Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:wireguard:automated [2021/05/03 18:45] – updated firewall rule creation willowen100docs:guide-user:services:vpn:wireguard:automated [2022/06/14 04:03] – Removed erroneous /24 from lines beginning export WG_${LAN}_server_IP= in scripts c) & d) iainbullock
Line 34: Line 34:
 export WG_${LAN}_server_IP="${interface}.1" export WG_${LAN}_server_IP="${interface}.1"
 export WG_${LAN}_server_firewall_zone="${LAN}" export WG_${LAN}_server_firewall_zone="${LAN}"
 +export quantity="4" # Change the number '4' to any number of peers you would like to create
 +export user_1="Alpha"
 +export user_2="Bravo"
 +export user_3="Charlie"
 +export user_4="Delta"
 echo "Done" echo "Done"
  
 # Create directories # Create directories
 echo -n "Creating directories and pre-defining permissions on those directories... " echo -n "Creating directories and pre-defining permissions on those directories... "
-umask 077; mkdir -p /etc/wireguard/networks/${LAN}/peers+mkdir -p /etc/wireguard/networks/${LAN}/peers
 echo "Done" echo "Done"
  
Line 49: Line 54:
 echo -n "Generating WireGuard server keys for '${LAN}' network... " echo -n "Generating WireGuard server keys for '${LAN}' network... "
 wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1 wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1
 +echo "Done"
 +
 +echo -n "Rename firewall.@zone[0] to lan and firewall.@zone[1] to wan... "
 +uci rename firewall.@zone[0]="lan"
 +uci rename firewall.@zone[1]="wan"
 echo "Done" echo "Done"
  
Line 67: Line 77:
 # Add firewall rule # Add firewall rule
 echo -n "Adding firewall rule for '${LAN}' network... " echo -n "Adding firewall rule for '${LAN}' network... "
-uci add firewall rule +uci set firewall.wg="rule" 
-uci set firewall.@rule[-1].target='ACCEPT' +uci set firewall.wg.name="Allow-WireGuard-${LAN}" 
-uci set firewall.@rule[-1].proto='udp' +uci set firewall.wg.src="wan" 
-uci set firewall.@rule[-1].dest_port="${server_port}" +uci set firewall.wg.dest_port="${server_port}" 
-uci set firewall.@rule[-1].name="Allow-WireGuard-${LAN}+uci set firewall.wg.proto="udp
-uci set firewall.@rule[-1].src='wan'+uci set firewall.wg.target="ACCEPT"
 echo "Done" echo "Done"
  
Line 83: Line 93:
 # Loop # Loop
 n="0" n="0"
-while [ "$n" -lt ] ; +while [ "$n" -lt ${quantity} ] ; 
 do do
  
- for username in alpha bravo charlie delta+ for username in ${user_1} ${user_2} ${user_3} ${user_4}
  do  do
  
Line 101: Line 111:
  echo ""  echo ""
  # Create directory for storing peers  # Create directory for storing peers
- echo -n "Creating directory for peer '${LAN}_${username}_${peer_ID}'... "  + echo -n "Creating directory for peer '${peer_ID}_${LAN}_${username}'... "  
- umask 022; mkdir -p "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}"+ mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}"
  echo "Done"  echo "Done"
  
  # Generate peer keys  # Generate peer keys
- echo -n "Generating peer keys for '${LAN}_${username}_${peer_ID}'... "  + echo -n "Generating peer keys for '${peer_ID}_${LAN}_${username}'... "  
- umask 077; wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_public.key" >/dev/null 2>&1+ wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Generate Pre-shared key  # Generate Pre-shared key
- echo -n "Generating peer PSK for '${LAN}_${username}_${peer_ID}'... "  + echo -n "Generating peer PSK for '${peer_ID}_${LAN}_${username}'... "  
- wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.psk" >/dev/null 2>&1+ wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Add peer to server   # Add peer to server 
- echo -n "Adding '${LAN}_${username}_${peer_ID}' to WireGuard server... " + echo -n "Adding '${peer_ID}_${LAN}_${username}' to WireGuard server... " 
  uci add network wireguard_wg_${LAN} >/dev/null 2>&1  uci add network wireguard_wg_${LAN} >/dev/null 2>&1
- uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_public.key)" + uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key)" 
- uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.psk)" + uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk)" 
- uci set network.@wireguard_wg_${LAN}[-1].description="${LAN}_${username}_${peer_ID}"+ uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}_${username}"
  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"
  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'
Line 127: Line 137:
   
