commit bd6728343840e3084b4f94fb8978b0ea59031443 Author: Guy Boisvert Date: Tue Aug 12 23:01:13 2025 -0400 First Commit diff --git a/GenMac b/GenMac new file mode 100755 index 0000000..3cfb8da --- /dev/null +++ b/GenMac @@ -0,0 +1,9 @@ +#!/bin/bash + +OUI_PREFIX="00:50:56" + +echo -e "\nOUI Prefix: $OUI_PREFIX" + +LAST_OCTETS=$(openssl rand -hex 3 | sed 's/\(..\)/\1:/g; s/.$//') +echo -e "Generated MAC: ${OUI_PREFIX}:${LAST_OCTETS}" + diff --git a/Gvpn b/Gvpn new file mode 100755 index 0000000..9d41612 --- /dev/null +++ b/Gvpn @@ -0,0 +1,24 @@ +#!/bin/bash + +unset VPN; +VPN=( +'Real;~/Nextcloud2/guydev/network/wireguard/real/users/002-Guy.conf' +'Ingt;~/Nextcloud2/guydev/network/wireguard/ingtegration/chateauguay/user/U-003-dana.conf' +) + +unset Items; + +for Item in "${VPN[@]}" +do + echo -e "Item is: $Item" + IFS=";" read -r Name Def <<< $Item + echo -e " + Name : $Name + Def : $Def + " + Items+="$Name\n" +done + + +echo -e "${Items[@]}" + diff --git a/addbridgevlan.sh b/addbridgevlan.sh new file mode 100755 index 0000000..b544c54 --- /dev/null +++ b/addbridgevlan.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# +# version 231012_1439 +# + +read -p "Enter VLAN Number (Ex: 16) : " VLAN + +read -p "Enter Device Name (Ex: enp5s0) : " DEV + +echo -e " +VLAN = $VLAN +Device = $DEV +" + + +if [ "$(nmcli con |grep br${VLAN}|wc -l)" -eq "0" ] +then + echo -e "** Adding bridge br${VLAN}..." + nmcli con add \ + type bridge \ + con-name br${VLAN} \ + ifname br${VLAN} \ + ipv4.method disabled \ + ipv6.method ignore \ + autoconnect yes +else + echo "** br${VLAN} found" +fi + + + +echo -e "** Putting br${VLAN} in up state..." +nmcli con up "br${VLAN}" + + +echo -e "** Adding VLAN ${VLAN} to $DEV --> vlan-${DEV}.${VLAN} and then to br${VLAN}" +nmcli con add \ + type vlan \ + con-name vlan-${DEV}.${VLAN} \ + ifname ${DEV}.${VLAN} \ + dev ${DEV} \ + id ${VLAN} \ + ipv4.method disabled \ + ipv6.method ignore \ + master br${VLAN} \ + autoconnect yes + +echo -e "\n** All done." diff --git a/nettree.sh b/nettree.sh new file mode 100755 index 0000000..6f39172 --- /dev/null +++ b/nettree.sh @@ -0,0 +1,141 @@ +#!/bin/bash + +# +# https://github.com/AlexStragies/lsnetdev/blob/master/nettree.sh +# + +DIRECTION="UP" +UTF="" +TREE="" +GV="" +which tree >/dev/null && TREE=1 || UTF=1 + +function usage() { + cat << USAGEEND + +The script prints network devices hierarchy as a tree view. +Possible arguments: + -u prints tree bottom-up (default). Physical devices are roots of the tree. + -d prints tree top-down. Logical devices are roots of the tree. + -s X connect to host X via SSH to query information + -t Use 'tree' to print the tree by constructing a tree in TMP (default). + -G Print GraphViz Syntax graph, node and edge definitions. + -g Print GraphViz Syntax node and edge definitions only. + -l use UTF8 characters (default, if 'tree' is not installed). + +USAGEEND +} + +function print() { + local indent="$1"; shift + local firstrun=1; if [ "$1" = "1" ]; then firstrun=0; shift; fi + while [ -n "$1" ]; do + local D="${1# *}" + [ "$firstrun" = 1 -a -n "${devicesup[$D]}" ] && shift && continue; + echo -n "$indent ┗━ $D"; + if [ -z "${devicesdown[$D]}" ]; then echo ; else + echo " ━┓"; + print "$(echo \ \ $D\ \ \ | sed 's/./ /g')$indent" 1 ${devicesdown[$D]} + fi + shift; + done +} + +function buildFolderTree() { + local firstrun=1; if [ "$1" = 1 ]; then firstrun=0; shift; fi + while [ -n "$1" ]; do + local D=${1# *} + [ "$firstrun" = 1 -a -n "${devicesup[$D]}" ] && shift && continue; + mkdir $D + if [ -n "${devicesdown[$D]}" ]; then + cd $D; + for P in ${devicesdown[$D]}; do buildFolderTree 1 "$P";done + cd .. + fi + shift; + done +} + +function addRelation() { + local A="$1" + local B="$2" + local props="$3" + [ "$DIRECTION" = "UP" ] && C="$A" && A="$B" && B="$C" + conns["\"$A\" -- \"$B\""]="$props" + devicesdown[$A]="${devicesdown[$A]} $B" + devicesup[$B]="${devicesup[$B]} $A" +} + +while [ ! -z "$1" ]; do + case "$1" in + -d) DIRECTION=DOWN ;; + -u) DIRECTION=UP ;; + -t) GV="";GVNE="";TREE=1 ;UTF="" ;; + -G) GV=1 ;GVNE=1 ;TREE="";UTF="" ;; + -g) GV="";GVNE=1 ;TREE="";UTF="" ;; + -l) GV="";GVNE="";TREE="";UTF=1 ;; + -s) PFX="ssh -M $2" + shift + ;; + -h) usage ; exit 0 ;; + *) usage ; exit 1 ;; + esac + shift +done + + +declare -A devices +declare -A devicesup +declare -A devicesdown +declare -A conns +SCN="/sys/class/net/" +for CDEV in $($PFX find /sys/class/net/ ! -name lo -type l |sort); do + DCLASS="RJ45" + NDEV=$(basename $CDEV) + devices[$NDEV]="" + $PFX readlink $CDEV | grep -q devices/virtual && DCLASS="virtual" + $PFX [ -e $CDEV/bonding/ ] && DCLASS="bond" + $PFX [ -e $CDEV/phy80211/ ] && DCLASS="wireless" + $PFX [ -e $CDEV/dsa/ ] && DCLASS="dsa" + $PFX [ -e $CDEV/bridge/ ] && { DCLASS="bridge" + $PFX grep -q 1 $CDEV/bridge/vlan_filtering && DCLASS="switch" + } + $PFX grep -q 512 $CDEV/type && { DCLASS="ppp" + PNPP="/proc/net/pppoe" + $PFX [ -e $PNPP ] && P=$($PFX cat $PNPP | awk 'NR==2{print $3}') + [ -n "$P" ] && $PFX [ -e $SCN/$P ] && { + addRelation "$NDEV" "$P" 'label="PPPoE"' + } + } + for LOW in $($PFX find $CDEV/ -name 'lower_*'); do + LOW=${LOW#*_} + addRelation "$NDEV" "$LOW" 'label=""' + done + devices[$NDEV]="label=\"${NDEV}\"" + devices[$NDEV]="${devices[$NDEV]}, class=\"${DCLASS}\"" +done + +[ -n "$GV" ] && { + echo 'graph iftree {' +} +[ -n "$GVNE" ] && { + for iDEV in "${!devices[@]}"; do + echo " \"${iDEV}\"["${devices[$iDEV]}"];" + done + for conn in "${!conns[@]}"; do + echo \ \ $conn[${conns[$conn]}]\;; + done +} +[ -n "$GV" ] && { echo '}'; } + +if [ "$TREE" = "1" ]; then + TMPD=$(mktemp -qd) + cd $TMPD + buildFolderTree "${!devices[@]}"; + tree --noreport * + find $TMPD -delete +fi +if [ "$UTF" = "1" ]; then + print "" "${!devices[@]}" | colrm 1 4 +fi + diff --git a/wireguard/Gvpn b/wireguard/Gvpn new file mode 100755 index 0000000..b665a87 --- /dev/null +++ b/wireguard/Gvpn @@ -0,0 +1,9 @@ +#!/bin/bash + +unset VPN; +VPN={ +Real;~/Nextcloud2/guydev/network/wireguard/real/users/002-Guy.conf +Ingt;~/Nextcloud2/guydev/network/wireguard/ingtegration/chateauguay/user/U-003-dana.conf +} + + diff --git a/wireguard/Test1/RB5009-WG1.cfg b/wireguard/Test1/RB5009-WG1.cfg new file mode 100644 index 0000000..d8b71f2 --- /dev/null +++ b/wireguard/Test1/RB5009-WG1.cfg @@ -0,0 +1,10 @@ +[RB5009-WG1] +RtrInterface=WG1 +Rtr_Addr_Admin=10.1.8.99 +Rtr_Addr_Public=205.151.68.129 +Rrt_Port=13243 +Rtr_Addr_Private=10.1.4.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=bTatsa66Ggasasa6666= +Rtr_DNS=1.1.1.1,1.0.0.1 +Rtr_Route_Subnet=10.0.0.0/8 diff --git a/wireguard/Test1/U-001-marc.Peer.rsc b/wireguard/Test1/U-001-marc.Peer.rsc new file mode 100644 index 0000000..007ee21 --- /dev/null +++ b/wireguard/Test1/U-001-marc.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.1.4.1/32 disabled=no name="marc" interface=WG1 \ +preshared-key="aeN5oZSTW//CPRuZaBj16GTwx7+ktpvph+thrFY/WQc=" public-key="ztXlaxlZWA4oZxSCaQsN/8RXqahEeF4BehMjfAFbLVk=" diff --git a/wireguard/Test1/U-001-marc.conf b/wireguard/Test1/U-001-marc.conf new file mode 100644 index 0000000..3c3e404 --- /dev/null +++ b/wireguard/Test1/U-001-marc.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = 2OchuWPpq3g8dXCoo2uufnmU1dpcd8WfgS4/7vI7tUQ= +ListenPort = 51821 +Address = 10.1.4.1/32 +DNS = 1.1.1.1,1.0.0.1 + +[Peer] +PublicKey = bTatsa66Ggasasa6666= +PresharedKey = aeN5oZSTW//CPRuZaBj16GTwx7+ktpvph+thrFY/WQc= +AllowedIPs = 10.0.0.0/8 +Endpoint = 205.151.68.129:13243 +PersistentKeepalive = 25 + diff --git a/wireguard/Test1/U-001-marc.conf.png b/wireguard/Test1/U-001-marc.conf.png new file mode 100644 index 0000000..b724c2c Binary files /dev/null and b/wireguard/Test1/U-001-marc.conf.png differ diff --git a/wireguard/Test1/U-002-guy.Peer.rsc b/wireguard/Test1/U-002-guy.Peer.rsc new file mode 100644 index 0000000..b7c697c --- /dev/null +++ b/wireguard/Test1/U-002-guy.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.1.4.2/32 disabled=no name="guy" interface=WG1 \ +preshared-key="JVdiKw9rvvz/HqTdHG6oxJBkduUe3r7DWgqDO0tHMkw=" public-key="eeYn9g9ayNJoEkYH4HrXFMcGDU0uUHLXF2ZopybCAFg=" diff --git a/wireguard/Test1/U-002-guy.conf b/wireguard/Test1/U-002-guy.conf new file mode 100644 index 0000000..b9f9a46 --- /dev/null +++ b/wireguard/Test1/U-002-guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = ABcaGRdchXN2+23PoSe8d7ojH4WhT4JEsZLRV3Jt1lo= +ListenPort = 51821 +Address = 10.1.4.2/32 +DNS = 1.1.1.1,1.0.0.1 + +[Peer] +PublicKey = bTatsa66Ggasasa6666= +PresharedKey = JVdiKw9rvvz/HqTdHG6oxJBkduUe3r7DWgqDO0tHMkw= +AllowedIPs = 10.0.0.0/8 +Endpoint = 205.151.68.129:13243 +PersistentKeepalive = 25 + diff --git a/wireguard/Test1/U-002-guy.conf.png b/wireguard/Test1/U-002-guy.conf.png new file mode 100644 index 0000000..ca98e03 Binary files /dev/null and b/wireguard/Test1/U-002-guy.conf.png differ diff --git a/wireguard/WireguardManjaro/evoq/WG999-GB b/wireguard/WireguardManjaro/evoq/WG999-GB new file mode 100644 index 0000000..8f50a0e --- /dev/null +++ b/wireguard/WireguardManjaro/evoq/WG999-GB @@ -0,0 +1,3 @@ +[Interface] +ListenPort = 13231 +PrivateKey = oIdmd/wFdL54lgkkThbIcDAeg9nKmS5wxH4fLBJbwEo= diff --git a/wireguard/WireguardManjaro/evoq/privatekey b/wireguard/WireguardManjaro/evoq/privatekey new file mode 100644 index 0000000..097fc37 --- /dev/null +++ b/wireguard/WireguardManjaro/evoq/privatekey @@ -0,0 +1 @@ +mCscj1wPL4+kGrDMAKY3Ek8drGvxcgOlfudGAq9j+Vo= diff --git a/wireguard/WireguardManjaro/evoq/publickey b/wireguard/WireguardManjaro/evoq/publickey new file mode 100644 index 0000000..57fa330 --- /dev/null +++ b/wireguard/WireguardManjaro/evoq/publickey @@ -0,0 +1 @@ +pWs3b9kfSZ+Uvg7Q9tYT52Lqxh7OEbOhkzmvE0NT/GM= diff --git a/wireguard/WireguardManjaro/exoc/rutgers/client_guy.txt b/wireguard/WireguardManjaro/exoc/rutgers/client_guy.txt new file mode 100644 index 0000000..0573ee8 --- /dev/null +++ b/wireguard/WireguardManjaro/exoc/rutgers/client_guy.txt @@ -0,0 +1 @@ +GPBSyPyU06/jsowN9ScTpXDkMAzrGxKB217gVWcSVng= diff --git a/wireguard/WireguardManjaro/exoc/rutgers/client_guy_psk.txt b/wireguard/WireguardManjaro/exoc/rutgers/client_guy_psk.txt new file mode 100644 index 0000000..68c009a --- /dev/null +++ b/wireguard/WireguardManjaro/exoc/rutgers/client_guy_psk.txt @@ -0,0 +1 @@ ++tJsNqiNzwJ7PCLRvF83olIffVq9FAWSvOlYC7wbUp0= diff --git a/wireguard/WireguardManjaro/exoc/rutgers/client_guy_pub.txt b/wireguard/WireguardManjaro/exoc/rutgers/client_guy_pub.txt new file mode 100644 index 0000000..84ba05a --- /dev/null +++ b/wireguard/WireguardManjaro/exoc/rutgers/client_guy_pub.txt @@ -0,0 +1 @@ +rtbXn9kJ32AqTbOeNcQjWT31UW+508ENhP1+Whez5TQ= diff --git a/wireguard/WireguardManjaro/exoc/rutgers/client_pascal.txt b/wireguard/WireguardManjaro/exoc/rutgers/client_pascal.txt new file mode 100644 index 0000000..c4f6e7f --- /dev/null +++ b/wireguard/WireguardManjaro/exoc/rutgers/client_pascal.txt @@ -0,0 +1 @@ +APeJ2lVKE90EUHsDO+bYC5OAnpeUATCeGZWDL9K0dVM= diff --git a/wireguard/WireguardManjaro/exoc/rutgers/client_pascal_psk.txt b/wireguard/WireguardManjaro/exoc/rutgers/client_pascal_psk.txt new file mode 100644 index 0000000..eb6d060 --- /dev/null +++ b/wireguard/WireguardManjaro/exoc/rutgers/client_pascal_psk.txt @@ -0,0 +1 @@ +isW7BmJAwEq6B2PeDbG4sN8z/dg2zfuhuLdPQY3WovU= diff --git a/wireguard/WireguardManjaro/exoc/rutgers/client_pascal_pub.txt b/wireguard/WireguardManjaro/exoc/rutgers/client_pascal_pub.txt new file mode 100644 index 0000000..0c1898f --- /dev/null +++ b/wireguard/WireguardManjaro/exoc/rutgers/client_pascal_pub.txt @@ -0,0 +1 @@ +GkRup6bdiXqb8GOaytLBQ1tFcQJ+SEu+KgkQlR17oE4= diff --git a/wireguard/WireguardManjaro/exoc/rutgers/wg01-guy.conf b/wireguard/WireguardManjaro/exoc/rutgers/wg01-guy.conf new file mode 100644 index 0000000..a18e6a0 --- /dev/null +++ b/wireguard/WireguardManjaro/exoc/rutgers/wg01-guy.conf @@ -0,0 +1,10 @@ +[Interface] +PrivateKey = GPBSyPyU06/jsowN9ScTpXDkMAzrGxKB217gVWcSVng= +Address = 172.16.28.1/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = rtbXn9kJ32AqTbOeNcQjWT31UW+508ENhP1+Whez5TQ= +PresharedKey = +tJsNqiNzwJ7PCLRvF83olIffVq9FAWSvOlYC7wbUp0= +Endpoint = 172.16.24.1:13239 +AllowedIPs = 0.0.0.0/0,::/0 diff --git a/wireguard/WireguardManjaro/exoc/rutgers/wg02-pascal.conf b/wireguard/WireguardManjaro/exoc/rutgers/wg02-pascal.conf new file mode 100644 index 0000000..13a5490 --- /dev/null +++ b/wireguard/WireguardManjaro/exoc/rutgers/wg02-pascal.conf @@ -0,0 +1,10 @@ +[Interface] +PrivateKey = APeJ2lVKE90EUHsDO+bYC5OAnpeUATCeGZWDL9K0dVM= +Address = 172.16.28.2/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = 3ZnjnM9d/TL2MoNnEgNRlDztYEhHLNjb8EXai9utzCk= +PresharedKey = isW7BmJAwEq6B2PeDbG4sN8z/dg2zfuhuLdPQY3WovU= +Endpoint = 192.168.88.168:13239 +AllowedIPs = 0.0.0.0/0 diff --git a/wireguard/WireguardManjaro/exoc/rutgers/wireguard-rutgers.sh b/wireguard/WireguardManjaro/exoc/rutgers/wireguard-rutgers.sh new file mode 100755 index 0000000..b62e3b3 --- /dev/null +++ b/wireguard/WireguardManjaro/exoc/rutgers/wireguard-rutgers.sh @@ -0,0 +1,316 @@ +#!/bin/bash + + +#=================== Environment =============================================== +# +ScriptName=$(basename "$0") +SshUser=ansible +#SshKey="/home/wireguard/.ssh/ansible_evoq_rsa" +SshKey="/home/boig01/.ssh/ansible_evoq_rsa" +#BaseDir="/home/wireguard" +BaseDir="/dev/shm" +CCR1=10.1.8.11 +CCR2=10.1.8.12 +Version=240222_1842 +CORP="EVOQ" +TmpUserList=$(mktemp -p /dev/shm) + +# Wireguard For Routers +RtrCCR1Int=WG-Routers +RtrCCR1PubKey="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw=" +RtrCCR1Prefix="10.1.32" +RtrCCR1Address="10.1.32.254/24" +RtrCCR1Port=13232 +WgRtrDir="${BaseDir}/routers" + +# Wireguard For Users +UsrCCR1Int=WG-Users +UsrCCR1PubKey="EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY=" +UsrCCR1Prefix="10.1.33" +UsrCCR1Address="10.1.33.254/24" +UsrCCR1Port=13233 +WgUsrDir="${BaseDir}/users" + +YELLOW='\033[0;33m' +GREEN='\033[0;32m' +RED='\033[0;31m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + + +# Create paths if not there +[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" +[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}" + + + +#=================== function Info ============================================= +# +# Avec date / time prefix +# +Info() { printf "${GREEN} %s ${NC} %s\n" "$( date +%F_%T )" "$*" >&2; } # send to stderr + + +#=================== function Message ========================================== +# +Message() { printf "${GREEN}%s ${NC}\n" "$*" ;} # send to stderr + + + +#=================== function Help ============================================= +# +function Help () +{ +echo -e " +usage: $ScriptName [options] + + -l List WireGuard clients on CCR1 + -h This help + +" +} + + +#=================== function addCCR1 ========================================== +# +function addCCR1() { + local Router="$1" + echo -e "\nAdding ${Router} Wireguard account to CCR1..." + ssh -i ${SSHKey} ansible@${CCR1} "/ppp secret add local-address=10.1.31.254 name=${Router} password=${L2TPPass} remote-address=${CCRSideIP} routes=\"${ip_Subnet} $CCRSideIP 1\" service=l2tp" + + if [ $? = 0 ] + then + echo "${Router} Wireguard account successfully added to CCR1" + else + echo "Failed to add ${Router} Wireguard account to CCR1" + fi +} + + +#=================== function newClient ======================================= +# +function newClient() { + ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}" + + echo "" + echo "Tell me a name for the client." + echo "The name must consist of alphanumeric character. It may also include an underscore or a dash and can't exceed 15 chars." + + until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do + read -rp "Client name: " -e CLIENT_NAME + CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${CLIENT_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified name was already created, please choose another name." + echo "" + fi + done + + for DOT_IP in {2..254}; do + DOT_EXISTS=$(grep -c "${SERVER_WG_IPV4::-1}${DOT_IP}" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + if [[ ${DOT_EXISTS} == '0' ]]; then + break + fi + done + + if [[ ${DOT_EXISTS} == '1' ]]; then + echo "" + echo "The subnet configured supports only 253 clients." + exit 99 + fi + + BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }') + until [[ ${IPV4_EXISTS} == '0' ]]; do + read -rp "Client's WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP + CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}" + IPV4_EXISTS=$(grep -c "$CLIENT_WG_IPV4/24" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV4_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv4 was already created, please choose another IPv4." + echo "" + fi + done + + BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }') + until [[ ${IPV6_EXISTS} == '0' ]]; do + read -rp "Client's WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP + CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}" + IPV6_EXISTS=$(grep -c "${CLIENT_WG_IPV6}/64" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV6_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv6 was already created, please choose another IPv6." + echo "" + fi + done + + # Generate key pair for the client + CLIENT_PRIV_KEY=$(wg genkey) + CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) + CLIENT_PRE_SHARED_KEY=$(wg genpsk) + + mkdir -p "$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" >/dev/null 2>&1 + HOME_DIR="$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" + + # Create client file and add the server as a peer + echo "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128 +DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} + +[Peer] +PublicKey = ${SERVER_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +Endpoint = ${ENDPOINT} +AllowedIPs = 0.0.0.0/0,::/0" >>"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + # Add the client as a peer to the MikroTik (to client folder) + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >"${HOME_DIR}/mikrotik-peer-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" + + # Add the client as a peer to the MikroTik + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >> "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + + # Add the client as a peer to the server + echo -e "\n### Client ${CLIENT_NAME} +[Peer] +PublicKey = ${CLIENT_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf" + + echo -e "\nHere is your client config file as a QR Code:" + + qrencode -t ansiutf8 -l L <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + qrencode -l L -s 6 -d 225 -o "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + echo -e "${INFO} Config available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + echo -e "${INFO} QR is also available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" + echo -e "${INFO} MikroTik peer config available in ${HOME_DIR}/mikrotik-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" +} + + + + +#=================== function manageMenu ====================================== +# +function manageMenu() { + echo "" + echo "It looks like this WireGuard interface is already." + echo "" + echo "What do you want to do?" + echo " 1) Add a new client" + echo " 2) Exit" + until [[ ${MENU_OPTION} =~ ^[1-4]$ ]]; do + read -rp "Select an option [1-2]: " MENU_OPTION + done + case "${MENU_OPTION}" in + 1) + newClient + ;; + 2) + exit 0 + ;; + esac +} + + + +#=================== function listConfs ======================================= +# +function listConfs() { + local directory + directory="$(pwd)/wireguard" + + if [ -d "${directory}" ]; then + echo "List of existing configurations:" + i=1 + for folder in "${directory}"/*/; do + local users count folder_name + users="${folder}/client/" + count=$(find "$users" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | wc -l) + folder_name=$(basename "${folder}") + echo "${i}. ${folder_name} [${count} user(s)]" + ((i++)) + done + fi + echo "" +} + + +#=================== function listCCR1 ========================================= +# +# Filter 1: enlever les ";" et remplacer ^m par LF +# Filter 2: Grouper 2 lignes consecutives +# Filter 3: Print field #4 et #3 +# +function ListCCR() { + +Message "User List" +ssh -i $SshKey ${SshUser}@${CCR1} "/interface/wireguard/peers/print proplist=comment,interface" \ + | grep User | tr -d ";" | sed -e "s/\r//g" \ + | awk 'NR%2 {printf("%s ", $0); next} {print $0}' \ + | awk '{print $4, $3}' | tee ${TmpUserList} + +LastEntry=$(cat ${TmpUserList} | sort -r | head -1 | awk '{ print $1 }') +NextEntry=$(($LastEntry+1)) +echo -e " +Last Entry = $LastEntry +Next Entry = $NextEntry +" +} + + +#=================== MAIN ===================================================== +# +echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator\n" + +((!