boig01/network-scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

First Commit

Browse source
This commit is contained in:
Guy Boisvert 2025-08-12 23:01:13 -04:00
commit bd67283438
142 changed files with 5061 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
wireguard/Gvpn Executable file
View file

@ -0,0 +1,9 @@
#!/bin/bash
unset VPN;
VPN={
Real;~/Nextcloud2/guydev/network/wireguard/real/users/002-Guy.conf
Ingt;~/Nextcloud2/guydev/network/wireguard/ingtegration/chateauguay/user/U-003-dana.conf
}

10
wireguard/Test1/RB5009-WG1.cfg Normal file
View file

@ -0,0 +1,10 @@
[RB5009-WG1]
RtrInterface=WG1
Rtr_Addr_Admin=10.1.8.99
Rtr_Addr_Public=205.151.68.129
Rrt_Port=13243
Rtr_Addr_Private=10.1.4.254
Rtr_CIDR_Mask=24
Rtr_PUB_KEY=bTatsa66Ggasasa6666=
Rtr_DNS=1.1.1.1,1.0.0.1
Rtr_Route_Subnet=10.0.0.0/8

3
wireguard/Test1/U-001-marc.Peer.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=10.1.4.1/32 disabled=no name="marc" interface=WG1 \
preshared-key="aeN5oZSTW//CPRuZaBj16GTwx7+ktpvph+thrFY/WQc=" public-key="ztXlaxlZWA4oZxSCaQsN/8RXqahEeF4BehMjfAFbLVk="

13
wireguard/Test1/U-001-marc.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = 2OchuWPpq3g8dXCoo2uufnmU1dpcd8WfgS4/7vI7tUQ=
ListenPort = 51821
Address = 10.1.4.1/32
DNS = 1.1.1.1,1.0.0.1
[Peer]
PublicKey = bTatsa66Ggasasa6666=
PresharedKey = aeN5oZSTW//CPRuZaBj16GTwx7+ktpvph+thrFY/WQc=
AllowedIPs = 10.0.0.0/8
Endpoint = 205.151.68.129:13243
PersistentKeepalive = 25

BIN
wireguard/Test1/U-001-marc.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.3 KiB

3
wireguard/Test1/U-002-guy.Peer.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=10.1.4.2/32 disabled=no name="guy" interface=WG1 \
preshared-key="JVdiKw9rvvz/HqTdHG6oxJBkduUe3r7DWgqDO0tHMkw=" public-key="eeYn9g9ayNJoEkYH4HrXFMcGDU0uUHLXF2ZopybCAFg="

13
wireguard/Test1/U-002-guy.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = ABcaGRdchXN2+23PoSe8d7ojH4WhT4JEsZLRV3Jt1lo=
ListenPort = 51821
Address = 10.1.4.2/32
DNS = 1.1.1.1,1.0.0.1
[Peer]
PublicKey = bTatsa66Ggasasa6666=
PresharedKey = JVdiKw9rvvz/HqTdHG6oxJBkduUe3r7DWgqDO0tHMkw=
AllowedIPs = 10.0.0.0/8
Endpoint = 205.151.68.129:13243
PersistentKeepalive = 25

BIN
wireguard/Test1/U-002-guy.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.3 KiB

3
wireguard/WireguardManjaro/evoq/WG999-GB Normal file
View file

@ -0,0 +1,3 @@
[Interface]
ListenPort = 13231
PrivateKey = oIdmd/wFdL54lgkkThbIcDAeg9nKmS5wxH4fLBJbwEo=

1
wireguard/WireguardManjaro/evoq/privatekey Normal file
View file

@ -0,0 +1 @@
mCscj1wPL4+kGrDMAKY3Ek8drGvxcgOlfudGAq9j+Vo=

1
wireguard/WireguardManjaro/evoq/publickey Normal file
View file

@ -0,0 +1 @@
pWs3b9kfSZ+Uvg7Q9tYT52Lqxh7OEbOhkzmvE0NT/GM=

1
wireguard/WireguardManjaro/exoc/rutgers/client_guy.txt Normal file
View file

@ -0,0 +1 @@
GPBSyPyU06/jsowN9ScTpXDkMAzrGxKB217gVWcSVng=

1
wireguard/WireguardManjaro/exoc/rutgers/client_guy_psk.txt Normal file
View file

@ -0,0 +1 @@
+tJsNqiNzwJ7PCLRvF83olIffVq9FAWSvOlYC7wbUp0=

1
wireguard/WireguardManjaro/exoc/rutgers/client_guy_pub.txt Normal file
View file

@ -0,0 +1 @@
rtbXn9kJ32AqTbOeNcQjWT31UW+508ENhP1+Whez5TQ=

1
wireguard/WireguardManjaro/exoc/rutgers/client_pascal.txt Normal file
View file

@ -0,0 +1 @@
APeJ2lVKE90EUHsDO+bYC5OAnpeUATCeGZWDL9K0dVM=

1
wireguard/WireguardManjaro/exoc/rutgers/client_pascal_psk.txt Normal file
View file

@ -0,0 +1 @@
isW7BmJAwEq6B2PeDbG4sN8z/dg2zfuhuLdPQY3WovU=

1
wireguard/WireguardManjaro/exoc/rutgers/client_pascal_pub.txt Normal file
View file

@ -0,0 +1 @@
GkRup6bdiXqb8GOaytLBQ1tFcQJ+SEu+KgkQlR17oE4=

10
wireguard/WireguardManjaro/exoc/rutgers/wg01-guy.conf Normal file
View file

@ -0,0 +1,10 @@
[Interface]
PrivateKey = GPBSyPyU06/jsowN9ScTpXDkMAzrGxKB217gVWcSVng=
Address = 172.16.28.1/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = rtbXn9kJ32AqTbOeNcQjWT31UW+508ENhP1+Whez5TQ=
PresharedKey = +tJsNqiNzwJ7PCLRvF83olIffVq9FAWSvOlYC7wbUp0=
Endpoint = 172.16.24.1:13239
AllowedIPs = 0.0.0.0/0,::/0

10
wireguard/WireguardManjaro/exoc/rutgers/wg02-pascal.conf Normal file
View file

@ -0,0 +1,10 @@
[Interface]
PrivateKey = APeJ2lVKE90EUHsDO+bYC5OAnpeUATCeGZWDL9K0dVM=
Address = 172.16.28.2/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = 3ZnjnM9d/TL2MoNnEgNRlDztYEhHLNjb8EXai9utzCk=
PresharedKey = isW7BmJAwEq6B2PeDbG4sN8z/dg2zfuhuLdPQY3WovU=
Endpoint = 192.168.88.168:13239
AllowedIPs = 0.0.0.0/0

316
wireguard/WireguardManjaro/exoc/rutgers/wireguard-rutgers.sh Executable file
View file

@ -0,0 +1,316 @@
#!/bin/bash
#=================== Environment ===============================================
#
ScriptName=$(basename "$0")
SshUser=ansible
#SshKey="/home/wireguard/.ssh/ansible_evoq_rsa"
SshKey="/home/boig01/.ssh/ansible_evoq_rsa"
#BaseDir="/home/wireguard"
BaseDir="/dev/shm"
CCR1=10.1.8.11
CCR2=10.1.8.12
Version=240222_1842
CORP="EVOQ"
TmpUserList=$(mktemp -p /dev/shm)
# Wireguard For Routers
RtrCCR1Int=WG-Routers
RtrCCR1PubKey="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw="
RtrCCR1Prefix="10.1.32"
RtrCCR1Address="10.1.32.254/24"
RtrCCR1Port=13232
WgRtrDir="${BaseDir}/routers"
# Wireguard For Users
UsrCCR1Int=WG-Users
UsrCCR1PubKey="EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY="
UsrCCR1Prefix="10.1.33"
UsrCCR1Address="10.1.33.254/24"
UsrCCR1Port=13233
WgUsrDir="${BaseDir}/users"
YELLOW='\033[0;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Create paths if not there
[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}"
[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}"
#=================== function Info =============================================
#
# Avec date / time prefix
#
Info() { printf "${GREEN} %s ${NC} %s\n" "$( date +%F_%T )" "$*" >&2; } # send to stderr
#=================== function Message ==========================================
#
Message() { printf "${GREEN}%s ${NC}\n" "$*" ;} # send to stderr
#=================== function Help =============================================
#
function Help ()
{
echo -e "
usage: $ScriptName [options]
-l List WireGuard clients on CCR1
-h This help
"
}
#=================== function addCCR1 ==========================================
#
function addCCR1() {
local Router="$1"
echo -e "\nAdding ${Router} Wireguard account to CCR1..."
ssh -i ${SSHKey} ansible@${CCR1} "/ppp secret add local-address=10.1.31.254 name=${Router} password=${L2TPPass} remote-address=${CCRSideIP} routes=\"${ip_Subnet} $CCRSideIP 1\" service=l2tp"
if [ $? = 0 ]
then
echo "${Router} Wireguard account successfully added to CCR1"
else
echo "Failed to add ${Router} Wireguard account to CCR1"
fi
}
#=================== function newClient =======================================
#
function newClient() {
ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}"
echo ""
echo "Tell me a name for the client."
echo "The name must consist of alphanumeric character. It may also include an underscore or a dash and can't exceed 15 chars."
until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do
read -rp "Client name: " -e CLIENT_NAME
CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf")
if [[ ${CLIENT_EXISTS} == '1' ]]; then
echo ""
echo "A client with the specified name was already created, please choose another name."
echo ""
fi
done
for DOT_IP in {2..254}; do
DOT_EXISTS=$(grep -c "${SERVER_WG_IPV4::-1}${DOT_IP}" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf")
if [[ ${DOT_EXISTS} == '0' ]]; then
break
fi
done
if [[ ${DOT_EXISTS} == '1' ]]; then
echo ""
echo "The subnet configured supports only 253 clients."
exit 99
fi
BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }')
until [[ ${IPV4_EXISTS} == '0' ]]; do
read -rp "Client's WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP
CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}"
IPV4_EXISTS=$(grep -c "$CLIENT_WG_IPV4/24" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf")
if [[ ${IPV4_EXISTS} == '1' ]]; then
echo ""
echo "A client with the specified IPv4 was already created, please choose another IPv4."
echo ""
fi
done
BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }')
until [[ ${IPV6_EXISTS} == '0' ]]; do
read -rp "Client's WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP
CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}"
IPV6_EXISTS=$(grep -c "${CLIENT_WG_IPV6}/64" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf")
if [[ ${IPV6_EXISTS} == '1' ]]; then
echo ""
echo "A client with the specified IPv6 was already created, please choose another IPv6."
echo ""
fi
done
# Generate key pair for the client
CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
mkdir -p "$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" >/dev/null 2>&1
HOME_DIR="$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}"
# Create client file and add the server as a peer
echo "[Interface]
PrivateKey = ${CLIENT_PRIV_KEY}
Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128
DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2}
[Peer]
PublicKey = ${SERVER_PUB_KEY}
PresharedKey = ${CLIENT_PRE_SHARED_KEY}
Endpoint = ${ENDPOINT}
AllowedIPs = 0.0.0.0/0,::/0" >>"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf"
# Add the client as a peer to the MikroTik (to client folder)
echo "# WireGuard client peer configure
/interface wireguard peers
add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\
${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\
preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\
\"${CLIENT_PUB_KEY}\"
" >"${HOME_DIR}/mikrotik-peer-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc"
# Add the client as a peer to the MikroTik
echo "# WireGuard client peer configure
/interface wireguard peers
add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\
${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\
preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\
\"${CLIENT_PUB_KEY}\"
" >> "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc"
# Add the client as a peer to the server
echo -e "\n### Client ${CLIENT_NAME}
[Peer]
PublicKey = ${CLIENT_PUB_KEY}
PresharedKey = ${CLIENT_PRE_SHARED_KEY}
AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf"
echo -e "\nHere is your client config file as a QR Code:"
qrencode -t ansiutf8 -l L <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf"
qrencode -l L -s 6 -d 225 -o "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf"
echo -e "${INFO} Config available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf"
echo -e "${INFO} QR is also available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png"
echo -e "${INFO} MikroTik peer config available in ${HOME_DIR}/mikrotik-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc"
}
#=================== function manageMenu ======================================
#
function manageMenu() {
echo ""
echo "It looks like this WireGuard interface is already."
echo ""
echo "What do you want to do?"
echo " 1) Add a new client"
echo " 2) Exit"
until [[ ${MENU_OPTION} =~ ^[1-4]$ ]]; do
read -rp "Select an option [1-2]: " MENU_OPTION
done
case "${MENU_OPTION}" in
1)
newClient
;;
2)
exit 0
;;
esac
}
#=================== function listConfs =======================================
#
function listConfs() {
local directory
directory="$(pwd)/wireguard"
if [ -d "${directory}" ]; then
echo "List of existing configurations:"
i=1
for folder in "${directory}"/*/; do
local users count folder_name
users="${folder}/client/"
count=$(find "$users" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | wc -l)
folder_name=$(basename "${folder}")
echo "${i}. ${folder_name} [${count} user(s)]"
((i++))
done
fi
echo ""
}
#=================== function listCCR1 =========================================
#
# Filter 1: enlever les ";" et remplacer ^m par LF
# Filter 2: Grouper 2 lignes consecutives
# Filter 3: Print field #4 et #3
#
function ListCCR() {
Message "User List"
ssh -i $SshKey ${SshUser}@${CCR1} "/interface/wireguard/peers/print proplist=comment,interface" \
| grep User | tr -d ";" | sed -e "s/\r//g" \
| awk 'NR%2 {printf("%s ", $0); next} {print $0}' \
| awk '{print $4, $3}' | tee ${TmpUserList}
LastEntry=$(cat ${TmpUserList} | sort -r | head -1 | awk '{ print $1 }')
NextEntry=$(($LastEntry+1))
echo -e "
Last Entry = $LastEntry
Next Entry = $NextEntry
"
}
#=================== MAIN =====================================================
#
echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator\n"
((!$#)) && Help && exit
while getopts cfhl option
do
case "${option}" in
c) BoolCreate=1 ;;
f) VarFileLog=1;;
h) Help
exit 0;;
l) ListCCR ;;
*) Help
exit 1;;
esac
done
rm -f ${TmpUserList}
exit
#? Check for root, OS, WireGuard
installCheck
listConfs
#? Check server exist
serverName
#? Check if WireGuard is already installed and load params
if [[ -e $(pwd)/wireguard/${SERVER_WG_NIC}/params ]]; then
# shellcheck source=/dev/null
source "$(pwd)/wireguard/${SERVER_WG_NIC}/params"
manageMenu
else
newInterface
fi

