Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:wireguard:automated [2021/04/25 16:07] – created willowen100docs:guide-user:services:vpn:wireguard:automated [2022/06/14 04:03] – Removed erroneous /24 from lines beginning export WG_${LAN}_server_IP= in scripts c) & d) iainbullock
Line 14: Line 14:
 This example creates 4 peers with usernames 'Alpha', 'Bravo', 'Charlie' and 'Delta' on a private LAN called 'lan'. The only changes you should need to make are in the 'Defining Variables' section below. This example creates 4 peers with usernames 'Alpha', 'Bravo', 'Charlie' and 'Delta' on a private LAN called 'lan'. The only changes you should need to make are in the 'Defining Variables' section below.
  
-Copy the script below to the CLI and then call the script with <code>/root/auto_wg_username-id.sh></code>+Copy the script below to the CLI and then call the script with <code>/root/auto_wg_username-id.sh</code>
 <code bash> <code bash>
  
Line 34: Line 34:
 export WG_${LAN}_server_IP="${interface}.1" export WG_${LAN}_server_IP="${interface}.1"
 export WG_${LAN}_server_firewall_zone="${LAN}" export WG_${LAN}_server_firewall_zone="${LAN}"
 +export quantity="4" # Change the number '4' to any number of peers you would like to create
 +export user_1="Alpha"
 +export user_2="Bravo"
 +export user_3="Charlie"
 +export user_4="Delta"
 echo "Done" echo "Done"
  
 # Create directories # Create directories
 echo -n "Creating directories and pre-defining permissions on those directories... " echo -n "Creating directories and pre-defining permissions on those directories... "
-umask 077; mkdir -p /etc/wireguard/networks/${LAN}/peers+mkdir -p /etc/wireguard/networks/${LAN}/peers
 echo "Done" echo "Done"
  
Line 49: Line 54:
 echo -n "Generating WireGuard server keys for '${LAN}' network... " echo -n "Generating WireGuard server keys for '${LAN}' network... "
 wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1 wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1
 +echo "Done"
 +
 +echo -n "Rename firewall.@zone[0] to lan and firewall.@zone[1] to wan... "
 +uci rename firewall.@zone[0]="lan"
 +uci rename firewall.@zone[1]="wan"
 echo "Done" echo "Done"
  
Line 83: Line 93:
 # Loop # Loop
 n="0" n="0"
-while [ "$n" -lt ] ; +while [ "$n" -lt ${quantity} ] ; 
 do do
  
- for username in alpha bravo charlie delta+ for username in ${user_1} ${user_2} ${user_3} ${user_4}
  do  do
  
Line 101: Line 111:
  echo ""  echo ""
  # Create directory for storing peers  # Create directory for storing peers
- echo -n "Creating directory for peer '${LAN}_${username}_${peer_ID}'... "  + echo -n "Creating directory for peer '${peer_ID}_${LAN}_${username}'... "  
- umask 022; mkdir -p "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}"+ mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}"
  echo "Done"  echo "Done"
  
  # Generate peer keys  # Generate peer keys
- echo -n "Generating peer keys for '${LAN}_${username}_${peer_ID}'... "  + echo -n "Generating peer keys for '${peer_ID}_${LAN}_${username}'... "  
- umask 077; wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_public.key" >/dev/null 2>&1+ wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Generate Pre-shared key  # Generate Pre-shared key
- echo -n "Generating peer PSK for '${LAN}_${username}_${peer_ID}'... "  + echo -n "Generating peer PSK for '${peer_ID}_${LAN}_${username}'... "  
- wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.psk" >/dev/null 2>&1+ wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Add peer to server   # Add peer to server 
- echo -n "Adding '${LAN}_${username}_${peer_ID}' to WireGuard server... " + echo -n "Adding '${peer_ID}_${LAN}_${username}' to WireGuard server... " 
  uci add network wireguard_wg_${LAN} >/dev/null 2>&1  uci add network wireguard_wg_${LAN} >/dev/null 2>&1
- uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_public.key)" + uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key)" 
- uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.psk)" + uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk)" 
- uci set network.@wireguard_wg_${LAN}[-1].description="${LAN}_${username}_${peer_ID}"+ uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}_${username}"
  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"
  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'
Line 127: Line 137:
   
  # Create peer configuration  # Create peer configuration
- echo -n "Creating config for '${LAN}_${username}_${peer_ID}'... " + echo -n "Creating config for '${peer_ID}_${LAN}_${username}'... " 
- cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.conf"+ cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.conf"
  [Interface]  [Interface]
  Address = ${interface}.${peer_IP}/32  Address = ${interface}.${peer_IP}/32
- PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_private.key) # Peer's private key+ PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key) # Peer's private key
  DNS = ${server_IP}  DNS = ${server_IP}
  