$#)) && Help && exit + + +while getopts cfhl option +do + case "${option}" in + c) BoolCreate=1 ;; + f) VarFileLog=1;; + h) Help + exit 0;; + l) ListCCR ;; + *) Help + exit 1;; + esac +done + + +rm -f ${TmpUserList} +exit + +#? Check for root, OS, WireGuard +installCheck + +listConfs + +#? Check server exist +serverName + +#? Check if WireGuard is already installed and load params +if [[ -e $(pwd)/wireguard/${SERVER_WG_NIC}/params ]]; then + # shellcheck source=/dev/null + source "$(pwd)/wireguard/${SERVER_WG_NIC}/params" + manageMenu +else + newInterface +fi + diff --git "a/wireguard/\\" "b/wireguard/\\" new file mode 100644 index 0000000..0636c8f --- /dev/null +++ "b/wireguard/\\" @@ -0,0 +1,3 @@ +/ip address add address=172.14.40.004/32 comment=WG-CTG interface=wg-ctg +/interface wireguard peers add allowed-address=172.16.254.004/32 client-keepalive=10 disabled=no comment="2" \ +interface=WG-Devices preshared-key="efrLuDEVeDNpj13qlIqbjCiKlPVxE8T+hLt+2gQHF40=" public-key="lRlZ5uUBQsCH4G259f+q2yKAH4rxc2y+KHDlHaksmwo=" diff --git a/wireguard/alain/RB4011.cfg b/wireguard/alain/RB4011.cfg new file mode 100644 index 0000000..8566a0a --- /dev/null +++ b/wireguard/alain/RB4011.cfg @@ -0,0 +1,8 @@ + +[WG3] +Rtr_Addr_Admin=172.16.1.1 +Rtr_Addr_Public=ingt.dyndns.org +Rrt_Port=14322 +Rtr_Addr_Private=172.16.253.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=vH29JWx4oamEfJFSOGQspPtHmMuLY1lC5jiFsgu6hio= diff --git a/wireguard/alain/U-001-zbook.Peer.rsc b/wireguard/alain/U-001-zbook.Peer.rsc new file mode 100644 index 0000000..607f2ad --- /dev/null +++ b/wireguard/alain/U-001-zbook.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=172.16.253.1/32 disabled=no name="zbook" interface=WG3 \ +preshared-key="phF3M7QpL+jrxsVZ3guV+SRGFohoTdiNjX/VntDJMS8=" public-key="LzC8W/ChD8Iq7kDJ7F796WRzqPSI30bAKbnJraZ59gE=" diff --git a/wireguard/alain/U-001-zbook.conf b/wireguard/alain/U-001-zbook.conf new file mode 100644 index 0000000..f0ccbd3 --- /dev/null +++ b/wireguard/alain/U-001-zbook.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = 2J4fFcuD/cuhk8FcO9iqTfDdhsZADR6/qxFbL00DF3M= +ListenPort = 51821 +Address = 172.16.253.1/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = vH29JWx4oamEfJFSOGQspPtHmMuLY1lC5jiFsgu6hio= +PresharedKey = phF3M7QpL+jrxsVZ3guV+SRGFohoTdiNjX/VntDJMS8= +AllowedIPs = 0.0.0.0/0 +Endpoint = ingt.dyndns.org:14322 +PersistentKeepalive = 25 + diff --git a/wireguard/alain/U-001-zbook.conf.png b/wireguard/alain/U-001-zbook.conf.png new file mode 100644 index 0000000..8b2a31a Binary files /dev/null and b/wireguard/alain/U-001-zbook.conf.png differ diff --git a/wireguard/autowg.sh b/wireguard/autowg.sh new file mode 100755 index 0000000..86651df --- /dev/null +++ b/wireguard/autowg.sh @@ -0,0 +1,136 @@ +#!/bin/bash +# +# AUTOWG written by Hamdi KADRI +# APACHE LICENSE version 2.0 applies +# This script is intended to create configurations for +# a point-to-point Wireguard connection between a server +# and a client (/30 network) +# + +# Step zero: declare configurations as variables + +servercfg="[Interface] +Address = +SaveConfig = true +ListenPort = +PrivateKey = +[Peer] +PublicKey = +PresharedKey = +AllowedIPs = " + +clientcfg="[Interface] +PrivateKey = +Address = +[Peer] +PublicKey = +PresharedKey = +AllowedIPs = +EndPoint = : +PersistentKeepalive = 20" + +postcfg="[Interface] +Address = +SaveConfig = true +ListenPort = +PrivateKey = +PostUp = iptables -A FORWARD -i -j ACCEPT +PostUp = iptables -t nat -A POSTROUTING -o -j MASQUERADE +PostDown = iptables -D FORWARD -i -j ACCEPT +PostDown = iptables -t nat -D POSTROUTING -o -j MASQUERADE +[Peer] +PublicKey = +PresharedKey = +AllowedIPs = +" + +# Step one: ask for some parameters (as an assistant) +# We need: point-to-point IPs, Server IP, port + +echo "AutoWG requires some informations before generating your config" +echo "Please provide the next parameters." +echo "This script will not check if the IPs and netmask are valid!" +echo "Press Enter to continue.." +echo +read +read -p "Server IP for the Wireguard interface: " serverwgIP +read -p "Client IP for the Wireguard interface: " clientwgIP +read -p "Network Mask (in CIDR) for both server and client WG interfaces (example: /30): " netmask +read -p "Server Public IP address: " serverIP +read -p "Network Port for Wireguard communication: " port +read -p "Wireguard interface name? (for example wg0): " wgintname +read -p "Route all traffic to server via Wireguard? [y/N]: " internetaccess +if [[ "$internetaccess" =~ ^([yY][eE][sS]|[yY])$ ]] +then + clientcfg=$(echo "$clientcfg" | sed "s|AllowedIPs = |AllowedIPs = 0.0.0.0/0|g" ) + read -p "Which server interface has internet access? " srvinternetintname + servercfg=$(echo "$postcfg" | sed "s||${wgintname}|g" | sed "s||${srvinternetintname}|g" ) + echo + RED='\033[0;31m' + NC='\033[0m' # No Color + printf "${RED}IMPORTANT:${NC} You need to enable IP Forwarding on the server\n" + echo "On Linux servers, uncomment the line \"net.ipv4.ip_forward=1\" in /etc/sysctl.conf" + echo "then run \"sysctl -p\"" + echo + + #### Experimental DNS support #### + read -p "Push DNS servers to client? [y/N]: " dns + if [[ "$dns" =~ ^([yY][eE][sS]|[yY])$ ]] + then + read -p "Enter dns servers IPs separated by spaces: " dnsservers + dnscfg="\nDNS = $dnsservers" + clientcfg=$(echo "$clientcfg" | sed "s||$dnscfg|g" ) + else + clientcfg=$(echo "$clientcfg" | sed "s|||g" ) + fi + ################################## +else + clientcfg=$(echo "$clientcfg" | sed "s|||g" ) +fi + + +# Step two: generate keypairs +## Generate keypairs for machine 1 (client) +client_prvkey=$(wg genkey) +client_pubkey=$(echo $client_prvkey | wg pubkey) + +## Generate keypairs for machine 2 (server) +server_prvkey=$(wg genkey) +server_pubkey=$(echo $server_prvkey | wg pubkey) + +# New : generate PSK + +psk=$(wg genpsk) + +# Step three: generate configuration + +serverconf=$(echo "$servercfg" | sed "s||${serverwgIP}${netmask}|g" | \ + sed "s||${port}|g" | sed "s||${server_prvkey}|g" |\ + sed "s||${client_pubkey}|g" | sed "s||${clientwgIP}|g" |\ + sed "s||${psk}|g" ) + +clientconf=$(echo "$clientcfg" | sed "s||${client_prvkey}|g" | \ + sed "s||${clientwgIP}${netmask}|g" | sed "s||${server_pubkey}|g" | \ + sed "s||${serverIP}|g" | sed "s||${port}|g" | sed "s||${psk}|g" ) + +# Step four: display configuration for machine 1 (client) +echo +echo "** Client Side /etc/wireguard/${wgintname}.conf **" +echo "$clientconf" +echo + +# Step five: display configuration for machine 2 (server) +echo +echo "** Server Side /etc/wireguard/${wgintname}.conf **" +echo "$serverconf" +echo + +# Step Seven: Saving to a text file +# +echo "** Client Side /etc/wireguard/${wgintname}.conf **" > wireguard-conf.txt +echo "$clientconf" >> wireguard-conf.txt +echo >> wireguard-conf.txt +echo "** Server Side /etc/wireguard/${wgintname}.conf **" >> wireguard-conf.txt +echo "$serverconf" >> wireguard-conf.txt +echo >> wireguard-conf.txt + diff --git a/wireguard/cccp/users/001-Real.CCR1.rsc b/wireguard/cccp/users/001-Real.CCR1.rsc new file mode 100644 index 0000000..25c3785 --- /dev/null +++ b/wireguard/cccp/users/001-Real.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.8.38.1/32 disabled=no comment="User Real" interface=wg1 \ +preshared-key="3v+2iZ8UNS6YHKYc55fVgI77wtfRO0JCa4X2bIc34e4=" public-key="T8N9Zdy4JiStBIJI00T9fkIx6KzatLkQ/WXQUDe7QDU=" diff --git a/wireguard/cccp/users/001-Real.conf b/wireguard/cccp/users/001-Real.conf new file mode 100644 index 0000000..f7063d9 --- /dev/null +++ b/wireguard/cccp/users/001-Real.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = IFR3761g8AM2F1ICp+hP9TyudinHHXio0BvPFUOa/3o= +ListenPort = 51821 +Address = 10.8.38.1/32 +DNS = 10.8.38.1,1.1.1.1 + +[Peer] +PublicKey = ywl8GMIFJZlElELbvIPHEzs8/T5VaF9+gaq17JaXThE= +PresharedKey = 3v+2iZ8UNS6YHKYc55fVgI77wtfRO0JCa4X2bIc34e4= +AllowedIPs = 10.8.0.0/16 +Endpoint = 199.168.223.11:13233 +PersistentKeepalive = 25 + diff --git a/wireguard/cccp/users/002-Ariel.CCR1.rsc b/wireguard/cccp/users/002-Ariel.CCR1.rsc new file mode 100644 index 0000000..1300f47 --- /dev/null +++ b/wireguard/cccp/users/002-Ariel.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.8.38.2/32 disabled=no comment="User Ariel" interface=wg1 \ +preshared-key="cHKDiUAezRuelDtTkbA9pNwzX3kwM7hhG6XB2/MWrkY=" public-key="mQcmO5hLoAXNA3KeF+iXydsZuDg+nkbYNsogvJ32mVs=" diff --git a/wireguard/cccp/users/002-Ariel.conf b/wireguard/cccp/users/002-Ariel.conf new file mode 100644 index 0000000..3cccee5 --- /dev/null +++ b/wireguard/cccp/users/002-Ariel.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = wL/hWyRZtifMLVEgPc31VMmG1+7EYbm5wJI5uxbF+34= +ListenPort = 51821 +Address = 10.8.38.2/32 +DNS = 10.8.38.1,1.1.1.1 + +[Peer] +PublicKey = zHfHRbQs+3WH9GHBEH7dsh8J0xxLkP2OxWJASV+VWlw= +PresharedKey = cHKDiUAezRuelDtTkbA9pNwzX3kwM7hhG6XB2/MWrkY= +AllowedIPs = 10.8.0.0/16 +Endpoint = 199.168.223.11:13233 +PersistentKeepalive = 25 + diff --git a/wireguard/cccp/users/003-Guy.CCR1.rsc b/wireguard/cccp/users/003-Guy.CCR1.rsc new file mode 100644 index 0000000..2fa1982 --- /dev/null +++ b/wireguard/cccp/users/003-Guy.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.8.38.3/32 disabled=no comment="User Guy" interface=wg1 \ +preshared-key="wF6cwKPq7Yu9tifDy1zPYZ4t+GGXsh6QaJiKwhoYPVA=" public-key="W+1qr4Un3+u0i9bNmItllu3FrY49+NNX9aQfYmVkm1Q=" diff --git a/wireguard/cccp/users/003-Guy.conf b/wireguard/cccp/users/003-Guy.conf new file mode 100644 index 0000000..3411836 --- /dev/null +++ b/wireguard/cccp/users/003-Guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = 2FvyrN30+4CHTmeJInGRcILPCCVovO1hiYL5+qvYp3M= +ListenPort = 51821 +Address = 10.8.38.3/32 +DNS = 10.8.38.254,1.1.1.1 + +[Peer] +PublicKey = ywl8GMIFJZlElELbvIPHEzs8/T5VaF9+gaq17JaXThE= +PresharedKey = wF6cwKPq7Yu9tifDy1zPYZ4t+GGXsh6QaJiKwhoYPVA= +AllowedIPs = 10.8.0.0/16 +Endpoint = 199.168.223.11:13233 +PersistentKeepalive = 25 + diff --git a/wireguard/chums/YvesDugas/001-U-pcyves.Peer.rsc b/wireguard/chums/YvesDugas/001-U-pcyves.Peer.rsc new file mode 100644 index 0000000..3d487f4 --- /dev/null +++ b/wireguard/chums/YvesDugas/001-U-pcyves.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=192.168.61.1/32 disabled=no name="pcyves" interface=WG01 \ +preshared-key="K/C9aXn6DJqjN0nHCygojPjY+B40S6EWKGAQRoo05O4=" public-key="IaUPgaro0xZSL5EFrOSttqScvN6GdwzJtV8YgmRAQzM=" diff --git a/wireguard/chums/YvesDugas/001-U-pcyves.conf b/wireguard/chums/YvesDugas/001-U-pcyves.conf new file mode 100644 index 0000000..8f4f08b --- /dev/null +++ b/wireguard/chums/YvesDugas/001-U-pcyves.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = IGvOgupuIXaVgyLbboX4ASg2syfGuMxZnBb5vPpdu0E= +ListenPort = 51821 +Address = 192.168.61.1/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = /cMmECzL5y6qwn7t0b9jybw3rlo+M71eKqfbm0JgshE= +PresharedKey = K/C9aXn6DJqjN0nHCygojPjY+B40S6EWKGAQRoo05O4= +AllowedIPs = 0.0.0.0/0 +Endpoint = 65.94.149.174:14233 +PersistentKeepalive = 25 + diff --git a/wireguard/chums/YvesDugas/001-U-pcyves.conf.png b/wireguard/chums/YvesDugas/001-U-pcyves.conf.png new file mode 100644 index 0000000..62ef482 Binary files /dev/null and b/wireguard/chums/YvesDugas/001-U-pcyves.conf.png differ diff --git a/wireguard/chums/YvesDugas/hAP-AC2.cfg b/wireguard/chums/YvesDugas/hAP-AC2.cfg new file mode 100644 index 0000000..c9b27d0 --- /dev/null +++ b/wireguard/chums/YvesDugas/hAP-AC2.cfg @@ -0,0 +1,7 @@ +[hAP-AC2] +Rtr_Addr_Public=beec0baa227b.sn.mynetname.net +Rrt_Port=14233 +Rtr_Interface=WG01 +Rtr_Addr_Private=192.168.61.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=/cMmECzL5y6qwn7t0b9jybw3rlo+M71eKqfbm0JgshE= diff --git a/wireguard/device b/wireguard/device new file mode 100644 index 0000000..0636c8f --- /dev/null +++ b/wireguard/device @@ -0,0 +1,3 @@ +/ip address add address=172.14.40.004/32 comment=WG-CTG interface=wg-ctg +/interface wireguard peers add allowed-address=172.16.254.004/32 client-keepalive=10 disabled=no comment="2" \ +interface=WG-Devices preshared-key="efrLuDEVeDNpj13qlIqbjCiKlPVxE8T+hLt+2gQHF40=" public-key="lRlZ5uUBQsCH4G259f+q2yKAH4rxc2y+KHDlHaksmwo=" diff --git a/wireguard/evoq/CCR1016.cfg b/wireguard/evoq/CCR1016.cfg new file mode 100644 index 0000000..71d01c9 --- /dev/null +++ b/wireguard/evoq/CCR1016.cfg @@ -0,0 +1,8 @@ +[CCR1016] +RtrInterface=WG-Users +Rtr_Addr_Admin=10.1.8.11 +Rtr_Addr_Public=66.171.167.250 +Rrt_Port=13233 +Rtr_Addr_Private=10.1.40.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= diff --git a/wireguard/evoq/DaveOuellette.conf b/wireguard/evoq/DaveOuellette.conf new file mode 100644 index 0000000..64f3522 --- /dev/null +++ b/wireguard/evoq/DaveOuellette.conf @@ -0,0 +1,11 @@ +[Interface] +PrivateKey = 6JSOiUqqTtgU0dH7/4dKKHNXcRfEHk5G+ZC16fc8RmI= +Address = 10.1.40.2/32 +DNS = 10.1.3.40,10.1.3.41 + +[Peer] +PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +PresharedKey = x1gubMKEhdOXaqMC82KJxy++d8iuKkbodG4UkCeg0Rc= +Endpoint = 66.171.167.250:13233 +AllowedIPs = 10.0.0.0/8,192.168.0.0/24 + diff --git a/wireguard/evoq/DaveOuellette_CCR.rsc b/wireguard/evoq/DaveOuellette_CCR.rsc new file mode 100644 index 0000000..02b63b8 --- /dev/null +++ b/wireguard/evoq/DaveOuellette_CCR.rsc @@ -0,0 +1,4 @@ +CCR: +--------------------------------------------------------- +/interface wireguard peers add allowed-address=10.1.33.2/32 client-keepalive=10 disabled=no comment="User DaveOuellette" interface=WG-Users preshared-key="x1gubMKEhdOXaqMC82KJxy++d8iuKkbodG4UkCeg0Rc=" public-key="llensH2ENL4I7fSlo/iOZxP/e1SVf5ODSNvDjjLZ5CQ=" + diff --git a/wireguard/evoq/EVOQ-MTL.conf b/wireguard/evoq/EVOQ-MTL.conf new file mode 100644 index 0000000..68c8199 --- /dev/null +++ b/wireguard/evoq/EVOQ-MTL.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = 2JJoQbCWzka6elz1nCPsfbW9iIo8FM5QPoZO5d3weVY= +ListenPort = 51821 +Address = 10.1.40.250/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +PresharedKey = sp9C00rnlbjza6Ny6Lcw2b5fBkDULYd1LoLuoRzmFjk= +AllowedIPs = 10.0.0.0/8 +Endpoint = 66.171.167.250:13233 +PersistentKeepalive = 25 + diff --git a/wireguard/evoq/EricStein.conf b/wireguard/evoq/EricStein.conf new file mode 100644 index 0000000..26b4b59 --- /dev/null +++ b/wireguard/evoq/EricStein.conf @@ -0,0 +1,10 @@ +[Interface] +PrivateKey = kC7DaHcEfQ7KsJVBaWjG8XE/UL60GNjRsHOC/baNBGU= +Address = 10.1.40.4/32 +DNS = 10.1.3.40,10.1.3.41 + +[Peer] +PublicKey = DrI1g15KlMdLaqNn+PlVbl1kZo6jV9QDlJ1M8gy/m0g= +PresharedKey = owl5S2bH9zeL0J0xjNgZ1Y0mb8lPFEjldwTTkNo0CrY= +Endpoint = 66.171.167.250:13233 +AllowedIPs = 10.0.0.0/8,192.168.0.0/24 diff --git a/wireguard/evoq/EricStein_CCR.rsc b/wireguard/evoq/EricStein_CCR.rsc new file mode 100644 index 0000000..713ff5a --- /dev/null +++ b/wireguard/evoq/EricStein_CCR.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers add allowed-address=10.1.40.4/32 client-keepalive=10 disabled=no comment="User EricStein" interface=WG-Users \ + preshared-key="owl5S2bH9zeL0J0xjNgZ1Y0mb8lPFEjldwTTkNo0CrY=" public-key="DrI1g15KlMdLaqNn+PlVbl1kZo6jV9QDlJ1M8gy/m0g=" + diff --git a/wireguard/evoq/GuyBoisvert.conf b/wireguard/evoq/GuyBoisvert.conf new file mode 100644 index 0000000..2b4894d --- /dev/null +++ b/wireguard/evoq/GuyBoisvert.conf @@ -0,0 +1,12 @@ +[Interface] +ListenPort = 51821 +PrivateKey = IM73gYzzN3riY1KaqBAGoIyldE7a7KS6QLoaDKd/G3E= +Address = 10.1.40.3/32 +DNS = 10.1.3.40,10.1.3.41 + +[Peer] +PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +PresharedKey = em/aPlSnK78xQMABuaz7GEQ1+7FXFXE+lIoYGbZ9tRs= +Endpoint = 66.171.167.250:13233 +AllowedIPs = 10.0.0.0/8,192.168.0.0/24 +PersistentKeepalive = 25 diff --git a/wireguard/evoq/GuyBoisvert_CCR.rsc b/wireguard/evoq/GuyBoisvert_CCR.rsc new file mode 100644 index 0000000..50a53a9 --- /dev/null +++ b/wireguard/evoq/GuyBoisvert_CCR.rsc @@ -0,0 +1,4 @@ +CCR: +--------------------------------------------------------- +/interface wireguard peers add allowed-address=10.1.33.3/32 client-keepalive=10 disabled=no comment="User GuyBoisvert" interface=WG-Users preshared-key="em/aPlSnK78xQMABuaz7GEQ1+7FXFXE+lIoYGbZ9tRs=" public-key="8m7W2+rhGtVKI603JoN7fKvP2Pr5FlvtxYOgVk8AFRg=" + diff --git a/wireguard/evoq/SteveQuirion.conf b/wireguard/evoq/SteveQuirion.conf new file mode 100644 index 0000000..ee0c24f --- /dev/null +++ b/wireguard/evoq/SteveQuirion.conf @@ -0,0 +1,13 @@ +Client: +--------------------------------------------------------- +[Interface] +PrivateKey = OKQeBlkw7aoxtGfTlxVJpbRJqXwEzz38dk2gFShMHmI= +Address = 10.1.40.1/32 +DNS = 10.1.3.40,10.1.3.41 + +[Peer] +PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +PresharedKey = Va8qOJXqvb8GaNCLUf3yzoGYX2+wZZkKHe/d4i+/Rhs= +Endpoint = 66.171.167.250:13233 +AllowedIPs = 10.0.0.0/8,192.168.0.0/24 + diff --git a/wireguard/evoq/SteveQuirion_CCR.rsc b/wireguard/evoq/SteveQuirion_CCR.rsc new file mode 100644 index 0000000..45a316b --- /dev/null +++ b/wireguard/evoq/SteveQuirion_CCR.rsc @@ -0,0 +1,4 @@ +CCR: +--------------------------------------------------------- +/interface wireguard peers add allowed-address=10.1.33.1/32 client-keepalive=10 disabled=no comment="User SteveQuirion" interface=WG-Users preshared-key="Va8qOJXqvb8GaNCLUf3yzoGYX2+wZZkKHe/d4i+/Rhs=" public-key="PK9tjXmc7L9GrjHYZNp/ED+HFZdzfHNe+L7ZRfrBQUw=" + diff --git a/wireguard/evoq/U-250-guy.Peer.rsc b/wireguard/evoq/U-250-guy.Peer.rsc new file mode 100644 index 0000000..1c9c943 --- /dev/null +++ b/wireguard/evoq/U-250-guy.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.1.40.250/32 disabled=no name="guy" interface=WG-Users \ +preshared-key="sp9C00rnlbjza6Ny6Lcw2b5fBkDULYd1LoLuoRzmFjk=" public-key="KxI3ddeMCT8F9LSq0r49e5xnylMbc4ofKZPaz2foOT0=" diff --git a/wireguard/evoq/U-250-guy.conf b/wireguard/evoq/U-250-guy.conf new file mode 100644 index 0000000..68c8199 --- /dev/null +++ b/wireguard/evoq/U-250-guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = 2JJoQbCWzka6elz1nCPsfbW9iIo8FM5QPoZO5d3weVY= +ListenPort = 51821 +Address = 10.1.40.250/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +PresharedKey = sp9C00rnlbjza6Ny6Lcw2b5fBkDULYd1LoLuoRzmFjk= +AllowedIPs = 10.0.0.0/8 +Endpoint = 66.171.167.250:13233 +PersistentKeepalive = 25 + diff --git a/wireguard/evoq/U-250-guy.conf.png b/wireguard/evoq/U-250-guy.conf.png new file mode 100644 index 0000000..bb4a809 Binary files /dev/null and b/wireguard/evoq/U-250-guy.conf.png differ diff --git a/wireguard/evoq/U-251-boum01.Peer.rsc b/wireguard/evoq/U-251-boum01.Peer.rsc new file mode 100644 index 0000000..f749105 --- /dev/null +++ b/wireguard/evoq/U-251-boum01.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.1.40.251/32 disabled=no name="boum01" interface=WG-Users \ +preshared-key="42dSePvur9+8yZzgtmm5ZqhbqPDs6HTbNO/6hoZCnSY=" public-key="vN4dr8B8jBXD5s+YunG5OGXEim2MRqEN9b/lDmpMsR0=" diff --git a/wireguard/evoq/U-251-boum01.conf b/wireguard/evoq/U-251-boum01.conf new file mode 100644 index 0000000..3577589 --- /dev/null +++ b/wireguard/evoq/U-251-boum01.