commit d49adb8f224d9f6cf4992df5b275c23e2f62729d Author: Alexandre Chazal Date: Tue Oct 12 16:20:31 2021 +0200 init diff --git a/del-wg.sh b/del-wg.sh new file mode 100644 index 0000000..6ab5a30 --- /dev/null +++ b/del-wg.sh @@ -0,0 +1,14 @@ +#! /usr/bin/env bash + +if [ $# -ne 1 ]; then + echo "[!!] I (just) need the base64 pubkey of the target client" + exit 1 +fi + +# Suppression du pair +wg set wg0 peer $1 remove +# Enregistrement de la modification +wg-quick save wg0 +# Suppression de sa config +echo "[++] Peer has been removed (if it really existed)" +echo "[++] Key was : $1" \ No newline at end of file diff --git a/new-wg.sh b/new-wg.sh new file mode 100644 index 0000000..f0bc1a7 --- /dev/null +++ b/new-wg.sh @@ -0,0 +1,122 @@ +#! /usr/bin/env bash + +function usage() +{ + echo "usage: $(basename $0) [-h] [-i interface] [-d nameserver] [-a address]" + echo " -h show this help message" + echo " -i interface the targeted wireguard interface" + echo " -d nameserver the DNS server to put in the client configuration" + echo " -a address your server public address (IP or DNS)" +} + +function checks() +{ + # On regarde si l'interface existe bien + if [ ! -f "/etc/wireguard/$interface.conf" ]; then + echo "[!!] Given interface $interface does not exist, quitting" + exit 2 + fi + + # Si aucun serveur DNS n'a ete renseigne, on prend le premier du resolv.conf + if [ ${#nameserver} -eq 0 ]; then + namerserver="$(sed -n -r "s|nameserver (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*|\1|p" /etc/resolv.conf | head -1)" + fi + # Si aucun nom de domaine ou adresse IP est resignee, on prend le nom de domaine complet + # du server + if [ ${#serv_addr} -eq 0 ]; then + serv_addr="$(hostname -f)" + fi +} + +function getIP() +{ + # Get available IP from server config + lastip="$(sed -n -r "s|AllowedIPs = (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3}).*|\1 \2 \3 \4|p" "/etc/wireguard/$interface.conf")" + lastip="$(echo "$lastip" | sort -n -t ' ' -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tail -1)" + # On convertit en hexa + newip="$(printf "%02X" $lastip)" + # On incremente de 1 + newip="$(( 0x$newip + 0x1 ))" + # Check si on ne tape pas le broadcast + if [ $(( $newip & 0xff )) -eq 255 ]; then + echo "[!!] No new IP is available, next would be .255" + echo "[!!] Last used IP was $lastip" + exit 3 + fi + # Reconversion en IP + newip="$(printf "%08X" $newip | sed -r 's/(..)/0x\1 /g')" + newip="$(printf "%d.%d.%d.%d" $newip)" +} + +# Variables +interface="wg0" +nameserver="" +serv_addr="" + +opts=":hida" +while getopts "$opts" arg; do + case "$arg" in + h) + usage + exit 0;; + d) nameserver="$OPTARG";; + i) interface="$OPTARG";; + a) serv_addr="$OPTARG";; + ?) + echo "[!!] Invalid option: -$OPTARG" + usage + exit 1 + ;; + esac +done + +# On verifie les parametres +checks + +# On monte l'interface au cas ou +wg-quick up "$interface" 2> /dev/null + +client_confs="/etc/wireguard/clients" +mkdir -p "$client_confs" +clientpath="$(mktemp "$client_confs/client.confXXXXXX")" + +# On recupere la nouvelle IP +getIP + +echo "[++] New client address = $newip" + +# Generation des cles privees et publiques +serv_pubkey="$(wg show wg0 public-key)" +client_privkey="$(wg genkey)" +client_pubkey="$(echo "$client_privkey" | wg pubkey)" +echo "[++] Client pubkey = $client_pubkey" + +# Remplissage de la config client +cat << EOF > "$clientpath" +[Interface] +Address = $newip/32 +PrivateKey = $client_privkey +DNS = $nameserver + +[Peer] +PublicKey = $serv_pubkey +Endpoint = $serv_addr:$(sed -n -r "s|ListenPort = (\d+)|\1|p" /etc/wireguard/wg0.conf) +AllowedIPs = 0.0.0.0/0 + +EOF +echo "[++] New client config written in $clientpath" +# Creation du QRCode +qrencode -t ansiutf8 "$(cat "$clientpath")" + +# Modification de la config serveur +cat << EOF >> "/etc/wireguard/wg0.conf" + +# Added with a script +[Peer] +PublicKey = $client_pubkey +AllowedIPs = $newip/32 +EOF +echo "[++] Added client to the server" + +# Ajout du client a l'interface wireguard +wg addconf wg0 <(wg-quick strip wg0) \ No newline at end of file