Archives
/
docker-wireguard
mirror of https://github.com/linuxserver/docker-wireguard
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Allow to specify a list of names as PEERS and add ALLOWEDIPS environment variable

Browse Source
pull/59/head
Cristian Gauxachs 4 years ago
parent 082716d7f1
commit 83e92571e2
4 changed files with 47 additions and 29 deletions
Show Stats Download Patch File Download Diff File

10
readme-vars.yml
Unescape Escape View File

@ -44,9 +44,10 @@ opt_param_usage_include_env: true
opt_param_env_vars: opt_param_env_vars:
- { env_var: "SERVERURL", env_value: "wireguard.domain.com", desc: "External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically"} - { env_var: "SERVERURL", env_value: "wireguard.domain.com", desc: "External IP or domain name for docker host. Used in server mode. If set to `auto`, the container will try to determine and set the external IP automatically"}
- { env_var: "SERVERPORT", env_value: "51820", desc: "External port for docker host. Used in server mode."} - { env_var: "SERVERPORT", env_value: "51820", desc: "External port for docker host. Used in server mode."}
- { env_var: "PEERS", env_value: "1", desc: "Number of peers to create confs for. Required for server mode."} - { env_var: "PEERS", env_value: "1", desc: "Number of peers to create confs for. Required for server mode. Can be a list of names too: myPC,myPhone,myTablet..."}
- { env_var: "PEERDNS", env_value: "auto", desc: "DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward."} - { env_var: "PEERDNS", env_value: "auto", desc: "DNS server set in peer/client configs (can be set as `8.8.8.8`). Used in server mode. Defaults to `auto`, which uses wireguard docker host's DNS via included CoreDNS forward."}
- { env_var: "INTERNAL_SUBNET", env_value: "10.13.13.0", desc: "Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode."} - { env_var: "INTERNAL_SUBNET", env_value: "10.13.13.0", desc: "Internal subnet for the wireguard and server and peers (only change if it clashes). Used in server mode."}
- { env_var: "ALLOWEDIPS", env_value: "192.168.1.0/24,192.168.2.0/24", desc: "The IPs/Ranges that the peers will be able to reach using the VPN connection. If not specified the default value is: '0.0.0.0/0, ::0/0'"}
optional_block_1: false optional_block_1: false
optional_block_1_items: "" optional_block_1_items: ""
@ -63,13 +64,13 @@ app_setup_block: |
This can be run as a server or a client, based on the parameters used. This can be run as a server or a client, based on the parameters used.
## Server Mode ## Server Mode
If the environment variable `PEERS` is set to a number, the container will run in server mode and the necessary server and peer/client confs will be generated. The peer/client config qr codes will be output in the docker log. They will also be saved in text and png format under `/config/peerX`. If the environment variable `PEERS` is set to a number or a list of strings separated by comma, the container will run in server mode and the necessary server and peer/client confs will be generated. The peer/client config qr codes will be output in the docker log. They will also be saved in text and png format under `/config/peerX` in case `PEERS` is a variable and an integer or `/config/peer_X` in case a list of names was provided instead of an integer.
Variables `SERVERURL`, `SERVERPORT`, `INTERNAL_SUBNET` and `PEERDNS` are optional variables used for server mode. Any changes to these environment variables will trigger regeneration of server and peer confs. Peer/client confs will be recreated with existing private/public keys. Delete the peer folders for the keys to be recreated along with the confs. Variables `SERVERURL`, `SERVERPORT`, `INTERNAL_SUBNET` and `PEERDNS` are optional variables used for server mode. Any changes to these environment variables will trigger regeneration of server and peer confs. Peer/client confs will be recreated with existing private/public keys. Delete the peer folders for the keys to be recreated along with the confs.
To add more peers/clients later on, you increment the `PEERS` environment variable and recreate the container. To add more peers/clients later on, you increment the `PEERS` environment variable or add more elements to the list and recreate the container.
To display the QR codes of active peers again, you can use the following command and list the peer numbers as arguments: `docker exec -it wireguard /app/show-peer 1 4 5` (Keep in mind that the QR codes are also stored as PNGs in the config folder). To display the QR codes of active peers again, you can use the following command and list the peer numbers as arguments: `docker exec -it wireguard /app/show-peer 1 4 5` or `docker exec -it wireguard /app/show-peer myPC myPhone myTablet` (Keep in mind that the QR codes are also stored as PNGs in the config folder).
The templates used for server and peer confs are saved under `/config/templates`. Advanced users can modify these templates and force conf generation by deleting `/config/wg0.conf` and restarting the container. The templates used for server and peer confs are saved under `/config/templates`. Advanced users can modify these templates and force conf generation by deleting `/config/wg0.conf` and restarting the container.
@ -87,6 +88,7 @@ app_setup_block: |
# changelog # changelog
changelogs: changelogs:
- { date: "19.08.20:", desc: "Allow to specify a list of names as PEERS and add ALLOWEDIPS environment variable. Also, add peer name/id to each one of the peer sections in wg0.conf. Important: Existing users need to delete `/config/templates/peer.conf` and restart" }
- { date: "06.08.20:", desc: "Replace resolvconf with openresolv due to dns issues when a client based on this image is connected to a server also based on this image. Add IPv6 info to readme. Display kernel version in logs." } - { date: "06.08.20:", desc: "Replace resolvconf with openresolv due to dns issues when a client based on this image is connected to a server also based on this image. Add IPv6 info to readme. Display kernel version in logs." }
- { date: "29.07.20:", desc: "Update Coredns config to detect dns loops (existing users need to delete `/config/coredns/Corefile` and restart)." } - { date: "29.07.20:", desc: "Update Coredns config to detect dns loops (existing users need to delete `/config/coredns/Corefile` and restart)." }
- { date: "27.07.20:", desc: "Update Coredns config to prevent issues with non-user-defined bridge networks (existing users need to delete `/config/coredns/Corefile` and restart)." } - { date: "27.07.20:", desc: "Update Coredns config to prevent issues with non-user-defined bridge networks (existing users need to delete `/config/coredns/Corefile` and restart)." }