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = sP6aXDHfNKnVZiB4KggyQo0/GQkWY4kiDVbUiG4V2VA= +ListenPort = 51821 +Address = 10.1.40.251/32 +DNS = 10.1.3.40,10.1.3.41 + +[Peer] +PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +PresharedKey = 42dSePvur9+8yZzgtmm5ZqhbqPDs6HTbNO/6hoZCnSY= +AllowedIPs = 10.0.0.0/8 +Endpoint = 66.171.167.250:13233 +PersistentKeepalive = 25 + diff --git a/wireguard/evoq/U-251-boum01.conf.png b/wireguard/evoq/U-251-boum01.conf.png new file mode 100644 index 0000000..8807c57 Binary files /dev/null and b/wireguard/evoq/U-251-boum01.conf.png differ diff --git a/wireguard/exo-c/002-pascal.Endpoint.rsc b/wireguard/exo-c/002-pascal.Endpoint.rsc new file mode 100644 index 0000000..110622a --- /dev/null +++ b/wireguard/exo-c/002-pascal.Endpoint.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=172.16.200.2/32 disabled=no name="pascal" interface=wg1 \ +preshared-key="RdbI9KNBQBNBVRyKNnhe7Ujw0A0nKOThDJJOJ7Lgp2Y=" public-key="E0R0TnS3WsDj2CTHa5YtFd3+zGFVZCYYfJzKbTWwqUw=" diff --git a/wireguard/exo-c/002-pascal.conf b/wireguard/exo-c/002-pascal.conf new file mode 100644 index 0000000..f58baf0 --- /dev/null +++ b/wireguard/exo-c/002-pascal.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = GJTT/i6ww5SSozn9ibs+vmQcWVJeQpiOyWDAobLjkXA= +ListenPort = 51821 +Address = 172.16.200.2/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = njwJywr8UndTeemZnxKT62aKxw0JGXggmSqNEHAulUE= +PresharedKey = RdbI9KNBQBNBVRyKNnhe7Ujw0A0nKOThDJJOJ7Lgp2Y= +AllowedIPs = 0.0.0.0/0 +Endpoint = d4450da4dffc.sn.mynetname.net:13235 +PersistentKeepalive = 25 + diff --git a/wireguard/exo-c/002-pascal.conf.png b/wireguard/exo-c/002-pascal.conf.png new file mode 100644 index 0000000..b5064cc Binary files /dev/null and b/wireguard/exo-c/002-pascal.conf.png differ diff --git a/wireguard/exo-c/003-boig01.Endpoint.rsc b/wireguard/exo-c/003-boig01.Endpoint.rsc new file mode 100644 index 0000000..77f920f --- /dev/null +++ b/wireguard/exo-c/003-boig01.Endpoint.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=172.16.200.3/32 disabled=no name=" boig01" interface=wg1 \ +preshared-key="SAsf/9Lgw/3g0DXxbJYLnIff9Hb1irm8cRXsrAuCLOc=" public-key="8p3hP25gL2ALfRGStXs0fbk68em/aWobuMYS7w6GPzQ=" diff --git a/wireguard/exo-c/003-boig01.conf b/wireguard/exo-c/003-boig01.conf new file mode 100644 index 0000000..d82062c --- /dev/null +++ b/wireguard/exo-c/003-boig01.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = GHvOQbVIPOw3NIqGS2+FlyMcCKIbVvQRbBTtj0rkqVc= +ListenPort = 51821 +Address = 172.16.200.3/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = njwJywr8UndTeemZnxKT62aKxw0JGXggmSqNEHAulUE= +PresharedKey = SAsf/9Lgw/3g0DXxbJYLnIff9Hb1irm8cRXsrAuCLOc= +AllowedIPs = 10.1.0.0/24,10.50.0.0/24,172.16.28.0/24,172.16.29/24,10.96.0.0/12 +Endpoint = d4450da4dffc.sn.mynetname.net:13235 +PersistentKeepalive = 25 + diff --git a/wireguard/exo-c/003-boig01.conf.png b/wireguard/exo-c/003-boig01.conf.png new file mode 100644 index 0000000..fd5158b Binary files /dev/null and b/wireguard/exo-c/003-boig01.conf.png differ diff --git a/wireguard/exo-c/guy.conf b/wireguard/exo-c/guy.conf new file mode 100644 index 0000000..09ab1b4 --- /dev/null +++ b/wireguard/exo-c/guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = UEX8Fq51QVG6oIPdCy8eWfrJcONrArRqyieK1faBzkE= +ListenPort = 51821 +Address = 172.16.28.1/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = 3ZnjnM9d/TL2MoNnEgNRlDztYEhHLNjb8EXai9utzCk= +PresharedKey = azOSAxvB4FqFR0XYvXiVZL3XZn1QD5S1ttQSSc/MiTk= +AllowedIPs = 172.16.24.0/24,172.16.44.0/24 +Endpoint = 45.61.15.102:13239 +PersistentKeepalive = 25 + diff --git a/wireguard/genconfig b/wireguard/genconfig new file mode 100755 index 0000000..569ff4e --- /dev/null +++ b/wireguard/genconfig @@ -0,0 +1,405 @@ +#!/bin/bash + +Version=241231-1054 +debug=0 +CORP="ingtegration-rb5009" # default value + +ScriptName=$(basename "$0") +ScriptDir=$(dirname "0") +IniFile=${ScriptDir}/${ScriptName}.ini +BaseDir="/home/boig01/temp/wireguard" + +((debug)) && echo -e " +ScriptDir = $ScriptDir +IniFile = $IniFile +" +NumUser=0 +NameUser="" +NumRouter=0 +NameRouter="" +Mode=0 + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + + +#---ini file parameters +unset PARAMS; +PARAMS=( +Endpoint_Rtr_Addr_Public +Endpoint_Rtr_Addr_Private +Endpoint_Rrt_Port +Endpoint_Rtr_PUB_KEY +Endpoint_Usr_Addr +Endpoint_Usr_Port +Endpoint_Usr_PUB_KEY +) + + + + +#========== INTERNAL FUNCTIONS ================================================ + +#---------- function Info ----------------------------------------------------- +# +# With date / time prefix +# +Info() +{ + printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" +} + + +#---------- function Message -------------------------------------------------- +# +# Send to STDOUT +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + + +#---------- ip2int ------------------------------------------------------------ +# +function ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#---------- int2ip ------------------------------------------------------------ +# +function int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + +#---------- CreateUser -------------------------------------------------------- +# +function CreateUser() +{ +local debug=0 +local ClientName="$1" +local Corp="$2" +#local CLIENT_NUM=$(printf "%03d" $3) +local WgUsrDir="${BaseDir}/${Corp}/users" # BaseDir global variable + +#---Create paths if not there +[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}" + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +#CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}" +CLIENT_FILE_PREFIX="${ClientName}" +CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.Endpoint.rsc" + + + +((debug)) && echo -e " +Corp = $Corp +ClientName = $ClientName +CLIENT_FILE_WIN = $CLIENT_FILE_WIN +CLIENT_FILE_RTR = $CLIENT_FILE_RTR +" && exit + + +echo -e "Client: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = 10.8.38.${ClientNum}/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = ${Endpoint_Usr_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = 10.8.0.0/16 +Endpoint = ${Endpoint_Usr_Addr}:${Endpoint_Usr_Port} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\${CORP} Router: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=10.8.38.${ClientNum}/32 disabled=no comment=\"User ${ClientName}\" interface=wg1 \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" + +Message "QR Code:" +qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}" +qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}" + +} + + + + + + +#---------- CreateRouter ------------------------------------------------------ +# +function CreateRouter() +{ +local debug=1 +local RouterNum="$1" +local RouterSubnet="$2" +local Corp="$3" +local BaseDir="${BaseDir}/${Corp}" # BaseDir global variable +local WgRtrDir="${BaseDir}/routers" + +#---Create paths if not there +[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" + + +RTR_PRIV_KEY=$(wg genkey) +Endpoint_Rtr_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) +RTR_PRE_SHARED_KEY=$(wg genpsk) +RTR_NUM=$(printf "%03d" $1) +RTR_FILE_PREFIX="${RTR_NUM}-Router" +RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}_Client.rsc" +RTR_FILE_RTR_ENDPOINT="${WgRtrDir}/${RTR_FILE_PREFIX}_Endpoint.rsc" + + +((debug)) && echo -e " +Corp = $Corp +RTR_NUM = $RTR_NUM +CLIENT_FILE_RTR = $RTR_FILE_RTR +BaseDir = $BaseDir +PreShared Key = $RTR_PRE_SHARED_KEY +" && exit + +[ -d "${BaseDir}" ] && Message "Creating dir ${BaseDir}" && mkdir -p "${BaseDir}" + + +Message "Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RTR_FILE_RTR} +${RTR_FILE_RTR_ENDPOINT} +" +Message "Client Router Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard +add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" + +/ip address add address=172.18.1.${RouterNum}/32 comment=wg-wg01 interface=wg01 + +/interface wireguard peers add allowed-address=172.16.18.254 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ + endpoint-address=${Endpoint_Rtr_Addr_Public} endpoint-port=${Endpoint_Rrt_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ + \"/ping interval=10 10.1.8.11 count=61\" + +/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ +| tee "${RTR_FILE_RTR}" + + +#echo -e "\n" +Message "${EndpointID} endpoint Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum} ${NameRouter}\" \\ +interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ +| tee "${RTR_FILE_RTR_ENDPOINT}" + +} + + + +#---------- function RrtSubnet ------------------------------------------------ +# +RtrSubnet() +{ + local RtrNum=$1 + + BaseNum=$(ip2int $Start_Subnet) # Subnet de depart en format integer + Nth=$((RtrNum-1)) # Le router #1 est "0" dans la séquence de subnet, #2 est 1, etc + Nth=$((Nth*NAPS)) # Decimal a aditionner en fonction pour le Nth router + Subnet=$((BaseNum+Nth)) # Nth subnet calculé +# Subnet="${Subnet}/$(Bits_Subnet=3})" + + echo -e "$(int2ip $Subnet)/${Subnet_Bits}" +} + + +#---------- function Interactive ---------------------------------------------- +# +function Interactive() +{ + echo -e "\nInteractive function" +} + + + + +#---------- function Help ----------------------------------------------------- +# +function Help() +{ +echo -e " +MikroTik WireGuard configurator + +usage: + ${ScriptName} [Options] + + -c Corp name + + -i Interactive (will ask for all needed infos) + + -l List endpoints in config + + -n User mode: # ot the new user (Unique user number between 1 and 253) + -u User name (example: AdrianSmith, don't use space or accentuated chars) + + -r Router mode: # of the new client router (EVOQ router #, like 1 or 11) + -s Router Name (example: Montreal-1 , will appear as comment in endpoint router ) + +When in user mode, you must provide name & unique user number between 2 and 253. +This user number will be assigned an ip address 10.1.40.[user #]. + +" && exit +} + + +#================ MAIN ======================================================== +# + +((!$#)) && Help && exit # If no command parameters passed, help and bail out +echo -e "\n${GREEN}${ScriptName} ${BLUE}configurator version ${YELLOW}$Version${NC}" + +while getopts c:dhiln:r:s:u: option +do + case "${option}" in + c) CORP=${OPTARG} + ;; + d) debug=1 + ;; + h) Help + exit + ;; + i) Interactive + exit + ;; + l) Message "Listing endpoints in ${IniFile}" + grep '\[' ${IniFile} + exit + ;; + n) NumUser=${OPTARG} + Mode="User" + ;; + r) NumRouter=${OPTARG} + Mode="Router" + ;; + s) NameRouter="${OPTARG}" + ;; + u) NameUser="${OPTARG}" + ;; + *) echo -e "Usage (bad argument: $OPTARG) \n" + exit 1;; + esac +done + + +((debug)) && echo -e " +NumRouter = ${NumRouter} +NumUser = ${NumUser} +RtrSubnet = $(RtrSubnet ${NumRouter}) +" + +if [[ "${NumRouter}" -ne "0" && "${NumUser}" -ne "0" ]] +then + echo "** Error, can't use user and router # simulteaneously" + exit 1 +fi + + +#---Endpoint Router Config +EndpointID=RB5009 + + +for PARAM in "${PARAMS[@]}" +do + eval ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ${IniFile}) +done + + +#Endpoint_Rtr_Addr_Public=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rtr_Addr_Public[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Rtr_Addr_Private=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rtr_Addr_Private[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Rrt_Port=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rrt_Port[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Rtr_PUB_KEY=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rtr_PUB_KEY[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Usr_Addr=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Usr_Addr[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Usr_Port=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Usr_Port[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Usr_PUB_KEY=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Usr_PUB_KEY[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) + + +echo -e " +CORP = $CORP +Endpoint_Rtr_Addr_Public = $Endpoint_Rtr_Addr_Public +Endpoint_Rtr_Addr_Private = $Endpoint_Rtr_Addr_Private +Endpoint_Rrt_Port = $Endpoint_Rrt_Port +Endpoint_Rtr_PUB_KEY = $Endpoint_Rtr_PUB_KEY +Endpoint_Usr_Addr = $Endpoint_Usr_Addr +Endpoint_Usr_Port = $Endpoint_Usr_Port +Endpoint_Usr_PUB_KEY = $Endpoint_Usr_PUB_KEY + +" + +((debug)) && printf "Parameters : %s\n" "${PARAMS[@]}" + + +#exit + + +#---Client Router Subnets +Start_Subnet=10.1.41.0 +Bits_Subnet=8 +Subnet_Bits=$((32-Bits_Subnet)) # Router address subnet bits +NAPS=$((2**Bits_Subnet)) # Nombre d'Adresses Par Subnet + + + + + +case "$Mode" in + User) Message "Creating User" + CreateUser ${NameUser} ${CORP} + exit + ;; + Router) Message "Creating Router with $(RtrSubnet ${NumRouter})" + CreateRouter $NumRouter $(RtrSubnet ${NumRouter}) ${CORP} + exit + ;; + *) echo -e "\n** ERROR : User # was not provided" + Help + ;; +esac + + diff --git a/wireguard/genconfig-exoc b/wireguard/genconfig-exoc new file mode 100755 index 0000000..36be6c1 --- /dev/null +++ b/wireguard/genconfig-exoc @@ -0,0 +1,117 @@ +#!/bin/bash +# +# (c) IngTegration inc 2023 +# GPL licensed +# + + +debug=0 +ClientName="$1" +ClientNum="$2" +Corp="$3" +Endpoint_Usr_PUB_KEY="CHANGE_ME" # put router WG public key here +RtrSubnetPrefix="10.0.254" # WG subnet prefix +DnsSrv="1.1.1.1 8.8.8.8" +AllowedIps="0.0.0.0/0" # Allowed IP for clients +RtrInterf="wg01" # Router WG Interface +Endpoint_Usr_Port=51844 +#local CLIENT_NUM=$(printf "%03d" $3) +#local WgUsrDir="${BaseDir}/${Corp}/users" # BaseDir global variable +WgUsrDir="." +Endpoint_Usr_Addr="${RtrSubnetPrefix}.${ClientNum}" + + + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + +#===========Internal Functions================================================= +# + +#-------------Help------------------------------------------------------------- +# +function Help() +{ + cat << EOF + usage: $(basename "$0") [ClientName] [ClientNum] [Corp] + + ClientName : Name of the roadwarrior client (Ex. marlene) + ClientNum : Roadwarrior sequence number, will translate into ip last octet + 1 --> SubnetPrefix.1 (Ex: 172.16.20.1) + Corp : Name of RoadWarrior Company (Ex: ExoC) + +EOF + exit +} + +#---------------Message-------------------------------------------------------- +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + + +((!$#)) && Help # Call help if no argument supplied + + +ClientPadNum=$(printf "%03d" $ClientNum) + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +#CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}" +CLIENT_FILE_PREFIX="${ClientPadNum}-${Corp}-${ClientName}" +CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.Endpoint.rsc" + + + +((debug)) && echo -e " +Corp = $Corp +ClientName = $ClientName +CLIENT_FILE_WIN = $CLIENT_FILE_WIN +CLIENT_FILE_RTR = $CLIENT_FILE_RTR +" && exit + + +echo -e "Client: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = ${Endpoint_Usr_Port} +Address = ${RtrSubnetPrefix}.${ClientNum}/32 +DNS = ${DnsSrv} + +[Peer] +PublicKey = ${Endpoint_Usr_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = ${AllowedIps} +Endpoint = ${Endpoint_Usr_Addr}:${Endpoint_Usr_Port} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\n${Corp} Router: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=${RtrSubnetPrefix}.${ClientNum}/32 disabled=no comment=\"User ${ClientName}\" interface=${RtrInterf} \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\"" | tee "${CLIENT_FILE_RTR}" + +Message "QR Code:" +qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}" +qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}" + diff --git a/wireguard/genconfig-exoc.zip b/wireguard/genconfig-exoc.zip new file mode 100644 index 0000000..86d7c8b Binary files /dev/null and b/wireguard/genconfig-exoc.zip differ diff --git a/wireguard/genconfig.2024-09-10_211730 b/wireguard/genconfig.2024-09-10_211730 new file mode 100755 index 0000000..1b2c554 --- /dev/null +++ b/wireguard/genconfig.2024-09-10_211730 @@ -0,0 +1,296 @@ +#!/bin/bash + +Version=240226-1434 +debug=0 +CORP=IngTegration +RouterID=RB5009 +Rtr_CCR1_Addr="199.168.223.11" +Rtr_CCR1_Port="13232" +Usr_CCR1_Addr="199.168.223.11" +Usr_CCR1_Port="13233" + + +ScriptName=$(basename "$0") +BaseDir="/home/boig01/temp/wireguard/ingt" +WgRtrDir="${BaseDir}/routers" +WgUsrDir="${BaseDir}/users" + +RTR_CCR1_PUB_KEY="tZRvoRBOEBEz6sNZQmw1M2NE2OH78vkHib1iQgbxDDE=" +USR_CCR1_PUB_KEY="tZRvoRBOEBEz6sNZQmw1M2NE2OH78vkHib1iQgbxDDE=" + +NumUser=0 +NumRouter=0 +NameUser=0 +Mode=0 + +YELLOW='\033[0;33m' +GREEN='\033[0;32m' +RED='\033[0;31m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Create paths if not there +[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" +[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}" + + +#---Client Router Subnets +Start_Subnet=172.18.1.0 +Bits_Subnet=8 +Subnet_Bits=$((32-Bits_Subnet)) # Router address subnet bits +NAPS=$((2**Bits_Subnet)) # Nombre d'Adresses Par Subnet + + + +#=================== function Help ============================================ +# +function Help() +{ +echo -e " +WireGuard-MikroTik ${BLUE}${CORP}${NC} configurator + +usage: + ${ScriptName} [Options] + + -n User # (Unique user number between 1 and 253) + -u User name (AdrianSmith) + -r Router # (EVOQ router #, like 1 or 11) + +When in user mode, you must provide name & unique user number between 2 and 253. +This user number will be assigned an ip address 10.1.40.[user #]. + +" && exit +} + + + +#=================== function Info ============================================= +# +# Avec date / time prefix +# +Info() { printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" >&2; } # send to stderr + + +#=================== function Message ========================================== +# +# Send to STDOUT +# +Message() { + printf "\n${GREEN}[i] ${BLUE}%s${NC}" "$*" +} + + + +#=================== function ip2int =========================================== +# +ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#=================== function int2ip =========================================== +# +int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + +#======================== CreateUser ========================================== +# +function CreateUser() +{ +ClientName=$1 +ClientNum=$2 + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +CLIENT_NUM=$(printf "%03d" $2) +CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}" +CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.CCR1.rsc" + +((debug)) && echo -e " +ClientName = $1 +CLIENT_NUM = $CLIENT_NUM +CLIENT_FILE_WIN = $CLIENT_FILE_WIN +CLIENT_FILE_RTR = $CLIENT_FILE_RTR +" && exit + + +echo -e "Client: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = 10.8.38.${ClientNum}/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = ${USR_CCR1_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = 10.8.0.0/16 +Endpoint = ${Usr_CCR1_Addr}:${Usr_CCR1_Port} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\nAtom Router: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=10.8.38.${ClientNum}/32 disabled=no comment=\"User ${ClientName}\" interface=wg1 \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" +} + + + + + + +#======================== CreateRouter ======================================== +# +function CreateRouter() +{ +RouterNum="$1" +RouterSubnet="$2" + +RTR_PRIV_KEY=$(wg genkey) +RTR_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) +RTR_PRE_SHARED_KEY=$(wg genpsk) +RTR_NUM=$(printf "%03d" $1) +RTR_FILE_PREFIX="${RTR_NUM}-Router" +RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}.rsc" +RTR_FILE_RTR_CCR1="${WgRtrDir}/${RTR_FILE_PREFIX}.CCR1.rsc" + + +((debug)) && echo -e " +ClientName = $1 +CLIENT_NUM = $RTR_NUM +CLIENT_FILE_RTR = $RTR_FILE_RTR +" && exit + + +Message "Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RTR_FILE_RTR} +${RTR_FILE_RTR_CCR1} +" +Message "Router Client Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard +add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" + +/ip address add address=10.1.41.