3
wireguard/\ Normal file
View file

@ -0,0 +1,3 @@
/ip address add address=172.14.40.004/32 comment=WG-CTG interface=wg-ctg
/interface wireguard peers add allowed-address=172.16.254.004/32 client-keepalive=10 disabled=no comment="2" \
interface=WG-Devices preshared-key="efrLuDEVeDNpj13qlIqbjCiKlPVxE8T+hLt+2gQHF40=" public-key="lRlZ5uUBQsCH4G259f+q2yKAH4rxc2y+KHDlHaksmwo="

8
wireguard/alain/RB4011.cfg Normal file
View file

@ -0,0 +1,8 @@
[WG3]
Rtr_Addr_Admin=172.16.1.1
Rtr_Addr_Public=ingt.dyndns.org
Rrt_Port=14322
Rtr_Addr_Private=172.16.253.254
Rtr_CIDR_Mask=24
Rtr_PUB_KEY=vH29JWx4oamEfJFSOGQspPtHmMuLY1lC5jiFsgu6hio=

3
wireguard/alain/U-001-zbook.Peer.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=172.16.253.1/32 disabled=no name="zbook" interface=WG3 \
preshared-key="phF3M7QpL+jrxsVZ3guV+SRGFohoTdiNjX/VntDJMS8=" public-key="LzC8W/ChD8Iq7kDJ7F796WRzqPSI30bAKbnJraZ59gE="

13
wireguard/alain/U-001-zbook.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = 2J4fFcuD/cuhk8FcO9iqTfDdhsZADR6/qxFbL00DF3M=
ListenPort = 51821
Address = 172.16.253.1/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = vH29JWx4oamEfJFSOGQspPtHmMuLY1lC5jiFsgu6hio=
PresharedKey = phF3M7QpL+jrxsVZ3guV+SRGFohoTdiNjX/VntDJMS8=
AllowedIPs = 0.0.0.0/0
Endpoint = ingt.dyndns.org:14322
PersistentKeepalive = 25

BIN
wireguard/alain/U-001-zbook.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

136
wireguard/autowg.sh Executable file
View file

@ -0,0 +1,136 @@
#!/bin/bash
#
# AUTOWG written by Hamdi KADRI
# APACHE LICENSE version 2.0 applies
# This script is intended to create configurations for
# a point-to-point Wireguard connection between a server
# and a client (/30 network)
#
# Step zero: declare configurations as variables
servercfg="[Interface]
Address = <serverwgIP>
SaveConfig = true
ListenPort = <port>
PrivateKey = <server-privatekey>
[Peer]
PublicKey = <client-pubkey>
PresharedKey = <psk>
AllowedIPs = <clientwgIP>"
clientcfg="[Interface]
PrivateKey = <client-privatekey>
Address = <clientwgIP> <dnsconfiguration>
[Peer]
PublicKey = <server-pubkey>
PresharedKey = <psk>
AllowedIPs = <clientwgIP>
EndPoint = <serverIP>:<port>
PersistentKeepalive = 20"
postcfg="[Interface]
Address = <serverwgIP>
SaveConfig = true
ListenPort = <port>
PrivateKey = <server-privatekey>
PostUp = iptables -A FORWARD -i <wgintname> -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o <srvinternetintname> -j MASQUERADE
PostDown = iptables -D FORWARD -i <wgintname> -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o <srvinternetintname> -j MASQUERADE
[Peer]
PublicKey = <client-pubkey>
PresharedKey = <psk>
AllowedIPs = <clientwgIP>
"
# Step one: ask for some parameters (as an assistant)
# We need: point-to-point IPs, Server IP, port
echo "AutoWG requires some informations before generating your config"
echo "Please provide the next parameters."
echo "This script will not check if the IPs and netmask are valid!"
echo "Press Enter to continue.."
echo
read
read -p "Server IP for the Wireguard interface: " serverwgIP
read -p "Client IP for the Wireguard interface: " clientwgIP
read -p "Network Mask (in CIDR) for both server and client WG interfaces (example: /30): " netmask
read -p "Server Public IP address: " serverIP
read -p "Network Port for Wireguard communication: " port
read -p "Wireguard interface name? (for example wg0): " wgintname
read -p "Route all traffic to server via Wireguard? [y/N]: " internetaccess
if [[ "$internetaccess" =~ ^([yY][eE][sS]|[yY])$ ]]
then
clientcfg=$(echo "$clientcfg" | sed "s|AllowedIPs = <clientwgIP>|AllowedIPs = 0.0.0.0/0|g" )
read -p "Which server interface has internet access? " srvinternetintname
servercfg=$(echo "$postcfg" | sed "s|<wgintname>|${wgintname}|g" | sed "s|<srvinternetintname>|${srvinternetintname}|g" )
echo
RED='\033[0;31m'
NC='\033[0m' # No Color
printf "${RED}IMPORTANT:${NC} You need to enable IP Forwarding on the server\n"
echo "On Linux servers, uncomment the line \"net.ipv4.ip_forward=1\" in /etc/sysctl.conf"
echo "then run \"sysctl -p\""
echo
#### Experimental DNS support ####
read -p "Push DNS servers to client? [y/N]: " dns
if [[ "$dns" =~ ^([yY][eE][sS]|[yY])$ ]]
then
read -p "Enter dns servers IPs separated by spaces: " dnsservers
dnscfg="\nDNS = $dnsservers"
clientcfg=$(echo "$clientcfg" | sed "s|<dnsconfiguration>|$dnscfg|g" )
else
clientcfg=$(echo "$clientcfg" | sed "s|<dnsconfiguration>||g" )
fi
##################################
else
clientcfg=$(echo "$clientcfg" | sed "s|<dnsconfiguration>||g" )
fi
# Step two: generate keypairs
## Generate keypairs for machine 1 (client)
client_prvkey=$(wg genkey)
client_pubkey=$(echo $client_prvkey | wg pubkey)
## Generate keypairs for machine 2 (server)
server_prvkey=$(wg genkey)
server_pubkey=$(echo $server_prvkey | wg pubkey)
# New : generate PSK
psk=$(wg genpsk)
# Step three: generate configuration
serverconf=$(echo "$servercfg" | sed "s|<serverwgIP>|${serverwgIP}${netmask}|g" | \
sed "s|<port>|${port}|g" | sed "s|<server-privatekey>|${server_prvkey}|g" |\
sed "s|<client-pubkey>|${client_pubkey}|g" | sed "s|<clientwgIP>|${clientwgIP}|g" |\
sed "s|<psk>|${psk}|g" )
clientconf=$(echo "$clientcfg" | sed "s|<client-privatekey>|${client_prvkey}|g" | \
sed "s|<clientwgIP>|${clientwgIP}${netmask}|g" | sed "s|<server-pubkey>|${server_pubkey}|g" | \
sed "s|<serverIP>|${serverIP}|g" | sed "s|<port>|${port}|g" | sed "s|<psk>|${psk}|g" )
# Step four: display configuration for machine 1 (client)
echo
echo "** Client Side /etc/wireguard/${wgintname}.conf **"
echo "$clientconf"
echo
# Step five: display configuration for machine 2 (server)
echo
echo "** Server Side /etc/wireguard/${wgintname}.conf **"
echo "$serverconf"
echo
# Step Seven: Saving to a text file
#
echo "** Client Side /etc/wireguard/${wgintname}.conf **" > wireguard-conf.txt
echo "$clientconf" >> wireguard-conf.txt
echo >> wireguard-conf.txt
echo "** Server Side /etc/wireguard/${wgintname}.conf **" >> wireguard-conf.txt
echo "$serverconf" >> wireguard-conf.txt
echo >> wireguard-conf.txt

3
wireguard/cccp/users/001-Real.CCR1.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=10.8.38.1/32 disabled=no comment="User Real" interface=wg1 \
preshared-key="3v+2iZ8UNS6YHKYc55fVgI77wtfRO0JCa4X2bIc34e4=" public-key="T8N9Zdy4JiStBIJI00T9fkIx6KzatLkQ/WXQUDe7QDU="

13
wireguard/cccp/users/001-Real.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = IFR3761g8AM2F1ICp+hP9TyudinHHXio0BvPFUOa/3o=
ListenPort = 51821
Address = 10.8.38.1/32
DNS = 10.8.38.1,1.1.1.1
[Peer]
PublicKey = ywl8GMIFJZlElELbvIPHEzs8/T5VaF9+gaq17JaXThE=
PresharedKey = 3v+2iZ8UNS6YHKYc55fVgI77wtfRO0JCa4X2bIc34e4=
AllowedIPs = 10.8.0.0/16
Endpoint = 199.168.223.11:13233
PersistentKeepalive = 25

3
wireguard/cccp/users/002-Ariel.CCR1.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=10.8.38.2/32 disabled=no comment="User Ariel" interface=wg1 \
preshared-key="cHKDiUAezRuelDtTkbA9pNwzX3kwM7hhG6XB2/MWrkY=" public-key="mQcmO5hLoAXNA3KeF+iXydsZuDg+nkbYNsogvJ32mVs="

13
wireguard/cccp/users/002-Ariel.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = wL/hWyRZtifMLVEgPc31VMmG1+7EYbm5wJI5uxbF+34=
ListenPort = 51821
Address = 10.8.38.2/32
DNS = 10.8.38.1,1.1.1.1
[Peer]
PublicKey = zHfHRbQs+3WH9GHBEH7dsh8J0xxLkP2OxWJASV+VWlw=
PresharedKey = cHKDiUAezRuelDtTkbA9pNwzX3kwM7hhG6XB2/MWrkY=
AllowedIPs = 10.8.0.0/16
Endpoint = 199.168.223.11:13233
PersistentKeepalive = 25

3
wireguard/cccp/users/003-Guy.CCR1.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=10.8.38.3/32 disabled=no comment="User Guy" interface=wg1 \
preshared-key="wF6cwKPq7Yu9tifDy1zPYZ4t+GGXsh6QaJiKwhoYPVA=" public-key="W+1qr4Un3+u0i9bNmItllu3FrY49+NNX9aQfYmVkm1Q="

13
wireguard/cccp/users/003-Guy.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = 2FvyrN30+4CHTmeJInGRcILPCCVovO1hiYL5+qvYp3M=
ListenPort = 51821
Address = 10.8.38.3/32
DNS = 10.8.38.254,1.1.1.1
[Peer]
PublicKey = ywl8GMIFJZlElELbvIPHEzs8/T5VaF9+gaq17JaXThE=
PresharedKey = wF6cwKPq7Yu9tifDy1zPYZ4t+GGXsh6QaJiKwhoYPVA=
AllowedIPs = 10.8.0.0/16
Endpoint = 199.168.223.11:13233
PersistentKeepalive = 25

3
wireguard/chums/YvesDugas/001-U-pcyves.Peer.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=192.168.61.1/32 disabled=no name="pcyves" interface=WG01 \
preshared-key="K/C9aXn6DJqjN0nHCygojPjY+B40S6EWKGAQRoo05O4=" public-key="IaUPgaro0xZSL5EFrOSttqScvN6GdwzJtV8YgmRAQzM="

13
wireguard/chums/YvesDugas/001-U-pcyves.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = IGvOgupuIXaVgyLbboX4ASg2syfGuMxZnBb5vPpdu0E=
ListenPort = 51821
Address = 192.168.61.1/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = /cMmECzL5y6qwn7t0b9jybw3rlo+M71eKqfbm0JgshE=
PresharedKey = K/C9aXn6DJqjN0nHCygojPjY+B40S6EWKGAQRoo05O4=
AllowedIPs = 0.0.0.0/0
Endpoint = 65.94.149.174:14233
PersistentKeepalive = 25

BIN
wireguard/chums/YvesDugas/001-U-pcyves.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

7
wireguard/chums/YvesDugas/hAP-AC2.cfg Normal file
View file

@ -0,0 +1,7 @@
[hAP-AC2]
Rtr_Addr_Public=beec0baa227b.sn.mynetname.net
Rrt_Port=14233
Rtr_Interface=WG01
Rtr_Addr_Private=192.168.61.254
Rtr_CIDR_Mask=24
Rtr_PUB_KEY=/cMmECzL5y6qwn7t0b9jybw3rlo+M71eKqfbm0JgshE=

3
wireguard/device Normal file
View file

@ -0,0 +1,3 @@
/ip address add address=172.14.40.004/32 comment=WG-CTG interface=wg-ctg
/interface wireguard peers add allowed-address=172.16.254.004/32 client-keepalive=10 disabled=no comment="2" \
interface=WG-Devices preshared-key="efrLuDEVeDNpj13qlIqbjCiKlPVxE8T+hLt+2gQHF40=" public-key="lRlZ5uUBQsCH4G259f+q2yKAH4rxc2y+KHDlHaksmwo="

8
wireguard/evoq/CCR1016.cfg Normal file
View file

@ -0,0 +1,8 @@
[CCR1016]
RtrInterface=WG-Users
Rtr_Addr_Admin=10.1.8.11
Rtr_Addr_Public=66.171.167.250
Rrt_Port=13233
Rtr_Addr_Private=10.1.40.254
Rtr_CIDR_Mask=24
Rtr_PUB_KEY=EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY=

11
wireguard/evoq/DaveOuellette.conf Normal file
View file

@ -0,0 +1,11 @@
[Interface]
PrivateKey = 6JSOiUqqTtgU0dH7/4dKKHNXcRfEHk5G+ZC16fc8RmI=
Address = 10.1.40.2/32
DNS = 10.1.3.40,10.1.3.41
[Peer]
PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY=
PresharedKey = x1gubMKEhdOXaqMC82KJxy++d8iuKkbodG4UkCeg0Rc=
Endpoint = 66.171.167.250:13233
AllowedIPs = 10.0.0.0/8,192.168.0.0/24

4
wireguard/evoq/DaveOuellette_CCR.rsc Normal file
View file

@ -0,0 +1,4 @@
CCR:
---------------------------------------------------------
/interface wireguard peers add allowed-address=10.1.33.2/32 client-keepalive=10 disabled=no comment="User DaveOuellette" interface=WG-Users preshared-key="x1gubMKEhdOXaqMC82KJxy++d8iuKkbodG4UkCeg0Rc=" public-key="llensH2ENL4I7fSlo/iOZxP/e1SVf5ODSNvDjjLZ5CQ="

