Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:wireguard:automated [2021/05/03 18:45] – updated firewall rule creation willowen100 | docs:guide-user:services:vpn:wireguard:automated [2022/06/14 04:03] – Removed erroneous /24 from lines beginning export WG_${LAN}_server_IP= in scripts c) & d) iainbullock | ||
|---|---|---|---|
| Line 34: | Line 34: | ||
| export WG_${LAN}_server_IP=" | export WG_${LAN}_server_IP=" | ||
| export WG_${LAN}_server_firewall_zone=" | export WG_${LAN}_server_firewall_zone=" | ||
| + | export quantity=" | ||
| + | export user_1=" | ||
| + | export user_2=" | ||
| + | export user_3=" | ||
| + | export user_4=" | ||
| echo " | echo " | ||
| # Create directories | # Create directories | ||
| echo -n " | echo -n " | ||
| - | umask 077; mkdir -p / | + | mkdir -p / |
| echo " | echo " | ||
| Line 49: | Line 54: | ||
| echo -n " | echo -n " | ||
| wg genkey | tee "/ | wg genkey | tee "/ | ||
| + | echo " | ||
| + | |||
| + | echo -n " | ||
| + | uci rename firewall.@zone[0]=" | ||
| + | uci rename firewall.@zone[1]=" | ||
| echo " | echo " | ||
| Line 67: | Line 77: | ||
| # Add firewall rule | # Add firewall rule | ||
| echo -n " | echo -n " | ||
| - | uci add firewall rule | + | uci set firewall.wg="rule" |
| - | uci set firewall.@rule[-1].target=' | + | uci set firewall.wg.name=" |
| - | uci set firewall.@rule[-1].proto=' | + | uci set firewall.wg.src=" |
| - | uci set firewall.@rule[-1].dest_port=" | + | uci set firewall.wg.dest_port=" |
| - | uci set firewall.@rule[-1].name="Allow-WireGuard-${LAN}" | + | uci set firewall.wg.proto="udp" |
| - | uci set firewall.@rule[-1].src=' | + | uci set firewall.wg.target=" |
| echo " | echo " | ||
| Line 83: | Line 93: | ||
| # Loop | # Loop | ||
| n=" | n=" | ||
| - | while [ " | + | while [ " |
| do | do | ||
| - | for username in alpha bravo charlie delta | + | for username in ${user_1} ${user_2} ${user_3} ${user_4} |
| do | do | ||
| Line 101: | Line 111: | ||
| echo "" | echo "" | ||
| # Create directory for storing peers | # Create directory for storing peers | ||
| - | echo -n " | + | echo -n " |
| - | umask 022; mkdir -p "/ | + | mkdir -p "/ |
| echo " | echo " | ||
| # Generate peer keys | # Generate peer keys | ||
| - | echo -n " | + | echo -n " |
| - | umask 077; wg genkey | tee "/ | + | wg genkey | tee "/ |
| echo " | echo " | ||
| # Generate Pre-shared key | # Generate Pre-shared key | ||
| - | echo -n " | + | echo -n " |
| - | wg genpsk | tee "/ | + | wg genpsk | tee "/ |
| echo " | echo " | ||
| # Add peer to server | # Add peer to server | ||
| - | echo -n " | + | echo -n " |
| uci add network wireguard_wg_${LAN} >/ | uci add network wireguard_wg_${LAN} >/ | ||
| - | uci set network.@wireguard_wg_${LAN}[-1].public_key=" | + | uci set network.@wireguard_wg_${LAN}[-1].public_key=" |
| - | uci set network.@wireguard_wg_${LAN}[-1].preshared_key=" | + | uci set network.@wireguard_wg_${LAN}[-1].preshared_key=" |
| - | uci set network.@wireguard_wg_${LAN}[-1].description=" | + | uci set network.@wireguard_wg_${LAN}[-1].description=" |
| uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips=" | uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips=" | ||
| uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips=' | uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips=' | ||
| Line 127: | Line 137: | ||
| # Create peer configuration | # Create peer configuration | ||
| - | echo -n " | + | echo -n " |
| - | cat << | + | cat << |
| [Interface] | [Interface] | ||
| Address = ${interface}.${peer_IP}/ | Address = ${interface}.${peer_IP}/ | ||
| - | PrivateKey = $(cat / | + | PrivateKey = $(cat / |