${RouterNum}/32 comment=wg-wg01 interface=wg01 +/ip route add dst-address=10.0.0.0/8 gateway=wg01 +/ip route add dst-address=192.168.0.0/16 gateway=wg01 + +/interface wireguard peers add allowed-address=10.0.0.0/8,192.168.0.0/16 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ + endpoint-address=${Rtr_CCR1_Addr} endpoint-port=${Rtr_CCR1_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_CCR1_PUB_KEY}\" + +/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ + \"/ping interval=10 10.1.8.11 count=61\" + +/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ +| tee "${RTR_FILE_RTR}" + + +#echo -e "\n" +Message "${RouterID} Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum}\" \\ +interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_PUB_KEY}\" + +/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ +| tee "${RTR_FILE_RTR_CCR1}" + +} + + + +#=================== function RrtSubnet ======================================== +# +RtrSubnet() +{ + local RtrNum=$1 + + BaseNum=$(ip2int $Start_Subnet) # Subnet de depart en format integer + Nth=$((RtrNum-1)) # Le router #1 est "0" dans la séquence de subnet, #2 est 1, etc + Nth=$((Nth*NAPS)) # Decimal a aditionner en fonction pour le Nth router + Subnet=$((BaseNum+Nth)) # Nth subnet calculé +# Subnet="${Subnet}/$(Bits_Subnet=3})" + + echo -e "$(int2ip $Subnet)/${Subnet_Bits}" +} + + + + +#================ MAIN ======================================================== +# + +((!$#)) && Help && exit # If no command parameters passed, help and bail out +echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator version $Version\n" + +while getopts dhn:r:u: option +do + case "${option}" in + d) debug=1 + ;; + h) Help + exit ;; + n) NumUser=${OPTARG} + Mode="User" + ;; + r) NumRouter=${OPTARG} + Mode="Router" + ;; + u) NameUser=${OPTARG} + ;; + *) echo -e "Usage (bad argument: $OPTARG) \n" + exit 1;; + esac +done + + +((debug)) && echo -e " +NumRouter = ${NumRouter} +NumUser = ${NumUser} +RtrSubnet = $(RtrSubnet ${NumRouter}) +" && exit + + + + +if [[ "${NumRouter}" -ne "0" && "${NumUser}" -ne "0" ]] +then + echo "** Error, can't use user and router # simulteaneously" + exit 1 +fi + + +case "$Mode" in + User) Message "Creating User" + CreateUser $NameUser $NumUser + exit + ;; + Router) Message "Creating Router with $(RtrSubnet ${NumRouter})" + CreateRouter $NumRouter $(RtrSubnet ${NumRouter}) + exit + ;; + *) echo -e "\n** ERROR : User # was not provided" + Help + ;; +esac + + diff --git a/wireguard/genconfig.ini b/wireguard/genconfig.ini new file mode 100644 index 0000000..654eb95 --- /dev/null +++ b/wireguard/genconfig.ini @@ -0,0 +1,66 @@ +[ingtegration-rb5009] +Addr_Public="seve.ingtegration.com" +01_InterfaceName="WG-Devices" +01_PUBKEY="MmTMFo+Fs3N9jrcVeGKkmMi2NoZctvSB7813LCN12nY=" +01_Addr="172.16.254.2" +01_Subnet="172.16.254.0/24" +01_Port="14321" +02_InterfaceName="WG-Users" +02_PUBKEY="iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw=" +01_Subnet="172.16.40.0/24" +02_Addr="172.16.40.254" +02_Port="14322" + + +[evoq-mtl] +Addr_Public="66.171.167.250" +01_InterfaceName="WG-Routers" +01_PUBKEY="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw=" +01_Subnet="10.1.41.0/24" +01_Addr="10.1.41.254" +01_Port="13232" +02_InterfaceName="WG-Users" +02_PUBKEY="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw=" +02_Subnet="10.1.42.0/24" +02_Addr="10.1.42.254" +02_Port="13233" + + +[koze-maison] +Addr_Public="b4a30b139a75.sn.mynetname.net" +01_Subnet="10.1.41.0/24" +01_Addr="172.16.41.254" +01_Port="13232" +01_PUBKEY="8e1iXWniMo+3OU1FsNPAgrG0av9d/Ijf9ybj75z9GWE=" +01_InterfaceName="WG-Users" + +[rrf-rb5009] +Addr_Public="142.217.209.155" +01_Subnet="172.16.41.0/24" +01_Addr_Private="172.16.41.254" +01_Port="14231" +01_PUBKEY="FYmwzlP4m2IkS4VpDSwhN6NHHJBrEBbIqf9+GS7VWxo=" +01_InterfaceName="WG-Users" + +[cccp-hexs] +Addr_Public="199.168.223.11" +01_Subnet="10.8.37.0/24" +01_Addr="10.8.37.254" +01_Port="13233" +01_PUBKEY="nAwCkIHkPlgJwpU+t84mBSOUsylfDj+nudD3neZoaiU=" +01_InterfaceName="WG-Users" + +[cccp-rb2011] +Addr_Public="199.168.223.10" +01_InterfaceName="WG-Users" +01_Subnet="10.8.37.0/25" +01_Addr="10.8.35.126" +01_Port="13232" +01_PUBKEY="nAwCkIHkPlgJwpU+t84mBSOUsylfDj+nudD3neZoaiU=" +02_InterfaceName="WG-Routers" +02_Subnet="10.8.37.129/25" +02_Addr="10.8.34.254" +02_Port="13233" +02_PUBKEY="kIV/vXbuNWWc//zU27+g3QcrOIYuVh8/Bo/g8O2iwUQ=" + + diff --git a/wireguard/genconfig_router b/wireguard/genconfig_router new file mode 100755 index 0000000..28422b6 --- /dev/null +++ b/wireguard/genconfig_router @@ -0,0 +1,146 @@ +#!/bin/bash +# +debug=0 +ScriptName=$(basename "$0") + +RouterName="RB5009-CTG" +RouterAddrPublic="heh08h84mnt.sn.mynetname.net" +RouterPort="14322" +RouterAddrPrivate="172.16.254.2" +RouterInterface="WG-Devices" + + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + + + + +#---------- function Message -------------------------------------------------- +# +# Send to STDOUT +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + + +function CreateRouter() +{ +local debug=0 +local DeviceNum="$1" # voir plus bas avec printf +local DeviceName="$2" +local DeviceInterface="$3" + +DeviceAllowedAddress="172.16.40.2" + + + +DevicePrivKey=$(wg genkey) +DevicePubKey=$(echo "${DevicePrivKey}" | wg pubkey) +DevicePSK=$(wg genpsk) +DeviceNumPad=$(printf "%03d" $1) # 3 digit pad of $1 +DeviceFilesPrefix="R-${DeviceNumPad}" +RouterFileCfg="${DeviceFilesPrefix}_RouterCfg.rsc" +DeviceFileCfg="${DeviceFilesPrefix}_DeviceCfg.rsc" + + +((debug)) && echo -e " +DeviceNum = $DeviceNum +DevicePrivKey = $DevicePrivKey +DevicePubKey = $DevicePubKey +DevicePSK = $DevicePSK +DeviceFileCfg = $DeviceFileCfg +RouterFileCfg = $RouterFileCfg +" | column -t && exit + + +Message "Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RouterFileCfg} +${DeviceFileCfg} +" + +Message "Router Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "S'assurer que sur router: /interface wireguard add listen-port=${RouterPort} mtu=1420 name=${RouterInterface}\n" + +echo -e "/interface wireguard peers add allowed-address=172.16.254.${DeviceNum}/32 client-keepalive=10 disabled=no comment=\"${DeviceName}\" \\ +interface=WG-Devices preshared-key=\"${DevicePSK}\" public-key=\"${DevicePubKey}\"" +#| tee "${RouterFileCfg}" + + + + + +Message "${DeviceName} device Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" + +echo -e "/interface wireguard add listen-port=13239 mtu=1420 name=${DeviceInterface} private-key=\"${DevicePrivKey}\" + +/interface wireguard peers add allowed-address=${RouterAddrPrivate} client-keepalive=15 disabled=no comment=\"${RouterName}\" \\ +interface=${DeviceInterface} preshared-key=\"${DevicePSK}\" public-key=\"${DevicePubKey}\" endpoint-address=${RouterAddrPublic} endpoint-port=${RouterPort} + +/ip route add dst-address=0.0.0.0 gateway=${RouterAddrPrivate}" +#| tee "${DeviceFileCfg}" + +} + + +Help() { + cat << EOF +usage: $(basename "$0") [OPTIONS] + -d Device Number + -n Device Name + -i Device Interface + -h This help +EOF +} + + + + + +((!$#)) && Help + + + +while getopts d:n:i:h option +do + case "${option}" in + d) DeviceNumber=${OPTARG};; + n) DeviceName=${OPTARG};; + i) DeviceInterface=${OPTARG};; + h) Help + exit 0;; + *) echo -e "Usage (bad argument: ${OPTARG}) \n" + exit 1;; + esac +done + + +((debug)) && echo -e " +DeviceNumber = $DeviceNumber +DeviceName = $DeviceName +DeviceInterface = $DeviceInterface +" | column -t && exit + + +CreateRouter ${DeviceNumber} ${DeviceName} ${DeviceInterface} + + + diff --git a/wireguard/genconfig_router.txt b/wireguard/genconfig_router.txt new file mode 100644 index 0000000..03cf753 --- /dev/null +++ b/wireguard/genconfig_router.txt @@ -0,0 +1,31 @@ +CCR1016 EVOQ +============ +/ip address +add address=10.1.41.254/24 interface=WG-Routers network=10.1.41.0 + +/interface wireguard +add comment=10.1.32.0/24 listen-port=13232 mtu=1420 name=WG-Routers + + +/interface wireguard peers +add allowed-address=10.1.40.1/32 client-keepalive=10s comment="User squirion" interface=WG-Users preshared-key="+tgz1wqMtrota6gxmMtEix3wiZI85IM8Ty5x7ucgbiA=" public-key="6KhC7Ai2As7ShqKC1tlKQ1eKp8MLdrljBdJBCUIjal8=" + + + + + +WG "Server": +------------ +Router WAN Addr : heh08h84mnt.sn.mynetname.net +Router WAN Port : 14322 + +Router Local Address: 172.16.254.2/24 +Device: WG-Devices +Public Key: MmTMFo+Fs3N9jrcVeGKkmMi2NoZctvSB7813LCN12nY= + + + + +-d [device num] -n [device name] -i [device interface] + +genconfig_router -d 4 -n Fuengirola -i wg-ctg diff --git a/wireguard/genconfig_simple b/wireguard/genconfig_simple new file mode 100755 index 0000000..43cbd77 --- /dev/null +++ b/wireguard/genconfig_simple @@ -0,0 +1,431 @@ +#!/bin/bash + +Version=250731-1953 +debug=0 +ScriptMode="" # Script gen mode for client: user or router + + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + + + +#---ini file parameters list +unset PARAMS; +PARAMS=( +RtrInterface +Rtr_Addr_Admin +Rtr_Addr_Public +Rrt_Port +Rtr_Addr_Private +Rtr_CIDR_Mask +Rtr_PUB_KEY +Rtr_DNS +Rtr_Route_Subnet +) + +#---A enlever apres testing +export RouterName="" +export RouterInterface="" +export DeviceName="" +export Company="" +export CORP="" +export UserName="" + + + + + +#========== INTERNAL FUNCTIONS ================================================ + +#---------- function Info ----------------------------------------------------- +# +# With date / time prefix +# +Info() +{ + printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" +} + + +#---------- function Message -------------------------------------------------- +# +# Send to STDOUT +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + +#---------- ip2int ------------------------------------------------------------ +# +function ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#---------- int2ip ------------------------------------------------------------ +# +function int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + + +#---------- RouterCommand ----------------------------------------------------- +# +function RouterConnect() +{ + local Command="$" + +} + + +#---------- CreateUser -------------------------------------------------------- +# +function CreateUser() +{ + +local RouterName=$1 +local RouterInterface=$2 +local UserNumber=$3 +local UserName=$4 +local debug=0 + +RouterCfg="${RouterName}.cfg" + +#---Read values from config file +for PARAM in "${PARAMS[@]}" +do + eval local ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + +Digits=000 +Temp="${Digits}${UserNumber}" +ClientNumPad=$(echo ${Temp:(-${#Digits})}) + + +IFS=. read -r octet1 octet2 octet3 octet4 <<< "$Rtr_Addr_Private" +Subnet="${octet1}.${octet2}.${octet3}" +UserAddress=${Subnet}.${UserNumber}/32 + +Message "Subnet : $Subnet" +Message "ClientNumPad : $ClientNumPad" + + + + +((debug)) && echo -e " +DEBUG - CreateUser +User Number = $1 +UserName = $2 +UserName = $3 +UserAddress = $UserAddress +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +RouterInterface = $RouterInterface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY +Subnet = $Subnet +Rtr_DNS = $Rtr_DNS +Rtr_Route_Subnet = $Rtr_Route +" | column -t && exit + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +ROUTER_PUB_KEY="$RouterPubKey" + +CLIENT_FILE_PREFIX="U-${ClientNumPad}-${UserName}" +CLIENT_FILE_WIN="${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${CLIENT_FILE_PREFIX}.Peer.rsc" + + +echo -e "\nClient: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = ${UserAddress} +DNS = ${Rtr_DNS} + +[Peer] +PublicKey = ${Rtr_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = ${Rtr_Route_Subnet} +Endpoint = ${Rtr_Addr_Public}:${Rrt_Port} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\nRouter: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=${Subnet}.${UserNumber}/32 disabled=no name=\"${UserName}\" interface=${RouterInterface} \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" + +Message "QR Code:" +qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}" +qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}" + +Message "Generated User Files:" +ls -1 ${CLIENT_FILE_PREFIX}* +} + + + + + + +#---------- CreateRouter ------------------------------------------------------ +# +function CreateRouter() +{ +local debug=1 +local RouterNum="$1" +local RouterSubnet="$2" +local Corp="$3" +local BaseDir="${BaseDir}/${Corp}" # BaseDir global variable +local WgRtrDir="${BaseDir}/routers" + +#---Create paths if not there +[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" + + +RTR_PRIV_KEY=$(wg genkey) +Endpoint_Rtr_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) +RTR_PRE_SHARED_KEY=$(wg genpsk) +RTR_NUM=$(printf "%03d" $1) +RTR_FILE_PREFIX="${RTR_NUM}-Router" +RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}_Client.rsc" +RTR_FILE_RTR_ENDPOINT="${WgRtrDir}/${RTR_FILE_PREFIX}_Endpoint.rsc" + + +((debug)) && echo -e " +Corp = $Corp +RTR_NUM = $RTR_NUM +CLIENT_FILE_RTR = $RTR_FILE_RTR +BaseDir = $BaseDir +PreShared Key = $RTR_PRE_SHARED_KEY +" && exit + +[ -d "${BaseDir}" ] && Message "Creating dir ${BaseDir}" && mkdir -p "${BaseDir}" + + +Message "Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RTR_FILE_RTR} +${RTR_FILE_RTR_ENDPOINT} +" +Message "Client Router Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard +add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" + +/ip address add address=172.18.1.${RouterNum}/32 comment=wg-wg01 interface=wg01 + + +/interface wireguard peers add allowed-address=172.16.18.254 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ + endpoint-address=${Endpoint_Rtr_Addr_Public} endpoint-port=${Endpoint_Rrt_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ + \"/ping interval=10 10.1.8.11 count=61\" + +/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ +| tee "${RTR_FILE_RTR}" + + +#echo -e "\n" +Message "${EndpointID} endpoint Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum} ${NameRouter}\" \\ +interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ +| tee "${RTR_FILE_RTR_ENDPOINT}" + +} + + + + + + + +#---------- GetRouter_Infos ---------------------------------------------------- +# +function GetRouter_Infos() +{ +local RouterName="$1" +local IniFile="${1}.cfg" +local debug=0 + +((debug)) && echo -e "\nIniFile = ${IniFile}\n" + +#read -p "Entrer l'interface du router: " RouterInterface +echo -e "[${RouterName}]" >> ${IniFile} + +for PARAM in "${PARAMS[@]}" +do + echo -e "\nPARAM = $PARAM" + eval 'read -p "Entrer ${PARAM} " Value' + eval 'echo ${PARAM}=${Value} >> ${IniFile}' + done +((debug)) && echo "${FUNCNAME[0]} exit" +} + + + +#---------- Help --------------------------------------------------------------- +# +function Help() { + cat << EOF +usage: $(basename "$0") [OPTIONS] + -a Debug mode + -d Device Name + -h Show this message + -i Interactive + -u User Name + -n User / Device number +EOF +} + + +#================= MAIN ======================================================= +# + +((!$#)) && Help && exit + + +while getopts ad:hi:n:qu: option +do + case "${option}" in + a) debug=1 + ;; + d) DeviceName="${OPTARG}" + ;; + h) Help + exit + ;; + i) Interactive + exit + ;; + n) UserNumber="${OPTARG}" + ;; + u) UserName="${OPTARG}" + ;; + *) Message "Usage (bad argument: $OPTARG)" + exit 1 + ;; + esac +done + + + +#---Init global variables +#for PARAM in "${PARAMS[@]}" +#do +# eval export '${PARAM}=""' +# done + + +if [[ ! -z ${UserName} ]] # User mode prioritised if both specified +then + ScriptMode=User + Message "User mode" +elif [[ ! -z ${DeviceName} ]] +then + ScriptMode=Device + Message "Device mode" +else + Message "Must use either -u or -d" + exit +fi + + + +CfgNum=$(find . -maxdepth 1 -iname "*.cfg" |wc -l) + +Message "Avant demande router infos" + +if [[ $CfgNum -eq 1 ]] +then + RouterCfg=$(find . -maxdepth 1 -iname "*.cfg" -printf "%f") + RouterName="${RouterCfg%.*}" +else + read -p "Entrer Nom du Router: " RouterName + ((debug)) && echo -e "Router Name = ${RouterName}" + GetRouter_Infos "${RouterName}" + RouterCfg=${RouterName}.cfg +fi + + +((debug)) && echo -e " +Après GetRouter_Infos +RouterName : $RouterName +RouterInterface : $RouterInterface +" + + +for PARAM in "${PARAMS[@]}" +do + eval ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + +echo -e "Avant Create User" + +((debug)) && echo -e " +RouterName = $RouterName +DeviceName = $DeviceName +UserNumber = $UserNumber +UserName = $UserName +Rtr_Addr_Admin = $Rtr_Addr_Admin +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +RtrInterface = $RtrInterface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY + +" | column -t && exit + +case "${ScriptMode}" in + User) CreateUser ${RouterName} ${RtrInterface} ${UserNumber} ${UserName} + exit + ;; + Router) CreateRouter ${RouterName} ${UserNumber} ${DeviceName} + ;; + *) Message "Bad mode passed ${ScriptMode}" + exit 1 + ;; + esac + + + +Message "All done." diff --git a/wireguard/genconfig_simple.2025-05-16_110317 b/wireguard/genconfig_simple.2025-05-16_110317 new file mode 100755 index 0000000..974b191 --- /dev/null +++ b/wireguard/genconfig_simple.2025-05-16_110317 @@ -0,0 +1,306 @@ +#!/bin/bash + +debug=0 + + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + + + +#---ini file parameters list +unset PARAMS; +PARAMS=( +Rtr_Addr_Public +Rrt_Port +Rtr_Interface +Rtr_Addr_Private +Rtr_CIDR_Mask +Rtr_PUB_KEY +) + + +export RouterName="" +export Company="" +export CORP="" + + + + +#========== INTERNAL FUNCTIONS ================================================ + +#---------- function Info ----------------------------------------------------- +# +# With date / time prefix +# +Info() +{ + printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" +} + + +#---------- function Message -------------------------------------------------- +# +# Send to STDOUT +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + +#---------- ip2int ------------------------------------------------------------ +# +function ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#---------- int2ip ------------------------------------------------------------ +# +function int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + + +#---------- CreateUser -------------------------------------------------------- +# +function CreateUser() +{ + +local CORP=$1 +local RouterCfg=$2 +local UserNumber=$3 +local NameUser=$4 +local debug=1 + +#---Read values from config file +for PARAM in "${PARAMS[@]}" +do + eval local ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + +Digits=000 +Temp="${Digits}${UserNumber}" +ClientNumPad=$(echo ${Temp:(-${#Digits})}) + +IFS=. read -r octet1 octet2 octet3 octet4 <<< "$Rtr_Addr_Private" +Subnet="${octet1}.${octet2}.${octet3}" +Message "Subnet : $Subnet" +Message "ClientNumPad : $ClientNumPad" + +((debug)) && echo -e " +DEBUG - CreateUser +UserNumber = $1 +NameUser = $2 +Company = $3 +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +Rtr_Interface = $Rtr_Interface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY +Subnet = $Subnet + +" && exit + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +ROUTER_PUB_KEY="$RouterPubKey" + +CLIENT_FILE_PREFIX="${ClientNumPad}-${NameUser}" +CLIENT_FILE_WIN="${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${CLIENT_FILE_PREFIX}.Peer.rsc" + + +echo -e "\nClient: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = ${Subnet}.${UserNumber}/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = ${ROUTER_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = 0.0.0.0/0 +Endpoint = ${RouterAddressPub}:${RouterPort} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\nRouter: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=${Subnet}.