13
wireguard/evoq/EVOQ-MTL.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = 2JJoQbCWzka6elz1nCPsfbW9iIo8FM5QPoZO5d3weVY=
ListenPort = 51821
Address = 10.1.40.250/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY=
PresharedKey = sp9C00rnlbjza6Ny6Lcw2b5fBkDULYd1LoLuoRzmFjk=
AllowedIPs = 10.0.0.0/8
Endpoint = 66.171.167.250:13233
PersistentKeepalive = 25

10
wireguard/evoq/EricStein.conf Normal file
View file

@ -0,0 +1,10 @@
[Interface]
PrivateKey = kC7DaHcEfQ7KsJVBaWjG8XE/UL60GNjRsHOC/baNBGU=
Address = 10.1.40.4/32
DNS = 10.1.3.40,10.1.3.41
[Peer]
PublicKey = DrI1g15KlMdLaqNn+PlVbl1kZo6jV9QDlJ1M8gy/m0g=
PresharedKey = owl5S2bH9zeL0J0xjNgZ1Y0mb8lPFEjldwTTkNo0CrY=
Endpoint = 66.171.167.250:13233
AllowedIPs = 10.0.0.0/8,192.168.0.0/24

3
wireguard/evoq/EricStein_CCR.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers add allowed-address=10.1.40.4/32 client-keepalive=10 disabled=no comment="User EricStein" interface=WG-Users \
preshared-key="owl5S2bH9zeL0J0xjNgZ1Y0mb8lPFEjldwTTkNo0CrY=" public-key="DrI1g15KlMdLaqNn+PlVbl1kZo6jV9QDlJ1M8gy/m0g="

12
wireguard/evoq/GuyBoisvert.conf Normal file
View file

@ -0,0 +1,12 @@
[Interface]
ListenPort = 51821
PrivateKey = IM73gYzzN3riY1KaqBAGoIyldE7a7KS6QLoaDKd/G3E=
Address = 10.1.40.3/32
DNS = 10.1.3.40,10.1.3.41
[Peer]
PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY=
PresharedKey = em/aPlSnK78xQMABuaz7GEQ1+7FXFXE+lIoYGbZ9tRs=
Endpoint = 66.171.167.250:13233
AllowedIPs = 10.0.0.0/8,192.168.0.0/24
PersistentKeepalive = 25

4
wireguard/evoq/GuyBoisvert_CCR.rsc Normal file
View file

@ -0,0 +1,4 @@
CCR:
---------------------------------------------------------
/interface wireguard peers add allowed-address=10.1.33.3/32 client-keepalive=10 disabled=no comment="User GuyBoisvert" interface=WG-Users preshared-key="em/aPlSnK78xQMABuaz7GEQ1+7FXFXE+lIoYGbZ9tRs=" public-key="8m7W2+rhGtVKI603JoN7fKvP2Pr5FlvtxYOgVk8AFRg="

13
wireguard/evoq/SteveQuirion.conf Normal file
View file

@ -0,0 +1,13 @@
Client:
---------------------------------------------------------
[Interface]
PrivateKey = OKQeBlkw7aoxtGfTlxVJpbRJqXwEzz38dk2gFShMHmI=
Address = 10.1.40.1/32
DNS = 10.1.3.40,10.1.3.41
[Peer]
PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY=
PresharedKey = Va8qOJXqvb8GaNCLUf3yzoGYX2+wZZkKHe/d4i+/Rhs=
Endpoint = 66.171.167.250:13233
AllowedIPs = 10.0.0.0/8,192.168.0.0/24

4
wireguard/evoq/SteveQuirion_CCR.rsc Normal file
View file

@ -0,0 +1,4 @@
CCR:
---------------------------------------------------------
/interface wireguard peers add allowed-address=10.1.33.1/32 client-keepalive=10 disabled=no comment="User SteveQuirion" interface=WG-Users preshared-key="Va8qOJXqvb8GaNCLUf3yzoGYX2+wZZkKHe/d4i+/Rhs=" public-key="PK9tjXmc7L9GrjHYZNp/ED+HFZdzfHNe+L7ZRfrBQUw="

3
wireguard/evoq/U-250-guy.Peer.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=10.1.40.250/32 disabled=no name="guy" interface=WG-Users \
preshared-key="sp9C00rnlbjza6Ny6Lcw2b5fBkDULYd1LoLuoRzmFjk=" public-key="KxI3ddeMCT8F9LSq0r49e5xnylMbc4ofKZPaz2foOT0="

13
wireguard/evoq/U-250-guy.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = 2JJoQbCWzka6elz1nCPsfbW9iIo8FM5QPoZO5d3weVY=
ListenPort = 51821
Address = 10.1.40.250/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY=
PresharedKey = sp9C00rnlbjza6Ny6Lcw2b5fBkDULYd1LoLuoRzmFjk=
AllowedIPs = 10.0.0.0/8
Endpoint = 66.171.167.250:13233
PersistentKeepalive = 25

BIN
wireguard/evoq/U-250-guy.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

3
wireguard/evoq/U-251-boum01.Peer.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=10.1.40.251/32 disabled=no name="boum01" interface=WG-Users \
preshared-key="42dSePvur9+8yZzgtmm5ZqhbqPDs6HTbNO/6hoZCnSY=" public-key="vN4dr8B8jBXD5s+YunG5OGXEim2MRqEN9b/lDmpMsR0="

13
wireguard/evoq/U-251-boum01.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = sP6aXDHfNKnVZiB4KggyQo0/GQkWY4kiDVbUiG4V2VA=
ListenPort = 51821
Address = 10.1.40.251/32
DNS = 10.1.3.40,10.1.3.41
[Peer]
PublicKey = EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY=
PresharedKey = 42dSePvur9+8yZzgtmm5ZqhbqPDs6HTbNO/6hoZCnSY=
AllowedIPs = 10.0.0.0/8
Endpoint = 66.171.167.250:13233
PersistentKeepalive = 25

BIN
wireguard/evoq/U-251-boum01.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.5 KiB

3
wireguard/exo-c/002-pascal.Endpoint.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=172.16.200.2/32 disabled=no name="pascal" interface=wg1 \
preshared-key="RdbI9KNBQBNBVRyKNnhe7Ujw0A0nKOThDJJOJ7Lgp2Y=" public-key="E0R0TnS3WsDj2CTHa5YtFd3+zGFVZCYYfJzKbTWwqUw="

13
wireguard/exo-c/002-pascal.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = GJTT/i6ww5SSozn9ibs+vmQcWVJeQpiOyWDAobLjkXA=
ListenPort = 51821
Address = 172.16.200.2/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = njwJywr8UndTeemZnxKT62aKxw0JGXggmSqNEHAulUE=
PresharedKey = RdbI9KNBQBNBVRyKNnhe7Ujw0A0nKOThDJJOJ7Lgp2Y=
AllowedIPs = 0.0.0.0/0
Endpoint = d4450da4dffc.sn.mynetname.net:13235
PersistentKeepalive = 25

BIN
wireguard/exo-c/002-pascal.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

3
wireguard/exo-c/003-boig01.Endpoint.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=172.16.200.3/32 disabled=no name=" boig01" interface=wg1 \
preshared-key="SAsf/9Lgw/3g0DXxbJYLnIff9Hb1irm8cRXsrAuCLOc=" public-key="8p3hP25gL2ALfRGStXs0fbk68em/aWobuMYS7w6GPzQ="

13
wireguard/exo-c/003-boig01.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = GHvOQbVIPOw3NIqGS2+FlyMcCKIbVvQRbBTtj0rkqVc=
ListenPort = 51821
Address = 172.16.200.3/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = njwJywr8UndTeemZnxKT62aKxw0JGXggmSqNEHAulUE=
PresharedKey = SAsf/9Lgw/3g0DXxbJYLnIff9Hb1irm8cRXsrAuCLOc=
AllowedIPs = 10.1.0.0/24,10.50.0.0/24,172.16.28.0/24,172.16.29/24,10.96.0.0/12
Endpoint = d4450da4dffc.sn.mynetname.net:13235
PersistentKeepalive = 25

BIN
wireguard/exo-c/003-boig01.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

13
wireguard/exo-c/guy.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = UEX8Fq51QVG6oIPdCy8eWfrJcONrArRqyieK1faBzkE=
ListenPort = 51821
Address = 172.16.28.1/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = 3ZnjnM9d/TL2MoNnEgNRlDztYEhHLNjb8EXai9utzCk=
PresharedKey = azOSAxvB4FqFR0XYvXiVZL3XZn1QD5S1ttQSSc/MiTk=
AllowedIPs = 172.16.24.0/24,172.16.44.0/24
Endpoint = 45.61.15.102:13239
PersistentKeepalive = 25

405
wireguard/genconfig Executable file
View file

@ -0,0 +1,405 @@
#!/bin/bash
Version=241231-1054
debug=0
CORP="ingtegration-rb5009" # default value
ScriptName=$(basename "$0")
ScriptDir=$(dirname "0")
IniFile=${ScriptDir}/${ScriptName}.ini
BaseDir="/home/boig01/temp/wireguard"
((debug)) && echo -e "
ScriptDir = $ScriptDir
IniFile = $IniFile
"
NumUser=0
NameUser=""
NumRouter=0
NameRouter=""
Mode=0
BOLD=$( tput bold)
NORMAL=$( tput sgr0)
RESET=$( tput sgr0)
NC=$( tput sgr0) # No color
BOLD=$( tput bold)
BLACK=$( tput setaf 0)
RED=$( tput setaf 1)
GREEN=$( tput setaf 2)
YELLOW=$( tput setaf 3)
BLUE=$( tput setaf 4)
MAGENTA=$( tput setaf 5)
CYAN=$( tput setaf 6)
WHITE=$( tput setaf 7)
DEFAULT=$( tput setaf 9)
#---ini file parameters
unset PARAMS;
PARAMS=(
Endpoint_Rtr_Addr_Public
Endpoint_Rtr_Addr_Private
Endpoint_Rrt_Port
Endpoint_Rtr_PUB_KEY
Endpoint_Usr_Addr
Endpoint_Usr_Port
Endpoint_Usr_PUB_KEY
)
#========== INTERNAL FUNCTIONS ================================================
#---------- function Info -----------------------------------------------------
#
# With date / time prefix
#
Info()
{
printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*"
}
#---------- function Message --------------------------------------------------
#
# Send to STDOUT
#
function Message()
{
printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*"
}
#---------- ip2int ------------------------------------------------------------
#
function ip2int()
{
local a b c d
{ IFS=. read a b c d; } <<< $1
echo $(((((((a << 8) | b) << 8) | c) << 8) | d))
}
#---------- int2ip ------------------------------------------------------------
#
function int2ip()
{
local ui32=$1; shift
local ip n
for n in 1 2 3 4; do
ip=$((ui32 & 0xff))${ip:+.}$ip
ui32=$((ui32 >> 8))
done
echo $ip
}
#---------- CreateUser --------------------------------------------------------
#
function CreateUser()
{
local debug=0
local ClientName="$1"
local Corp="$2"
#local CLIENT_NUM=$(printf "%03d" $3)
local WgUsrDir="${BaseDir}/${Corp}/users" # BaseDir global variable
#---Create paths if not there
[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}"
CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
#CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}"
CLIENT_FILE_PREFIX="${ClientName}"
CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf"
CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.Endpoint.rsc"
((debug)) && echo -e "
Corp = $Corp
ClientName = $ClientName
CLIENT_FILE_WIN = $CLIENT_FILE_WIN
CLIENT_FILE_RTR = $CLIENT_FILE_RTR
" && exit
echo -e "Client:
${GREEN}---------------------------------------------------------${NC}"
echo -e "[Interface]
PrivateKey = ${CLIENT_PRIV_KEY}
ListenPort = 51821
Address = 10.8.38.${ClientNum}/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = ${Endpoint_Usr_PUB_KEY}
PresharedKey = ${CLIENT_PRE_SHARED_KEY}
AllowedIPs = 10.8.0.0/16
Endpoint = ${Endpoint_Usr_Addr}:${Endpoint_Usr_Port}
PersistentKeepalive = 25
" | tee "${CLIENT_FILE_WIN}"
echo -e "\${CORP} Router:
${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard peers
add allowed-address=10.8.38.${ClientNum}/32 disabled=no comment=\"User ${ClientName}\" interface=wg1 \\
preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}"
Message "QR Code:"
qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}"
qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}"
}
#---------- CreateRouter ------------------------------------------------------
#
function CreateRouter()
{
local debug=1
local RouterNum="$1"
local RouterSubnet="$2"
local Corp="$3"
local BaseDir="${BaseDir}/${Corp}" # BaseDir global variable
local WgRtrDir="${BaseDir}/routers"
#---Create paths if not there
[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}"
RTR_PRIV_KEY=$(wg genkey)
Endpoint_Rtr_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey)
RTR_PRE_SHARED_KEY=$(wg genpsk)
RTR_NUM=$(printf "%03d" $1)
RTR_FILE_PREFIX="${RTR_NUM}-Router"
RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}_Client.rsc"
RTR_FILE_RTR_ENDPOINT="${WgRtrDir}/${RTR_FILE_PREFIX}_Endpoint.rsc"
((debug)) && echo -e "
Corp = $Corp
RTR_NUM = $RTR_NUM
CLIENT_FILE_RTR = $RTR_FILE_RTR
BaseDir = $BaseDir
PreShared Key = $RTR_PRE_SHARED_KEY
" && exit
[ -d "${BaseDir}" ] && Message "Creating dir ${BaseDir}" && mkdir -p "${BaseDir}"
Message "Generated output files:"
echo -e "${GREEN}---------------------------------------------------------${NC}
${RTR_FILE_RTR}
${RTR_FILE_RTR_ENDPOINT}
"
Message "Client Router Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard
add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\"
/ip address add address=172.18.1.${RouterNum}/32 comment=wg-wg01 interface=wg01
/interface wireguard peers add allowed-address=172.16.18.254 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\
endpoint-address=${Endpoint_Rtr_Addr_Public} endpoint-port=${Endpoint_Rrt_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\"
/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\
\"/ping interval=10 10.1.8.11 count=61\"
/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \
| tee "${RTR_FILE_RTR}"
#echo -e "\n"
Message "${EndpointID} endpoint Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum} ${NameRouter}\" \\
interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\"
/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \
| tee "${RTR_FILE_RTR_ENDPOINT}"
}
#---------- function RrtSubnet ------------------------------------------------
#
RtrSubnet()
{
local RtrNum=$1
BaseNum=$(ip2int $Start_Subnet) # Subnet de depart en format integer
Nth=$((RtrNum-1)) # Le router #1 est "0" dans la séquence de subnet, #2 est 1, etc
Nth=$((Nth*NAPS)) # Decimal a aditionner en fonction pour le Nth router
Subnet=$((BaseNum+Nth)) # Nth subnet calculé
# Subnet="${Subnet}/$(Bits_Subnet=3})"
echo -e "$(int2ip $Subnet)/${Subnet_Bits}"
}
#---------- function Interactive ----------------------------------------------
#
function Interactive()
{
echo -e "\nInteractive function"
}
#---------- function Help -----------------------------------------------------
#
function Help()
{
echo -e "
MikroTik WireGuard configurator
usage:
${ScriptName} [Options]
-c Corp name
-i Interactive (will ask for all needed infos)
-l List endpoints in config
-n User mode: # ot the new user (Unique user number between 1 and 253)
-u User name (example: AdrianSmith, don't use space or accentuated chars)
-r Router mode: # of the new client router (EVOQ router #, like 1 or 11)
-s Router Name (example: Montreal-1 , will appear as comment in endpoint router )
When in user mode, you must provide name & unique user number between 2 and 253.
This user number will be assigned an ip address 10.1.40.[user #].
" && exit
}
#================ MAIN ========================================================
#
((!$#)) && Help && exit # If no command parameters passed, help and bail out
echo -e "\n${GREEN}${ScriptName} ${BLUE}configurator version ${YELLOW}$Version${NC}"
while getopts c:dhiln:r:s:u: option
do
case "${option}" in
c) CORP=${OPTARG}
;;
d) debug=1
;;
h) Help
exit
;;
i) Interactive
exit
;;
l) Message "Listing endpoints in ${IniFile}"
grep '\[' ${IniFile}
exit
;;
n) NumUser=${OPTARG}
Mode="User"
;;
r) NumRouter=${OPTARG}
Mode="Router"
;;
s) NameRouter="${OPTARG}"
;;
u) NameUser="${OPTARG}"
;;
*) echo -e "Usage (bad argument: $OPTARG) \n"
exit 1;;
esac
done
((debug)) && echo -e "
NumRouter = ${NumRouter}
NumUser = ${NumUser}
RtrSubnet = $(RtrSubnet ${NumRouter})
"
if [[ "${NumRouter}" -ne "0" && "${NumUser}" -ne "0" ]]
then
echo "** Error, can't use user and router # simulteaneously"
exit 1
fi
#---Endpoint Router Config
EndpointID=RB5009
for PARAM in "${PARAMS[@]}"
do
eval ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ${IniFile})
done
#Endpoint_Rtr_Addr_Public=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rtr_Addr_Public[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini)
#Endpoint_Rtr_Addr_Private=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rtr_Addr_Private[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini)
#Endpoint_Rrt_Port=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rrt_Port[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini)
#Endpoint_Rtr_PUB_KEY=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Rtr_PUB_KEY[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini)
#Endpoint_Usr_Addr=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Usr_Addr[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini)
#Endpoint_Usr_Port=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Usr_Port[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini)
#Endpoint_Usr_PUB_KEY=$(sed -nr "/^\[${CORP}\]/ { :l /^Endpoint_Usr_PUB_KEY[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ./genconfig.ini)
echo -e "
CORP = $CORP
Endpoint_Rtr_Addr_Public = $Endpoint_Rtr_Addr_Public
Endpoint_Rtr_Addr_Private = $Endpoint_Rtr_Addr_Private
Endpoint_Rrt_Port = $Endpoint_Rrt_Port
Endpoint_Rtr_PUB_KEY = $Endpoint_Rtr_PUB_KEY
Endpoint_Usr_Addr = $Endpoint_Usr_Addr
Endpoint_Usr_Port = $Endpoint_Usr_Port
Endpoint_Usr_PUB_KEY = $Endpoint_Usr_PUB_KEY
"
((debug)) && printf "Parameters : %s\n" "${PARAMS[@]}"
#exit
#---Client Router Subnets
Start_Subnet=10.1.41.0
Bits_Subnet=8
Subnet_Bits=$((32-Bits_Subnet)) # Router address subnet bits
NAPS=$((2**Bits_Subnet)) # Nombre d'Adresses Par Subnet
case "$Mode" in
User) Message "Creating User"
CreateUser ${NameUser} ${CORP}
exit
;;
Router) Message "Creating Router with $(RtrSubnet ${NumRouter})"
CreateRouter $NumRouter $(RtrSubnet ${NumRouter}) ${CORP}
exit
;;
*) echo -e "\n** ERROR : User # was not provided"
Help
;;
esac

