mirror of
https://github.com/vvzvlad/trickster-vpn.git
synced 2024-12-26 19:00:59 +03:00
add exclude and include variants
This commit is contained in:
parent
1065ed31d5
commit
f9b652e78f
@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#To crontab (export EDITOR=nano; crontab -e)
|
#To crontab (export EDITOR=nano; crontab -e)
|
||||||
#@reboot sleep 30 && bash /root/update_ru_routes.sh > /root/update_routes_log.txt 2>&1
|
#@reboot sleep 30 && bash /root/update_exclude_routes.sh > /root/update_routes_log.txt 2>&1
|
||||||
#0 3 * * mon bash /root/update_ru_routes.sh > /root/update_routes_log.txt 2>&1
|
#0 3 * * mon bash /root/update_exclude_routes.sh > /root/update_routes_log.txt 2>&1
|
||||||
|
|
||||||
function ProgressBar {
|
function ProgressBar {
|
||||||
let _progress=(${1}*100/${2}*100)/100
|
let _progress=(${1}*100/${2}*100)/100
|
60
include_mode_cfg_gen/generate_cfgs.sh
Normal file
60
include_mode_cfg_gen/generate_cfgs.sh
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PRIVATE_KEY_EXTERNAL=`wg genkey`
|
||||||
|
PUBLIC_KEY_EXTERNAL=`echo $PRIVATE_KEY_EXTERNAL | wg pubkey`
|
||||||
|
PRIVATE_KEY_INTERNAL=`wg genkey`
|
||||||
|
PUBLIC_KEY_INTERNAL=`echo $PRIVATE_KEY_INTERNAL | wg pubkey`
|
||||||
|
PRIVATE_KEY_CLIENT_1=`wg genkey`
|
||||||
|
PUBLIC_KEY_CLIENT_1=`echo $PRIVATE_KEY_CLIENT_1 | wg pubkey`
|
||||||
|
|
||||||
|
INTERNAL_IP_ADDRESS=`dig +short txt ch whoami.cloudflare @1.0.0.1`
|
||||||
|
|
||||||
|
mkdir configs
|
||||||
|
cp ./wg-external.conf ./configs/wg-external.conf
|
||||||
|
cp ./wg-internal.conf ./configs/wg-internal.conf
|
||||||
|
cp ./wg-mobile-client.conf ./configs/wg-mobile-client.conf
|
||||||
|
cp ./update_include_routes.sh /etc/wireguard/update_include_routes.sh
|
||||||
|
touch /etc/wireguard/subnets_user_list.txt
|
||||||
|
touch /etc/wireguard/hosts_user_list.txt
|
||||||
|
|
||||||
|
echo "Generating keys..."
|
||||||
|
echo "********************************"
|
||||||
|
echo "Private key for External: $PRIVATE_KEY_EXTERNAL"
|
||||||
|
echo "Public key for External: $PUBLIC_KEY_EXTERNAL"
|
||||||
|
echo "Private key for Internal: $PRIVATE_KEY_INTERNAL"
|
||||||
|
echo "Public key for Internal: $PUBLIC_KEY_INTERNAL"
|
||||||
|
echo "Private key for Client 1: $PRIVATE_KEY_CLIENT_1"
|
||||||
|
echo "Public key for Client 1: $PUBLIC_KEY_CLIENT_1"
|
||||||
|
echo "********************************"
|
||||||
|
|
||||||
|
|
||||||
|
echo "Replacing templates in configs..."
