From bd6728343840e3084b4f94fb8978b0ea59031443 Mon Sep 17 00:00:00 2001 From: Guy Boisvert Date: Tue, 12 Aug 2025 23:01:13 -0400 Subject: [PATCH] First Commit --- GenMac | 9 + Gvpn | 24 + addbridgevlan.sh | 48 ++ nettree.sh | 141 ++++++ wireguard/Gvpn | 9 + wireguard/Test1/RB5009-WG1.cfg | 10 + wireguard/Test1/U-001-marc.Peer.rsc | 3 + wireguard/Test1/U-001-marc.conf | 13 + wireguard/Test1/U-001-marc.conf.png | Bin 0 -> 1286 bytes wireguard/Test1/U-002-guy.Peer.rsc | 3 + wireguard/Test1/U-002-guy.conf | 13 + wireguard/Test1/U-002-guy.conf.png | Bin 0 -> 1312 bytes wireguard/WireguardManjaro/evoq/WG999-GB | 3 + wireguard/WireguardManjaro/evoq/privatekey | 1 + wireguard/WireguardManjaro/evoq/publickey | 1 + .../exoc/rutgers/client_guy.txt | 1 + .../exoc/rutgers/client_guy_psk.txt | 1 + .../exoc/rutgers/client_guy_pub.txt | 1 + .../exoc/rutgers/client_pascal.txt | 1 + .../exoc/rutgers/client_pascal_psk.txt | 1 + .../exoc/rutgers/client_pascal_pub.txt | 1 + .../exoc/rutgers/wg01-guy.conf | 10 + .../exoc/rutgers/wg02-pascal.conf | 10 + .../exoc/rutgers/wireguard-rutgers.sh | 316 ++++++++++++ "wireguard/\\" | 3 + wireguard/alain/RB4011.cfg | 8 + wireguard/alain/U-001-zbook.Peer.rsc | 3 + wireguard/alain/U-001-zbook.conf | 13 + wireguard/alain/U-001-zbook.conf.png | Bin 0 -> 1449 bytes wireguard/autowg.sh | 136 +++++ wireguard/cccp/users/001-Real.CCR1.rsc | 3 + wireguard/cccp/users/001-Real.conf | 13 + wireguard/cccp/users/002-Ariel.CCR1.rsc | 3 + wireguard/cccp/users/002-Ariel.conf | 13 + wireguard/cccp/users/003-Guy.CCR1.rsc | 3 + wireguard/cccp/users/003-Guy.conf | 13 + .../chums/YvesDugas/001-U-pcyves.Peer.rsc | 3 + wireguard/chums/YvesDugas/001-U-pcyves.conf | 13 + .../chums/YvesDugas/001-U-pcyves.conf.png | Bin 0 -> 1447 bytes wireguard/chums/YvesDugas/hAP-AC2.cfg | 7 + wireguard/device | 3 + wireguard/evoq/CCR1016.cfg | 8 + wireguard/evoq/DaveOuellette.conf | 11 + wireguard/evoq/DaveOuellette_CCR.rsc | 4 + wireguard/evoq/EVOQ-MTL.conf | 13 + wireguard/evoq/EricStein.conf | 10 + wireguard/evoq/EricStein_CCR.rsc | 3 + wireguard/evoq/GuyBoisvert.conf | 12 + wireguard/evoq/GuyBoisvert_CCR.rsc | 4 + wireguard/evoq/SteveQuirion.conf | 13 + wireguard/evoq/SteveQuirion_CCR.rsc | 4 + wireguard/evoq/U-250-guy.Peer.rsc | 3 + wireguard/evoq/U-250-guy.conf | 13 + wireguard/evoq/U-250-guy.conf.png | Bin 0 -> 1445 bytes wireguard/evoq/U-251-boum01.Peer.rsc | 3 + wireguard/evoq/U-251-boum01.conf | 13 + wireguard/evoq/U-251-boum01.conf.png | Bin 0 -> 1488 bytes wireguard/exo-c/002-pascal.Endpoint.rsc | 3 + wireguard/exo-c/002-pascal.conf | 13 + wireguard/exo-c/002-pascal.conf.png | Bin 0 -> 1470 bytes wireguard/exo-c/003-boig01.Endpoint.rsc | 3 + wireguard/exo-c/003-boig01.conf | 13 + wireguard/exo-c/003-boig01.conf.png | Bin 0 -> 1467 bytes wireguard/exo-c/guy.conf | 13 + wireguard/genconfig | 405 +++++++++++++++ wireguard/genconfig-exoc | 117 +++++ wireguard/genconfig-exoc.zip | Bin 0 -> 1504 bytes wireguard/genconfig.2024-09-10_211730 | 296 +++++++++++ wireguard/genconfig.ini | 66 +++ wireguard/genconfig_router | 146 ++++++ wireguard/genconfig_router.txt | 31 ++ wireguard/genconfig_simple | 431 ++++++++++++++++ wireguard/genconfig_simple.2025-05-16_110317 | 306 +++++++++++ wireguard/genconfig_simple.2025-07-31_221920 | 430 ++++++++++++++++ wireguard/genconfig_simple.md | 34 ++ .../chateauguay/router/RB5009.cfg | 7 + .../ingtegration/chateauguay/test/RB5009.cfg | 15 + .../chateauguay/test/U-002-guy.Peer.rsc | 3 + .../chateauguay/test/U-002-guy.conf | 13 + .../chateauguay/test/U-002-guy.conf.png | Bin 0 -> 1467 bytes .../ingtegration/chateauguay/test/readini | 34 ++ .../ingtegration/chateauguay/user/RB5009.cfg | 7 + .../chateauguay/user/U-003-dana.Peer.rsc | 3 + .../chateauguay/user/U-003-dana.conf | 13 + .../chateauguay/user/U-003-dana.conf.png | Bin 0 -> 1462 bytes wireguard/ingtegration/users/004-Guy.CCR1.rsc | 3 + wireguard/ingtegration/users/004-Guy.conf | 13 + .../koze-maison/users/Samantha.Endpoint.rsc | 3 + wireguard/koze-maison/users/Samantha.conf | 13 + wireguard/koze-maison/users/Samantha.conf.png | Bin 0 -> 1461 bytes wireguard/real/genconfig | 288 +++++++++++ wireguard/real/users/001-Real.CCR1.rsc | 3 + wireguard/real/users/001-Real.conf | 12 + wireguard/real/users/002-Guy.CCR1.rsc | 3 + wireguard/real/users/002-Guy.conf | 12 + wireguard/real/users/Real-maison.conf | 1 + wireguard/rrf/RB5009-Users.cfg | 10 + wireguard/rrf/U-001-boig01.Peer.rsc | 3 + wireguard/rrf/U-001-boig01.conf | 13 + wireguard/rrf/U-001-boig01.conf.png | Bin 0 -> 1435 bytes wireguard/rrf/U-002-boucm01.Peer.rsc | 3 + wireguard/rrf/U-002-boucm01.conf | 13 + wireguard/rrf/U-002-boucm01.conf.png | Bin 0 -> 1449 bytes wireguard/sdmm/CCR1009.cfg | 8 + wireguard/sdmm/SDMM-Guy.conf | 1 + wireguard/sdmm/U-001-guy.Peer.rsc | 3 + wireguard/sdmm/U-001-guy.conf | 13 + wireguard/sdmm/U-001-guy.conf.png | Bin 0 -> 1456 bytes wireguard/sdmm/U-002-marc.Peer.rsc | 3 + wireguard/sdmm/U-002-marc.conf | 13 + wireguard/sdmm/U-002-marc.conf.png | Bin 0 -> 1453 bytes wireguard/sdmm/U-005-exoc.Peer.rsc | 3 + wireguard/sdmm/U-005-exoc.conf | 13 + wireguard/sdmm/U-005-exoc.conf.png | Bin 0 -> 1441 bytes wireguard/sdmm/U-006-pascal.Peer.rsc | 3 + wireguard/sdmm/U-006-pascal.conf | 13 + wireguard/sdmm/U-006-pascal.conf.png | Bin 0 -> 1476 bytes wireguard/sdmm/admin@10.3.8.1 | 2 + wireguard/test_read_array_multi.sh | 37 ++ wireguard/testing/gentest | 30 ++ .../mikrotik-peer-wg01-client-Router001.rsc | 7 + .../Router001/wg01-client-Router001.conf | 10 + .../Router001/wg01-client-Router001.png | Bin 0 -> 1315 bytes wireguard/wg01/mikrotik/wg01.rsc | 101 ++++ wireguard/wg01/params | 10 + wireguard/wg01/wg01.conf | 10 + .../mikrotik-peer-wg2-client-Pixel4a.rsc | 7 + .../client/Pixel4a/wg2-client-Pixel4a.conf | 10 + .../wg2/client/Pixel4a/wg2-client-Pixel4a.png | Bin 0 -> 1464 bytes wireguard/wg2/mikrotik/wg2.rsc | 17 + wireguard/wg2/params | 10 + wireguard/wg2/wg2.conf | 10 + .../pogo/mikrotik-peer-wg3-client-pogo.rsc | 7 + .../wg3/client/pogo/wg3-client-pogo.conf | 10 + wireguard/wg3/client/pogo/wg3-client-pogo.png | Bin 0 -> 1455 bytes wireguard/wg3/mikrotik/wg3.rsc | 17 + wireguard/wg3/params | 10 + wireguard/wg3/wg3.conf | 10 + wireguard/wireguard | 3 + wireguard/wireguard-evoq.sh | 316 ++++++++++++ wireguard/wireguard-evoq.sh.NOTES | 111 ++++ wireguard/wireguard-mikrotik.sh | 477 ++++++++++++++++++ 142 files changed, 5061 insertions(+) create mode 100755 GenMac create mode 100755 Gvpn create mode 100755 addbridgevlan.sh create mode 100755 nettree.sh create mode 100755 wireguard/Gvpn create mode 100644 wireguard/Test1/RB5009-WG1.cfg create mode 100644 wireguard/Test1/U-001-marc.Peer.rsc create mode 100644 wireguard/Test1/U-001-marc.conf create mode 100644 wireguard/Test1/U-001-marc.conf.png create mode 100644 wireguard/Test1/U-002-guy.Peer.rsc create mode 100644 wireguard/Test1/U-002-guy.conf create mode 100644 wireguard/Test1/U-002-guy.conf.png create mode 100644 wireguard/WireguardManjaro/evoq/WG999-GB create mode 100644 wireguard/WireguardManjaro/evoq/privatekey create mode 100644 wireguard/WireguardManjaro/evoq/publickey create mode 100644 wireguard/WireguardManjaro/exoc/rutgers/client_guy.txt create mode 100644 wireguard/WireguardManjaro/exoc/rutgers/client_guy_psk.txt create mode 100644 wireguard/WireguardManjaro/exoc/rutgers/client_guy_pub.txt create mode 100644 wireguard/WireguardManjaro/exoc/rutgers/client_pascal.txt create mode 100644 wireguard/WireguardManjaro/exoc/rutgers/client_pascal_psk.txt create mode 100644 wireguard/WireguardManjaro/exoc/rutgers/client_pascal_pub.txt create mode 100644 wireguard/WireguardManjaro/exoc/rutgers/wg01-guy.conf create mode 100644 wireguard/WireguardManjaro/exoc/rutgers/wg02-pascal.conf create mode 100755 wireguard/WireguardManjaro/exoc/rutgers/wireguard-rutgers.sh create mode 100644 "wireguard/\\" create mode 100644 wireguard/alain/RB4011.cfg create mode 100644 wireguard/alain/U-001-zbook.Peer.rsc create mode 100644 wireguard/alain/U-001-zbook.conf create mode 100644 wireguard/alain/U-001-zbook.conf.png create mode 100755 wireguard/autowg.sh create mode 100644 wireguard/cccp/users/001-Real.CCR1.rsc create mode 100644 wireguard/cccp/users/001-Real.conf create mode 100644 wireguard/cccp/users/002-Ariel.CCR1.rsc create mode 100644 wireguard/cccp/users/002-Ariel.conf create mode 100644 wireguard/cccp/users/003-Guy.CCR1.rsc create mode 100644 wireguard/cccp/users/003-Guy.conf create mode 100644 wireguard/chums/YvesDugas/001-U-pcyves.Peer.rsc create mode 100644 wireguard/chums/YvesDugas/001-U-pcyves.conf create mode 100644 wireguard/chums/YvesDugas/001-U-pcyves.conf.png create mode 100644 wireguard/chums/YvesDugas/hAP-AC2.cfg create mode 100644 wireguard/device create mode 100644 wireguard/evoq/CCR1016.cfg create mode 100644 wireguard/evoq/DaveOuellette.conf create mode 100644 wireguard/evoq/DaveOuellette_CCR.rsc create mode 100644 wireguard/evoq/EVOQ-MTL.conf create mode 100644 wireguard/evoq/EricStein.conf create mode 100644 wireguard/evoq/EricStein_CCR.rsc create mode 100644 wireguard/evoq/GuyBoisvert.conf create mode 100644 wireguard/evoq/GuyBoisvert_CCR.rsc create mode 100644 wireguard/evoq/SteveQuirion.conf create mode 100644 wireguard/evoq/SteveQuirion_CCR.rsc create mode 100644 wireguard/evoq/U-250-guy.Peer.rsc create mode 100644 wireguard/evoq/U-250-guy.conf create mode 100644 wireguard/evoq/U-250-guy.conf.png create mode 100644 wireguard/evoq/U-251-boum01.Peer.rsc create mode 100644 wireguard/evoq/U-251-boum01.conf create mode 100644 wireguard/evoq/U-251-boum01.conf.png create mode 100644 wireguard/exo-c/002-pascal.Endpoint.rsc create mode 100644 wireguard/exo-c/002-pascal.conf create mode 100644 wireguard/exo-c/002-pascal.conf.png create mode 100644 wireguard/exo-c/003-boig01.Endpoint.rsc create mode 100644 wireguard/exo-c/003-boig01.conf create mode 100644 wireguard/exo-c/003-boig01.conf.png create mode 100644 wireguard/exo-c/guy.conf create mode 100755 wireguard/genconfig create mode 100755 wireguard/genconfig-exoc create mode 100644 wireguard/genconfig-exoc.zip create mode 100755 wireguard/genconfig.2024-09-10_211730 create mode 100644 wireguard/genconfig.ini create mode 100755 wireguard/genconfig_router create mode 100644 wireguard/genconfig_router.txt create mode 100755 wireguard/genconfig_simple create mode 100755 wireguard/genconfig_simple.2025-05-16_110317 create mode 100755 wireguard/genconfig_simple.2025-07-31_221920 create mode 100644 wireguard/genconfig_simple.md create mode 100644 wireguard/ingtegration/chateauguay/router/RB5009.cfg create mode 100644 wireguard/ingtegration/chateauguay/test/RB5009.cfg create mode 100644 wireguard/ingtegration/chateauguay/test/U-002-guy.Peer.rsc create mode 100644 wireguard/ingtegration/chateauguay/test/U-002-guy.conf create mode 100644 wireguard/ingtegration/chateauguay/test/U-002-guy.conf.png create mode 100755 wireguard/ingtegration/chateauguay/test/readini create mode 100644 wireguard/ingtegration/chateauguay/user/RB5009.cfg create mode 100644 wireguard/ingtegration/chateauguay/user/U-003-dana.Peer.rsc create mode 100644 wireguard/ingtegration/chateauguay/user/U-003-dana.conf create mode 100644 wireguard/ingtegration/chateauguay/user/U-003-dana.conf.png create mode 100644 wireguard/ingtegration/users/004-Guy.CCR1.rsc create mode 100644 wireguard/ingtegration/users/004-Guy.conf create mode 100644 wireguard/koze-maison/users/Samantha.Endpoint.rsc create mode 100644 wireguard/koze-maison/users/Samantha.conf create mode 100644 wireguard/koze-maison/users/Samantha.conf.png create mode 100755 wireguard/real/genconfig create mode 100644 wireguard/real/users/001-Real.CCR1.rsc create mode 100644 wireguard/real/users/001-Real.conf create mode 100644 wireguard/real/users/002-Guy.CCR1.rsc create mode 100644 wireguard/real/users/002-Guy.conf create mode 120000 wireguard/real/users/Real-maison.conf create mode 100644 wireguard/rrf/RB5009-Users.cfg create mode 100644 wireguard/rrf/U-001-boig01.Peer.rsc create mode 100644 wireguard/rrf/U-001-boig01.conf create mode 100644 wireguard/rrf/U-001-boig01.conf.png create mode 100644 wireguard/rrf/U-002-boucm01.Peer.rsc create mode 100644 wireguard/rrf/U-002-boucm01.conf create mode 100644 wireguard/rrf/U-002-boucm01.conf.png create mode 100644 wireguard/sdmm/CCR1009.cfg create mode 120000 wireguard/sdmm/SDMM-Guy.conf create mode 100644 wireguard/sdmm/U-001-guy.Peer.rsc create mode 100644 wireguard/sdmm/U-001-guy.conf create mode 100644 wireguard/sdmm/U-001-guy.conf.png create mode 100644 wireguard/sdmm/U-002-marc.Peer.rsc create mode 100644 wireguard/sdmm/U-002-marc.conf create mode 100644 wireguard/sdmm/U-002-marc.conf.png create mode 100644 wireguard/sdmm/U-005-exoc.Peer.rsc create mode 100644 wireguard/sdmm/U-005-exoc.conf create mode 100644 wireguard/sdmm/U-005-exoc.conf.png create mode 100644 wireguard/sdmm/U-006-pascal.Peer.rsc create mode 100644 wireguard/sdmm/U-006-pascal.conf create mode 100644 wireguard/sdmm/U-006-pascal.conf.png create mode 100644 wireguard/sdmm/admin@10.3.8.1 create mode 100755 wireguard/test_read_array_multi.sh create mode 100755 wireguard/testing/gentest create mode 100644 wireguard/wg01/client/Router001/mikrotik-peer-wg01-client-Router001.rsc create mode 100644 wireguard/wg01/client/Router001/wg01-client-Router001.conf create mode 100644 wireguard/wg01/client/Router001/wg01-client-Router001.png create mode 100644 wireguard/wg01/mikrotik/wg01.rsc create mode 100644 wireguard/wg01/params create mode 100644 wireguard/wg01/wg01.conf create mode 100644 wireguard/wg2/client/Pixel4a/mikrotik-peer-wg2-client-Pixel4a.rsc create mode 100644 wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.conf create mode 100644 wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.png create mode 100644 wireguard/wg2/mikrotik/wg2.rsc create mode 100644 wireguard/wg2/params create mode 100644 wireguard/wg2/wg2.conf create mode 100644 wireguard/wg3/client/pogo/mikrotik-peer-wg3-client-pogo.rsc create mode 100644 wireguard/wg3/client/pogo/wg3-client-pogo.conf create mode 100644 wireguard/wg3/client/pogo/wg3-client-pogo.png create mode 100644 wireguard/wg3/mikrotik/wg3.rsc create mode 100644 wireguard/wg3/params create mode 100644 wireguard/wg3/wg3.conf create mode 100644 wireguard/wireguard create mode 100755 wireguard/wireguard-evoq.sh create mode 100644 wireguard/wireguard-evoq.sh.NOTES create mode 100644 wireguard/wireguard-mikrotik.sh diff --git a/GenMac b/GenMac new file mode 100755 index 0000000..3cfb8da --- /dev/null +++ b/GenMac @@ -0,0 +1,9 @@ +#!/bin/bash + +OUI_PREFIX="00:50:56" + +echo -e "\nOUI Prefix: $OUI_PREFIX" + +LAST_OCTETS=$(openssl rand -hex 3 | sed 's/\(..\)/\1:/g; s/.$//') +echo -e "Generated MAC: ${OUI_PREFIX}:${LAST_OCTETS}" + diff --git a/Gvpn b/Gvpn new file mode 100755 index 0000000..9d41612 --- /dev/null +++ b/Gvpn @@ -0,0 +1,24 @@ +#!/bin/bash + +unset VPN; +VPN=( +'Real;~/Nextcloud2/guydev/network/wireguard/real/users/002-Guy.conf' +'Ingt;~/Nextcloud2/guydev/network/wireguard/ingtegration/chateauguay/user/U-003-dana.conf' +) + +unset Items; + +for Item in "${VPN[@]}" +do + echo -e "Item is: $Item" + IFS=";" read -r Name Def <<< $Item + echo -e " + Name : $Name + Def : $Def + " + Items+="$Name\n" +done + + +echo -e "${Items[@]}" + diff --git a/addbridgevlan.sh b/addbridgevlan.sh new file mode 100755 index 0000000..b544c54 --- /dev/null +++ b/addbridgevlan.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# +# version 231012_1439 +# + +read -p "Enter VLAN Number (Ex: 16) : " VLAN + +read -p "Enter Device Name (Ex: enp5s0) : " DEV + +echo -e " +VLAN = $VLAN +Device = $DEV +" + + +if [ "$(nmcli con |grep br${VLAN}|wc -l)" -eq "0" ] +then + echo -e "** Adding bridge br${VLAN}..." + nmcli con add \ + type bridge \ + con-name br${VLAN} \ + ifname br${VLAN} \ + ipv4.method disabled \ + ipv6.method ignore \ + autoconnect yes +else + echo "** br${VLAN} found" +fi + + + +echo -e "** Putting br${VLAN} in up state..." +nmcli con up "br${VLAN}" + + +echo -e "** Adding VLAN ${VLAN} to $DEV --> vlan-${DEV}.${VLAN} and then to br${VLAN}" +nmcli con add \ + type vlan \ + con-name vlan-${DEV}.${VLAN} \ + ifname ${DEV}.${VLAN} \ + dev ${DEV} \ + id ${VLAN} \ + ipv4.method disabled \ + ipv6.method ignore \ + master br${VLAN} \ + autoconnect yes + +echo -e "\n** All done." diff --git a/nettree.sh b/nettree.sh new file mode 100755 index 0000000..6f39172 --- /dev/null +++ b/nettree.sh @@ -0,0 +1,141 @@ +#!/bin/bash + +# +# https://github.com/AlexStragies/lsnetdev/blob/master/nettree.sh +# + +DIRECTION="UP" +UTF="" +TREE="" +GV="" +which tree >/dev/null && TREE=1 || UTF=1 + +function usage() { + cat << USAGEEND + +The script prints network devices hierarchy as a tree view. +Possible arguments: + -u prints tree bottom-up (default). Physical devices are roots of the tree. + -d prints tree top-down. Logical devices are roots of the tree. + -s X connect to host X via SSH to query information + -t Use 'tree' to print the tree by constructing a tree in TMP (default). + -G Print GraphViz Syntax graph, node and edge definitions. + -g Print GraphViz Syntax node and edge definitions only. + -l use UTF8 characters (default, if 'tree' is not installed). + +USAGEEND +} + +function print() { + local indent="$1"; shift + local firstrun=1; if [ "$1" = "1" ]; then firstrun=0; shift; fi + while [ -n "$1" ]; do + local D="${1# *}" + [ "$firstrun" = 1 -a -n "${devicesup[$D]}" ] && shift && continue; + echo -n "$indent ┗━ $D"; + if [ -z "${devicesdown[$D]}" ]; then echo ; else + echo " ━┓"; + print "$(echo \ \ $D\ \ \ | sed 's/./ /g')$indent" 1 ${devicesdown[$D]} + fi + shift; + done +} + +function buildFolderTree() { + local firstrun=1; if [ "$1" = 1 ]; then firstrun=0; shift; fi + while [ -n "$1" ]; do + local D=${1# *} + [ "$firstrun" = 1 -a -n "${devicesup[$D]}" ] && shift && continue; + mkdir $D + if [ -n "${devicesdown[$D]}" ]; then + cd $D; + for P in ${devicesdown[$D]}; do buildFolderTree 1 "$P";done + cd .. + fi + shift; + done +} + +function addRelation() { + local A="$1" + local B="$2" + local props="$3" + [ "$DIRECTION" = "UP" ] && C="$A" && A="$B" && B="$C" + conns["\"$A\" -- \"$B\""]="$props" + devicesdown[$A]="${devicesdown[$A]} $B" + devicesup[$B]="${devicesup[$B]} $A" +} + +while [ ! -z "$1" ]; do + case "$1" in + -d) DIRECTION=DOWN ;; + -u) DIRECTION=UP ;; + -t) GV="";GVNE="";TREE=1 ;UTF="" ;; + -G) GV=1 ;GVNE=1 ;TREE="";UTF="" ;; + -g) GV="";GVNE=1 ;TREE="";UTF="" ;; + -l) GV="";GVNE="";TREE="";UTF=1 ;; + -s) PFX="ssh -M $2" + shift + ;; + -h) usage ; exit 0 ;; + *) usage ; exit 1 ;; + esac + shift +done + + +declare -A devices +declare -A devicesup +declare -A devicesdown +declare -A conns +SCN="/sys/class/net/" +for CDEV in $($PFX find /sys/class/net/ ! -name lo -type l |sort); do + DCLASS="RJ45" + NDEV=$(basename $CDEV) + devices[$NDEV]="" + $PFX readlink $CDEV | grep -q devices/virtual && DCLASS="virtual" + $PFX [ -e $CDEV/bonding/ ] && DCLASS="bond" + $PFX [ -e $CDEV/phy80211/ ] && DCLASS="wireless" + $PFX [ -e $CDEV/dsa/ ] && DCLASS="dsa" + $PFX [ -e $CDEV/bridge/ ] && { DCLASS="bridge" + $PFX grep -q 1 $CDEV/bridge/vlan_filtering && DCLASS="switch" + } + $PFX grep -q 512 $CDEV/type && { DCLASS="ppp" + PNPP="/proc/net/pppoe" + $PFX [ -e $PNPP ] && P=$($PFX cat $PNPP | awk 'NR==2{print $3}') + [ -n "$P" ] && $PFX [ -e $SCN/$P ] && { + addRelation "$NDEV" "$P" 'label="PPPoE"' + } + } + for LOW in $($PFX find $CDEV/ -name 'lower_*'); do + LOW=${LOW#*_} + addRelation "$NDEV" "$LOW" 'label=""' + done + devices[$NDEV]="label=\"${NDEV}\"" + devices[$NDEV]="${devices[$NDEV]}, class=\"${DCLASS}\"" +done + +[ -n "$GV" ] && { + echo 'graph iftree {' +} +[ -n "$GVNE" ] && { + for iDEV in "${!devices[@]}"; do + echo " \"${iDEV}\"["${devices[$iDEV]}"];" + done + for conn in "${!conns[@]}"; do + echo \ \ $conn[${conns[$conn]}]\;; + done +} +[ -n "$GV" ] && { echo '}'; } + +if [ "$TREE" = "1" ]; then + TMPD=$(mktemp -qd) + cd $TMPD + buildFolderTree "${!devices[@]}"; + tree --noreport * + find $TMPD -delete +fi +if [ "$UTF" = "1" ]; then + print "" "${!devices[@]}" | colrm 1 4 +fi + diff --git a/wireguard/Gvpn b/wireguard/Gvpn new file mode 100755 index 0000000..b665a87 --- /dev/null +++ b/wireguard/Gvpn @@ -0,0 +1,9 @@ +#!/bin/bash + +unset VPN; +VPN={ +Real;~/Nextcloud2/guydev/network/wireguard/real/users/002-Guy.conf +Ingt;~/Nextcloud2/guydev/network/wireguard/ingtegration/chateauguay/user/U-003-dana.conf +} + + diff --git a/wireguard/Test1/RB5009-WG1.cfg b/wireguard/Test1/RB5009-WG1.cfg new file mode 100644 index 0000000..d8b71f2 --- /dev/null +++ b/wireguard/Test1/RB5009-WG1.cfg @@ -0,0 +1,10 @@ +[RB5009-WG1] +RtrInterface=WG1 +Rtr_Addr_Admin=10.1.8.99 +Rtr_Addr_Public=205.151.68.129 +Rrt_Port=13243 +Rtr_Addr_Private=10.1.4.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=bTatsa66Ggasasa6666= +Rtr_DNS=1.1.1.1,1.0.0.1 +Rtr_Route_Subnet=10.0.0.0/8 diff --git a/wireguard/Test1/U-001-marc.Peer.rsc b/wireguard/Test1/U-001-marc.Peer.rsc new file mode 100644 index 0000000..007ee21 --- /dev/null +++ b/wireguard/Test1/U-001-marc.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.1.4.1/32 disabled=no name="marc" interface=WG1 \ +preshared-key="aeN5oZSTW//CPRuZaBj16GTwx7+ktpvph+thrFY/WQc=" public-key="ztXlaxlZWA4oZxSCaQsN/8RXqahEeF4BehMjfAFbLVk=" diff --git a/wireguard/Test1/U-001-marc.conf b/wireguard/Test1/U-001-marc.conf new file mode 100644 index 0000000..3c3e404 --- /dev/null +++ b/wireguard/Test1/U-001-marc.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = 2OchuWPpq3g8dXCoo2uufnmU1dpcd8WfgS4/7vI7tUQ= +ListenPort = 51821 +Address = 10.1.4.1/32 +DNS = 1.1.1.1,1.0.0.1 + +[Peer] +PublicKey = bTatsa66Ggasasa6666= +PresharedKey = aeN5oZSTW//CPRuZaBj16GTwx7+ktpvph+thrFY/WQc= +AllowedIPs = 10.0.0.0/8 +Endpoint = 205.151.68.129:13243 +PersistentKeepalive = 25 + diff --git a/wireguard/Test1/U-001-marc.conf.png b/wireguard/Test1/U-001-marc.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..b724c2c8adb448084faa1132de93bc45dd17b208 GIT binary patch literal 1286 zcmV+h1^N1kP)0{{R3p0f2!00006P)t-s00030 z|No`gpWOfe00MMUPE-H?$hF_c00009a7bBm001JI001JI0lwY)DgXckm`OxIRCt{2 zn_aH!HVlLbXaQN0wyq_40RmW)Gn6GKMbW-pbd2B}$JXZuntvK8=KtX^L4pJc`m-U6 zqqqC)>V8@CG4HQ=9$&9+pD{n9T`{f+Iw1_V&wVoD(#Pi~o|MBq(e6ItF&HdphtjUJ zXbzla_vap4<~NMtn-TN_>M-_gi&>L4OCOS9--g%pbuWui}0{x~-re zP=z}(BJQ`mo^K$|@8SMCNBrL*mYVAyKR@b|pgP7%kZ@HzDMH`M*f<1j5H8QOd~mo? zWoO;RQ=6a@T1DorCjsVpV{Zt1N3zW7-37g%ywG9eEHZFXR-t^%$baY-1-+oH;WPRjgE&f!o-;-r0XhgrD7liB>H{F+fmBqQ|3yF*A!iH{9 z&;g}t1w95+I=JmbZ}9ONx~22B%#PJ@4@^_?x}XE9XbU-M@8SB0N zIvsWu@bp|k-%z7|?-kGxV1}2th1R?J9YF^~_sj_~V?EMmMStC*>?-Jl(B`1IPCb

