alexandre/wg-helpers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Alexandre CHAZAL
2021-10-12 16:20:31 +02:00
commit d49adb8f22
2 changed files with 136 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
del-wg.sh Normal file
View File

@@ -0,0 +1,14 @@
#! /usr/bin/env bash
if [ $# -ne 1 ]; then
echo "[!!] I (just) need the base64 pubkey of the target client"
exit 1
fi
# Suppression du pair
wg set wg0 peer $1 remove
# Enregistrement de la modification
wg-quick save wg0
# Suppression de sa config
echo "[++] Peer has been removed (if it really existed)"
echo "[++] Key was : $1"

122
new-wg.sh Normal file
View File

@@ -0,0 +1,122 @@
#! /usr/bin/env bash
function usage()
{
echo "usage: $(basename $0) [-h] [-i interface] [-d nameserver] [-a address]"
echo " -h show this help message"
echo " -i interface the targeted wireguard interface"
echo " -d nameserver the DNS server to put in the client configuration"
echo " -a address your server public address (IP or DNS)"
}
function checks()
{
# On regarde si l'interface existe bien
if [ ! -f "/etc/wireguard/$interface.conf" ]; then
echo "[!!] Given interface $interface does not exist, quitting"
exit 2
fi
# Si aucun serveur DNS n'a ete renseigne, on prend le premier du resolv.conf
if [ ${#nameserver} -eq 0 ]; then
namerserver="$(sed -n -r "s|nameserver (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*|\1|p" /etc/resolv.conf | head -1)"
fi
# Si aucun nom de domaine ou adresse IP est resignee, on prend le nom de domaine complet
# du server
if [ ${#serv_addr} -eq 0 ]; then
serv_addr="$(hostname -f)"
fi
}
function getIP()
{
# Get available IP from server config
lastip="$(sed -n -r "s|AllowedIPs = (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3}).*|\1 \2 \3 \4|p" "/etc/wireguard/$interface.conf")"
lastip="$(echo "$lastip" | sort -n -t ' ' -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tail -1)"
# On convertit en hexa
newip="$(printf "%02X" $lastip)"
# On incremente de 1
newip="$(( 0x$newip + 0x1 ))"
# Check si on ne tape pas le broadcast
if [ $(( $newip & 0xff )) -eq 255 ]; then
echo "[!!] No new IP is available, next would be .255"
echo "[!!] Last used IP was $lastip"
exit 3
fi
# Reconversion en IP
newip="$(printf "%08X" $newip | sed -r 's/(..)/0x\1 /g')"
newip="$(printf "%d.%d.%d.%d" $newip)"
}
# Variables
interface="wg0"
nameserver=""
serv_addr=""
opts=":hida"
while getopts "$opts" arg; do
case "$arg" in
h)
usage
exit 0;;
d) nameserver="$OPTARG";;
i) interface="$OPTARG";;
a) serv_addr="$OPTARG";;
?)
echo "[!!] Invalid option: -$OPTARG"
usage
exit 1
;;
esac
done
# On verifie les parametres
checks
# On monte l'interface au cas ou
wg-quick up "$interface" 2> /dev/null
client_confs="/etc/wireguard/clients"
mkdir -p "$client_confs"
clientpath="$(mktemp "$client_confs/client.confXXXXXX")"
# On recupere la nouvelle IP
getIP
echo "[++] New client address = $newip"
# Generation des cles privees et publiques
serv_pubkey="$(wg show wg0 public-key)"
client_privkey="$(wg genkey)"
client_pubkey="$(echo "$client_privkey" | wg pubkey)"
echo "[++] Client pubkey = $client_pubkey"
# Remplissage de la config client
cat << EOF > "$clientpath"
[Interface]
Address = $newip/32
PrivateKey = $client_privkey
DNS = $nameserver
[Peer]
PublicKey = $serv_pubkey
Endpoint = $serv_addr:$(sed -n -r "s|ListenPort = (\d+)|\1|p" /etc/wireguard/wg0.conf)
AllowedIPs = 0.0.0.0/0
EOF
echo "[++] New client config written in $clientpath"
# Creation du QRCode
qrencode -t ansiutf8 "$(cat "$clientpath")"
# Modification de la config serveur
cat << EOF >> "/etc/wireguard/wg0.conf"
# Added with a script
[Peer]
PublicKey = $client_pubkey
AllowedIPs = $newip/32
EOF
echo "[++] Added client to the server"
# Ajout du client a l'interface wireguard
wg addconf wg0 <(wg-quick strip wg0)