|
||||||
|
sed -i "s^---PRIVATE_KEY_EXTERNAL---^$PRIVATE_KEY_EXTERNAL^" ./configs/wg-external.conf
|
||||||
|
sed -i "s^---PRIVATE_KEY_EXTERNAL---^$PRIVATE_KEY_EXTERNAL^" ./configs/wg-internal.conf
|
||||||
|
sed -i "s^---PRIVATE_KEY_EXTERNAL---^$PRIVATE_KEY_EXTERNAL^" ./configs/wg-mobile-client.conf
|
||||||
|
|
||||||
|
sed -i "s^---PUBLIC_KEY_EXTERNAL---^$PUBLIC_KEY_EXTERNAL^" ./configs/wg-external.conf
|
||||||
|
sed -i "s^---PUBLIC_KEY_EXTERNAL---^$PUBLIC_KEY_EXTERNAL^" ./configs/wg-internal.conf
|
||||||
|
sed -i "s^---PUBLIC_KEY_EXTERNAL---^$PUBLIC_KEY_EXTERNAL^" ./configs/wg-mobile-client.conf
|
||||||
|
|
||||||
|
sed -i "s^---PRIVATE_KEY_INTERNAL---^$PRIVATE_KEY_INTERNAL^" ./configs/wg-external.conf
|
||||||
|
sed -i "s^---PRIVATE_KEY_INTERNAL---^$PRIVATE_KEY_INTERNAL^" ./configs/wg-internal.conf
|
||||||
|
sed -i "s^---PRIVATE_KEY_INTERNAL---^$PRIVATE_KEY_INTERNAL^" ./configs/wg-mobile-client.conf
|
||||||
|
|
||||||
|
sed -i "s^---PUBLIC_KEY_INTERNAL---^$PUBLIC_KEY_INTERNAL^" ./configs/wg-external.conf
|
||||||
|
sed -i "s^---PUBLIC_KEY_INTERNAL---^$PUBLIC_KEY_INTERNAL^" ./configs/wg-internal.conf
|
||||||
|
sed -i "s^---PUBLIC_KEY_INTERNAL---^$PUBLIC_KEY_INTERNAL^" ./configs/wg-mobile-client.conf
|
||||||
|
|
||||||
|
sed -i "s^---PRIVATE_KEY_CLIENT_1---^$PRIVATE_KEY_CLIENT_1^" ./configs/wg-external.conf
|
||||||
|
sed -i "s^---PRIVATE_KEY_CLIENT_1---^$PRIVATE_KEY_CLIENT_1^" ./configs/wg-internal.conf
|
||||||
|
sed -i "s^---PRIVATE_KEY_CLIENT_1---^$PRIVATE_KEY_CLIENT_1^" ./configs/wg-mobile-client.conf
|
||||||
|
|
||||||
|
sed -i "s^---PUBLIC_KEY_CLIENT_1---^$PUBLIC_KEY_CLIENT_1^" ./configs/wg-external.conf
|
||||||
|
sed -i "s^---PUBLIC_KEY_CLIENT_1---^$PUBLIC_KEY_CLIENT_1^" ./configs/wg-internal.conf
|
||||||
|
sed -i "s^---PUBLIC_KEY_CLIENT_1---^$PUBLIC_KEY_CLIENT_1^" ./configs/wg-mobile-client.conf
|
||||||
|
|
||||||
|
sed -i "s^---INTERNAL_IP_ADDRESS---^$INTERNAL_IP_ADDRESS^" ./configs/wg-external.conf
|
||||||
|
sed -i "s^---INTERNAL_IP_ADDRESS---^$INTERNAL_IP_ADDRESS^" ./configs/wg-internal.conf
|
||||||
|
sed -i "s^---INTERNAL_IP_ADDRESS---^$INTERNAL_IP_ADDRESS^" ./configs/wg-mobile-client.conf
|
||||||
|
|
||||||
|
echo "Generating complete"
|
45
include_mode_cfg_gen/update_include_routes.sh
Normal file
45
include_mode_cfg_gen/update_include_routes.sh
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#copy this file to your /etc/wireguard
|
||||||
|
|
||||||
|
function ProgressBar {
|
||||||
|
let _progress=(${1}*100/${2}*100)/100
|
||||||
|
let _done=(${_progress}*4)/10
|
||||||
|
let _left=40-$_done
|
||||||
|
_fill=$(printf "%${_done}s")
|
||||||
|
_empty=$(printf "%${_left}s")
|
||||||
|
printf "\rAdd routes to route table (${1}/${2}): [${_fill// /#}${_empty// /-}] ${_progress}%%"
|
||||||
|
}
|
||||||
|
|
||||||
|
#Variables
|
||||||
|
file_user="subnets_user_list.txt"
|
||||||
|
file_user_hostnames="hosts_user_list.txt"
|
||||||
|
file_processed="include_subnets_list_processed.txt"
|
||||||
|
interface_for_external_ip="wg-internal"
|
||||||
|
|
||||||
|
if [ -e $file_user ]
|
||||||
|
then echo "Add user subnets..."
|
||||||
|
cat $file_user |grep -v "#" >> $file_processed
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e $file_user_hostnames ]
|
||||||
|
then echo "Add user hostnames..."
