Make stage4 output the wireguard public key
This commit is contained in:
Nico Schottelius
parent
de918f9456
commit
9b57f031ce
1 changed files with 29 additions and 7 deletions
|
|
@ -195,6 +195,12 @@ opkg update
|
|||
opkg install wireguard
|
||||
opkg install luci-app-wireguard
|
||||
|
||||
# The IPv6 lan configuration
|
||||
uci set network.lanv6=interface
|
||||
uci set network.lanv6.proto='static'
|
||||
uci set network.lanv6.ip6addr='${my_lan_ip}/64'
|
||||
uci set network.lanv6.ifname='br-lan'
|
||||
|
||||
# wifi ip address
|
||||
uci set network.wifi=interface
|
||||
uci set network.wifi.proto='static'
|
||||
|
|
@ -226,6 +232,23 @@ uci set dhcp.wifi.interface='wifi'
|
|||
uci set dhcp.wifi.ra='server'
|
||||
uci set dhcp.wifi.dynamicdhcp='0'
|
||||
|
||||
# LAN / Router advertisements / DHCP
|
||||
# DHCP: we are not authoratative
|
||||
uci delete dhcp.@dnsmasq[0].authoritative
|
||||
uci delete dhcp.lan.dhcpv6
|
||||
uci delete dhcp.lan.start
|
||||
uci delete dhcp.lan.limit
|
||||
uci delete dhcp.lan.leasetime
|
||||
|
||||
# Do not announce ULA - we have GUA
|
||||
uci delete network.globals.ula_prefix
|
||||
|
||||
uci set dhcp.lan=dhcp
|
||||
uci set dhcp.lan.interface='lanv6'
|
||||
uci set dhcp.lan.ra='server'
|
||||
uci set dhcp.lan.dynamicdhcp='0'
|
||||
|
||||
|
||||
# Fix DNS: make dnsmasq NOT use a resolv.conf
|
||||
# so that it only reads from our servers with DNS64 enabled
|
||||
uci set dhcp.@dnsmasq[0].noresolv='1'
|
||||
|
|
@ -234,6 +257,10 @@ uci set dhcp.@dnsmasq[0].noresolv='1'
|
|||
# otherwise the VPN tunnel cannot be established
|
||||
dhcp.@dnsmasq[0].localuse='0'
|
||||
|
||||
# DNS upstream over VPN gives DNS64
|
||||
uci delete dhcp.@dnsmasq[0].server
|
||||
uci add_list dhcp.@dnsmasq[0].server='2a0a:e5c0:0:a::a'
|
||||
uci add_list dhcp.@dnsmasq[0].server='2a0a:e5c0:2:a::a'
|
||||
|
||||
# VPN / Wireguard
|
||||
uci set network.wg0=interface
|
||||
|
|
@ -292,7 +319,7 @@ uci set firewall.@rule[-1].target='ACCEPT'
|
|||
fi
|
||||
|
||||
# Add interfaces to the right network zone
|
||||
uci set firewall.@zone[0].network='lan lanv4 wifi'
|
||||
uci set firewall.@zone[0].network='lan lanv6 wifi'
|
||||
uci set firewall.@zone[1].network='wg0'
|
||||
|
||||
uci commit firewall
|
||||
|
|
@ -301,6 +328,7 @@ uci commit firewall
|
|||
reboot
|
||||
EOF
|
||||
|
||||
echo "Wireguard public key: ${public_key}"
|
||||
}
|
||||
|
||||
################################################################################
|
||||
|
|
@ -334,14 +362,8 @@ stage5()
|
|||
|
||||
# VPN works, remove artefacts, set correct DNS servers that support DNS64
|
||||
cat <<EOF | ssh -t "root@${viirb_ip}"
|
||||
# DNS upstream over VPN gives DNS64
|
||||
uci delete dhcp.@dnsmasq[0].server
|
||||
uci add_list dhcp.@dnsmasq[0].server='2a0a:e5c0:0:a::a'
|
||||
uci add_list dhcp.@dnsmasq[0].server='2a0a:e5c0:2:a::a'
|
||||
|
||||
# Remove temporary IP
|
||||
uci delete network.lanv4temp
|
||||
|
||||
uci commit
|
||||
|
||||
# Remove our ssh keys
|
||||
|
|
|
|||
Loading…
Reference in a new issue