From 97f88b63af28163220f4e01c9af8619f952b3f06 Mon Sep 17 00:00:00 2001 From: "Alex A. Naanou" Date: Tue, 9 Jan 2024 03:21:36 +0300 Subject: [PATCH] added wireguard (untested)... Signed-off-by: Alex A. Naanou --- wireguard/assets/etc/wireguard/wg0.conf | 0 wireguard/assets/root/Makefile | 64 +++++++++++++++++++ wireguard/assets/root/addwgprofile.sh | 0 wireguard/assets/root/make-client | 8 +++ wireguard/assets/root/make-server | 24 +++++++ wireguard/assets/root/templates/client.config | 10 +++ .../assets/root/templates/wg0-client.tpl | 6 ++ wireguard/assets/root/templates/wg0.conf | 9 +++ 8 files changed, 121 insertions(+) delete mode 100644 wireguard/assets/etc/wireguard/wg0.conf create mode 100644 wireguard/assets/root/Makefile delete mode 100755 wireguard/assets/root/addwgprofile.sh create mode 100755 wireguard/assets/root/make-client create mode 100755 wireguard/assets/root/make-server create mode 100644 wireguard/assets/root/templates/client.config create mode 100644 wireguard/assets/root/templates/wg0-client.tpl create mode 100644 wireguard/assets/root/templates/wg0.conf diff --git a/wireguard/assets/etc/wireguard/wg0.conf b/wireguard/assets/etc/wireguard/wg0.conf deleted file mode 100644 index e69de29..0000000 diff --git a/wireguard/assets/root/Makefile b/wireguard/assets/root/Makefile new file mode 100644 index 0000000..26ac7e7 --- /dev/null +++ b/wireguard/assets/root/Makefile @@ -0,0 +1,64 @@ + + + +SERVER_TPL := templates/wg0.conf +SERVER_CLIENT_TPL := templates/wg0-client.conf +SERVER_CONF := /etc/wireguard/wg0.conf +SERVER_KEY := /etc/wireguard/server_id +SERVER_PUBLIC_KEY := /etc/wireguard/server_id.pub + +CLIENT_TPL := templates/client.conf +CLIENT_DIR := /etc/wireguard/clients/ + +ENDPOINT_PORT := 51820 +ENDPOINT := +CLIENT_IPS := 10.42.0.0/16 +DNS := 10.1.1.1 + + +%_id: + wg genkey > $@ + +%_id.pub: %_id + cat $< | wg pubkey > $@ + + +$(SERVER_CONF): $(SERVER_TPL) $(SERVER_KEY) + cat $< \ + | sed \ + -e 's/$${SERVER_PORT}/$(SERVER_PORT)/g' \ + -e 's/$${CLIENT_IPS}/$(CLIENT_IPS)/g' \ + -e 's/$${SERVER_PRIVATE_KEY}/'$$(cat "$(SERVER_KEY)")'/g' \ + > "$@" + +$(CLIENT_DIR)/%.conf: $(CLIENT_TPL) $(SERVER_CLIENT_TPL) \ + $(CLIENT_DIR)/%_id $(CLIENT_DIR)/%_id.pub \ + $(SERVER_CONF) $(SERVER_PUBLIC_KEY) + cat "$<" \ + | sed \ + -e 's/$${DNS}/$(DNS)/g' \ + -e 's/$${ENDPOINT}/$(ENDPOINT)/g' \ + -e 's/$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \ + -e 's/$${ALLOWED_IPS}/$(ALLOWED_IPS)/g' \ + -e 's/$${CLIENT_IP}/$(CLIENT_IP)/g' \ + -e 's/$${CLIENT_PRIVATE_KEY}/'$$(cat "$(CLIENT_DIR)/$%_id")'/g' \ + -e 's/$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)")'/g' \ + > "$@" + cat "$(SERVER_CLIENT_TPL)" \ + | sed \ + -e 's/$${CLIENT_IP}/$(CLIENT_IP)/g' \ + -e 's/$${ENDPOINT}/$(ENDPOINT)/g' \ + -e 