!a0_=qUM=>(H)sqf&IsXUQmWIm(9I)`FU;YpjM4dZAV`&hz`rHuog4n zyfb$XAz4mHGS}|qf?)F123qws&lW$diZp7j-36Tx)fYp5-IpMZ$x5vl+~Umjfk4fYvYw5*s|2qS?eBL_}#X!d2LA$v_p`uSWi$}C?v4p zpuc977W9V9*E$>4l<=FF`ZYO3FEiT;wV-lX*m3=G7nu?=KYxo)FW!V1L66B%WW08s zt|-r~SgAeK9wI?62qk6ZOXt33Z?#9#D0)>M6|_V3%c18o7C>rIjvD`3WfJrSP5koy zS|XOCXk%vVS0z+Izo3*582xAlYiWH{^!sb&SkMZ03R>A{*S-VC5)%d2JOsTUV;9rw wob6%h)4t@HL(UhpwK@Od5F|*Dpg$P;3!vEl4Uk2mcmMzZ07*qoM6N<$g7)KH2LJ#7 literal 0 HcmV?d00001 diff --git a/wireguard/Test1/U-002-guy.Peer.rsc b/wireguard/Test1/U-002-guy.Peer.rsc new file mode 100644 index 0000000..b7c697c --- /dev/null +++ b/wireguard/Test1/U-002-guy.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.1.4.2/32 disabled=no name="guy" interface=WG1 \ +preshared-key="JVdiKw9rvvz/HqTdHG6oxJBkduUe3r7DWgqDO0tHMkw=" public-key="eeYn9g9ayNJoEkYH4HrXFMcGDU0uUHLXF2ZopybCAFg=" diff --git a/wireguard/Test1/U-002-guy.conf b/wireguard/Test1/U-002-guy.conf new file mode 100644 index 0000000..b9f9a46 --- /dev/null +++ b/wireguard/Test1/U-002-guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = ABcaGRdchXN2+23PoSe8d7ojH4WhT4JEsZLRV3Jt1lo= +ListenPort = 51821 +Address = 10.1.4.2/32 +DNS = 1.1.1.1,1.0.0.1 + +[Peer] +PublicKey = bTatsa66Ggasasa6666= +PresharedKey = JVdiKw9rvvz/HqTdHG6oxJBkduUe3r7DWgqDO0tHMkw= +AllowedIPs = 10.0.0.0/8 +Endpoint = 205.151.68.129:13243 +PersistentKeepalive = 25 + diff --git a/wireguard/Test1/U-002-guy.conf.png b/wireguard/Test1/U-002-guy.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..ca98e03dc2af9dbdff157075fd918cd5b11daa11 GIT binary patch literal 1312 zcmV+*1>gFKP)0{{R3p0f2!00006P)t-s00030 z|No`gpWOfe00MMUPE-H?$hF_c00009a7bBm001JI001JI0lwY)DgXckvPnciRCt{2 zo6(KjFbqTqsDLfWt*ay#Ab=4$Ls{}&0wjNjjIl_3UOj(Mlt>P>=KpY+AVGoz{cOnM zy2i)t)BT<|-MzPYV|jniF?bT=nxGSk|L?1LpXmH@(w^Us{BzRz%DCZRK|6F?Jh$&Kdw!SeJ{&o`czX1Ad&GYaA=H5Q!`2=2+j@IMd`2oWoCZ2A)gM2IZR0 zkNXVHv1@Xn$5bHqnZrix1YOVza`&=m&rB!G&)hImMeLvhPA%vK<&KE4^Lxvvg7AV} zGjeUKL|f1aMPyF5MKp$KVQIV|ZZgHT$6*EeN^>d*cSPxd;f{h2Nl^GQ-C58Ep)yVy zetMOYUMNivf;bz3zCiHSbl6N}yr+}KBp~}93`e`k1?6&&)GvpGby=FM+K$gp8VfLa`mjpN!0@bz#NlKKTeUg0?iL20F_W z2>iJXTqsST6uO`jLYs)S?~N2Y>y;0a?tBw-oF?dmu-uW_upG&R5qd*oX5Aa}9YH6Q zg>OrL#6Wv?$GE)o)U7}f^g!7G_N5DA(L=>ITP|GMs-O+BOtE3k7WQ^Zrkw>QiSAD&Fogs@K{tF$tIuX5xb0P)F<1>q8N1?V5NWsy#s`gcEAWWzeh4jOSuk zguh+rzAixBbP9ISwRMwwTb*Ts4ZI4Jx_R#yVz|)p1Wj%;9t&SH7+My+;A~LUzI`VG3(s+K{1-&3TW;HF*GI}~lStaMXr|kvp z5HrCWy`${H@jL=U^b-3wlMC{-S>^^=J7u*i4U@nUxpNa0^oFeZMU}{`$~Yr-!;#5K zw*~DGuChALnO-aL!ErXDuFwU&AlR}M$8E9>6Tyo|{lKURIw5#yKDJgT4$8n!V}$jJ zpcll1+7W6-mMIvx%Hj-1wo9slc4&EJiC7)yhOCaQRaZpNcMx-#iyLINKA@x;IwVMW z1ic`KWEIQZ*$p;c`Ougi_D$9j&2; } # send to stderr + + +#=================== function Message ========================================== +# +Message() { printf "${GREEN}%s ${NC}\n" "$*" ;} # send to stderr + + + +#=================== function Help ============================================= +# +function Help () +{ +echo -e " +usage: $ScriptName [options] + + -l List WireGuard clients on CCR1 + -h This help + +" +} + + +#=================== function addCCR1 ========================================== +# +function addCCR1() { + local Router="$1" + echo -e "\nAdding ${Router} Wireguard account to CCR1..." + ssh -i ${SSHKey} ansible@${CCR1} "/ppp secret add local-address=10.1.31.254 name=${Router} password=${L2TPPass} remote-address=${CCRSideIP} routes=\"${ip_Subnet} $CCRSideIP 1\" service=l2tp" + + if [ $? = 0 ] + then + echo "${Router} Wireguard account successfully added to CCR1" + else + echo "Failed to add ${Router} Wireguard account to CCR1" + fi +} + + +#=================== function newClient ======================================= +# +function newClient() { + ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}" + + echo "" + echo "Tell me a name for the client." + echo "The name must consist of alphanumeric character. It may also include an underscore or a dash and can't exceed 15 chars." + + until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do + read -rp "Client name: " -e CLIENT_NAME + CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${CLIENT_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified name was already created, please choose another name." + echo "" + fi + done + + for DOT_IP in {2..254}; do + DOT_EXISTS=$(grep -c "${SERVER_WG_IPV4::-1}${DOT_IP}" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + if [[ ${DOT_EXISTS} == '0' ]]; then + break + fi + done + + if [[ ${DOT_EXISTS} == '1' ]]; then + echo "" + echo "The subnet configured supports only 253 clients." + exit 99 + fi + + BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }') + until [[ ${IPV4_EXISTS} == '0' ]]; do + read -rp "Client's WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP + CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}" + IPV4_EXISTS=$(grep -c "$CLIENT_WG_IPV4/24" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV4_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv4 was already created, please choose another IPv4." + echo "" + fi + done + + BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }') + until [[ ${IPV6_EXISTS} == '0' ]]; do + read -rp "Client's WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP + CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}" + IPV6_EXISTS=$(grep -c "${CLIENT_WG_IPV6}/64" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV6_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv6 was already created, please choose another IPv6." + echo "" + fi + done + + # Generate key pair for the client + CLIENT_PRIV_KEY=$(wg genkey) + CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) + CLIENT_PRE_SHARED_KEY=$(wg genpsk) + + mkdir -p "$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" >/dev/null 2>&1 + HOME_DIR="$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" + + # Create client file and add the server as a peer + echo "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128 +DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} + +[Peer] +PublicKey = ${SERVER_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +Endpoint = ${ENDPOINT} +AllowedIPs = 0.0.0.0/0,::/0" >>"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + # Add the client as a peer to the MikroTik (to client folder) + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >"${HOME_DIR}/mikrotik-peer-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" + + # Add the client as a peer to the MikroTik + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >> "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + + # Add the client as a peer to the server + echo -e "\n### Client ${CLIENT_NAME} +[Peer] +PublicKey = ${CLIENT_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf" + + echo -e "\nHere is your client config file as a QR Code:" + + qrencode -t ansiutf8 -l L <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + qrencode -l L -s 6 -d 225 -o "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + echo -e "${INFO} Config available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + echo -e "${INFO} QR is also available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" + echo -e "${INFO} MikroTik peer config available in ${HOME_DIR}/mikrotik-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" +} + + + + +#=================== function manageMenu ====================================== +# +function manageMenu() { + echo "" + echo "It looks like this WireGuard interface is already." + echo "" + echo "What do you want to do?" + echo " 1) Add a new client" + echo " 2) Exit" + until [[ ${MENU_OPTION} =~ ^[1-4]$ ]]; do + read -rp "Select an option [1-2]: " MENU_OPTION + done + case "${MENU_OPTION}" in + 1) + newClient + ;; + 2) + exit 0 + ;; + esac +} + + + +#=================== function listConfs ======================================= +# +function listConfs() { + local directory + directory="$(pwd)/wireguard" + + if [ -d "${directory}" ]; then + echo "List of existing configurations:" + i=1 + for folder in "${directory}"/*/; do + local users count folder_name + users="${folder}/client/" + count=$(find "$users" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | wc -l) + folder_name=$(basename "${folder}") + echo "${i}. ${folder_name} [${count} user(s)]" + ((i++)) + done + fi + echo "" +} + + +#=================== function listCCR1 ========================================= +# +# Filter 1: enlever les ";" et remplacer ^m par LF +# Filter 2: Grouper 2 lignes consecutives +# Filter 3: Print field #4 et #3 +# +function ListCCR() { + +Message "User List" +ssh -i $SshKey ${SshUser}@${CCR1} "/interface/wireguard/peers/print proplist=comment,interface" \ + | grep User | tr -d ";" | sed -e "s/\r//g" \ + | awk 'NR%2 {printf("%s ", $0); next} {print $0}' \ + | awk '{print $4, $3}' | tee ${TmpUserList} + +LastEntry=$(cat ${TmpUserList} | sort -r | head -1 | awk '{ print $1 }') +NextEntry=$(($LastEntry+1)) +echo -e " +Last Entry = $LastEntry +Next Entry = $NextEntry +" +} + + +#=================== MAIN ===================================================== +# +echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator\n" + +((!$#)) && Help && exit + + +while getopts cfhl option +do + case "${option}" in + c) BoolCreate=1 ;; + f) VarFileLog=1;; + h) Help + exit 0;; + l) ListCCR ;; + *) Help + exit 1;; + esac +done + + +rm -f ${TmpUserList} +exit + +#? Check for root, OS, WireGuard +installCheck + +listConfs + +#? Check server exist +serverName + +#? Check if WireGuard is already installed and load params +if [[ -e $(pwd)/wireguard/${SERVER_WG_NIC}/params ]]; then + # shellcheck source=/dev/null + source "$(pwd)/wireguard/${SERVER_WG_NIC}/params" + manageMenu +else + newInterface +fi + diff --git "a/wireguard/\\" "b/wireguard/\\" new file mode 100644 index 0000000..0636c8f --- /dev/null +++ "b/wireguard/\\" @@ -0,0 +1,3 @@ +/ip address add address=172.14.40.004/32 comment=WG-CTG interface=wg-ctg +/interface wireguard peers add allowed-address=172.16.254.004/32 client-keepalive=10 disabled=no comment="2" \ +interface=WG-Devices preshared-key="efrLuDEVeDNpj13qlIqbjCiKlPVxE8T+hLt+2gQHF40=" public-key="lRlZ5uUBQsCH4G259f+q2yKAH4rxc2y+KHDlHaksmwo=" diff --git a/wireguard/alain/RB4011.cfg b/wireguard/alain/RB4011.cfg new file mode 100644 index 0000000..8566a0a --- /dev/null +++ b/wireguard/alain/RB4011.cfg @@ -0,0 +1,8 @@ + +[WG3] +Rtr_Addr_Admin=172.16.1.1 +Rtr_Addr_Public=ingt.dyndns.org +Rrt_Port=14322 +Rtr_Addr_Private=172.16.253.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=vH29JWx4oamEfJFSOGQspPtHmMuLY1lC5jiFsgu6hio= diff --git a/wireguard/alain/U-001-zbook.Peer.rsc b/wireguard/alain/U-001-zbook.Peer.rsc new file mode 100644 index 0000000..607f2ad --- /dev/null +++ b/wireguard/alain/U-001-zbook.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=172.16.253.1/32 disabled=no name="zbook" interface=WG3 \ +preshared-key="phF3M7QpL+jrxsVZ3guV+SRGFohoTdiNjX/VntDJMS8=" public-key="LzC8W/ChD8Iq7kDJ7F796WRzqPSI30bAKbnJraZ59gE=" diff --git a/wireguard/alain/U-001-zbook.conf b/wireguard/alain/U-001-zbook.conf new file mode 100644 index 0000000..f0ccbd3 --- /dev/null +++ b/wireguard/alain/U-001-zbook.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = 2J4fFcuD/cuhk8FcO9iqTfDdhsZADR6/qxFbL00DF3M= +ListenPort = 51821 +Address = 172.16.253.1/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = vH29JWx4oamEfJFSOGQspPtHmMuLY1lC5jiFsgu6hio= +PresharedKey = phF3M7QpL+jrxsVZ3guV+SRGFohoTdiNjX/VntDJMS8= +AllowedIPs = 0.0.0.0/0 +Endpoint = ingt.dyndns.org:14322 +PersistentKeepalive = 25 + diff --git a/wireguard/alain/U-001-zbook.conf.png b/wireguard/alain/U-001-zbook.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..8b2a31a70235319fb8c0163bb72ee0b8d753bba0 GIT binary patch literal 1449 zcmV;a1y=frP)zkCM$a&Bp^+FaErRdOe8*!7GEnzZ3!JZ1AJVAom|+Khur?#LmqqUiP+TTRX2dgZzm0(L$1 zBe^pNDQ%rmYG^Pdq4s#3nd{3Jo!p6I;LltNF&Bd=6;YrNR9~8ZN$$u^AH@xZNR(SD zcrq1dWy`vgJ9Bf_sS^;_m0-zn86#GuurTxFPTcMAncSmxLZjv>A#{a=_N$)0EKX15 zppaN{XU;t;C5QqLz{0b=lyXTtVCGw1mE1e7(V`9ey)>9vKJzLrT)yaTa?hMnPkFGY zlpu`lAnp_aZ>U zR=>`q+;yqso;f9^OLy5{!bF}x*M&08N$$+CCaOw_%Zc$ER5-yh9>o<;?#w9~Z43(L zHtQZ4>(kI<*f^(^HS)da}~)(u|K&3XVF%Q zfQ!}BMthGVs-VC0tCD-ysq+%-QQM;H_BT4*7Wwx~|*oTi&1CPmXcc zWzlDD47+#;I1pQn{k?vj+#|PYQK&h!Sf*P15}2b_&BeaP6UjYr?yNLdY6HUo8u+RK zthZ(FPbc@pK@5ENU5o{!yI6oLtzKVp2hJ~fs^$M#L}3)*TlVkjO(l2YD6tGnEs`p7 z-1RMUHAM%>z313g>gt3v?zAZ}ZLFKZgEfrR|AllowedIPs = 0.0.0.0/0|g" ) + read -p "Which server interface has internet access? " srvinternetintname + servercfg=$(echo "$postcfg" | sed "s||${wgintname}|g" | sed "s||${srvinternetintname}|g" ) + echo + RED='\033[0;31m' + NC='\033[0m' # No Color + printf "${RED}IMPORTANT:${NC} You need to enable IP Forwarding on the server\n" + echo "On Linux servers, uncomment the line \"net.ipv4.ip_forward=1\" in /etc/sysctl.conf" + echo "then run \"sysctl -p\"" + echo + + #### Experimental DNS support #### + read -p "Push DNS servers to client? [y/N]: " dns + if [[ "$dns" =~ ^([yY][eE][sS]|[yY])$ ]] + then + read -p "Enter dns servers IPs separated by spaces: " dnsservers + dnscfg="\nDNS = $dnsservers" + clientcfg=$(echo "$clientcfg" | sed "s||$dnscfg|g" ) + else + clientcfg=$(echo "$clientcfg" | sed "s|||g" ) + fi + ################################## +else + clientcfg=$(echo "$clientcfg" | sed "s|||g" ) +fi + + +# Step two: generate keypairs +## Generate keypairs for machine 1 (client) +client_prvkey=$(wg genkey) +client_pubkey=$(echo $client_prvkey | wg pubkey) + +## Generate keypairs for machine 2 (server) +server_prvkey=$(wg genkey) +server_pubkey=$(echo $server_prvkey | wg pubkey) + +# New : generate PSK + +psk=$(wg genpsk) + +# Step three: generate configuration + +serverconf=$(echo "$servercfg" | sed "s||${serverwgIP}${netmask}|g" | \ + sed "s||${port}|g" | sed "s||${server_prvkey}|g" |\ + sed "s||${client_pubkey}|g" | sed "s||${clientwgIP}|g" |\ + sed "s||${psk}|g" ) + +clientconf=$(echo "$clientcfg" | sed "s||${client_prvkey}|g" | \ + sed "s||${clientwgIP}${netmask}|g" | sed "s||${server_pubkey}|g" | \ + sed "s||${serverIP}|g" | sed "s||${port}|g" | sed "s||${psk}|g" ) + +# Step four: display configuration for machine 1 (client) +echo +echo "** Client Side /etc/wireguard/${wgintname}.conf **" +echo "$clientconf" +echo + +# Step five: display configuration for machine 2 (server) +echo +echo "** Server Side /etc/wireguard/${wgintname}.conf **" +echo "$serverconf" +echo + +# Step Seven: Saving to a text file +# +echo "** Client Side /etc/wireguard/${wgintname}.conf **" > wireguard-conf.txt +echo "$clientconf" >> wireguard-conf.txt +echo >> wireguard-conf.txt +echo "** Server Side /etc/wireguard/${wgintname}.conf **" >> wireguard-conf.txt +echo "$serverconf" >> wireguard-conf.txt +echo >> wireguard-conf.txt + diff --git a/wireguard/cccp/users/001-Real.CCR1.rsc b/wireguard/cccp/users/001-Real.CCR1.rsc new file mode 100644 index 0000000..25c3785 --- /dev/null +++ b/wireguard/cccp/users/001-Real.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.8.38.1/32 disabled=no comment="User Real" interface=wg1 \ +preshared-key="3v+2iZ8UNS6YHKYc55fVgI77wtfRO0JCa4X2bIc34e4=" public-key="T8N9Zdy4JiStBIJI00T9fkIx6KzatLkQ/WXQUDe7QDU=" diff --git a/wireguard/cccp/users/001-Real.conf b/wireguard/cccp/users/001-Real.conf new file mode 100644 index 0000000..f7063d9 --- /dev/null +++ b/wireguard/cccp/users/001-Real.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = IFR3761g8AM2F1ICp+hP9TyudinHHXio0BvPFUOa/3o= +ListenPort = 51821 +Address = 10.8.38.1/32 +DNS = 10.8.38.1,1.1.1.1 + +[Peer] +PublicKey = ywl8GMIFJZlElELbvIPHEzs8/T5VaF9+gaq17JaXThE= +PresharedKey = 3v+2iZ8UNS6YHKYc55fVgI77wtfRO0JCa4X2bIc34e4= +AllowedIPs = 10.8.0.0/16 +Endpoint = 199.168.223.11:13233 +PersistentKeepalive = 25 + diff --git a/wireguard/cccp/users/002-Ariel.CCR1.rsc b/wireguard/cccp/users/002-Ariel.CCR1.rsc new file mode 100644 index 0000000..1300f47 --- /dev/null +++ b/wireguard/cccp/users/002-Ariel.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.8.38.2/32 disabled=no comment="User Ariel" interface=wg1 \ +preshared-key="cHKDiUAezRuelDtTkbA9pNwzX3kwM7hhG6XB2/MWrkY=" public-key="mQcmO5hLoAXNA3KeF+iXydsZuDg+nkbYNsogvJ32mVs=" diff --git a/wireguard/cccp/users/002-Ariel.conf b/wireguard/cccp/users/002-Ariel.conf new file mode 100644 index 0000000..3cccee5 --- /dev/null +++ b/wireguard/cccp/users/002-Ariel.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = wL/hWyRZtifMLVEgPc31VMmG1+7EYbm5wJI5uxbF+34= +ListenPort = 51821 +Address = 10.8.38.2/32 +DNS = 10.8.38.1,1.1.1.1 + +[Peer] +PublicKey = zHfHRbQs+3WH9GHBEH7dsh8J0xxLkP2OxWJASV+VWlw= +PresharedKey = cHKDiUAezRuelDtTkbA9pNwzX3kwM7hhG6XB2/MWrkY= +AllowedIPs = 10.8.0.0/16 +Endpoint = 199.168.223.11:13233 +PersistentKeepalive = 25 + diff --git a/wireguard/cccp/users/003-Guy.CCR1.rsc b/wireguard/cccp/users/003-Guy.CCR1.rsc new file mode 100644 index 0000000..2fa1982 --- /dev/null +++ b/wireguard/cccp/users/003-Guy.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.8.38.3/32 disabled=no comment="User Guy" interface=wg1 \ +preshared-key="wF6cwKPq7Yu9tifDy1zPYZ4t+GGXsh6QaJiKwhoYPVA=" public-key="W+1qr4Un3+u0i9bNmItllu3FrY49+NNX9aQfYmVkm1Q=" diff --git a/wireguard/cccp/users/003-Guy.conf b/wireguard/cccp/users/003-Guy.conf new file mode 100644 index 0000000..3411836 --- /dev/null +++ b/wireguard/cccp/users/003-Guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = 2FvyrN30+4CHTmeJInGRcILPCCVovO1hiYL5+qvYp3M= +ListenPort = 51821 +Address = 10.8.38.3/32 +DNS = 10.8.38.254,1.1.1.1 + +[Peer] +PublicKey = ywl8GMIFJZlElELbvIPHEzs8/T5VaF9+gaq17JaXThE= +PresharedKey = wF6cwKPq7Yu9tifDy1zPYZ4t+GGXsh6QaJiKwhoYPVA= +AllowedIPs = 10.8.0.0/16 +Endpoint = 199.168.223.11:13233 +PersistentKeepalive = 25 + diff --git a/wireguard/chums/YvesDugas/001-U-pcyves.Peer.rsc b/wireguard/chums/YvesDugas/001-U-pcyves.Peer.rsc new file mode 100644 index 0000000..3d487f4 --- /dev/null +++ b/wireguard/chums/YvesDugas/001-U-pcyves.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=192.168.61.1/32 disabled=no name="pcyves" interface=WG01 \ +preshared-key="K/C9aXn6DJqjN0nHCygojPjY+B40S6EWKGAQRoo05O4=" public-key="IaUPgaro0xZSL5EFrOSttqScvN6GdwzJtV8YgmRAQzM=" diff --git a/wireguard/chums/YvesDugas/001-U-pcyves.conf b/wireguard/chums/YvesDugas/001-U-pcyves.conf new file mode 100644 index 0000000..8f4f08b --- /dev/null +++ b/wireguard/chums/YvesDugas/001-U-pcyves.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = IGvOgupuIXaVgyLbboX4ASg2syfGuMxZnBb5vPpdu0E= +ListenPort = 51821 +Address = 192.168.61.1/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = /cMmECzL5y6qwn7t0b9jybw3rlo+M71eKqfbm0JgshE= +PresharedKey = K/C9aXn6DJqjN0nHCygojPjY+B40S6EWKGAQRoo05O4= +AllowedIPs = 0.0.0.0/0 +Endpoint = 65.94.149.174:14233 +PersistentKeepalive = 25 + diff --git a/wireguard/chums/YvesDugas/001-U-pcyves.conf.png b/wireguard/chums/YvesDugas/001-U-pcyves.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..62ef482d626fa74015a6cffc5ea04df5802b19b2 GIT binary patch literal 1447 zcmV;Y1z7rtP)s`nS7FiY)M`hw&>b6D7K4$Hvbt#xOo@0%z051jj@JG9CDrGLM$@G|;! za-TWIi5^g~98OK5KMe8M;qtzUFUfu5l*g{$d=~jHxo;c~7@_vK3pb}7ZVTM@!5M*M ztWNGdhZ2B(?R?)&MFA6+F;q0x2$NqYx8_V|zVhz6!QsjsHaf&LWwJwZORg7I#t;h! zM|tI_{redY<3(dUPHxMwscKQH!qaIDA4L}Ia7Klj+>TSAh5xb>MYmcB6+ReA%&&;P z$-U=TSfPwUAAs})Up8HYck}vezvPx2%T@ZdMSDt5=fZ~WiY2Yj^=@)24nbF;mk*Ey zTyY}KC;i%!+j8ugSfZ)~xb!3zu=Mf%Vdzb6%XL8%&1gY9KqW;@#i;NZ{n}6V3d!v` zwoTq;=2~=C&}9G~R&rS*xh;nps+%Ip{C220;Pc?