| DNS = ${server_IP} | DNS = ${server_IP} | ||
| [Peer] | [Peer] | ||
| PublicKey = $(cat / | PublicKey = $(cat / | ||
| - | PresharedKey = $(cat / | + | PresharedKey = $(cat / |
| PersistentKeepalive = 25 | PersistentKeepalive = 25 | ||
| AllowedIPs = 0.0.0.0/0, ::/0 | AllowedIPs = 0.0.0.0/0, ::/0 | ||
| Line 196: | Line 206: | ||
| # Create directories | # Create directories | ||
| echo -n " | echo -n " | ||
| - | umask 077; mkdir -p / | + | mkdir -p / |
| echo " | echo " | ||
| Line 207: | Line 217: | ||
| echo -n " | echo -n " | ||
| wg genkey | tee "/ | wg genkey | tee "/ | ||
| + | echo " | ||
| + | |||
| + | echo -n " | ||
| + | uci rename firewall.@zone[0]=" | ||
| + | uci rename firewall.@zone[1]=" | ||
| echo " | echo " | ||
| Line 225: | Line 240: | ||
| # Add firewall rule | # Add firewall rule | ||
| echo -n " | echo -n " | ||
| - | uci add firewall rule | + | uci set firewall.wg="rule" |
| - | uci set firewall.@rule[-1].target=' | + | uci set firewall.wg.name=" |
| - | uci set firewall.@rule[-1].proto=' | + | uci set firewall.wg.src=" |
| - | uci set firewall.@rule[-1].dest_port=" | + | uci set firewall.wg.dest_port=" |
| - | uci set firewall.@rule[-1].name="Allow-WireGuard-${LAN}" | + | uci set firewall.wg.proto="udp" |
| - | uci set firewall.@rule[-1].src=' | + | uci set firewall.wg.target=" |
| echo " | echo " | ||
| Line 250: | Line 265: | ||
| echo "" | echo "" | ||
| # Create directory for storing peers | # Create directory for storing peers | ||
| - | echo -n " | + | echo -n " |
| - | umask 022; mkdir -p "/ | + | mkdir -p "/ |
| echo " | echo " | ||
| # Generate peer keys | # Generate peer keys | ||
| - | echo -n " | + | echo -n " |
| - | umask 077; wg genkey | tee "/ | + | wg genkey | tee "/ |
| echo " | echo " | ||
| # Generate Pre-shared key | # Generate Pre-shared key | ||
| - | echo -n " | + | echo -n " |
| - | wg genpsk | tee "/ | + | wg genpsk | tee "/ |
| echo " | echo " | ||
| # Add peer to server | # Add peer to server | ||
| - | echo -n " | + | echo -n " |
| uci add network wireguard_wg_${LAN} >/ | uci add network wireguard_wg_${LAN} >/ | ||
| - | uci set network.@wireguard_wg_${LAN}[-1].public_key=" | + | uci set network.@wireguard_wg_${LAN}[-1].public_key=" |
| - | uci set network.@wireguard_wg_${LAN}[-1].preshared_key=" | + | uci set network.@wireguard_wg_${LAN}[-1].preshared_key=" |
| - | uci set network.@wireguard_wg_${LAN}[-1].description=" | + | uci set network.@wireguard_wg_${LAN}[-1].description=" |
| uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips=" | uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips=" | ||
| uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips=' | uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips=' | ||
| Line 276: | Line 291: | ||
| # Create peer configuration | # Create peer configuration | ||
| - | echo -n " | + | echo -n " |
| - | cat << | + | cat << |
| [Interface] | [Interface] | ||
| Address = ${interface}.${peer_IP}/ | Address = ${interface}.${peer_IP}/ | ||
| - | PrivateKey = $(cat / | + | PrivateKey = $(cat / |
| DNS = ${server_IP} | DNS = ${server_IP} | ||
| [Peer] | [Peer] | ||
| PublicKey = $(cat / | PublicKey = $(cat / | ||
| - | PresharedKey = $(cat / | + | PresharedKey = $(cat / |
| PersistentKeepalive = 25 | PersistentKeepalive = 25 | ||
| AllowedIPs = 0.0.0.0/0, ::/0 | AllowedIPs = 0.0.0.0/0, ::/0 | ||
| Line 316: | Line 331: | ||
| </ | </ | ||
| - | ==== c) Add Additional Set Number of Peers with IDs ==== | + | ==== c) Add Additional Set Number of Peers with Names and IDs ==== |
