From f9b652e78fb3b47283e4b6ccf76803d13efe2c4d Mon Sep 17 00:00:00 2001 From: vvzvlad Date: Thu, 17 Nov 2022 00:17:07 +0300 Subject: [PATCH] add exclude and include variants --- .../bootstrap_external.sh | 0 .../bootstrap_internal.sh | 0 .../bootstrap_mobile.sh | 0 .../generate_cfgs.sh | 0 .../update_exclude_routes.sh | 4 +- .../wg-external.conf | 0 .../wg-internal.conf | 0 .../wg-mobile-client.conf | 0 include_mode_cfg_gen/generate_cfgs.sh | 60 +++++++++++++++++++ include_mode_cfg_gen/update_include_routes.sh | 45 ++++++++++++++ include_mode_cfg_gen/wg-external.conf | 12 ++++ include_mode_cfg_gen/wg-internal.conf | 21 +++++++ include_mode_cfg_gen/wg-mobile-client.conf | 11 ++++ 13 files changed, 151 insertions(+), 2 deletions(-) rename bootstrap_external.sh => exclude_mode_cfg_gen/bootstrap_external.sh (100%) rename bootstrap_internal.sh => exclude_mode_cfg_gen/bootstrap_internal.sh (100%) rename bootstrap_mobile.sh => exclude_mode_cfg_gen/bootstrap_mobile.sh (100%) rename {config_generator => exclude_mode_cfg_gen}/generate_cfgs.sh (100%) rename update_ru_routes.sh => exclude_mode_cfg_gen/update_exclude_routes.sh (92%) rename {config_generator => exclude_mode_cfg_gen}/wg-external.conf (100%) rename {config_generator => exclude_mode_cfg_gen}/wg-internal.conf (100%) rename {config_generator => exclude_mode_cfg_gen}/wg-mobile-client.conf (100%) create mode 100644 include_mode_cfg_gen/generate_cfgs.sh create mode 100644 include_mode_cfg_gen/update_include_routes.sh create mode 100644 include_mode_cfg_gen/wg-external.conf create mode 100644 include_mode_cfg_gen/wg-internal.conf create mode 100644 include_mode_cfg_gen/wg-mobile-client.conf diff --git a/bootstrap_external.sh b/exclude_mode_cfg_gen/bootstrap_external.sh similarity index 100% rename from bootstrap_external.sh rename to exclude_mode_cfg_gen/bootstrap_external.sh diff --git a/bootstrap_internal.sh b/exclude_mode_cfg_gen/bootstrap_internal.sh similarity index 100% rename from bootstrap_internal.sh rename to exclude_mode_cfg_gen/bootstrap_internal.sh diff --git a/bootstrap_mobile.sh b/exclude_mode_cfg_gen/bootstrap_mobile.sh similarity index 100% rename from bootstrap_mobile.sh rename to exclude_mode_cfg_gen/bootstrap_mobile.sh diff --git a/config_generator/generate_cfgs.sh b/exclude_mode_cfg_gen/generate_cfgs.sh similarity index 100% rename from config_generator/generate_cfgs.sh rename to exclude_mode_cfg_gen/generate_cfgs.sh diff --git a/update_ru_routes.sh b/exclude_mode_cfg_gen/update_exclude_routes.sh similarity index 92% rename from update_ru_routes.sh rename to exclude_mode_cfg_gen/update_exclude_routes.sh index 99630a8..3829fdb 100644 --- a/update_ru_routes.sh +++ b/exclude_mode_cfg_gen/update_exclude_routes.sh @@ -1,7 +1,7 @@ #!/bin/bash #To crontab (export EDITOR=nano; crontab -e) -#@reboot sleep 30 && bash /root/update_ru_routes.sh > /root/update_routes_log.txt 2>&1 -#0 3 * * mon bash /root/update_ru_routes.sh > /root/update_routes_log.txt 2>&1 +#@reboot sleep 30 && bash /root/update_exclude_routes.sh > /root/update_routes_log.txt 2>&1 +#0 3 * * mon bash /root/update_exclude_routes.sh > /root/update_routes_log.txt 2>&1 function ProgressBar { let _progress=(${1}*100/${2}*100)/100 diff --git a/config_generator/wg-external.conf b/exclude_mode_cfg_gen/wg-external.conf similarity index 100% rename from config_generator/wg-external.conf rename to exclude_mode_cfg_gen/wg-external.conf diff --git a/config_generator/wg-internal.conf b/exclude_mode_cfg_gen/wg-internal.conf similarity index 100% rename from config_generator/wg-internal.conf rename to exclude_mode_cfg_gen/wg-internal.conf diff --git a/config_generator/wg-mobile-client.conf b/exclude_mode_cfg_gen/wg-mobile-client.conf similarity index 100% rename from config_generator/wg-mobile-client.conf rename to exclude_mode_cfg_gen/wg-mobile-client.conf diff --git a/include_mode_cfg_gen/generate_cfgs.sh b/include_mode_cfg_gen/generate_cfgs.sh new file mode 100644 index 0000000..8005750 --- /dev/null +++ b/include_mode_cfg_gen/generate_cfgs.