@mF2BZc1Ui?Nh49>Vuf{1vY*06 zw?;pb`@qqiC(nicLjHdHAnl&BB6vzmkC_8dMf6lm#rW1C3?V-~gyz{%}6jzpBrpy#>P+EXc1 zYE&$2liP3{CTkL+_igN1S^l$2XlhtT9!qY`l_!-|cKIcYV`CU~L^gZ*|B&2*Yq5ij z)s{ieD_4yScCtpG1*W*0+&k`!RQ6K0s_cqAJ0(VZ$?Z7^cses#Js(a@5B0Jonug>y zT#L<&R85M6C<`6h)Du{>mp&l5HRsRhUa~!s7+V4N&`?n?_>{+zTXTHD9(^iS8EOGn z!9{~0iulVMFS!L5)%}TZi)^Ops2<7fBvHxM2-9L|-WV?OWZN+z)PqUfLu)y7G~lpTxdqo99)@tvKUNbO3Z`x;abK z;_3-Z^r#DxTXRi2!Bv^kARd#brVWoals`{y%S9Ij;bay^Q5smx^i<3y_lc7QP^h+p zZNZ6-%9yo6rlJh+_;qqi&R+I5_JdLi+k*M}Yu%dMnnN)aJrnmj#U4`EywuD1wfEGI zCAa2cpN{6tSVCvFaPu~!$!)nZep_>>8!&}oog+x}hs}8`xh2OW=CKD{ae~4Lg02ru zg-)H^mb3AT5Lf`FaGIj&Hw{Q=th^?@HMu3n?9^haOp&h;MM7f~;lIGACb!`f8$!1C zORIb|Rfl>nO#qVHa-1nqM;U^2V`Vk{^fQi{+@9lM@%xVvFrHu>^U{K4$?ZA4-RMDa zGq#q5h{DWP;$m_euID9;M4Ut{VIdGbYaP;lNp8={b0tL=R8=&NjUjXFiFoM)lG|_y zvG}W^LVGrepX^-e@1EQ*xE7On#M&BHtmrpPj|y0l+jEE$7Skt-=_rD3WnIt$Emuu$ z&zUlnhtjO=PD9I&7BR``^+0gVU8*K+V>t$*6Qa>R?p?YP4V zxITve*)v_9hc|gE0R96(Xc!#(xS5oFP%8omrncs|K z&#-}Ks<=JJr?`qaEeN*}8&bDc1`)A*$AbEE#RWPJWB*N?eW}4+zaQKsX}d` zgo?_5O5w2B*a(JB=Z8Pzxl*nWm7a;7`(i4ga~ohCH9B?z(Usn8P0Le{SPC&WE+$YUY3KE5I@_w2Bt zmratWV#U31jI!?VrC3WDE2;>zII*>ZPuz|>rve(*R(xf|CEY{AihJQKeP~M8tfiRT z>Y62XL}|2$+iMcmSB`pz_t?Y5zdC)=Rw>9N3F^k z$f7^=R8O3E?Xlago_t zUo$4|J7@93h3c^h!W}+J7^vJ(#?GGo@KMA)aGU{)k*4-HIxAHDyhtbYrq9GZa+#nU zn(ItxxwmmS)0ABFe(<)rgm+;@&gfmUVxM4QUP-pdd7LEQH9iF@Ffsa6-X#HX%h z9u^=sN?iJ>;vP8^ru93 z%W{9UM+zka{u7A%4cFOZHugzEe0f?{v`&qCOU3Our)APS_uIxzHuQ{bsJ6P$E^f=M zJZ7w`j))DERFtvV)|-d8J@+q%IC0{{{qNi#jk^2XF9(*b00000NkvXXu0mjfTwKWz literal 0 HcmV?d00001 diff --git a/wireguard/evoq/U-251-boum01.Peer.rsc b/wireguard/evoq/U-251-boum01.Peer.rsc new file mode 100644 index 0000000..f749105 --- /dev/null +++ b/wireguard/evoq/U-251-boum01.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.1.40.251/32 disabled=no name="boum01" interface=WG-Users \ +preshared-key="42dSePvur9+8yZzgtmm5ZqhbqPDs6HTbNO/6hoZCnSY=" public-key="vN4dr8B8jBXD5s+YunG5OGXEim2MRqEN9b/lDmpMsR0=" diff --git a/wireguard/evoq/U-251-boum01.conf b/wireguard/evoq/U-251-boum01.conf new file mode 100644 index 0000000..3577589 --- /dev/null +++ b/wireguard/evoq/U-251-boum01.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = sP6aXDHfNKnVZiB4KggyQo0/GQkWY4kiDVbUiG4V2VA= +ListenPort = 51821 +Address = 10.1.40.251/32 +DNS = 10.1.3.40,10.1.3.41 + +[Peer] +PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +PresharedKey = 42dSePvur9+8yZzgtmm5ZqhbqPDs6HTbNO/6hoZCnSY= +AllowedIPs = 10.0.0.0/8 +Endpoint = 66.171.167.250:13233 +PersistentKeepalive = 25 + diff --git a/wireguard/evoq/U-251-boum01.conf.png b/wireguard/evoq/U-251-boum01.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..8807c57b9c47dbb7c40a9e355a8533d2a87cf456 GIT binary patch literal 1488 zcmV;>1uy!EP)CyhKqt;AM!pleSm~xqz|Jz~7C6`=s$+?ZA z`e}A}w^~l?$91w6Z`YUN*QZ@S?Pz0+SxIiojo;@rymm7OGzhDp4d-jY)4#rJd~zG^ z92b53w1Ijv5EwpYfRj^jZ{t0Z`^Moqp89c}YdzxH@v|Sz#w;cGTMqLuPGev*9wT!o z_D8%Y_Ztp*0 zG}J+lY3Ufw5*G6?^F(qVxS{>^>^U3~b)c+PDQv+ZHz&8{D6*tjQD8B^Ay*COS@$=l zisbejLbYMxf`&b4M%(k@e;=b*X|bH5yKnSblKaMuK!&N0RtZvq!&5Oi zQq5wOd*q4a)|}l6D~eIHL!BK_X#{8C^{)GqTX56ASHi#rSFzRj?2$hztN-NoTw(Wv zb-zkg=WUo}+0$bVF3&!5aw|^h7P+B^uP1G`g|U}=;Zbsy?ojv&ZvD9`YcZw>?-<`+j6r>Lf=$*S5}{+ z;%_B3?+~|bj>9z3zNuu1tp871g1t+DC zc?b*2xDSE_L61c8mu^jN!Fd=bUHeAc%oC3awaQ<)ebeODTvwC1&LSX$0F9_h4;9|O zy>(V{3(j=Z5CV+_D~FWWH_Eu~kA8o0OHM1l`u3cM+ed-;YLj^NtCCxBT*T&1oDlns zb(PMag5LQ$xdo@rC*3J{sQh9I=Z2C?A^-6Cl3R1!LZW`ise*v*dJFHQhotSV{pHCm zI9I?{Nvd;dgj%AFj}pP?{3W;N%-AOxu3mX`>E%PKu4;X1uH?RORUHyUw}-PLVHNSt ztW4W4xeX^YoaQ?{a5l_B*c#30&Ej zHCFaY3C8l&RqIdBFFe%bK68&}&!vp&pmn`kS9`pp%y~#|&vE6a%;%r86zE*m#?c}H z-*KJXn!~e)ePWS)nIyEbvE;JYrJLMWZiMQoeR&oyF(50bJhgal>7fgfTXR^Zsz=eU zdNjN}Kcnh`)Uw-$PHxSW*ooun)KzXGqyHBkYUKnx<{`N?M_G!Lpo&Tg%a}IUYig`z zU;X~%R-7I%H{~7S>(h$1`^FyDesX&b51cg7=M&~G0lxeuIAbF{hMW@vLwbJeCi)1Gmi+>+xu#$J=FLE12!wJF6c q#ezNhB+0G0e>sv%F1h6XckT~8O36i8Sh@aT+6P;b2q^B z{Z+|q%KXFJnrnEM6(^Hc?mEqRoD6O}O4!)UJ#jngeuyZj@@GLnzdInx09eq>EjgUP z-e|MbPOz#mrKLZH&!BaiTXVG8M1IPY3OOt^DrQx@D;6LlGq>WHkV-o_lwM_(`_!dq z^*A(hPaHKoE5bsq&P2**L zs&Ap2jv`gXfw={zLZ3PxJZ`dEf*?jefvsB($WTDSe72em}f-9f8&2$y7eJWDyKU4ev@Gs`>ID~z~u~PT*pi9sZ z$r-Eq-_5N#nlR~VIt5ky((-pe)C0oYBZvGH8&CZ{C^=J_+N<1WojT)~x$hjr(HeG; zQP0YN4HH&ZR~_2iEk{S&;1YNn_3+=ZE8l|jC61Z<#wm`4O43xvev@3vktkJQndTli ziF~~}pA)KPRM4V7>wa_h91kIC{tll^5P|{~)u|Ft%{_4Je4-xRIRqgkRf9RQ^jbFk zuDP$A9DrK)?{=s%0#*RfQB)G zaZur_K>{?l<`|tA#JG@0!AwErDHIg;oyjGYboc$ z%gS49y+)f;>i*7XW^TdJ-A=pimAYcUWLR;q`*i8)nOkr=gcrY$UYm_lH8f*F_rO63 zb4zX(_jC*};b?j;WP3}eH7;Rp&B5316r!T$9eA6W(pG_`O3U1Wi#fB*$j>@8wfFO6 zLQgJU`XuJ=I5m{8bV0%QB=$=(b(Mhy&9__8`o4e=u z+uz<@ux8NGm ze|X%Dkw5h)ScNi4(Nd?(J#pD*J5=Kj@Dn^44dZ98nMZSLuA0e8wU`>DW}TE|Wr?Qo zp1U`9&()Y1>{{)+QuLMnvO37;!Q)ik`PFH4b zZowtJEd2y3QJes4to|N#3~ANomK@`lqM5oSNq;cwfHt3~`x*bt{p9}gGH1@5x&NK} Y2Yt-Td%V7Dx&QzG07*qoM6N<$g6Un>0RR91 literal 0 HcmV?d00001 diff --git a/wireguard/exo-c/003-boig01.Endpoint.rsc b/wireguard/exo-c/003-boig01.Endpoint.rsc new file mode 100644 index 0000000..77f920f --- /dev/null +++ b/wireguard/exo-c/003-boig01.Endpoint.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=172.16.200.3/32 disabled=no name=" boig01" interface=wg1 \ +preshared-key="SAsf/9Lgw/3g0DXxbJYLnIff9Hb1irm8cRXsrAuCLOc=" public-key="8p3hP25gL2ALfRGStXs0fbk68em/aWobuMYS7w6GPzQ=" diff --git a/wireguard/exo-c/003-boig01.conf b/wireguard/exo-c/003-boig01.conf new file mode 100644 index 0000000..d82062c --- /dev/null +++ b/wireguard/exo-c/003-boig01.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = GHvOQbVIPOw3NIqGS2+FlyMcCKIbVvQRbBTtj0rkqVc= +ListenPort = 51821 +Address = 172.16.200.3/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = njwJywr8UndTeemZnxKT62aKxw0JGXggmSqNEHAulUE= +PresharedKey = SAsf/9Lgw/3g0DXxbJYLnIff9Hb1irm8cRXsrAuCLOc= +AllowedIPs = 10.1.0.0/24,10.50.0.0/24,172.16.28.0/24,172.16.29/24,10.96.0.0/12 +Endpoint = d4450da4dffc.sn.mynetname.net:13235 +PersistentKeepalive = 25 + diff --git a/wireguard/exo-c/003-boig01.conf.png b/wireguard/exo-c/003-boig01.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..fd5158b4491e6a986aea3eeb72985aece153a12d GIT binary patch literal 1467 zcmV;s1w{IZP)RZ+IP6=imQmqsv?*na+y*i^Bo#Qfh5E3UZWiYv}7 zj&85RUOryOc*U9aw)4z+wZ-ee`@`RHYb$Qc#sBX)lV{yc&1LdoS(_ z_l}F_m6!_aCxqEJ&Xb&t^JH-GvEzo~{(?hL`yAGwN}8asPpf48csmlZM;l zYCItKe)^jkzC&v5$%4Cy-wmWaUN$@`K7oA$8`)@;p^-7`d8dfjz?sL82(tw z&V|b`>Y)^3emE^4cog@UGb~w7VTJKV0@ma(-6H$iQx_Ds=BNVrGKf}a0izr+fP(81{s?f!b=(k7JvbG`Z8)BbaJEoejC8|$#JgqykH>0O+@6D~a&a7N z8`qq;5(ds2R6}taPE}M4zf(!k20#MFRH#m+u)Y616u00|2NQoIxi`#I+R6oh;J4fAAUCs3kkBrBwY%T6H$Ka**AC^@< zJU^E&CB>R_aXW6{3afm-yr^8t5Z4TCKCievhXo1_p9WiZwVWc_DhzYK=ApPX7pk9r z9-??q6u2Y+K0-SfeU#$9aJkx}kb)>+w*<+!^F;%IhDvdJ&T}4^VwoP0kB^iLPMyWd zz>C{*X++V2N{?TrK5QyWVGBQ?6}RO)i&WEsW@CCPtOI0I8C1hf?-sY>(umT8(7c!J zC(|@bSl&?Fo=bxSW8HoB>!x1?a|KS-Q|}hH<|0yQN^vza8KrSveP$#Hf9R~@)*J*B zOVy4rmoDJTvx&#PXuJ7Y#Vt7+c!mlU=z*3UgsLB!oV@3jCyHBhLzTTTG4KJ(zBbpi zT+JZ3iraB%-b?$VaW_lS`BBoSvJ)xw5rdl)aXTx+?RLLt;MamrWe{ETCA+4 ztuiGT4V7D57q{k2+wQK;JlqtUZO}*kc}wTX0Dn9QdYGVQMw2^<>DqGy{s;ank!*^CkADM75V1eHr^Ru8Ui9rhwIf zDxVE!nJXhF!P6utZo_$20Nj|P&Jv6MTZ@m`_qL7|x8_=|_NIP_q5tVFnV?-K6th;` zS5CR%@N1{-;p*naO{@bjQT^ug6}RSG9ed^j+-_#qW)rsY<4_4(+@8xQMwiL1O*;5E za%-OF-e)iF3&(2yXnCd0Z4tS7+~o9|J^ZZV7Mz?X7EeAUm9^OpbsGQna~&&g#aZ^5 zSp=j62w$Hre#5Q7sMiV1_?kmZhVP>tkZyekvW3TD5^w^0?IY57f3Zl3@ zr^X1r$Iwz?@p5x5XjEbCr#>rg!OfnM`cCufvmmGo@czK5?!|36MJii%81k0CLy%s6 zr)Z_EQrw=)(LJUFV7hJk9)p=SK>0jb+=h$4dkR&xl#SB$mM{*>uZY=IR~7ex%gB}6 zryt2M+0V)oZ0J4ffZ{%L4IL82b-H>iq)b1RVblm-++T2nXaG>jvQ%yQ9z*96_baZ8 z`^C9xeba_Vn>l#k*D|OMhR|Nzo>NN5ZnLEieMPsv-ktkNi`#PlauiowamD@Lxj%r9 V=ZvIdiP8W7002ovPDHLkV1l^s;TQk_ literal 0 HcmV?d00001 diff --git a/wireguard/exo-c/guy.conf b/wireguard/exo-c/guy.conf new file mode 100644 index 0000000..09ab1b4 --- /dev/null +++ b/wireguard/exo-c/guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = UEX8Fq51QVG6oIPdCy8eWfrJcONrArRqyieK1faBzkE= +ListenPort = 51821 +Address = 172.16.28.1/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = 3ZnjnM9d/TL2MoNnEgNRlDztYEhHLNjb8EXai9utzCk= +PresharedKey = azOSAxvB4FqFR0XYvXiVZL3XZn1QD5S1ttQSSc/MiTk= +AllowedIPs = 172.16.24.0/24,172.16.44.0/24 +Endpoint = 45.61.15.102:13239 +PersistentKeepalive = 25 + diff --git a/wireguard/genconfig b/wireguard/genconfig new file mode 100755 index 0000000..569ff4e --- /dev/null +++ b/wireguard/genconfig @@ -0,0 +1,405 @@ +#!/bin/bash + +Version=241231-1054 +debug=0 +CORP="ingtegration-rb5009" # default value + +ScriptName=$(basename "$0") +ScriptDir=$(dirname "0") +IniFile=${ScriptDir}/${ScriptName}.ini +BaseDir="/home/boig01/temp/wireguard" + +((debug)) && echo -e " +ScriptDir = $ScriptDir +IniFile = $IniFile +" +NumUser=0 +NameUser="" +NumRouter=0 +NameRouter="" +Mode=0 + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + + +#---ini file parameters +unset PARAMS; +PARAMS=( +Endpoint_Rtr_Addr_Public +Endpoint_Rtr_Addr_Private +Endpoint_Rrt_Port +Endpoint_Rtr_PUB_KEY +Endpoint_Usr_Addr +Endpoint_Usr_Port +Endpoint_Usr_PUB_KEY +) + + + + +#========== INTERNAL FUNCTIONS ================================================ + +#---------- function Info ----------------------------------------------------- +# +# With date / time prefix +# +Info() +{ + printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" +} + + +#---------- function Message -------------------------------------------------- +# +# Send to STDOUT +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + + +#---------- ip2int ------------------------------------------------------------ +# +function ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#---------- int2ip ------------------------------------------------------------ +# +function int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + +#---------- CreateUser -------------------------------------------------------- +# +function CreateUser() +{ +local debug=0 +local ClientName="$1" +local Corp="$2" +#local CLIENT_NUM=$(printf "%03d" $3) +local WgUsrDir="${BaseDir}/${Corp}/users" # BaseDir global variable + +#---Create paths if not there +[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}" + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +#CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}" +CLIENT_FILE_PREFIX="${ClientName}" +CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.Endpoint.rsc" + + + +((debug)) && echo -e " +Corp = $Corp +ClientName = $ClientName +CLIENT_FILE_WIN = $CLIENT_FILE_WIN +CLIENT_FILE_RTR = $CLIENT_FILE_RTR +" && exit + + +echo -e "Client: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = 10.8.38.${ClientNum}/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = ${Endpoint_Usr_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = 10.8.0.0/16 +Endpoint = ${Endpoint_Usr_Addr}:${Endpoint_Usr_Port} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\${CORP} Router: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=10.8.38.${ClientNum}/32 disabled=no comment=\"User ${ClientName}\" interface=wg1 \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" + +Message "QR Code:" +qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}" +qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}" + +} + + + + + + +#---------- CreateRouter ------------------------------------------------------ +# +function CreateRouter() +{ +local debug=1 +local RouterNum="$1" +local RouterSubnet="$2" +local Corp="$3" +local BaseDir="${BaseDir}/${Corp}" # BaseDir global variable +local WgRtrDir="${BaseDir}/routers" + +#---Create paths if not there +[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" + + +RTR_PRIV_KEY=$(wg genkey) +Endpoint_Rtr_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) +RTR_PRE_SHARED_KEY=$(wg genpsk) +RTR_NUM=$(printf "%03d" $1) +RTR_FILE_PREFIX="${RTR_NUM}-Router" +RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}_Client.rsc" +RTR_FILE_RTR_ENDPOINT="${WgRtrDir}/${RTR_FILE_PREFIX}_Endpoint.rsc" + + +((debug)) && echo -e " +Corp = $Corp +RTR_NUM = $RTR_NUM +CLIENT_FILE_RTR = $RTR_FILE_RTR +BaseDir = $BaseDir +PreShared Key = $RTR_PRE_SHARED_KEY +" && exit + +[ -d "${BaseDir}" ] && Message "Creating dir ${BaseDir}" && mkdir -p "${BaseDir}" + + +Message "Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RTR_FILE_RTR} +${RTR_FILE_RTR_ENDPOINT} +" +Message "Client Router Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard +add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" + +/ip address add address=172.18.1.${RouterNum}/32 comment=wg-wg01 interface=wg01 + +/interface wireguard peers add allowed-address=172.16.18.254 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ + endpoint-address=${Endpoint_Rtr_Addr_Public} endpoint-port=${Endpoint_Rrt_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ + \"/ping interval=10 10.1.8.11 count=61\" + +/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ +| tee "${RTR_FILE_RTR}" + + +#echo -e "\n" +Message "${EndpointID} endpoint Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum} ${NameRouter}\" \\ +interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ +| tee "${RTR_FILE_RTR_ENDPOINT}" + +} + + + +#---------- function RrtSubnet ------------------------------------------------ +# +RtrSubnet() +{ + local RtrNum=$1 + + BaseNum=$(ip2int $Start_Subnet) # Subnet de depart en format integer + Nth=$((RtrNum-1)) # Le router #1 est "0" dans la séquence de subnet, #2 est 1, etc + Nth=$((Nth*NAPS)) # Decimal a aditionner en fonction pour le Nth router + Subnet=$((BaseNum+Nth)) # Nth subnet calculé +# Subnet="${Subnet}/$(Bits_Subnet=3})" + + echo -e "$(int2ip $Subnet)/${Subnet_Bits}" +} + + +#---------- function Interactive ---------------------------------------------- +# +function Interactive() +{ + echo -e "\nInteractive function" +} + + + + +#---------- function Help ----------------------------------------------------- +# +function Help() +{ +echo -e " +MikroTik WireGuard configurator + +usage: + ${ScriptName} [Options] + + -c Corp name + + -i Interactive (will ask for all needed infos) + + -l List endpoints in config + + -n User mode: # ot the new user (Unique user number between 1 and 253) + -u User name (example: AdrianSmith, don't use space or accentuated chars) + + -r Router mode: # of the new client router (EVOQ router #, like 1 or 11) + -s Router Name (example: Montreal-1 , will appear as comment in endpoint router ) + +When in user mode, you must provide name & unique user number between 2 and 253. +This user number will be assigned an ip address 10.1.40.[user #]. + +" && exit +} + + +#================ MAIN ======================================================== +# + +((!$#)) && Help && exit # If no command parameters passed, help and bail out +echo -e "\n${GREEN}${ScriptName} ${BLUE}configurator version ${YELLOW}$Version${NC}" + +while getopts c:dhiln:r:s:u: option +do + case "${option}" in + c) CORP=${OPTARG} + ;; + d) debug=1 + ;; + h) Help + exit + ;; + i) Interactive + exit + ;; + l) Message "Listing endpoints in ${IniFile}" + grep '\[' ${IniFile} + exit + ;; + n) NumUser=${OPTARG} + Mode="User" + ;; + r) NumRouter=${OPTARG} + Mode="Router" + ;; + s) NameRouter="${OPTARG}" + ;; + u) NameUser="${OPTARG}" + ;; + *) echo -e "Usage (bad argument: $OPTARG) \n" + exit 1;; + esac +done + + +((debug)) && echo -e " +NumRouter = ${NumRouter} +NumUser = ${NumUser} +RtrSubnet = $(RtrSubnet ${NumRouter}) +" + +if [[ "${NumRouter}" -ne "0" && "${NumUser}" -ne "0" ]] +then + echo "** Error, can't use user and router # simulteaneously" + exit 1 +fi + + +#---Endpoint Router Config +EndpointID=RB5009 + + +for PARAM in "${PARAMS[@]}" +do + eval ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ${IniFile}) +done + + +#Endpoint_Rtr_Addr_Public=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rtr_Addr_Public[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Rtr_Addr_Private=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rtr_Addr_Private[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Rrt_Port=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rrt_Port[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Rtr_PUB_KEY=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rtr_PUB_KEY[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Usr_Addr=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Usr_Addr[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Usr_Port=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Usr_Port[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) +#Endpoint_Usr_PUB_KEY=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Usr_PUB_KEY[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini) + + +echo -e " +CORP = $CORP +Endpoint_Rtr_Addr_Public = $Endpoint_Rtr_Addr_Public +Endpoint_Rtr_Addr_Private = $Endpoint_Rtr_Addr_Private +Endpoint_Rrt_Port = $Endpoint_Rrt_Port +Endpoint_Rtr_PUB_KEY = $Endpoint_Rtr_PUB_KEY +Endpoint_Usr_Addr = $Endpoint_Usr_Addr +Endpoint_Usr_Port = $Endpoint_Usr_Port +Endpoint_Usr_PUB_KEY = $Endpoint_Usr_PUB_KEY + +" + +((debug)) && printf "Parameters : %s\n" "${PARAMS[@]}" + + +#exit + + +#---Client Router Subnets +Start_Subnet=10.1.41.0 +Bits_Subnet=8 +Subnet_Bits=$((32-Bits_Subnet)) # Router address subnet bits +NAPS=$((2**Bits_Subnet)) # Nombre d'Adresses Par Subnet + + + + + +case "$Mode" in + User) Message "Creating User" + CreateUser ${NameUser} ${CORP} + exit + ;; + Router) Message "Creating Router with $(RtrSubnet ${NumRouter})" + CreateRouter $NumRouter $(RtrSubnet ${NumRouter}) ${CORP} + exit + ;; + *) echo -e "\n** ERROR : User # was not provided" + Help + ;; +esac + + diff --git a/wireguard/genconfig-exoc b/wireguard/genconfig-exoc new file mode 100755 index 0000000..36be6c1 --- /dev/null +++ b/wireguard/genconfig-exoc @@ -0,0 +1,117 @@ +#!/bin/bash +# +# (c) IngTegration inc 2023 +# GPL licensed +# + + +debug=0 +ClientName="$1" +ClientNum="$2" +Corp="$3" +Endpoint_Usr_PUB_KEY="CHANGE_ME" # put router WG public key here +RtrSubnetPrefix="10.0.254" # WG subnet prefix +DnsSrv="1.1.1.1 8.8.8.8" +AllowedIps="0.0.0.0/0" # Allowed IP for clients +RtrInterf="wg01" # Router WG Interface +Endpoint_Usr_Port=51844 +#local CLIENT_NUM=$(printf "%03d" $3) +#local WgUsrDir="${BaseDir}/${Corp}/users" # BaseDir global variable +WgUsrDir="." +Endpoint_Usr_Addr="${RtrSubnetPrefix}.${ClientNum}" + + + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + +#===========Internal Functions================================================= +# + +#-------------Help------------------------------------------------------------- +# +function Help() +{ + cat << EOF + usage: $(basename "$0") [ClientName] [ClientNum] [Corp] + + ClientName : Name of the roadwarrior client (Ex. marlene) + ClientNum : Roadwarrior sequence number, will translate into ip last octet + 1 --> SubnetPrefix.1 (Ex: 172.16.20.1) + Corp : Name of RoadWarrior Company (Ex: ExoC) + +EOF + exit +} + +#---------------Message-------------------------------------------------------- +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + + +((!$#)) && Help # Call help if no argument supplied + + +ClientPadNum=$(printf "%03d" $ClientNum) + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +#CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}" +CLIENT_FILE_PREFIX="${ClientPadNum}-${Corp}-${ClientName}" +CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.Endpoint.rsc" + + + +((debug)) && echo -e " +Corp = $Corp +ClientName = $ClientName +CLIENT_FILE_WIN = $CLIENT_FILE_WIN +CLIENT_FILE_RTR = $CLIENT_FILE_RTR +" && exit + + +echo -e "Client: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = ${Endpoint_Usr_Port} +Address = ${RtrSubnetPrefix}.${ClientNum}/32 +DNS = ${DnsSrv} + +[Peer] +PublicKey = ${Endpoint_Usr_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = ${AllowedIps} +Endpoint = ${Endpoint_Usr_Addr}:${Endpoint_Usr_Port} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\n${Corp} Router: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=${RtrSubnetPrefix}.${ClientNum}/32 disabled=no comment=\"User ${ClientName}\" interface=${RtrInterf} \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\"" | tee "${CLIENT_FILE_RTR}" + +Message "QR Code:" +qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}" +qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}" + diff --git a/wireguard/genconfig-exoc.zip b/wireguard/genconfig-exoc.zip new file mode 100644 index 0000000000000000000000000000000000000000..86d7c8b2cab2d74a560289b6909d1521ee339659 GIT binary patch literal 1504 zcmZ|Pc|6k%90%~<+GMPj2ff_UF_9V*A#`BwGB-0tbC)Ye+mkaP;rz-IMl?Vb106}#6Z=KR@*GQ*AY!t?_0*hFy%n8d#@ys)G?yF)}9Czwc|EZ?Z z`k|CgiiAGnAj0m(?c%f9uaTqHqjaedK?67qTby#;EMebD0gKRqlT_~T&h+vbHs>x& zXRI&f=homJ-yv#t`hy?GL%&ljQl5`%2nbQvWm33pQ(Js`g!jNijC_8fRtDi~QsG=? zQFV1~#E;OJ6T4ZqUyhzKG+4vU;v(QVP0Y&!ItXZ{w8`BL>sB7rS0Y@rg%%vr2|37e z$v-U7I~ng`Ki6Nfm`A^?CAW|!i>Q!L1wpeQdhh!i8_docZ+eViPFrGI6b&@$2-mH2E2ELb=lwElkl~03Eqb%Ivo9w2Wg>@ zwx$IoL-w-)+IcB?rb)w%5hM{Qr*%G#*??_0E3yXCjaR(o4Cl_(ayrq~N9!IJ^}3l$ z>CDLL$zq*ijf)?W)F>nR3VS!4$EIXX;iNJKfau z!MDWP&=uh{d6#5r&%5V&6&bSo5n8%V3ylC7u77vvQ_C$BMO{I2G$ zg9lvD2W=p&bo|PK$lq^_^AC{>@z*hxO2Vjg`5iU5Vp-f%mnk1Ti_bsgCKh*}9m;}y zjbDS6iA|uqgt^hQM8SQ3k-fA1agE2K*tvBB=RU_VST~|NT9i}ucM&uTHNHz25L))o zX~a)ll(A7NSYRaJt0c9ixLOaBDR9Qt@iQp&UB|w7!