117
wireguard/genconfig-exoc Executable file
View file

@ -0,0 +1,117 @@
#!/bin/bash
#
# (c) IngTegration inc 2023
# GPL licensed
#
debug=0
ClientName="$1"
ClientNum="$2"
Corp="$3"
Endpoint_Usr_PUB_KEY="CHANGE_ME" # put router WG public key here
RtrSubnetPrefix="10.0.254" # WG subnet prefix
DnsSrv="1.1.1.1 8.8.8.8"
AllowedIps="0.0.0.0/0" # Allowed IP for clients
RtrInterf="wg01" # Router WG Interface
Endpoint_Usr_Port=51844
#local CLIENT_NUM=$(printf "%03d" $3)
#local WgUsrDir="${BaseDir}/${Corp}/users" # BaseDir global variable
WgUsrDir="."
Endpoint_Usr_Addr="${RtrSubnetPrefix}.${ClientNum}"
BOLD=$( tput bold)
NORMAL=$( tput sgr0)
RESET=$( tput sgr0)
NC=$( tput sgr0) # No color
BOLD=$( tput bold)
BLACK=$( tput setaf 0)
RED=$( tput setaf 1)
GREEN=$( tput setaf 2)
YELLOW=$( tput setaf 3)
BLUE=$( tput setaf 4)
MAGENTA=$( tput setaf 5)
CYAN=$( tput setaf 6)
WHITE=$( tput setaf 7)
DEFAULT=$( tput setaf 9)
#===========Internal Functions=================================================
#
#-------------Help-------------------------------------------------------------
#
function Help()
{
cat << EOF
usage: $(basename "$0") [ClientName] [ClientNum] [Corp]
ClientName : Name of the roadwarrior client (Ex. marlene)
ClientNum : Roadwarrior sequence number, will translate into ip last octet
1 --> SubnetPrefix.1 (Ex: 172.16.20.1)
Corp : Name of RoadWarrior Company (Ex: ExoC)
EOF
exit
}
#---------------Message--------------------------------------------------------
#
function Message()
{
printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*"
}
((!$#)) && Help # Call help if no argument supplied
ClientPadNum=$(printf "%03d" $ClientNum)
CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
#CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}"
CLIENT_FILE_PREFIX="${ClientPadNum}-${Corp}-${ClientName}"
CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf"
CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.Endpoint.rsc"
((debug)) && echo -e "
Corp = $Corp
ClientName = $ClientName
CLIENT_FILE_WIN = $CLIENT_FILE_WIN
CLIENT_FILE_RTR = $CLIENT_FILE_RTR
" && exit
echo -e "Client:
${GREEN}---------------------------------------------------------${NC}"
echo -e "[Interface]
PrivateKey = ${CLIENT_PRIV_KEY}
ListenPort = ${Endpoint_Usr_Port}
Address = ${RtrSubnetPrefix}.${ClientNum}/32
DNS = ${DnsSrv}
[Peer]
PublicKey = ${Endpoint_Usr_PUB_KEY}
PresharedKey = ${CLIENT_PRE_SHARED_KEY}
AllowedIPs = ${AllowedIps}
Endpoint = ${Endpoint_Usr_Addr}:${Endpoint_Usr_Port}
PersistentKeepalive = 25
" | tee "${CLIENT_FILE_WIN}"
echo -e "\n${Corp} Router:
${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard peers
add allowed-address=${RtrSubnetPrefix}.${ClientNum}/32 disabled=no comment=\"User ${ClientName}\" interface=${RtrInterf} \\
preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\"" | tee "${CLIENT_FILE_RTR}"
Message "QR Code:"
qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}"
qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}"

BIN
wireguard/genconfig-exoc.zip Normal file
View file

Binary file not shown.

296
wireguard/genconfig.2024-09-10_211730 Executable file
View file

@ -0,0 +1,296 @@
#!/bin/bash
Version=240226-1434
debug=0
CORP=IngTegration
RouterID=RB5009
Rtr_CCR1_Addr="199.168.223.11"
Rtr_CCR1_Port="13232"
Usr_CCR1_Addr="199.168.223.11"
Usr_CCR1_Port="13233"
ScriptName=$(basename "$0")
BaseDir="/home/boig01/temp/wireguard/ingt"
WgRtrDir="${BaseDir}/routers"
WgUsrDir="${BaseDir}/users"
RTR_CCR1_PUB_KEY="tZRvoRBOEBEz6sNZQmw1M2NE2OH78vkHib1iQgbxDDE="
USR_CCR1_PUB_KEY="tZRvoRBOEBEz6sNZQmw1M2NE2OH78vkHib1iQgbxDDE="
NumUser=0
NumRouter=0
NameUser=0
Mode=0
YELLOW='\033[0;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Create paths if not there
[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}"
[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}"
#---Client Router Subnets
Start_Subnet=172.18.1.0
Bits_Subnet=8
Subnet_Bits=$((32-Bits_Subnet)) # Router address subnet bits
NAPS=$((2**Bits_Subnet)) # Nombre d'Adresses Par Subnet
#=================== function Help ============================================
#
function Help()
{
echo -e "
WireGuard-MikroTik ${BLUE}${CORP}${NC} configurator
usage:
${ScriptName} [Options]
-n User # (Unique user number between 1 and 253)
-u User name (AdrianSmith)
-r Router # (EVOQ router #, like 1 or 11)
When in user mode, you must provide name & unique user number between 2 and 253.
This user number will be assigned an ip address 10.1.40.[user #].
" && exit
}
#=================== function Info =============================================
#
# Avec date / time prefix
#
Info() { printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" >&2; } # send to stderr
#=================== function Message ==========================================
#
# Send to STDOUT
#
Message() {
printf "\n${GREEN}[i] ${BLUE}%s${NC}" "$*"
}
#=================== function ip2int ===========================================
#
ip2int()
{
local a b c d
{ IFS=. read a b c d; } <<< $1
echo $(((((((a << 8) | b) << 8) | c) << 8) | d))
}
#=================== function int2ip ===========================================
#
int2ip()
{
local ui32=$1; shift
local ip n
for n in 1 2 3 4; do
ip=$((ui32 & 0xff))${ip:+.}$ip
ui32=$((ui32 >> 8))
done
echo $ip
}
#======================== CreateUser ==========================================
#
function CreateUser()
{
ClientName=$1
ClientNum=$2
CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
CLIENT_NUM=$(printf "%03d" $2)
CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}"
CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf"
CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.CCR1.rsc"
((debug)) && echo -e "
ClientName = $1
CLIENT_NUM = $CLIENT_NUM
CLIENT_FILE_WIN = $CLIENT_FILE_WIN
CLIENT_FILE_RTR = $CLIENT_FILE_RTR
" && exit
echo -e "Client:
${GREEN}---------------------------------------------------------${NC}"
echo -e "[Interface]
PrivateKey = ${CLIENT_PRIV_KEY}
ListenPort = 51821
Address = 10.8.38.${ClientNum}/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = ${USR_CCR1_PUB_KEY}
PresharedKey = ${CLIENT_PRE_SHARED_KEY}
AllowedIPs = 10.8.0.0/16
Endpoint = ${Usr_CCR1_Addr}:${Usr_CCR1_Port}
PersistentKeepalive = 25
" | tee "${CLIENT_FILE_WIN}"
echo -e "\nAtom Router:
${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard peers
add allowed-address=10.8.38.${ClientNum}/32 disabled=no comment=\"User ${ClientName}\" interface=wg1 \\
preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}"
}
#======================== CreateRouter ========================================
#
function CreateRouter()
{
RouterNum="$1"
RouterSubnet="$2"
RTR_PRIV_KEY=$(wg genkey)
RTR_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey)
RTR_PRE_SHARED_KEY=$(wg genpsk)
RTR_NUM=$(printf "%03d" $1)
RTR_FILE_PREFIX="${RTR_NUM}-Router"
RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}.rsc"
RTR_FILE_RTR_CCR1="${WgRtrDir}/${RTR_FILE_PREFIX}.CCR1.rsc"
((debug)) && echo -e "
ClientName = $1
CLIENT_NUM = $RTR_NUM
CLIENT_FILE_RTR = $RTR_FILE_RTR
" && exit
Message "Generated output files:"
echo -e "${GREEN}---------------------------------------------------------${NC}
${RTR_FILE_RTR}
${RTR_FILE_RTR_CCR1}
"
Message "Router Client Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard
add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\"
/ip address add address=10.1.41.${RouterNum}/32 comment=wg-wg01 interface=wg01
/ip route add dst-address=10.0.0.0/8 gateway=wg01
/ip route add dst-address=192.168.0.0/16 gateway=wg01
/interface wireguard peers add allowed-address=10.0.0.0/8,192.168.0.0/16 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\
endpoint-address=${Rtr_CCR1_Addr} endpoint-port=${Rtr_CCR1_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_CCR1_PUB_KEY}\"
/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\
\"/ping interval=10 10.1.8.11 count=61\"
/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \
| tee "${RTR_FILE_RTR}"
#echo -e "\n"
Message "${RouterID} Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum}\" \\
interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_PUB_KEY}\"
/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \
| tee "${RTR_FILE_RTR_CCR1}"
}
#=================== function RrtSubnet ========================================
#
RtrSubnet()
{
local RtrNum=$1
BaseNum=$(ip2int $Start_Subnet) # Subnet de depart en format integer
Nth=$((RtrNum-1)) # Le router #1 est "0" dans la séquence de subnet, #2 est 1, etc
Nth=$((Nth*NAPS)) # Decimal a aditionner en fonction pour le Nth router
Subnet=$((BaseNum+Nth)) # Nth subnet calculé
# Subnet="${Subnet}/$(Bits_Subnet=3})"
echo -e "$(int2ip $Subnet)/${Subnet_Bits}"
}
#================ MAIN ========================================================
#
((!$#)) && Help && exit # If no command parameters passed, help and bail out
echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator version $Version\n"
while getopts dhn:r:u: option
do
case "${option}" in
d) debug=1
;;
h) Help
exit ;;
n) NumUser=${OPTARG}
Mode="User"
;;
r) NumRouter=${OPTARG}
Mode="Router"
;;
u) NameUser=${OPTARG}
;;
*) echo -e "Usage (bad argument: $OPTARG) \n"
exit 1;;
esac
done
((debug)) && echo -e "
NumRouter = ${NumRouter}
NumUser = ${NumUser}
RtrSubnet = $(RtrSubnet ${NumRouter})
" && exit
if [[ "${NumRouter}" -ne "0" && "${NumUser}" -ne "0" ]]
then
echo "** Error, can't use user and router # simulteaneously"
exit 1
fi
case "$Mode" in
User) Message "Creating User"
CreateUser $NameUser $NumUser
exit
;;
Router) Message "Creating Router with $(RtrSubnet ${NumRouter})"
CreateRouter $NumRouter $(RtrSubnet ${NumRouter})
exit
;;
*) echo -e "\n** ERROR : User # was not provided"
Help
;;
esac

