add exclude and include variants

2025-08-21 12:17:53 +03:00 · 2022-11-17 00:17:07 +03:00
parent 1065ed31d5
commit f9b652e78f
13 changed files with 151 additions and 2 deletions
--- a/exclude_mode_cfg_gen/bootstrap_external.sh
+++ b/exclude_mode_cfg_gen/bootstrap_external.sh
@ -0,0 +1,11 @@
+#!/bin/bash
+apt update
+apt install wireguard iptables ipcalc qrencode curl jq -y
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+echo "net.ipv4.conf.all.forwarding=1" >> /etc/sysctl.conf
+sysctl -p /etc/sysctl.conf
+
+cp ./sample_wg_cfg/wg-external.conf /etc/wireguard/wg-external.conf
+wg-quick up wg-external
+systemctl enable wg-quick@wg-external.service
+systemctl daemon-reload
--- a/exclude_mode_cfg_gen/bootstrap_internal.sh
+++ b/exclude_mode_cfg_gen/bootstrap_internal.sh
@ -0,0 +1,19 @@
+#!/bin/bash
+apt update
+apt install wireguard iptables ipcalc qrencode curl jq -y
+echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
+echo "net.ipv4.conf.all.forwarding=1" >> /etc/sysctl.conf
+sysctl -p /etc/sysctl.conf
+
+cp ./sample_wg_cfg/wg-internal.conf /etc/wireguard/wg-internal.conf
+wg-quick up wg-internal
+systemctl enable wg-quick@wg-internal.service
+systemctl daemon-reload
+
+cp ./update_ru_routes.sh /root/update_ru_routes.sh
+
+crontab -l > crontab.tmp
+echo "@reboot sleep 30 && bash /root/update_ru_routes.sh > /root/update_routes_log.txt 2>&1" >> crontab.tmp
+echo "0 3 * * mon bash /root/update_ru_routes.sh > /root/update_routes_log.txt 2>&1" >> crontab.tmp
+crontab crontab.tmp
+rm crontab.tmp
--- a/exclude_mode_cfg_gen/bootstrap_mobile.sh
+++ b/exclude_mode_cfg_gen/bootstrap_mobile.sh
@ -0,0 +1,2 @@
+#!/bin/bash
+qrencode -t ansiutf8 < ./sample_wg_cfg/wg-mobile-client.conf
--- a/exclude_mode_cfg_gen/generate_cfgs.sh
+++ b/exclude_mode_cfg_gen/generate_cfgs.sh
@ -0,0 +1,58 @@
+#!/bin/bash
+
+PRIVATE_KEY_EXTERNAL=`wg genkey`
+PUBLIC_KEY_EXTERNAL=`echo $PRIVATE_KEY_EXTERNAL | wg pubkey`
+PRIVATE_KEY_INTERNAL=`wg genkey`
+PUBLIC_KEY_INTERNAL=`echo $PRIVATE_KEY_INTERNAL | wg pubkey`
+PRIVATE_KEY_CLIENT_1=`wg genkey`
+PUBLIC_KEY_CLIENT_1=`echo $PRIVATE_KEY_CLIENT_1 | wg pubkey`
+
+INTERNAL_IP_ADDRESS=`dig +short txt ch whoami.cloudflare @1.0.0.1`
+
+mkdir configs
+cp ./wg-external.conf ./configs/wg-external.conf
+cp ./wg-internal.conf ./configs/wg-internal.conf
+cp ./wg-mobile-client.conf ./configs/wg-mobile-client.conf
+
+
+echo "Generating keys..."
+echo "********************************"
+echo "Private key for External: $PRIVATE_KEY_EXTERNAL"
+echo "Public key for External: $PUBLIC_KEY_EXTERNAL"
+echo "Private key for Internal: $PRIVATE_KEY_INTERNAL"
+echo "Public key for Internal: $PUBLIC_KEY_INTERNAL"
+echo "Private key for Client 1: $PRIVATE_KEY_CLIENT_1"
+echo "Public key for Client 1: $PUBLIC_KEY_CLIENT_1"
+echo "********************************"
+
+
+echo "Replacing templates in configs..."