  [Peer]  [Peer]
  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key
- PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.psk) # Peer's pre-shared key+ PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk) # Peer's pre-shared key
  PersistentKeepalive = 25  PersistentKeepalive = 25
  AllowedIPs = 0.0.0.0/0, ::/0  AllowedIPs = 0.0.0.0/0, ::/0
Line 196: Line 206:
 # Create directories # Create directories
 echo -n "Creating directories and pre-defining permissions on those directories... " echo -n "Creating directories and pre-defining permissions on those directories... "
-umask 077; mkdir -p /etc/wireguard/networks/${LAN}/peers+mkdir -p /etc/wireguard/networks/${LAN}/peers
 echo "Done" echo "Done"
  
Line 207: Line 217:
 echo -n "Generating WireGuard server keys for '${LAN}' network... " echo -n "Generating WireGuard server keys for '${LAN}' network... "
 wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1 wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1
 +echo "Done"
 +
 +echo -n "Rename firewall.@zone[0] to lan and firewall.@zone[1] to wan... "
 +uci rename firewall.@zone[0]="lan"
 +uci rename firewall.@zone[1]="wan"
 echo "Done" echo "Done"
  
Line 250: Line 265:
  echo ""  echo ""
  # Create directory for storing peers  # Create directory for storing peers
- echo -n "Creating directory for peer '${LAN}_${peer_ID}'... "  + echo -n "Creating directory for peer '${peer_ID}_${LAN}'... "  
- umask 022; mkdir -p "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}"+ mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}"
  echo "Done"  echo "Done"
  
  # Generate peer keys  # Generate peer keys
- echo -n "Generating peer keys for '${LAN}_${peer_ID}'... "  + echo -n "Generating peer keys for '${peer_ID}_${LAN}'... "  
- umask 077; wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key" >/dev/null 2>&1+ wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Generate Pre-shared key  # Generate Pre-shared key
- echo -n "Generating peer PSK for '${LAN}_${peer_ID}'... "  + echo -n "Generating peer PSK for '${peer_ID}_${LAN}'... "  
- wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk" >/dev/null 2>&1+ wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Add peer to server   # Add peer to server 
- echo -n "Adding '${LAN}_${peer_ID}' to WireGuard server... " + echo -n "Adding '${peer_ID}_${LAN}' to WireGuard server... " 
  uci add network wireguard_wg_${LAN} >/dev/null 2>&1  uci add network wireguard_wg_${LAN} >/dev/null 2>&1
- uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key)" + uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key)" 
- uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk)" + uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk)" 
- uci set network.@wireguard_wg_${LAN}[-1].description="${LAN}_${peer_ID}"+ uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}"
  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"
  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'
Line 276: Line 291:
   
  # Create peer configuration  # Create peer configuration
- echo -n "Creating config for '${LAN}_${peer_ID}'... " + echo -n "Creating config for '${peer_ID}_${LAN}'... " 
- cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.conf"+ cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.conf"
  [Interface]  [Interface]
  Address = ${interface}.${peer_IP}/32  Address = ${interface}.${peer_IP}/32
- PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key) # Peer's private key+ PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key) # Peer's private key
  DNS = ${server_IP}  DNS = ${server_IP}
  
  [Peer]  [Peer]
  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key
- PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk) # Peer's pre-shared key+ PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk) # Peer's pre-shared key
  PersistentKeepalive = 25  PersistentKeepalive = 25
  AllowedIPs = 0.0.0.0/0, ::/0  AllowedIPs = 0.0.0.0/0, ::/0
Line 316: Line 331:
 </code> </code>
  
-==== c) Add Additional Set Number of Peers with IDs ==== +==== c) Add Additional Set Number of Peers with Names and IDs ==== 
-This script allows you to add a set number of extra peers with unique IDs alongside any pre-existing peers already on the system.+This script allows you to add a set number of extra peers with names and unique IDs alongside any pre-existing peers already on the system.
  