66
wireguard/genconfig.ini Normal file
View file

@ -0,0 +1,66 @@
[ingtegration-rb5009]
Addr_Public="seve.ingtegration.com"
01_InterfaceName="WG-Devices"
01_PUBKEY="MmTMFo+Fs3N9jrcVeGKkmMi2NoZctvSB7813LCN12nY="
01_Addr="172.16.254.2"
01_Subnet="172.16.254.0/24"
01_Port="14321"
02_InterfaceName="WG-Users"
02_PUBKEY="iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw="
01_Subnet="172.16.40.0/24"
02_Addr="172.16.40.254"
02_Port="14322"
[evoq-mtl]
Addr_Public="66.171.167.250"
01_InterfaceName="WG-Routers"
01_PUBKEY="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw="
01_Subnet="10.1.41.0/24"
01_Addr="10.1.41.254"
01_Port="13232"
02_InterfaceName="WG-Users"
02_PUBKEY="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw="
02_Subnet="10.1.42.0/24"
02_Addr="10.1.42.254"
02_Port="13233"
[koze-maison]
Addr_Public="b4a30b139a75.sn.mynetname.net"
01_Subnet="10.1.41.0/24"
01_Addr="172.16.41.254"
01_Port="13232"
01_PUBKEY="8e1iXWniMo+3OU1FsNPAgrG0av9d/Ijf9ybj75z9GWE="
01_InterfaceName="WG-Users"
[rrf-rb5009]
Addr_Public="142.217.209.155"
01_Subnet="172.16.41.0/24"
01_Addr_Private="172.16.41.254"
01_Port="14231"
01_PUBKEY="FYmwzlP4m2IkS4VpDSwhN6NHHJBrEBbIqf9+GS7VWxo="
01_InterfaceName="WG-Users"
[cccp-hexs]
Addr_Public="199.168.223.11"
01_Subnet="10.8.37.0/24"
01_Addr="10.8.37.254"
01_Port="13233"
01_PUBKEY="nAwCkIHkPlgJwpU+t84mBSOUsylfDj+nudD3neZoaiU="
01_InterfaceName="WG-Users"
[cccp-rb2011]
Addr_Public="199.168.223.10"
01_InterfaceName="WG-Users"
01_Subnet="10.8.37.0/25"
01_Addr="10.8.35.126"
01_Port="13232"
01_PUBKEY="nAwCkIHkPlgJwpU+t84mBSOUsylfDj+nudD3neZoaiU="
02_InterfaceName="WG-Routers"
02_Subnet="10.8.37.129/25"
02_Addr="10.8.34.254"
02_Port="13233"
02_PUBKEY="kIV/vXbuNWWc//zU27+g3QcrOIYuVh8/Bo/g8O2iwUQ="

146
wireguard/genconfig_router Executable file
View file

@ -0,0 +1,146 @@
#!/bin/bash
#
debug=0
ScriptName=$(basename "$0")
RouterName="RB5009-CTG"
RouterAddrPublic="heh08h84mnt.sn.mynetname.net"
RouterPort="14322"
RouterAddrPrivate="172.16.254.2"
RouterInterface="WG-Devices"
BOLD=$( tput bold)
NORMAL=$( tput sgr0)
RESET=$( tput sgr0)
NC=$( tput sgr0) # No color
BOLD=$( tput bold)
BLACK=$( tput setaf 0)
RED=$( tput setaf 1)
GREEN=$( tput setaf 2)
YELLOW=$( tput setaf 3)
BLUE=$( tput setaf 4)
MAGENTA=$( tput setaf 5)
CYAN=$( tput setaf 6)
WHITE=$( tput setaf 7)
DEFAULT=$( tput setaf 9)
#---------- function Message --------------------------------------------------
#
# Send to STDOUT
#
function Message()
{
printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*"
}
function CreateRouter()
{
local debug=0
local DeviceNum="$1" # voir plus bas avec printf
local DeviceName="$2"
local DeviceInterface="$3"
DeviceAllowedAddress="172.16.40.2"
DevicePrivKey=$(wg genkey)
DevicePubKey=$(echo "${DevicePrivKey}" | wg pubkey)
DevicePSK=$(wg genpsk)
DeviceNumPad=$(printf "%03d" $1) # 3 digit pad of $1
DeviceFilesPrefix="R-${DeviceNumPad}"
RouterFileCfg="${DeviceFilesPrefix}_RouterCfg.rsc"
DeviceFileCfg="${DeviceFilesPrefix}_DeviceCfg.rsc"
((debug)) && echo -e "
DeviceNum = $DeviceNum
DevicePrivKey = $DevicePrivKey
DevicePubKey = $DevicePubKey
DevicePSK = $DevicePSK
DeviceFileCfg = $DeviceFileCfg
RouterFileCfg = $RouterFileCfg
" | column -t && exit
Message "Generated output files:"
echo -e "${GREEN}---------------------------------------------------------${NC}
${RouterFileCfg}
${DeviceFileCfg}
"
Message "Router Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "S'assurer que sur router: /interface wireguard add listen-port=${RouterPort} mtu=1420 name=${RouterInterface}\n"
echo -e "/interface wireguard peers add allowed-address=172.16.254.${DeviceNum}/32 client-keepalive=10 disabled=no comment=\"${DeviceName}\" \\
interface=WG-Devices preshared-key=\"${DevicePSK}\" public-key=\"${DevicePubKey}\""
#| tee "${RouterFileCfg}"
Message "${DeviceName} device Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard add listen-port=13239 mtu=1420 name=${DeviceInterface} private-key=\"${DevicePrivKey}\"
/interface wireguard peers add allowed-address=${RouterAddrPrivate} client-keepalive=15 disabled=no comment=\"${RouterName}\" \\
interface=${DeviceInterface} preshared-key=\"${DevicePSK}\" public-key=\"${DevicePubKey}\" endpoint-address=${RouterAddrPublic} endpoint-port=${RouterPort}
/ip route add dst-address=0.0.0.0 gateway=${RouterAddrPrivate}"
#| tee "${DeviceFileCfg}"
}
Help() {
cat << EOF
usage: $(basename "$0") [OPTIONS]
-d Device Number
-n Device Name
-i Device Interface
-h This help
EOF
}
((!$#)) && Help
while getopts d:n:i:h option
do
case "${option}" in
d) DeviceNumber=${OPTARG};;
n) DeviceName=${OPTARG};;
i) DeviceInterface=${OPTARG};;
h) Help
exit 0;;
*) echo -e "Usage (bad argument: ${OPTARG}) \n"
exit 1;;
esac
done
((debug)) && echo -e "
DeviceNumber = $DeviceNumber
DeviceName = $DeviceName
DeviceInterface = $DeviceInterface
" | column -t && exit
CreateRouter ${DeviceNumber} ${DeviceName} ${DeviceInterface}

31
wireguard/genconfig_router.txt Normal file
View file

@ -0,0 +1,31 @@
CCR1016 EVOQ
============
/ip address
add address=10.1.41.254/24 interface=WG-Routers network=10.1.41.0
/interface wireguard
add comment=10.1.32.0/24 listen-port=13232 mtu=1420 name=WG-Routers
/interface wireguard peers
add allowed-address=10.1.40.1/32 client-keepalive=10s comment="User squirion" interface=WG-Users preshared-key="+tgz1wqMtrota6gxmMtEix3wiZI85IM8Ty5x7ucgbiA=" public-key="6KhC7Ai2As7ShqKC1tlKQ1eKp8MLdrljBdJBCUIjal8="
WG "Server":
------------
Router WAN Addr : heh08h84mnt.sn.mynetname.net
Router WAN Port : 14322
Router Local Address: 172.16.254.2/24
Device: WG-Devices
Public Key: MmTMFo+Fs3N9jrcVeGKkmMi2NoZctvSB7813LCN12nY=
-d [device num] -n [device name] -i [device interface]
genconfig_router -d 4 -n Fuengirola -i wg-ctg

431
wireguard/genconfig_simple Executable file
View file

@ -0,0 +1,431 @@
#!/bin/bash
Version=250731-1953
debug=0
ScriptMode="" # Script gen mode for client: user or router
BOLD=$( tput bold)
NORMAL=$( tput sgr0)
RESET=$( tput sgr0)
NC=$( tput sgr0) # No color
BOLD=$( tput bold)
BLACK=$( tput setaf 0)
RED=$( tput setaf 1)
GREEN=$( tput setaf 2)
YELLOW=$( tput setaf 3)
BLUE=$( tput setaf 4)
MAGENTA=$( tput setaf 5)
CYAN=$( tput setaf 6)
WHITE=$( tput setaf 7)
DEFAULT=$( tput setaf 9)
#---ini file parameters list
unset PARAMS;
PARAMS=(
RtrInterface
Rtr_Addr_Admin
Rtr_Addr_Public
Rrt_Port
Rtr_Addr_Private
Rtr_CIDR_Mask
Rtr_PUB_KEY
Rtr_DNS
Rtr_Route_Subnet
)
#---A enlever apres testing
export RouterName=""
export RouterInterface=""
export DeviceName=""
export Company=""
export CORP=""
export UserName=""
#========== INTERNAL FUNCTIONS ================================================
#---------- function Info -----------------------------------------------------
#
# With date / time prefix
#
Info()
{
printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*"
}
#---------- function Message --------------------------------------------------
#
# Send to STDOUT
#
function Message()
{
printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*"
}
#---------- ip2int ------------------------------------------------------------
#
function ip2int()
{
local a b c d
{ IFS=. read a b c d; } <<< $1
echo $(((((((a << 8) | b) << 8) | c) << 8) | d))
}
#---------- int2ip ------------------------------------------------------------
#
function int2ip()
{
local ui32=$1; shift
local ip n
for n in 1 2 3 4; do
ip=$((ui32 & 0xff))${ip:+.}$ip
ui32=$((ui32 >> 8))
done
echo $ip
}
#---------- RouterCommand -----------------------------------------------------
#
function RouterConnect()
{
local Command="$"
}
#---------- CreateUser --------------------------------------------------------
#
function CreateUser()
{
local RouterName=$1
local RouterInterface=$2
local UserNumber=$3
local UserName=$4
local debug=0
RouterCfg="${RouterName}.cfg"
#---Read values from config file
for PARAM in "${PARAMS[@]}"
do
eval local ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg)
done
Digits=000
Temp="${Digits}${UserNumber}"
ClientNumPad=$(echo ${Temp:(-${#Digits})})
IFS=. read -r octet1 octet2 octet3 octet4 <<< "$Rtr_Addr_Private"
Subnet="${octet1}.${octet2}.${octet3}"
UserAddress=${Subnet}.${UserNumber}/32
Message "Subnet : $Subnet"
Message "ClientNumPad : $ClientNumPad"
((debug)) && echo -e "
DEBUG - CreateUser
User Number = $1
UserName = $2
UserName = $3
UserAddress = $UserAddress
Rtr_Addr_Public = $Rtr_Addr_Public
Rrt_Port = $Rrt_Port
RouterInterface = $RouterInterface
Rtr_Addr_Private = $Rtr_Addr_Private
Rtr_CIDR_Mask = $Rtr_CIDR_Mask
Rtr_PUB_KEY = $Rtr_PUB_KEY
Subnet = $Subnet
Rtr_DNS = $Rtr_DNS
Rtr_Route_Subnet = $Rtr_Route
" | column -t && exit
CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
ROUTER_PUB_KEY="$RouterPubKey"
CLIENT_FILE_PREFIX="U-${ClientNumPad}-${UserName}"
CLIENT_FILE_WIN="${CLIENT_FILE_PREFIX}.conf"
CLIENT_FILE_RTR="${CLIENT_FILE_PREFIX}.Peer.rsc"
echo -e "\nClient:
${GREEN}---------------------------------------------------------${NC}"
echo -e "[Interface]
PrivateKey = ${CLIENT_PRIV_KEY}
ListenPort = 51821
Address = ${UserAddress}
DNS = ${Rtr_DNS}
[Peer]
PublicKey = ${Rtr_PUB_KEY}
PresharedKey = ${CLIENT_PRE_SHARED_KEY}
AllowedIPs = ${Rtr_Route_Subnet}
Endpoint = ${Rtr_Addr_Public}:${Rrt_Port}
PersistentKeepalive = 25
" | tee "${CLIENT_FILE_WIN}"
echo -e "\nRouter:
${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard peers
add allowed-address=${Subnet}.${UserNumber}/32 disabled=no name=\"${UserName}\" interface=${RouterInterface} \\
preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}"
Message "QR Code:"
qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}"
qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}"
Message "Generated User Files:"
ls -1 ${CLIENT_FILE_PREFIX}*
}
#---------- CreateRouter ------------------------------------------------------
#
function CreateRouter()
{
local debug=1
local RouterNum="$1"
local RouterSubnet="$2"
local Corp="$3"
local BaseDir="${BaseDir}/${Corp}" # BaseDir global variable
local WgRtrDir="${BaseDir}/routers"
#---Create paths if not there
[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}"
RTR_PRIV_KEY=$(wg genkey)
Endpoint_Rtr_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey)
RTR_PRE_SHARED_KEY=$(wg genpsk)
RTR_NUM=$(printf "%03d" $1)
RTR_FILE_PREFIX="${RTR_NUM}-Router"
RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}_Client.rsc"
RTR_FILE_RTR_ENDPOINT="${WgRtrDir}/${RTR_FILE_PREFIX}_Endpoint.rsc"
((debug)) && echo -e "
Corp = $Corp
RTR_NUM = $RTR_NUM
CLIENT_FILE_RTR = $RTR_FILE_RTR
BaseDir = $BaseDir
PreShared Key = $RTR_PRE_SHARED_KEY
" && exit
[ -d "${BaseDir}" ] && Message "Creating dir ${BaseDir}" && mkdir -p "${BaseDir}"
Message "Generated output files:"
echo -e "${GREEN}---------------------------------------------------------${NC}
${RTR_FILE_RTR}
${RTR_FILE_RTR_ENDPOINT}
"
Message "Client Router Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard
add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\"
/ip address add address=172.18.1.${RouterNum}/32 comment=wg-wg01 interface=wg01
/interface wireguard peers add allowed-address=172.16.18.254 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\
endpoint-address=${Endpoint_Rtr_Addr_Public} endpoint-port=${Endpoint_Rrt_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\"
/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\
\"/ping interval=10 10.1.8.11 count=61\"
/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \
| tee "${RTR_FILE_RTR}"
#echo -e "\n"
Message "${EndpointID} endpoint Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum} ${NameRouter}\" \\
interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\"
/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \
| tee "${RTR_FILE_RTR_ENDPOINT}"
}
#---------- GetRouter_Infos ----------------------------------------------------
#
function GetRouter_Infos()
{
local RouterName="$1"
local IniFile="${1}.cfg"
local debug=0
((debug)) && echo -e "\nIniFile = ${IniFile}\n"
#read -p "Entrer l'interface du router: " RouterInterface
echo -e "[${RouterName}]" >> ${IniFile}
for PARAM in "${PARAMS[@]}"
do
echo -e "\nPARAM = $PARAM"
eval 'read -p "Entrer ${PARAM} " Value'
eval 'echo ${PARAM}=${Value} >> ${IniFile}'
done
((debug)) && echo "${FUNCNAME[0]} exit"
}
#---------- Help ---------------------------------------------------------------
#
function Help() {
cat << EOF
usage: $(basename "$0") [OPTIONS]
-a Debug mode
-d Device Name
-h Show this message
-i Interactive
-u User Name
-n User / Device number
EOF
}
#================= MAIN =======================================================
#
((!$#)) && Help && exit
while getopts ad:hi:n:qu: option
do
case "${option}" in
a) debug=1
;;
d) DeviceName="${OPTARG}"
;;
h) Help
exit
;;
i) Interactive
exit
;;
n) UserNumber="${OPTARG}"
;;
u) UserName="${OPTARG}"
;;
*) Message "Usage (bad argument: $OPTARG)"
exit 1
;;
esac
done
#---Init global variables
#for PARAM in "${PARAMS[@]}"
#do
# eval export '${PARAM}=""'
# done
if [[ ! -z ${UserName} ]] # User mode prioritised if both specified
then
ScriptMode=User
Message "User mode"
elif [[ ! -z ${DeviceName} ]]
then
ScriptMode=Device
Message "Device mode"
else
Message "Must use either -u or -d"
exit
fi
CfgNum=$(find . -maxdepth 1 -iname "*.cfg" |wc -l)
Message "Avant demande router infos"
if [[ $CfgNum -eq 1 ]]
then
RouterCfg=$(find . -maxdepth 1 -iname "*.cfg" -printf "%f")
RouterName="${RouterCfg%.*}"
else
read -p "Entrer Nom du Router: " RouterName
((debug)) && echo -e "Router Name = ${RouterName}"
GetRouter_Infos "${RouterName}"
RouterCfg=${RouterName}.cfg
fi
((debug)) && echo -e "
Après GetRouter_Infos
RouterName : $RouterName
RouterInterface : $RouterInterface
"
for PARAM in "${PARAMS[@]}"
do
eval ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg)
done
echo -e "Avant Create User"
((debug)) && echo -e "
RouterName = $RouterName
DeviceName = $DeviceName
UserNumber = $UserNumber
UserName = $UserName
Rtr_Addr_Admin = $Rtr_Addr_Admin
Rtr_Addr_Public = $Rtr_Addr_Public
Rrt_Port = $Rrt_Port
RtrInterface = $RtrInterface
Rtr_Addr_Private = $Rtr_Addr_Private
Rtr_CIDR_Mask = $Rtr_CIDR_Mask
Rtr_PUB_KEY = $Rtr_PUB_KEY
" | column -t && exit
case "${ScriptMode}" in
User) CreateUser ${RouterName} ${RtrInterface} ${UserNumber} ${UserName}
exit
;;
Router) CreateRouter ${RouterName} ${UserNumber} ${DeviceName}
;;
*) Message "Bad mode passed ${ScriptMode}"
exit 1
;;
esac
Message "All done."