}3@^=|zQN+v79cBFz?+HH^4$ zpL_am;GZA9VtRKE-=kml!ea2W0ww?x4SQfOBp{vzs?cG!f61f&dZW zFr{dztim;Z_)C(X->UEt!-FMuL^q_rY;)|>KIcQDb*Q{+y5L|@1HkPixe=mb*)E0( zwN+>Ncr;brydrofu9u4L%}DTEmU6V}&PtYfDcu=RbWCUdqh#E6iG*zI?-X%%F^BU{L*+;ZsRAUL2|MhLnui)b8suA6^XVn&M?ltM#)NNd3LJ z3cN8ftJIz)mDM9O-iO0Hlt;xpnZSTC_86`#XnLs$sg{`0zzkR#`vkAeO4hW?cR?Hf xX%EH&2; } # send to stderr + + +#=================== function Message ========================================== +# +# Send to STDOUT +# +Message() { + printf "\n${GREEN}[i] ${BLUE}%s${NC}" "$*" +} + + + +#=================== function ip2int =========================================== +# +ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#=================== function int2ip =========================================== +# +int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + +#======================== CreateUser ========================================== +# +function CreateUser() +{ +ClientName=$1 +ClientNum=$2 + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +CLIENT_NUM=$(printf "%03d" $2) +CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}" +CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.CCR1.rsc" + +((debug)) && echo -e " +ClientName = $1 +CLIENT_NUM = $CLIENT_NUM +CLIENT_FILE_WIN = $CLIENT_FILE_WIN +CLIENT_FILE_RTR = $CLIENT_FILE_RTR +" && exit + + +echo -e "Client: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = 10.8.38.${ClientNum}/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = ${USR_CCR1_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = 10.8.0.0/16 +Endpoint = ${Usr_CCR1_Addr}:${Usr_CCR1_Port} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\nAtom Router: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=10.8.38.${ClientNum}/32 disabled=no comment=\"User ${ClientName}\" interface=wg1 \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" +} + + + + + + +#======================== CreateRouter ======================================== +# +function CreateRouter() +{ +RouterNum="$1" +RouterSubnet="$2" + +RTR_PRIV_KEY=$(wg genkey) +RTR_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) +RTR_PRE_SHARED_KEY=$(wg genpsk) +RTR_NUM=$(printf "%03d" $1) +RTR_FILE_PREFIX="${RTR_NUM}-Router" +RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}.rsc" +RTR_FILE_RTR_CCR1="${WgRtrDir}/${RTR_FILE_PREFIX}.CCR1.rsc" + + +((debug)) && echo -e " +ClientName = $1 +CLIENT_NUM = $RTR_NUM +CLIENT_FILE_RTR = $RTR_FILE_RTR +" && exit + + +Message "Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RTR_FILE_RTR} +${RTR_FILE_RTR_CCR1} +" +Message "Router Client Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard +add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" + +/ip address add address=10.1.41.${RouterNum}/32 comment=wg-wg01 interface=wg01 +/ip route add dst-address=10.0.0.0/8 gateway=wg01 +/ip route add dst-address=192.168.0.0/16 gateway=wg01 + +/interface wireguard peers add allowed-address=10.0.0.0/8,192.168.0.0/16 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ + endpoint-address=${Rtr_CCR1_Addr} endpoint-port=${Rtr_CCR1_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_CCR1_PUB_KEY}\" + +/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ + \"/ping interval=10 10.1.8.11 count=61\" + +/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ +| tee "${RTR_FILE_RTR}" + + +#echo -e "\n" +Message "${RouterID} Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum}\" \\ +interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_PUB_KEY}\" + +/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ +| tee "${RTR_FILE_RTR_CCR1}" + +} + + + +#=================== function RrtSubnet ======================================== +# +RtrSubnet() +{ + local RtrNum=$1 + + BaseNum=$(ip2int $Start_Subnet) # Subnet de depart en format integer + Nth=$((RtrNum-1)) # Le router #1 est "0" dans la séquence de subnet, #2 est 1, etc + Nth=$((Nth*NAPS)) # Decimal a aditionner en fonction pour le Nth router + Subnet=$((BaseNum+Nth)) # Nth subnet calculé +# Subnet="${Subnet}/$(Bits_Subnet=3})" + + echo -e "$(int2ip $Subnet)/${Subnet_Bits}" +} + + + + +#================ MAIN ======================================================== +# + +((!$#)) && Help && exit # If no command parameters passed, help and bail out +echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator version $Version\n" + +while getopts dhn:r:u: option +do + case "${option}" in + d) debug=1 + ;; + h) Help + exit ;; + n) NumUser=${OPTARG} + Mode="User" + ;; + r) NumRouter=${OPTARG} + Mode="Router" + ;; + u) NameUser=${OPTARG} + ;; + *) echo -e "Usage (bad argument: $OPTARG) \n" + exit 1;; + esac +done + + +((debug)) && echo -e " +NumRouter = ${NumRouter} +NumUser = ${NumUser} +RtrSubnet = $(RtrSubnet ${NumRouter}) +" && exit + + + + +if [[ "${NumRouter}" -ne "0" && "${NumUser}" -ne "0" ]] +then + echo "** Error, can't use user and router # simulteaneously" + exit 1 +fi + + +case "$Mode" in + User) Message "Creating User" + CreateUser $NameUser $NumUser + exit + ;; + Router) Message "Creating Router with $(RtrSubnet ${NumRouter})" + CreateRouter $NumRouter $(RtrSubnet ${NumRouter}) + exit + ;; + *) echo -e "\n** ERROR : User # was not provided" + Help + ;; +esac + + diff --git a/wireguard/genconfig.ini b/wireguard/genconfig.ini new file mode 100644 index 0000000..654eb95 --- /dev/null +++ b/wireguard/genconfig.ini @@ -0,0 +1,66 @@ +[ingtegration-rb5009] +Addr_Public="seve.ingtegration.com" +01_InterfaceName="WG-Devices" +01_PUBKEY="MmTMFo+Fs3N9jrcVeGKkmMi2NoZctvSB7813LCN12nY=" +01_Addr="172.16.254.2" +01_Subnet="172.16.254.0/24" +01_Port="14321" +02_InterfaceName="WG-Users" +02_PUBKEY="iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw=" +01_Subnet="172.16.40.0/24" +02_Addr="172.16.40.254" +02_Port="14322" + + +[evoq-mtl] +Addr_Public="66.171.167.250" +01_InterfaceName="WG-Routers" +01_PUBKEY="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw=" +01_Subnet="10.1.41.0/24" +01_Addr="10.1.41.254" +01_Port="13232" +02_InterfaceName="WG-Users" +02_PUBKEY="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw=" +02_Subnet="10.1.42.0/24" +02_Addr="10.1.42.254" +02_Port="13233" + + +[koze-maison] +Addr_Public="b4a30b139a75.sn.mynetname.net" +01_Subnet="10.1.41.0/24" +01_Addr="172.16.41.254" +01_Port="13232" +01_PUBKEY="8e1iXWniMo+3OU1FsNPAgrG0av9d/Ijf9ybj75z9GWE=" +01_InterfaceName="WG-Users" + +[rrf-rb5009] +Addr_Public="142.217.209.155" +01_Subnet="172.16.41.0/24" +01_Addr_Private="172.16.41.254" +01_Port="14231" +01_PUBKEY="FYmwzlP4m2IkS4VpDSwhN6NHHJBrEBbIqf9+GS7VWxo=" +01_InterfaceName="WG-Users" + +[cccp-hexs] +Addr_Public="199.168.223.11" +01_Subnet="10.8.37.0/24" +01_Addr="10.8.37.254" +01_Port="13233" +01_PUBKEY="nAwCkIHkPlgJwpU+t84mBSOUsylfDj+nudD3neZoaiU=" +01_InterfaceName="WG-Users" + +[cccp-rb2011] +Addr_Public="199.168.223.10" +01_InterfaceName="WG-Users" +01_Subnet="10.8.37.0/25" +01_Addr="10.8.35.126" +01_Port="13232" +01_PUBKEY="nAwCkIHkPlgJwpU+t84mBSOUsylfDj+nudD3neZoaiU=" +02_InterfaceName="WG-Routers" +02_Subnet="10.8.37.129/25" +02_Addr="10.8.34.254" +02_Port="13233" +02_PUBKEY="kIV/vXbuNWWc//zU27+g3QcrOIYuVh8/Bo/g8O2iwUQ=" + + diff --git a/wireguard/genconfig_router b/wireguard/genconfig_router new file mode 100755 index 0000000..28422b6 --- /dev/null +++ b/wireguard/genconfig_router @@ -0,0 +1,146 @@ +#!/bin/bash +# +debug=0 +ScriptName=$(basename "$0") + +RouterName="RB5009-CTG" +RouterAddrPublic="heh08h84mnt.sn.mynetname.net" +RouterPort="14322" +RouterAddrPrivate="172.16.254.2" +RouterInterface="WG-Devices" + + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + + + + +#---------- function Message -------------------------------------------------- +# +# Send to STDOUT +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + + +function CreateRouter() +{ +local debug=0 +local DeviceNum="$1" # voir plus bas avec printf +local DeviceName="$2" +local DeviceInterface="$3" + +DeviceAllowedAddress="172.16.40.2" + + + +DevicePrivKey=$(wg genkey) +DevicePubKey=$(echo "${DevicePrivKey}" | wg pubkey) +DevicePSK=$(wg genpsk) +DeviceNumPad=$(printf "%03d" $1) # 3 digit pad of $1 +DeviceFilesPrefix="R-${DeviceNumPad}" +RouterFileCfg="${DeviceFilesPrefix}_RouterCfg.rsc" +DeviceFileCfg="${DeviceFilesPrefix}_DeviceCfg.rsc" + + +((debug)) && echo -e " +DeviceNum = $DeviceNum +DevicePrivKey = $DevicePrivKey +DevicePubKey = $DevicePubKey +DevicePSK = $DevicePSK +DeviceFileCfg = $DeviceFileCfg +RouterFileCfg = $RouterFileCfg +" | column -t && exit + + +Message "Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RouterFileCfg} +${DeviceFileCfg} +" + +Message "Router Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "S'assurer que sur router: /interface wireguard add listen-port=${RouterPort} mtu=1420 name=${RouterInterface}\n" + +echo -e "/interface wireguard peers add allowed-address=172.16.254.${DeviceNum}/32 client-keepalive=10 disabled=no comment=\"${DeviceName}\" \\ +interface=WG-Devices preshared-key=\"${DevicePSK}\" public-key=\"${DevicePubKey}\"" +#| tee "${RouterFileCfg}" + + + + + +Message "${DeviceName} device Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" + +echo -e "/interface wireguard add listen-port=13239 mtu=1420 name=${DeviceInterface} private-key=\"${DevicePrivKey}\" + +/interface wireguard peers add allowed-address=${RouterAddrPrivate} client-keepalive=15 disabled=no comment=\"${RouterName}\" \\ +interface=${DeviceInterface} preshared-key=\"${DevicePSK}\" public-key=\"${DevicePubKey}\" endpoint-address=${RouterAddrPublic} endpoint-port=${RouterPort} + +/ip route add dst-address=0.0.0.0 gateway=${RouterAddrPrivate}" +#| tee "${DeviceFileCfg}" + +} + + +Help() { + cat << EOF +usage: $(basename "$0") [OPTIONS] + -d Device Number + -n Device Name + -i Device Interface + -h This help +EOF +} + + + + + +((!$#)) && Help + + + +while getopts d:n:i:h option +do + case "${option}" in + d) DeviceNumber=${OPTARG};; + n) DeviceName=${OPTARG};; + i) DeviceInterface=${OPTARG};; + h) Help + exit 0;; + *) echo -e "Usage (bad argument: ${OPTARG}) \n" + exit 1;; + esac +done + + +((debug)) && echo -e " +DeviceNumber = $DeviceNumber +DeviceName = $DeviceName +DeviceInterface = $DeviceInterface +" | column -t && exit + + +CreateRouter ${DeviceNumber} ${DeviceName} ${DeviceInterface} + + + diff --git a/wireguard/genconfig_router.txt b/wireguard/genconfig_router.txt new file mode 100644 index 0000000..03cf753 --- /dev/null +++ b/wireguard/genconfig_router.txt @@ -0,0 +1,31 @@ +CCR1016 EVOQ +============ +/ip address +add address=10.1.41.254/24 interface=WG-Routers network=10.1.41.0 + +/interface wireguard +add comment=10.1.32.0/24 listen-port=13232 mtu=1420 name=WG-Routers + + +/interface wireguard peers +add allowed-address=10.1.40.1/32 client-keepalive=10s comment="User squirion" interface=WG-Users preshared-key="+tgz1wqMtrota6gxmMtEix3wiZI85IM8Ty5x7ucgbiA=" public-key="6KhC7Ai2As7ShqKC1tlKQ1eKp8MLdrljBdJBCUIjal8=" + + + + + +WG "Server": +------------ +Router WAN Addr : heh08h84mnt.sn.mynetname.net +Router WAN Port : 14322 + +Router Local Address: 172.16.254.2/24 +Device: WG-Devices +Public Key: MmTMFo+Fs3N9jrcVeGKkmMi2NoZctvSB7813LCN12nY= + + + + +-d [device num] -n [device name] -i [device interface] + +genconfig_router -d 4 -n Fuengirola -i wg-ctg diff --git a/wireguard/genconfig_simple b/wireguard/genconfig_simple new file mode 100755 index 0000000..43cbd77 --- /dev/null +++ b/wireguard/genconfig_simple @@ -0,0 +1,431 @@ +#!/bin/bash + +Version=250731-1953 +debug=0 +ScriptMode="" # Script gen mode for client: user or router + + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + + + +#---ini file parameters list +unset PARAMS; +PARAMS=( +RtrInterface +Rtr_Addr_Admin +Rtr_Addr_Public +Rrt_Port +Rtr_Addr_Private +Rtr_CIDR_Mask +Rtr_PUB_KEY +Rtr_DNS +Rtr_Route_Subnet +) + +#---A enlever apres testing +export RouterName="" +export RouterInterface="" +export DeviceName="" +export Company="" +export CORP="" +export UserName="" + + + + + +#========== INTERNAL FUNCTIONS ================================================ + +#---------- function Info ----------------------------------------------------- +# +# With date / time prefix +# +Info() +{ + printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" +} + + +#---------- function Message -------------------------------------------------- +# +# Send to STDOUT +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + +#---------- ip2int ------------------------------------------------------------ +# +function ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#---------- int2ip ------------------------------------------------------------ +# +function int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + + +#---------- RouterCommand ----------------------------------------------------- +# +function RouterConnect() +{ + local Command="$" + +} + + +#---------- CreateUser -------------------------------------------------------- +# +function CreateUser() +{ + +local RouterName=$1 +local RouterInterface=$2 +local UserNumber=$3 +local UserName=$4 +local debug=0 + +RouterCfg="${RouterName}.cfg" + +#---Read values from config file +for PARAM in "${PARAMS[@]}" +do + eval local ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + +Digits=000 +Temp="${Digits}${UserNumber}" +ClientNumPad=$(echo ${Temp:(-${#Digits})}) + + +IFS=. read -r octet1 octet2 octet3 octet4 <<< "$Rtr_Addr_Private" +Subnet="${octet1}.${octet2}.${octet3}" +UserAddress=${Subnet}.${UserNumber}/32 + +Message "Subnet : $Subnet" +Message "ClientNumPad : $ClientNumPad" + + + + +((debug)) && echo -e " +DEBUG - CreateUser +User Number = $1 +UserName = $2 +UserName = $3 +UserAddress = $UserAddress +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +RouterInterface = $RouterInterface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY +Subnet = $Subnet +Rtr_DNS = $Rtr_DNS +Rtr_Route_Subnet = $Rtr_Route +" | column -t && exit + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +ROUTER_PUB_KEY="$RouterPubKey" + +CLIENT_FILE_PREFIX="U-${ClientNumPad}-${UserName}" +CLIENT_FILE_WIN="${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${CLIENT_FILE_PREFIX}.Peer.rsc" + + +echo -e "\nClient: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = ${UserAddress} +DNS = ${Rtr_DNS} + +[Peer] +PublicKey = ${Rtr_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = ${Rtr_Route_Subnet} +Endpoint = ${Rtr_Addr_Public}:${Rrt_Port} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\nRouter: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=${Subnet}.${UserNumber}/32 disabled=no name=\"${UserName}\" interface=${RouterInterface} \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" + +Message "QR Code:" +qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}" +qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}" + +Message "Generated User Files:" +ls -1 ${CLIENT_FILE_PREFIX}* +} + + + + + + +#---------- CreateRouter ------------------------------------------------------ +# +function CreateRouter() +{ +local debug=1 +local RouterNum="$1" +local RouterSubnet="$2" +local Corp="$3" +local BaseDir="${BaseDir}/${Corp}" # BaseDir global variable +local WgRtrDir="${BaseDir}/routers" + +#---Create paths if not there +[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" + + +RTR_PRIV_KEY=$(wg genkey) +Endpoint_Rtr_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) +RTR_PRE_SHARED_KEY=$(wg genpsk) +RTR_NUM=$(printf "%03d" $1) +RTR_FILE_PREFIX="${RTR_NUM}-Router" +RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}_Client.rsc" +RTR_FILE_RTR_ENDPOINT="${WgRtrDir}/${RTR_FILE_PREFIX}_Endpoint.rsc" + + +((debug)) && echo -e " +Corp = $Corp +RTR_NUM = $RTR_NUM +CLIENT_FILE_RTR = $RTR_FILE_RTR +BaseDir = $BaseDir +PreShared Key = $RTR_PRE_SHARED_KEY +" && exit + +[ -d "${BaseDir}" ] && Message "Creating dir ${BaseDir}" && mkdir -p "${BaseDir}" + + +Message "Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RTR_FILE_RTR} +${RTR_FILE_RTR_ENDPOINT} +" +Message "Client Router Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard +add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" + +/ip address add address=172.18.1.${RouterNum}/32 comment=wg-wg01 interface=wg01 + + +/interface wireguard peers add allowed-address=172.16.18.254 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ + endpoint-address=${Endpoint_Rtr_Addr_Public} endpoint-port=${Endpoint_Rrt_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ + \"/ping interval=10 10.1.8.11 count=61\" + +/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ +| tee "${RTR_FILE_RTR}" + + +#echo -e "\n" +Message "${EndpointID} endpoint Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum} ${NameRouter}\" \\ +interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ +| tee "${RTR_FILE_RTR_ENDPOINT}" + +} + + + + + + + +#---------- GetRouter_Infos ---------------------------------------------------- +# +function GetRouter_Infos() +{ +local RouterName="$1" +local IniFile="${1}.cfg" +local debug=0 + +((debug)) && echo -e "\nIniFile = ${IniFile}\n" + +#read -p "Entrer l'interface du router: " RouterInterface +echo -e "[${RouterName}]" >> ${IniFile} + +for PARAM in "${PARAMS[@]}" +do + echo -e "\nPARAM = $PARAM" + eval 'read -p "Entrer ${PARAM} " Value' + eval 'echo ${PARAM}=${Value} >> ${IniFile}' + done +((debug)) && echo "${FUNCNAME[0]} exit" +} + + + +#---------- Help --------------------------------------------------------------- +# +function Help() { + cat << EOF +usage: $(basename "$0") [OPTIONS] + -a Debug mode + -d Device Name + -h Show this message + -i Interactive + -u User Name + -n User / Device number +EOF +} + + +#================= MAIN ======================================================= +# + +((!$#)) && Help && exit + + +while getopts ad:hi:n:qu: option +do + case "${option}" in + a) debug=1 + ;; + d) DeviceName="${OPTARG}" + ;; + h) Help + exit + ;; + i) Interactive + exit + ;; + n) UserNumber="${OPTARG}" + ;; + u) UserName="${OPTARG}" + ;; + *) Message "Usage (bad argument: $OPTARG)" + exit 1 + ;; + esac +done + + + +#---Init global variables +#for PARAM in "${PARAMS[@]}" +#do +# eval export '${PARAM}=""' +# done + + +if [[ ! -z ${UserName} ]] # User mode prioritised if both specified +then + ScriptMode=User + Message "User mode" +elif [[ ! -z ${DeviceName} ]] +then + ScriptMode=Device + Message "Device mode" +else + Message "Must use either -u or -d" + exit +fi + + + +CfgNum=$(find . -maxdepth 1 -iname "*.cfg" |wc -l) + +Message "Avant demande router infos" + +if [[ $CfgNum -eq 1 ]] +then + RouterCfg=$(find . -maxdepth 1 -iname "*.cfg" -printf "%f") + RouterName="${RouterCfg%.*}" +else + read -p "Entrer Nom du Router: " RouterName + ((debug)) && echo -e "Router Name = ${RouterName}" + GetRouter_Infos "${RouterName}" + RouterCfg=${RouterName}.cfg +fi + + +((debug)) && echo -e " +Après GetRouter_Infos +RouterName : $RouterName +RouterInterface : $RouterInterface +" + + +for PARAM in "${PARAMS[@]}" +do + eval ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + +echo -e "Avant Create User" + +((debug)) && echo -e " +RouterName = $RouterName +DeviceName = $DeviceName +UserNumber = $UserNumber +UserName = $UserName +Rtr_Addr_Admin = $Rtr_Addr_Admin +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +RtrInterface = $RtrInterface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY + +" | column -t && exit + +case "${ScriptMode}" in + User) CreateUser ${RouterName} ${RtrInterface} ${UserNumber} ${UserName} + exit + ;; + Router) CreateRouter ${RouterName} ${UserNumber} ${DeviceName} + ;; + *) Message "Bad mode passed ${ScriptMode}" + exit 1 + ;; + esac + + + +Message "All done." diff --git a/wireguard/genconfig_simple.2025-05-16_110317 b/wireguard/genconfig_simple.2025-05-16_110317 new file mode 100755 index 0000000..974b191 --- /dev/null +++ b/wireguard/genconfig_simple.2025-05-16_110317 @@ -0,0 +1,306 @@ +#!/bin/bash + +debug=0 + + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + + + +#---ini file parameters list +unset PARAMS; +PARAMS=( +Rtr_Addr_Public +Rrt_Port +Rtr_Interface +Rtr_Addr_Private +Rtr_CIDR_Mask +Rtr_PUB_KEY +) + + +export RouterName="" +export Company="" +export CORP="" + + + + +#========== INTERNAL FUNCTIONS ================================================ + +#---------- function Info ----------------------------------------------------- +# +# With date / time prefix +# +Info() +{ + printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" +} + + +#---------- function Message -------------------------------------------------- +# +# Send to STDOUT +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + +#---------- ip2int ------------------------------------------------------------ +# +function ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#---------- int2ip ------------------------------------------------------------ +# +function int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + + +#---------- CreateUser -------------------------------------------------------- +# +function CreateUser() +{ + +local CORP=$1 +local RouterCfg=$2 +local UserNumber=$3 +local NameUser=$4 +local debug=1 + +#---Read values from config file +for PARAM in "${PARAMS[@]}" +do + eval local ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + +Digits=000 +Temp="${Digits}${UserNumber}" +ClientNumPad=$(echo ${Temp:(-${#Digits})}) + +IFS=. read -r octet1 octet2 octet3 octet4 <<< "$Rtr_Addr_Private" +Subnet="${octet1}.