ungleich-tools/openwrt-add-wireguard.sh

63 lines
1.6 KiB
Bash
Executable file

#!/bin/sh
# Nico Schottelius
# 2020-11-19
if [ $# -lt 4 ]; then
echo "$0 ip-address vpn-server ipv6-network [privatekey]"
echo " ip-address: where to find the OpenWRT device"
echo " vpn-server: where to connect to"
echo " vpn-server-pubkey: public key of the server"
echo " ipv6-network: which network to use for us (/48 expected)"
echo " private-key: specify wireguard key optionally"
exit 1
fi
my_ip=$1; shift
vpn_endpoint_host=$1; shift
vpn_endpoint_pubkey=$1; shift
network=$1; shift
# wireguard
if [ $# -eq 1 ]; then
private_key=$1; shift
else
private_key=$(wg genkey)
fi
my_prefix=$(echo $network | sed 's,::/.*,,')
my_wireguard_ip=${my_prefix}::42
public_key=$(echo $private_key | wg pubkey)
cat <<EOF | ssh -t "root@${my_ip}"
set -x
opkg update
opkg install wireguard luci-app-wireguard
# VPN / Wireguard
uci set network.wg0=interface
uci set network.wg0.proto='wireguard'
uci set network.wg0.private_key='${private_key}'
uci set network.wg0.listen_port='51820'
uci set network.wg0.addresses='${my_wireguard_ip}/64'
if ! uci get network.@wireguard_wg0[0]; then
uci add network wireguard_wg0
fi
uci set network.@wireguard_wg0[0]=wireguard_wg0
uci set network.@wireguard_wg0[0].persistent_keepalive='25'
uci set network.@wireguard_wg0[0].public_key='${vpn_endpoint_pubkey}'
uci set network.@wireguard_wg0[0].description='IPv6VPN.ch by ungleich'
uci set network.@wireguard_wg0[0].allowed_ips='::/0'
uci set network.@wireguard_wg0[0].endpoint_host='${vpn_endpoint_host}'
uci set network.@wireguard_wg0[0].endpoint_port='51820'
uci set network.@wireguard_wg0[0].route_allowed_ips='1'
# commit
uci commit
reboot
EOF