${UserNumber}/32 disabled=no name=\"${NameUser}\" interface=${Rtr_Interface} \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" + +Message "QR Code:" +qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}" +qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}" + +ls -1 ${ClientNumPad}* +} + + + +function GetRouter_Infos() +{ +local RouterName="$1" +local IniFile="${1}.cfg" +local debug=0 + +((debug)) && echo -e "\nIniFile = ${IniFile}\n" + +read -p "Entrer CORP: " CORP +echo -e "[${CORP}]" | tee ${IniFile} + +for PARAM in "${PARAMS[@]}" +do + #eval ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ${IniFile}) + echo -e "\nPARAM = $PARAM" + eval 'read -p "Entrer ${PARAM} " Variable' + eval 'echo ${PARAM}=${Variable} | tee -a ${IniFile}' + done +((debug)) && echo "GetRouter_Infos exit" +} + + + + +Help() { + cat << EOF +usage: $(basename "$0") [OPTIONS] + -c Company name + -h Show this message + -i Interactive + -u User Name + -n User number +EOF +} + + + +((!$#)) && Help && exit + + +while getopts c:dhin:r:u: option +do + case "${option}" in + c) CORP=${OPTARG} + ;; + d) debug=1 + ;; + h) Help + exit + ;; + i) Interactive + exit + ;; + n) UserNumber="${OPTARG}" + ;; + r) RouterName="${OPTARG}" # à enlever + ;; + u) NameUser="${OPTARG}" + ;; + *) echo -e "Usage (bad argument: $OPTARG) \n" + exit 1;; + esac +done + + + +#---Init global variables +#for PARAM in "${PARAMS[@]}" +#do +# eval export '${PARAM}=""' +# done + +CfgNum=$(find . -maxdepth 1 -iname "*.cfg" |wc -l) +#Message "Found $CfgNum config files" + + +if [[ $CfgNum -eq 1 ]] +then + RouterCfg=$(find . -maxdepth 1 -iname "*.cfg" -printf "%f") +else + read -p "Entrer Nom du Router: " RouterName + ((debug)) && echo -e "Router Name = ${RouterName}" + GetRouter_Infos "${RouterName}" + RouterCfg=${RouterName}.cfg +fi + + +((debug)) &&echo -e " +RouterCfg : $RouterCfg +CORP : $CORP +" + +#((debug)) && echo -e "Avant PARAM" + +for PARAM in "${PARAMS[@]}" +do + eval ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + + +echo -e " +Avant Create User +UserNumber = $UserNumber +NameUser = $NameUser +CORP = $CORP +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +Rtr_Interface = $Rtr_Interface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY + +" + + +exit + +CreateUser ${CORP} ${RouterCfg} ${UserNumber} ${NameUser} +#${Rtr_Addr_Public} ${Rrt_Port} ${Rtr_Interface} ${Rtr_Addr_Private} ${Rtr_CIDR_Mask} "${Rtr_PUB_KEY}" + + + +exit + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) + +echo -e " +CLIENT_PRIV_KEY $CLIENT_PRIV_KEY +CLIENT_PUB_KEY $CLIENT_PUB_KEY +CLIENT_PRE_SHARED_KEY $CLIENT_PRE_SHARED_KEY +" diff --git a/wireguard/genconfig_simple.2025-07-31_221920 b/wireguard/genconfig_simple.2025-07-31_221920 new file mode 100755 index 0000000..a71f96a --- /dev/null +++ b/wireguard/genconfig_simple.2025-07-31_221920 @@ -0,0 +1,430 @@ +#!/bin/bash + +Version=250731-1953 +debug=0 +ScriptMode="" # Script gen mode for client: user or router + + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + + + +#---ini file parameters list +unset PARAMS; +PARAMS=( +RtrInterface +Rtr_Addr_Admin +Rtr_Addr_Public +Rrt_Port +Rtr_Addr_Private +Rtr_CIDR_Mask +Rtr_PUB_KEY +Rtr_DNS +Rtr_Route +) + + +export RouterName="" +export RouterInterface="" +export DeviceName="" +export Company="" +export CORP="" +export UserName="" + + + + + +#========== INTERNAL FUNCTIONS ================================================ + +#---------- function Info ----------------------------------------------------- +# +# With date / time prefix +# +Info() +{ + printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" +} + + +#---------- function Message -------------------------------------------------- +# +# Send to STDOUT +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + +#---------- ip2int ------------------------------------------------------------ +# +function ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#---------- int2ip ------------------------------------------------------------ +# +function int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + + +#---------- RouterCommand ----------------------------------------------------- +# +function RouterConnect() +{ + local Command="$" + +} + + +#---------- CreateUser -------------------------------------------------------- +# +function CreateUser() +{ + +local RouterName=$1 +local RouterInterface=$2 +local UserNumber=$3 +local UserName=$4 +local debug=0 + +RouterCfg="${RouterName}.cfg" + +#---Read values from config file +for PARAM in "${PARAMS[@]}" +do + eval local ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + +Digits=000 +Temp="${Digits}${UserNumber}" +ClientNumPad=$(echo ${Temp:(-${#Digits})}) + + +IFS=. read -r octet1 octet2 octet3 octet4 <<< "$Rtr_Addr_Private" +Subnet="${octet1}.${octet2}.${octet3}" +UserAddress=${Subnet}.${UserNumber}/32 + +Message "Subnet : $Subnet" +Message "ClientNumPad : $ClientNumPad" + + + + +((debug)) && echo -e " +DEBUG - CreateUser +User Number = $1 +UserName = $2 +UserName = $3 +UserAddress = $UserAddress +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +RouterInterface = $RouterInterface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY +Subnet = $Subnet + +" | column -t && exit + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +ROUTER_PUB_KEY="$RouterPubKey" + +CLIENT_FILE_PREFIX="U-${ClientNumPad}-${UserName}" +CLIENT_FILE_WIN="${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${CLIENT_FILE_PREFIX}.Peer.rsc" + + +echo -e "\nClient: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = ${UserAddress} +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = ${Rtr_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = 0.0.0.0/0 +Endpoint = ${Rtr_Addr_Public}:${Rrt_Port} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\nRouter: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=${Subnet}.${UserNumber}/32 disabled=no name=\"${UserName}\" interface=${RouterInterface} \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" + +Message "QR Code:" +qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}" +qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}" + +Message "Generated User Files:" +ls -1 ${CLIENT_FILE_PREFIX}* +} + + + + + + +#---------- CreateRouter ------------------------------------------------------ +# +function CreateRouter() +{ +local debug=1 +local RouterNum="$1" +local RouterSubnet="$2" +local Corp="$3" +local BaseDir="${BaseDir}/${Corp}" # BaseDir global variable +local WgRtrDir="${BaseDir}/routers" + +#---Create paths if not there +[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" + + +RTR_PRIV_KEY=$(wg genkey) +Endpoint_Rtr_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) +RTR_PRE_SHARED_KEY=$(wg genpsk) +RTR_NUM=$(printf "%03d" $1) +RTR_FILE_PREFIX="${RTR_NUM}-Router" +RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}_Client.rsc" +RTR_FILE_RTR_ENDPOINT="${WgRtrDir}/${RTR_FILE_PREFIX}_Endpoint.rsc" + + +((debug)) && echo -e " +Corp = $Corp +RTR_NUM = $RTR_NUM +CLIENT_FILE_RTR = $RTR_FILE_RTR +BaseDir = $BaseDir +PreShared Key = $RTR_PRE_SHARED_KEY +" && exit + +[ -d "${BaseDir}" ] && Message "Creating dir ${BaseDir}" && mkdir -p "${BaseDir}" + + +Message "Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RTR_FILE_RTR} +${RTR_FILE_RTR_ENDPOINT} +" +Message "Client Router Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard +add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" + +/ip address add address=172.18.1.${RouterNum}/32 comment=wg-wg01 interface=wg01 + + +/interface wireguard peers add allowed-address=172.16.18.254 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ + endpoint-address=${Endpoint_Rtr_Addr_Public} endpoint-port=${Endpoint_Rrt_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ + \"/ping interval=10 10.1.8.11 count=61\" + +/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ +| tee "${RTR_FILE_RTR}" + + +#echo -e "\n" +Message "${EndpointID} endpoint Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum} ${NameRouter}\" \\ +interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ +| tee "${RTR_FILE_RTR_ENDPOINT}" + +} + + + + + + + +#---------- GetRouter_Infos ---------------------------------------------------- +# +function GetRouter_Infos() +{ +local RouterName="$1" +local IniFile="${1}.cfg" +local debug=0 + +((debug)) && echo -e "\nIniFile = ${IniFile}\n" + +#read -p "Entrer l'interface du router: " RouterInterface +echo -e "[${RouterName}]" >> ${IniFile} + +for PARAM in "${PARAMS[@]}" +do + echo -e "\nPARAM = $PARAM" + eval 'read -p "Entrer ${PARAM} " Value' + eval 'echo ${PARAM}=${Value} >> ${IniFile}' + done +((debug)) && echo "${FUNCNAME[0]} exit" +} + + + +#---------- Help --------------------------------------------------------------- +# +function Help() { + cat << EOF +usage: $(basename "$0") [OPTIONS] + -a Debug mode + -d Device Name + -h Show this message + -i Interactive + -u User Name + -n User / Device number +EOF +} + + +#================= MAIN ======================================================= +# + +((!$#)) && Help && exit + + +while getopts ad:hi:n:qu: option +do + case "${option}" in + a) debug=1 + ;; + d) DeviceName="${OPTARG}" + ;; + h) Help + exit + ;; + i) Interactive + exit + ;; + n) UserNumber="${OPTARG}" + ;; + u) UserName="${OPTARG}" + ;; + *) Message "Usage (bad argument: $OPTARG)" + exit 1 + ;; + esac +done + + + +#---Init global variables +#for PARAM in "${PARAMS[@]}" +#do +# eval export '${PARAM}=""' +# done + + +if [[ ! -z ${UserName} ]] # User mode prioritised if both specified +then + ScriptMode=User + Message "User mode" +elif [[ ! -z ${DeviceName} ]] +then + ScriptMode=Device + Message "Device mode" +else + Message "Must use either -u or -d" + exit +fi + + + +CfgNum=$(find . -maxdepth 1 -iname "*.cfg" |wc -l) + +Message "Avant demande router infos" + +if [[ $CfgNum -eq 1 ]] +then + RouterCfg=$(find . -maxdepth 1 -iname "*.cfg" -printf "%f") + RouterName="${RouterCfg%.*}" +else + read -p "Entrer Nom du Router: " RouterName + ((debug)) && echo -e "Router Name = ${RouterName}" + GetRouter_Infos "${RouterName}" + RouterCfg=${RouterName}.cfg +fi + + +((debug)) && echo -e " +Après GetRouter_Infos +RouterName : $RouterName +RouterInterface : $RouterInterface +" + + +for PARAM in "${PARAMS[@]}" +do + eval ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + +echo -e "Avant Create User" + +((debug)) && echo -e " +RouterName = $RouterName +DeviceName = $DeviceName +UserNumber = $UserNumber +UserName = $UserName +Rtr_Addr_Admin = $Rtr_Addr_Admin +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +RtrInterface = $RtrInterface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY + +" | column -t && exit + +case "${ScriptMode}" in + User) CreateUser ${RouterName} ${RtrInterface} ${UserNumber} ${UserName} + exit + ;; + Router) CreateRouter ${RouterName} ${UserNumber} ${DeviceName} + ;; + *) Message "Bad mode passed ${ScriptMode}" + exit 1 + ;; + esac + + + +Message "All done." diff --git a/wireguard/genconfig_simple.md b/wireguard/genconfig_simple.md new file mode 100644 index 0000000..c4df8b1 --- /dev/null +++ b/wireguard/genconfig_simple.md @@ -0,0 +1,34 @@ +1) Le script fonctionne en partant du principe qu'il va sauver / utiliser un fichier INI et les fichiers Wireguard générés en relation avec ça dans un répertoire + Ça veut dire qu'on doit utiliser quelque chose qui ressemble à: + Compagnie / router1 + Compagnie / router2 + Donc, on fait un "cd" Compagnie/router1 et on utilise de là + On pourrait aussi avoir: Compagnie / router1 / interface 1 (j'ai la plupart du temps WG_Users et WG_Routers!) + +2) Les paramètres sont contenus dans un array au début du script. Je vais ajouter un champs sur chaque ligne pour un "nom de field" plus facile à comprendre + +PARAMS=( +RtrInterface Nom de l'interface Wireguard avec laquelle sera associée la config du client +Rtr_Addr_Admin L'adresse IP où le script va connecter pour ajouter la config du client (futur) +Rtr_Addr_Public L'adresse publique sur laquelle le client connecte: IP ou FQDN +Rrt_Port Le port de l'interface associée du router sur lequel le client connecte +Rtr_Addr_Private L'adresse du router, sur le subnet alloué au clients. Mon standard, genre: 10.1.2.254 et le client #1 aura 10.1.2.1, client #2 10.1.2.2, etc +Rtr_CIDR_Mask Le masque du subnet associé à l'interface du router sur son interface +Rtr_PUB_KEY La clef publique associée à l'interface du router +Rtr_DNS Le/les DNS qu'on place dans la config du client +Rtr_Route_Subnet Le subnet qui est associé au routage pour la connexion client. 0.0.0.0/0 pour envoyer tout le trafic via cette connexion wireguard. +) + +3) Je conseille d'utiliser des noms de user et routers avec un # de séquence associé. Ça permet de savoir quel IP sera allouée à chaque client + Ex: U001-Guy, U002-Marc (Users) + R001-Toronto, R002-Quebec (Routers) + +4) Les paramètres de la CLI on beaucoup changé avec la dernière version, voir la manière actuelle dans l'exemple ci-bas + +## Utilisation +~~~bash + +# Pour l'instant, minimal (autres paramètres = futur): +../genconfig_simple -n 1 -u marc +~~~ + diff --git a/wireguard/ingtegration/chateauguay/router/RB5009.cfg b/wireguard/ingtegration/chateauguay/router/RB5009.cfg new file mode 100644 index 0000000..5763125 --- /dev/null +++ b/wireguard/ingtegration/chateauguay/router/RB5009.cfg @@ -0,0 +1,7 @@ +[RB5009] +Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net +Rrt_Port=14321 +Rtr_Interface=WG-Devices +Rtr_Addr_Private=172.16.254.2 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=MmTMFo+Fs3N9jrcVeGKkmMi2NoZctvSB7813LCN12nY= diff --git a/wireguard/ingtegration/chateauguay/test/RB5009.cfg b/wireguard/ingtegration/chateauguay/test/RB5009.cfg new file mode 100644 index 0000000..8dae37f --- /dev/null +++ b/wireguard/ingtegration/chateauguay/test/RB5009.cfg @@ -0,0 +1,15 @@ + +[WG01] +Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net +Rrt_Port=14322 +Rtr_Addr_Private=172.16.40.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= + +[WG02] +Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net +Rrt_Port=14322 +Rtr_Addr_Private=172.16.40.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= + diff --git a/wireguard/ingtegration/chateauguay/test/U-002-guy.Peer.rsc b/wireguard/ingtegration/chateauguay/test/U-002-guy.Peer.rsc new file mode 100644 index 0000000..1a15d8f --- /dev/null +++ b/wireguard/ingtegration/chateauguay/test/U-002-guy.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=172.16.40.2/32 disabled=no name="guy" interface=WG01 \ +preshared-key="Ib7k3/rWONN4Ga4oA5EfweGiMk8+BvS59HYmpSkSzCA=" public-key="ziekWouNBWmOUIlCx9uO6U4FOoBQbagLqOwnKKEsvn4=" diff --git a/wireguard/ingtegration/chateauguay/test/U-002-guy.conf b/wireguard/ingtegration/chateauguay/test/U-002-guy.conf new file mode 100644 index 0000000..008432b --- /dev/null +++ b/wireguard/ingtegration/chateauguay/test/U-002-guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = eOmsbsjFnFi9AtWjJyQmPmWUSdq0gg2P35ysdxOJyVE= +ListenPort = 51821 +Address = 172.16.40.2/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= +PresharedKey = Ib7k3/rWONN4Ga4oA5EfweGiMk8+BvS59HYmpSkSzCA= +AllowedIPs = 0.0.0.0/0 +Endpoint = heh08h84mnt.sn.mynetname.net:14322 +PersistentKeepalive = 25 + diff --git a/wireguard/ingtegration/chateauguay/test/U-002-guy.conf.png b/wireguard/ingtegration/chateauguay/test/U-002-guy.conf.png new file mode 100644 index 0000000..abcb0a2 Binary files /dev/null and b/wireguard/ingtegration/chateauguay/test/U-002-guy.conf.png differ diff --git a/wireguard/ingtegration/chateauguay/test/readini b/wireguard/ingtegration/chateauguay/test/readini new file mode 100755 index 0000000..4545e99 --- /dev/null +++ b/wireguard/ingtegration/chateauguay/test/readini @@ -0,0 +1,34 @@ +#!/bin/bash + + +INI_FILE="$1" +SECTIONS_NUM=0 +unset ${INI_ALL_SECTION} + + + +while read -r line || [ -n "$line" ] +do + echo -e "\nLine = $line" + # Skip blank lines and comments + if [ -z "$line" -o "${line:0:1}" = ";" -o "${line:0:1}" = "#" ] + then + continue + fi + + # Section marker? + if [[ "${line}" =~ ^\[[a-zA-Z0-9_]{1,}\]$ ]] + then + # Set SECTION var to name of section (strip [ and ] from section marker) + SECTION="${line#[}" + SECTION="${SECTION%]}" + echo -e "SECTION = ${SECTION}" + #eval "${INI_ALL_SECTION}=\"\${${INI_ALL_SECTION}# } $SECTION\"" + ((SECTIONS_NUM++)) + continue + fi +done <"${INI_FILE}" + +echo -e "SECTIONS_NUM = $SECTIONS_NUM" + +echo "INI_ALL_SECTION = $INI_ALL_SECTION" diff --git a/wireguard/ingtegration/chateauguay/user/RB5009.cfg b/wireguard/ingtegration/chateauguay/user/RB5009.cfg new file mode 100644 index 0000000..4df9c51 --- /dev/null +++ b/wireguard/ingtegration/chateauguay/user/RB5009.cfg @@ -0,0 +1,7 @@ +[RB5009] +Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net +Rrt_Port=14322 +Rtr_Interface=WG-Users +Rtr_Addr_Private=172.16.40.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= diff --git a/wireguard/ingtegration/chateauguay/user/U-003-dana.Peer.rsc b/wireguard/ingtegration/chateauguay/user/U-003-dana.Peer.rsc new file mode 100644 index 0000000..a5562af --- /dev/null +++ b/wireguard/ingtegration/chateauguay/user/U-003-dana.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=172.16.40.3/32 disabled=no name="pcguy" interface=WG-Users \ +preshared-key="nlvAgKyqzNZon2vv8mGBUoFIyGZ5XWmNLLEN+ULI8OU=" public-key="UYXWTpjsuLD8oBIbmG+/E4ayJ7/HvEs5RotwqlW2938=" diff --git a/wireguard/ingtegration/chateauguay/user/U-003-dana.conf b/wireguard/ingtegration/chateauguay/user/U-003-dana.conf new file mode 100644 index 0000000..1c95474 --- /dev/null +++ b/wireguard/ingtegration/chateauguay/user/U-003-dana.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = sIwBWQDsBHyXh50pjFEF04NtK5H2zan9eyo1G189VXo= +ListenPort = 51821 +Address = 172.16.40.3/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= +PresharedKey = nlvAgKyqzNZon2vv8mGBUoFIyGZ5XWmNLLEN+ULI8OU= +AllowedIPs = 0.0.0.0/0 +Endpoint = heh08h84mnt.sn.mynetname.net:14322 +PersistentKeepalive = 25 + diff --git a/wireguard/ingtegration/chateauguay/user/U-003-dana.conf.png b/wireguard/ingtegration/chateauguay/user/U-003-dana.conf.png new file mode 100644 index 0000000..9fd2281 Binary files /dev/null and b/wireguard/ingtegration/chateauguay/user/U-003-dana.conf.png differ diff --git a/wireguard/ingtegration/users/004-Guy.CCR1.rsc b/wireguard/ingtegration/users/004-Guy.CCR1.rsc new file mode 100644 index 0000000..2c4fa1c --- /dev/null +++ b/wireguard/ingtegration/users/004-Guy.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.8.38.4/32 disabled=no comment="User Guy" interface=wg1 \ +preshared-key="azOSAxvB4FqFR0XYvXiVZL3XZn1QD5S1ttQSSc/MiTk=" public-key="xXg+ZoZcv36AuzmfzpBAqGDmgIhEwkucFw5bm/kgCTM=" diff --git a/wireguard/ingtegration/users/004-Guy.conf b/wireguard/ingtegration/users/004-Guy.conf new file mode 100644 index 0000000..c8381d8 --- /dev/null +++ b/wireguard/ingtegration/users/004-Guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = UEX8Fq51QVG6oIPdCy8eWfrJcONrArRqyieK1faBzkE= +ListenPort = 51821 +Address = 10.8.38.4/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= +PresharedKey = azOSAxvB4FqFR0XYvXiVZL3XZn1QD5S1ttQSSc/MiTk= +AllowedIPs = 10.8.0.0/16 +Endpoint = seve.ingtegration.com:14322 +PersistentKeepalive = 25 + diff --git a/wireguard/koze-maison/users/Samantha.Endpoint.rsc b/wireguard/koze-maison/users/Samantha.Endpoint.rsc new file mode 100644 index 0000000..51f70c9 --- /dev/null +++ b/wireguard/koze-maison/users/Samantha.Endpoint.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=172.16.15.1/32 disabled=no comment="User Samantha" interface=WG-Users \ +preshared-key="PVmxXI1HtsrmM/pmmOfPJRLj9ITG6LXDEGN9NyT/wzY=" public-key="+MNTBsVZUQZ+tjFz9mD1uLH8CEAifSM9O0xqlm+XfCM=" diff --git a/wireguard/koze-maison/users/Samantha.conf b/wireguard/koze-maison/users/Samantha.conf new file mode 100644 index 0000000..d6d94db --- /dev/null +++ b/wireguard/koze-maison/users/Samantha.