306
wireguard/genconfig_simple.2025-05-16_110317 Executable file
View file

@ -0,0 +1,306 @@
#!/bin/bash
debug=0
BOLD=$( tput bold)
NORMAL=$( tput sgr0)
RESET=$( tput sgr0)
NC=$( tput sgr0) # No color
BOLD=$( tput bold)
BLACK=$( tput setaf 0)
RED=$( tput setaf 1)
GREEN=$( tput setaf 2)
YELLOW=$( tput setaf 3)
BLUE=$( tput setaf 4)
MAGENTA=$( tput setaf 5)
CYAN=$( tput setaf 6)
WHITE=$( tput setaf 7)
DEFAULT=$( tput setaf 9)
#---ini file parameters list
unset PARAMS;
PARAMS=(
Rtr_Addr_Public
Rrt_Port
Rtr_Interface
Rtr_Addr_Private
Rtr_CIDR_Mask
Rtr_PUB_KEY
)
export RouterName=""
export Company=""
export CORP=""
#========== INTERNAL FUNCTIONS ================================================
#---------- function Info -----------------------------------------------------
#
# With date / time prefix
#
Info()
{
printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*"
}
#---------- function Message --------------------------------------------------
#
# Send to STDOUT
#
function Message()
{
printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*"
}
#---------- ip2int ------------------------------------------------------------
#
function ip2int()
{
local a b c d
{ IFS=. read a b c d; } <<< $1
echo $(((((((a << 8) | b) << 8) | c) << 8) | d))
}
#---------- int2ip ------------------------------------------------------------
#
function int2ip()
{
local ui32=$1; shift
local ip n
for n in 1 2 3 4; do
ip=$((ui32 & 0xff))${ip:+.}$ip
ui32=$((ui32 >> 8))
done
echo $ip
}
#---------- CreateUser --------------------------------------------------------
#
function CreateUser()
{
local CORP=$1
local RouterCfg=$2
local UserNumber=$3
local NameUser=$4
local debug=1
#---Read values from config file
for PARAM in "${PARAMS[@]}"
do
eval local ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg)
done
Digits=000
Temp="${Digits}${UserNumber}"
ClientNumPad=$(echo ${Temp:(-${#Digits})})
IFS=. read -r octet1 octet2 octet3 octet4 <<< "$Rtr_Addr_Private"
Subnet="${octet1}.${octet2}.${octet3}"
Message "Subnet : $Subnet"
Message "ClientNumPad : $ClientNumPad"
((debug)) && echo -e "
DEBUG - CreateUser
UserNumber = $1
NameUser = $2
Company = $3
Rtr_Addr_Public = $Rtr_Addr_Public
Rrt_Port = $Rrt_Port
Rtr_Interface = $Rtr_Interface
Rtr_Addr_Private = $Rtr_Addr_Private
Rtr_CIDR_Mask = $Rtr_CIDR_Mask
Rtr_PUB_KEY = $Rtr_PUB_KEY
Subnet = $Subnet
" && exit
CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
ROUTER_PUB_KEY="$RouterPubKey"
CLIENT_FILE_PREFIX="${ClientNumPad}-${NameUser}"
CLIENT_FILE_WIN="${CLIENT_FILE_PREFIX}.conf"
CLIENT_FILE_RTR="${CLIENT_FILE_PREFIX}.Peer.rsc"
echo -e "\nClient:
${GREEN}---------------------------------------------------------${NC}"
echo -e "[Interface]
PrivateKey = ${CLIENT_PRIV_KEY}
ListenPort = 51821
Address = ${Subnet}.${UserNumber}/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = ${ROUTER_PUB_KEY}
PresharedKey = ${CLIENT_PRE_SHARED_KEY}
AllowedIPs = 0.0.0.0/0
Endpoint = ${RouterAddressPub}:${RouterPort}
PersistentKeepalive = 25
" | tee "${CLIENT_FILE_WIN}"
echo -e "\nRouter:
${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard peers
add allowed-address=${Subnet}.${UserNumber}/32 disabled=no name=\"${NameUser}\" interface=${Rtr_Interface} \\
preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}"
Message "QR Code:"
qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}"
qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}"
ls -1 ${ClientNumPad}*
}
function GetRouter_Infos()
{
local RouterName="$1"
local IniFile="${1}.cfg"
local debug=0
((debug)) && echo -e "\nIniFile = ${IniFile}\n"
read -p "Entrer CORP: " CORP
echo -e "[${CORP}]" | tee ${IniFile}
for PARAM in "${PARAMS[@]}"
do
#eval ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" ${IniFile})
echo -e "\nPARAM = $PARAM"
eval 'read -p "Entrer ${PARAM} " Variable'
eval 'echo ${PARAM}=${Variable} | tee -a ${IniFile}'
done
((debug)) && echo "GetRouter_Infos exit"
}
Help() {
cat << EOF
usage: $(basename "$0") [OPTIONS]
-c Company name
-h Show this message
-i Interactive
-u User Name
-n User number
EOF
}
((!$#)) && Help && exit
while getopts c:dhin:r:u: option
do
case "${option}" in
c) CORP=${OPTARG}
;;
d) debug=1
;;
h) Help
exit
;;
i) Interactive
exit
;;
n) UserNumber="${OPTARG}"
;;
r) RouterName="${OPTARG}" # à enlever
;;
u) NameUser="${OPTARG}"
;;
*) echo -e "Usage (bad argument: $OPTARG) \n"
exit 1;;
esac
done
#---Init global variables
#for PARAM in "${PARAMS[@]}"
#do
# eval export '${PARAM}=""'
# done
CfgNum=$(find . -maxdepth 1 -iname "*.cfg" |wc -l)
#Message "Found $CfgNum config files"
if [[ $CfgNum -eq 1 ]]
then
RouterCfg=$(find . -maxdepth 1 -iname "*.cfg" -printf "%f")
else
read -p "Entrer Nom du Router: " RouterName
((debug)) && echo -e "Router Name = ${RouterName}"
GetRouter_Infos "${RouterName}"
RouterCfg=${RouterName}.cfg
fi
((debug)) &&echo -e "
RouterCfg : $RouterCfg
CORP : $CORP
"
#((debug)) && echo -e "Avant PARAM"
for PARAM in "${PARAMS[@]}"
do
eval ${PARAM}=$(sed -nr "/^\[${CORP}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg)
done
echo -e "
Avant Create User
UserNumber = $UserNumber
NameUser = $NameUser
CORP = $CORP
Rtr_Addr_Public = $Rtr_Addr_Public
Rrt_Port = $Rrt_Port
Rtr_Interface = $Rtr_Interface
Rtr_Addr_Private = $Rtr_Addr_Private
Rtr_CIDR_Mask = $Rtr_CIDR_Mask
Rtr_PUB_KEY = $Rtr_PUB_KEY
"
exit
CreateUser ${CORP} ${RouterCfg} ${UserNumber} ${NameUser}
#${Rtr_Addr_Public} ${Rrt_Port} ${Rtr_Interface} ${Rtr_Addr_Private} ${Rtr_CIDR_Mask} "${Rtr_PUB_KEY}"
exit
CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
echo -e "
CLIENT_PRIV_KEY $CLIENT_PRIV_KEY
CLIENT_PUB_KEY $CLIENT_PUB_KEY
CLIENT_PRE_SHARED_KEY $CLIENT_PRE_SHARED_KEY
"