  # Create peer configuration  # Create peer configuration
- echo -n "Creating config for '${LAN}_${username}_${peer_ID}'... " + echo -n "Creating config for '${peer_ID}_${LAN}_${username}'... " 
- cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.conf"+ cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.conf"
  [Interface]  [Interface]
  Address = ${interface}.${peer_IP}/32  Address = ${interface}.${peer_IP}/32
- PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_private.key) # Peer's private key+ PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key) # Peer's private key
  DNS = ${server_IP}  DNS = ${server_IP}
  
  [Peer]  [Peer]
  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key
- PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.psk) # Peer's pre-shared key+ PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk) # Peer's pre-shared key
  PersistentKeepalive = 25  PersistentKeepalive = 25
  AllowedIPs = 0.0.0.0/0, ::/0  AllowedIPs = 0.0.0.0/0, ::/0
Line 196: Line 206:
 # Create directories # Create directories
 echo -n "Creating directories and pre-defining permissions on those directories... " echo -n "Creating directories and pre-defining permissions on those directories... "
-umask 077; mkdir -p /etc/wireguard/networks/${LAN}/peers+mkdir -p /etc/wireguard/networks/${LAN}/peers
 echo "Done" echo "Done"
  
Line 207: Line 217:
 echo -n "Generating WireGuard server keys for '${LAN}' network... " echo -n "Generating WireGuard server keys for '${LAN}' network... "
 wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1 wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1
 +echo "Done"
 +
 +echo -n "Rename firewall.@zone[0] to lan and firewall.@zone[1] to wan... "
 +uci rename firewall.@zone[0]="lan"
 +uci rename firewall.@zone[1]="wan"
 echo "Done" echo "Done"
  
Line 225: Line 240:
 # Add firewall rule # Add firewall rule
 echo -n "Adding firewall rule for '${LAN}' network... " echo -n "Adding firewall rule for '${LAN}' network... "
-uci add firewall rule +uci set firewall.wg="rule" 
-uci set firewall.@rule[-1].target='ACCEPT' +uci set firewall.wg.name="Allow-WireGuard-${LAN}" 
-uci set firewall.@rule[-1].proto='udp' +uci set firewall.wg.src="wan" 
-uci set firewall.@rule[-1].dest_port="${server_port}" +uci set firewall.wg.dest_port="${server_port}" 
-uci set firewall.@rule[-1].name="Allow-WireGuard-${LAN}+uci set firewall.wg.proto="udp
-uci set firewall.@rule[-1].src='wan'+uci set firewall.wg.target="ACCEPT"
 echo "Done" echo "Done"
  
Line 250: Line 265:
  echo ""  echo ""
  # Create directory for storing peers  # Create directory for storing peers
- echo -n "Creating directory for peer '${LAN}_${peer_ID}'... "  + echo -n "Creating directory for peer '${peer_ID}_${LAN}'... "  
- umask 022; mkdir -p "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}"+ mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}"
  echo "Done"  echo "Done"
  
  # Generate peer keys  # Generate peer keys
- echo -n "Generating peer keys for '${LAN}_${peer_ID}'... "  + echo -n "Generating peer keys for '${peer_ID}_${LAN}'... "  
- umask 077; wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key" >/dev/null 2>&1+ wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Generate Pre-shared key  # Generate Pre-shared key
- echo -n "Generating peer PSK for '${LAN}_${peer_ID}'... "  + echo -n "Generating peer PSK for '${peer_ID}_${LAN}'... "  
- wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk" >/dev/null 2>&1+ wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Add peer to server   # Add peer to server 
- echo -n "Adding '${LAN}_${peer_ID}' to WireGuard server... " + echo -n "Adding '${peer_ID}_${LAN}' to WireGuard server... " 
  uci add network wireguard_wg_${LAN} >/dev/null 2>&1  uci add network wireguard_wg_${LAN} >/dev/null 2>&1
- uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key)" + uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key)" 
- uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk)" + uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk)" 
- uci set network.@wireguard_wg_${LAN}[-1].description="${LAN}_${peer_ID}"+ uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}"
  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"
  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'
Line 276: Line 291:
   