${octet2}.${octet3}" +Message "Subnet : $Subnet" +Message "ClientNumPad : $ClientNumPad" + +((debug)) && echo -e " +DEBUG - CreateUser +UserNumber = $1 +NameUser = $2 +Company = $3 +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +Rtr_Interface = $Rtr_Interface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY +Subnet = $Subnet + +" && exit + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +ROUTER_PUB_KEY="$RouterPubKey" + +CLIENT_FILE_PREFIX="${ClientNumPad}-${NameUser}" +CLIENT_FILE_WIN="${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${CLIENT_FILE_PREFIX}.Peer.rsc" + + +echo -e "\nClient: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = ${Subnet}.${UserNumber}/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = ${ROUTER_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = 0.0.0.0/0 +Endpoint = ${RouterAddressPub}:${RouterPort} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\nRouter: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=${Subnet}.${UserNumber}/32 disabled=no name=\"${NameUser}\" interface=${Rtr_Interface} \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" + +Message "QR Code:" +qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}" +qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}" + +ls -1 ${ClientNumPad}* +} + + + +function GetRouter_Infos() +{ +local RouterName="$1" +local IniFile="${1}.cfg" +local debug=0 + +((debug)) && echo -e "\nIniFile = ${IniFile}\n" + +read -p "Entrer CORP: " CORP +echo -e "[${CORP}]" | tee ${IniFile} + +for PARAM in "${PARAMS[@]}" +do + #eval ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ${IniFile}) + echo -e "\nPARAM = $PARAM" + eval 'read -p "Entrer ${PARAM} " Variable' + eval 'echo ${PARAM}=${Variable} | tee -a ${IniFile}' + done +((debug)) && echo "GetRouter_Infos exit" +} + + + + +Help() { + cat << EOF +usage: $(basename "$0") [OPTIONS] + -c Company name + -h Show this message + -i Interactive + -u User Name + -n User number +EOF +} + + + +((!$#)) && Help && exit + + +while getopts c:dhin:r:u: option +do + case "${option}" in + c) CORP=${OPTARG} + ;; + d) debug=1 + ;; + h) Help + exit + ;; + i) Interactive + exit + ;; + n) UserNumber="${OPTARG}" + ;; + r) RouterName="${OPTARG}" # à enlever + ;; + u) NameUser="${OPTARG}" + ;; + *) echo -e "Usage (bad argument: $OPTARG) \n" + exit 1;; + esac +done + + + +#---Init global variables +#for PARAM in "${PARAMS[@]}" +#do +# eval export '${PARAM}=""' +# done + +CfgNum=$(find . -maxdepth 1 -iname "*.cfg" |wc -l) +#Message "Found $CfgNum config files" + + +if [[ $CfgNum -eq 1 ]] +then + RouterCfg=$(find . -maxdepth 1 -iname "*.cfg" -printf "%f") +else + read -p "Entrer Nom du Router: " RouterName + ((debug)) && echo -e "Router Name = ${RouterName}" + GetRouter_Infos "${RouterName}" + RouterCfg=${RouterName}.cfg +fi + + +((debug)) &&echo -e " +RouterCfg : $RouterCfg +CORP : $CORP +" + +#((debug)) && echo -e "Avant PARAM" + +for PARAM in "${PARAMS[@]}" +do + eval ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + + +echo -e " +Avant Create User +UserNumber = $UserNumber +NameUser = $NameUser +CORP = $CORP +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +Rtr_Interface = $Rtr_Interface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY + +" + + +exit + +CreateUser ${CORP} ${RouterCfg} ${UserNumber} ${NameUser} +#${Rtr_Addr_Public} ${Rrt_Port} ${Rtr_Interface} ${Rtr_Addr_Private} ${Rtr_CIDR_Mask} "${Rtr_PUB_KEY}" + + + +exit + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) + +echo -e " +CLIENT_PRIV_KEY $CLIENT_PRIV_KEY +CLIENT_PUB_KEY $CLIENT_PUB_KEY +CLIENT_PRE_SHARED_KEY $CLIENT_PRE_SHARED_KEY +" diff --git a/wireguard/genconfig_simple.2025-07-31_221920 b/wireguard/genconfig_simple.2025-07-31_221920 new file mode 100755 index 0000000..a71f96a --- /dev/null +++ b/wireguard/genconfig_simple.2025-07-31_221920 @@ -0,0 +1,430 @@ +#!/bin/bash + +Version=250731-1953 +debug=0 +ScriptMode="" # Script gen mode for client: user or router + + +BOLD=$( tput bold) +NORMAL=$( tput sgr0) +RESET=$( tput sgr0) +NC=$( tput sgr0) # No color +BOLD=$( tput bold) +BLACK=$( tput setaf 0) +RED=$( tput setaf 1) +GREEN=$( tput setaf 2) +YELLOW=$( tput setaf 3) +BLUE=$( tput setaf 4) +MAGENTA=$( tput setaf 5) +CYAN=$( tput setaf 6) +WHITE=$( tput setaf 7) +DEFAULT=$( tput setaf 9) + + + +#---ini file parameters list +unset PARAMS; +PARAMS=( +RtrInterface +Rtr_Addr_Admin +Rtr_Addr_Public +Rrt_Port +Rtr_Addr_Private +Rtr_CIDR_Mask +Rtr_PUB_KEY +Rtr_DNS +Rtr_Route +) + + +export RouterName="" +export RouterInterface="" +export DeviceName="" +export Company="" +export CORP="" +export UserName="" + + + + + +#========== INTERNAL FUNCTIONS ================================================ + +#---------- function Info ----------------------------------------------------- +# +# With date / time prefix +# +Info() +{ + printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" +} + + +#---------- function Message -------------------------------------------------- +# +# Send to STDOUT +# +function Message() +{ + printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" +} + + +#---------- ip2int ------------------------------------------------------------ +# +function ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#---------- int2ip ------------------------------------------------------------ +# +function int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + + +#---------- RouterCommand ----------------------------------------------------- +# +function RouterConnect() +{ + local Command="$" + +} + + +#---------- CreateUser -------------------------------------------------------- +# +function CreateUser() +{ + +local RouterName=$1 +local RouterInterface=$2 +local UserNumber=$3 +local UserName=$4 +local debug=0 + +RouterCfg="${RouterName}.cfg" + +#---Read values from config file +for PARAM in "${PARAMS[@]}" +do + eval local ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + +Digits=000 +Temp="${Digits}${UserNumber}" +ClientNumPad=$(echo ${Temp:(-${#Digits})}) + + +IFS=. read -r octet1 octet2 octet3 octet4 <<< "$Rtr_Addr_Private" +Subnet="${octet1}.${octet2}.${octet3}" +UserAddress=${Subnet}.${UserNumber}/32 + +Message "Subnet : $Subnet" +Message "ClientNumPad : $ClientNumPad" + + + + +((debug)) && echo -e " +DEBUG - CreateUser +User Number = $1 +UserName = $2 +UserName = $3 +UserAddress = $UserAddress +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +RouterInterface = $RouterInterface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY +Subnet = $Subnet + +" | column -t && exit + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +ROUTER_PUB_KEY="$RouterPubKey" + +CLIENT_FILE_PREFIX="U-${ClientNumPad}-${UserName}" +CLIENT_FILE_WIN="${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${CLIENT_FILE_PREFIX}.Peer.rsc" + + +echo -e "\nClient: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = ${UserAddress} +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = ${Rtr_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = 0.0.0.0/0 +Endpoint = ${Rtr_Addr_Public}:${Rrt_Port} +PersistentKeepalive = 25 +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\nRouter: +${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers +add allowed-address=${Subnet}.${UserNumber}/32 disabled=no name=\"${UserName}\" interface=${RouterInterface} \\ +preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" + +Message "QR Code:" +qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}" +qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}" + +Message "Generated User Files:" +ls -1 ${CLIENT_FILE_PREFIX}* +} + + + + + + +#---------- CreateRouter ------------------------------------------------------ +# +function CreateRouter() +{ +local debug=1 +local RouterNum="$1" +local RouterSubnet="$2" +local Corp="$3" +local BaseDir="${BaseDir}/${Corp}" # BaseDir global variable +local WgRtrDir="${BaseDir}/routers" + +#---Create paths if not there +[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" + + +RTR_PRIV_KEY=$(wg genkey) +Endpoint_Rtr_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) +RTR_PRE_SHARED_KEY=$(wg genpsk) +RTR_NUM=$(printf "%03d" $1) +RTR_FILE_PREFIX="${RTR_NUM}-Router" +RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}_Client.rsc" +RTR_FILE_RTR_ENDPOINT="${WgRtrDir}/${RTR_FILE_PREFIX}_Endpoint.rsc" + + +((debug)) && echo -e " +Corp = $Corp +RTR_NUM = $RTR_NUM +CLIENT_FILE_RTR = $RTR_FILE_RTR +BaseDir = $BaseDir +PreShared Key = $RTR_PRE_SHARED_KEY +" && exit + +[ -d "${BaseDir}" ] && Message "Creating dir ${BaseDir}" && mkdir -p "${BaseDir}" + + +Message "Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RTR_FILE_RTR} +${RTR_FILE_RTR_ENDPOINT} +" +Message "Client Router Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard +add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" + +/ip address add address=172.18.1.${RouterNum}/32 comment=wg-wg01 interface=wg01 + + +/interface wireguard peers add allowed-address=172.16.18.254 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ + endpoint-address=${Endpoint_Rtr_Addr_Public} endpoint-port=${Endpoint_Rrt_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ + \"/ping interval=10 10.1.8.11 count=61\" + +/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ +| tee "${RTR_FILE_RTR}" + + +#echo -e "\n" +Message "${EndpointID} endpoint Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum} ${NameRouter}\" \\ +interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" + +/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ +| tee "${RTR_FILE_RTR_ENDPOINT}" + +} + + + + + + + +#---------- GetRouter_Infos ---------------------------------------------------- +# +function GetRouter_Infos() +{ +local RouterName="$1" +local IniFile="${1}.cfg" +local debug=0 + +((debug)) && echo -e "\nIniFile = ${IniFile}\n" + +#read -p "Entrer l'interface du router: " RouterInterface +echo -e "[${RouterName}]" >> ${IniFile} + +for PARAM in "${PARAMS[@]}" +do + echo -e "\nPARAM = $PARAM" + eval 'read -p "Entrer ${PARAM} " Value' + eval 'echo ${PARAM}=${Value} >> ${IniFile}' + done +((debug)) && echo "${FUNCNAME[0]} exit" +} + + + +#---------- Help --------------------------------------------------------------- +# +function Help() { + cat << EOF +usage: $(basename "$0") [OPTIONS] + -a Debug mode + -d Device Name + -h Show this message + -i Interactive + -u User Name + -n User / Device number +EOF +} + + +#================= MAIN ======================================================= +# + +((!$#)) && Help && exit + + +while getopts ad:hi:n:qu: option +do + case "${option}" in + a) debug=1 + ;; + d) DeviceName="${OPTARG}" + ;; + h) Help + exit + ;; + i) Interactive + exit + ;; + n) UserNumber="${OPTARG}" + ;; + u) UserName="${OPTARG}" + ;; + *) Message "Usage (bad argument: $OPTARG)" + exit 1 + ;; + esac +done + + + +#---Init global variables +#for PARAM in "${PARAMS[@]}" +#do +# eval export '${PARAM}=""' +# done + + +if [[ ! -z ${UserName} ]] # User mode prioritised if both specified +then + ScriptMode=User + Message "User mode" +elif [[ ! -z ${DeviceName} ]] +then + ScriptMode=Device + Message "Device mode" +else + Message "Must use either -u or -d" + exit +fi + + + +CfgNum=$(find . -maxdepth 1 -iname "*.cfg" |wc -l) + +Message "Avant demande router infos" + +if [[ $CfgNum -eq 1 ]] +then + RouterCfg=$(find . -maxdepth 1 -iname "*.cfg" -printf "%f") + RouterName="${RouterCfg%.*}" +else + read -p "Entrer Nom du Router: " RouterName + ((debug)) && echo -e "Router Name = ${RouterName}" + GetRouter_Infos "${RouterName}" + RouterCfg=${RouterName}.cfg +fi + + +((debug)) && echo -e " +Après GetRouter_Infos +RouterName : $RouterName +RouterInterface : $RouterInterface +" + + +for PARAM in "${PARAMS[@]}" +do + eval ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done + +echo -e "Avant Create User" + +((debug)) && echo -e " +RouterName = $RouterName +DeviceName = $DeviceName +UserNumber = $UserNumber +UserName = $UserName +Rtr_Addr_Admin = $Rtr_Addr_Admin +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +RtrInterface = $RtrInterface +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Mask = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY + +" | column -t && exit + +case "${ScriptMode}" in + User) CreateUser ${RouterName} ${RtrInterface} ${UserNumber} ${UserName} + exit + ;; + Router) CreateRouter ${RouterName} ${UserNumber} ${DeviceName} + ;; + *) Message "Bad mode passed ${ScriptMode}" + exit 1 + ;; + esac + + + +Message "All done." diff --git a/wireguard/genconfig_simple.md b/wireguard/genconfig_simple.md new file mode 100644 index 0000000..c4df8b1 --- /dev/null +++ b/wireguard/genconfig_simple.md @@ -0,0 +1,34 @@ +1) Le script fonctionne en partant du principe qu'il va sauver / utiliser un fichier INI et les fichiers Wireguard générés en relation avec ça dans un répertoire + Ça veut dire qu'on doit utiliser quelque chose qui ressemble à: + Compagnie / router1 + Compagnie / router2 + Donc, on fait un "cd" Compagnie/router1 et on utilise de là + On pourrait aussi avoir: Compagnie / router1 / interface 1 (j'ai la plupart du temps WG_Users et WG_Routers!) + +2) Les paramètres sont contenus dans un array au début du script. Je vais ajouter un champs sur chaque ligne pour un "nom de field" plus facile à comprendre + +PARAMS=( +RtrInterface Nom de l'interface Wireguard avec laquelle sera associée la config du client +Rtr_Addr_Admin L'adresse IP où le script va connecter pour ajouter la config du client (futur) +Rtr_Addr_Public L'adresse publique sur laquelle le client connecte: IP ou FQDN +Rrt_Port Le port de l'interface associée du router sur lequel le client connecte +Rtr_Addr_Private L'adresse du router, sur le subnet alloué au clients. Mon standard, genre: 10.1.2.254 et le client #1 aura 10.1.2.1, client #2 10.1.2.2, etc +Rtr_CIDR_Mask Le masque du subnet associé à l'interface du router sur son interface +Rtr_PUB_KEY La clef publique associée à l'interface du router +Rtr_DNS Le/les DNS qu'on place dans la config du client +Rtr_Route_Subnet Le subnet qui est associé au routage pour la connexion client. 0.0.0.0/0 pour envoyer tout le trafic via cette connexion wireguard. +) + +3) Je conseille d'utiliser des noms de user et routers avec un # de séquence associé. Ça permet de savoir quel IP sera allouée à chaque client + Ex: U001-Guy, U002-Marc (Users) + R001-Toronto, R002-Quebec (Routers) + +4) Les paramètres de la CLI on beaucoup changé avec la dernière version, voir la manière actuelle dans l'exemple ci-bas + +## Utilisation +~~~bash + +# Pour l'instant, minimal (autres paramètres = futur): +../genconfig_simple -n 1 -u marc +~~~ + diff --git a/wireguard/ingtegration/chateauguay/router/RB5009.cfg b/wireguard/ingtegration/chateauguay/router/RB5009.cfg new file mode 100644 index 0000000..5763125 --- /dev/null +++ b/wireguard/ingtegration/chateauguay/router/RB5009.cfg @@ -0,0 +1,7 @@ +[RB5009] +Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net +Rrt_Port=14321 +Rtr_Interface=WG-Devices +Rtr_Addr_Private=172.16.254.2 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=MmTMFo+Fs3N9jrcVeGKkmMi2NoZctvSB7813LCN12nY= diff --git a/wireguard/ingtegration/chateauguay/test/RB5009.cfg b/wireguard/ingtegration/chateauguay/test/RB5009.cfg new file mode 100644 index 0000000..8dae37f --- /dev/null +++ b/wireguard/ingtegration/chateauguay/test/RB5009.cfg @@ -0,0 +1,15 @@ + +[WG01] +Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net +Rrt_Port=14322 +Rtr_Addr_Private=172.16.40.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= + +[WG02] +Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net +Rrt_Port=14322 +Rtr_Addr_Private=172.16.40.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= + diff --git a/wireguard/ingtegration/chateauguay/test/U-002-guy.Peer.rsc b/wireguard/ingtegration/chateauguay/test/U-002-guy.Peer.rsc new file mode 100644 index 0000000..1a15d8f --- /dev/null +++ b/wireguard/ingtegration/chateauguay/test/U-002-guy.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=172.16.40.2/32 disabled=no name="guy" interface=WG01 \ +preshared-key="Ib7k3/rWONN4Ga4oA5EfweGiMk8+BvS59HYmpSkSzCA=" public-key="ziekWouNBWmOUIlCx9uO6U4FOoBQbagLqOwnKKEsvn4=" diff --git a/wireguard/ingtegration/chateauguay/test/U-002-guy.conf b/wireguard/ingtegration/chateauguay/test/U-002-guy.conf new file mode 100644 index 0000000..008432b --- /dev/null +++ b/wireguard/ingtegration/chateauguay/test/U-002-guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = eOmsbsjFnFi9AtWjJyQmPmWUSdq0gg2P35ysdxOJyVE= +ListenPort = 51821 +Address = 172.16.40.2/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= +PresharedKey = Ib7k3/rWONN4Ga4oA5EfweGiMk8+BvS59HYmpSkSzCA= +AllowedIPs = 0.0.0.0/0 +Endpoint = heh08h84mnt.sn.mynetname.net:14322 +PersistentKeepalive = 25 + diff --git a/wireguard/ingtegration/chateauguay/test/U-002-guy.conf.png b/wireguard/ingtegration/chateauguay/test/U-002-guy.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..abcb0a2c3296cc8f922ec0ae0520474ce31454ba GIT binary patch literal 1467 zcmV;s1w{IZP)V=V5Wur$hKjwbD8c?7jUbn`_55M+sNsk<|Jz~7C6`=s$+?ZA zcB|#I_#TIQ8|RO9oxJ|Me)u`gm*lqG`1hJWZAQ0YLX!KE8|QHG8d8)z3=^VQ9`T;s zHyrZB6~aolXAD1$H=9B2i~N$@Pmb#tuYCIaUjLH&$>~6b;A%GK0i&29m^R`_?mcIa z1Ihs>9tU>LtR>Swj2`x^pxQSV-%h}>VQLI5!8O0hve2ADp9I_rrV(f7|S>_ zD+5ON%oEA2x$Dv5F*|=VHqHXvm(Zkk7r$#+?wm02M8{QFBOZJL$uPAYMd+HAh{hEqQFoy=}GGb zH8gDPOuc7KZqF&3p46>PbrswcdH|FOop(K2avwNmTqRuy!g23M3queQ&xTxg`ey#m%LvselA{87d)QpYxF1JFap2jvtk+=e)#2(QV0n z!yUJ3^@xkm1zfnW0ag8{Uy$5_qZa5k%TpY&tjV=vP2h4y=bb17dUTiEbXIa}&hcoO61Yzy)qgS{ za|^n%T21aF$G=#iQfe__5SkVs)z;HDO>V(aOnFR&X=AySXehH-)@c5Da$BxM6RxoX zBFZUkjl$ihEzS8U$$j9=U-on5W(c=Q?XjiL{{$_$JxBY**fr)fp6j&sS!O9Wvqvwv zE$7i$KZ|~k4)IQo8Ucad?{!sj?>N{bo&BNy>Tj~}PI@@0{W%ZG{pL7OcGMx+#ex80 z!8HSVlj&AJB)8(64d6#)h*@VBWG$A zH=l2QuyQ?I;e3R%@|cI@798t<*bLDS6kB!Pz+-XqTYq_SOHR-DkfB1t(FajNx-vb; z0!(hp$#y~^W!fik3tyk^sSE&b4_%PlitF*3>?`#~*-9Z`vH=wM$?Z9Y_Owz$^2@LC zxoyHT_)c!abv1*_>I?Hp>4DqJasjnXn%s_~gAz|&Z98#;2;^A79y%+z73Zox8}(F= z1=X6mvS5{f{gHQ*d&l+Jzs%koZa1Nqq{RERU3Oqi zZqM=2nqFO^!omg=#&QR*$GZ*>-J0Brqmhr?FcbkT6KDbXsWV%!oK0@e@lXlHB9&Ds z{M5LyO>4g-x8?A_EAs)`N%UvY){`>_I}5LS|5&}p7;ea*I9wUby6vnsi7IFrb7>Z~5&93Psgtt9u6 zL!Lm=r7lpduip%3*#PYx*U2q8u49pO8#hDbpr}Y~^!aE|CAa7PawL~ra>@Pg+&^o3 V4;}NXxCsCN002ovPDHLkV1h!n)h_@5 literal 0 HcmV?d00001 diff --git a/wireguard/ingtegration/chateauguay/test/readini b/wireguard/ingtegration/chateauguay/test/readini new file mode 100755 index 0000000..4545e99 --- /dev/null +++ b/wireguard/ingtegration/chateauguay/test/readini @@ -0,0 +1,34 @@ +#!/bin/bash + + +INI_FILE="$1" +SECTIONS_NUM=0 +unset ${INI_ALL_SECTION} + + + +while read -r line || [ -n "$line" ] +do + echo -e "\nLine = $line" + # Skip blank lines and comments + if [ -z "$line" -o "${line:0:1}" = ";" -o "${line:0:1}" = "#" ] + then + continue + fi + + # Section marker? + if [[ "${line}" =~ ^\[[a-zA-Z0-9_]{1,}\]$ ]] + then + # Set SECTION var to name of section (strip [ and ] from section marker) + SECTION="${line#[}" + SECTION="${SECTION%]}" + echo -e "SECTION = ${SECTION}" + #eval "${INI_ALL_SECTION}=\"\${${INI_ALL_SECTION}# } $SECTION\"" + ((SECTIONS_NUM++)) + continue + fi +done <"${INI_FILE}" + +echo -e "SECTIONS_NUM = $SECTIONS_NUM" + +echo "INI_ALL_SECTION = $INI_ALL_SECTION" diff --git a/wireguard/ingtegration/chateauguay/user/RB5009.cfg b/wireguard/ingtegration/chateauguay/user/RB5009.cfg new file mode 100644 index 0000000..4df9c51 --- /dev/null +++ b/wireguard/ingtegration/chateauguay/user/RB5009.cfg @@ -0,0 +1,7 @@ +[RB5009] +Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net +Rrt_Port=14322 +Rtr_Interface=WG-Users +Rtr_Addr_Private=172.16.40.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= diff --git a/wireguard/ingtegration/chateauguay/user/U-003-dana.Peer.rsc b/wireguard/ingtegration/chateauguay/user/U-003-dana.Peer.rsc new file mode 100644 index 0000000..a5562af --- /dev/null +++ b/wireguard/ingtegration/chateauguay/user/U-003-dana.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=172.16.40.3/32 disabled=no name="pcguy" interface=WG-Users \ +preshared-key="nlvAgKyqzNZon2vv8mGBUoFIyGZ5XWmNLLEN+ULI8OU=" public-key="UYXWTpjsuLD8oBIbmG+/E4ayJ7/HvEs5RotwqlW2938=" diff --git a/wireguard/ingtegration/chateauguay/user/U-003-dana.conf b/wireguard/ingtegration/chateauguay/user/U-003-dana.conf new file mode 100644 index 0000000..1c95474 --- /dev/null +++ b/wireguard/ingtegration/chateauguay/user/U-003-dana.