+sed -i "s^---PRIVATE_KEY_EXTERNAL---^$PRIVATE_KEY_EXTERNAL^" ./configs/wg-external.conf
+sed -i "s^---PRIVATE_KEY_EXTERNAL---^$PRIVATE_KEY_EXTERNAL^" ./configs/wg-internal.conf
+sed -i "s^---PRIVATE_KEY_EXTERNAL---^$PRIVATE_KEY_EXTERNAL^" ./configs/wg-mobile-client.conf
+
+sed -i "s^---PUBLIC_KEY_EXTERNAL---^$PUBLIC_KEY_EXTERNAL^" ./configs/wg-external.conf
+sed -i "s^---PUBLIC_KEY_EXTERNAL---^$PUBLIC_KEY_EXTERNAL^" ./configs/wg-internal.conf
+sed -i "s^---PUBLIC_KEY_EXTERNAL---^$PUBLIC_KEY_EXTERNAL^" ./configs/wg-mobile-client.conf
+
+sed -i "s^---PRIVATE_KEY_INTERNAL---^$PRIVATE_KEY_INTERNAL^" ./configs/wg-external.conf
+sed -i "s^---PRIVATE_KEY_INTERNAL---^$PRIVATE_KEY_INTERNAL^" ./configs/wg-internal.conf
+sed -i "s^---PRIVATE_KEY_INTERNAL---^$PRIVATE_KEY_INTERNAL^" ./configs/wg-mobile-client.conf
+
+sed -i "s^---PUBLIC_KEY_INTERNAL---^$PUBLIC_KEY_INTERNAL^" ./configs/wg-external.conf
+sed -i "s^---PUBLIC_KEY_INTERNAL---^$PUBLIC_KEY_INTERNAL^" ./configs/wg-internal.conf
+sed -i "s^---PUBLIC_KEY_INTERNAL---^$PUBLIC_KEY_INTERNAL^" ./configs/wg-mobile-client.conf
+
+sed -i "s^---PRIVATE_KEY_CLIENT_1---^$PRIVATE_KEY_CLIENT_1^" ./configs/wg-external.conf
+sed -i "s^---PRIVATE_KEY_CLIENT_1---^$PRIVATE_KEY_CLIENT_1^" ./configs/wg-internal.conf
+sed -i "s^---PRIVATE_KEY_CLIENT_1---^$PRIVATE_KEY_CLIENT_1^" ./configs/wg-mobile-client.conf
+
+sed -i "s^---PUBLIC_KEY_CLIENT_1---^$PUBLIC_KEY_CLIENT_1^" ./configs/wg-external.conf
+sed -i "s^---PUBLIC_KEY_CLIENT_1---^$PUBLIC_KEY_CLIENT_1^" ./configs/wg-internal.conf
+sed -i "s^---PUBLIC_KEY_CLIENT_1---^$PUBLIC_KEY_CLIENT_1^" ./configs/wg-mobile-client.conf
+
+sed -i "s^---INTERNAL_IP_ADDRESS---^$INTERNAL_IP_ADDRESS^" ./configs/wg-external.conf
+sed -i "s^---INTERNAL_IP_ADDRESS---^$INTERNAL_IP_ADDRESS^" ./configs/wg-internal.conf
+sed -i "s^---INTERNAL_IP_ADDRESS---^$INTERNAL_IP_ADDRESS^" ./configs/wg-mobile-client.conf
+
+echo "Generating complete"
--- a/exclude_mode_cfg_gen/update_exclude_routes.sh
+++ b/exclude_mode_cfg_gen/update_exclude_routes.sh
@ -0,0 +1,59 @@
+#!/bin/bash
+#To crontab (export EDITOR=nano; crontab -e)
+#@reboot sleep 30 && bash /root/update_exclude_routes.sh > /root/update_routes_log.txt 2>&1
+#0 3 * * mon bash /root/update_exclude_routes.sh > /root/update_routes_log.txt 2>&1
+
+function ProgressBar {
+  let _progress=(${1}*100/${2}*100)/100
+  let _done=(${_progress}*4)/10
+  let _left=40-$_done
+  _fill=$(printf "%${_done}s")
+  _empty=$(printf "%${_left}s")
+  printf "\rAdd routes to route table (${1}/${2}): [${_fill// /#}${_empty// /-}] ${_progress}%%"
+}
+
+#Variables
+file_raw="russian_subnets_list_raw.txt"
+file_user="subnets_user_list.txt"
+file_user_hostnames="hosts_user_list.txt"
+file_for_calc="russian_subnets_list_raw_for_calc.txt"
+file_processed="russian_subnets_list_processed.txt"
+gateway_for_internal_ip=`ip route | awk '/default/ {print $3; exit}'`
+interface=`ip link show | awk -F ': ' '/state UP/ {print $2}'`
+
+#Get addresses RU segment
+echo "Download RU subnets..."