  # Create peer configuration  # Create peer configuration
- echo -n "Creating config for '${LAN}_${peer_ID}'... " + echo -n "Creating config for '${peer_ID}_${LAN}'... " 
- cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.conf"+ cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.conf"
  [Interface]  [Interface]
  Address = ${interface}.${peer_IP}/32  Address = ${interface}.${peer_IP}/32
- PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key) # Peer's private key+ PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key) # Peer's private key
  DNS = ${server_IP}  DNS = ${server_IP}
  
  [Peer]  [Peer]
  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key
- PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk) # Peer's pre-shared key+ PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk) # Peer's pre-shared key
  PersistentKeepalive = 25  PersistentKeepalive = 25
  AllowedIPs = 0.0.0.0/0, ::/0  AllowedIPs = 0.0.0.0/0, ::/0
Line 316: Line 331:
 </code> </code>
  
-==== c) Add Additional Set Number of Peers with IDs ==== +==== c) Add Additional Set Number of Peers with Names and IDs ==== 
-This script allows you to add a set number of extra peers with unique IDs alongside any pre-existing peers already on the system.+This script allows you to add a set number of extra peers with names and unique IDs alongside any pre-existing peers already on the system.
  
-Copy the script below to the CLI and then call the script with <code>/root/auto_wg_id_extra.sh</code>+Copy the script below to the CLI and then call the script with <code>/etc/wireguard/scripts/add_named-id_peers.sh</code>
 <code bash> <code bash>
 +mkdir "/etc/wireguard/scripts"
 +cat > "/etc/wireguard/scripts/add_named-id_peers.sh" <<-'SCRIPT_EOF'
 +#!/bin/ash
 +clear
 +echo "========================================================="
 +echo "              Automated WireGuard Script              |"
 +echo "| Add Additional Set Number of Peers with Names and IDs |"
 +echo "========================================================="
 +# Define Variables
 +echo -n "Defining variables... " 
 +export LAN="lan"
 +export interface="10.0.5"
 +export DDNS="my-ddns.no-ip.com"
 +export WG_${LAN}_server_port="51820"
 +export WG_${LAN}_server_IP="${interface}.1"
 +export WG_${LAN}_server_firewall_zone="${LAN}"
 +export quantity="4" # Change the number '4' to any number of peers you would like to create
 +export user_1="Alpha"
 +export user_2="Bravo"
 +export user_3="Charlie"
 +export user_4="Delta"
 +function last_peer_ID () {
 + cd "/etc/wireguard/networks/${LAN}/peers"
 + ls | sort -V | tail -1 | cut -d '_' -f 1
 +}
 +export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1))
 +function last_peer_IP () {
 + cd "/etc/wireguard/networks/${LAN}/peers"
 + peer=$(ls | sort -V | tail -1)
 + awk '/Address/' $peer/*.conf | cut -d '.' -f 3 | tr -d /24
 + cd
 +}
 +export peer_IP=$(last_peer_IP) ; export peer_IP=$((peer_IP+1))
 +echo "Done"
  