430
wireguard/genconfig_simple.2025-07-31_221920 Executable file
View file

@ -0,0 +1,430 @@
#!/bin/bash
Version=250731-1953
debug=0
ScriptMode="" # Script gen mode for client: user or router
BOLD=$( tput bold)
NORMAL=$( tput sgr0)
RESET=$( tput sgr0)
NC=$( tput sgr0) # No color
BOLD=$( tput bold)
BLACK=$( tput setaf 0)
RED=$( tput setaf 1)
GREEN=$( tput setaf 2)
YELLOW=$( tput setaf 3)
BLUE=$( tput setaf 4)
MAGENTA=$( tput setaf 5)
CYAN=$( tput setaf 6)
WHITE=$( tput setaf 7)
DEFAULT=$( tput setaf 9)
#---ini file parameters list
unset PARAMS;
PARAMS=(
RtrInterface
Rtr_Addr_Admin
Rtr_Addr_Public
Rrt_Port
Rtr_Addr_Private
Rtr_CIDR_Mask
Rtr_PUB_KEY
Rtr_DNS
Rtr_Route
)
export RouterName=""
export RouterInterface=""
export DeviceName=""
export Company=""
export CORP=""
export UserName=""
#========== INTERNAL FUNCTIONS ================================================
#---------- function Info -----------------------------------------------------
#
# With date / time prefix
#
Info()
{
printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*"
}
#---------- function Message --------------------------------------------------
#
# Send to STDOUT
#
function Message()
{
printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*"
}
#---------- ip2int ------------------------------------------------------------
#
function ip2int()
{
local a b c d
{ IFS=. read a b c d; } <<< $1
echo $(((((((a << 8) | b) << 8) | c) << 8) | d))
}
#---------- int2ip ------------------------------------------------------------
#
function int2ip()
{
local ui32=$1; shift
local ip n
for n in 1 2 3 4; do
ip=$((ui32 & 0xff))${ip:+.}$ip
ui32=$((ui32 >> 8))
done
echo $ip
}
#---------- RouterCommand -----------------------------------------------------
#
function RouterConnect()
{
local Command="$"
}
#---------- CreateUser --------------------------------------------------------
#
function CreateUser()
{
local RouterName=$1
local RouterInterface=$2
local UserNumber=$3
local UserName=$4
local debug=0
RouterCfg="${RouterName}.cfg"
#---Read values from config file
for PARAM in "${PARAMS[@]}"
do
eval local ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg)
done
Digits=000
Temp="${Digits}${UserNumber}"
ClientNumPad=$(echo ${Temp:(-${#Digits})})
IFS=. read -r octet1 octet2 octet3 octet4 <<< "$Rtr_Addr_Private"
Subnet="${octet1}.${octet2}.${octet3}"
UserAddress=${Subnet}.${UserNumber}/32
Message "Subnet : $Subnet"
Message "ClientNumPad : $ClientNumPad"
((debug)) && echo -e "
DEBUG - CreateUser
User Number = $1
UserName = $2
UserName = $3
UserAddress = $UserAddress
Rtr_Addr_Public = $Rtr_Addr_Public
Rrt_Port = $Rrt_Port
RouterInterface = $RouterInterface
Rtr_Addr_Private = $Rtr_Addr_Private
Rtr_CIDR_Mask = $Rtr_CIDR_Mask
Rtr_PUB_KEY = $Rtr_PUB_KEY
Subnet = $Subnet
" | column -t && exit
CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
ROUTER_PUB_KEY="$RouterPubKey"
CLIENT_FILE_PREFIX="U-${ClientNumPad}-${UserName}"
CLIENT_FILE_WIN="${CLIENT_FILE_PREFIX}.conf"
CLIENT_FILE_RTR="${CLIENT_FILE_PREFIX}.Peer.rsc"
echo -e "\nClient:
${GREEN}---------------------------------------------------------${NC}"
echo -e "[Interface]
PrivateKey = ${CLIENT_PRIV_KEY}
ListenPort = 51821
Address = ${UserAddress}
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = ${Rtr_PUB_KEY}
PresharedKey = ${CLIENT_PRE_SHARED_KEY}
AllowedIPs = 0.0.0.0/0
Endpoint = ${Rtr_Addr_Public}:${Rrt_Port}
PersistentKeepalive = 25
" | tee "${CLIENT_FILE_WIN}"
echo -e "\nRouter:
${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard peers
add allowed-address=${Subnet}.${UserNumber}/32 disabled=no name=\"${UserName}\" interface=${RouterInterface} \\
preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}"
Message "QR Code:"
qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}"
qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}"
Message "Generated User Files:"
ls -1 ${CLIENT_FILE_PREFIX}*
}
#---------- CreateRouter ------------------------------------------------------
#
function CreateRouter()
{
local debug=1
local RouterNum="$1"
local RouterSubnet="$2"
local Corp="$3"
local BaseDir="${BaseDir}/${Corp}" # BaseDir global variable
local WgRtrDir="${BaseDir}/routers"
#---Create paths if not there
[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}"
RTR_PRIV_KEY=$(wg genkey)
Endpoint_Rtr_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey)
RTR_PRE_SHARED_KEY=$(wg genpsk)
RTR_NUM=$(printf "%03d" $1)
RTR_FILE_PREFIX="${RTR_NUM}-Router"
RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}_Client.rsc"
RTR_FILE_RTR_ENDPOINT="${WgRtrDir}/${RTR_FILE_PREFIX}_Endpoint.rsc"
((debug)) && echo -e "
Corp = $Corp
RTR_NUM = $RTR_NUM
CLIENT_FILE_RTR = $RTR_FILE_RTR
BaseDir = $BaseDir
PreShared Key = $RTR_PRE_SHARED_KEY
" && exit
[ -d "${BaseDir}" ] && Message "Creating dir ${BaseDir}" && mkdir -p "${BaseDir}"
Message "Generated output files:"
echo -e "${GREEN}---------------------------------------------------------${NC}
${RTR_FILE_RTR}
${RTR_FILE_RTR_ENDPOINT}
"
Message "Client Router Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard
add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\"
/ip address add address=172.18.1.${RouterNum}/32 comment=wg-wg01 interface=wg01
/interface wireguard peers add allowed-address=172.16.18.254 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\
endpoint-address=${Endpoint_Rtr_Addr_Public} endpoint-port=${Endpoint_Rrt_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\"
/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\
\"/ping interval=10 10.1.8.11 count=61\"
/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \
| tee "${RTR_FILE_RTR}"
#echo -e "\n"
Message "${EndpointID} endpoint Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum} ${NameRouter}\" \\
interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\"
/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \
| tee "${RTR_FILE_RTR_ENDPOINT}"
}
#---------- GetRouter_Infos ----------------------------------------------------
#
function GetRouter_Infos()
{
local RouterName="$1"
local IniFile="${1}.cfg"
local debug=0
((debug)) && echo -e "\nIniFile = ${IniFile}\n"
#read -p "Entrer l'interface du router: " RouterInterface
echo -e "[${RouterName}]" >> ${IniFile}
for PARAM in "${PARAMS[@]}"
do
echo -e "\nPARAM = $PARAM"
eval 'read -p "Entrer ${PARAM} " Value'
eval 'echo ${PARAM}=${Value} >> ${IniFile}'
done
((debug)) && echo "${FUNCNAME[0]} exit"
}
#---------- Help ---------------------------------------------------------------
#
function Help() {
cat << EOF
usage: $(basename "$0") [OPTIONS]
-a Debug mode
-d Device Name
-h Show this message
-i Interactive
-u User Name
-n User / Device number
EOF
}
#================= MAIN =======================================================
#
((!$#)) && Help && exit
while getopts ad:hi:n:qu: option
do
case "${option}" in
a) debug=1
;;
d) DeviceName="${OPTARG}"
;;
h) Help
exit
;;
i) Interactive
exit
;;
n) UserNumber="${OPTARG}"
;;
u) UserName="${OPTARG}"
;;
*) Message "Usage (bad argument: $OPTARG)"
exit 1
;;
esac
done
#---Init global variables
#for PARAM in "${PARAMS[@]}"
#do
# eval export '${PARAM}=""'
# done
if [[ ! -z ${UserName} ]] # User mode prioritised if both specified
then
ScriptMode=User
Message "User mode"
elif [[ ! -z ${DeviceName} ]]
then
ScriptMode=Device
Message "Device mode"
else
Message "Must use either -u or -d"
exit
fi
CfgNum=$(find . -maxdepth 1 -iname "*.cfg" |wc -l)
Message "Avant demande router infos"
if [[ $CfgNum -eq 1 ]]
then
RouterCfg=$(find . -maxdepth 1 -iname "*.cfg" -printf "%f")
RouterName="${RouterCfg%.*}"
else
read -p "Entrer Nom du Router: " RouterName
((debug)) && echo -e "Router Name = ${RouterName}"
GetRouter_Infos "${RouterName}"
RouterCfg=${RouterName}.cfg
fi
((debug)) && echo -e "
Après GetRouter_Infos
RouterName : $RouterName
RouterInterface : $RouterInterface
"
for PARAM in "${PARAMS[@]}"
do
eval ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg)
done
echo -e "Avant Create User"
((debug)) && echo -e "
RouterName = $RouterName
DeviceName = $DeviceName
UserNumber = $UserNumber
UserName = $UserName
Rtr_Addr_Admin = $Rtr_Addr_Admin
Rtr_Addr_Public = $Rtr_Addr_Public
Rrt_Port = $Rrt_Port
RtrInterface = $RtrInterface
Rtr_Addr_Private = $Rtr_Addr_Private
Rtr_CIDR_Mask = $Rtr_CIDR_Mask
Rtr_PUB_KEY = $Rtr_PUB_KEY
" | column -t && exit
case "${ScriptMode}" in
User) CreateUser ${RouterName} ${RtrInterface} ${UserNumber} ${UserName}
exit
;;
Router) CreateRouter ${RouterName} ${UserNumber} ${DeviceName}
;;
*) Message "Bad mode passed ${ScriptMode}"
exit 1
;;
esac
Message "All done."

34
wireguard/genconfig_simple.md Normal file
View file

@ -0,0 +1,34 @@
1) Le script fonctionne en partant du principe qu'il va sauver / utiliser un fichier INI et les fichiers Wireguard générés en relation avec ça dans un répertoire
Ça veut dire qu'on doit utiliser quelque chose qui ressemble à:
Compagnie / router1
Compagnie / router2
Donc, on fait un "cd" Compagnie/router1 et on utilise de là
On pourrait aussi avoir: Compagnie / router1 / interface 1 (j'ai la plupart du temps WG_Users et WG_Routers!)
2) Les paramètres sont contenus dans un array au début du script. Je vais ajouter un champs sur chaque ligne pour un "nom de field" plus facile à comprendre
PARAMS=(
RtrInterface Nom de l'interface Wireguard avec laquelle sera associée la config du client
Rtr_Addr_Admin L'adresse IP où le script va connecter pour ajouter la config du client (futur)
Rtr_Addr_Public L'adresse publique sur laquelle le client connecte: IP ou FQDN
Rrt_Port Le port de l'interface associée du router sur lequel le client connecte
Rtr_Addr_Private L'adresse du router, sur le subnet alloué au clients. Mon standard, genre: 10.1.2.254 et le client #1 aura 10.1.2.1, client #2 10.1.2.2, etc
Rtr_CIDR_Mask Le masque du subnet associé à l'interface du router sur son interface
Rtr_PUB_KEY La clef publique associée à l'interface du router
Rtr_DNS Le/les DNS qu'on place dans la config du client
Rtr_Route_Subnet Le subnet qui est associé au routage pour la connexion client. 0.0.0.0/0 pour envoyer tout le trafic via cette connexion wireguard.
)
3) Je conseille d'utiliser des noms de user et routers avec un # de séquence associé. Ça permet de savoir quel IP sera allouée à chaque client
Ex: U001-Guy, U002-Marc (Users)
R001-Toronto, R002-Quebec (Routers)
4) Les paramètres de la CLI on beaucoup changé avec la dernière version, voir la manière actuelle dans l'exemple ci-bas
## Utilisation
~~~bash
# Pour l'instant, minimal (autres paramètres = futur):
../genconfig_simple -n 1 -u marc
~~~

7
wireguard/ingtegration/chateauguay/router/RB5009.cfg Normal file
View file

@ -0,0 +1,7 @@
[RB5009]
Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net
Rrt_Port=14321
Rtr_Interface=WG-Devices
Rtr_Addr_Private=172.16.254.2
Rtr_CIDR_Mask=24
Rtr_PUB_KEY=MmTMFo+Fs3N9jrcVeGKkmMi2NoZctvSB7813LCN12nY=

15
wireguard/ingtegration/chateauguay/test/RB5009.cfg Normal file
View file

@ -0,0 +1,15 @@
[WG01]
Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net
Rrt_Port=14322
Rtr_Addr_Private=172.16.40.254
Rtr_CIDR_Mask=24
Rtr_PUB_KEY=iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw=
[WG02]
Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net
Rrt_Port=14322
Rtr_Addr_Private=172.16.40.254
Rtr_CIDR_Mask=24
Rtr_PUB_KEY=iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw=

3
wireguard/ingtegration/chateauguay/test/U-002-guy.Peer.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=172.16.40.2/32 disabled=no name="guy" interface=WG01 \
preshared-key="Ib7k3/rWONN4Ga4oA5EfweGiMk8+BvS59HYmpSkSzCA=" public-key="ziekWouNBWmOUIlCx9uO6U4FOoBQbagLqOwnKKEsvn4="

13
wireguard/ingtegration/chateauguay/test/U-002-guy.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = eOmsbsjFnFi9AtWjJyQmPmWUSdq0gg2P35ysdxOJyVE=
ListenPort = 51821
Address = 172.16.40.2/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw=
PresharedKey = Ib7k3/rWONN4Ga4oA5EfweGiMk8+BvS59HYmpSkSzCA=
AllowedIPs = 0.0.0.0/0
Endpoint = heh08h84mnt.sn.mynetname.net:14322
PersistentKeepalive = 25

BIN
wireguard/ingtegration/chateauguay/test/U-002-guy.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

34
wireguard/ingtegration/chateauguay/test/readini Executable file
View file

@ -0,0 +1,34 @@
#!/bin/bash
INI_FILE="$1"
SECTIONS_NUM=0
unset ${INI_ALL_SECTION}
while read -r line || [ -n "$line" ]
do
echo -e "\nLine = $line"
# Skip blank lines and comments
if [ -z "$line" -o "${line:0:1}" = ";" -o "${line:0:1}" = "#" ]
then
continue
fi
# Section marker?
if [[ "${line}" =~ ^\[[a-zA-Z0-9_]{1,}\]$ ]]
then
# Set SECTION var to name of section (strip [ and ] from section marker)
SECTION="${line#[}"
SECTION="${SECTION%]}"
echo -e "SECTION = ${SECTION}"
#eval "${INI_ALL_SECTION}=\"\${${INI_ALL_SECTION}# } $SECTION\""
((SECTIONS_NUM++))
continue
fi
done <"${INI_FILE}"
echo -e "SECTIONS_NUM = $SECTIONS_NUM"
echo "INI_ALL_SECTION = $INI_ALL_SECTION"

7
wireguard/ingtegration/chateauguay/user/RB5009.cfg Normal file
View file

@ -0,0 +1,7 @@
[RB5009]
Rtr_Addr_Public=heh08h84mnt.sn.mynetname.net
Rrt_Port=14322
Rtr_Interface=WG-Users
Rtr_Addr_Private=172.16.40.254
Rtr_CIDR_Mask=24
Rtr_PUB_KEY=iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw=

3
wireguard/ingtegration/chateauguay/user/U-003-dana.Peer.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=172.16.40.3/32 disabled=no name="pcguy" interface=WG-Users \
preshared-key="nlvAgKyqzNZon2vv8mGBUoFIyGZ5XWmNLLEN+ULI8OU=" public-key="UYXWTpjsuLD8oBIbmG+/E4ayJ7/HvEs5RotwqlW2938="

13
wireguard/ingtegration/chateauguay/user/U-003-dana.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = sIwBWQDsBHyXh50pjFEF04NtK5H2zan9eyo1G189VXo=
ListenPort = 51821
Address = 172.16.40.3/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw=
PresharedKey = nlvAgKyqzNZon2vv8mGBUoFIyGZ5XWmNLLEN+ULI8OU=
AllowedIPs = 0.0.0.0/0
Endpoint = heh08h84mnt.sn.mynetname.net:14322
PersistentKeepalive = 25

BIN
wireguard/ingtegration/chateauguay/user/U-003-dana.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

3
wireguard/ingtegration/users/004-Guy.CCR1.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=10.8.38.4/32 disabled=no comment="User Guy" interface=wg1 \
preshared-key="azOSAxvB4FqFR0XYvXiVZL3XZn1QD5S1ttQSSc/MiTk=" public-key="xXg+ZoZcv36AuzmfzpBAqGDmgIhEwkucFw5bm/kgCTM="

