ungleich-tools/openwrt/viwib-3-vpn.sh

77 lines
1.6 KiB
Bash
Raw Normal View History

2020-06-14 20:50:43 +00:00
#!/bin/sh
2020-12-11 22:52:31 +00:00
# 2020-12-11, Nico Schottelius
2020-06-14 20:50:43 +00:00
if [ $# -ne 3 ]; then
2020-12-11 22:52:31 +00:00
echo "$0 your-dot-cdist viwib-id public-key"
echo " your-dot-cdist: path to YOUR ungleich-dot-cdist repo"
2020-12-11 22:52:31 +00:00
echo " viwib-id: number in decimal format"
2020-06-14 20:50:43 +00:00
echo " wireguard public key"
exit 1
fi
set -x
dot_cdist=$1; shift
2020-06-14 20:50:43 +00:00
id=$1; shift
public_key=$1; shift
hex_id=$(printf "%0.2x\n" "$id")
2020-12-11 22:52:31 +00:00
viwib_hostname=viwib${id}
2020-06-14 20:50:43 +00:00
2020-12-11 22:52:31 +00:00
prefix_base=2a0a:e5c1:6
2020-06-14 20:50:43 +00:00
my_prefix=${prefix_base}${hex_id}
my_network=${my_prefix}::/48
my_wireguard_ip=${my_prefix}::42
my_lan_ip=${my_prefix}:cafe::42
my_wifi_ip=${my_prefix}:7ea::42
2020-06-14 20:50:43 +00:00
2020-12-11 22:52:31 +00:00
vpn_endpoint_host=vpn-2a0ae5c1600.ungleich.ch
2020-06-14 20:50:43 +00:00
# cdist
dot_cdist_files=${dot_cdist}/type/__ungleich_wireguard/files
peerfilename=${vpn_endpoint_host}.peer${hex_id}
peerfile=${dot_cdist_files}/${peerfilename}
vpnconfig=${dot_cdist_files}/${vpn_endpoint_host}
# Configure VPN server / update cdist
echo Updating VPNserver
cat <<EOF > ${peerfile}
2020-12-11 22:52:31 +00:00
# ${viwib_hostname}, $(date +%F)
2020-06-14 20:50:43 +00:00
[Peer]
PublicKey = ${public_key}
AllowedIPs = ${my_network}
EOF
# Generate real config
cat ${dot_cdist_files}/${vpn_endpoint_host}.* > ${vpnconfig}
cd ${dot_cdist_files}
git add ${vpn_endpoint_host} ${peerfilename}
2020-12-11 22:52:31 +00:00
git commit -m "[vpn] Updated config for peer ${viwib_hostname} ${my_network}"
2020-06-14 20:50:43 +00:00
git pull
git push
2020-11-04 09:55:48 +00:00
cdist config -v -j8 ${vpn_endpoint_host} -c ${dot_cdist}
# Test that the VPN connection is established
2020-06-14 22:17:10 +00:00
# Might take longer due to reboot
sleep 10
i=0
while [ $i -lt 10 ]; do
ping -c1 ${my_wireguard_ip} && break
i=$((i+1))
done
i=0
while [ $i -lt 10 ]; do
ping -c1 ${my_lan_ip} && break
i=$((i+1))
done
i=0
while [ $i -lt 10 ]; do
ping -c1 ${my_wifi_ip} && break
i=$((i+1))
done