143 lines
4.6 KiB
Plaintext
143 lines
4.6 KiB
Plaintext
|
#!/bin/bash
|
||
|
|
||
|
# This script creates a wireguard configuration for both sides
|
||
|
|
||
|
prog="$(basename $0)"
|
||
|
|
||
|
a_privkey=$(wg genkey)
|
||
|
a_pubkey=$(echo ${a_privkey} | wg pubkey)
|
||
|
a_file=./side-a.conf
|
||
|
a_print_qr=0
|
||
|
a_print_opn=0
|
||
|
|
||
|
b_privkey=$(wg genkey)
|
||
|
b_pubkey=$(echo ${b_privkey} | wg pubkey)
|
||
|
b_file=./side-b.conf
|
||
|
b_print_qr=0
|
||
|
b_print_opn=0
|
||
|
|
||
|
port=51820
|
||
|
persistent_keepalive=25
|
||
|
psk=$(wg genpsk)
|
||
|
|
||
|
if ! which wg > /dev/null; then
|
||
|
echo "Please install wireguard before running this script!"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
if ! which qrencode > /dev/null; then
|
||
|
echo "Please install qrencode before running this script!"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
|
||
|
|
||
|
usage() {
|
||
|
cat >&2 <<-EOF
|
||
|
usage: $prog [-h]
|
||
|
creates a wireguard configuration for both endpoints
|
||
|
|
||
|
-e ENDPOINT_ADDR Endpoint address on side A
|
||
|
-t TUNNEL_ADDR Tunnel address on side A
|
||
|
-n NETWORKS CIDR formatted networks accessible on side A (comma separated)
|
||
|
-d DNS DNS servers and suffixes accessible on side A (comma separated)
|
||
|
-f FILENAME Save side A to specified file (default: $a_file)
|
||
|
-q Print side A as QR code
|
||
|
-o Print side A as OPNsense template
|
||
|
|
||
|
-E ENDPOINT Endpoint address on side B
|
||
|
-T TUNNEL_ADDR Tunnel address on side B
|
||
|
-N NETWORKS CIDR formatted networks accessible on side B (comma separated)
|
||
|
-D DNS DNS servers and suffixes accessible on side B (comma separated)
|
||
|
-F FILENAME Save side B to specified file (default: $b_file)
|
||
|
-Q Print side B as QR code
|
||
|
-O Print side B as OPNsense template
|
||
|
|
||
|
-p PORT UDP Port (used on both sides, default: $port)
|
||
|
-k KEEPALIVE Override PersistentKeepalive (default: $persistent_keepalive)
|
||
|
|
||
|
-h displays this help text
|
||
|
---------------------------------------------------------------------------
|
||
|
(C) 2023 wg-creator by bashclub (https://github.com/bashclub)
|
||
|
Author: Thorsten Spille <thorsten@spille-edv.de>
|
||
|
---------------------------------------------------------------------------
|
||
|
EOF
|
||
|
exit $1
|
||
|
}
|
||
|
|
||
|
|
||
|
while getopts "e:t:n:d:f:qoE:T:N:D:F:QOp:k:h" opt; do
|
||
|
case $opt in
|
||
|
h) usage 0 ;;
|
||
|
e) a_endpoint_address=$OPTARG ;;
|
||
|
E) b_endpoint_address=$OPTARG ;;
|
||
|
t) a_tunnel_address=$OPTARG ;;
|
||
|
T) b_tunnel_address=$OPTARG ;;
|
||
|
n) a_networks=$OPTARG ;;
|
||
|
N) b_networks=$OPTARG ;;
|
||
|
d) a_dns=$OPTARG ;;
|
||
|
D) b_dns=$OPTARG ;;
|
||
|
f) a_file=$OPTARG ;;
|
||
|
F) b_file=$OPTARG ;;
|
||
|
q) a_print_qr=1 ;;
|
||
|
Q) b_print_qr=1 ;;
|
||
|
o) a_print_opn=1 ;;
|
||
|
O) b_print_opn=1 ;;
|
||
|
p) port=$OPTARG ;;
|
||
|
k) persistent_keepalive=$OPTARG ;;
|
||
|
esac
|
||
|
done
|
||
|
shift $((OPTIND-1))
|
||
|
|
||
|
cat << EOF > $a_file
|
||
|
[Interface]
|
||
|
PrivateKey = $a_privkey
|
||
|
Address = $a_tunnel_address
|
||
|
DNS = $b_dns
|
||
|
Port = $port
|
||
|
|
||
|
[Peer]
|
||
|
PublicKey = $b_pubkey
|
||
|
PresharedKey = $psk
|
||
|
AllowedIPs = $(echo $b_tunnel_address | cut -d '/' -f1)/32,$b_networks
|
||
|
Endpoint = ${b_endpoint_address}:${port}
|
||
|
PersistentKeepalive = $persistent_keepalive
|
||
|
EOF
|
||
|
|
||
|
echo -e "SIDE A\n-----\n"
|
||
|
if [ $a_print_qr -gt 0 ]; then
|
||
|
qrencode -t ansiutf8 < $a_file
|
||
|
elif [ $a_print_opn -gt 0 ]; then
|
||
|
echo -e "Paste the following values into your OPNsense Wireguard config\n"
|
||
|
echo -e "[Local]\n Public Key:\t\t$a_pubkey\n Private Key:\t\t$a_privkey\n Listen Port:\t\t$port\n Tunnel Address:\t$a_tunnel_address\n\n[Endpoint]\n Public Key:\t\t$b_pubkey\n Shared Secret:\t$psk\n Allowed IPs:\t\t$(echo $b_tunnel_address | cut -d '/' -f1)/32,$b_networks\n Endpoint Address:\t$b_endpoint_address\n Endpoint Port:\t$port\n Keepalive Interval:\t$persistent_keepalive\n"
|
||
|
else
|
||
|
cat $a_file
|
||
|
echo ""
|
||
|
fi
|
||
|
|
||
|
cat << EOF > $b_file
|
||
|
[Interface]
|
||
|
PrivateKey = $b_privkey
|
||
|
Address = $b_tunnel_address
|
||
|
DNS = $a_dns
|
||
|
Port = $port
|
||
|
|
||
|
[Peer]
|
||
|
PublicKey = $a_pubkey
|
||
|
PresharedKey = $psk
|
||
|
AllowedIPs = $(echo $a_tunnel_address | cut -d '/' -f1)/32,$a_networks
|
||
|
Endpoint = ${a_endpoint_address}:${port}
|
||
|
PersistentKeepalive = $persistent_keepalive
|
||
|
EOF
|
||
|
|
||
|
echo -e "SIDE B\n-----\n"
|
||
|
if [ $b_print_qr -gt 0 ]; then
|
||
|
qrencode -t ansiutf8 < $b_file
|
||
|
elif [ $b_print_opn -gt 0 ]; then
|
||
|
echo -e "Paste the following values into your OPNsense Wireguard config\n"
|
||
|
echo -e "[Local]\n Public Key:\t\t$b_pubkey\n Private Key:\t\t$b_privkey\n Listen Port:\t\t$port\n Tunnel Address:\t$b_tunnel_address\n\n[Endpoint]\n Public Key:\t\t$a_pubkey\n Shared Secret:\t$psk\n Allowed IPs:\t\t$(echo $a_tunnel_address | cut -d '/' -f1)/32,$a_networks\n Endpoint Address:\t$a_endpoint_address\n Endpoint Port:\t$port\n Keepalive Interval:\t$persistent_keepalive\n"
|
||
|
else
|
||
|
cat $b_file
|
||
|
echo ""
|
||
|
fi
|