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +PRIVATE_KEY_EXTERNAL=`wg genkey` +PUBLIC_KEY_EXTERNAL=`echo $PRIVATE_KEY_EXTERNAL | wg pubkey` +PRIVATE_KEY_INTERNAL=`wg genkey` +PUBLIC_KEY_INTERNAL=`echo $PRIVATE_KEY_INTERNAL | wg pubkey` +PRIVATE_KEY_CLIENT_1=`wg genkey` +PUBLIC_KEY_CLIENT_1=`echo $PRIVATE_KEY_CLIENT_1 | wg pubkey` + +INTERNAL_IP_ADDRESS=`dig +short txt ch whoami.cloudflare @1.0.0.1` + +mkdir configs +cp ./wg-external.conf ./configs/wg-external.conf +cp ./wg-internal.conf ./configs/wg-internal.conf +cp ./wg-mobile-client.conf ./configs/wg-mobile-client.conf +cp ./update_include_routes.sh /etc/wireguard/update_include_routes.sh +touch /etc/wireguard/subnets_user_list.txt +touch /etc/wireguard/hosts_user_list.txt + +echo "Generating keys..." +echo "********************************" +echo "Private key for External: $PRIVATE_KEY_EXTERNAL" +echo "Public key for External: $PUBLIC_KEY_EXTERNAL" +echo "Private key for Internal: $PRIVATE_KEY_INTERNAL" +echo "Public key for Internal: $PUBLIC_KEY_INTERNAL" +echo "Private key for Client 1: $PRIVATE_KEY_CLIENT_1" +echo "Public key for Client 1: $PUBLIC_KEY_CLIENT_1" +echo "********************************" + + +echo "Replacing templates in configs..." +sed -i "s^---PRIVATE_KEY_EXTERNAL---^$PRIVATE_KEY_EXTERNAL^" ./configs/wg-external.conf +sed -i "s^---PRIVATE_KEY_EXTERNAL---^$PRIVATE_KEY_EXTERNAL^" ./configs/wg-internal.conf +sed -i "s^---PRIVATE_KEY_EXTERNAL---^$PRIVATE_KEY_EXTERNAL^" ./configs/wg-mobile-client.conf + +sed -i "s^---PUBLIC_KEY_EXTERNAL---^$PUBLIC_KEY_EXTERNAL^" ./configs/wg-external.conf +sed -i "s^---PUBLIC_KEY_EXTERNAL---^$PUBLIC_KEY_EXTERNAL^" ./configs/wg-internal.conf +sed -i "s^---PUBLIC_KEY_EXTERNAL---^$PUBLIC_KEY_EXTERNAL^" ./configs/wg-mobile-client.conf + +sed -i "s^---PRIVATE_KEY_INTERNAL---^$PRIVATE_KEY_INTERNAL^" ./configs/wg-external.conf +sed -i "s^---PRIVATE_KEY_INTERNAL---^$PRIVATE_KEY_INTERNAL^" ./configs/wg-internal.conf +sed -i "s^---PRIVATE_KEY_INTERNAL---^$PRIVATE_KEY_INTERNAL^" ./configs/wg-mobile-client.conf + +sed -i "s^---PUBLIC_KEY_INTERNAL---^$PUBLIC_KEY_INTERNAL^" ./configs/wg-external.conf +sed -i "s^---PUBLIC_KEY_INTERNAL---^$PUBLIC_KEY_INTERNAL^" ./configs/wg-internal.conf +sed -i "s^---PUBLIC_KEY_INTERNAL---^$PUBLIC_KEY_INTERNAL^" ./configs/wg-mobile-client.conf + +sed -i "s^---PRIVATE_KEY_CLIENT_1---^$PRIVATE_KEY_CLIENT_1^" ./configs/wg-external.conf +sed -i "s^---PRIVATE_KEY_CLIENT_1---^$PRIVATE_KEY_CLIENT_1^" ./configs/wg-internal.conf +sed -i "s^---PRIVATE_KEY_CLIENT_1---^$PRIVATE_KEY_CLIENT_1^" ./configs/wg-mobile-client.conf + +sed -i "s^---PUBLIC_KEY_CLIENT_1---^$PUBLIC_KEY_CLIENT_1^" ./configs/wg-external.conf +sed -i "s^---PUBLIC_KEY_CLIENT_1---^$PUBLIC_KEY_CLIENT_1^" ./configs/wg-internal.conf +sed -i "s^---PUBLIC_KEY_CLIENT_1---^$PUBLIC_KEY_CLIENT_1^" ./configs/wg-mobile-client.conf + +sed -i "s^---INTERNAL_IP_ADDRESS---^$INTERNAL_IP_ADDRESS^" ./configs/wg-external.conf +sed -i "s^---INTERNAL_IP_ADDRESS---^$INTERNAL_IP_ADDRESS^" ./configs/wg-internal.conf +sed -i "s^---INTERNAL_IP_ADDRESS---^$INTERNAL_IP_ADDRESS^" ./configs/wg-mobile-client.conf + +echo "Generating complete" diff --git a/include_mode_cfg_gen/update_include_routes.sh b/include_mode_cfg_gen/update_include_routes.sh new file mode 100644 index 0000000..2be41b5 --- /dev/null +++ b/include_mode_cfg_gen/update_include_routes.sh @@ -0,0 +1,45 @@ +#!