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = UA2nrQP2taQy1aYWtwxPPD2/qbQwiWckWSS2ucp5lnE= +ListenPort = 51821 +Address = 172.16.15.1/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = lCzZXZYTwnDGVbAtEE/vEH0TtpVqy7fBcZMBXiBBA1s= +PresharedKey = PVmxXI1HtsrmM/pmmOfPJRLj9ITG6LXDEGN9NyT/wzY= +AllowedIPs = 172.16.0.0/16 +Endpoint = b4a30b139a75.sn.mynetname.net:14233 +PersistentKeepalive = 25 + diff --git a/wireguard/koze-maison/users/Samantha.conf.png b/wireguard/koze-maison/users/Samantha.conf.png new file mode 100644 index 0000000..1f80015 Binary files /dev/null and b/wireguard/koze-maison/users/Samantha.conf.png differ diff --git a/wireguard/real/genconfig b/wireguard/real/genconfig new file mode 100755 index 0000000..e905dc5 --- /dev/null +++ b/wireguard/real/genconfig @@ -0,0 +1,288 @@ +#!/bin/bash + +Version=240226-1434 +debug=0 +CORP=EVOQ +Rtr_CCR1_Addr="d90d0d815e13.sn.mynetname.net" +Rtr_CCR1_Port="13232" +Usr_CCR1_Addr="d90d0d815e13.sn.mynetname.net" +Usr_CCR1_Port="13233" + + +ScriptName=$(basename "$0") +BaseDir="/home/boig01/temp/wireguard/real" +WgRtrDir="${BaseDir}/routers" +WgUsrDir="${BaseDir}/users" + +RTR_CCR1_PUB_KEY="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw=" +USR_CCR1_PUB_KEY="vaH/ozwjGfhC1ODOJZ6PExwDNTRlms2kU43xmGi67yg=" + +NumUser=0 +NumRouter=0 +NameUser=0 +Mode=0 + +YELLOW='\033[0;33«m' +GREEN='\033[0;32m' +RED='\033[0;31m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +# Create paths if not there +[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" +[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}" + + +Start_Subnet=10.1.32.0 +Bits_Subnet=3 +Subnet_Bits=$((32-Bits_Subnet)) # Router address subnet bits +NAPS=$((2**Bits_Subnet)) # Nombre d'Adresses Par Subnet + + + +#=================== function Help ============================================ +# +function Help() +{ +echo -e " +WireGuard-MikroTik ${BLUE}${CORP}${NC} configurator + +usage: + ${ScriptName} [Options] + + -n User # (Unique user number between 1 and 253) + -u User name (AdrianSmith) + -r Router # (EVOQ router #, like 1 or 11) + +When in user mode, you must provide name & unique user number between 2 and 253. +This user number will be assigned an ip address 10.1.40.[user #]. + +" && exit +} + + + +#=================== function Info ============================================= +# +# Avec date / time prefix +# +Info() { printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" >&2; } # send to stderr + +#=================== function Message ========================================== +# +# +Message() { printf "\n${GREEN}%s${NC}\n" "$*"; } # send to stdout + + + + +#=================== function ip2int =========================================== +# +ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#=================== function int2ip =========================================== +# +int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + +#======================== CreateUser ========================================== +# +function CreateUser() +{ +ClientName=$1 +ClientNum=$2 + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +CLIENT_NUM=$(printf "%03d" $2) +CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}" +CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.CCR1.rsc" + +((debug)) && echo -e " +ClientName = $1 +CLIENT_NUM = $CLIENT_NUM +CLIENT_FILE_WIN = $CLIENT_FILE_WIN +CLIENT_FILE_RTR = $CLIENT_FILE_RTR +" && exit + + +echo -e "Client: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = 192.168.10.${ClientNum}/32 +DNS = 192.168.10.1,1.1.1.1 + +[Peer] +PublicKey = ${USR_CCR1_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = 192.168.0.0/16 +Endpoint = ${Usr_CCR1_Addr}:${Usr_CCR1_Port} +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\nCCR: +---------------------------------------------------------" +echo -e "/interface wireguard peers add +allowed-address=192.168.10.${ClientNum}/32 client-keepalive=10 disabled=no comment=\"User ${ClientName}\" interface=wg1 \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" +} + + + + + + +#======================== CreateRouter ======================================== +# +function CreateRouter() +{ +RouterNum="$1" +RouterSubnet="$2" + +RTR_PRIV_KEY=$(wg genkey) +RTR_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) +RTR_PRE_SHARED_KEY=$(wg genpsk) +RTR_NUM=$(printf "%03d" $1) +RTR_FILE_PREFIX="${RTR_NUM}-Router" +RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}.rsc" +RTR_FILE_RTR_CCR1="${WgRtrDir}/${RTR_FILE_PREFIX}.CCR1.rsc" + + +((debug)) && echo -e " +ClientName = $1 +CLIENT_NUM = $RTR_NUM +CLIENT_FILE_RTR = $RTR_FILE_RTR +" && exit + + +Message "** Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RTR_FILE_RTR} +${RTR_FILE_RTR_CCR1} +" +Message "** Router Client Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard +add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" + +/ip address add address=10.1.41.${RouterNum}/32 comment=wg-wg01 interface=wg01 +/ip route add dst-address=10.0.0.0/8 gateway=wg01 +/ip route add dst-address=192.168.0.0/16 gateway=wg01 + +/interface wireguard peers add allowed-address=10.0.0.0/8,192.168.0.0/16 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ + endpoint-address=${Rtr_CCR1_Addr} endpoint-port=${Rtr_CCR1_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_CCR1_PUB_KEY}\" + +/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ + \"/ping interval=10 10.1.8.11 count=61\" + +/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ +| tee "${RTR_FILE_RTR}" + + +#echo -e "\n" +Message "** CCR1 Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum}\" \\ +interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_PUB_KEY}\" + +/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ +| tee "${RTR_FILE_RTR_CCR1}" + +} + + + +#=================== function RrtSubnet ======================================== +# +RtrSubnet() +{ + local RtrNum=$1 + + BaseNum=$(ip2int $Start_Subnet) # Subnet de depart en format integer + Nth=$((RtrNum-1)) # Le router #1 est "0" dans la séquence de subnet, #2 est 1, etc + Nth=$((Nth*NAPS)) # Decimal a aditionner en fonction pour le Nth router + Subnet=$((BaseNum+Nth)) # Nth subnet calculé +# Subnet="${Subnet}/$(Bits_Subnet=3})" + + echo -e "$(int2ip $Subnet)/${Subnet_Bits}" +} + + + + +#================ MAIN ======================================================== +# + +((!$#)) && Help && exit # If no command parameters passed, help and bail out +echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator version $Version\n" + +while getopts dhn:r:u: option +do + case "${option}" in + d) debug=1 + ;; + h) Help + exit ;; + n) NumUser=${OPTARG} + Mode="User" + ;; + r) NumRouter=${OPTARG} + Mode="Router" + ;; + u) NameUser=${OPTARG} + ;; + *) echo -e "Usage (bad argument: $OPTARG) \n" + exit 1;; + esac +done + + +((debug)) && echo -e " +NumRouter = ${NumRouter} +NumUser = ${NumUser} +RtrSubnet = $(RtrSubnet ${NumRouter}) +" && exit + + + + +if [[ "${NumRouter}" -ne "0" && "${NumUser}" -ne "0" ]] +then + echo "** Error, can't use user and router # simulteaneously" + exit 1 +fi + + +case "$Mode" in + User) CreateUser $NameUser $NumUser + exit + ;; + Router) CreateRouter $NumRouter $(RtrSubnet ${NumRouter}) + exit + ;; + *) echo -e "\n** ERROR : User # was not provided" + Help + ;; +esac + + diff --git a/wireguard/real/users/001-Real.CCR1.rsc b/wireguard/real/users/001-Real.CCR1.rsc new file mode 100644 index 0000000..038da4b --- /dev/null +++ b/wireguard/real/users/001-Real.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers add +allowed-address=10.1.40.1/32 client-keepalive=10 disabled=no comment="User Real" interface=wg1 \ + preshared-key="EGEruoS+9iFaDV7MOydXdkE8eQGpDhil446OzImIfOY=" public-key="J4nC/m8G2wMNDYeywORCYIo9eZq6v6fMgZVOFpRv3m0=" diff --git a/wireguard/real/users/001-Real.conf b/wireguard/real/users/001-Real.conf new file mode 100644 index 0000000..1ff2b92 --- /dev/null +++ b/wireguard/real/users/001-Real.conf @@ -0,0 +1,12 @@ +[Interface] +ListenPort = 51821 +PrivateKey = QHjXJWfo+G2BoJTKaLEviueDyK90nW/14ibUD3X31HI= +Address = 192.168.10.1/32 +DNS = 192.168.10.254,1.1.1.1 + +[Peer] +PublicKey = vaH/ozwjGfhC1ODOJZ6PExwDNTRlms2kU43xmGi67yg= +PresharedKey = EGEruoS+9iFaDV7MOydXdkE8eQGpDhil446OzImIfOY= +Endpoint = d90d0d815e13.sn.mynetname.net:13233 +AllowedIPs = 192.168.0.0/16 + diff --git a/wireguard/real/users/002-Guy.CCR1.rsc b/wireguard/real/users/002-Guy.CCR1.rsc new file mode 100644 index 0000000..61fdf53 --- /dev/null +++ b/wireguard/real/users/002-Guy.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers add +allowed-address=192.168.10.2/32 client-keepalive=10 disabled=no comment="User Guy" interface=wg1 \ + preshared-key="0FaSQ2/iTj2Eu7ttME16pIet6nJnh0gtfEACK9aCCBI=" public-key="tQk6OTijE3YawHAQk6jfcVmgMzvH3zUyNqrhl3zRmHQ=" diff --git a/wireguard/real/users/002-Guy.conf b/wireguard/real/users/002-Guy.conf new file mode 100644 index 0000000..5d0b803 --- /dev/null +++ b/wireguard/real/users/002-Guy.conf @@ -0,0 +1,12 @@ +[Interface] +ListenPort = 51821 +PrivateKey = wDaoTqcCfIar7dukhYQYu8M5LDN+3BZc8Zcn/UetjWQ= +Address = 192.168.10.2/32 +DNS = 1.1.1.1 + +[Peer] +PublicKey = vaH/ozwjGfhC1ODOJZ6PExwDNTRlms2kU43xmGi67yg= +PresharedKey = 0FaSQ2/iTj2Eu7ttME16pIet6nJnh0gtfEACK9aCCBI= +Endpoint = d90d0d815e13.sn.mynetname.net:13233 +AllowedIPs = 192.168.2.0/24 + diff --git a/wireguard/real/users/Real-maison.conf b/wireguard/real/users/Real-maison.conf new file mode 120000 index 0000000..9aa2b7d --- /dev/null +++ b/wireguard/real/users/Real-maison.conf @@ -0,0 +1 @@ +/home/boig01/Nextcloud2/guydev/network/wireguard/real/users/002-Guy.conf \ No newline at end of file diff --git a/wireguard/rrf/RB5009-Users.cfg b/wireguard/rrf/RB5009-Users.cfg new file mode 100644 index 0000000..82aadb8 --- /dev/null +++ b/wireguard/rrf/RB5009-Users.cfg @@ -0,0 +1,10 @@ +[RB5009-Users] +RtrInterface=WG-Users +Rtr_Addr_Admin=10.1.99.254 +Rtr_Addr_Public=142.217.209.155 +Rrt_Port=13235 +Rtr_Addr_Private=10.1.15.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=zHEBUKg9qNtC9+RaQeHiDoTmlsPc+9NBN+H+W/ZDPF4= +Rtr_DNS=10.1.15.254 +Rtr_Route_Subnet=10.1.0.0/16 diff --git a/wireguard/rrf/U-001-boig01.Peer.rsc b/wireguard/rrf/U-001-boig01.Peer.rsc new file mode 100644 index 0000000..d3bba18 --- /dev/null +++ b/wireguard/rrf/U-001-boig01.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.1.15.1/32 disabled=no name="boig01" interface=WG-Users \ +preshared-key="tqtgjTsZUxkdFM1IQNfRdNuYf2MgH/2kHOOO1+ilMCQ=" public-key="r11A7Z+IBeLFL6G+a+M0jgr1tTd9jTl/b+RROj/6whk=" diff --git a/wireguard/rrf/U-001-boig01.conf b/wireguard/rrf/U-001-boig01.conf new file mode 100644 index 0000000..682a5cd --- /dev/null +++ b/wireguard/rrf/U-001-boig01.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = UKNcUZwVMzU4icXo2M7WsLm2OVvUiPTBndLn3xBiB2Y= +ListenPort = 51821 +Address = 10.1.15.1/32 +DNS = 10.1.15.254 + +[Peer] +PublicKey = zHEBUKg9qNtC9+RaQeHiDoTmlsPc+9NBN+H+W/ZDPF4= +PresharedKey = tqtgjTsZUxkdFM1IQNfRdNuYf2MgH/2kHOOO1+ilMCQ= +AllowedIPs = 10.1.0.0/16 +Endpoint = 142.217.209.155:13235 +PersistentKeepalive = 25 + diff --git a/wireguard/rrf/U-001-boig01.conf.png b/wireguard/rrf/U-001-boig01.conf.png new file mode 100644 index 0000000..9b716c3 Binary files /dev/null and b/wireguard/rrf/U-001-boig01.conf.png differ diff --git a/wireguard/rrf/U-002-boucm01.Peer.rsc b/wireguard/rrf/U-002-boucm01.Peer.rsc new file mode 100644 index 0000000..0f11323 --- /dev/null +++ b/wireguard/rrf/U-002-boucm01.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.1.15.2/32 client-keepalive=20s disabled=no name="boucm01" interface=WG-Users \ +preshared-key="6VOptNdny7TsKvQvcWFn0V+RtBMs+iin3elOxE9tXX8=" public-key="yxVvlFZnnZOePdCxLX27zsnLfApcGBhmlqR5772mN2c=" diff --git a/wireguard/rrf/U-002-boucm01.conf b/wireguard/rrf/U-002-boucm01.conf new file mode 100644 index 0000000..231c41d --- /dev/null +++ b/wireguard/rrf/U-002-boucm01.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = ACO/UBhvrQMLlrtEE7sU8qgDxYVmYLEn+j6hva8BBHM= +ListenPort = 51821 +Address = 10.1.15.2/32 +DNS = 10.1.15.254 + +[Peer] +PublicKey = zHEBUKg9qNtC9+RaQeHiDoTmlsPc+9NBN+H+W/ZDPF4= +PresharedKey = 6VOptNdny7TsKvQvcWFn0V+RtBMs+iin3elOxE9tXX8= +AllowedIPs = 10.1.0.0/16 +Endpoint = 142.217.209.155:13235 +PersistentKeepalive = 25 + diff --git a/wireguard/rrf/U-002-boucm01.conf.png b/wireguard/rrf/U-002-boucm01.conf.png new file mode 100644 index 0000000..e5586fb Binary files /dev/null and b/wireguard/rrf/U-002-boucm01.conf.png differ diff --git a/wireguard/sdmm/CCR1009.cfg b/wireguard/sdmm/CCR1009.cfg new file mode 100644 index 0000000..f21910f --- /dev/null +++ b/wireguard/sdmm/CCR1009.cfg @@ -0,0 +1,8 @@ +[CCR1009] +RtrInterface=WG-Users +Rtr_Addr_Admin=10.3.8.1 +Rtr_Addr_Public=184.95.250.138 +Rrt_Port=13421 +Rtr_Addr_Private=10.3.13.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=ZypJ/xU5ieCA3+iHR5AhoPP6XDsSTpMuzo5foi+bWWc= diff --git a/wireguard/sdmm/SDMM-Guy.conf b/wireguard/sdmm/SDMM-Guy.conf new file mode 120000 index 0000000..3ce0edb --- /dev/null +++ b/wireguard/sdmm/SDMM-Guy.conf @@ -0,0 +1 @@ +U-001-guy.conf \ No newline at end of file diff --git a/wireguard/sdmm/U-001-guy.Peer.rsc b/wireguard/sdmm/U-001-guy.Peer.rsc new file mode 100644 index 0000000..ffd1ff5 --- /dev/null +++ b/wireguard/sdmm/U-001-guy.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.3.13.1/32 disabled=no name="guy" interface=WG-Users \ +preshared-key="ZhEZjV5AxymxSHWAXL0zyhpzdxSqRcl8RJi2/M1b+vw=" public-key="I0B0XvNOt0c781ir/WtUC2oc3dnmIoJPr9vLacJHdFY=" diff --git a/wireguard/sdmm/U-001-guy.conf b/wireguard/sdmm/U-001-guy.conf new file mode 100644 index 0000000..e01e47a --- /dev/null +++ b/wireguard/sdmm/U-001-guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = WDYlcHHQIz1pjqOLBRtNyLteSIbs7dKzJq60MJ8Pv0k= +ListenPort = 51821 +Address = 10.3.13.1/32 +DNS = 10.3.6.15 + +[Peer] +PublicKey = ZypJ/xU5ieCA3+iHR5AhoPP6XDsSTpMuzo5foi+bWWc= +PresharedKey = ZhEZjV5AxymxSHWAXL0zyhpzdxSqRcl8RJi2/M1b+vw= +AllowedIPs = 10.3.0.0/16 +Endpoint = 184.95.250.138:13421 +PersistentKeepalive = 25 + diff --git a/wireguard/sdmm/U-001-guy.conf.png b/wireguard/sdmm/U-001-guy.conf.png new file mode 100644 index 0000000..779c591 Binary files /dev/null and b/wireguard/sdmm/U-001-guy.conf.png differ diff --git a/wireguard/sdmm/U-002-marc.Peer.rsc b/wireguard/sdmm/U-002-marc.Peer.rsc new file mode 100644 index 0000000..f2d5e3d --- /dev/null +++ b/wireguard/sdmm/U-002-marc.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.3.13.2/32 disabled=no name="marc" interface=WG-Users \ +preshared-key="adwActiBEETXk6wSx8V0w0GD7kFZ7j7CPlzuFRleG/s=" public-key="Hmz/JS3QYKNKuHFSs2fVyh3MxuEhLLRuUWXmAO4P1FY=" diff --git a/wireguard/sdmm/U-002-marc.conf b/wireguard/sdmm/U-002-marc.conf new file mode 100644 index 0000000..9ac3a7f --- /dev/null +++ b/wireguard/sdmm/U-002-marc.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = wGh9Fx2x4FDyv0cuQK1g8yFm+tqTRRamdoneccfaEEw= +ListenPort = 51821 +Address = 10.3.13.2/32 +DNS = 10.3.6.15 + +[Peer] +PublicKey = ZypJ/xU5ieCA3+iHR5AhoPP6XDsSTpMuzo5foi+bWWc= +PresharedKey = adwActiBEETXk6wSx8V0w0GD7kFZ7j7CPlzuFRleG/s= +AllowedIPs = 10.3.0.0/16 +Endpoint = 184.95.250.138:13421 +PersistentKeepalive = 25 + diff --git a/wireguard/sdmm/U-002-marc.conf.png b/wireguard/sdmm/U-002-marc.conf.png new file mode 100644 index 0000000..80d54e9 Binary files /dev/null and b/wireguard/sdmm/U-002-marc.conf.png differ diff --git a/wireguard/sdmm/U-005-exoc.Peer.rsc b/wireguard/sdmm/U-005-exoc.Peer.rsc new file mode 100644 index 0000000..51bb496 --- /dev/null +++ b/wireguard/sdmm/U-005-exoc.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.3.13.5/32 disabled=no name="exoc" interface=WG-Users \ +preshared-key="KGTzc6c4BSf/pFoT79CdeTtt2CT6eTQKaoMyL2jaCYg=" public-key="69ohh5vjeOFU6N7Q82GcRF7/Ss2tmNQ1MCQGMZC08xI=" diff --git a/wireguard/sdmm/U-005-exoc.conf b/wireguard/sdmm/U-005-exoc.conf new file mode 100644 index 0000000..e19d046 --- /dev/null +++ b/wireguard/sdmm/U-005-exoc.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = cIPz2r+7Bu2jpI1ShXaaFrF6qbI1aYLrJR9FTiqQ53g= +ListenPort = 51821 +Address = 10.3.13.5/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = ZypJ/xU5ieCA3+iHR5AhoPP6XDsSTpMuzo5foi+bWWc= +PresharedKey = KGTzc6c4BSf/pFoT79CdeTtt2CT6eTQKaoMyL2jaCYg= +AllowedIPs = 10.3.0.0/16 +Endpoint = 184.95.250.138:13421 +PersistentKeepalive = 25 + diff --git a/wireguard/sdmm/U-005-exoc.conf.png b/wireguard/sdmm/U-005-exoc.conf.png new file mode 100644 index 0000000..00b3547 Binary files /dev/null and b/wireguard/sdmm/U-005-exoc.conf.png differ diff --git a/wireguard/sdmm/U-006-pascal.Peer.rsc b/wireguard/sdmm/U-006-pascal.Peer.rsc new file mode 100644 index 0000000..9a6db51 --- /dev/null +++ b/wireguard/sdmm/U-006-pascal.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.3.13.6/32 disabled=no name="pascal" interface=WG-Users \ +preshared-key="V1oUlbYR+11SBr5W0hOtUuyRdwVioIfyKJDrHSrUToY=" public-key="jKNIbZkJf4zOGIYVhIawZzC4NXEsKBDTBmNjdEmR2GU=" diff --git a/wireguard/sdmm/U-006-pascal.conf b/wireguard/sdmm/U-006-pascal.conf new file mode 100644 index 0000000..fe11e26 --- /dev/null +++ b/wireguard/sdmm/U-006-pascal.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = aPBd3mVCh1Xvd6EoG4xzwHJ8cb1AuPK4NunE8sZf+30= +ListenPort = 51821 +Address = 10.3.13.6/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = ZypJ/xU5ieCA3+iHR5AhoPP6XDsSTpMuzo5foi+bWWc= +PresharedKey = V1oUlbYR+11SBr5W0hOtUuyRdwVioIfyKJDrHSrUToY= +AllowedIPs = 10.3.0.0/16 +Endpoint = 184.95.250.138:13421 +PersistentKeepalive = 25 + diff --git a/wireguard/sdmm/U-006-pascal.conf.png b/wireguard/sdmm/U-006-pascal.conf.png new file mode 100644 index 0000000..fa38e53 Binary files /dev/null and b/wireguard/sdmm/U-006-pascal.conf.png differ diff --git a/wireguard/sdmm/admin@10.3.8.1 b/wireguard/sdmm/admin@10.3.8.1 new file mode 100644 index 0000000..25428e7 --- /dev/null +++ b/wireguard/sdmm/admin@10.3.8.1 @@ -0,0 +1,2 @@ +/interface wireguard peers +add allowed-address=10.3.13.1/32 disabled=no name="guy" interface=WG-Users preshared-key="ZhEZjV5AxymxSHWAXL0zyhpzdxSqRcl8RJi2/M1b+vw=" public-key="I0B0XvNOt0c781ir/WtUC2oc3dnmIoJPr9vLacJHdFY=" diff --git a/wireguard/test_read_array_multi.sh b/wireguard/test_read_array_multi.sh new file mode 100755 index 0000000..c4d907d --- /dev/null +++ b/wireguard/test_read_array_multi.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +---ini file parameters list +unset PARAMS; +PARAMS=( +"RtrInterface;Interface Router" +"Rtr_Addr_Admin;Router Adresse Admin" +"Rtr_Addr_Public;Router Adresse Publique" +"Rrt_Port;Router IP Port" +"Rtr_Addr_Private;Router Adresse Privee" +"Rtr_CIDR_Mask;Router Adresse Privee CIDR Mask" +"Rtr_PUB_KEY;Router Public Key" +"Rtr_DNS;Clients DNS" +"Rtr_Route;Clients Route" +) + + +for PARAM in "${PARAMS[@]}" +do + Parameter=$(echo "$PARAM" | cut -f1 -d\;) + Description=$(echo "$PARAM" | cut -f2 -d\;) + echo -e "\n${Description} = ${Parameter}" + #eval 'read -p "Entrer ${PARAM} " Value' + #eval 'echo ${PARAM}=${Value} >> ${IniFile}' +done + + + + + +exit + + +for PARAM in "${PARAMS[@]}" +do + eval ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done diff --git a/wireguard/testing/gentest b/wireguard/testing/gentest new file mode 100755 index 0000000..3b23ea9 --- /dev/null +++ b/wireguard/testing/gentest @@ -0,0 +1,30 @@ +#!