++script for creating ipv4 vpn

This commit is contained in:
Nico Schottelius 2021-04-27 12:00:16 +02:00
parent 97598ef9c6
commit 7a2dd540aa

70
openwrt/openwrt-add-ipv4-vpn.sh Executable file
View file

@ -0,0 +1,70 @@
#!/bin/sh
# 2021-04-27
if [ $# -lt 2 ]; then
echo "$0 host ipv4-address interface [private-key]"
echo " host: where to find the OpenWRT device"
echo " ipv4-address: which ipv4 address to use"
echo " private-key: Use this wireguard key instead of generating one"
exit 1
fi
my_ip=$1; shift
my_wireguard_ip=$1; shift
interface=ungleichipv4
vpn_endpoint_host=vpn-18515529.ungleich.ch
if [ $# -eq 1 ]; then
private_key=$1; shift
else
private_key=$(wg genkey)
fi
public_key=$(echo $private_key | wg pubkey)
vpn_endpoint_host=vpn-18515529.ungleich.ch
vpn_endpoint_pubkey=6BRnQ+dmeFzVCH9RbM1pbJ7u3y3qrl+zUzzYCmC88kE=
cat <<EOF | ssh -t "root@${my_ip}"
set -x
opkg update
opkg install libustream-openssl ca-bundle ca-certificates
opkg install wireguard
opkg install luci-app-wireguard
uci set network.${interface}=interface
uci set network.${interface}.proto='wireguard'
uci set network.${interface}.private_key='${private_key}'
uci set network.${interface}.listen_port='51828'
uci set network.${interface}.addresses='${my_wireguard_ip}/32'
if ! uci get network.@wireguard_${interface}[0]; then
uci add network wireguard_${interface}
fi
uci set network.@wireguard_${interface}[0]=wireguard_${interface}
uci set network.@wireguard_${interface}[0].persistent_keepalive='25'
uci set network.@wireguard_${interface}[0].public_key="${vpn_endpoint_pubkey}"
uci set network.@wireguard_${interface}[0].description="IPv4 as a service by ungleich"
uci set network.@wireguard_${interface}[0].allowed_ips='0.0.0.0/0'
uci set network.@wireguard_${interface}[0].endpoint_host="${vpn_endpoint_host}"
uci set network.@wireguard_${interface}[0].endpoint_port='51820'
uci set network.@wireguard_${interface}[0].route_allowed_ips='1'
# add to correct firewall zone
current_networks=\$(uci get firewall.@zone[1].network)
if ! echo \$current_networks | grep -q ${interface}; then
uci set firewall.@zone[1].network="\${current_networks} ${interface}"
fi
# commit
uci commit
reboot
EOF
echo "Host ${my_ip} uses ip ${my_wireguard_ip} with public key ${public_key}"