's/$${ENDPOINT_PORT}/$(ENDPOINT_PORT)/g' \ + -e 's/$${CLIENT_PUBLIC_KEY}/'$$(cat "$(CLIENT_DIR)/$%_id.pub")'/g' \ + -e 's/$${SERVER_PUBLIC_KEY}/'$$(cat "$(SERVER_PUBLIC_KEY)")'/g' \ + >> "$(SERVER_CONF)" + + + +server: $(SERVER_CONF) + + +clients: + + + diff --git a/wireguard/assets/root/addwgprofile.sh b/wireguard/assets/root/addwgprofile.sh deleted file mode 100755 index e69de29..0000000 diff --git a/wireguard/assets/root/make-client b/wireguard/assets/root/make-client new file mode 100755 index 0000000..61be3b1 --- /dev/null +++ b/wireguard/assets/root/make-client @@ -0,0 +1,8 @@ +#!/usr/bin/bash + +SERVER_TEMPLATE= +CLIENT_TEMPLATE= + +PRIVATE_KEY= +PUBLIC_KEY= + diff --git a/wireguard/assets/root/make-server b/wireguard/assets/root/make-server new file mode 100755 index 0000000..3aeecd6 --- /dev/null +++ b/wireguard/assets/root/make-server @@ -0,0 +1,24 @@ +#!/usr/bin/bash + +SERVER_TEMPLATE=${SERVER_TEMPLATE:=templates/wg0.conf} +SERVER_CONF=/etc/wireguard/wg0.conf + +PUBLIC_KEY=/etc/wireguard/server_id +PRIVATE_KEY=/etc/wireguard/server_id.pub + + +if ! [ -e "$PRIVATE_KEY" ] ; then + wg genkey > "$PRIVATE_KEY" +fi +if ! [ -e "$PUBLIC_KEY" ] ; then + cat "$PRIVATE_KEY" | wg pubkey > "$PUBLIC_KEY" +fi + +PRIVATE_KEY=$(cat "$PRIVATE_KEY") +cat ${SERVER_TEMPLATE} \ + | sed \ + -q 's/\${SERVER_PRIVATE_KEY}/'${PRIVATE_KEY}'/g' \ + > "${SERVER_CONF}" + +./make-client + diff --git a/wireguard/assets/root/templates/client.config b/wireguard/assets/root/templates/client.config new file mode 100644 index 0000000..77b6d15 --- /dev/null +++ b/wireguard/assets/root/templates/client.config @@ -0,0 +1,10 @@ +[Interface] +PrivateKey = ${CLIENT_PRIVATE_KEY} +Address = ${CLIENT_IP}/32 +DNS = ${DNS} + +[Peer] +PublicKey = ${SERVER_PUBLIC_KEY} +AllowedIPs = ${ALLOWED_IPS} +Endpoint = ${ENDPOINT}:${ENDPOINT_PORT} + diff --git a/wireguard/assets/root/templates/wg0-client.tpl b/wireguard/assets/root/templates/wg0-client.tpl new file mode 100644 index 0000000..27a360a --- /dev/null +++ b/wireguard/assets/root/templates/wg0-client.tpl @@ -0,0 +1,6 @@ + +[Peer] +PublicKey = ${CLIENT_PUBLIC_KEY} +AllowedIPs = ${CLIENT_IP}/32 +Endpoint = ${ENDPOINT}:${ENDPOINT_PORT} + diff --git a/wireguard/assets/root/templates/wg0.conf b/wireguard/assets/root/templates/wg0.conf new file mode 100644 index 0000000..8cf03c9 --- /dev/null +++ b/wireguard/assets/root/templates/wg0.conf @@ -0,0 +1,9 @@ +[Interface] +Address = ${CLIENT_IPS} +SaveConfig = true +PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o lan -j MASQUERADE; iptables -t nat -A POSTROUTING -o admin -j MASQUERADE; +PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o lan -j MASQUERADE; iptables -t nat -D POSTROUTING -o admin -j MASQUERADE; +ListenPort = ${ENDPOINT_PORT} +PrivateKey = ${SERVER_PRIVATE_KEY} + +