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = sIwBWQDsBHyXh50pjFEF04NtK5H2zan9eyo1G189VXo= +ListenPort = 51821 +Address = 172.16.40.3/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= +PresharedKey = nlvAgKyqzNZon2vv8mGBUoFIyGZ5XWmNLLEN+ULI8OU= +AllowedIPs = 0.0.0.0/0 +Endpoint = heh08h84mnt.sn.mynetname.net:14322 +PersistentKeepalive = 25 + diff --git a/wireguard/ingtegration/chateauguay/user/U-003-dana.conf.png b/wireguard/ingtegration/chateauguay/user/U-003-dana.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..9fd22815f4fef4da4c719df6cdd64c616375db2a GIT binary patch literal 1462 zcmV;n1xfmeP)wsG+<-8J$Lv0djzQ>{+J;H(;=bn2`%r?4zMogclpk7h zHdu{=xL+J~!pt#?p{#9;#$lY@5a6M{zS0+QKe$}SzWLnOF>z}yuf{$e6C96m+JUp> zn9&Bo$V=RN4l*!wf)hNs(dE!uJbTROHVuNfEjLyzuKcuG(1~GG(ft$;+E}_UaXSv~ zo<3{*nTiW900HiRJRTDbbdMlQ#1x*Y(aT54=5%-aMg#d8<&r)D0N5>LZ!ZNgIBW}xa&5zhA z%~VHOz{=GR%aRMKEN;t9gU=E_b3Ti5iUakEa^X?mid%8B`YcTHShJ?|dKO-k;TR}! z?>R&9(4Mn>F*Ls3;Nb3S{q6qvTl zxX{hgO5C1f+wfD-**@(mJs0MFSXyy=jzskOD+*I)&+xFuZz8F>>5I4}2Yb~#0u_(> zYmrQMn%R(z_9HJ4_nX6Xra5)~?5OW=S^iXIK;k}exMOqir_Zw6zJ1tLJfn!)bDYI_ z%z@9K1+WNCSYTm@9(k*{1&7t%sknKf#ObpN0@SQi&FE*vZMiv-@!@Lb{8@PXVHyOU zi4eEtVu3QtNN)~8E!R5M*i76<4j!K;N@z}v-;4{D>l9`-E8@0X$*Qz)nTj3ei1#=e z7QZ+%RB;=Q;pngcs7-tJJw=y&@3_j`gA(_in;qO~rg(NNWw`U4j&a29zE#|sqX0x8 z8b=z9WvkPLL5Uef-}arvtvOC)YQv?qaT=obyu~%`;akNmxinc84=}rBekFHG$@xQf z#Vt5);*}%!ndg~D2KhX^L(34`q~dm5$&IGWqO#ZR+JGu~PW*O`Ox&7d1yC-DWpHAw z`+1j>J&G-Hdk!i7C9!#IC$r}m8PAtRT-=tMrWG-BgGpeyA0@1DM#tjjMckfq8Ynb> z(NEQKbF7_jiok!}=C!yrXSX*PFoh%4E)^)seZNZFlFK@^F(S3x6zw^|X%H9z z`XiSTx8OX^k7SOL2c1g1XG06tQj#x!CT_{~@cxY}e~*A4@m}mW@m4ez_kqLihev?Q zP5V@c==j$2<*=u36}R9Dw~?({o@-`jv-?ZzKSxG&&-uhHIgitejoC9TDmV9fPVJ1P z{gG#hTXCTWsjofvNivbL8Tk3H{eE%3Ii^hvNVo+W6>1#J36ZcoH|pZH+*to}9V^pk zMWG)BD+b0~+!vhZ8?>HTK6E$2zv){U4BT~B+?qoH+9R5ZOeOX|(+hCt#OL0Wxc3~I zL>9#)53*qlPN=@9Vr!pA^TfU9dc;mG7k^Z%xF8|bGm{<{qdsx(IbIfJQ;VB0ss&T~ z+SP}NDB`vpy0>~B$MY<(N*v0gW;CX!&zw)(g2M_n_mmh-!J_61pf|V0dQ04vgBX;F z@-WU3Lvi;7Pn{6A<7f>m5>pZ^Olem=H}tBwFFB9@wWU!QsKFTnxUuLztccrlsS{A# z3{I}Ck~9mvdpjpCZpm4!S}dD5CY8ljk7U|eBG7-ixGndWOPn}y;{JE;A7_#=TulJ> Q=Kufz07*qoM6N<$f{abj&;S4c literal 0 HcmV?d00001 diff --git a/wireguard/ingtegration/users/004-Guy.CCR1.rsc b/wireguard/ingtegration/users/004-Guy.CCR1.rsc new file mode 100644 index 0000000..2c4fa1c --- /dev/null +++ b/wireguard/ingtegration/users/004-Guy.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.8.38.4/32 disabled=no comment="User Guy" interface=wg1 \ +preshared-key="azOSAxvB4FqFR0XYvXiVZL3XZn1QD5S1ttQSSc/MiTk=" public-key="xXg+ZoZcv36AuzmfzpBAqGDmgIhEwkucFw5bm/kgCTM=" diff --git a/wireguard/ingtegration/users/004-Guy.conf b/wireguard/ingtegration/users/004-Guy.conf new file mode 100644 index 0000000..c8381d8 --- /dev/null +++ b/wireguard/ingtegration/users/004-Guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = UEX8Fq51QVG6oIPdCy8eWfrJcONrArRqyieK1faBzkE= +ListenPort = 51821 +Address = 10.8.38.4/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw= +PresharedKey = azOSAxvB4FqFR0XYvXiVZL3XZn1QD5S1ttQSSc/MiTk= +AllowedIPs = 10.8.0.0/16 +Endpoint = seve.ingtegration.com:14322 +PersistentKeepalive = 25 + diff --git a/wireguard/koze-maison/users/Samantha.Endpoint.rsc b/wireguard/koze-maison/users/Samantha.Endpoint.rsc new file mode 100644 index 0000000..51f70c9 --- /dev/null +++ b/wireguard/koze-maison/users/Samantha.Endpoint.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=172.16.15.1/32 disabled=no comment="User Samantha" interface=WG-Users \ +preshared-key="PVmxXI1HtsrmM/pmmOfPJRLj9ITG6LXDEGN9NyT/wzY=" public-key="+MNTBsVZUQZ+tjFz9mD1uLH8CEAifSM9O0xqlm+XfCM=" diff --git a/wireguard/koze-maison/users/Samantha.conf b/wireguard/koze-maison/users/Samantha.conf new file mode 100644 index 0000000..d6d94db --- /dev/null +++ b/wireguard/koze-maison/users/Samantha.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = UA2nrQP2taQy1aYWtwxPPD2/qbQwiWckWSS2ucp5lnE= +ListenPort = 51821 +Address = 172.16.15.1/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = lCzZXZYTwnDGVbAtEE/vEH0TtpVqy7fBcZMBXiBBA1s= +PresharedKey = PVmxXI1HtsrmM/pmmOfPJRLj9ITG6LXDEGN9NyT/wzY= +AllowedIPs = 172.16.0.0/16 +Endpoint = b4a30b139a75.sn.mynetname.net:14233 +PersistentKeepalive = 25 + diff --git a/wireguard/koze-maison/users/Samantha.conf.png b/wireguard/koze-maison/users/Samantha.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..1f80015173d8cf234164617498ac68d0cbbce7b6 GIT binary patch literal 1461 zcmV;m1xosfP)It)Y!XaT(>Z(U3B0t|4hs-oJRIC7BRDI>`A!^a;YFIjx#M*i&zbLPyMGnX;0 zE%!KH`n2uiZI0hty!v>X{do2B!}Dt9mfZMv-|#yE==gHq#$(3s9(Zy7#skva1GkU6 zPE+vs&x^!)_U%0W@i`uY8^&$se!+jG1oI^H&Ty18F+r`yJe1bDz{3PcYc z|M&{VxwW6UuN>n9LIu7Y=Y0epu+b)j@-DuZ`@%7gwf#3g-}9fjuN*IU@%i@5T9g1A ztN{myai(fWb4w24A!a-{uW6hi3XsQ+@fCc04|5OP`2mi7M?}+XIda?@nZ`4pFc%Hq%Px7Th>vW-$2pIPB6~%xv`TctL`_?O^VnYlsSTTM4V! zsI%bdN?(D`KXsP58*bK5ft=qMTv4-D0je+|L|8i;yW&$*R*n)L9f+w28SjM}eYAfWoJ{%vGG55e# zkE9I3NURcy$4^rPd)4Na9NWzFS;U5}ngCIOSH0-%Qa_lx<>E5Lqes)JQCD^Jr66pP z)^LNl6-Qr|yuy!Ef0-yNkEsD*Zq4cVMX;lfpxY_3W*0Cui88n3c*~2)U$KFmfYMfw z35+7~X+Lw{I4Ue8u2hu|n?P#m>?N=ExYViU?m3p8jRh#jbX6A6m#cNE&PtkFa?qq3 zQ&!dtU#-*GU)iH{mbnLx^%LU+vl$#YDEu>Lr%E}^+?wMpt$O(^3($uyzvd@3m}=&h zTw`m$>eS*OW`l077j>JtCAY_=ZI31&!-Hm|%3X)_?4{po?w->DNBJ_#f~;{<1(LVI zHMihuw#?+esX4kU?lx(J;P20Vmbn{_)8o(>nPVtw0q%;%97IzWn0w$58?-sXExc0w zO%?yfPXF;a4={JjF)$pp=`hDlsjbFNs8x^O+?qRB@mF{Mn0^+&g=YnHTZj<4UY#4fJ4VXgms%lwtE3VDalWbD2 z->ts)%%qun;!-0}-N=JKYSF1dZ5`S&yV}9rJy&xQ+M%~8S6>vZK|^WlQB`S#_D$&B98Z~h;JBw#EoZ8J*8PmctgfoSGPmMTk0R$o=|}z5SDifyg3I&L z+>%poPo4XI%wlw0jI|6K)n75U=I}kI^wmx2?5wb;ipz3Yd;7JydoF6bw!UPIg>p*s z(qWn4{N(M|=I%M1bTT9eqFe>RC(Q_Py!Uj>{lIbTS@sHlm3>VH45Wo&2; } # send to stderr + +#=================== function Message ========================================== +# +# +Message() { printf "\n${GREEN}%s${NC}\n" "$*"; } # send to stdout + + + + +#=================== function ip2int =========================================== +# +ip2int() +{ + local a b c d + { IFS=. read a b c d; } <<< $1 + echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) +} + + +#=================== function int2ip =========================================== +# +int2ip() +{ + local ui32=$1; shift + local ip n + for n in 1 2 3 4; do + ip=$((ui32 & 0xff))${ip:+.}$ip + ui32=$((ui32 >> 8)) + done + echo $ip +} + + + +#======================== CreateUser ========================================== +# +function CreateUser() +{ +ClientName=$1 +ClientNum=$2 + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +CLIENT_NUM=$(printf "%03d" $2) +CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}" +CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf" +CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.CCR1.rsc" + +((debug)) && echo -e " +ClientName = $1 +CLIENT_NUM = $CLIENT_NUM +CLIENT_FILE_WIN = $CLIENT_FILE_WIN +CLIENT_FILE_RTR = $CLIENT_FILE_RTR +" && exit + + +echo -e "Client: +${GREEN}---------------------------------------------------------${NC}" +echo -e "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +ListenPort = 51821 +Address = 192.168.10.${ClientNum}/32 +DNS = 192.168.10.1,1.1.1.1 + +[Peer] +PublicKey = ${USR_CCR1_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = 192.168.0.0/16 +Endpoint = ${Usr_CCR1_Addr}:${Usr_CCR1_Port} +" | tee "${CLIENT_FILE_WIN}" + + +echo -e "\nCCR: +---------------------------------------------------------" +echo -e "/interface wireguard peers add +allowed-address=192.168.10.${ClientNum}/32 client-keepalive=10 disabled=no comment=\"User ${ClientName}\" interface=wg1 \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" +} + + + + + + +#======================== CreateRouter ======================================== +# +function CreateRouter() +{ +RouterNum="$1" +RouterSubnet="$2" + +RTR_PRIV_KEY=$(wg genkey) +RTR_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) +RTR_PRE_SHARED_KEY=$(wg genpsk) +RTR_NUM=$(printf "%03d" $1) +RTR_FILE_PREFIX="${RTR_NUM}-Router" +RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}.rsc" +RTR_FILE_RTR_CCR1="${WgRtrDir}/${RTR_FILE_PREFIX}.CCR1.rsc" + + +((debug)) && echo -e " +ClientName = $1 +CLIENT_NUM = $RTR_NUM +CLIENT_FILE_RTR = $RTR_FILE_RTR +" && exit + + +Message "** Generated output files:" +echo -e "${GREEN}---------------------------------------------------------${NC} +${RTR_FILE_RTR} +${RTR_FILE_RTR_CCR1} +" +Message "** Router Client Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard +add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" + +/ip address add address=10.1.41.${RouterNum}/32 comment=wg-wg01 interface=wg01 +/ip route add dst-address=10.0.0.0/8 gateway=wg01 +/ip route add dst-address=192.168.0.0/16 gateway=wg01 + +/interface wireguard peers add allowed-address=10.0.0.0/8,192.168.0.0/16 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ + endpoint-address=${Rtr_CCR1_Addr} endpoint-port=${Rtr_CCR1_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_CCR1_PUB_KEY}\" + +/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ + \"/ping interval=10 10.1.8.11 count=61\" + +/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ +| tee "${RTR_FILE_RTR}" + + +#echo -e "\n" +Message "** CCR1 Config:" +echo -e "${GREEN}---------------------------------------------------------${NC}" +echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum}\" \\ +interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_PUB_KEY}\" + +/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ +| tee "${RTR_FILE_RTR_CCR1}" + +} + + + +#=================== function RrtSubnet ======================================== +# +RtrSubnet() +{ + local RtrNum=$1 + + BaseNum=$(ip2int $Start_Subnet) # Subnet de depart en format integer + Nth=$((RtrNum-1)) # Le router #1 est "0" dans la séquence de subnet, #2 est 1, etc + Nth=$((Nth*NAPS)) # Decimal a aditionner en fonction pour le Nth router + Subnet=$((BaseNum+Nth)) # Nth subnet calculé +# Subnet="${Subnet}/$(Bits_Subnet=3})" + + echo -e "$(int2ip $Subnet)/${Subnet_Bits}" +} + + + + +#================ MAIN ======================================================== +# + +((!$#)) && Help && exit # If no command parameters passed, help and bail out +echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator version $Version\n" + +while getopts dhn:r:u: option +do + case "${option}" in + d) debug=1 + ;; + h) Help + exit ;; + n) NumUser=${OPTARG} + Mode="User" + ;; + r) NumRouter=${OPTARG} + Mode="Router" + ;; + u) NameUser=${OPTARG} + ;; + *) echo -e "Usage (bad argument: $OPTARG) \n" + exit 1;; + esac +done + + +((debug)) && echo -e " +NumRouter = ${NumRouter} +NumUser = ${NumUser} +RtrSubnet = $(RtrSubnet ${NumRouter}) +" && exit + + + + +if [[ "${NumRouter}" -ne "0" && "${NumUser}" -ne "0" ]] +then + echo "** Error, can't use user and router # simulteaneously" + exit 1 +fi + + +case "$Mode" in + User) CreateUser $NameUser $NumUser + exit + ;; + Router) CreateRouter $NumRouter $(RtrSubnet ${NumRouter}) + exit + ;; + *) echo -e "\n** ERROR : User # was not provided" + Help + ;; +esac + + diff --git a/wireguard/real/users/001-Real.CCR1.rsc b/wireguard/real/users/001-Real.CCR1.rsc new file mode 100644 index 0000000..038da4b --- /dev/null +++ b/wireguard/real/users/001-Real.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers add +allowed-address=10.1.40.1/32 client-keepalive=10 disabled=no comment="User Real" interface=wg1 \ + preshared-key="EGEruoS+9iFaDV7MOydXdkE8eQGpDhil446OzImIfOY=" public-key="J4nC/m8G2wMNDYeywORCYIo9eZq6v6fMgZVOFpRv3m0=" diff --git a/wireguard/real/users/001-Real.conf b/wireguard/real/users/001-Real.conf new file mode 100644 index 0000000..1ff2b92 --- /dev/null +++ b/wireguard/real/users/001-Real.conf @@ -0,0 +1,12 @@ +[Interface] +ListenPort = 51821 +PrivateKey = QHjXJWfo+G2BoJTKaLEviueDyK90nW/14ibUD3X31HI= +Address = 192.168.10.1/32 +DNS = 192.168.10.254,1.1.1.1 + +[Peer] +PublicKey = vaH/ozwjGfhC1ODOJZ6PExwDNTRlms2kU43xmGi67yg= +PresharedKey = EGEruoS+9iFaDV7MOydXdkE8eQGpDhil446OzImIfOY= +Endpoint = d90d0d815e13.sn.mynetname.net:13233 +AllowedIPs = 192.168.0.0/16 + diff --git a/wireguard/real/users/002-Guy.CCR1.rsc b/wireguard/real/users/002-Guy.CCR1.rsc new file mode 100644 index 0000000..61fdf53 --- /dev/null +++ b/wireguard/real/users/002-Guy.CCR1.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers add +allowed-address=192.168.10.2/32 client-keepalive=10 disabled=no comment="User Guy" interface=wg1 \ + preshared-key="0FaSQ2/iTj2Eu7ttME16pIet6nJnh0gtfEACK9aCCBI=" public-key="tQk6OTijE3YawHAQk6jfcVmgMzvH3zUyNqrhl3zRmHQ=" diff --git a/wireguard/real/users/002-Guy.conf b/wireguard/real/users/002-Guy.conf new file mode 100644 index 0000000..5d0b803 --- /dev/null +++ b/wireguard/real/users/002-Guy.conf @@ -0,0 +1,12 @@ +[Interface] +ListenPort = 51821 +PrivateKey = wDaoTqcCfIar7dukhYQYu8M5LDN+3BZc8Zcn/UetjWQ= +Address = 192.168.10.2/32 +DNS = 1.1.1.1 + +[Peer] +PublicKey = vaH/ozwjGfhC1ODOJZ6PExwDNTRlms2kU43xmGi67yg= +PresharedKey = 0FaSQ2/iTj2Eu7ttME16pIet6nJnh0gtfEACK9aCCBI= +Endpoint = d90d0d815e13.sn.mynetname.net:13233 +AllowedIPs = 192.168.2.0/24 + diff --git a/wireguard/real/users/Real-maison.conf b/wireguard/real/users/Real-maison.conf new file mode 120000 index 0000000..9aa2b7d --- /dev/null +++ b/wireguard/real/users/Real-maison.conf @@ -0,0 +1 @@ +/home/boig01/Nextcloud2/guydev/network/wireguard/real/users/002-Guy.conf \ No newline at end of file diff --git a/wireguard/rrf/RB5009-Users.cfg b/wireguard/rrf/RB5009-Users.cfg new file mode 100644 index 0000000..82aadb8 --- /dev/null +++ b/wireguard/rrf/RB5009-Users.cfg @@ -0,0 +1,10 @@ +[RB5009-Users] +RtrInterface=WG-Users +Rtr_Addr_Admin=10.1.99.254 +Rtr_Addr_Public=142.217.209.155 +Rrt_Port=13235 +Rtr_Addr_Private=10.1.15.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=zHEBUKg9qNtC9+RaQeHiDoTmlsPc+9NBN+H+W/ZDPF4= +Rtr_DNS=10.1.15.254 +Rtr_Route_Subnet=10.1.0.0/16 diff --git a/wireguard/rrf/U-001-boig01.Peer.rsc b/wireguard/rrf/U-001-boig01.Peer.rsc new file mode 100644 index 0000000..d3bba18 --- /dev/null +++ b/wireguard/rrf/U-001-boig01.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.1.15.1/32 disabled=no name="boig01" interface=WG-Users \ +preshared-key="tqtgjTsZUxkdFM1IQNfRdNuYf2MgH/2kHOOO1+ilMCQ=" public-key="r11A7Z+IBeLFL6G+a+M0jgr1tTd9jTl/b+RROj/6whk=" diff --git a/wireguard/rrf/U-001-boig01.conf b/wireguard/rrf/U-001-boig01.conf new file mode 100644 index 0000000..682a5cd --- /dev/null +++ b/wireguard/rrf/U-001-boig01.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = UKNcUZwVMzU4icXo2M7WsLm2OVvUiPTBndLn3xBiB2Y= +ListenPort = 51821 +Address = 10.1.15.1/32 +DNS = 10.1.15.254 + +[Peer] +PublicKey = zHEBUKg9qNtC9+RaQeHiDoTmlsPc+9NBN+H+W/ZDPF4= +PresharedKey = tqtgjTsZUxkdFM1IQNfRdNuYf2MgH/2kHOOO1+ilMCQ= +AllowedIPs = 10.1.0.0/16 +Endpoint = 142.217.209.155:13235 +PersistentKeepalive = 25 + diff --git a/wireguard/rrf/U-001-boig01.conf.png b/wireguard/rrf/U-001-boig01.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..9b716c399d4227e3441b38845f1d91c49186ec7e GIT binary patch literal 1435 zcmV;M1!Ve(P)`pc*W8*r#=ggt zr-mHS80Zm`HlnnR;m1w98NZtQfoq7sF*dZWIhF&)sy_y#xu3Zlx5s4H5J*DZQCQ6V z!a)Y8tYg%1;mvV#tmQ*C4(rR^rUp%dVQ$I2Qu*l%9stDkOuirdJS)aM@T$H%-IjVnJDa;gtIYQTGL^JouRo2e}3&){n zrPXKE1?e^Sz+rg2bhb>JitbeMgt-=Y!0$J==D4UU0_EzJFeq1*SrzTn33KL=`7 zJXUHft>mU`+`+WQ*}`M)I~O&<^iEQBD%F?vUb(9Espb|O-@+r=xaBbza zvGZ+GhKnx$j)lWHXaW8USqup)xNHqaA2&!O4Uk8yA&z zyNX9v?*sBIM9JKeWAzzz7^2pa+SX#^RvS$eE^u>ePWhDb)=e84jHpzvXz+fg$!G3~ zV?Wa&| zijuiC#}c32WIR>IuUTIZY3H_f)d_R=+^q6r3PufQK)N)T60$XOOO890w1KCiwDi;^ z%4qB?`XkIea1E{=LqSuYi@M2BnI08gf!*AiLsiNI0g39A4UGNB3qJZr&E0cqy_w(n zVD(=?$WoE4*5+nz$z>^oab@V16k!y^KUA#xd)DOPxGmwfx~B(r=jgjf^n(G%-wM% zx~%e}E7_OxS6Rc(wz9bDwYfWvXH6>c%ZJW73+?>cO)zWNKl3bex179_h&mflzr)Tm zs8GXW%+?Zf3oh$kDm9S3*VStuI&d!Y&)k~R(Q(Q|K`y}kpSAv`Iu-xJwZ1iX%XL{M zT-PzTtWbaM9@Wu|RBP&lxqFURtM4xGVXr<2X0@U3*y&|%!7&2mJXMNX$0Lm&Tb+7W zy*78tu_|RH+SGWfJuS~aizTVJ#KGJbuKsRQ*Eg1+z9F5s+$p=-+z(t=B5>NzbOK_Y zEvqrg+)rG-tJy(W6^bpkJgbpByADpxEjj8$`J;KMO6TclKfBD#J#bXn@}8A>^*Xed pUv+JRGPmUZv1+s#V@Z$gg002ovPDHLkV1l=I)rJ57 literal 0 HcmV?d00001 diff --git a/wireguard/rrf/U-002-boucm01.Peer.rsc b/wireguard/rrf/U-002-boucm01.Peer.rsc new file mode 100644 index 0000000..0f11323 --- /dev/null +++ b/wireguard/rrf/U-002-boucm01.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.1.15.2/32 client-keepalive=20s disabled=no name="boucm01" interface=WG-Users \ +preshared-key="6VOptNdny7TsKvQvcWFn0V+RtBMs+iin3elOxE9tXX8=" public-key="yxVvlFZnnZOePdCxLX27zsnLfApcGBhmlqR5772mN2c=" diff --git a/wireguard/rrf/U-002-boucm01.conf b/wireguard/rrf/U-002-boucm01.conf new file mode 100644 index 0000000..231c41d --- /dev/null +++ b/wireguard/rrf/U-002-boucm01.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = ACO/UBhvrQMLlrtEE7sU8qgDxYVmYLEn+j6hva8BBHM= +ListenPort = 51821 +Address = 10.1.15.2/32 +DNS = 10.1.15.254 + +[Peer] +PublicKey = zHEBUKg9qNtC9+RaQeHiDoTmlsPc+9NBN+H+W/ZDPF4= +PresharedKey = 6VOptNdny7TsKvQvcWFn0V+RtBMs+iin3elOxE9tXX8= +AllowedIPs = 10.1.0.0/16 +Endpoint = 142.217.209.155:13235 +PersistentKeepalive = 25 + diff --git a/wireguard/rrf/U-002-boucm01.conf.png b/wireguard/rrf/U-002-boucm01.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..e5586fb118e05649147b098abe26b212768d2030 GIT binary patch literal 1449 zcmV;a1y=frP)&t`09sZ`~e|uSS$t9Oua&Gfg z?d9ES*L&+`oi|_2-?ca|=F*bfmYe^+$C74vQoN0axKE-v7R)<*Pj1hRwcvPrpkvDi zI?iO=8BZPW<5=c0tI7R_!~0x2o{XDg)%XB+9ZsL0IzJ$}UvgtfXako(65hJAjwQM8 z9AqHS3T16Lhl+EUwmzWw>y5r7cjf5EVA@}Qe)_-UuH1UTeNACNTrhP)Mh#1sDr;$S zkDNhkJAQ`cGSoWh1XX$2`*D8B-EtipPt(?}d+Tu;^8~03-ad6VxqHswzC51bdZ5e9 z9eY2cSEzDw-?*7PQGLzeuXqAo*Ygly^~RLTliPAs1%{;^C{Ke5u_7-%VwjNJp2Lj)EcA%_;jCWV@_7{6 zeymY8klYu}S&pIyo9-(jRvI#mTE}w9QAsVK{XUn=B_i-Lao$RRe*U_a(hmB>Wenp;#d%W zt+j8{)8xK!R01ZciVNVoLV6Wyk#=8se{%O6<1D99bIX^@QUglXjn6px_Q~CHt9@tD zx<`c7qHx0W)R+g9qwkd5Jr`MiGZm4jCAa5#%;v206!Cskq*z3WVpTbG zBDs4`Hp`NUsVl_gMmD?O#Rf)652!3*6Q!Qdn{1mq)_ryUGKya<1RC22- z5W-xN+jE>{W@VIJWoiQxeT1vw)-F1c+zp31bPFq1M8M@t_jwc^-yJE*Z8^pM(gyF5 z-N^e7>g_Top4U=hJnPPaySC+5}E$8|2Gii_oPU#&|aT6st0wUjuyXHGeN2t#Klgzb9fSaBTzLULQq zmRdy5Boe7r=PMd`^iy7y+&$--ai|Qe81EPLPpU=jS;;|i-#9jxRw1gt6bLY?qUd(D zQ0$!FCU?s*Po@1*D*QD1)EUwOny+hqo7|O?*=pdi@nMfS2t)_6?h-%AZ8&Uijmncp z52{A@$*Co*uYBrtayJ~a(&7a2= literal 0 HcmV?d00001 diff --git a/wireguard/sdmm/CCR1009.cfg b/wireguard/sdmm/CCR1009.cfg new file mode 100644 index 0000000..f21910f --- /dev/null +++ b/wireguard/sdmm/CCR1009.cfg @@ -0,0 +1,8 @@ +[CCR1009] +RtrInterface=WG-Users +Rtr_Addr_Admin=10.3.8.1 +Rtr_Addr_Public=184.95.250.138 +Rrt_Port=13421 +Rtr_Addr_Private=10.3.13.254 +Rtr_CIDR_Mask=24 +Rtr_PUB_KEY=ZypJ/xU5ieCA3+iHR5AhoPP6XDsSTpMuzo5foi+bWWc= diff --git a/wireguard/sdmm/SDMM-Guy.conf b/wireguard/sdmm/SDMM-Guy.conf new file mode 120000 index 0000000..3ce0edb --- /dev/null +++ b/wireguard/sdmm/SDMM-Guy.conf @@ -0,0 +1 @@ +U-001-guy.conf \ No newline at end of file diff --git a/wireguard/sdmm/U-001-guy.Peer.rsc b/wireguard/sdmm/U-001-guy.Peer.rsc new file mode 100644 index 0000000..ffd1ff5 --- /dev/null +++ b/wireguard/sdmm/U-001-guy.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.3.13.1/32 disabled=no name="guy" interface=WG-Users \ +preshared-key="ZhEZjV5AxymxSHWAXL0zyhpzdxSqRcl8RJi2/M1b+vw=" public-key="I0B0XvNOt0c781ir/WtUC2oc3dnmIoJPr9vLacJHdFY=" diff --git a/wireguard/sdmm/U-001-guy.conf b/wireguard/sdmm/U-001-guy.conf new file mode 100644 index 0000000..e01e47a --- /dev/null +++ b/wireguard/sdmm/U-001-guy.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = WDYlcHHQIz1pjqOLBRtNyLteSIbs7dKzJq60MJ8Pv0k= +ListenPort = 51821 +Address = 10.3.13.1/32 +DNS = 10.3.6.15 + +[Peer] +PublicKey = ZypJ/xU5ieCA3+iHR5AhoPP6XDsSTpMuzo5foi+bWWc= +PresharedKey = ZhEZjV5AxymxSHWAXL0zyhpzdxSqRcl8RJi2/M1b+vw= +AllowedIPs = 10.3.0.0/16 +Endpoint = 184.95.250.138:13421 +PersistentKeepalive = 25 + diff --git a/wireguard/sdmm/U-001-guy.conf.png b/wireguard/sdmm/U-001-guy.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..779c59137b8d40c7f69b431c5928cc6dfaecf0f7 GIT binary patch literal 1456 zcmV;h1yA~kP)+3=ufHBGk9ZyJ`hLzI#{4O+&v+fY)68wT`R6&g>z8;XemTbVr3TJ%*G$*QYi^D= zx8dev?iX=A^6P`)9h1$an0Er}fVG+{X6`TCb%{7;IA7nf8guwN(#`#q8~6p0d+@#=imiq%u)%YwRq$+#-|=rA>bEo>u2s4?vP!@Rt8H&pQX<=4IciX zIm~Ujfn6(W+n)=f36l079A=UXo7-_y1F%z-Jah#wjDN*=Uw$FYZ8<#PDY3Xc^MHt@ zA0a1u&8knD+jD%hRM}Kc&{tB0RjM&`TjsW$LTCpqEwyBn?P}(>9Q5FzS7dXlz;R@8<1aD{dK?u8=bi=m+!N9 z>X5Y3hEeAnYbpA@K4|WdTi%LBl?^?LM^x)6Dz5W=uG!o(*XrmKT@?)h#iPoo3hLn7 zHs-e6N=dm#Ve>ztUSL`~TP3gE+@4e9vf5WY(x@yy)hUH4uj;nj z#pUgsj=4t;Nq?DE*((mD@jp0maA&)npD_2x)$p$F=&5A1+yR;=I7zz7SLQx&5LDIj zYg-$uhhJ}kiZ-|9vX0_1z^h3@rx4X%?yCUM%y$H{(_<^rY+5V;P804 z`6pF&=yVASR9c^9UCr$|szR&xz*vYHb;h}AHKZAF*IjduTveMYmXph}0-WcXwPNo) z)!dF_Po5_rhE9vi1t7rZO!Bto{=mryz$UPL$JYHaSt?h*&o!I-g-hLLT(?T3+O1d5 zM1fTnb9;{aSW8I)3sfpc;RJ45XC?IZr@0;XFPAxU=FI)yx&Hw2+%f)P8CoE% literal 0 HcmV?d00001 diff --git a/wireguard/sdmm/U-002-marc.Peer.rsc b/wireguard/sdmm/U-002-marc.Peer.rsc new file mode 100644 index 0000000..f2d5e3d --- /dev/null +++ b/wireguard/sdmm/U-002-marc.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.3.13.2/32 disabled=no name="marc" interface=WG-Users \ +preshared-key="adwActiBEETXk6wSx8V0w0GD7kFZ7j7CPlzuFRleG/s=" public-key="Hmz/JS3QYKNKuHFSs2fVyh3MxuEhLLRuUWXmAO4P1FY=" diff --git a/wireguard/sdmm/U-002-marc.conf b/wireguard/sdmm/U-002-marc.conf new file mode 100644 index 0000000..9ac3a7f --- /dev/null +++ b/wireguard/sdmm/U-002-marc.