/bin/bash + + + +#---ini file parameters +unset PARAMS; +PARAMS=( +'Rtr_Addr_Public,Router Adresse Publique' +'Rrt_Port,Router Port' +'Rtr_Addr_Private,Router Adresse Privee' +'Rtr_CIDR_Mask,Router Private CIDR Mask' +'Rtr_PUB_KEY,Router Public Key' +) + + +for PARAM in "${PARAMS[@]}" +do + { IFS=, read Param Desc; } <<< ${PARAM} + read -p "Entrer ${Desc} : " Value + eval ${Param}="${Value}" +done + +echo -e "\n" +echo -e " +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Private = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY +" | column -t diff --git a/wireguard/wg01/client/Router001/mikrotik-peer-wg01-client-Router001.rsc b/wireguard/wg01/client/Router001/mikrotik-peer-wg01-client-Router001.rsc new file mode 100644 index 0000000..1a6f7e0 --- /dev/null +++ b/wireguard/wg01/client/Router001/mikrotik-peer-wg01-client-Router001.rsc @@ -0,0 +1,7 @@ +# WireGuard client peer configure +/interface wireguard peers +add allowed-address=10.100.99.2/32 comment=\ + wg01-client-Router001 interface=wg01 \ + preshared-key="evIsO6Pl6d9uFSkM0RrAzkYyVqbhBiG3+1XKaXgD5Ws=" public-key=\ + "xDaZbGDa+Q66zdmnH5Ngjh0byL7bMKEdKdlQ+3wNG0U=" + diff --git a/wireguard/wg01/client/Router001/wg01-client-Router001.conf b/wireguard/wg01/client/Router001/wg01-client-Router001.conf new file mode 100644 index 0000000..9fce102 --- /dev/null +++ b/wireguard/wg01/client/Router001/wg01-client-Router001.conf @@ -0,0 +1,10 @@ +[Interface] +PrivateKey = yMtyTz/gLwMLzbkmGriTRQeQu3vuuyStGz7LPv1f3GI= +Address = 10.100.99.2/32,fd42:64:63::2/128 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = oIZef/qKVdZm6sWzX3SqRs8Yr1wdJQEynKMtZ6+v32A= +PresharedKey = evIsO6Pl6d9uFSkM0RrAzkYyVqbhBiG3+1XKaXgD5Ws= +Endpoint = 172.16.16.136:13231 +AllowedIPs = 0.0.0.0/0,::/0 diff --git a/wireguard/wg01/client/Router001/wg01-client-Router001.png b/wireguard/wg01/client/Router001/wg01-client-Router001.png new file mode 100644 index 0000000..144afa5 Binary files /dev/null and b/wireguard/wg01/client/Router001/wg01-client-Router001.png differ diff --git a/wireguard/wg01/mikrotik/wg01.rsc b/wireguard/wg01/mikrotik/wg01.rsc new file mode 100644 index 0000000..12dd6f3 --- /dev/null +++ b/wireguard/wg01/mikrotik/wg01.rsc @@ -0,0 +1,101 @@ +# WireGuard interface configure +/interface wireguard +add listen-port=13231 mtu=1420 name=wg01 private-key="sLKaz0+jIgc3hkmob7tKXcRM1nAyKCzNn4IxhXOuv20=" +/ip address add address=10.100.99.1/24 comment=wg-wg01 interface=wg01 + +# WireGuard client peer configure +/interface wireguard peers +add allowed-address=10.100.99.2/32 comment=wg01-client-Router001 interface=wg01 \ + preshared-key="evIsO6Pl6d9uFSkM0RrAzkYyVqbhBiG3+1XKaXgD5Ws=" public-key=\ + "xDaZbGDa+Q66zdmnH5Ngjh0byL7bMKEdKdlQ+3wNG0U=" + + + + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) + + + +Users 10.1.40.0/24 +WG_Users Pub Key : EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +Usr_CCR1_Addr="66.171.167.250" +Usr_CCR1_Port="13233" + +Routers 10.1.41.0/24 +WG_Routers Pub Key : 9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw= +Rtr_CCR1_Addr="66.171.167.250" +Rtr_CCR1_Port="13232" + + + + +Guy EVOQ Config: +================= +[Interface] +ListenPort = 51821 +PrivateKey = IM73gYzzN3riY1KaqBAGoIyldE7a7KS6QLoaDKd/G3E= +Address = 10.1.40.3/32 +DNS = 10.1.3.40,10.1.3.41 + +[Peer] +PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +PresharedKey = em/aPlSnK78xQMABuaz7GEQ1+7FXFXE+lIoYGbZ9tRs= +Endpoint = 66.171.167.250:13233 +AllowedIPs = 10.0.0.0/8,192.168.0.0/24 +PersistentKeepalive = 25 + + + +Steve Config: +============= +[Interface] +ListenPort = 51822 +PrivateKey = OKQeBlkw7aoxtGfTlxVJpbRJqXwEzz38dk2gFShMHmI= +Address = 10.1.40.1/32 +DNS = 10.1.3.40,10.1.3.41 + +[Peer] +PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +PresharedKey = Va8qOJXqvb8GaNCLUf3yzoGYX2+wZZkKHe/d4i+/Rhs= +Endpoint = 66.171.167.250:13233 +AllowedIPs = 10.0.0.0/8,192.168.0.0/24 +PersistentKeepalive = 25 + + + + + + + + + + + + +add allowed-address=10.1.41.253/32,172.16.100.1/32 client-keepalive=10s comment="Router 253" interface=WG-Routers preshared-key="BqdyD7C+AyMFhs67vBjCSfL4dWe3XJ1uMDg6lLgYEe4=" public-key=\ + "UlkgLQIbXkJ2dsrik1aDvOLSQrSdPpPNVLJjejE1yRU=" + + + + + +endpoint-address=${Rtr_CCR1_Addr} endpoint-port=${Rtr_CCR1_Port} + + + + + + +/interface wireguard +add listen-port=13231 mtu=1420 name=wg01 private-key="8DcsFMmQVl3JyOXNuJvSiYaTqz6AqUECOSeIMDhijEA=" +/ip address add address=10.1.41.253/32 comment=wg-wg01 interface=wg01 + +/interface wireguard peers add allowed-address=10.0.0.0/8,192.168.0.0/24 client-keepalive=10 disabled=no comment="CCR1 Montreal" interface=wg01 \ + preshared-key="BqdyD7C+AyMFhs67vBjCSfL4dWe3XJ1uMDg6lLgYEe4=" public-key="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw=" + + + + + endpoint-address=66.171.167.250 diff --git a/wireguard/wg01/params b/wireguard/wg01/params new file mode 100644 index 0000000..b9f3464 --- /dev/null +++ b/wireguard/wg01/params @@ -0,0 +1,10 @@ +SERVER_PUB_IP=172.16.16.136 + +SERVER_WG_NIC=wg01 +SERVER_WG_IPV4=10.100.99.1 +SERVER_WG_IPV6=fd42:64:63::1 +SERVER_PORT=13231 +SERVER_PRIV_KEY=sLKaz0+jIgc3hkmob7tKXcRM1nAyKCzNn4IxhXOuv20= +SERVER_PUB_KEY=oIZef/qKVdZm6sWzX3SqRs8Yr1wdJQEynKMtZ6+v32A= +CLIENT_DNS_1=1.1.1.1 +CLIENT_DNS_2=8.8.8.8 diff --git a/wireguard/wg01/wg01.conf b/wireguard/wg01/wg01.conf new file mode 100644 index 0000000..8d58e41 --- /dev/null +++ b/wireguard/wg01/wg01.conf @@ -0,0 +1,10 @@ +[Interface] +Address = 10.100.99.1/24,fd42:64:63::1/64 +ListenPort = 13231 +PrivateKey = sLKaz0+jIgc3hkmob7tKXcRM1nAyKCzNn4IxhXOuv20= + +### Client Router001 +[Peer] +PublicKey = xDaZbGDa+Q66zdmnH5Ngjh0byL7bMKEdKdlQ+3wNG0U= +PresharedKey = evIsO6Pl6d9uFSkM0RrAzkYyVqbhBiG3+1XKaXgD5Ws= +AllowedIPs = 10.100.99.2/32,fd42:64:63::2/128 diff --git a/wireguard/wg2/client/Pixel4a/mikrotik-peer-wg2-client-Pixel4a.rsc b/wireguard/wg2/client/Pixel4a/mikrotik-peer-wg2-client-Pixel4a.rsc new file mode 100644 index 0000000..a22ed62 --- /dev/null +++ b/wireguard/wg2/client/Pixel4a/mikrotik-peer-wg2-client-Pixel4a.rsc @@ -0,0 +1,7 @@ +# WireGuard client peer configure +/interface wireguard peers +add allowed-address=10.135.135.2/32 comment=\ + wg2-client-Pixel4a interface=wg2 \ + preshared-key="ts81qK9plBC1Rjc4HrF0LbuaO7tb6it105pvGv/h2AY=" public-key=\ + "8C5Kz1OZklTqIhJSdA/+Bvz7pSUJYmStXQAjvITuHXQ=" + diff --git a/wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.conf b/wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.conf new file mode 100644 index 0000000..e188888 --- /dev/null +++ b/wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.conf @@ -0,0 +1,10 @@ +[Interface] +PrivateKey = SAaJsGUnGfuYx0SVUIEJZoPvcRhMWRtHS1LA6R5hzFM= +Address = 10.135.135.2/32,fd42:28:81::2/128 +DNS = 1.1.1.1,1.0.0.1 + +[Peer] +PublicKey = ZHUpmHK5DbMvicy4NyvUg9hzdmTVtk4Wj62l83KXt2U= +PresharedKey = ts81qK9plBC1Rjc4HrF0LbuaO7tb6it105pvGv/h2AY= +Endpoint = heh08h84mnt.sn.mynetname.net:13231 +AllowedIPs = 0.0.0.0/0,::/0 diff --git a/wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.png b/wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.png new file mode 100644 index 0000000..ee3a011 Binary files /dev/null and b/wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.png differ diff --git a/wireguard/wg2/mikrotik/wg2.rsc b/wireguard/wg2/mikrotik/wg2.rsc new file mode 100644 index 0000000..f7a6460 --- /dev/null +++ b/wireguard/wg2/mikrotik/wg2.rsc @@ -0,0 +1,17 @@ +# WireGuard interface configure +/interface wireguard +add listen-port=13231 mtu=1420 name=wg2 private-key=\ + "OEXvhk5+MgNqThAjxuYcAXobUCOC+BnkVLXw3Kwm1V0=" +/ip firewall filter +add action=accept chain=input comment=wg-wg2 dst-port=13231 protocol=udp +/ip firewall filter move [/ip firewall filter find comment=wg-wg2] 1 +/ip address +add address=10.135.135.1/24 comment=wg-wg2 interface=wg2 + +# WireGuard client peer configure +/interface wireguard peers +add allowed-address=10.135.135.2/32 comment=\ + wg2-client-Pixel4a interface=wg2 \ + preshared-key="ts81qK9plBC1Rjc4HrF0LbuaO7tb6it105pvGv/h2AY=" public-key=\ + "8C5Kz1OZklTqIhJSdA/+Bvz7pSUJYmStXQAjvITuHXQ=" + diff --git a/wireguard/wg2/params b/wireguard/wg2/params new file mode 100644 index 0000000..41f420a --- /dev/null +++ b/wireguard/wg2/params @@ -0,0 +1,10 @@ +SERVER_PUB_IP=heh08h84mnt.sn.mynetname.net + +SERVER_WG_NIC=wg2 +SERVER_WG_IPV4=10.135.135.1 +SERVER_WG_IPV6=fd42:28:81::1 +SERVER_PORT=13231 +SERVER_PRIV_KEY=OEXvhk5+MgNqThAjxuYcAXobUCOC+BnkVLXw3Kwm1V0= +SERVER_PUB_KEY=ZHUpmHK5DbMvicy4NyvUg9hzdmTVtk4Wj62l83KXt2U= +CLIENT_DNS_1=1.1.1.1 +CLIENT_DNS_2=1.0.0.1 diff --git a/wireguard/wg2/wg2.conf b/wireguard/wg2/wg2.conf new file mode 100644 index 0000000..84d2919 --- /dev/null +++ b/wireguard/wg2/wg2.conf @@ -0,0 +1,10 @@ +[Interface] +Address = 10.135.135.1/24,fd42:28:81::1/64 +ListenPort = 13231 +PrivateKey = OEXvhk5+MgNqThAjxuYcAXobUCOC+BnkVLXw3Kwm1V0= + +### Client Pixel4a +[Peer] +PublicKey = 8C5Kz1OZklTqIhJSdA/+Bvz7pSUJYmStXQAjvITuHXQ= +PresharedKey = ts81qK9plBC1Rjc4HrF0LbuaO7tb6it105pvGv/h2AY= +AllowedIPs = 10.135.135.2/32,fd42:28:81::2/128 diff --git a/wireguard/wg3/client/pogo/mikrotik-peer-wg3-client-pogo.rsc b/wireguard/wg3/client/pogo/mikrotik-peer-wg3-client-pogo.rsc new file mode 100644 index 0000000..89debd3 --- /dev/null +++ b/wireguard/wg3/client/pogo/mikrotik-peer-wg3-client-pogo.rsc @@ -0,0 +1,7 @@ +# WireGuard client peer configure +/interface wireguard peers +add allowed-address=172.16.254.6/32 comment=\ + wg3-client-pogo interface=wg3 \ + preshared-key="S1P4YbYgT8C+A5sVbnZD+Cl69C/rvq8lNnBPI2u36Xc=" public-key=\ + "Jsvkuk+YxJjpCasQ3ecGaZ+Xz1FazjVVL+IeZZX+GHI=" + diff --git a/wireguard/wg3/client/pogo/wg3-client-pogo.conf b/wireguard/wg3/client/pogo/wg3-client-pogo.conf new file mode 100644 index 0000000..083931d --- /dev/null +++ b/wireguard/wg3/client/pogo/wg3-client-pogo.conf @@ -0,0 +1,10 @@ +[Interface] +PrivateKey = mC7ljsSRDscDaG42x2878ZyiG1xPa0PBos/Sv4S59m0= +Address = 172.16.254.6/32,fd42:65:63::6/128 +DNS = 172.16.254.5,1.1.1.1 + +[Peer] +PublicKey = vH29JWx4oamEfJFSOGQspPtHmMuLY1lC5jiFsgu6hio= +PresharedKey = S1P4YbYgT8C+A5sVbnZD+Cl69C/rvq8lNnBPI2u36Xc= +Endpoint = ingt.dyndns.org:14322 +AllowedIPs = 0.0.0.0/0,::/0 diff --git a/wireguard/wg3/client/pogo/wg3-client-pogo.png b/wireguard/wg3/client/pogo/wg3-client-pogo.png new file mode 100644 index 0000000..105d227 Binary files /dev/null and b/wireguard/wg3/client/pogo/wg3-client-pogo.png differ diff --git a/wireguard/wg3/mikrotik/wg3.rsc b/wireguard/wg3/mikrotik/wg3.rsc new file mode 100644 index 0000000..fb66145 --- /dev/null +++ b/wireguard/wg3/mikrotik/wg3.rsc @@ -0,0 +1,17 @@ +# WireGuard interface configure +/interface wireguard +add listen-port=14322 mtu=1420 name=wg3 private-key=\ + "YI4o0wICXciiX8aP/ZEhwqZk9VhoCxUbzG7TTuRmsVc=" +/ip firewall filter +add action=accept chain=input comment=wg-wg3 dst-port=14322 protocol=udp +/ip firewall filter move [/ip firewall filter find comment=wg-wg3] 1 +/ip address +add address=172.16.254.5/24 comment=wg-wg3 interface=wg3 + +# WireGuard client peer configure +/interface wireguard peers +add allowed-address=172.16.254.6/32 comment=\ + wg3-client-pogo interface=wg3 \ + preshared-key="S1P4YbYgT8C+A5sVbnZD+Cl69C/rvq8lNnBPI2u36Xc=" public-key=\ + "Jsvkuk+YxJjpCasQ3ecGaZ+Xz1FazjVVL+IeZZX+GHI=" + diff --git a/wireguard/wg3/params b/wireguard/wg3/params new file mode 100644 index 0000000..092975d --- /dev/null +++ b/wireguard/wg3/params @@ -0,0 +1,10 @@ +SERVER_PUB_IP=ingt.dyndns.org + +SERVER_WG_NIC=wg3 +SERVER_WG_IPV4=172.16.254.5 +SERVER_WG_IPV6=fd42:65:63::1 +SERVER_PORT=14322 +SERVER_PRIV_KEY=YI4o0wICXciiX8aP/ZEhwqZk9VhoCxUbzG7TTuRmsVc= +SERVER_PUB_KEY=vH29JWx4oamEfJFSOGQspPtHmMuLY1lC5jiFsgu6hio= +CLIENT_DNS_1=172.16.254.5 +CLIENT_DNS_2=1.1.1.1 diff --git a/wireguard/wg3/wg3.conf b/wireguard/wg3/wg3.conf new file mode 100644 index 0000000..403a548 --- /dev/null +++ b/wireguard/wg3/wg3.conf @@ -0,0 +1,10 @@ +[Interface] +Address = 172.16.254.5/24,fd42:65:63::1/64 +ListenPort = 14322 +PrivateKey = YI4o0wICXciiX8aP/ZEhwqZk9VhoCxUbzG7TTuRmsVc= + +### Client pogo +[Peer] +PublicKey = Jsvkuk+YxJjpCasQ3ecGaZ+Xz1FazjVVL+IeZZX+GHI= +PresharedKey = S1P4YbYgT8C+A5sVbnZD+Cl69C/rvq8lNnBPI2u36Xc= +AllowedIPs = 172.16.254.6/32,fd42:65:63::6/128 diff --git a/wireguard/wireguard b/wireguard/wireguard new file mode 100644 index 0000000..0636c8f --- /dev/null +++ b/wireguard/wireguard @@ -0,0 +1,3 @@ +/ip address add address=172.14.40.004/32 comment=WG-CTG interface=wg-ctg +/interface wireguard peers add allowed-address=172.16.254.004/32 client-keepalive=10 disabled=no comment="2" \ +interface=WG-Devices preshared-key="efrLuDEVeDNpj13qlIqbjCiKlPVxE8T+hLt+2gQHF40=" public-key="lRlZ5uUBQsCH4G259f+q2yKAH4rxc2y+KHDlHaksmwo=" diff --git a/wireguard/wireguard-evoq.sh b/wireguard/wireguard-evoq.sh new file mode 100755 index 0000000..4c451d3 --- /dev/null +++ b/wireguard/wireguard-evoq.sh @@ -0,0 +1,316 @@ +#!/bin/bash + + +#=================== Environment =============================================== +# +ScriptName=$(basename "$0") +SshUser=ansible +#SshKey="/home/wireguard/.ssh/ansible_evoq_rsa" +SshKey="/home/boig01/.ssh/ansible_evoq_rsa" +#BaseDir="/home/wireguard" +BaseDir="/dev/shm" +CCR1=10.1.8.11 +CCR2=10.1.8.12 +Version=240222_1842 +CORP="EVOQ" +TmpUserList=$(mktemp -p /dev/shm) + +# Wireguard For Routers +RtrCCR1Int=WG-Routers +RtrCCR1PubKey="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw=" +RtrCCR1Prefix="10.1.32" +RtrCCR1Address="10.1.32.254/24" +RtrCCR1Port=13232 +WgRtrDir="${BaseDir}/routers" + +# Wireguard For Users +UsrCCR1Int=WG-Users +UsrCCR1PubKey="EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY=" +UsrCCR1Prefix="10.1.33" +UsrCCR1Address="10.1.33.254/24" +UsrCCR1Port=13233 +WgUsrDir="${BaseDir}/users" + +YELLOW='\033[0;33«m' +GREEN='\033[0;32m' +RED='\033[0;31m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + + +# Create paths if not there +[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" +[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}" + + + +#=================== function Info ============================================= +# +# Avec date / time prefix +# +Info() { printf "${GREEN} %s ${NC} %s\n" "$( date +%F_%T )" "$*" >&2; } # send to stderr + + +#=================== function Message ========================================== +# +Message() { printf "${GREEN}%s ${NC}\n" "$*" ;} # send to stderr + + + +#=================== function Help ============================================= +# +function Help () +{ +echo -e " +usage: $ScriptName [options] + + -l List WireGuard clients on CCR1 + -h This help + +" +} + + +#=================== function addCCR1 ========================================== +# +function addCCR1() { + local Router="$1" + echo -e "\nAdding ${Router} Wireguard account to CCR1..." + ssh -i ${SSHKey} ansible@${CCR1} "/ppp secret add local-address=10.1.31.254 name=${Router} password=${L2TPPass} remote-address=${CCRSideIP} routes=\"${ip_Subnet} $CCRSideIP 1\" service=l2tp" + + if [ $? = 0 ] + then + echo "${Router} Wireguard account successfully added to CCR1" + else + echo "Failed to add ${Router} Wireguard account to CCR1" + fi +} + + +#=================== function newClient ======================================= +# +function newClient() { + ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}" + + echo "" + echo "Tell me a name for the client." + echo "The name must consist of alphanumeric character. It may also include an underscore or a dash and can't exceed 15 chars." + + until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do + read -rp "Client name: " -e CLIENT_NAME + CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${CLIENT_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified name was already created, please choose another name." + echo "" + fi + done + + for DOT_IP in {2..254}; do + DOT_EXISTS=$(grep -c "${SERVER_WG_IPV4::-1}${DOT_IP}" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + if [[ ${DOT_EXISTS} == '0' ]]; then + break + fi + done + + if [[ ${DOT_EXISTS} == '1' ]]; then + echo "" + echo "The subnet configured supports only 253 clients." + exit 99 + fi + + BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }') + until [[ ${IPV4_EXISTS} == '0' ]]; do + read -rp "Client's WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP + CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}" + IPV4_EXISTS=$(grep -c "$CLIENT_WG_IPV4/24" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV4_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv4 was already created, please choose another IPv4." + echo "" + fi + done + + BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }') + until [[ ${IPV6_EXISTS} == '0' ]]; do + read -rp "Client's WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP + CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}" + IPV6_EXISTS=$(grep -c "${CLIENT_WG_IPV6}/64" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV6_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv6 was already created, please choose another IPv6." + echo "" + fi + done + + # Generate key pair for the client + CLIENT_PRIV_KEY=$(wg genkey) + CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) + CLIENT_PRE_SHARED_KEY=$(wg genpsk) + + mkdir -p "$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" >/dev/null 2>&1 + HOME_DIR="$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" + + # Create client file and add the server as a peer + echo "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128 +DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} + +[Peer] +PublicKey = ${SERVER_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +Endpoint = ${ENDPOINT} +AllowedIPs = 0.0.0.0/0,::/0" >>"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + # Add the client as a peer to the MikroTik (to client folder) + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >"${HOME_DIR}/mikrotik-peer-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" + + # Add the client as a peer to the MikroTik + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >> "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + + # Add the client as a peer to the server + echo -e "\n### Client ${CLIENT_NAME} +[Peer] +PublicKey = ${CLIENT_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf" + + echo -e "\nHere is your client config file as a QR Code:" + + qrencode -t ansiutf8 -l L <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + qrencode -l L -s 6 -d 225 -o "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + echo -e "${INFO} Config available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + echo -e "${INFO} QR is also available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" + echo -e "${INFO} MikroTik peer config available in ${HOME_DIR}/mikrotik-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" +} + + + + +#=================== function manageMenu ====================================== +# +function manageMenu() { + echo "" + echo "It looks like this WireGuard interface is already." + echo "" + echo "What do you want to do?" + echo " 1) Add a new client" + echo " 2) Exit" + until [[ ${MENU_OPTION} =~ ^[1-4]$ ]]; do + read -rp "Select an option [1-2]: " MENU_OPTION + done + case "${MENU_OPTION}" in + 1) + newClient + ;; + 2) + exit 0 + ;; + esac +} + + + +#=================== function listConfs ======================================= +# +function listConfs() { + local directory + directory="$(pwd)/wireguard" + + if [ -d "${directory}" ]; then + echo "List of existing configurations:" + i=1 + for folder in "${directory}"/*/; do + local users count folder_name + users="${folder}/client/" + count=$(find "$users" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | wc -l) + folder_name=$(basename "${folder}") + echo "${i}. ${folder_name} [${count} user(s)]" + ((i++)) + done + fi + echo "" +} + + +#=================== function listCCR1 ========================================= +# +# Filter 1: enlever les ";" et remplacer ^m par LF +# Filter 2: Grouper 2 lignes consecutives +# Filter 3: Print field #4 et #3 +# +function ListCCR() { + +Message "User List" +ssh -i $SshKey ${SshUser}@${CCR1} "/interface/wireguard/peers/print proplist=comment,interface" \ + | grep User | tr -d ";" | sed -e "s/\r//g" \ + | awk 'NR%2 {printf("%s ", $0); next} {print $0}' \ + | awk '{print $4, $3}' | tee ${TmpUserList} + +LastEntry=$(cat ${TmpUserList} | sort -r | head -1 | awk '{ print $1 }') +NextEntry=$(($LastEntry+1)) +echo -e " +Last Entry = $LastEntry +Next Entry = $NextEntry +" +} + + +#=================== MAIN ===================================================== +# +echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator\n" + +((!