| - | This script allows you to add a set number of extra peers with unique IDs alongside any pre-existing peers already on the system. | + | This script allows you to add a set number of extra peers with names and unique IDs alongside any pre-existing peers already on the system. |
| - | Copy the script below to the CLI and then call the script with < | + | Copy the script below to the CLI and then call the script with < |
| <code bash> | <code bash> | ||
| + | mkdir "/ | ||
| + | cat > "/ | ||
| + | #!/bin/ash | ||
| + | clear | ||
| + | echo " | ||
| + | echo " | ||
| + | echo "| Add Additional Set Number of Peers with Names and IDs |" | ||
| + | echo " | ||
| + | # Define Variables | ||
| + | echo -n " | ||
| + | export LAN=" | ||
| + | export interface=" | ||
| + | export DDNS=" | ||
| + | export WG_${LAN}_server_port=" | ||
| + | export WG_${LAN}_server_IP=" | ||
| + | export WG_${LAN}_server_firewall_zone=" | ||
| + | export quantity=" | ||
| + | export user_1=" | ||
| + | export user_2=" | ||
| + | export user_3=" | ||
| + | export user_4=" | ||
| + | function last_peer_ID () { | ||
| + | cd "/ | ||
| + | ls | sort -V | tail -1 | cut -d ' | ||
| + | } | ||
| + | export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1)) | ||
| + | function last_peer_IP () { | ||
| + | cd "/ | ||
| + | peer=$(ls | sort -V | tail -1) | ||
| + | awk '/ | ||
| + | cd | ||
| + | } | ||
| + | export peer_IP=$(last_peer_IP) ; export peer_IP=$((peer_IP+1)) | ||
| + | echo " | ||
| - | cat << | + | n=0 |
| + | while [ " | ||
| + | do | ||
| + | for username in ${user_1} ${user_2} ${user_3} ${user_4} | ||
| + | do | ||
| + | # Configure Variables | ||
| + | echo "" | ||
| + | echo -n " | ||
| + | eval " | ||
| + | eval " | ||
| + | |||
| + | eval " | ||
| + | eval " | ||
| + | |||
| + | eval " | ||
| + | eval " | ||
| + | echo " | ||
| + | |||
| + | # Create directory for storing peers | ||
| + | echo -n " | ||
| + | mkdir -p "/ | ||
| + | echo " | ||
| + | |||
| + | # Generate peer keys | ||
| + | echo -n " | ||
| + | wg genkey | tee "/ | ||
| + | echo " | ||
| + | |||
| + | # Generate Pre-shared key | ||
| + | echo -n " | ||
| + | wg genpsk | tee "/ | ||
| + | echo " | ||
| + | |||
| + | # Add peer to server | ||
| + | echo -n " | ||
| + | uci add network wireguard_wg_${LAN} >/ | ||
| + | uci set network.@wireguard_wg_${LAN}[-1].public_key=" | ||
| + | uci set network.@wireguard_wg_${LAN}[-1].preshared_key=" | ||
| + | uci set network.@wireguard_wg_${LAN}[-1].description=" | ||
| + | uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips=" | ||
| + | uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips=' | ||
| + | uci set network.@wireguard_wg_${LAN}[-1].persistent_keepalive=' | ||
| + | echo " | ||
| + | |||
| + | # Create peer configuration | ||
| + | echo -n " | ||
| + | cat <<-EOF > "/ | ||
| + | [Interface] | ||
| + | Address = ${interface}.${peer_IP}/ | ||
| + | PrivateKey = $(cat / | ||
| + | DNS = ${server_IP} | ||
| + | |||
| + | [Peer] | ||
| + | PublicKey = $(cat / | ||
| + | PresharedKey = $(cat / | ||
| + | PersistentKeepalive = 25 | ||
| + | AllowedIPs = 0.0.0.0/0, ::/0 | ||
| + | Endpoint = ${DDNS}: | ||
| + | EOF | ||
| + | echo " | ||
| + | |||
| + | # Increment variables by ' | ||
| + | peer_ID=$((peer_ID+1)) | ||
| + | peer_IP=$((peer_IP+1)) | ||
| + | n=$((n+1)) | ||
| + | done | ||
| + | done | ||
| + | |||
| + | # Commit UCI changes | ||
| + | echo -en " | ||
| + | uci commit | ||
| + | echo " | ||
| + | |||
| + | # Restart WireGuard interface | ||
| + | echo -en " | ||
| + | ifup wg_${LAN} | ||
| + | echo " | ||
| + | |||
| + | # Restart firewall | ||
| + | echo -en " | ||
| + | / | ||
| + | echo "Done" | ||
| + | SCRIPT_EOF | ||
| + | chmod +x "/ | ||
| + | |||
| + | </ | ||
| + | |||