-cat <<-"SCRIPT_EOF" > "/root/auto_wg_id_extra.sh"+n=0 
 +while [ "$n" -lt ${quantity} ] ;  
 +do 
 + for username in ${user_1} ${user_2} ${user_3} ${user_4} 
 + do 
 + # Configure Variables 
 + echo ""  
 + echo -n "Defining variables for '${peer_ID}_${LAN}_${username}'... "  
 + eval "peer_ID_${username}=${peer_ID}" 
 + eval "peer_IP_${username}=${peer_IP}" 
 + 
 + eval "peer_ID=\${peer_ID_${username}}" 
 + eval "peer_IP=\${peer_IP_${username}}" 
 + 
 + eval "server_port=\${WG_${LAN}_server_port}" 
 + eval "server_IP=\${WG_${LAN}_server_IP}" 
 + echo "Done" 
 + 
 + # Create directory for storing peers 
 + echo -n "Creating directory for peer '${peer_ID}_${LAN}_${username}'... "  
 + mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}" 
 + echo "Done" 
 + 
 + # Generate peer keys 
 + echo -n "Generating peer keys for '${peer_ID}_${LAN}_${username}'... "  
 + wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key" >/dev/null 2>&
 + echo "Done" 
 + 
 + # Generate Pre-shared key 
 + echo -n "Generating peer PSK for '${peer_ID}_${LAN}_${username}'... "  
 + wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk" >/dev/null 2>&
 + echo "Done" 
 + 
 + # Add peer to server  
 + echo -n "Adding '${peer_ID}_${LAN}_${username}' to WireGuard server... "  
 + uci add network wireguard_wg_${LAN} >/dev/null 2>&
 + uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key)" 
 + uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk)" 
 + uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}_${username}" 
 + uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32" 
 + uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1' 
 + uci set network.@wireguard_wg_${LAN}[-1].persistent_keepalive='25' 
 + echo "Done" 
 + 
 + # Create peer configuration 
 + echo -n "Creating config for '${peer_ID}_${LAN}_${username}'... "  
 + cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.conf" 
 + [Interface] 
 + Address = ${interface}.${peer_IP}/32 
 + PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key) # Peer's private key 
 + DNS = ${server_IP} 
 + 
 + [Peer] 
 + PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key 
 + PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk) # Peer's pre-shared key 
 + PersistentKeepalive = 25 
 + AllowedIPs = 0.0.0.0/0, ::/0 
 + Endpoint = ${DDNS}:${server_port} 
 + EOF 
 + echo "Done" 
 + 
 + # Increment variables by '1'  
 + peer_ID=$((peer_ID+1)) 
 + peer_IP=$((peer_IP+1)) 
 + n=$((n+1)) 
 + done 
 +done 
 + 
 +# Commit UCI changes 
 +echo -en "\nCommiting changes... " 
 +uci commit 
 +echo "Done" 
 + 
 +# Restart WireGuard interface 
 +echo -en "\nRestarting WireGuard interface... " 
 +ifup wg_${LAN} 
 +echo "Done" 
 + 
 +# Restart firewall 
 +echo -en "\nRestarting firewall... " 
 +/etc/init.d/firewall restart >/dev/null 2>&
 +echo "Done" 
 +SCRIPT_EOF 
 +chmod +x "/etc/wireguard/scripts/add_named-id_peers.sh" 
 + 
 +</code> 
 + 
 +==== d) Add Additional Set Number of Peers with IDs ==== 
 +This script allows you to add a set number of extra peers with unique IDs alongside any pre-existing peers already on the system. 
 + 
 +Copy the script below to the CLI and then call the script with <code>/etc/wireguard/scripts/add_id_peers.sh</code> 
 +<code bash> 
 +mkdir "/etc/wireguard/scripts" 
 +cat > "/etc/wireguard/scripts/add_id_peers.sh" <<-'SCRIPT_EOF'
 #!/bin/ash #!/bin/ash
 clear clear
Line 335: Line 477:
 export DDNS="my-ddns.no-ip.com" export DDNS="my-ddns.no-ip.com"
 export WG_${LAN}_server_port="51821" export WG_${LAN}_server_port="51821"
-export WG_${LAN}_server_IP="${interface}.1/24"+export WG_${LAN}_server_IP="${interface}.1"
 export WG_${LAN}_server_firewall_zone="${LAN}" export WG_${LAN}_server_firewall_zone="${LAN}"
 export quantity="4" # Change the number '4' to any number of peers you would like to create export quantity="4" # Change the number '4' to any number of peers you would like to create
 function last_peer_ID () { function last_peer_ID () {
  cd "/etc/wireguard/networks/${LAN}/peers"  cd "/etc/wireguard/networks/${LAN}/peers"
- ls | sort -V | tail -1 | cut -d '_' -f 2+ ls | sort -V | tail -1 | cut -d '_' -f 1
 } }
 export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1)) export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1))
 function last_peer_IP () { function last_peer_IP () {
  cd "/etc/wireguard/networks/${LAN}/peers"  cd "/etc/wireguard/networks/${LAN}/peers"
- peer=$(ls | sort -| tail -1) + peer=$(ls | sort -| tail -1) 
- awk '/Address/' $peer/*.conf | cut -d '.' -f | tr -d /24+ awk '/Address/' $peer/*.conf | cut -d '.' -f | tr -d /24
  cd  cd
 } }
Line 368: Line 510:
  echo ""  echo ""
  # Create directory for storing peers  # Create directory for storing peers
- echo -n "Creating directory for peer '${LAN}_${peer_ID}'... "  + echo -n "Creating directory for peer '${peer_ID}_${LAN}'... "  
- umask 022; mkdir -p "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}"+ mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}"
  echo "Done"  echo "Done"
  
