|
|
@ -26,63 +26,66 @@ generate_confs () {
|
|
|
|
|
|
|
|
|
|
|
|
DUDE"
|
|
|
|
DUDE"
|
|
|
|
for i in ${PEERS_ARRAY[@]}; do
|
|
|
|
for i in ${PEERS_ARRAY[@]}; do
|
|
|
|
if [[ "${i}" =~ ^[0-9]+$ ]]; then
|
|
|
|
if [[ ! "${i}" =~ ^[[:alnum:]]+$ ]]; then
|
|
|
|
PEER_ID="peer${i}"
|
|
|
|
echo "**** Peer ${i} contains non-alphanumeric characters and thus will be skipped. No config for peer ${i} will be generated. ****"
|
|
|
|
else
|
|
|
|
else
|
|
|
|
PEER_ID="peer_${i//[^[:alnum:]_-]/}"
|
|
|
|
if [[ "${i}" =~ ^[0-9]+$ ]]; then
|
|
|
|
fi
|
|
|
|
PEER_ID="peer${i}"
|
|
|
|
mkdir -p /config/${PEER_ID}
|
|
|
|
else
|
|
|
|
if [ ! -f "/config/${PEER_ID}/privatekey-${PEER_ID}" ]; then
|
|
|
|
PEER_ID="peer_${i}"
|
|
|
|
umask 077
|
|
|
|
|
|
|
|
wg genkey | tee /config/${PEER_ID}/privatekey-${PEER_ID} | wg pubkey > /config/${PEER_ID}/publickey-${PEER_ID}
|
|
|
|
|
|
|
|
wg genpsk > /config/${PEER_ID}/presharedkey-${PEER_ID}
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -f "/config/${PEER_ID}/${PEER_ID}.conf" ]; then
|
|
|
|
|
|
|
|
CLIENT_IP=$(cat /config/${PEER_ID}/${PEER_ID}.conf | grep "Address" | awk '{print $NF}')
|
|
|
|
|
|
|
|
if [ -n "${ORIG_INTERFACE}" ] && [ "${INTERFACE}" != "${ORIG_INTERFACE}" ]; then
|
|
|
|
|
|
|
|
CLIENT_IP=$(echo "${CLIENT_IP}" | sed "s|${ORIG_INTERFACE}|${INTERFACE}|")
|
|
|
|
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
mkdir -p /config/${PEER_ID}
|
|
|
|
for idx in {2..254}; do
|
|
|
|
if [ ! -f "/config/${PEER_ID}/privatekey-${PEER_ID}" ]; then
|
|
|
|
PROPOSED_IP="${INTERFACE}.${idx}"
|
|
|
|
umask 077
|
|
|
|
if ! grep -q -R "${PROPOSED_IP}" /config/peer*/*.conf && ([ -z "${ORIG_INTERFACE}" ] || ! grep -q -R "${ORIG_INTERFACE}.${idx}" /config/peer*/*.conf); then
|
|
|
|
wg genkey | tee /config/${PEER_ID}/privatekey-${PEER_ID} | wg pubkey > /config/${PEER_ID}/publickey-${PEER_ID}
|
|
|
|
CLIENT_IP="${PROPOSED_IP}"
|
|
|
|
wg genpsk > /config/${PEER_ID}/presharedkey-${PEER_ID}
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -f "/config/${PEER_ID}/${PEER_ID}.conf" ]; then
|
|
|
|
|
|
|
|
CLIENT_IP=$(cat /config/${PEER_ID}/${PEER_ID}.conf | grep "Address" | awk '{print $NF}')
|
|
|
|
|
|
|
|
if [ -n "${ORIG_INTERFACE}" ] && [ "${INTERFACE}" != "${ORIG_INTERFACE}" ]; then
|
|
|
|
|
|
|
|
CLIENT_IP=$(echo "${CLIENT_IP}" | sed "s|${ORIG_INTERFACE}|${INTERFACE}|")
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
else
|
|
|
|
fi
|
|
|
|
for idx in {2..254}; do
|
|
|
|
if [ -f "/config/${PEER_ID}/presharedkey-${PEER_ID}" ]; then
|
|
|
|
PROPOSED_IP="${INTERFACE}.${idx}"
|
|
|
|
# create peer conf with presharedkey
|
|
|
|
if ! grep -q -R "${PROPOSED_IP}" /config/peer*/*.conf 2>/dev/null && ([ -z "${ORIG_INTERFACE}" ] || ! grep -q -R "${ORIG_INTERFACE}.${idx}" /config/peer*/*.conf 2>/dev/null); then
|
|
|
|
eval "`printf %s`
|
|
|
|
CLIENT_IP="${PROPOSED_IP}"
|
|
|
|
cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf
|
|
|
|
break
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
done
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -f "/config/${PEER_ID}/presharedkey-${PEER_ID}" ]; then
|
|
|
|
|
|
|
|
# create peer conf with presharedkey
|
|
|
|
|
|
|
|
eval "`printf %s`
|
|
|
|
|
|
|
|
cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf
|
|
|
|
`cat /config/templates/peer.conf`
|
|
|
|
`cat /config/templates/peer.conf`
|
|
|
|
DUDE"
|
|
|
|
DUDE"
|
|
|
|
# add peer info to server conf with presharedkey
|
|
|
|
# add peer info to server conf with presharedkey
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