| + | ==== d) Add Additional Set Number of Peers with IDs ==== | ||
| + | This script allows you to add a set number of extra peers with unique IDs alongside any pre-existing peers already on the system. | ||
| + | |||
| + | Copy the script below to the CLI and then call the script with < | ||
| + | <code bash> | ||
| + | mkdir "/etc/wireguard/ | ||
| + | cat > "/ | ||
| #!/bin/ash | #!/bin/ash | ||
| clear | clear | ||
| Line 335: | Line 477: | ||
| export DDNS=" | export DDNS=" | ||
| export WG_${LAN}_server_port=" | export WG_${LAN}_server_port=" | ||
| - | export WG_${LAN}_server_IP=" | + | export WG_${LAN}_server_IP=" |
| export WG_${LAN}_server_firewall_zone=" | export WG_${LAN}_server_firewall_zone=" | ||
| export quantity=" | export quantity=" | ||
| function last_peer_ID () { | function last_peer_ID () { | ||
| cd "/ | cd "/ | ||
| - | ls | sort -V | tail -1 | cut -d ' | + | ls | sort -V | tail -1 | cut -d ' |
| } | } | ||
| export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1)) | export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1)) | ||
| function last_peer_IP () { | function last_peer_IP () { | ||
| cd "/ | cd "/ | ||
| - | peer=$(ls | sort -n | tail -1) | + | peer=$(ls | sort -V | tail -1) |
| - | awk '/ | + | awk '/ |
| cd | cd | ||
| } | } | ||
| Line 368: | Line 510: | ||
| echo "" | echo "" | ||
| # Create directory for storing peers | # Create directory for storing peers | ||
| - | echo -n " | + | echo -n " |
| - | umask 022; mkdir -p "/ | + | mkdir -p "/ |
| echo " | echo " | ||
| # Generate peer keys | # Generate peer keys | ||
| - | echo -n " | + | echo -n " |
| - | umask 077; wg genkey | tee "/ | + | wg genkey | tee "/ |
| echo " | echo " | ||
| # Generate Pre-shared key | # Generate Pre-shared key | ||
| - | echo -n " | + | echo -n " |
| - | wg genpsk | tee "/ | + | wg genpsk | tee "/ |
| echo " | echo " | ||
| # Add peer to server | # Add peer to server | ||
| - | echo -n " | + | echo -n " |
| uci add network wireguard_wg_${LAN} >/ | uci add network wireguard_wg_${LAN} >/ | ||
| - | uci set network.@wireguard_wg_${LAN}[-1].public_key=" | + | uci set network.@wireguard_wg_${LAN}[-1].public_key=" |
| - | uci set network.@wireguard_wg_${LAN}[-1].preshared_key=" | + | uci set network.@wireguard_wg_${LAN}[-1].preshared_key=" |
| - | uci set network.@wireguard_wg_${LAN}[-1].description=" | + | uci set network.@wireguard_wg_${LAN}[-1].description=" |
| uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips=" | uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips=" | ||
| uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips=' | uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips=' | ||
| Line 394: | Line 536: | ||
| # Create peer configuration | # Create peer configuration | ||
| - | echo -n " | + | echo -n " |
| - | cat << | + | cat << |
| [Interface] | [Interface] | ||
| Address = ${interface}.${peer_IP}/ | Address = ${interface}.${peer_IP}/ | ||
| - | PrivateKey = $(cat / | + | PrivateKey = $(cat / |
| DNS = ${server_IP} | DNS = ${server_IP} | ||
| [Peer] | [Peer] | ||
| PublicKey = $(cat / | PublicKey = $(cat / | ||
| - | PresharedKey = $(cat / | + | PresharedKey = $(cat / |
| PersistentKeepalive = 25 | PersistentKeepalive = 25 | ||
| AllowedIPs = 0.0.0.0/0, ::/0 | AllowedIPs = 0.0.0.0/0, ::/0 | ||
| Line 431: | Line 573: | ||
| echo " | echo " | ||
| SCRIPT_EOF | SCRIPT_EOF | ||
| - | chmod +x "/root/auto_wg_id_extra.sh" | + | chmod +x "/etc/wireguard/ |
| </ | </ | ||
| Line 459: | Line 601: | ||
| # Set permissions on peer directories | # Set permissions on peer directories | ||
| echo -en " | echo -en " | ||
| - | chmod -R 744 / | + | chmod -R 755 / |
| echo " | echo " | ||