  # Generate peer keys  # Generate peer keys
- echo -n "Generating peer keys for '${LAN}_${peer_ID}'... "  + echo -n "Generating peer keys for '${peer_ID}_${LAN}'... "  
- umask 077; wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key" >/dev/null 2>&1+ wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Generate Pre-shared key  # Generate Pre-shared key
- echo -n "Generating peer PSK for '${LAN}_${peer_ID}'... "  + echo -n "Generating peer PSK for '${peer_ID}_${LAN}'... "  
- wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk" >/dev/null 2>&1+ wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk" >/dev/null 2>&1
  echo "Done"  echo "Done"
  
  # Add peer to server   # Add peer to server 
- echo -n "Adding '${LAN}_${peer_ID}' to WireGuard server... " + echo -n "Adding '${peer_ID}_${LAN}' to WireGuard server... " 
  uci add network wireguard_wg_${LAN} >/dev/null 2>&1  uci add network wireguard_wg_${LAN} >/dev/null 2>&1
- uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key)" + uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key)" 
- uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk)" + uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk)" 
- uci set network.@wireguard_wg_${LAN}[-1].description="${LAN}_${peer_ID}"+ uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}"
  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"  uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32"
  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'  uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1'
Line 394: Line 536:
   
  # Create peer configuration  # Create peer configuration
- echo -n "Creating config for '${LAN}_${peer_ID}'... " + echo -n "Creating config for '${peer_ID}_${LAN}'... " 
- cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.conf"+ cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.conf"
  [Interface]  [Interface]
  Address = ${interface}.${peer_IP}/32  Address = ${interface}.${peer_IP}/32
- PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key) # Peer's private key+ PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key) # Peer's private key
  DNS = ${server_IP}  DNS = ${server_IP}
  
  [Peer]  [Peer]
  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key  PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key
- PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk) # Peer's pre-shared key+ PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk) # Peer's pre-shared key
  PersistentKeepalive = 25  PersistentKeepalive = 25
  AllowedIPs = 0.0.0.0/0, ::/0  AllowedIPs = 0.0.0.0/0, ::/0
Line 431: Line 573:
 echo "Done" echo "Done"
 SCRIPT_EOF SCRIPT_EOF
-chmod +x "/root/auto_wg_id_extra.sh"+chmod +x "/etc/wireguard/scripts/add_id_peers.sh"
 </code> </code>
  
Line 459: Line 601:
 # Set permissions on peer directories # Set permissions on peer directories
 echo -en "\nSetting permissions on peer directories... " echo -en "\nSetting permissions on peer directories... "
-chmod -R 744 /etc/wireguard/networks/${LAN}/peers/+chmod -R 755 /etc/wireguard/networks/${LAN}/peers/
 echo "Done" echo "Done"
  
  • Last modified: 2023/10/14 06:28
  • by vgaetera