|
||||||
|
for line in $(cat $file_user_hostnames); do nslookup line |grep "Address" |grep -v "#" |awk '{print $2"/32"}' >> $file_processed; done
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Flush route table
|
||||||
|
echo "Flush route table (down interface $interface)..."
|
||||||
|
ifdown $interface > /dev/null 2>&1
|
||||||
|
echo "Up interface $interface..."
|
||||||
|
ifup $interface > /dev/null 2>&1
|
||||||
|
|
||||||
|
#Add route
|
||||||
|
routes_count_in_file=`wc -l $file_processed`
|
||||||
|
routes_count_current=0
|
||||||
|
for line in $(cat $file_processed); do ip route add $line dev $interface_for_external_ip; let "routes_count_current+=1" ; ProgressBar ${routes_count_current} ${routes_count_in_file}; done
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
echo "Remove temp files..."
|
||||||
|
rm $file_processed
|
||||||
|
|
||||||
|
routes_count=`ip r | wc -l`
|
||||||
|
echo "Routes in routing table: $routes_count"
|
12
include_mode_cfg_gen/wg-external.conf
Normal file
12
include_mode_cfg_gen/wg-external.conf
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
[Interface]
|
||||||
|
Address = 10.20.30.2/32
|
||||||
|
PrivateKey = ---PRIVATE_KEY_EXTERNAL---
|
||||||
|
PostUp = iptables -t nat -A POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE
|
||||||
|
PostDown = iptables -t nat -D POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE
|
||||||
|
|
||||||
|
#internal node
|
||||||
|
[Peer]
|
||||||
|
PublicKey = ---PUBLIC_KEY_INTERNAL---
|
||||||
|
AllowedIPs = 10.20.30.0/24
|
||||||
|
Endpoint = ---INTERNAL_IP_ADDRESS---:17968
|
||||||
|
PersistentKeepalive = 25
|
21
include_mode_cfg_gen/wg-internal.conf
Normal file
21
include_mode_cfg_gen/wg-internal.conf
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
[Interface]
|
||||||
|
Address = 10.20.30.1/32
|
||||||
|
ListenPort = 17968
|
||||||
|
PrivateKey = ---PRIVATE_KEY_INTERNAL---
|
||||||
|
PostUp = iptables -t nat -A POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE
|
||||||
|
PostUp = ip rule add from `ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | grep -v "inet6" | head -n 1 | awk '/inet/ {print $2}' | awk -F/ '{print $1}'` table main
|
||||||
|
PostUp = ip route delete default dev wg-internal table 51820
|
||||||
|
PostUp = bash /etc/wireguard/update_include_routes.sh
|
||||||
|
PostDown = iptables -t nat -D POSTROUTING -o `ip route | awk '/default/ {print $5; exit}'` -j MASQUERADE
|
||||||
|
PostDown = ip rule del from `ip addr show $(ip route | awk '/default/ { print $5 }') | grep "inet" | grep -v "inet6" | head -n 1 | awk '/inet/ {print $2}' | awk -F/ '{print $1}'` table main
|
||||||
|
|
||||||
|
#external node
|
||||||
|
[Peer]
|
||||||
|
PublicKey = ---PUBLIC_KEY_EXTERNAL---
|
||||||
|
AllowedIPs = 10.20.30.2/32, 0.0.0.0/0
|
||||||
|
|
||||||
|
#mobile-client node
|
||||||
|
[Peer]
|
||||||
|
PublicKey = ---PUBLIC_KEY_CLIENT_1---
|
||||||
|
AllowedIPs = 10.20.30.3/32
|
||||||
|
|
11
include_mode_cfg_gen/wg-mobile-client.conf
Normal file
11
include_mode_cfg_gen/wg-mobile-client.conf
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
[Interface]
|
||||||
|
Address = 10.20.30.3/32
|
||||||
|
PrivateKey = ---PRIVATE_KEY_CLIENT_1---
|
||||||
|
DNS = 1.1.1.1, 8.8.8.8
|
||||||
|
|
||||||
|
#internal node
|
||||||
|
[Peer]
|
||||||
|
PublicKey = ---PUBLIC_KEY_INTERNAL---
|
||||||
|
AllowedIPs = 0.0.0.0/0
|
||||||
|
Endpoint = ---INTERNAL_IP_ADDRESS---:17968
|
||||||
|
PersistentKeepalive = 25
|
Loading…
Reference in New Issue
Block a user