17
root/app/show-peer
Unescape Escape View File

@ -5,14 +5,17 @@ if [ ! $# -gt 0 ]; then
exit 0 exit 0
fi fi
INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0}
INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')
for i in "$@"; do for i in "$@"; do
if grep -q "AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32" /config/wg0.conf; then if [[ "${i}" =~ ^[0-9]+$ ]]; then
echo "PEER $i QR code:" PEER_ID="peer${i}"
qrencode -t ansiutf8 < /config/peer${i}/peer${i}.conf else
PEER_ID="peer_${i//[^[:alnum:]_-]/}"
fi
if grep -q "# ${PEER_ID}" /config/wg0.conf; then
echo "PEER ${i} QR code:"
qrencode -t ansiutf8 < /config/${PEER_ID}/${PEER_ID}.conf
else else
echo "PEER $i is not active" echo "PEER ${i} is not active"
fi fi
done done

6
root/defaults/peer.conf
Unescape Escape View File

@ -1,10 +1,10 @@
[Interface] [Interface]
Address = ${INTERFACE}.$(( $i + 1 )) Address = ${INTERFACE}.${CLIENT_IP_IDX}
PrivateKey = $(cat /config/peer${i}/privatekey-peer${i}) PrivateKey = $(cat /config/${PEER_ID}/privatekey-${PEER_ID})
ListenPort = 51820 ListenPort = 51820
DNS = ${PEERDNS} DNS = ${PEERDNS}
[Peer] [Peer]
PublicKey = $(cat /config/server/publickey-server) PublicKey = $(cat /config/server/publickey-server)
Endpoint = ${SERVERURL}:${SERVERPORT} Endpoint = ${SERVERURL}:${SERVERPORT}
AllowedIPs = 0.0.0.0/0, ::/0 AllowedIPs = ${ALLOWEDIPS}