/bin/bash +#copy this file to your /etc/wireguard + +function ProgressBar { + let _progress=(${1}*100/${2}*100)/100 + let _done=(${_progress}*4)/10 + let _left=40-$_done + _fill=$(printf "%${_done}s") + _empty=$(printf "%${_left}s") + printf "\rAdd routes to route table (${1}/${2}): [${_fill// /#}${_empty// /-}] ${_progress}%%" +} + +#Variables +file_user="subnets_user_list.txt" +file_user_hostnames="hosts_user_list.txt" +file_processed="include_subnets_list_processed.txt" +interface_for_external_ip="wg-internal" + +if [ -e $file_user ] +then echo "Add user subnets..." + cat $file_user |grep -v "#" >> $file_processed +fi + +if [ -e $file_user_hostnames ] +then echo "Add user hostnames..." + for line in $(cat $file_user_hostnames); do nslookup line |grep "Address" |grep -v "#" |awk '{print $2"/32"}' >> $file_processed; done +fi + +#Flush route table +echo "Flush route table (down interface $interface)..." +ifdown $interface > /dev/null 2>&1 +echo "Up interface $interface..." +ifup $interface > /dev/null 2>&1 + +#Add route +routes_count_in_file=`wc -l $file_processed` +routes_count_current=0 +for line in $(cat $file_processed); do ip route add $line dev $interface_for_external_ip; let "routes_count_current+=1" ; ProgressBar ${routes_count_current} ${routes_count_in_file}; done +echo "" + +echo "Remove temp files..." +rm $file_processed + +routes_count=`ip r | wc -l` +echo "Routes in routing table: $routes_count" diff --git a/include_mode_cfg_gen/wg-external.conf b/include_mode_cfg_gen/wg-external.conf new file mode 100644 index 0000000..f2ed6f4 --- /dev/null +++ b/include_mode_cfg_gen/wg-external.conf @@ -0,0 +1,12 @@ +[Interface] +Address = 10.20.30.2/32 +PrivateKey = ---PRIVATE_KEY_EXTERNAL--- +PostUp = iptables -t nat -A POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE +PostDown = iptables -t nat -D POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE + +#internal node +[Peer] +PublicKey = ---PUBLIC_KEY_INTERNAL--- +AllowedIPs = 10.20.30.0/24 +Endpoint = ---INTERNAL_IP_ADDRESS---:17968 +PersistentKeepalive = 25 diff --git a/include_mode_cfg_gen/wg-internal.conf b/include_mode_cfg_gen/wg-internal.conf new file mode 100644 index 0000000..8fc37df --- /dev/null +++ b/include_mode_cfg_gen/wg-internal.conf @@ -0,0 +1,21 @@ +[Interface] +Address = 10.20.30.1/32 +ListenPort = 17968 +PrivateKey = ---PRIVATE_KEY_INTERNAL--- +PostUp = iptables -t nat -A POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE +PostUp = ip rule add from `ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | grep -v "inet6" | head -n 1 | awk '/inet/ {print $2}' | awk -F/ '{print $1}'` table main +PostUp = ip route delete default dev wg-internal table 51820 +PostUp = bash /etc/wireguard/update_include_routes.sh +PostDown = iptables -t nat -D POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE +PostDown = ip rule del from `ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | grep -v "inet6" | head -n 1 | awk '/inet/ {print $2}' | awk -F/ '{print $1}'` table main + +#external node +[Peer] +PublicKey = ---PUBLIC_KEY_EXTERNAL--- +AllowedIPs = 10.20.30.2/32, 0.0.0.0/0 + +#mobile-client node +[Peer] +PublicKey = ---PUBLIC_KEY_CLIENT_1--- +AllowedIPs = 10.20.30.3/32 + diff --git a/include_mode_cfg_gen/wg-mobile-client.conf b/include_mode_cfg_gen/wg-mobile-client.conf new file mode 100644 index 0000000..3960700 --- /dev/null +++ b/include_mode_cfg_gen/wg-mobile-client.conf @@ -0,0 +1,11 @@ +[Interface] +Address = 10.20.30.3/32 +PrivateKey = ---PRIVATE_KEY_CLIENT_1--- +DNS = 1.1.1.1, 8.8.8.8 + +#internal node +[Peer] +PublicKey = ---PUBLIC_KEY_INTERNAL--- +AllowedIPs = 0.0.0.0/0 +Endpoint = ---INTERNAL_IP_ADDRESS---:17968 +PersistentKeepalive = 25