++script for creating ipv4 vpn
This commit is contained in:
parent
97598ef9c6
commit
7a2dd540aa
1 changed files with 70 additions and 0 deletions
70
openwrt/openwrt-add-ipv4-vpn.sh
Executable file
70
openwrt/openwrt-add-ipv4-vpn.sh
Executable file
|
@ -0,0 +1,70 @@
|
|||
#!/bin/sh
|
||||
# 2021-04-27
|
||||
|
||||
|
||||
if [ $# -lt 2 ]; then
|
||||
echo "$0 host ipv4-address interface [private-key]"
|
||||
echo " host: where to find the OpenWRT device"
|
||||
echo " ipv4-address: which ipv4 address to use"
|
||||
echo " private-key: Use this wireguard key instead of generating one"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
my_ip=$1; shift
|
||||
my_wireguard_ip=$1; shift
|
||||
|
||||
interface=ungleichipv4
|
||||
vpn_endpoint_host=vpn-18515529.ungleich.ch
|
||||
|
||||
if [ $# -eq 1 ]; then
|
||||
private_key=$1; shift
|
||||
else
|
||||
private_key=$(wg genkey)
|
||||
fi
|
||||
public_key=$(echo $private_key | wg pubkey)
|
||||
|
||||
vpn_endpoint_host=vpn-18515529.ungleich.ch
|
||||
vpn_endpoint_pubkey=6BRnQ+dmeFzVCH9RbM1pbJ7u3y3qrl+zUzzYCmC88kE=
|
||||
|
||||
|
||||
cat <<EOF | ssh -t "root@${my_ip}"
|
||||
set -x
|
||||
|
||||
opkg update
|
||||
opkg install libustream-openssl ca-bundle ca-certificates
|
||||
opkg install wireguard
|
||||
opkg install luci-app-wireguard
|
||||
|
||||
uci set network.${interface}=interface
|
||||
uci set network.${interface}.proto='wireguard'
|
||||
uci set network.${interface}.private_key='${private_key}'
|
||||
uci set network.${interface}.listen_port='51828'
|
||||
uci set network.${interface}.addresses='${my_wireguard_ip}/32'
|
||||
|
||||
if ! uci get network.@wireguard_${interface}[0]; then
|
||||
uci add network wireguard_${interface}
|
||||
fi
|
||||
|
||||
uci set network.@wireguard_${interface}[0]=wireguard_${interface}
|
||||
uci set network.@wireguard_${interface}[0].persistent_keepalive='25'
|
||||
uci set network.@wireguard_${interface}[0].public_key="${vpn_endpoint_pubkey}"
|
||||
uci set network.@wireguard_${interface}[0].description="IPv4 as a service by ungleich"
|
||||
uci set network.@wireguard_${interface}[0].allowed_ips='0.0.0.0/0'
|
||||
uci set network.@wireguard_${interface}[0].endpoint_host="${vpn_endpoint_host}"
|
||||
uci set network.@wireguard_${interface}[0].endpoint_port='51820'
|
||||
uci set network.@wireguard_${interface}[0].route_allowed_ips='1'
|
||||
|
||||
# add to correct firewall zone
|
||||
current_networks=\$(uci get firewall.@zone[1].network)
|
||||
|
||||
if ! echo \$current_networks | grep -q ${interface}; then
|
||||
uci set firewall.@zone[1].network="\${current_networks} ${interface}"
|
||||
fi
|
||||
|
||||
# commit
|
||||
uci commit
|
||||
|
||||
reboot
|
||||
EOF
|
||||
|
||||
echo "Host ${my_ip} uses ip ${my_wireguard_ip} with public key ${public_key}"
|
Loading…
Reference in a new issue