wg-installer: add wg-installer

This tool can be used to automatically create wireguard tunnels. Using rpcd a new wireguard interface is created on the server where the client can connect to. Wiregurad server automatically installs a user and associated ACL to use the wireguard-installer-server features. The user is called wginstaller and so is the password. Get Usage: wg-client-installer get_usage --ip 127.0.0.1 --user wginstaller --password wginstaller Register Interface: wg-client-installer register --ip 127.0.0.1 --user wginstaller --password wginstaller --bandwidth 10 --mtu 1400 Signed-off-by: Nick Hainke <vincent@systemli.org>
2026-04-30 15:38:40 +01:00 · 2021-02-04 16:34:02 +01:00
parent d29ec52a58
commit 3a6949dfaf
11 changed files with 494 additions and 0 deletions
@@ -0,0 +1,19 @@
+{
+    "wginstaller": {
+        "description": "WireGuard Installer",
+        "read": {
+            "ubus": {
+                    "wginstaller": [ "*" ],
+                    "session": [
+                        "access",
+                        "login"
+                ]
+            }
+        },
+        "write": {
+            "ubus": {
+                    "wginstaller": [ "*" ]
+            }
+        }
+    }
+}
@@ -0,0 +1,6 @@
+config server
+    option port_start '51820'
+    option port_end '52820'
+    option base_prefix '2002::/64'
+    option wg_key '/root/wg.key'
+    option wg_pub '/root/wg.pub'
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# do not override already existing user!!!
+[ "$(uci show rpcd | grep wginstaller)" ] && exit 0
+
+# install wginstaller user with standard credentials
+# user: wginstaller
+# password: wginstaller
+uci add rpcd login
+uci set rpcd.@login[-1].username='wginstaller'
+
+password=$(uhttpd -m wginstaller)
+uci set rpcd.@login[-1].password=$password
+uci add_list rpcd.@login[-1].read='wginstaller'
+uci add_list rpcd.@login[-1].write='wginstaller'
+uci commit rpcd
+
+# restart rpcd
+/etc/init.d/rpcd restart
+
+# restart uhttpd
+/etc/init.d/uhttpd restart
@@ -0,0 +1,46 @@
+. /usr/share/libubox/jshn.sh
+. /usr/share/wginstaller/wg.sh
+
+wg_get_usage () {
+	num_interfaces = $(wg show interfaces | wc -w)
+	json_init
+	json_add_int "num_interfaces" $num_interfaces
+	echo $(json_dump)
+}
+
+wg_register () {
+	local uplink_bw=$1
+	local mtu=$2
+	local public_key=$3
+
+	base_prefix=$(uci get wgserver.@server[0].base_prefix)
+	port_start=$(uci get wgserver.@server[0].port_start)
+	port_end=$(uci get wgserver.@server[0].port_end)
+
+	port=$(next_port $port_start $port_end)
+	ifname="wg_$port"
+
+	offset=$(($port - $port_start))
+	gw_ip=$(owipcalc $base_prefix add $offset next 128) # gateway ip
+	gw_ip_assign="${gw_ip}/128"
+
+	gw_key=$(uci get wgserver.@server[0].wg_key)
+	gw_pub=$(uci get wgserver.@server[0].wg_pub)
+	wg_server_pubkey=$(cat $gw_pub)
+
+	# create wg tunnel
+	ip link add dev $ifname type wireguard
+	wg set $ifname listen-port $port private-key $gw_key peer $public_key allowed-ips ::0/0
+	ip -6 a a $gw_ip_assign dev $ifname
+	ip -6 a a fe80::1/64 dev $ifname
+	ip link set up dev $ifname
+	ip link set mtu $mtu dev $ifname
+
+	# craft return address
+	json_init
+	json_add_string "pubkey" $wg_server_pubkey
+	json_add_string "gw_ip" $gw_ip_assign
+	json_add_int "port" $port
+
+	echo $(json_dump)
+}
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+. /usr/share/libubox/jshn.sh
+. /usr/share/wginstaller/wg_functions.sh
+
+case "$1" in
+list)
+	cmd='{ "get_usage": {},'
+	cmd=$(echo $cmd ' "register": {"uplink_bw":"10", "mtu":"1400", "public_key": "xyz"} }')
+	echo $cmd
+	;;
+call)
+	case "$2" in
+	get_usage)
+		read input
+		logger -t "wginstaller" "call" "$2" "$input"
+		wg_get_usage
+		;;
+	register)
+		read input
+		logger -t "wginstaller" "call" "$2" "$input"
+
+		json_load "$input"
+		json_get_var uplink_bw uplink_bw
+		json_get_var mtu mtu
+		json_get_var public_key public_key
+
+		wg_register $uplink_bw $mtu $public_key
+		;;
+	esac
+	;;
+esac