43
root/etc/cont-init.d/30-config
Unescape Escape View File

@ -172,25 +172,33 @@ generate_confs () {
`cat /config/templates/server.conf` `cat /config/templates/server.conf`
DUDE" DUDE"
for i in $(seq 1 $PEERS); do CLIENT_IP_IDX=2
mkdir -p /config/peer${i} for i in ${PEERS_ARRAY[@]}; do
if [ ! -f "/config/peer${i}/privatekey-peer${i}" ]; then if [[ "${i}" =~ ^[0-9]+$ ]]; then
PEER_ID="peer${i}"
else
PEER_ID="peer_${i//[^[:alnum:]_-]/}"
fi
mkdir -p /config/${PEER_ID}
if [ ! -f "/config/${PEER_ID}/privatekey-${PEER_ID}" ]; then
umask 077 umask 077
wg genkey | tee /config/peer${i}/privatekey-peer${i} | wg pubkey > /config/peer${i}/publickey-peer${i} wg genkey | tee /config/${PEER_ID}/privatekey-${PEER_ID} | wg pubkey > /config/${PEER_ID}/publickey-${PEER_ID}
fi fi
eval "`printf %s` eval "`printf %s`
cat <<DUDE > /config/peer${i}/peer${i}.conf cat <<DUDE > /config/${PEER_ID}/${PEER_ID}.conf
`cat /config/templates/peer.conf` `cat /config/templates/peer.conf`
DUDE" DUDE"
cat <<DUDE >> /config/wg0.conf cat <<DUDE >> /config/wg0.conf
[Peer] [Peer]
PublicKey = $(cat /config/peer${i}/publickey-peer${i}) # ${PEER_ID}
AllowedIPs = ${INTERFACE}.$(( $i + 1 ))/32 PublicKey = $(cat /config/${PEER_ID}/publickey-${PEER_ID})
AllowedIPs = ${INTERFACE}.${CLIENT_IP_IDX}/32
DUDE DUDE
CLIENT_IP_IDX=$(( $CLIENT_IP_IDX + 1 ))
echo "PEER ${i} QR code:" echo "PEER ${i} QR code:"
qrencode -t ansiutf8 < /config/peer${i}/peer${i}.conf qrencode -t ansiutf8 < /config/${PEER_ID}/${PEER_ID}.conf
qrencode -o /config/peer${i}/peer${i}.png < /config/peer${i}/peer${i}.conf qrencode -o /config/${PEER_ID}/${PEER_ID}.png < /config/${PEER_ID}/${PEER_ID}.conf
done done
} }
@ -201,15 +209,18 @@ ORIG_SERVERPORT=$SERVERPORT
ORIG_PEERDNS=$PEERDNS ORIG_PEERDNS=$PEERDNS
ORIG_PEERS=$PEERS ORIG_PEERS=$PEERS
ORIG_INTERFACE=$INTERFACE ORIG_INTERFACE=$INTERFACE
ORIG_ALLOWEDIPS=$ALLOWEDIPS
DUDE DUDE
} }
if [ -n "$PEERS" ]; then if [ -n "$PEERS" ]; then
echo "**** Server mode is selected ****" echo "**** Server mode is selected ****"
if ! [[ "$PEERS" =~ ^[0-9]+$ ]]; then if [[ "$PEERS" =~ ^[0-9]+$ ]] && ! [[ "$PEERS" =~ *,* ]]; then
echo "**** PEERS is not set to an integer, setting it to 1 ****" PEERS_ARRAY=($(seq 1 $PEERS))
PEERS="1" else
PEERS_ARRAY=($(echo "$PEERS" | tr ',' ' '))
fi fi
PEERS_COUNT=$(echo "${#PEERS_ARRAY[@]}")
if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then if [ -z "$SERVERURL" ] || [ "$SERVERURL" = "auto" ]; then
SERVERURL=$(curl icanhazip.com) SERVERURL=$(curl icanhazip.com)
echo "**** SERVERURL var is either not set or is set to \"auto\", setting external IP to auto detected value of $SERVERURL ****" echo "**** SERVERURL var is either not set or is set to \"auto\", setting external IP to auto detected value of $SERVERURL ****"
@ -221,6 +232,8 @@ if [ -n "$PEERS" ]; then
INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0} INTERNAL_SUBNET=${INTERNAL_SUBNET:-10.13.13.0}
echo "**** Internal subnet is set to $INTERNAL_SUBNET ****" echo "**** Internal subnet is set to $INTERNAL_SUBNET ****"
INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--') INTERFACE=$(echo "$INTERNAL_SUBNET" | awk 'BEGIN{FS=OFS="."} NF--')
ALLOWEDIPS=${ALLOWEDIPS:-0.0.0.0/0, ::/0}
echo "**** AllowedIPs for peers $ALLOWEDIPS ****"
if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then if [ -z "$PEERDNS" ] || [ "$PEERDNS" = "auto" ]; then
PEERDNS="${INTERFACE}.1" PEERDNS="${INTERFACE}.1"
echo "**** PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS. ****" echo "**** PEERDNS var is either not set or is set to \"auto\", setting peer DNS to ${INTERFACE}.1 to use wireguard docker host's DNS. ****"
@ -228,15 +241,15 @@ if [ -n "$PEERS" ]; then
echo "**** Peer DNS servers will be set to $PEERDNS ****" echo "**** Peer DNS servers will be set to $PEERDNS ****"
fi fi
if [ ! -f /config/wg0.conf ]; then if [ ! -f /config/wg0.conf ]; then
echo "**** No found wg0.conf found (maybe an initial install), generating 1 server and $PEERS peer/client confs ****" echo "**** No wg0.conf found (maybe an initial install), generating 1 server and ${PEERS} peer/client confs ****"
generate_confs generate_confs
save_vars save_vars
else else
echo "**** Server mode is selected ****" echo "**** Server mode is selected ****"
[[ -f /config/.donoteditthisfile ]] && \ [[ -f /config/.donoteditthisfile ]] && \
. /config/.donoteditthisfile . /config/.donoteditthisfile
if [ "$SERVERURL" != "$ORIG_SERVERURL" ] || [ "$SERVERPORT" != "$ORIG_SERVERPORT" ] || [ "$PEERDNS" != "$ORIG_PEERDNS" ] || [ "$PEERS" != "$ORIG_PEERS" ] || [ "$INTERFACE" != "$ORIG_INTERFACE" ]; then if [ "$SERVERURL" != "$ORIG_SERVERURL" ] || [ "$SERVERPORT" != "$ORIG_SERVERPORT" ] || [ "$PEERDNS" != "$ORIG_PEERDNS" ] || [ "$PEERS" != "$ORIG_PEERS" ] || [ "$INTERFACE" != "$ORIG_INTERFACE" ] || [ "$ALLOWEDIPS" != "$ORIG_ALLOWEDIPS" ]; then
echo "**** Server related environment variables changed, regenerating 1 server and $PEERS peer/client confs ****" echo "**** Server related environment variables changed, regenerating 1 server and ${PEERS} peer/client confs ****"
generate_confs generate_confs
save_vars save_vars
else else

Write Preview
Loading…
Cancel
Save