CyberMind-FR
e58f479cd4
Add detection patterns for latest actively exploited vulnerabilities: - CVE-2025-55182 (React2Shell, CVSS 10.0) - CVE-2025-8110 (Gogs RCE), CVE-2025-53770 (SharePoint) - CVE-2025-52691 (SmarterMail), CVE-2025-40551 (SolarWinds) - CVE-2024-47575 (FortiManager), CVE-2024-21887 (Ivanti) - CVE-2024-3400, CVE-2024-0012, CVE-2024-9474 (PAN-OS) New attack categories based on OWASP Top 10 2025: - HTTP Request Smuggling (TE.CL/CL.TE conflicts) - AI/LLM Prompt Injection (ChatML, instruction markers) - WAF Bypass techniques (Unicode normalization, double encoding) - Supply Chain attacks (CI/CD poisoning, dependency confusion) - Extended SSTI (Jinja2, Freemarker, Velocity, Thymeleaf) - API Abuse (BOLA/IDOR, mass assignment) CrowdSec scenarios split into 11 separate files for reliability. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| .github/workflows | ||
| htdocs/luci-static/resources | ||
| root | ||
| Makefile | ||
| README.md | ||
LuCI WireGuard Dashboard
Modern WireGuard VPN management interface for OpenWrt with setup wizard, peer management, and real-time monitoring.
Features
- Setup Wizard: Create tunnels and peers in minutes with presets for common use cases
- Dashboard Overview: Real-time status of all tunnels and peers
- Peer Management: Add, remove, and configure peers with QR code generation
- Traffic Monitoring: Live bandwidth statistics per interface and peer
- Client Config Export: Generate configuration files and QR codes for mobile apps
Installation
opkg update
opkg install luci-app-wireguard-dashboard
Dependencies
wireguard-tools- WireGuard userspace toolsluci-base- LuCI web interfaceqrencode(optional) - For server-side QR code generation
Setup Wizard
The wizard provides preset configurations for common VPN scenarios:
Tunnel Presets
| Preset | Description | Default Port | Network |
|---|---|---|---|
| Road Warrior | Remote access for mobile users | 51820 | 10.10.0.0/24 |
| Site-to-Site | Connect two networks | 51821 | 10.20.0.0/24 |
| IoT Tunnel | Isolated tunnel for smart devices | 51822 | 10.30.0.0/24 |
Peer Zone Presets
| Zone | Description | Tunnel Mode |
|---|---|---|
| Home User | Full network access | Full |
| Remote Worker | Office resources only | Split |
| Mobile Device | On-the-go access | Full |
| IoT Device | Limited VPN-only access | Split |
| Guest | Temporary visitor access | Full |
| Server/Site | Site-to-site connection | Split |
Wizard Flow
- Select Tunnel Type - Choose preset (Road Warrior, Site-to-Site, IoT)
- Configure Tunnel - Set interface name, port, VPN network, public endpoint
- Select Peer Zones - Choose which peer types to create
- Create - Wizard generates keys, creates interface, adds peers, shows QR codes
RPCD API
The dashboard communicates via luci.wireguard-dashboard RPCD object.
Methods
| Method | Parameters | Description |
|---|---|---|
status |
- | Get overall WireGuard status |
interfaces |
- | List all WireGuard interfaces |
peers |
- | List all peers with status |
traffic |
- | Get traffic statistics |
generate_keys |
- | Generate new key pair + PSK |
create_interface |
name, private_key, listen_port, addresses, mtu | Create new WireGuard interface with firewall rules |
add_peer |
interface, name, allowed_ips, public_key, preshared_key, endpoint, persistent_keepalive | Add peer to interface |
remove_peer |
interface, public_key | Remove peer from interface |
interface_control |
interface, action (up/down/restart) | Control interface state |
generate_config |
interface, peer, private_key, endpoint | Generate client config file |
generate_qr |
interface, peer, private_key, endpoint | Generate QR code (requires qrencode) |
Example: Create Interface via CLI
# Generate keys
keys=$(ubus call luci.wireguard-dashboard generate_keys '{}')
privkey=$(echo "$keys" | jsonfilter -e '@.private_key')
# Create interface
ubus call luci.wireguard-dashboard create_interface "{
\"name\": \"wg0\",
\"private_key\": \"$privkey\",
\"listen_port\": \"51820\",
\"addresses\": \"10.10.0.1/24\",
\"mtu\": \"1420\"
}"
Example: Add Peer via CLI
# Generate peer keys
peer_keys=$(ubus call luci.wireguard-dashboard generate_keys '{}')
peer_pubkey=$(echo "$peer_keys" | jsonfilter -e '@.public_key')
peer_psk=$(echo "$peer_keys" | jsonfilter -e '@.preshared_key')
# Add peer
ubus call luci.wireguard-dashboard add_peer "{
\"interface\": \"wg0\",
\"name\": \"Phone\",
\"allowed_ips\": \"10.10.0.2/32\",
\"public_key\": \"$peer_pubkey\",
\"preshared_key\": \"$peer_psk\",
\"persistent_keepalive\": \"25\"
}"
Firewall Integration
When creating an interface via the wizard or create_interface API, the following firewall rules are automatically created:
- Zone (
wg_<interface>): INPUT/OUTPUT/FORWARD = ACCEPT - Forwarding: Bidirectional forwarding to/from
lanzone - WAN Rule: Allow UDP traffic on listen port from WAN
File Locations
| File | Purpose |
|---|---|
/usr/libexec/rpcd/luci.wireguard-dashboard |
RPCD backend |
/www/luci-static/resources/wireguard-dashboard/api.js |
JavaScript API wrapper |
/www/luci-static/resources/view/wireguard-dashboard/*.js |
LuCI views |
/usr/share/luci/menu.d/luci-app-wireguard-dashboard.json |
Menu configuration |
/usr/share/rpcd/acl.d/luci-app-wireguard-dashboard.json |
ACL permissions |
Troubleshooting
Interface not coming up
# Check interface status
wg show wg0
# Check UCI configuration
uci show network.wg0
# Manually bring up
ifup wg0
# Check logs
logread | grep -i wireguard
Peers not connecting
- Verify firewall port is open:
iptables -L -n | grep 51820 - Check endpoint is reachable from client
- Verify allowed_ips match on both ends
- Check for NAT issues - enable PersistentKeepalive
QR codes not generating
Install qrencode for server-side QR generation:
opkg install qrencode
The dashboard also supports client-side QR generation via JavaScript (no server dependency).
License
Apache-2.0
Author
CyberMind.fr - SecuBox Project