2020-11-19 18:49:00 +00:00
|
|
|
#!/bin/sh
|
|
|
|
# Nico Schottelius
|
|
|
|
# 2020-11-19
|
|
|
|
|
|
|
|
if [ $# -lt 4 ]; then
|
|
|
|
echo "$0 ip-address vpn-server ipv6-network [privatekey]"
|
|
|
|
echo " ip-address: where to find the OpenWRT device"
|
|
|
|
echo " vpn-server: where to connect to"
|
|
|
|
echo " vpn-server-pubkey: public key of the server"
|
|
|
|
echo " ipv6-network: which network to use for us (/48 expected)"
|
|
|
|
echo " private-key: specify wireguard key optionally"
|
|
|
|
exit 1
|
2023-04-20 11:51:56 +00:00
|
|
|
qnfi
|
2020-11-19 18:49:00 +00:00
|
|
|
|
|
|
|
my_ip=$1; shift
|
|
|
|
vpn_endpoint_host=$1; shift
|
|
|
|
vpn_endpoint_pubkey=$1; shift
|
|
|
|
network=$1; shift
|
|
|
|
|
|
|
|
# wireguard
|
|
|
|
if [ $# -eq 1 ]; then
|
|
|
|
private_key=$1; shift
|
|
|
|
else
|
|
|
|
private_key=$(wg genkey)
|
|
|
|
fi
|
|
|
|
|
|
|
|
my_prefix=$(echo $network | sed 's,::/.*,,')
|
|
|
|
my_wireguard_ip=${my_prefix}::42
|
|
|
|
|
|
|
|
public_key=$(echo $private_key | wg pubkey)
|
|
|
|
|
|
|
|
cat <<EOF | ssh -t "root@${my_ip}"
|
|
|
|
set -x
|
|
|
|
|
|
|
|
opkg update
|
|
|
|
|
|
|
|
opkg install wireguard luci-app-wireguard
|
|
|
|
|
|
|
|
# VPN / Wireguard
|
|
|
|
uci set network.wg0=interface
|
|
|
|
uci set network.wg0.proto='wireguard'
|
|
|
|
uci set network.wg0.private_key='${private_key}'
|
|
|
|
uci set network.wg0.listen_port='51820'
|
|
|
|
uci set network.wg0.addresses='${my_wireguard_ip}/64'
|
|
|
|
|
|
|
|
if ! uci get network.@wireguard_wg0[0]; then
|
|
|
|
uci add network wireguard_wg0
|
|
|
|
fi
|
|
|
|
|
|
|
|
uci set network.@wireguard_wg0[0]=wireguard_wg0
|
|
|
|
uci set network.@wireguard_wg0[0].persistent_keepalive='25'
|
|
|
|
uci set network.@wireguard_wg0[0].public_key='${vpn_endpoint_pubkey}'
|
|
|
|
uci set network.@wireguard_wg0[0].description='IPv6VPN.ch by ungleich'
|
|
|
|
uci set network.@wireguard_wg0[0].allowed_ips='::/0'
|
|
|
|
uci set network.@wireguard_wg0[0].endpoint_host='${vpn_endpoint_host}'
|
|
|
|
uci set network.@wireguard_wg0[0].endpoint_port='51820'
|
|
|
|
uci set network.@wireguard_wg0[0].route_allowed_ips='1'
|
|
|
|
|
|
|
|
# commit
|
|
|
|
uci commit
|
|
|
|
reboot
|
|
|
|
|
|
|
|
EOF
|