-Copy the script below to the CLI and then call the script with <code>/root/auto_wg_id_extra.sh</code>+Copy the script below to the CLI and then call the script with <code>/etc/wireguard/scripts/add_named-id_peers.sh</code>
 <code bash> <code bash>
 +mkdir "/etc/wireguard/scripts"
 +cat > "/etc/wireguard/scripts/add_named-id_peers.sh" <<-'SCRIPT_EOF'
 +#!/bin/ash
 +clear
 +echo "========================================================="
 +echo "              Automated WireGuard Script              |"
 +echo "| Add Additional Set Number of Peers with Names and IDs |"
 +echo "========================================================="
 +# Define Variables
 +echo -n "Defining variables... " 
 +export LAN="lan"
 +export interface="10.0.5"
 +export DDNS="my-ddns.no-ip.com"
 +export WG_${LAN}_server_port="51820"
 +export WG_${LAN}_server_IP="${interface}.1"
 +export WG_${LAN}_server_firewall_zone="${LAN}"
 +export quantity="4" # Change the number '4' to any number of peers you would like to create
 +export user_1="Alpha"
 +export user_2="Bravo"
 +export user_3="Charlie"
 +export user_4="Delta"
 +function last_peer_ID () {
 + cd "/etc/wireguard/networks/${LAN}/peers"
 + ls | sort -V | tail -1 | cut -d '_' -f 1
 +}
 +export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1))
 +function last_peer_IP () {
 + cd "/etc/wireguard/networks/${LAN}/peers"
 + peer=$(ls | sort -V | tail -1)
 + awk '/Address/' $peer/*.conf | cut -d '.' -f 3 | tr -d /24
 + cd
 +}
 +export peer_IP=$(last_peer_IP) ; export peer_IP=$((peer_IP+1))
 +echo "Done"
  
-cat <<-"SCRIPT_EOF" > "/root/auto_wg_id_extra.sh"+n=0 
 +while [ "$n" -lt ${quantity} ] ;  
 +do 
 + for username in ${user_1} ${user_2} ${user_3} ${user_4} 
 + do 
 + # Configure Variables 
 + echo ""  
 + echo -n "Defining variables for '${peer_ID}_${LAN}_${username}'... "  
 + eval "peer_ID_${username}=${peer_ID}" 
 + eval "peer_IP_${username}=${peer_IP}" 
 + 
 + eval "peer_ID=\${peer_ID_${username}}" 
 + eval "peer_IP=\${peer_IP_${username}}" 
 + 
 + eval "server_port=\${WG_${LAN}_server_port}" 
 + eval "server_IP=\${WG_${LAN}_server_IP}" 
 + echo "Done" 
 + 
 + # Create directory for storing peers 
 + echo -n "Creating directory for peer '${peer_ID}_${LAN}_${username}'... "  
 + mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}" 
 + echo "Done" 
 + 
 + # Generate peer keys 
 + echo -n "Generating peer keys for '${peer_ID}_${LAN}_${username}'... "  
 + wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key" >/dev/null 2>&
 + echo "Done" 
 + 
 + # Generate Pre-shared key 
 + echo -n "Generating peer PSK for '${peer_ID}_${LAN}_${username}'... "  
 + wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk" >/dev/null 2>&
 + echo "Done" 
 + 
 + # Add peer to server  
 + echo -n "Adding '${peer_ID}_${LAN}_${username}' to WireGuard server... "  
 + uci add network wireguard_wg_${LAN} >/dev/null 2>&
 + uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key)" 
 + uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk)" 
 + uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}_${username}" 
 + uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32" 
 + uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1' 
 + uci set network.@wireguard_wg_${LAN}[-1].persistent_keepalive='25' 
 + echo "Done" 
 + 
 + # Create peer configuration 
 + echo -n "Creating config for '${peer_ID}_${LAN}_${username}'... "  
 + cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.conf" 
 + [Interface] 
 + Address = ${interface}.${peer_IP}/32 
 + PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key) # Peer's private key 
 + DNS = ${server_IP} 
 + 
 + [Peer] 
 + PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key 
 + PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk) # Peer's pre-shared key 
 + PersistentKeepalive = 25 
 + AllowedIPs = 0.0.0.0/0, ::/0 
 + Endpoint = ${DDNS}:${server_port} 
 + EOF 
 + echo "Done" 
 + 
 + # Increment variables by '1'  
 + peer_ID=$((peer_ID+1)) 
 + peer_IP=$((peer_IP+1)) 
 + n=$((n+1)) 
 + done 
 +done 
 + 
 +# Commit UCI changes 
 +echo -en "\nCommiting changes... " 
 +uci commit 
 +echo "Done" 
 + 
 +# Restart WireGuard interface 
 +echo -en "\nRestarting WireGuard interface... " 
 +ifup wg_${LAN} 
 +echo "Done" 
 + 
 +# Restart firewall 
 +echo -en "\nRestarting firewall... " 
 +/etc/init.d/firewall restart >/dev/null 2>&
 +echo "Done" 
 +SCRIPT_EOF 
 +chmod +x "/etc/wireguard/scripts/add_named-id_peers.sh" 
 + 
 +</code> 
 + 
 +==== d) Add Additional Set Number of Peers with IDs ==== 
 +This script allows you to add a set number of extra peers with unique IDs alongside any pre-existing peers already on the system. 
 + 
 +Copy the script below to the CLI and then call the script with <code>/etc/wireguard/scripts/add_id_peers.sh</code> 
 +<code bash> 
 +mkdir "/etc/wireguard/scripts" 
 +cat > "/etc/wireguard/scripts/add_id_peers.sh" <<-'SCRIPT_EOF'
 #!/bin/ash #!/bin/ash
 clear clear
Line 335: Line 477:
 export DDNS="my-ddns.no-ip.com" export DDNS="my-ddns.no-ip.com"
 export WG_${LAN}_server_port="51821" export WG_${LAN}_server_port="51821"
-export WG_${LAN}_server_IP="${interface}.1/24"+export WG_${LAN}_server_IP="${interface}.1"
 export WG_${LAN}_server_firewall_zone="${LAN}" export WG_${LAN}_server_firewall_zone="${LAN}"
 export quantity="4" # Change the number '4' to any number of peers you would like to create export quantity="4" # Change the number '4' to any number of peers you would like to create
 function last_peer_ID () { function last_peer_ID () {
  cd "/etc/wireguard/networks/${LAN}/peers"  cd "/etc/wireguard/networks/${LAN}/peers"
- ls | sort -V | tail -1 | cut -d '_' -f 2+ ls | sort -V | tail -1 | cut -d '_' -f 1
 } }
 export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1)) export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1))
 function last_peer_IP () { function last_peer_IP () {
  cd "/etc/wireguard/networks/${LAN}/peers"  cd "/etc/wireguard/networks/${LAN}/peers"
- peer=$(ls | sort -| tail -1) + peer=$(ls | sort -| tail -1) 
- awk '/Address/' $peer/*.conf | cut -d '.' -f | tr -d /24+ awk '/Address/' $peer/*.conf | cut -d '.' -f | tr -d /24
  cd  cd
 } }
Line 368: Line 510:
  echo ""  echo ""
  # Create directory for storing peers  # Create directory for storing peers
- echo -n "Creating directory for peer '${LAN}_${peer_ID}'... "  + echo -n "Creating directory for peer '${peer_ID}_${LAN}'... "  
- umask 022; mkdir -p "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}"+ mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}"
  echo "Done"  echo "Done"
  