[Peer]
|
|
|
|
[Peer]
|
|
|
|
# ${PEER_ID}
|
|
|
|
# ${PEER_ID}
|
|
|
|
PublicKey = $(cat /config/${PEER_ID}/publickey-${PEER_ID})
|
|
|
|
PublicKey = $(cat /config/${PEER_ID}/publickey-${PEER_ID})
|
|
|
|
PresharedKey = $(cat /config/${PEER_ID}/presharedkey-${PEER_ID})
|
|
|
|
PresharedKey = $(cat /config/${PEER_ID}/presharedkey-${PEER_ID})
|
|
|
|
DUDE
|
|
|
|
DUDE
|
|
|
|
else
|
|
|
|
else
|
|
|
|
echo "**** Existing keys with no preshared key found for ${PEER_ID}, creating confs without preshared key for backwards compatibility ****"
|
|
|
|
echo "**** Existing keys with no preshared key found for ${PEER_ID}, creating confs without preshared key for backwards compatibility ****"
|
|
|
|
# create peer conf without presharedkey
|
|
|
|
# create peer conf without presharedkey
|
|
|
|
eval "`printf %s`
|
|
|
|
eval "`printf %s`
|
|
|
|
cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf
|
|
|
|
cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf
|
|
|
|
`cat /config/templates/peer.conf | sed '/PresharedKey/d'`
|
|
|
|
`cat /config/templates/peer.conf | sed '/PresharedKey/d'`
|
|
|
|
DUDE"
|
|
|
|
DUDE"
|
|
|
|
# add peer info to server conf without presharedkey
|
|
|
|
# add peer info to server conf without presharedkey
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
[Peer]
|
|
|
|
[Peer]
|
|
|
|
# ${PEER_ID}
|
|
|
|
# ${PEER_ID}
|
|
|
|
PublicKey = $(cat /config/${PEER_ID}/publickey-${PEER_ID})
|
|
|
|
PublicKey = $(cat /config/${PEER_ID}/publickey-${PEER_ID})
|
|
|
|
DUDE
|
|
|
|
DUDE
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
SERVER_ALLOWEDIPS=SERVER_ALLOWEDIPS_PEER_${i}
|
|
|
|
SERVER_ALLOWEDIPS=SERVER_ALLOWEDIPS_PEER_${i}
|
|
|
|
# add peer's allowedips to server conf
|
|
|
|
# add peer's allowedips to server conf
|
|
|
|
if [ -n "${!SERVER_ALLOWEDIPS}" ]; then
|
|
|
|
if [ -n "${!SERVER_ALLOWEDIPS}" ]; then
|
|
|
|
echo "Adding ${!SERVER_ALLOWEDIPS} to wg0.conf's AllowedIPs for peer ${i}"
|
|
|
|
echo "Adding ${!SERVER_ALLOWEDIPS} to wg0.conf's AllowedIPs for peer ${i}"
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
cat <<DUDE >> /config/wg0.conf
|
|
|
|
AllowedIPs = ${CLIENT_IP}/32,${!SERVER_ALLOWEDIPS}
|
|
|
|
AllowedIPs = ${CLIENT_IP}/32,${!SERVER_ALLOWEDIPS}
|
|
|
|
|
|
|
|
|
|
|
|
DUDE
|
|
|
|
DUDE
|
|
|
@ -91,14 +94,15 @@ DUDE
|
|
|
|
AllowedIPs = ${CLIENT_IP}/32
|
|
|
|
AllowedIPs = ${CLIENT_IP}/32
|
|
|
|
|
|
|
|
|
|
|
|
DUDE
|
|
|
|
DUDE
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -z "${LOG_CONFS}" ] || [ "${LOG_CONFS}" = "true" ]; then
|
|
|
|
|
|
|
|
echo "PEER ${i} QR code:"
|
|
|
|
|
|
|
|
qrencode -t ansiutf8 < /config/${PEER_ID}/${PEER_ID}.conf
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
echo "PEER ${i} conf and QR code png saved in /config/${PEER_ID}"
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
qrencode -o /config/${PEER_ID}/${PEER_ID}.png < /config/${PEER_ID}/${PEER_ID}.conf
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if [ -z "${LOG_CONFS}" ] || [ "${LOG_CONFS}" = "true" ]; then
|
|
|
|
|
|
|
|
echo "PEER ${i} QR code:"
|
|
|
|
|
|
|
|
qrencode -t ansiutf8 < /config/${PEER_ID}/${PEER_ID}.conf
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
echo "PEER ${i} conf and QR code png saved in /config/${PEER_ID}"
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
qrencode -o /config/${PEER_ID}/${PEER_ID}.png < /config/${PEER_ID}/${PEER_ID}.conf
|
|
|
|
|
|
|
|
done
|
|
|
|
done
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|