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = wGh9Fx2x4FDyv0cuQK1g8yFm+tqTRRamdoneccfaEEw= +ListenPort = 51821 +Address = 10.3.13.2/32 +DNS = 10.3.6.15 + +[Peer] +PublicKey = ZypJ/xU5ieCA3+iHR5AhoPP6XDsSTpMuzo5foi+bWWc= +PresharedKey = adwActiBEETXk6wSx8V0w0GD7kFZ7j7CPlzuFRleG/s= +AllowedIPs = 10.3.0.0/16 +Endpoint = 184.95.250.138:13421 +PersistentKeepalive = 25 + diff --git a/wireguard/sdmm/U-002-marc.conf.png b/wireguard/sdmm/U-002-marc.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..80d54e956c7528f1c8c8080fb9751e42ed3f2c68 GIT binary patch literal 1453 zcmV;e1ycHnP)MWfoFfN5wt(q zp}0S|)QPxgamDe-oojr;!C?oU`BPtt`@v}+JO1YLu>TeJ8^>cJ1jq+3YfRn+-Q^~x zqqy%Jx355<1oNXEjP`+3Qz6bZ#=P0DxJPbABsC1r-neCXY+{xl*ylWk)+lbvIRwBJ z9fY_>NacgVFtLf9P~0607x%(3I1LL>D#U4jqmN5MGLkKB#{r!Qae*Mh$6b+Zgt7d1 zaeFR2+GT`xdAGR&0s44mtK7|s`_3T=pal>e;Mv<{7F7ZaslX4NDDIK-k>ctM1W-N+ z!k5c`#tOl_xGk58i^%jarCD_Lh_Gk``TH$TE$*44z7nN8WFF92Mx|PKman|HJ!c98 zuvs~SEJgtacZN2zjuH;uiraEmE`{6qC;dGHXAp+#*#sa0`%uBl+(RV#J*uc;r!Wuzi^oha^+qvvAJSB|B6o&@7s zgSPVGwp?2?4#@r$?`tx`Jh>@h?#1o7+^M?4RrxjDTtW*w_%c^<8_qKvm`nxG!)H>( zEQ&R*lNiOSW*y>P0Lu(_mG z$xx#2E9vhXG%N0fV-Ez6*>AgzDsIbVoE6`iAPZtzCaf;wT-E*JzH=D}Ft&0&d!lgdtgQH0 z7AtPUB^2LR-SnW`8cL_gR&(~b6}RP7H3=%EBKI^rds{j&snEr3IS^y@nj9$UFRxEC&~O-k_rF(RONwCimfwMvS6f2CHe1^WGc zlH#5??qiG#nEktFY89nEC-cBR`xrUL7ajjxKYcqABhB2B8-LF|#_;t!@y(brCysgBwO+P!*L-seZaii_ z?D6=qz!>i_(9V@kZV2|r+%LKD_!Z#Xglin=G4|nF%-pZJj&Mfg9(?fElo8$6-wTav zfqdHsbANHj6N4D^&gpsLH&!Cb34i4mbANI=$IjpUyqtgL{^05}f_DV-;x)$Ji_`&{gqp*g#C5Hnl zkZT9Z>^q(}5<}k5@*xV0XN=yx*8sdVL7R49kz|;$AZp}ezA+AvhY~y>@Rih?= z5D2JOE^ltl4G6&-D)DuQahws&N=s_X+>(<-o!NIw)}{elrJR6~Bs$V?Gq>bAg16?5 zBmw&b^%Hi92EdeHX>Q3;XE6sL(Xz~9Tx%qvT$Z~|HTTZxuu93*(gmza51wX~IfgDs zb4v~xcd9DTNsaK#yYx{;fH!kXj+?-_R8=_qDGCl{j&l8}6wEC+WZZq00t|4LP(x}V zz(Ma*d6`>qA=i0VDX`76t0V*GFyr1j%iKFh6+mAK0#;Wd{l0)o)vwr@W^TzT-D>P$ zx>Xd17EbwmANj@HE61@0Sz1pWmLC4;8a%WE`P@HqFC459UDolwE~X)k!jw{rX``9@ ziR*QZ%#t+WMnh$l&xfsG3c)hwR$Q{Q+BCi4zK(id{>rAaE<(b=+=}D15(Ac1DWEtIna9@AUh<01+=6=?{xnThn6`q*aaw%%t>#`h?!)*B_6ZBDR%SmFE%qU4x0qXV z9A?=>uawRoRvHkU{%HrATXQo{=&Gdr(W(qGs$l)RcQW_RQC=n6Le=$<$vU-qpsM!D zyz{QPcP^_d2XP(H1-q7EEYC<+hm^S$7hBzmz~Li3Pcz8@Tt?}jGq>az$ULKl($`hV z5$rU{S@dID9`^y}zHm`B6U}BucQ&OBg)`$i@4jYp-?+UB{ezF6cTL;@rd|ehY`XC? zx8kq^trBprc2Q>Bd9sCGW7^HFIr$|UT@%TFRtCM|nu+;#_sxChIxmw`w<3J@@=;J` zwYs#YI!JR%ZbF$)-;}n>UJC2Ty3K3m)|`5CMv~y~kGh`@N@iV_rnxnzjC(ZV=OjVb;HOF2O4xC!4F=5a*l{(l( zn_F`1dT8|uNUvnjlqX~f^hea2TXOm`C;I7|hGf^ynda796;D*A(Wk;HgNklSQ`FD6 zHuug+^mWh;Hc|3{iDu literal 0 HcmV?d00001 diff --git a/wireguard/sdmm/U-006-pascal.Peer.rsc b/wireguard/sdmm/U-006-pascal.Peer.rsc new file mode 100644 index 0000000..9a6db51 --- /dev/null +++ b/wireguard/sdmm/U-006-pascal.Peer.rsc @@ -0,0 +1,3 @@ +/interface wireguard peers +add allowed-address=10.3.13.6/32 disabled=no name="pascal" interface=WG-Users \ +preshared-key="V1oUlbYR+11SBr5W0hOtUuyRdwVioIfyKJDrHSrUToY=" public-key="jKNIbZkJf4zOGIYVhIawZzC4NXEsKBDTBmNjdEmR2GU=" diff --git a/wireguard/sdmm/U-006-pascal.conf b/wireguard/sdmm/U-006-pascal.conf new file mode 100644 index 0000000..fe11e26 --- /dev/null +++ b/wireguard/sdmm/U-006-pascal.conf @@ -0,0 +1,13 @@ +[Interface] +PrivateKey = aPBd3mVCh1Xvd6EoG4xzwHJ8cb1AuPK4NunE8sZf+30= +ListenPort = 51821 +Address = 10.3.13.6/32 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = ZypJ/xU5ieCA3+iHR5AhoPP6XDsSTpMuzo5foi+bWWc= +PresharedKey = V1oUlbYR+11SBr5W0hOtUuyRdwVioIfyKJDrHSrUToY= +AllowedIPs = 10.3.0.0/16 +Endpoint = 184.95.250.138:13421 +PersistentKeepalive = 25 + diff --git a/wireguard/sdmm/U-006-pascal.conf.png b/wireguard/sdmm/U-006-pascal.conf.png new file mode 100644 index 0000000000000000000000000000000000000000..fa38e5389ed65d527137280733012dab87f90e29 GIT binary patch literal 1476 zcmV;#1v~nQP)-ocCso_wr`QJX4Tyn`Jmz>-9 z)P8vJR@}?W%B!Ad{5*V(Yv=j#*U?;u$?drD_ZWB%xAV$*)UBSQ27Nehd=3~lepQW6 zZo}ch7hKnDoY&8RI6Qyge&=E3{3Q1q&Jn!$J-(O$1Tw<8;I}9DYYs`G-EY8fE+e8_ zH^p^w&m8l_IBoNykI+UwKBL=o-dFi0xet!(Sb6>C`*ZzE?vvx^4C;>D5Np?%ht5$- z9(4{*Zo@INf;jU5(u4Cyh3p!kZCKEFgXH$yNUO-Kjz`WvaX4s(bK#ue9woUghvYi) z?$D~34G4cMUr4t+9MXX5Ah|6!7OtZqoL!PChH!Cn)LZB8u6rl9<(!J3T`Lu6gs{XH z=I5-pLPsR`okK+9h!>Bh92^4;I?Gh8w&Wf-l~a7!4UulB`;}-t=7C8%xjmYoWEO>HT zjw!+Q_-m1?CvOi$K!Yy@Id;uMa%+x3&B}=?pifD~Fvt9`-m+^Rl3Q~$^BA)%_nkIC z3}h{Z0I#}Ja^E?2MPxav2vFLfZgp8K6a`m)Np8(SpO(lFB|NGUb$_4r>vX4*`_3_n z>69=-lqm{i1E@HVr;^;3L&0QJ`jD>GuVw8Dc3r*cg5;K5=+lvXq59p`8dXq7)5&bw zfysU6EIRg32aN>*GlT>ey(>(Yzr}TOOO8GtRqDvQJsQqPA-XY*Ro*7K4W~!01}Uo2 zpfXRY#eT}NWaxBdilQW&% zjti~o%(7h2y0$`4%o>YSN?K3ukwfc=bD|=EJrm?(4llauCAlr9vOW?6rNL!6Q(lco zudMz(xh-e*mAd=f~76RYh=Q>uR zz%mq4oDCFM_xVe1#T{Io8snEcbnM{RMn_-ESL}&MZo~Cx$j2l!1+On?yBPyy`SIw`ztz*fpIYNlpCR3jqos?xq)WZhA7M|puIO;4` zs8RvZuBX-K(yfjnAh{<_o5+wM4%Gw@3sIq}RYDD$+ygg>5xH8gwD-YiN2y7IiMsC- zPj1Db9(8C{EmNJnP-s;;{Y6`J-9PqEB)8y<0oz48lW~}Q(-PpYyU&;0f}3WEPop#p zs?LUqscXss$?Z8l;I1T5%Owgl)?+KKy}ief+!s#UZ?Cdxx_Vt5W(ovGd`oW6aqXhQ zlH12g;N(ygXa{cV_x^NpE3W8YfAiaWAhGt%XHca$64isWPXcD%G4oy}D~dgv)FB=-VgvgJV_*KTpe7Bw#1euMH-i z+ykdk+VP|r(5KD{fUT$U)+b5sD_4{i8aY@d&K&G|!v;0$-M>!mJLjqcC> ${IniFile}' +done + + + + + +exit + + +for PARAM in "${PARAMS[@]}" +do + eval ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) +done diff --git a/wireguard/testing/gentest b/wireguard/testing/gentest new file mode 100755 index 0000000..3b23ea9 --- /dev/null +++ b/wireguard/testing/gentest @@ -0,0 +1,30 @@ +#!/bin/bash + + + +#---ini file parameters +unset PARAMS; +PARAMS=( +'Rtr_Addr_Public,Router Adresse Publique' +'Rrt_Port,Router Port' +'Rtr_Addr_Private,Router Adresse Privee' +'Rtr_CIDR_Mask,Router Private CIDR Mask' +'Rtr_PUB_KEY,Router Public Key' +) + + +for PARAM in "${PARAMS[@]}" +do + { IFS=, read Param Desc; } <<< ${PARAM} + read -p "Entrer ${Desc} : " Value + eval ${Param}="${Value}" +done + +echo -e "\n" +echo -e " +Rtr_Addr_Public = $Rtr_Addr_Public +Rrt_Port = $Rrt_Port +Rtr_Addr_Private = $Rtr_Addr_Private +Rtr_CIDR_Private = $Rtr_CIDR_Mask +Rtr_PUB_KEY = $Rtr_PUB_KEY +" | column -t diff --git a/wireguard/wg01/client/Router001/mikrotik-peer-wg01-client-Router001.rsc b/wireguard/wg01/client/Router001/mikrotik-peer-wg01-client-Router001.rsc new file mode 100644 index 0000000..1a6f7e0 --- /dev/null +++ b/wireguard/wg01/client/Router001/mikrotik-peer-wg01-client-Router001.rsc @@ -0,0 +1,7 @@ +# WireGuard client peer configure +/interface wireguard peers +add allowed-address=10.100.99.2/32 comment=\ + wg01-client-Router001 interface=wg01 \ + preshared-key="evIsO6Pl6d9uFSkM0RrAzkYyVqbhBiG3+1XKaXgD5Ws=" public-key=\ + "xDaZbGDa+Q66zdmnH5Ngjh0byL7bMKEdKdlQ+3wNG0U=" + diff --git a/wireguard/wg01/client/Router001/wg01-client-Router001.conf b/wireguard/wg01/client/Router001/wg01-client-Router001.conf new file mode 100644 index 0000000..9fce102 --- /dev/null +++ b/wireguard/wg01/client/Router001/wg01-client-Router001.conf @@ -0,0 +1,10 @@ +[Interface] +PrivateKey = yMtyTz/gLwMLzbkmGriTRQeQu3vuuyStGz7LPv1f3GI= +Address = 10.100.99.2/32,fd42:64:63::2/128 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = oIZef/qKVdZm6sWzX3SqRs8Yr1wdJQEynKMtZ6+v32A= +PresharedKey = evIsO6Pl6d9uFSkM0RrAzkYyVqbhBiG3+1XKaXgD5Ws= +Endpoint = 172.16.16.136:13231 +AllowedIPs = 0.0.0.0/0,::/0 diff --git a/wireguard/wg01/client/Router001/wg01-client-Router001.png b/wireguard/wg01/client/Router001/wg01-client-Router001.png new file mode 100644 index 0000000000000000000000000000000000000000..144afa59c3ad43b25fe31af94900b6bc4dd11195 GIT binary patch literal 1315 zcmV+;1>E|HP)0{{R3p0f2!00006P)t-s00030 z|No`gpWOfe00MMUPE-H?$hF_c00009a7bBm001JI001JI0lwY)DgXckwMj%lRCt{2 zoLP?CFbqTq_yBz*UEN3W0R%8oRZ*5bg9(zq0m^7hdeQR-n>*Qw{EsUP88T$(cSA9+ zHXg^-`sbYQe6oKsuQiZc(KR|=%_+&hWn0tK>;~Oya12m5FEaeT$p3wL^o=?=!w-C*J zegbEC&Cic@Gtkr4zw;4>7;28|uaB?s$C6?Uxr($EtcuVyfzIF%UULUqE(GY+tP zG4z6H;!Jj`N^Yn~kXGaP3^IJj&=X1o=RmY!4~D^KIRMZ>2Vm$0F@Kp!qV%*e@nPJC zo}PgUPr=;K6QW!@#0m$X1_L8A{6XE)&BdGr+X*!HDPt%pAU!wqgxE0+ z#_CR0t-9n;pl&@3eFLFka56IEV9Ls?M(H&t*~&XZpPNsCwFv*qQ6 zBywbkE7@TSkfu+LcM2Ud^nf5vjw_Yj#F_(ZqJApQ?7c8UEbm~%9Fi{?^N1#yRrBR- z?uKrKjbJoB6`5HIhgvnPR3i4`*ib=?##y4R;~b38K?X;}o3k{Ot1&~%*6I*yl$wWd z3b&F+LobNpWQ0*Mw>A-Y)u3rBPz>cNP-yPRbne7Q1qxf#SGyg6p$(c%EM_#H)Sj9; z(Djh8m2?~0p+haJrlz2JFl|jQd9&vT-Oz3BH9 zLo7t{V#JQFj>0J!uNBm724H9fYQ+`|J(l=Mu(ygLrp49^GgOc~Vrtz_^UTn%vT$jP zY3L2{ViDYHT!|2^*%5mWd?yV(p=V|tnkO^yh}Q|Pqk;}wF(qNxu-e*a2YaW$j~o_ Z{s4&mQI?;$`3nF5002ovPDHLkV1iiiV-)}Z literal 0 HcmV?d00001 diff --git a/wireguard/wg01/mikrotik/wg01.rsc b/wireguard/wg01/mikrotik/wg01.rsc new file mode 100644 index 0000000..12dd6f3 --- /dev/null +++ b/wireguard/wg01/mikrotik/wg01.rsc @@ -0,0 +1,101 @@ +# WireGuard interface configure +/interface wireguard +add listen-port=13231 mtu=1420 name=wg01 private-key="sLKaz0+jIgc3hkmob7tKXcRM1nAyKCzNn4IxhXOuv20=" +/ip address add address=10.100.99.1/24 comment=wg-wg01 interface=wg01 + +# WireGuard client peer configure +/interface wireguard peers +add allowed-address=10.100.99.2/32 comment=wg01-client-Router001 interface=wg01 \ + preshared-key="evIsO6Pl6d9uFSkM0RrAzkYyVqbhBiG3+1XKaXgD5Ws=" public-key=\ + "xDaZbGDa+Q66zdmnH5Ngjh0byL7bMKEdKdlQ+3wNG0U=" + + + + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) + + + +Users 10.1.40.0/24 +WG_Users Pub Key : EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +Usr_CCR1_Addr="66.171.167.250" +Usr_CCR1_Port="13233" + +Routers 10.1.41.0/24 +WG_Routers Pub Key : 9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw= +Rtr_CCR1_Addr="66.171.167.250" +Rtr_CCR1_Port="13232" + + + + +Guy EVOQ Config: +================= +[Interface] +ListenPort = 51821 +PrivateKey = IM73gYzzN3riY1KaqBAGoIyldE7a7KS6QLoaDKd/G3E= +Address = 10.1.40.3/32 +DNS = 10.1.3.40,10.1.3.41 + +[Peer] +PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +PresharedKey = em/aPlSnK78xQMABuaz7GEQ1+7FXFXE+lIoYGbZ9tRs= +Endpoint = 66.171.167.250:13233 +AllowedIPs = 10.0.0.0/8,192.168.0.0/24 +PersistentKeepalive = 25 + + + +Steve Config: +============= +[Interface] +ListenPort = 51822 +PrivateKey = OKQeBlkw7aoxtGfTlxVJpbRJqXwEzz38dk2gFShMHmI= +Address = 10.1.40.1/32 +DNS = 10.1.3.40,10.1.3.41 + +[Peer] +PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY= +PresharedKey = Va8qOJXqvb8GaNCLUf3yzoGYX2+wZZkKHe/d4i+/Rhs= +Endpoint = 66.171.167.250:13233 +AllowedIPs = 10.0.0.0/8,192.168.0.0/24 +PersistentKeepalive = 25 + + + + + + + + + + + + +add allowed-address=10.1.41.253/32,172.16.100.1/32 client-keepalive=10s comment="Router 253" interface=WG-Routers preshared-key="BqdyD7C+AyMFhs67vBjCSfL4dWe3XJ1uMDg6lLgYEe4=" public-key=\ + "UlkgLQIbXkJ2dsrik1aDvOLSQrSdPpPNVLJjejE1yRU=" + + + + + +endpoint-address=${Rtr_CCR1_Addr} endpoint-port=${Rtr_CCR1_Port} + + + + + + +/interface wireguard +add listen-port=13231 mtu=1420 name=wg01 private-key="8DcsFMmQVl3JyOXNuJvSiYaTqz6AqUECOSeIMDhijEA=" +/ip address add address=10.1.41.253/32 comment=wg-wg01 interface=wg01 + +/interface wireguard peers add allowed-address=10.0.0.0/8,192.168.0.0/24 client-keepalive=10 disabled=no comment="CCR1 Montreal" interface=wg01 \ + preshared-key="BqdyD7C+AyMFhs67vBjCSfL4dWe3XJ1uMDg6lLgYEe4=" public-key="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw=" + + + + + endpoint-address=66.171.167.250 diff --git a/wireguard/wg01/params b/wireguard/wg01/params new file mode 100644 index 0000000..b9f3464 --- /dev/null +++ b/wireguard/wg01/params @@ -0,0 +1,10 @@ +SERVER_PUB_IP=172.16.16.136 + +SERVER_WG_NIC=wg01 +SERVER_WG_IPV4=10.100.99.1 +SERVER_WG_IPV6=fd42:64:63::1 +SERVER_PORT=13231 +SERVER_PRIV_KEY=sLKaz0+jIgc3hkmob7tKXcRM1nAyKCzNn4IxhXOuv20= +SERVER_PUB_KEY=oIZef/qKVdZm6sWzX3SqRs8Yr1wdJQEynKMtZ6+v32A= +CLIENT_DNS_1=1.1.1.1 +CLIENT_DNS_2=8.8.8.8 diff --git a/wireguard/wg01/wg01.conf b/wireguard/wg01/wg01.conf new file mode 100644 index 0000000..8d58e41 --- /dev/null +++ b/wireguard/wg01/wg01.conf @@ -0,0 +1,10 @@ +[Interface] +Address = 10.100.99.1/24,fd42:64:63::1/64 +ListenPort = 13231 +PrivateKey = sLKaz0+jIgc3hkmob7tKXcRM1nAyKCzNn4IxhXOuv20= + +### Client Router001 +[Peer] +PublicKey = xDaZbGDa+Q66zdmnH5Ngjh0byL7bMKEdKdlQ+3wNG0U= +PresharedKey = evIsO6Pl6d9uFSkM0RrAzkYyVqbhBiG3+1XKaXgD5Ws= +AllowedIPs = 10.100.99.2/32,fd42:64:63::2/128 diff --git a/wireguard/wg2/client/Pixel4a/mikrotik-peer-wg2-client-Pixel4a.rsc b/wireguard/wg2/client/Pixel4a/mikrotik-peer-wg2-client-Pixel4a.rsc new file mode 100644 index 0000000..a22ed62 --- /dev/null +++ b/wireguard/wg2/client/Pixel4a/mikrotik-peer-wg2-client-Pixel4a.rsc @@ -0,0 +1,7 @@ +# WireGuard client peer configure +/interface wireguard peers +add allowed-address=10.135.135.2/32 comment=\ + wg2-client-Pixel4a interface=wg2 \ + preshared-key="ts81qK9plBC1Rjc4HrF0LbuaO7tb6it105pvGv/h2AY=" public-key=\ + "8C5Kz1OZklTqIhJSdA/+Bvz7pSUJYmStXQAjvITuHXQ=" + diff --git a/wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.conf b/wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.conf new file mode 100644 index 0000000..e188888 --- /dev/null +++ b/wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.conf @@ -0,0 +1,10 @@ +[Interface] +PrivateKey = SAaJsGUnGfuYx0SVUIEJZoPvcRhMWRtHS1LA6R5hzFM= +Address = 10.135.135.2/32,fd42:28:81::2/128 +DNS = 1.1.1.1,1.0.0.1 + +[Peer] +PublicKey = ZHUpmHK5DbMvicy4NyvUg9hzdmTVtk4Wj62l83KXt2U= +PresharedKey = ts81qK9plBC1Rjc4HrF0LbuaO7tb6it105pvGv/h2AY= +Endpoint = heh08h84mnt.sn.mynetname.net:13231 +AllowedIPs = 0.0.0.0/0,::/0 diff --git a/wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.png b/wireguard/wg2/client/Pixel4a/wg2-client-Pixel4a.png new file mode 100644 index 0000000000000000000000000000000000000000..ee3a011a9c0e1994f1ef4813376c0259744ae7c9 GIT binary patch literal 1464 zcmV;p1xNacP)JHxDr7>GHslP4|3o=EyFY@0;m@{Y2oVkoK z_UpfP?tMFYM4rK$?fUo}uW{Yq4&HC(mK;BfEx{$GUsLvR6YtwOzVe!Oy=uO>1;^V! zug83$*Yn1gjRomgBED(*CUbw`BKexxNAMn8f$=qY1cExv{h1rn$A=@3duZ^>=K4IX zgSlTElj~RkaX@zw*L18yL+1FEU(EgFv}K)t`TM>9nfu9U@b-A>$q>HoTme2}d|U<> zLBrf<4ru_hkSB(u8kfQCE0KxuX)=X0b6>bC4P>W!MT#9dD~C|UK6XIW?x}pdr@1A^ zt0DiHaUlc<@y)d?tPc?5M>DtNSUItHdWA4|E#=xV0Rnbhn)||WZargUUp#d##i`PY z2^gznZpBeXji3hI&MNn@tuZUl=)UC%bI+U>VWbL{q&p+M2WtW*HEko z>Td2U7b>Azsj9@p+PlUbCT6DIG`Hl+DaqGvhV6^-9M(Qn}kMT=` zUll;*i8Qz5%6s0SvseT~S0^eM)J)7(ewkZx>M}9Lkqnq|B@MU~JL6r$+-DA|D%A@` zs=$Mn6Hr^6Dk@b8=00<*qM{-g7*rm9j)PncSYL#M^cSzs%F>}uxt5OOmczY~Kk&ht< zSQ8+ZRQJi;XO5wY;y$Kvg5KRuo4>IRsLH_Hn(I*m!ip-jWJ0PwKy(M1c+K3B%SyT| z>)R>&BxepToyBQsZp~rmFF7!V>}UEYO290$-uq7Gp13OUQ*$>;t#bFb(*EV{n_F|- zpmeX!DUhCbQw{s`?bH#zP-6;j(Q5&BIu(u8Y&y*KPrB9 zo9lmKZoxGQ|4k_&tL~@NVnr3G0JOQ8TXJ<;@l{g_$Tq^^O<|#XxP)|>-tfM9KKfmG~E6LIw8&sZEnQ@ zol@(dna7mSx5^xKHtMDe%sq2zF$KjGR8`Gw>X}5VR`Z*$Z|;ekkXm^dInOntFG`;; z>lZoZ7Mv0QPv2+xDBRij1+|soy}2)3FBcyKd(N<;`6CAWb)6o~pK)#OH;0VdRpqm* ze1y^lLp#bFIPSibxeuH~RwyOxp~93-)joYb278)Yau`QUVWl64P!u4Gpy+2Ne(O7# zd*q<^8`V~IMW$GYIvcLt?6wZ(9yu2GC8n~nY|P!PNpNM#|1-DZQ01fPq&D(_vNfXO zI(4pO$Fkhk&)gH&C=Jx6qrFEhpiL}ZZ!%x!O3XcTDY378jER5-K&!*}RAGdgxh2=; zIS8F<+{@`l4}W7^E21NIb8C)bDrKA;x5R)g>awb!?}- z{=p0_nz;ox_o%GRpOt}{CnZ|dYQFbZ%sp}R_Fir@f45X8nuEW()0xM-)v4w_a7YF- z`zo`Z$`jM)>m|O-{e_#I`M#;|6grN#_xcTJ30rgDxvpd2sV=<=R`yAP9ss8`b8C)y zg5F;FQk{~&G#4-F{hM2J+{YTv;w2w;$yla}^7*okOPE`5|1!*(GiUDq&ix1ak_l^W Swv@gA0000&2; } # send to stderr + + +#=================== function Message ========================================== +# +Message() { printf "${GREEN}%s ${NC}\n" "$*" ;} # send to stderr + + + +#=================== function Help ============================================= +# +function Help () +{ +echo -e " +usage: $ScriptName [options] + + -l List WireGuard clients on CCR1 + -h This help + +" +} + + +#=================== function addCCR1 ========================================== +# +function addCCR1() { + local Router="$1" + echo -e "\nAdding ${Router} Wireguard account to CCR1..." + ssh -i ${SSHKey} ansible@${CCR1} "/ppp secret add local-address=10.1.31.254 name=${Router} password=${L2TPPass} remote-address=${CCRSideIP} routes=\"${ip_Subnet} $CCRSideIP 1\" service=l2tp" + + if [ $? = 0 ] + then + echo "${Router} Wireguard account successfully added to CCR1" + else + echo "Failed to add ${Router} Wireguard account to CCR1" + fi +} + + +#=================== function newClient ======================================= +# +function newClient() { + ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}" + + echo "" + echo "Tell me a name for the client." + echo "The name must consist of alphanumeric character. It may also include an underscore or a dash and can't exceed 15 chars." + + until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do + read -rp "Client name: " -e CLIENT_NAME + CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${CLIENT_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified name was already created, please choose another name." + echo "" + fi + done + + for DOT_IP in {2..254}; do + DOT_EXISTS=$(grep -c "${SERVER_WG_IPV4::-1}${DOT_IP}" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + if [[ ${DOT_EXISTS} == '0' ]]; then + break + fi + done + + if [[ ${DOT_EXISTS} == '1' ]]; then + echo "" + echo "The subnet configured supports only 253 clients." + exit 99 + fi + + BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }') + until [[ ${IPV4_EXISTS} == '0' ]]; do + read -rp "Client's WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP + CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}" + IPV4_EXISTS=$(grep -c "$CLIENT_WG_IPV4/24" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV4_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv4 was already created, please choose another IPv4." + echo "" + fi + done + + BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }') + until [[ ${IPV6_EXISTS} == '0' ]]; do + read -rp "Client's WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP + CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}" + IPV6_EXISTS=$(grep -c "${CLIENT_WG_IPV6}/64" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV6_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv6 was already created, please choose another IPv6." + echo "" + fi + done + + # Generate key pair for the client + CLIENT_PRIV_KEY=$(wg genkey) + CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) + CLIENT_PRE_SHARED_KEY=$(wg genpsk) + + mkdir -p "$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" >/dev/null 2>&1 + HOME_DIR="$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" + + # Create client file and add the server as a peer + echo "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128 +DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} + +[Peer] +PublicKey = ${SERVER_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +Endpoint = ${ENDPOINT} +AllowedIPs = 0.0.0.0/0,::/0" >>"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + # Add the client as a peer to the MikroTik (to client folder) + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >"${HOME_DIR}/mikrotik-peer-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" + + # Add the client as a peer to the MikroTik + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >> "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + + # Add the client as a peer to the server + echo -e "\n### Client ${CLIENT_NAME} +[Peer] +PublicKey = ${CLIENT_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf" + + echo -e "\nHere is your client config file as a QR Code:" + + qrencode -t ansiutf8 -l L <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + qrencode -l L -s 6 -d 225 -o "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + echo -e "${INFO} Config available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + echo -e "${INFO} QR is also available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" + echo -e "${INFO} MikroTik peer config available in ${HOME_DIR}/mikrotik-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" +} + + + + +#=================== function manageMenu ====================================== +# +function manageMenu() { + echo "" + echo "It looks like this WireGuard interface is already." + echo "" + echo "What do you want to do?" + echo " 1) Add a new client" + echo " 2) Exit" + until [[ ${MENU_OPTION} =~ ^[1-4]$ ]]; do + read -rp "Select an option [1-2]: " MENU_OPTION + done + case "${MENU_OPTION}" in + 1) + newClient + ;; + 2) + exit 0 + ;; + esac +} + + + +#=================== function listConfs ======================================= +# +function listConfs() { + local directory + directory="$(pwd)/wireguard" + + if [ -d "${directory}" ]; then + echo "List of existing configurations:" + i=1 + for folder in "${directory}"/*/; do + local users count folder_name + users="${folder}/client/" + count=$(find "$users" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | wc -l) + folder_name=$(basename "${folder}") + echo "${i}. ${folder_name} [${count} user(s)]" + ((i++)) + done + fi + echo "" +} + + +#=================== function listCCR1 ========================================= +# +# Filter 1: enlever les ";" et remplacer ^m par LF +# Filter 2: Grouper 2 lignes consecutives +# Filter 3: Print field #4 et #3 +# +function ListCCR() { + +Message "User List" +ssh -i $SshKey ${SshUser}@${CCR1} "/interface/wireguard/peers/print proplist=comment,interface" \ + | grep User | tr -d ";" | sed -e "s/\r//g" \ + | awk 'NR%2 {printf("%s ", $0); next} {print $0}' \ + | awk '{print $4, $3}' | tee ${TmpUserList} + +LastEntry=$(cat ${TmpUserList} | sort -r | head -1 | awk '{ print $1 }') +NextEntry=$(($LastEntry+1)) +echo -e " +Last Entry = $LastEntry +Next Entry = $NextEntry +" +} + + +#=================== MAIN ===================================================== +# +echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator\n" + +((!