  # Generate peer keys  # Generate peer keys
- echo -n "Generating peer keys for '${LAN}_${peer_ID}'... "  + echo -n "Generating peer keys for '${peer_ID}_${LAN}'... "  
- umask 077; wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key" >/dev/null 2>&1+ wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Generate Pre-shared key  # Generate Pre-shared key
- echo -n "Generating peer PSK for '${LAN}_${peer_ID}'... "  + echo -n "Generating peer PSK for '${peer_ID}_${LAN}'... "  
- wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk" >/dev/null 2>&1+ wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Add peer to server   # Add peer to server 
- echo -n "Adding '${LAN}_${peer_ID}' to WireGuard server... " + echo -n "Adding '${peer_ID}_${LAN}' to WireGuard server... " 
  uci add network wireguard_wg_${LAN} >/dev/null 2>&1  uci add network wireguard_wg_${LAN} >/dev/null 2>&1
- uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key)" + uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key)" 
- uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk)" + uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk)" 
- uci set network.@wireguard_wg_${LAN}[-1].description="${LAN}_${peer_ID}"+ uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}"
  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"
  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'
Line 394: Line 536:
   
  # Create peer configuration  # Create peer configuration
- echo -n "Creating config for '${LAN}_${peer_ID}'... " + echo -n "Creating config for '${peer_ID}_${LAN}'... " 
- cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.conf"+ cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.conf"
  [Interface]  [Interface]
  Address = ${interface}.${peer_IP}/32  Address = ${interface}.${peer_IP}/32
- PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key) # Peer's private key+ PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key) # Peer's private key
  DNS = ${server_IP}  DNS = ${server_IP}
  
  [Peer]  [Peer]
  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key
- PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk) # Peer's pre-shared key+ PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk) # Peer's pre-shared key
  PersistentKeepalive = 25  PersistentKeepalive = 25
  AllowedIPs = 0.0.0.0/0, ::/0  AllowedIPs = 0.0.0.0/0, ::/0
Line 431: Line 573:
 echo "Done" echo "Done"
 SCRIPT_EOF SCRIPT_EOF
-chmod +x "/root/auto_wg_id_extra.sh"+chmod +x "/etc/wireguard/scripts/add_id_peers.sh"
 </code> </code>
  
Line 459: Line 601:
 # Set permissions on peer directories # Set permissions on peer directories
 echo -en "\nSetting permissions on peer directories... " echo -en "\nSetting permissions on peer directories... "
-chmod -R 744 /etc/wireguard/networks/${LAN}/peers/+chmod -R 755 /etc/wireguard/networks/${LAN}/peers/
 echo "Done" echo "Done"
  
  • Last modified: 2023/10/14 06:28
  • by vgaetera