+curl --progress-bar "https://stat.ripe.net/data/country-resource-list/data.json?resource=ru" | jq -r ".data.resources.ipv4[]" > $file_raw
+
+echo "Deaggregate subnets..."
+cat $file_raw |grep "-" > $file_for_calc
+cat $file_raw |grep -v "-" > $file_processed
+for line in $(cat $file_for_calc); do ipcalc $line |grep -v "deaggregate" >> $file_processed; done
+
+if [ -e $file_user  ]
+then echo "Add user subnets..."
+  cat $file_user |grep -v "#" >> $file_processed
+fi
+
+if [ -e $file_user_hostnames  ]
+then echo "Add user hostnames..."
+  for line in $(cat $file_user_hostnames); do nslookup line |grep "Address" |grep -v "#" |awk '{print $2"/32"}' >> $file_processed; done
+fi
+
+#Flush route table
+echo "Flush route table (down interface $interface)..."
+ifdown $interface > /dev/null 2>&1
+echo "Up interface $interface..."
+ifup $interface > /dev/null 2>&1
+
+#Add route
+routes_count_in_file=`wc -l $file_processed`
+routes_count_current=0
+for line in $(cat $file_processed); do ip route add $line via $gateway_for_internal_ip dev $interface; let "routes_count_current+=1" ; ProgressBar ${routes_count_current} ${routes_count_in_file}; done
+echo ""
+
+echo "Remove temp files..."
+rm $file_raw $file_processed $file_json $file_for_calc
+
+routes_count=`ip r | wc -l`
+echo "Routes in routing table: $routes_count"
--- a/exclude_mode_cfg_gen/wg-external.conf
+++ b/exclude_mode_cfg_gen/wg-external.conf
@ -0,0 +1,12 @@
+[Interface]
+Address = 10.20.30.2/32
+PrivateKey = ---PRIVATE_KEY_EXTERNAL---
+PostUp = iptables -t nat -A POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE
+PostDown = iptables -t nat -D POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE
+
+#internal node
+[Peer]
+PublicKey = ---PUBLIC_KEY_INTERNAL---
+AllowedIPs = 10.20.30.0/24
+Endpoint = ---INTERNAL_IP_ADDRESS---:17968
+PersistentKeepalive = 25
--- a/exclude_mode_cfg_gen/wg-internal.conf
+++ b/exclude_mode_cfg_gen/wg-internal.conf
@ -0,0 +1,18 @@
+[Interface]
+Address = 10.20.30.1/32
+ListenPort = 17968
+PrivateKey = ---PRIVATE_KEY_INTERNAL---
+PostUp = iptables -t nat -A POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE
+PostUp = ip rule add from `ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | grep -v "inet6" | head -n 1 | awk '/inet/ {print $2}' | awk -F/ '{print $1}'` table main
+PostDown = iptables -t nat -D POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE
+PostDown = ip rule del from `ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | grep -v "inet6" | head -n 1 | awk '/inet/ {print $2}' | awk -F/ '{print $1}'` table main
+
+#external node
+[Peer]
+PublicKey = ---PUBLIC_KEY_EXTERNAL---
+AllowedIPs = 10.20.30.2/32, 0.0.0.0/0
+
+#mobile-client node
+[Peer]
+PublicKey = ---PUBLIC_KEY_CLIENT_1---
+AllowedIPs = 10.20.30.3/32
--- a/exclude_mode_cfg_gen/wg-mobile-client.conf
+++ b/exclude_mode_cfg_gen/wg-mobile-client.conf
@ -0,0 +1,11 @@
+[Interface]
+Address = 10.20.30.3/32
+PrivateKey = ---PRIVATE_KEY_CLIENT_1---
+DNS = 1.1.1.1, 8.8.8.8
+
+#internal node
+[Peer]
+PublicKey = ---PUBLIC_KEY_INTERNAL---
+AllowedIPs = 0.0.0.0/0
+Endpoint = ---INTERNAL_IP_ADDRESS---:17968
+PersistentKeepalive = 25