[openwrt] add script to only configure the wireguard vpn

openwrt-add-wireguard.sh

@@ -0,0 +1,63 @@
+#!/bin/sh
+# Nico Schottelius
+# 2020-11-19
+
+if [ $# -lt 4 ]; then
+    echo "$0 ip-address vpn-server ipv6-network [privatekey]"
+    echo "    ip-address: where to find the OpenWRT device"
+    echo "    vpn-server: where to connect to"
+    echo "    vpn-server-pubkey: public key of the server"
+    echo "    ipv6-network: which network to use for us (/48 expected)"
+    echo "    private-key: specify wireguard key optionally"
+    exit 1
+fi
+
+my_ip=$1; shift
+vpn_endpoint_host=$1; shift
+vpn_endpoint_pubkey=$1; shift
+network=$1; shift
+
+# wireguard
+if [ $# -eq 1 ]; then
+    private_key=$1; shift
+else
+    private_key=$(wg genkey)
+fi
+
+my_prefix=$(echo $network | sed 's,::/.*,,')
+my_wireguard_ip=${my_prefix}::42
+
+public_key=$(echo $private_key | wg pubkey)
+
+cat <<EOF | ssh -t "root@${my_ip}"
+set -x
+
+opkg update
+
+opkg install wireguard luci-app-wireguard
+
+# VPN / Wireguard
+uci set network.wg0=interface
+uci set network.wg0.proto='wireguard'
+uci set network.wg0.private_key='${private_key}'
+uci set network.wg0.listen_port='51820'
+uci set network.wg0.addresses='${my_wireguard_ip}/64'
+
+if ! uci get network.@wireguard_wg0[0]; then
+   uci add network wireguard_wg0
+fi
+
+uci set network.@wireguard_wg0[0]=wireguard_wg0
+uci set network.@wireguard_wg0[0].persistent_keepalive='25'
+uci set network.@wireguard_wg0[0].public_key='${vpn_endpoint_pubkey}'
+uci set network.@wireguard_wg0[0].description='IPv6VPN.ch by ungleich'
+uci set network.@wireguard_wg0[0].allowed_ips='::/0'
+uci set network.@wireguard_wg0[0].endpoint_host='${vpn_endpoint_host}'
+uci set network.@wireguard_wg0[0].endpoint_port='51820'
+uci set network.@wireguard_wg0[0].route_allowed_ips='1'
+
+# commit
+uci commit
+reboot
+
+EOF