$#)) && Help && exit + + +while getopts cfhl option +do + case "${option}" in + c) BoolCreate=1 ;; + f) VarFileLog=1;; + h) Help + exit 0;; + l) ListCCR ;; + *) Help + exit 1;; + esac +done + + +rm -f ${TmpUserList} +exit + +#? Check for root, OS, WireGuard +installCheck + +listConfs + +#? Check server exist +serverName + +#? Check if WireGuard is already installed and load params +if [[ -e $(pwd)/wireguard/${SERVER_WG_NIC}/params ]]; then + # shellcheck source=/dev/null + source "$(pwd)/wireguard/${SERVER_WG_NIC}/params" + manageMenu +else + newInterface +fi + diff --git a/wireguard/wireguard-evoq.sh.NOTES b/wireguard/wireguard-evoq.sh.NOTES new file mode 100644 index 0000000..f571a2b --- /dev/null +++ b/wireguard/wireguard-evoq.sh.NOTES @@ -0,0 +1,111 @@ +inférence + +WG-Users +======== +Public Key: cat4H07058+1VLQu2ns9tWGImfMx0hrHZI6F9WTsFR8= + +Win10 10.100.100.100 Elair-Riverra661 + + + + +/interface/wireguard/peers/add allowed-address=10.100.99.101 interface=WG-Users persistent-keepalive=10 public-key= + + + +https://github.com/IgorKha/wireguard-mikrotik + + + + + + + + + +[i] Config available in /home/boig01/temp/wireguard/wg01/client/Laptop/wg01-client-Laptop.conf +[i] QR is also available in /home/boig01/temp/wireguard/wg01/client/Laptop/wg01-client-Laptop.png +[i] MikroTik peer config available in /home/boig01/temp/wireguard/wg01/client/Laptop/mikrotik-wg01-client-Laptop.rsc +[i] MikroTik interface config available in /home/boig01/temp/wireguard/wg01/mikrotik/wg01.rsc +[i] If you want to add more clients, you simply need to run this script another time! + + + + + + +mikrotik/wg01.rsc +================= +# WireGuard interface configure +/interface wireguard +add listen-port=13231 mtu=1420 name=wg01 private-key=\ + "mHAePE+zX9qDM9VyN0PZ5wolk3RY7c+dZgAsOdvw/HA=" +/ip firewall filter +add action=accept chain=input comment=wg-wg01 dst-port=13231 protocol=udp +/ip firewall filter move [/ip firewall filter find comment=wg-wg01] 1 +/ip address +add address=10.100.99.1/24 comment=wg-wg01 interface=wg01 + +# WireGuard client peer configure +/interface wireguard peers +add allowed-address=10.100.99.2/32 comment=\ + wg01-client-Laptop interface=wg01 \ + preshared-key="6V1dSygIB9cfq//EKLZmVl4qLVmKgHAqqeGQt84uvqY=" public-key=\ + "gwi0ou0D2fWFcB1WNcarGHUu31DG1InGu39EryMnSGc=" + + +client/Laptop/wg01-client-Laptop.conf +===================================== +[Interface] +PrivateKey = YJ+4MBqJj/uoJFatfkh5yDghJUDmigKhxiT50vMSP0A= +Address = 10.100.99.2/32,fd42:55:24::2/128 +DNS = 1.1.1.1,8.8.8.8 + +[Peer] +PublicKey = Oe03xZcw+Fj0s2WwLTyg7mW7bm0p7gwKFnoNWXbciE8= +PresharedKey = 6V1dSygIB9cfq//EKLZmVl4qLVmKgHAqqeGQt84uvqY= +Endpoint = 172.16.16.136:13231 +AllowedIPs = 0.0.0.0/0,::/0 + + + + + +CLIENT_PRIV_KEY=$(wg genkey) +CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) +CLIENT_PRE_SHARED_KEY=$(wg genpsk) +echo -e "CLIENT_PUB_KEY: $CLIENT_PUB_KEY \nCLIENT_PRE_SHARED_KEY: $CLIENT_PRE_SHARED_KEY" + + + + +echo "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128 +DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} + +[Peer] +PublicKey = ${SERVER_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +Endpoint = ${ENDPOINT} +AllowedIPs = 0.0.0.0/0,::/0" >>"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + # Add the client as a peer to the MikroTik (to client folder) + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >"${HOME_DIR}/mikrotik-peer-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" + + # Add the client as a peer to the MikroTik + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" +" >> "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + + diff --git a/wireguard/wireguard-mikrotik.sh b/wireguard/wireguard-mikrotik.sh new file mode 100644 index 0000000..62091e1 --- /dev/null +++ b/wireguard/wireguard-mikrotik.sh @@ -0,0 +1,477 @@ +#!/usr/bin/env bash + +BLUE='\033[0;34m' +NC='\033[0m' +INFO="${BLUE}[i]${NC}" + +function checkOS() { + + #? Check OS version + if [[ -e /etc/debian_version ]]; then + # shellcheck source=/dev/null + source /etc/os-release + OS="${ID}" # debian or ubuntu + if [[ ${ID} == "debian" || ${ID} == "raspbian" ]]; then + if [[ ${VERSION_ID} -lt 10 ]]; then + echo "Your version of Debian (${VERSION_ID}) is not supported. Please use Debian 10 Buster or later" + exit 95 + fi + OS=debian #* overwrite if raspbian + fi + elif [[ -e /etc/fedora-release ]]; then + # shellcheck source=/dev/null + source /etc/os-release + OS="${ID}" + elif [[ -e /etc/centos-release ]]; then + # shellcheck source=/dev/null + source /etc/os-release + OS=centos + elif [[ -e /etc/oracle-release ]]; then + # shellcheck source=/dev/null + source /etc/os-release + OS=oracle + elif [[ -e /etc/arch-release ]]; then + OS=arch + elif [[ "$(uname -s)" == "Darwin" ]]; then + OS=macos + else + echo "Looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, Oracle or Arch Linux system" + exit 95 + fi + export OS +} + +function installWireGuard() { + + #? Check root user + if [[ "${EUID}" -ne 0 ]] && [[ "${OS}" != "macos" ]]; then + echo "" + echo "You need to run this script as root" + echo "" + exit 13 + fi + + #? Install WireGuard tools and module + if [[ ${OS} == 'ubuntu' ]] || [[ ${OS} == 'debian' && ${VERSION_ID} -gt 10 ]]; then + apt-get update + apt-get install -y wireguard qrencode + elif [[ ${OS} == 'debian' ]]; then + if ! grep -rqs "^deb .* buster-backports" /etc/apt/; then + echo "deb http://deb.debian.org/debian buster-backports main" >/etc/apt/sources.list.d/backports.list + apt-get update + fi + apt update + apt-get install -y qrencode + apt-get install -y -t buster-backports wireguard + elif [[ ${OS} == 'fedora' ]]; then + if [[ ${VERSION_ID} -lt 32 ]]; then + dnf install -y dnf-plugins-core + dnf copr enable -y jdoss/wireguard + dnf install -y wireguard-dkms + fi + dnf install -y wireguard-tools qrencode + elif [[ ${OS} == 'centos' ]]; then + yum -y install epel-release elrepo-release + if [[ ${VERSION_ID} -eq 7 ]]; then + yum -y install yum-plugin-elrepo + fi + yum -y install kmod-wireguard wireguard-tools qrencode + elif [[ ${OS} == 'oracle' ]]; then +https://www.dataroma.com/m/m_activity.php?m=GC&typ=b dnf install -y oraclelinux-developer-release-el8 + dnf config-manager --disable -y ol8_developer + dnf config-manager --enable -y ol8_developer_UEKR6 + dnf config-manager --save -y --setopt=ol8_developer_UEKR6.includepkgs='wireguard-tools*' + dnf install -y wireguard-tools qrencode + elif [[ ${OS} == 'arch' ]]; then + pacman -Sq --needed --noconfirm wireguard-tools qrencode + elif [[ ${OS} == 'macos' ]]; then + if ! command -v brew &> /dev/null + then + echo "" + echo "Brew is not installed. Please install it and run this script again." + echo "https://brew.sh/" + exit 1 + fi + brew install wireguard-tools qrencode + fi + echo "" + echo "The installation is complete. Now you need to re-run the script with user access rights (not root)." + echo "" + exit 0 +} + +function installCheck() { + if ! command -v wg &> /dev/null + then + echo "You must have \"wireguard-tools\" and \"qrencode\" installed." + read -n1 -r -p "Press any key to continue and install needed packages..." + installWireGuard + fi +} + +function serverName() { + until [[ ${SERVER_WG_NIC} =~ ^[a-zA-Z0-9_]+$ && ${#SERVER_WG_NIC} -lt 16 ]]; do + echo "Tell me a name for the server WireGuard interface. ('wg0' is used by default)" + read -rp "WireGuard interface name (server name): " -e SERVER_WG_NIC + SERVER_WG_NIC=${SERVER_WG_NIC:-wg0} + done +} + +function installQuestions() { + echo "I need to ask you a few questions before starting the setup." + echo "You can leave the default options and just press enter if you are ok with them." + echo "" + + # Detect public IPv4 or IPv6 address and pre-fill for the user + SERVER_PUB_IP=$(host myip.opendns.com resolver1.opendns.com | grep -oE 'has address [0-9.]+' | cut -d ' ' -f3) + echo "Your public IPv4 address is ${SERVER_PUB_IP}" + if [[ -z ${SERVER_PUB_IP} ]]; then + # Detect public IPv6 address + if [[ ${OS} == "macos" ]]; then + # Detect public IPv6 address on macOS + SERVER_PUB_IP=$(ifconfig | grep -A4 'en0:' | grep 'inet6' | awk '{print $2}') + else + # Detect public IPv6 address on Linux + SERVER_PUB_IP=$(ip -6 addr | sed -ne 's|^.* inet6 \([^/]*\)/.* scope global.*$|\1|p' | head -1) + fi + fi + + # while true; do + # read -rp "Enter IPv4 or IPv6 public address: " -e -i "${SERVER_PUB_IP}" SERVER_PUB_IP + while true; do + read -rp "Enter IPv4 or IPv6 public address [default used ${SERVER_PUB_IP}]: " -e USER_INPUT_SERVER_PUB_IP + SERVER_PUB_IP=${USER_INPUT_SERVER_PUB_IP:-$SERVER_PUB_IP} + if [[ ${SERVER_PUB_IP} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + break + elif [[ ${SERVER_PUB_IP} =~ ^[0-9a-fA-F:]+:[0-9a-fA-F:]*$ ]]; then + SERVER_PUB_IP="[${SERVER_PUB_IP}]" + break + else + echo "Invalid IP address. Please enter a valid IPv4 or IPv6 address." + fi + done + + until [[ ${SERVER_WG_IPV4} =~ ^([0-9]{1,3}\.){3} ]]; do + # read -rp "Server's WireGuard IPv4: " -e -i 10."$(shuf -i 0-250 -n 1)"."$(shuf -i 0-250 -n 1)".1 SERVER_WG_IPV4 + if [[ ${OS} == "macos" ]]; then + SERVER_WG_IPV4="10.$(jot -r 1 0 250).$(jot -r 1 0 250).1" + read -rp "Server's WireGuard IPv4 [default used ${SERVER_WG_IPV4}]: " -e USER_INPUT_SERVER_WG_IPV4 + SERVER_WG_IPV4=${USER_INPUT_SERVER_WG_IPV4:-$SERVER_WG_IPV4} + else + read -rp "Server's WireGuard IPv4: " -e -i 10."$(shuf -i 0-250 -n 1)"."$(shuf -i 0-250 -n 1)".1 SERVER_WG_IPV4 + fi + done + + until [[ ${SERVER_WG_IPV6} =~ ^([a-f0-9]{1,4}:){3,4}: ]]; do + # read -rp "Server's WireGuard IPv6: " -e -i fd42:"$(shuf -i 10-90 -n 1)":"$(shuf -i 10-90 -n 1)"::1 SERVER_WG_IPV6 + if [[ ${OS} == 'macos' ]]; then + SERVER_WG_IPV6="fd42:$(jot -r 1 10 90):$(jot -r 1 10 90)::1" + read -rp "Server's WireGuard IPv6 [default used ${SERVER_WG_IPV6}]: " -e USER_INPUT_SERVER_WG_IPV6 + SERVER_WG_IPV6=${USER_INPUT_SERVER_WG_IPV6:-$SERVER_WG_IPV6} + else + read -rp "Server's WireGuard IPv6: " -e -i fd42:"$(shuf -i 10-90 -n 1)":"$(shuf -i 10-90 -n 1)"::1 SERVER_WG_IPV6 + fi + done + + # Generate random number within private ports range + RANDOM_PORT=$(shuf -i 49152-65535 -n1) + until [[ ${SERVER_PORT} =~ ^[0-9]+$ ]] && [ "${SERVER_PORT}" -ge 1 ] && [ "${SERVER_PORT}" -le 65535 ]; do + # read -rp "Server's WireGuard port [1-65535]: " -e -i "${RANDOM_PORT}" SERVER_PORT + if [[ ${OS} == 'macos' ]]; then + read -rp "Server's WireGuard port [1-65535] [default ${RANDOM_PORT}]: " -e USER_INPUT_SERVER_PORT + SERVER_PORT=${USER_INPUT_SERVER_PORT:-$RANDOM_PORT} + else + read -rp "Server's WireGuard port [1-65535]: " -e -i "${RANDOM_PORT}" SERVER_PORT + fi + done + + # Adguard DNS by default + until [[ ${CLIENT_DNS_1} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do + # read -rp "First DNS resolver to use for the clients: " -e -i 94.140.14.14 CLIENT_DNS_1 + if [[ ${OS} == 'macos' ]]; then + CLIENT_DNS_1='94.140.14.14' + read -rp "First DNS resolver to use for the clients [default ${CLIENT_DNS_1}]: " -e USER_INPUT_CLIENT_DNS_1 + CLIENT_DNS_1=${USER_INPUT_CLIENT_DNS_1:-$CLIENT_DNS_1} + else + read -rp "First DNS resolver to use for the clients: " -e -i 94.140.14.14 CLIENT_DNS_1 + fi + done + until [[ ${CLIENT_DNS_2} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do + if [[ ${OS} == 'macos' ]]; then + CLIENT_DNS_DEF_2='94.140.15.15' + read -rp "Second DNS resolver to use for the clients (optional) [default ${CLIENT_DNS_DEF_2}]: " -e USER_INPUT_CLIENT_DNS_2 + CLIENT_DNS_2=${USER_INPUT_CLIENT_DNS_2:-$CLIENT_DNS_DEF_2} + else + read -rp "Second DNS resolver to use for the clients (optional): " -e -i 94.140.15.15 CLIENT_DNS_2 + if [[ ${CLIENT_DNS_2} == "" ]]; then + CLIENT_DNS_2="${CLIENT_DNS_1}" + fi + fi + done + + echo "" + echo "Okay, that was all I needed. We are ready to setup your WireGuard server now." + echo "You will be able to generate a client at the end of the installation." + read -n1 -r -p "Press any key to continue..." +} + +function newInterface() { + # Run setup questions first + installQuestions + + # Make sure the directory exists (this does not seem the be the case on fedora) + mkdir -p "$(pwd)"/wireguard/"${SERVER_WG_NIC}"/mikrotik >/dev/null 2>&1 + + SERVER_PRIV_KEY=$(wg genkey) + SERVER_PUB_KEY=$(echo "${SERVER_PRIV_KEY}" | wg pubkey) + + # Save WireGuard settings #SERVER_PUB_NIC=${SERVER_PUB_NIC} + echo "SERVER_PUB_IP=${SERVER_PUB_IP} + +SERVER_WG_NIC=${SERVER_WG_NIC} +SERVER_WG_IPV4=${SERVER_WG_IPV4} +SERVER_WG_IPV6=${SERVER_WG_IPV6} +SERVER_PORT=${SERVER_PORT} +SERVER_PRIV_KEY=${SERVER_PRIV_KEY} +SERVER_PUB_KEY=${SERVER_PUB_KEY} +CLIENT_DNS_1=${CLIENT_DNS_1} +CLIENT_DNS_2=${CLIENT_DNS_2}" > "$(pwd)/wireguard/${SERVER_WG_NIC}/params" + + # Save WireGuard settings to the MikroTik + echo "# WireGuard interface configure +/interface wireguard +add listen-port=${SERVER_PORT} mtu=1420 name=${SERVER_WG_NIC} private-key=\\ + \"${SERVER_PRIV_KEY}\" +/ip firewall filter +add action=accept chain=input comment=wg-${SERVER_WG_NIC} dst-port=${SERVER_PORT} protocol=udp +/ip firewall filter move [/ip firewall filter find comment=wg-${SERVER_WG_NIC}] 1 +/ip address +add address=${SERVER_WG_IPV4}/24 comment=wg-${SERVER_WG_NIC} interface=${SERVER_WG_NIC} + " > "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + + + # Add server interface + echo "[Interface] +Address = ${SERVER_WG_IPV4}/24,${SERVER_WG_IPV6}/64 +ListenPort = ${SERVER_PORT} +PrivateKey = ${SERVER_PRIV_KEY}" > "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf" + + newClient + echo -e "${INFO} MikroTik interface config available in $(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + echo -e "${INFO} If you want to add more clients, you simply need to run this script another time!" + +} + +function newClient() { + ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}" + + echo "" + echo "Tell me a name for the client." + echo "The name must consist of alphanumeric character. It may also include an underscore or a dash and can't exceed 15 chars." + + until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do + read -rp "Client name: " -e CLIENT_NAME + CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${CLIENT_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified name was already created, please choose another name." + echo "" + fi + done + + for DOT_IP in {2..254}; do + if [[ ${OS} == 'macos' ]]; then + DOT_EXISTS=$(grep -c "$(echo "${SERVER_WG_IPV4}" | rev | cut -c 2- | rev)${DOT_IP}" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + else + DOT_EXISTS=$(grep -c "${SERVER_WG_IPV4::-1}${DOT_IP}" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + fi + if [[ ${DOT_EXISTS} == '0' ]]; then + break + fi + done + + if [[ ${DOT_EXISTS} == '1' ]]; then + echo "" + echo "The subnet configured supports only 253 clients." + exit 99 + fi + + BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }') + until [[ ${IPV4_EXISTS} == '0' ]]; do + if [[ ${OS} == 'macos' ]]; then + read -rp "Client's WireGuard IPv4 [default used ${BASE_IP}.${DOT_IP}]: " -e USER_INPUT_DOT_IP + DOT_IP=${USER_INPUT_DOT_IP:-$DOT_IP} + else + read -rp "Client's WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP + fi + CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}" + IPV4_EXISTS=$(grep -c "$CLIENT_WG_IPV4/24" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV4_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv4 was already created, please choose another IPv4." + echo "" + fi + done + + BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }') + until [[ ${IPV6_EXISTS} == '0' ]]; do + if [[ ${OS} == 'macos' ]]; then + read -rp "Client's WireGuard IPv6 [default used ${BASE_IP}::${DOT_IP}]: " -e USER_INPUT_DOT_IP + DOT_IP=${USER_INPUT_DOT_IP:-$DOT_IP} + else + read -rp "Client's WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP + fi + CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}" + IPV6_EXISTS=$(grep -c "${CLIENT_WG_IPV6}/64" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf") + + if [[ ${IPV6_EXISTS} == '1' ]]; then + echo "" + echo "A client with the specified IPv6 was already created, please choose another IPv6." + echo "" + fi + done + + # Asking for client's allowed IPs + until [[ ${ALLOWED_IPV4} =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ ]]; do + if [[ ${OS} == 'macos' ]]; then + ALLOWED_IPV4="0.0.0.0/0" + read -rp "Client's allowed IPv4 [default used ${ALLOWED_IPV4}]: " -e USER_INPUT_ALLOWED_IPV4 + ALLOWED_IPV4=${USER_INPUT_ALLOWED_IPV4:-$ALLOWED_IPV4} + else + read -rp "Client's allowed IPv4: " -e -i "0.0.0.0/0" ALLOWED_IPV4 + fi + done + + until [[ ${ALLOWED_IPV6} =~ ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))(\/((1(1[0-9]|2[0-8]))|([0-9][0-9])|([0-9])))?$ ]]; do + if [[ ${OS} == 'macos' ]]; then + ALLOWED_IPV6="::/0" + read -rp "Client's allowed IPv6 [default used ${ALLOWED_IPV6}]: " -e USER_INPUT_ALLOWED_IPV6 + ALLOWED_IPV6=${USER_INPUT_ALLOWED_IPV6:-$ALLOWED_IPV6} + else + read -rp "Client's allowed IPv6: " -e -i "::/0" ALLOWED_IPV6 + fi + done + + # Generate key pair for the client + CLIENT_PRIV_KEY=$(wg genkey) + CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) + CLIENT_PRE_SHARED_KEY=$(wg genpsk) + + mkdir -p "$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" >/dev/null 2>&1 + HOME_DIR="$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" + + # Create client file and add the server as a peer + echo "[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128 +DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} + +[Peer] +PublicKey = ${SERVER_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +Endpoint = ${ENDPOINT} +AllowedIPs = ${ALLOWED_IPV4},${ALLOWED_IPV6}" >>"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + # Add the client as a peer to the MikroTik (to client folder) + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >"${HOME_DIR}/mikrotik-peer-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" + + # Add the client as a peer to the MikroTik + echo "# WireGuard client peer configure +/interface wireguard peers +add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\ + ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\ + preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\ + \"${CLIENT_PUB_KEY}\" + " >> "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc" + + # Add the client as a peer to the server + echo -e "\n### Client ${CLIENT_NAME} +[Peer] +PublicKey = ${CLIENT_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf" + + echo -e "\nHere is your client config file as a QR Code:" + + qrencode -t ansiutf8 -l L <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + qrencode -l L -s 6 -d 225 -o "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + + echo -e "${INFO} Config available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + echo -e "${INFO} QR is also available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" + echo -e "${INFO} MikroTik peer config available in ${HOME_DIR}/mikrotik-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc" +} + +function manageMenu() { + echo "" + echo "It looks like this WireGuard interface is already." + echo "" + echo "What do you want to do?" + echo " 1) Add a new client" + echo " 2) Exit" + until [[ ${MENU_OPTION} =~ ^[1-4]$ ]]; do + read -rp "Select an option [1-2]: " MENU_OPTION + done + case "${MENU_OPTION}" in + 1) + newClient + ;; + 2) + exit 0 + ;; + esac +} + +#? List of existing configurations +function listConfs() { + local directory + directory="$(pwd)/wireguard" + + if [ -d "${directory}" ]; then + echo "List of existing configurations:" + i=1 + for folder in "${directory}"/*/; do + local users count folder_name + users="${folder}/client/" + count=$(find "$users" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | wc -l) + folder_name=$(basename "${folder}") + echo "${i}. ${folder_name} [${count} user(s)]" + ((i++)) + done + fi + echo "" +} + +echo "" +echo "Welcome to WireGuard-MikroTik configurator!" +echo "The git repository is available at: https://github.com/IgorKha/wireguard-mikrotik" +echo "" + +#? Check OS +checkOS +echo "Your OS is ${OS}" + +#? Check for root, WireGuard +installCheck + +listConfs + +#? Check server exist +serverName + +#? Check if WireGuard is already installed and load params +if [[ -e $(pwd)/wireguard/${SERVER_WG_NIC}/params ]]; then + # shellcheck source=/dev/null + source "$(pwd)/wireguard/${SERVER_WG_NIC}/params" + manageMenu +else + newInterface +fi +