mirror of
https://github.com/novatiq/packages.git
synced 2026-04-30 07:28:39 +01:00
wg-installer: add wg-installer
This tool can be used to automatically create wireguard tunnels. Using
rpcd a new wireguard interface is created on the server where the client
can connect to.
Wiregurad server automatically installs a user and associated ACL to use
the wireguard-installer-server features. The user is called wginstaller
and so is the password.
Get Usage:
wg-client-installer get_usage --ip 127.0.0.1 --user wginstaller
--password wginstaller
Register Interface:
wg-client-installer register --ip 127.0.0.1 --user wginstaller
--password wginstaller --bandwidth 10 --mtu 1400
Signed-off-by: Nick Hainke <vincent@systemli.org>
This commit is contained in:
Nick Hainke
committed by
Polynomdivision
Polynomdivision
parent
d29ec52a58
commit
3a6949dfaf
@@ -0,0 +1,22 @@
|
||||
#!/bin/sh
|
||||
|
||||
# do not override already existing user!!!
|
||||
[ "$(uci show rpcd | grep wginstaller)" ] && exit 0
|
||||
|
||||
# install wginstaller user with standard credentials
|
||||
# user: wginstaller
|
||||
# password: wginstaller
|
||||
uci add rpcd login
|
||||
uci set rpcd.@login[-1].username='wginstaller'
|
||||
|
||||
password=$(uhttpd -m wginstaller)
|
||||
uci set rpcd.@login[-1].password=$password
|
||||
uci add_list rpcd.@login[-1].read='wginstaller'
|
||||
uci add_list rpcd.@login[-1].write='wginstaller'
|
||||
uci commit rpcd
|
||||
|
||||
# restart rpcd
|
||||
/etc/init.d/rpcd restart
|
||||
|
||||
# restart uhttpd
|
||||
/etc/init.d/uhttpd restart
|
||||
@@ -0,0 +1,46 @@
|
||||
. /usr/share/libubox/jshn.sh
|
||||
. /usr/share/wginstaller/wg.sh
|
||||
|
||||
wg_get_usage () {
|
||||
num_interfaces = $(wg show interfaces | wc -w)
|
||||
json_init
|
||||
json_add_int "num_interfaces" $num_interfaces
|
||||
echo $(json_dump)
|
||||
}
|
||||
|
||||
wg_register () {
|
||||
local uplink_bw=$1
|
||||
local mtu=$2
|
||||
local public_key=$3
|
||||
|
||||
base_prefix=$(uci get wgserver.@server[0].base_prefix)
|
||||
port_start=$(uci get wgserver.@server[0].port_start)
|
||||
port_end=$(uci get wgserver.@server[0].port_end)
|
||||
|
||||
port=$(next_port $port_start $port_end)
|
||||
ifname="wg_$port"
|
||||
|
||||
offset=$(($port - $port_start))
|
||||
gw_ip=$(owipcalc $base_prefix add $offset next 128) # gateway ip
|
||||
gw_ip_assign="${gw_ip}/128"
|
||||
|
||||
gw_key=$(uci get wgserver.@server[0].wg_key)
|
||||
gw_pub=$(uci get wgserver.@server[0].wg_pub)
|
||||
wg_server_pubkey=$(cat $gw_pub)
|
||||
|
||||
# create wg tunnel
|
||||
ip link add dev $ifname type wireguard
|
||||
wg set $ifname listen-port $port private-key $gw_key peer $public_key allowed-ips ::0/0
|
||||
ip -6 a a $gw_ip_assign dev $ifname
|
||||
ip -6 a a fe80::1/64 dev $ifname
|
||||
ip link set up dev $ifname
|
||||
ip link set mtu $mtu dev $ifname
|
||||
|
||||
# craft return address
|
||||
json_init
|
||||
json_add_string "pubkey" $wg_server_pubkey
|
||||
json_add_string "gw_ip" $gw_ip_assign
|
||||
json_add_int "port" $port
|
||||
|
||||
echo $(json_dump)
|
||||
}
|
||||
Reference in New Issue
Block a user