„wg-config“ hinzufügen

2023-04-01 22:38:56 +02:00 · 2023-04-01 22:38:56 +02:00 · 5449d19b46
commit 5449d19b46
parent fba3a95c79
1 changed files with 142 additions and 0 deletions
--- a/142
+++ b/142
@ -0,0 +1,142 @@
+#!/bin/bash
+
+# This script creates a wireguard configuration for both sides
+
+prog="$(basename $0)"
+
+a_privkey=$(wg genkey)
+a_pubkey=$(echo ${a_privkey} | wg pubkey)
+a_file=./side-a.conf
+a_print_qr=0
+a_print_opn=0
+
+b_privkey=$(wg genkey)
+b_pubkey=$(echo ${b_privkey} | wg pubkey)
+b_file=./side-b.conf
+b_print_qr=0
+b_print_opn=0
+
+port=51820
+persistent_keepalive=25
+psk=$(wg genpsk)
+
+if ! which wg > /dev/null; then
+    echo "Please install wireguard before running this script!"
+    exit 1
+fi
+
+if ! which qrencode > /dev/null; then
+    echo "Please install qrencode before running this script!"
+    exit 1
+fi
+
+
+
+usage() {
+	cat >&2 <<-EOF
+	usage: $prog [-h] 
+	  creates a wireguard configuration for both endpoints
+
+    -e ENDPOINT_ADDR     Endpoint address on side A
+    -t TUNNEL_ADDR       Tunnel address on side A
+    -n NETWORKS          CIDR formatted networks accessible on side A (comma separated)
+    -d DNS               DNS servers and suffixes accessible on side A (comma separated)
+    -f FILENAME          Save side A to specified file (default: $a_file)
+    -q                   Print side A as QR code
+    -o                   Print side A as OPNsense template
+
+    -E ENDPOINT          Endpoint address on side B
+    -T TUNNEL_ADDR       Tunnel address on side B
+    -N NETWORKS          CIDR formatted networks accessible on side B (comma separated)
+    -D DNS               DNS servers and suffixes accessible on side B (comma separated)
+    -F FILENAME          Save side B to specified file (default: $b_file)
+    -Q                   Print side B as QR code
+    -O                   Print side B as OPNsense template
+
+    -p PORT              UDP Port (used on both sides, default: $port)
+    -k KEEPALIVE         Override PersistentKeepalive (default: $persistent_keepalive)
+
+    -h                   displays this help text
+  ---------------------------------------------------------------------------
+    (C) 2023             wg-creator by bashclub (https://github.com/bashclub)
+                 Author: Thorsten Spille <thorsten@spille-edv.de>
+  ---------------------------------------------------------------------------
+	EOF
+	exit $1
+}
+
+
+while getopts "e:t:n:d:f:qoE:T:N:D:F:QOp:k:h" opt; do
+  case $opt in
+    h) usage 0 ;;
+    e) a_endpoint_address=$OPTARG ;;
+    E) b_endpoint_address=$OPTARG ;;
+    t) a_tunnel_address=$OPTARG ;;
+    T) b_tunnel_address=$OPTARG ;;
+    n) a_networks=$OPTARG ;;
+    N) b_networks=$OPTARG ;;
+    d) a_dns=$OPTARG ;;
+    D) b_dns=$OPTARG ;;
+    f) a_file=$OPTARG ;;
+    F) b_file=$OPTARG ;;
+    q) a_print_qr=1 ;;
+    Q) b_print_qr=1 ;;
+    o) a_print_opn=1 ;;
+    O) b_print_opn=1 ;;
+    p) port=$OPTARG ;;
+    k) persistent_keepalive=$OPTARG ;;
+  esac
+done
+shift $((OPTIND-1))
+
+cat << EOF > $a_file
+[Interface]
+PrivateKey = $a_privkey
+Address = $a_tunnel_address
+DNS = $b_dns
+Port = $port
+
+[Peer]
+PublicKey = $b_pubkey
+PresharedKey = $psk
+AllowedIPs = $(echo $b_tunnel_address | cut -d '/' -f1)/32,$b_networks
+Endpoint = ${b_endpoint_address}:${port}
+PersistentKeepalive = $persistent_keepalive
+EOF
+
+echo -e "SIDE A\n-----\n"
+if [ $a_print_qr -gt 0 ]; then
+    qrencode -t ansiutf8 < $a_file
+elif [ $a_print_opn -gt 0 ]; then
+    echo -e "Paste the following values into your OPNsense Wireguard config\n"
+    echo -e "[Local]\n  Public Key:\t\t$a_pubkey\n  Private Key:\t\t$a_privkey\n  Listen Port:\t\t$port\n  Tunnel Address:\t$a_tunnel_address\n\n[Endpoint]\n  Public Key:\t\t$b_pubkey\n  Shared Secret:\t$psk\n  Allowed IPs:\t\t$(echo $b_tunnel_address | cut -d '/' -f1)/32,$b_networks\n  Endpoint Address:\t$b_endpoint_address\n  Endpoint Port:\t$port\n  Keepalive Interval:\t$persistent_keepalive\n"
+else
+    cat $a_file
+    echo ""
+fi
+
+cat << EOF > $b_file
+[Interface]
+PrivateKey = $b_privkey
+Address = $b_tunnel_address
+DNS = $a_dns
+Port = $port
+
+[Peer]
+PublicKey = $a_pubkey
+PresharedKey = $psk
+AllowedIPs = $(echo $a_tunnel_address | cut -d '/' -f1)/32,$a_networks
+Endpoint = ${a_endpoint_address}:${port}
+PersistentKeepalive = $persistent_keepalive
+EOF
+
+echo -e "SIDE B\n-----\n"
+if [ $b_print_qr -gt 0 ]; then
+    qrencode -t ansiutf8 < $b_file
+elif [ $b_print_opn -gt 0 ]; then
+    echo -e "Paste the following values into your OPNsense Wireguard config\n"
+    echo -e "[Local]\n  Public Key:\t\t$b_pubkey\n  Private Key:\t\t$b_privkey\n  Listen Port:\t\t$port\n  Tunnel Address:\t$b_tunnel_address\n\n[Endpoint]\n  Public Key:\t\t$a_pubkey\n  Shared Secret:\t$psk\n  Allowed IPs:\t\t$(echo $a_tunnel_address | cut -d '/' -f1)/32,$a_networks\n  Endpoint Address:\t$a_endpoint_address\n  Endpoint Port:\t$port\n  Keepalive Interval:\t$persistent_keepalive\n"
+else
+    cat $b_file
+    echo ""
+fi