole998 commented 2 months ago

Seems like it needs to be moved and translated partially:

  <OPNsense>
    <wireguard>
      <general version="0.0.1">
        <enabled>1</enabled>
      </general>
      <client version="1.0.0">
        <clients/>
      </client>
      <server version="1.0.0">
        <servers>
          <server uuid="e83cd5a0-21ab-4223-9778-de4de56819b1">
            <enabled>1</enabled>
            <name>Test</name>
            <instance>0</instance>
            <pubkey>N/JFUsYRBmG31r07uEtYehBwbNAOgkAc4O2LcN3Mr0Q=</pubkey>
            <privkey>YONcweRoHucFilhUVr6KSbf9SOYKyHei8ePb7ZbUZHA=</privkey>
            <port>1234</port>
            <mtu/>
            <dns/>
            <tunneladdress/>
            <disableroutes>0</disableroutes>
            <gateway/>
            <carp_depend_on/>
            <peers/>
            <endpoint/>
            <peer_dns/>
          </server>
        </servers>
      </server>
    </wireguard>

(Those keys are left in there intentionally, it's just a test instance)

mwood77 commented 2 months ago

These are definitely not mapped - I've never seen this before.

I'll see if I can write a handler for this in the next day or so.