$#)) && Help && exit + + +while getopts cfhl option +do + case "${option}" in + c) BoolCreate=1 ;; + f) VarFileLog=1;; + h) Help + exit 0;; + l) ListCCR ;; + *) Help + exit 1;; + esac +done + + +rm -f ${TmpUserList} +exit + +#? Check for root, OS, WireGuard +installCheck + +listConfs + +#? Check server exist +serverName + +#? Check if WireGuard is already installed and load params +if [[ -e $(pwd)/wireguard/${SERVER_WG_NIC}/params ]]; then + # shellcheck source=/dev/null + source "$(pwd)/wireguard/${SERVER_WG_NIC}/params" + manageMenu +else + newInterface +fi + diff --git a/wireguard/wireguard-evoq.sh.NOTES b/wireguard/wireguard-evoq.sh.NOTES new file mode 100644 index 0000000..f571a2b --- /dev/null +++ b/wireguard/wireguard-evoq.sh.NOTES @@ -0,0 +1,111 @@ +inférence + +WG-Users +======== +Public Key: cat4H07058+1VLQu2ns9tWGImfMx0hrHZI6F9WTsFR8= + +Win10 10.100.100.100 Elair-Riverra661 + + + + +/interface/wireguard/peers/add allowed-address=10.100.99.101 interface=WG-Users persistent-keepalive=10 public-key= + + + +https://github.com/IgorKha/wireguard-mikrotik + + + + + + + + + +[i] Config available in /home/boig01/temp/wireguard/wg01/client/Laptop/wg01-client-Laptop.conf +[i] QR is also available in /home/boig01/temp/wireguard/wg01/client/Laptop/wg01-client-Laptop.png +[i] MikroTik peer config available in /home/boig01/temp/wireguard/wg01/client/Laptop/mikrotik-wg01-client-Laptop.rsc +[i] MikroTik interface config available in /home/boig01/temp/wireguard/wg01/mikrotik/wg01.rsc +[i] If you want to add more clients, you simply need to run this script another time! + + + + + + +mikrotik/wg01.rsc +================= +# WireGuard interface configure +/interface wireguard +add listen-port=13231 mtu=1420 name=wg01 private-key=\ + "mHAePE+zX9qDM9VyN0PZ5wolk3RY7c+dZgAsOdvw/HA=" +/ip firewall filter +add action=accept chain=input comment=wg-wg01 dst-port=13231 protocol=udp +/ip firewall filter move [/ip firewall filter find comment=wg-wg01] 1 +/ip address +add address=10.100.99.1/24 comment=wg-wg01 interface=wg01 + +# WireGuard client peer configure +/interface wireguard peers +add allowed-address=10.100.99.2/32 comment=\ + wg01-client-Laptop interface=wg01 \ + preshared-key="6V1dSygIB9cfq//EKLZmVl4qLVmKgHAqqeGQt84uvqY=" public-key=\ + "gwi0ou0D2fWFcB1WNcarGHUu31DG1InGu39EryMnSGc=" + + +client/Laptop/wg01-client-Laptop.conf +===================================== +[Interface] +PrivateKey = YJ+4MBqJj/uoJFatfkh5yDghJUDmigKhxiT50vMSP0A= +Address = 10.100.99.2/32,fd42:55:24::2/128 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = Oe03xZcw+Fj0s2WwLTyg7mW7bm0p7gwKFnoNWXbciE8= +PresharedKey = 6V1dSygIB9cfq//EKLZmVl4qLVmKgHAqqeGQt84uvqY= +Endpoint = 172.16.16.136:13231 +AllowedIPs = 0.0.0.0/0,::/0 + + + + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +echo -e "CLIENT_PUB_KEY: $CLIENT_PUB_KEY \nCLIENT_PRE_SHARED_KEY: $CLIENT_PRE_SHARED_KEY" + + + + +echo "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128 +DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} + +[Peer] +PublicKey = ${SERVER_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +Endpoint = ${ENDPOINT} +AllowedIPs = 0.0.0.0/0,::/0" >>"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + # Add the client as a peer to the MikroTik (to client folder) + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >"${HOME_DIR}/mikrotik-peer-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" + + # Add the client as a peer to the MikroTik + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" +" >> "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + + diff --git a/wireguard/wireguard-mikrotik.sh b/wireguard/wireguard-mikrotik.sh new file mode 100644 index 0000000..62091e1 --- /dev/null +++ b/wireguard/wireguard-mikrotik.sh @@ -0,0 +1,477 @@ +#!/usr/bin/env bash + +BLUE='\033[0;34m' +NC='\033[0m' +INFO="${BLUE}[i]${NC}" + +function checkOS() { + + #? Check OS version + if [[ -e /etc/debian_version ]]; then + # shellcheck source=/dev/null + source /etc/os-release + OS="${ID}" # debian or ubuntu + if [[ ${ID} == "debian" || ${ID} == "raspbian" ]]; then + if [[ ${VERSION_ID} -lt 10 ]]; then + echo "Your version of Debian (${VERSION_ID}) is not supported. Please use Debian 10 Buster or later" + exit 95 + fi + OS=debian #* overwrite if raspbian + fi + elif [[ -e /etc/fedora-release ]]; then + # shellcheck source=/dev/null + source /etc/os-release + OS="${ID}" + elif [[ -e /etc/centos-release ]]; then + # shellcheck source=/dev/null + source /etc/os-release + OS=centos + elif [[ -e /etc/oracle-release ]]; then + # shellcheck source=/dev/null + source /etc/os-release + OS=oracle + elif [[ -e /etc/arch-release ]]; then + OS=arch + elif [[ "$(uname -s)" == "Darwin" ]]; then + OS=macos + else + echo "Looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, Oracle or Arch Linux system" + exit 95 + fi + export OS +} + +function installWireGuard() { + + #? Check root user + if [[ "${EUID}" -ne 0 ]] && [[ "${OS}" != "macos" ]]; then + echo "" + echo "You need to run this script as root" + echo "" + exit 13 + fi + + #? Install WireGuard tools and module + if [[ ${OS} == 'ubuntu' ]] || [[ ${OS} == 'debian' && ${VERSION_ID} -gt 10 ]]; then + apt-get update + apt-get install -y wireguard qrencode + elif [[ ${OS} == 'debian' ]]; then + if ! grep -rqs "^deb .* buster-backports" /etc/apt/; then + echo "deb http://deb.debian.org/debian buster-backports main" >/etc/apt/sources.list.d/backports.list + apt-get update + fi + apt update + apt-get install -y qrencode + apt-get install -y -t buster-backports wireguard + elif [[ ${OS} == 'fedora' ]]; then + if [[ ${VERSION_ID} -lt 32 ]]; then + dnf install -y dnf-plugins-core + dnf copr enable -y jdoss/wireguard + dnf install -y wireguard-dkms + fi + dnf install -y wireguard-tools qrencode + elif [[ ${OS} == 'centos' ]]; then + yum -y install epel-release elrepo-release + if [[ ${VERSION_ID} -eq 7 ]]; then + yum -y install yum-plugin-elrepo + fi + yum -y install kmod-wireguard wireguard-tools qrencode + elif [[ ${OS} == 'oracle' ]]; then +https://www.dataroma.com/m/m_activity.php?m=GC&typ=b dnf install -y oraclelinux-developer-release-el8 + dnf config-manager --disable -y ol8_developer + dnf config-manager --enable -y ol8_developer_UEKR6 + dnf config-manager --save -y --setopt=ol8_developer_UEKR6.includepkgs='wireguard-tools*' + dnf install -y wireguard-tools qrencode + elif [[ ${OS} == 'arch' ]]; then + pacman -Sq --needed --noconfirm wireguard-tools qrencode + elif [[ ${OS} == 'macos' ]]; then + if ! command -v brew &> /dev/null + then + echo "" + echo "Brew is not installed. Please install it and run this script again." + echo "https://brew.sh/" + exit 1 + fi + brew install wireguard-tools qrencode + fi + echo "" + echo "The installation is complete. Now you need to re-run the script with user access rights (not root)." + echo "" + exit 0 +} + +function installCheck() { + if ! command -v wg &> /dev/null + then + echo "You must have \"wireguard-tools\" and \"qrencode\" installed." + read -n1 -r -p "Press any key to continue and install needed packages..." + installWireGuard + fi +} + +function serverName() { + until [[ ${SERVER_WG_NIC} =~ ^[a-zA-Z0-9_]+$ && ${#SERVER_WG_NIC} -lt 16 ]]; do + echo "Tell me a name for the server WireGuard interface. ('wg0' is used by default)" + read -rp "WireGuard interface name (server name): " -e SERVER_WG_NIC + SERVER_WG_NIC=${SERVER_WG_NIC:-wg0} + done +} + +function installQuestions() { + echo "I need to ask you a few questions before starting the setup." + echo "You can leave the default options and just press enter if you are ok with them." + echo "" + + # Detect public IPv4 or IPv6 address and pre-fill for the user + SERVER_PUB_IP=$(host myip.opendns.com resolver1.opendns.com | grep -oE 'has address [0-9.]+' | cut -d ' ' -f3) + echo "Your public IPv4 address is ${SERVER_PUB_IP}" + if [[ -z ${SERVER_PUB_IP} ]]; then + # Detect public IPv6 address + if [[ ${OS} == "macos" ]]; then + # Detect public IPv6 address on macOS + SERVER_PUB_IP=$(ifconfig | grep -A4 'en0:' | grep 'inet6' | awk '{print $2}') + else + # Detect public IPv6 address on Linux + SERVER_PUB_IP=$(ip -6 addr | sed -ne 's|^.* inet6 \([^/]*\)/.* scope global.*$|\1|p' | head -1) + fi + fi + + # while true; do + # read -rp "Enter IPv4 or IPv6 public address: " -e -i "${SERVER_PUB_IP}" SERVER_PUB_IP + while true; do + read -rp "Enter IPv4 or IPv6 public address [default used ${SERVER_PUB_IP}]: " -e USER_INPUT_SERVER_PUB_IP + SERVER_PUB_IP=${USER_INPUT_SERVER_PUB_IP:-$SERVER_PUB_IP} + if [[ ${SERVER_PUB_IP} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + break + elif [[ ${SERVER_PUB_IP} =~ ^[0-9a-fA-F:]+:[0-9a-fA-F:]*$ ]]; then + SERVER_PUB_IP="[${SERVER_PUB_IP}]" + break + else + echo "Invalid IP address. Please enter a valid IPv4 or IPv6 address." + fi + done + + until [[ ${SERVER_WG_IPV4} =~ ^([0-9]{1,3}\.){3} ]]; do + # read -rp "Server's WireGuard IPv4: " -e -i 10."$(shuf -i 0-250 -n 1)"."$(shuf -i 0-250 -n 1)".1 SERVER_WG_IPV4 + if [[ ${OS} == "macos" ]]; then + SERVER_WG_IPV4="10.$(jot -r 1 0 250).$(jot -r 1 0 250).1" + read -rp "Server's WireGuard IPv4 [default used ${SERVER_WG_IPV4}]: " -e USER_INPUT_SERVER_WG_IPV4 + SERVER_WG_IPV4=${USER_INPUT_SERVER_WG_IPV4:-$SERVER_WG_IPV4} + else + read -rp "Server's WireGuard IPv4: " -e -i 10."$(shuf -i 0-250 -n 1)"."$(shuf -i 0-250 -n 1)".1 SERVER_WG_IPV4 + fi + done + + until [[ ${SERVER_WG_IPV6} =~ ^([a-f0-9]{1,4}:){3,4}: ]]; do + # read -rp "Server's WireGuard IPv6: " -e -i fd42:"$(shuf -i 10-90 -n 1)":"$(shuf -i 10-90 -n 1)"::1 SERVER_WG_IPV6 + if [[ ${OS} == 'macos' ]]; then + SERVER_WG_IPV6="fd42:$(jot -r 1 10 90):$(jot -r 1 10 90)::1" + read -rp "Server's WireGuard IPv6 [default used ${SERVER_WG_IPV6}]: " -e USER_INPUT_SERVER_WG_IPV6 + SERVER_WG_IPV6=${USER_INPUT_SERVER_WG_IPV6:-$SERVER_WG_IPV6} + else + read -rp "Server's WireGuard IPv6: " -e -i fd42:"$(shuf -i 10-90 -n 1)":"$(shuf -i 10-90 -n 1)"::1 SERVER_WG_IPV6 + fi + done + + # Generate random number within private ports range + RANDOM_PORT=$(shuf -i 49152-65535 -n1) + until [[ ${SERVER_PORT} =~ ^[0-9]+$ ]] && [ "${SERVER_PORT}" -ge 1 ] && [ "${SERVER_PORT}" -le 65535 ]; do + # read -rp "Server's WireGuard port [1-65535]: " -e -i "${RANDOM_PORT}" SERVER_PORT + if [[ ${OS} == 'macos' ]]; then + read -rp "Server's WireGuard port [1-65535] [default ${RANDOM_PORT}]: " -e USER_INPUT_SERVER_PORT + SERVER_PORT=${USER_INPUT_SERVER_PORT:-$RANDOM_PORT} + else + read -rp "Server's WireGuard port [1-65535]: " -e -i "${RANDOM_PORT}" SERVER_PORT + fi + done + + # Adguard DNS by default + until [[ ${CLIENT_DNS_1} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do + # read -rp "First DNS resolver to use for the clients: " -e -i 94.140.14.14 CLIENT_DNS_1 + if [[ ${OS} == 'macos' ]]; then + CLIENT_DNS_1='94.140.14.14' + read -rp "First DNS resolver to use for the clients [default ${CLIENT_DNS_1}]: " -e USER_INPUT_CLIENT_DNS_1 + CLIENT_DNS_1=${USER_INPUT_CLIENT_DNS_1:-$CLIENT_DNS_1} + else + read -rp "First DNS resolver to use for the clients: " -e -i 94.140.14.14 CLIENT_DNS_1 + fi + done + until [[ ${CLIENT_DNS_2} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do + if [[ ${OS} == 'macos' ]]; then + CLIENT_DNS_DEF_2='94.140.15.15' + read -rp "Second DNS resolver to use for the clients (optional) [default ${CLIENT_DNS_DEF_2}]: " -e USER_INPUT_CLIENT_DNS_2 + CLIENT_DNS_2=${USER_INPUT_CLIENT_DNS_2:-$CLIENT_DNS_DEF_2} + else + read -rp "Second DNS resolver to use for the clients (optional): " -e -i 94.140.15.15 CLIENT_DNS_2 + if [[ ${CLIENT_DNS_2} == "" ]]; then + CLIENT_DNS_2="${CLIENT_DNS_1}" + fi + fi + done + + echo "" + echo "Okay, that was all I needed. We are ready to setup your WireGuard server now." + echo "You will be able to generate a client at the end of the installation." + read -n1 -r -p "Press any key to continue..." +} + +function newInterface() { + # Run setup questions first + installQuestions + + # Make sure the directory exists (this does not seem the be the case on fedora) + mkdir -p "$(pwd)"/wireguard/"${SERVER_WG_NIC}"/mikrotik >/dev/null 2>&1 + + SERVER_PRIV_KEY=$(wg genkey) + SERVER_PUB_KEY=$(echo "${SERVER_PRIV_KEY}" | wg pubkey) + + # Save WireGuard settings #SERVER_PUB_NIC=${SERVER_PUB_NIC} + echo "SERVER_PUB_IP=${SERVER_PUB_IP} + +SERVER_WG_NIC=${SERVER_WG_NIC} +SERVER_WG_IPV4=${SERVER_WG_IPV4} +SERVER_WG_IPV6=${SERVER_WG_IPV6} +SERVER_PORT=${SERVER_PORT} +SERVER_PRIV_KEY=${SERVER_PRIV_KEY} +SERVER_PUB_KEY=${SERVER_PUB_KEY} +CLIENT_DNS_1=${CLIENT_DNS_1} +CLIENT_DNS_2=${CLIENT_DNS_2}" > "$(pwd)/wireguard/${SERVER_WG_NIC}/params" + + # Save WireGuard settings to the MikroTik + echo "# WireGuard interface configure +/interface wireguard +add listen-port=${SERVER_PORT} mtu=1420 name=${SERVER_WG_NIC} private-key=\\ + \"${SERVER_PRIV_KEY}\" +/ip firewall filter +add action=accept chain=input comment=wg-${SERVER_WG_NIC} dst-port=${SERVER_PORT} protocol=udp +/ip firewall filter move [/ip firewall filter find comment=wg-${SERVER_WG_NIC}] 1 +/ip address +add address=${SERVER_WG_IPV4}/24 comment=wg-${SERVER_WG_NIC} interface=${SERVER_WG_NIC} + " > "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + + + # Add server interface + echo "[Interface] +Address = ${SERVER_WG_IPV4}/24,${SERVER_WG_IPV6}/64 +ListenPort = ${SERVER_PORT} +PrivateKey = ${SERVER_PRIV_KEY}" > "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf" + + newClient + echo -e "${INFO} MikroTik interface config available in $(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + echo -e "${INFO} If you want to add more clients, you simply need to run this script another time!" + +} + +function newClient() { + ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}" + + echo "" + echo "Tell me a name for the client." + echo "The name must consist of alphanumeric character. It may also include an underscore or a dash and can't exceed 15 chars." + + until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do + read -rp "Client name: " -e CLIENT_NAME + CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${CLIENT_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified name was already created, please choose another name." + echo "" + fi + done + + for DOT_IP in {2..254}; do + if [[ ${OS} == 'macos' ]]; then + DOT_EXISTS=$(grep -c "$(echo "${SERVER_WG_IPV4}" | rev | cut -c 2- | rev)${DOT_IP}" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + else + DOT_EXISTS=$(grep -c "${SERVER_WG_IPV4::-1}${DOT_IP}" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + fi + if [[ ${DOT_EXISTS} == '0' ]]; then + break + fi + done + + if [[ ${DOT_EXISTS} == '1' ]]; then + echo "" + echo "The subnet configured supports only 253 clients." + exit 99 + fi + + BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }') + until [[ ${IPV4_EXISTS} == '0' ]]; do + if [[ ${OS} == 'macos' ]]; then + read -rp "Client's WireGuard IPv4 [default used ${BASE_IP}.${DOT_IP}]: " -e USER_INPUT_DOT_IP + DOT_IP=${USER_INPUT_DOT_IP:-$DOT_IP} + else + read -rp "Client's WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP + fi + CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}" + IPV4_EXISTS=$(grep -c "$CLIENT_WG_IPV4/24" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV4_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv4 was already created, please choose another IPv4." + echo "" + fi + done + + BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }') + until [[ ${IPV6_EXISTS} == '0' ]]; do + if [[ ${OS} == 'macos' ]]; then + read -rp "Client's WireGuard IPv6 [default used ${BASE_IP}::${DOT_IP}]: " -e USER_INPUT_DOT_IP + DOT_IP=${USER_INPUT_DOT_IP:-$DOT_IP} + else + read -rp "Client's WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP + fi + CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}" + IPV6_EXISTS=$(grep -c "${CLIENT_WG_IPV6}/64" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV6_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv6 was already created, please choose another IPv6." + echo "" + fi + done + + # Asking for client's allowed IPs + until [[ ${ALLOWED_IPV4} =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ ]]; do + if [[ ${OS} == 'macos' ]]; then + ALLOWED_IPV4="0.0.0.0/0" + read -rp "Client's allowed IPv4 [default used ${ALLOWED_IPV4}]: " -e USER_INPUT_ALLOWED_IPV4 + ALLOWED_IPV4=${USER_INPUT_ALLOWED_IPV4:-$ALLOWED_IPV4} + else + read -rp "Client's allowed IPv4: " -e -i "0.0.0.0/0" ALLOWED_IPV4 + fi + done + + until [[ ${ALLOWED_IPV6} =~ ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))(\/((1(1[0-9]|2[0-8]))|([0-9][0-9])|([0-9])))?$ ]]; do + if [[ ${OS} == 'macos' ]]; then + ALLOWED_IPV6="::/0" + read -rp "Client's allowed IPv6 [default used ${ALLOWED_IPV6}]: " -e USER_INPUT_ALLOWED_IPV6 + ALLOWED_IPV6=${USER_INPUT_ALLOWED_IPV6:-$ALLOWED_IPV6} + else + read -rp "Client's allowed IPv6: " -e -i "::/0" ALLOWED_IPV6 + fi + done + + # Generate key pair for the client + CLIENT_PRIV_KEY=$(wg genkey) + CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) + CLIENT_PRE_SHARED_KEY=$(wg genpsk) + + mkdir -p "$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" >/dev/null 2>&1 + HOME_DIR="$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" + + # Create client file and add the server as a peer + echo "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128 +DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} + +[Peer] +PublicKey = ${SERVER_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +Endpoint = ${ENDPOINT} +AllowedIPs = ${ALLOWED_IPV4},${ALLOWED_IPV6}" >>"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + # Add the client as a peer to the MikroTik (to client folder) + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >"${HOME_DIR}/mikrotik-peer-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" + + # Add the client as a peer to the MikroTik + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >> "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + + # Add the client as a peer to the server + echo -e "\n### Client ${CLIENT_NAME} +[Peer] +PublicKey = ${CLIENT_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf" + + echo -e "\nHere is your client config file as a QR Code:" + + qrencode -t ansiutf8 -l L <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + qrencode -l L -s 6 -d 225 -o "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + echo -e "${INFO} Config available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + echo -e "${INFO} QR is also available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" + echo -e "${INFO} MikroTik peer config available in ${HOME_DIR}/mikrotik-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" +} + +function manageMenu() { + echo "" + echo "It looks like this WireGuard interface is already." + echo "" + echo "What do you want to do?" + echo " 1) Add a new client" + echo " 2) Exit" + until [[ ${MENU_OPTION} =~ ^[1-4]$ ]]; do + read -rp "Select an option [1-2]: " MENU_OPTION + done + case "${MENU_OPTION}" in + 1) + newClient + ;; + 2) + exit 0 + ;; + esac +} + +#? List of existing configurations +function listConfs() { + local directory + directory="$(pwd)/wireguard" + + if [ -d "${directory}" ]; then + echo "List of existing configurations:" + i=1 + for folder in "${directory}"/*/; do + local users count folder_name + users="${folder}/client/" + count=$(find "$users" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | wc -l) + folder_name=$(basename "${folder}") + echo "${i}. ${folder_name} [${count} user(s)]" + ((i++)) + done + fi + echo "" +} + +echo "" +echo "Welcome to WireGuard-MikroTik configurator!" +echo "The git repository is available at: https://github.com/IgorKha/wireguard-mikrotik" +echo "" + +#? Check OS +checkOS +echo "Your OS is ${OS}" + +#? Check for root, WireGuard +installCheck + +listConfs + +#? Check server exist +serverName + +#? Check if WireGuard is already installed and load params +if [[ -e $(pwd)/wireguard/${SERVER_WG_NIC}/params ]]; then + # shellcheck source=/dev/null + source "$(pwd)/wireguard/${SERVER_WG_NIC}/params" + manageMenu +else + newInterface +fi +