++script for creating ipv4 vpn
This commit is contained in:
parent
97598ef9c6
commit
7a2dd540aa
1 changed files with 70 additions and 0 deletions
70
openwrt/openwrt-add-ipv4-vpn.sh
Executable file
70
openwrt/openwrt-add-ipv4-vpn.sh
Executable file
|
@ -0,0 +1,70 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# 2021-04-27
|
||||||
|
|
||||||
|
|
||||||
|
if [ $# -lt 2 ]; then
|
||||||
|
echo "$0 host ipv4-address interface [private-key]"
|
||||||
|
echo " host: where to find the OpenWRT device"
|
||||||
|
echo " ipv4-address: which ipv4 address to use"
|
||||||
|
echo " private-key: Use this wireguard key instead of generating one"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
my_ip=$1; shift
|
||||||
|
my_wireguard_ip=$1; shift
|
||||||
|
|
||||||
|
interface=ungleichipv4
|
||||||
|
vpn_endpoint_host=vpn-18515529.ungleich.ch
|
||||||
|
|
||||||
|
if [ $# -eq 1 ]; then
|
||||||
|
private_key=$1; shift
|
||||||
|
else
|
||||||
|
private_key=$(wg genkey)
|
||||||
|
fi
|
||||||
|
public_key=$(echo $private_key | wg pubkey)
|
||||||
|
|
||||||
|
vpn_endpoint_host=vpn-18515529.ungleich.ch
|
||||||
|
vpn_endpoint_pubkey=6BRnQ+dmeFzVCH9RbM1pbJ7u3y3qrl+zUzzYCmC88kE=
|
||||||
|
|
||||||
|
|
||||||
|
cat <<EOF | ssh -t "root@${my_ip}"
|
||||||
|
set -x
|
||||||
|
|
||||||
|
opkg update
|
||||||
|
opkg install libustream-openssl ca-bundle ca-certificates
|
||||||
|
opkg install wireguard
|
||||||
|
opkg install luci-app-wireguard
|
||||||
|
|
||||||
|
uci set network.${interface}=interface
|
||||||
|
uci set network.${interface}.proto='wireguard'
|
||||||
|
uci set network.${interface}.private_key='${private_key}'
|
||||||
|
uci set network.${interface}.listen_port='51828'
|
||||||
|
uci set network.${interface}.addresses='${my_wireguard_ip}/32'
|
||||||
|
|
||||||
|
if ! uci get network.@wireguard_${interface}[0]; then
|
||||||
|
uci add network wireguard_${interface}
|
||||||
|
fi
|
||||||
|
|
||||||
|
uci set network.@wireguard_${interface}[0]=wireguard_${interface}
|
||||||
|
uci set network.@wireguard_${interface}[0].persistent_keepalive='25'
|
||||||
|
uci set network.@wireguard_${interface}[0].public_key="${vpn_endpoint_pubkey}"
|
||||||
|
uci set network.@wireguard_${interface}[0].description="IPv4 as a service by ungleich"
|
||||||
|
uci set network.@wireguard_${interface}[0].allowed_ips='0.0.0.0/0'
|
||||||
|
uci set network.@wireguard_${interface}[0].endpoint_host="${vpn_endpoint_host}"
|
||||||
|
uci set network.@wireguard_${interface}[0].endpoint_port='51820'
|
||||||
|
uci set network.@wireguard_${interface}[0].route_allowed_ips='1'
|
||||||
|
|
||||||
|
# add to correct firewall zone
|
||||||
|
current_networks=\$(uci get firewall.@zone[1].network)
|
||||||
|
|
||||||
|
if ! echo \$current_networks | grep -q ${interface}; then
|
||||||
|
uci set firewall.@zone[1].network="\${current_networks} ${interface}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# commit
|
||||||
|
uci commit
|
||||||
|
|
||||||
|
reboot
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "Host ${my_ip} uses ip ${my_wireguard_ip} with public key ${public_key}"
|
Loading…
Reference in a new issue