13
wireguard/ingtegration/users/004-Guy.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = UEX8Fq51QVG6oIPdCy8eWfrJcONrArRqyieK1faBzkE=
ListenPort = 51821
Address = 10.8.38.4/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = iPArVoKAjEYTsvSb2NdQRDIUxHPHBgGTHAK3uAKKvkw=
PresharedKey = azOSAxvB4FqFR0XYvXiVZL3XZn1QD5S1ttQSSc/MiTk=
AllowedIPs = 10.8.0.0/16
Endpoint = seve.ingtegration.com:14322
PersistentKeepalive = 25

3
wireguard/koze-maison/users/Samantha.Endpoint.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=172.16.15.1/32 disabled=no comment="User Samantha" interface=WG-Users \
preshared-key="PVmxXI1HtsrmM/pmmOfPJRLj9ITG6LXDEGN9NyT/wzY=" public-key="+MNTBsVZUQZ+tjFz9mD1uLH8CEAifSM9O0xqlm+XfCM="

13
wireguard/koze-maison/users/Samantha.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = UA2nrQP2taQy1aYWtwxPPD2/qbQwiWckWSS2ucp5lnE=
ListenPort = 51821
Address = 172.16.15.1/32
DNS = 1.1.1.1,8.8.8.8
[Peer]
PublicKey = lCzZXZYTwnDGVbAtEE/vEH0TtpVqy7fBcZMBXiBBA1s=
PresharedKey = PVmxXI1HtsrmM/pmmOfPJRLj9ITG6LXDEGN9NyT/wzY=
AllowedIPs = 172.16.0.0/16
Endpoint = b4a30b139a75.sn.mynetname.net:14233
PersistentKeepalive = 25

BIN
wireguard/koze-maison/users/Samantha.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

288
wireguard/real/genconfig Executable file
View file

@ -0,0 +1,288 @@
#!/bin/bash
Version=240226-1434
debug=0
CORP=EVOQ
Rtr_CCR1_Addr="d90d0d815e13.sn.mynetname.net"
Rtr_CCR1_Port="13232"
Usr_CCR1_Addr="d90d0d815e13.sn.mynetname.net"
Usr_CCR1_Port="13233"
ScriptName=$(basename "$0")
BaseDir="/home/boig01/temp/wireguard/real"
WgRtrDir="${BaseDir}/routers"
WgUsrDir="${BaseDir}/users"
RTR_CCR1_PUB_KEY="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw="
USR_CCR1_PUB_KEY="vaH/ozwjGfhC1ODOJZ6PExwDNTRlms2kU43xmGi67yg="
NumUser=0
NumRouter=0
NameUser=0
Mode=0
YELLOW='\033[0;33«m'
GREEN='\033[0;32m'
RED='\033[0;31m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Create paths if not there
[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}"
[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}"
Start_Subnet=10.1.32.0
Bits_Subnet=3
Subnet_Bits=$((32-Bits_Subnet)) # Router address subnet bits
NAPS=$((2**Bits_Subnet)) # Nombre d'Adresses Par Subnet
#=================== function Help ============================================
#
function Help()
{
echo -e "
WireGuard-MikroTik ${BLUE}${CORP}${NC} configurator
usage:
${ScriptName} [Options]
-n User # (Unique user number between 1 and 253)
-u User name (AdrianSmith)
-r Router # (EVOQ router #, like 1 or 11)
When in user mode, you must provide name & unique user number between 2 and 253.
This user number will be assigned an ip address 10.1.40.[user #].
" && exit
}
#=================== function Info =============================================
#
# Avec date / time prefix
#
Info() { printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" >&2; } # send to stderr
#=================== function Message ==========================================
#
#
Message() { printf "\n${GREEN}%s${NC}\n" "$*"; } # send to stdout
#=================== function ip2int ===========================================
#
ip2int()
{
local a b c d
{ IFS=. read a b c d; } <<< $1
echo $(((((((a << 8) | b) << 8) | c) << 8) | d))
}
#=================== function int2ip ===========================================
#
int2ip()
{
local ui32=$1; shift
local ip n
for n in 1 2 3 4; do
ip=$((ui32 & 0xff))${ip:+.}$ip
ui32=$((ui32 >> 8))
done
echo $ip
}
#======================== CreateUser ==========================================
#
function CreateUser()
{
ClientName=$1
ClientNum=$2
CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
CLIENT_NUM=$(printf "%03d" $2)
CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}"
CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf"
CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.CCR1.rsc"
((debug)) && echo -e "
ClientName = $1
CLIENT_NUM = $CLIENT_NUM
CLIENT_FILE_WIN = $CLIENT_FILE_WIN
CLIENT_FILE_RTR = $CLIENT_FILE_RTR
" && exit
echo -e "Client:
${GREEN}---------------------------------------------------------${NC}"
echo -e "[Interface]
PrivateKey = ${CLIENT_PRIV_KEY}
ListenPort = 51821
Address = 192.168.10.${ClientNum}/32
DNS = 192.168.10.1,1.1.1.1
[Peer]
PublicKey = ${USR_CCR1_PUB_KEY}
PresharedKey = ${CLIENT_PRE_SHARED_KEY}
AllowedIPs = 192.168.0.0/16
Endpoint = ${Usr_CCR1_Addr}:${Usr_CCR1_Port}
" | tee "${CLIENT_FILE_WIN}"
echo -e "\nCCR:
---------------------------------------------------------"
echo -e "/interface wireguard peers add
allowed-address=192.168.10.${ClientNum}/32 client-keepalive=10 disabled=no comment=\"User ${ClientName}\" interface=wg1 \\
preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}"
}
#======================== CreateRouter ========================================
#
function CreateRouter()
{
RouterNum="$1"
RouterSubnet="$2"
RTR_PRIV_KEY=$(wg genkey)
RTR_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey)
RTR_PRE_SHARED_KEY=$(wg genpsk)
RTR_NUM=$(printf "%03d" $1)
RTR_FILE_PREFIX="${RTR_NUM}-Router"
RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}.rsc"
RTR_FILE_RTR_CCR1="${WgRtrDir}/${RTR_FILE_PREFIX}.CCR1.rsc"
((debug)) && echo -e "
ClientName = $1
CLIENT_NUM = $RTR_NUM
CLIENT_FILE_RTR = $RTR_FILE_RTR
" && exit
Message "** Generated output files:"
echo -e "${GREEN}---------------------------------------------------------${NC}
${RTR_FILE_RTR}
${RTR_FILE_RTR_CCR1}
"
Message "** Router Client Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard
add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\"
/ip address add address=10.1.41.${RouterNum}/32 comment=wg-wg01 interface=wg01
/ip route add dst-address=10.0.0.0/8 gateway=wg01
/ip route add dst-address=192.168.0.0/16 gateway=wg01
/interface wireguard peers add allowed-address=10.0.0.0/8,192.168.0.0/16 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\
endpoint-address=${Rtr_CCR1_Addr} endpoint-port=${Rtr_CCR1_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_CCR1_PUB_KEY}\"
/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\
\"/ping interval=10 10.1.8.11 count=61\"
/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \
| tee "${RTR_FILE_RTR}"
#echo -e "\n"
Message "** CCR1 Config:"
echo -e "${GREEN}---------------------------------------------------------${NC}"
echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum}\" \\
interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_PUB_KEY}\"
/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \
| tee "${RTR_FILE_RTR_CCR1}"
}
#=================== function RrtSubnet ========================================
#
RtrSubnet()
{
local RtrNum=$1
BaseNum=$(ip2int $Start_Subnet) # Subnet de depart en format integer
Nth=$((RtrNum-1)) # Le router #1 est "0" dans la séquence de subnet, #2 est 1, etc
Nth=$((Nth*NAPS)) # Decimal a aditionner en fonction pour le Nth router
Subnet=$((BaseNum+Nth)) # Nth subnet calculé
# Subnet="${Subnet}/$(Bits_Subnet=3})"
echo -e "$(int2ip $Subnet)/${Subnet_Bits}"
}
#================ MAIN ========================================================
#
((!$#)) && Help && exit # If no command parameters passed, help and bail out
echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator version $Version\n"
while getopts dhn:r:u: option
do
case "${option}" in
d) debug=1
;;
h) Help
exit ;;
n) NumUser=${OPTARG}
Mode="User"
;;
r) NumRouter=${OPTARG}
Mode="Router"
;;
u) NameUser=${OPTARG}
;;
*) echo -e "Usage (bad argument: $OPTARG) \n"
exit 1;;
esac
done
((debug)) && echo -e "
NumRouter = ${NumRouter}
NumUser = ${NumUser}
RtrSubnet = $(RtrSubnet ${NumRouter})
" && exit
if [[ "${NumRouter}" -ne "0" && "${NumUser}" -ne "0" ]]
then
echo "** Error, can't use user and router # simulteaneously"
exit 1
fi
case "$Mode" in
User) CreateUser $NameUser $NumUser
exit
;;
Router) CreateRouter $NumRouter $(RtrSubnet ${NumRouter})
exit
;;
*) echo -e "\n** ERROR : User # was not provided"
Help
;;
esac

3
wireguard/real/users/001-Real.CCR1.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers add
allowed-address=10.1.40.1/32 client-keepalive=10 disabled=no comment="User Real" interface=wg1 \
preshared-key="EGEruoS+9iFaDV7MOydXdkE8eQGpDhil446OzImIfOY=" public-key="J4nC/m8G2wMNDYeywORCYIo9eZq6v6fMgZVOFpRv3m0="

12
wireguard/real/users/001-Real.conf Normal file
View file

@ -0,0 +1,12 @@
[Interface]
ListenPort = 51821
PrivateKey = QHjXJWfo+G2BoJTKaLEviueDyK90nW/14ibUD3X31HI=
Address = 192.168.10.1/32
DNS = 192.168.10.254,1.1.1.1
[Peer]
PublicKey = vaH/ozwjGfhC1ODOJZ6PExwDNTRlms2kU43xmGi67yg=
PresharedKey = EGEruoS+9iFaDV7MOydXdkE8eQGpDhil446OzImIfOY=
Endpoint = d90d0d815e13.sn.mynetname.net:13233
AllowedIPs = 192.168.0.0/16

3
wireguard/real/users/002-Guy.CCR1.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers add
allowed-address=192.168.10.2/32 client-keepalive=10 disabled=no comment="User Guy" interface=wg1 \
preshared-key="0FaSQ2/iTj2Eu7ttME16pIet6nJnh0gtfEACK9aCCBI=" public-key="tQk6OTijE3YawHAQk6jfcVmgMzvH3zUyNqrhl3zRmHQ="

12
wireguard/real/users/002-Guy.conf Normal file
View file

@ -0,0 +1,12 @@
[Interface]
ListenPort = 51821
PrivateKey = wDaoTqcCfIar7dukhYQYu8M5LDN+3BZc8Zcn/UetjWQ=
Address = 192.168.10.2/32
DNS = 1.1.1.1
[Peer]
PublicKey = vaH/ozwjGfhC1ODOJZ6PExwDNTRlms2kU43xmGi67yg=
PresharedKey = 0FaSQ2/iTj2Eu7ttME16pIet6nJnh0gtfEACK9aCCBI=
Endpoint = d90d0d815e13.sn.mynetname.net:13233
AllowedIPs = 192.168.2.0/24

1
wireguard/real/users/Real-maison.conf Symbolic link
View file

@ -0,0 +1 @@
/home/boig01/Nextcloud2/guydev/network/wireguard/real/users/002-Guy.conf

10
wireguard/rrf/RB5009-Users.cfg Normal file
View file

@ -0,0 +1,10 @@
[RB5009-Users]
RtrInterface=WG-Users
Rtr_Addr_Admin=10.1.99.254
Rtr_Addr_Public=142.217.209.155
Rrt_Port=13235
Rtr_Addr_Private=10.1.15.254
Rtr_CIDR_Mask=24
Rtr_PUB_KEY=zHEBUKg9qNtC9+RaQeHiDoTmlsPc+9NBN+H+W/ZDPF4=
Rtr_DNS=10.1.15.254
Rtr_Route_Subnet=10.1.0.0/16

3
wireguard/rrf/U-001-boig01.Peer.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=10.1.15.1/32 disabled=no name="boig01" interface=WG-Users \
preshared-key="tqtgjTsZUxkdFM1IQNfRdNuYf2MgH/2kHOOO1+ilMCQ=" public-key="r11A7Z+IBeLFL6G+a+M0jgr1tTd9jTl/b+RROj/6whk="

13
wireguard/rrf/U-001-boig01.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = UKNcUZwVMzU4icXo2M7WsLm2OVvUiPTBndLn3xBiB2Y=
ListenPort = 51821
Address = 10.1.15.1/32
DNS = 10.1.15.254
[Peer]
PublicKey = zHEBUKg9qNtC9+RaQeHiDoTmlsPc+9NBN+H+W/ZDPF4=
PresharedKey = tqtgjTsZUxkdFM1IQNfRdNuYf2MgH/2kHOOO1+ilMCQ=
AllowedIPs = 10.1.0.0/16
Endpoint = 142.217.209.155:13235
PersistentKeepalive = 25

BIN
wireguard/rrf/U-001-boig01.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

3
wireguard/rrf/U-002-boucm01.Peer.rsc Normal file
View file

@ -0,0 +1,3 @@
/interface wireguard peers
add allowed-address=10.1.15.2/32 client-keepalive=20s disabled=no name="boucm01" interface=WG-Users \
preshared-key="6VOptNdny7TsKvQvcWFn0V+RtBMs+iin3elOxE9tXX8=" public-key="yxVvlFZnnZOePdCxLX27zsnLfApcGBhmlqR5772mN2c="

13
wireguard/rrf/U-002-boucm01.conf Normal file
View file

@ -0,0 +1,13 @@
[Interface]
PrivateKey = ACO/UBhvrQMLlrtEE7sU8qgDxYVmYLEn+j6hva8BBHM=
ListenPort = 51821
Address = 10.1.15.2/32
DNS = 10.1.15.254
[Peer]
PublicKey = zHEBUKg9qNtC9+RaQeHiDoTmlsPc+9NBN+H+W/ZDPF4=
PresharedKey = 6VOptNdny7TsKvQvcWFn0V+RtBMs+iin3elOxE9tXX8=
AllowedIPs = 10.1.0.0/16
Endpoint = 142.217.209.155:13235
PersistentKeepalive = 25

BIN
wireguard/rrf/U-002-boucm01.conf.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.4 KiB

8
wireguard/sdmm/CCR1009.cfg Normal file
View file

@ -0,0 +1,8 @@
[CCR1009]
RtrInterface=WG-Users
Rtr_Addr_Admin=10.3.8.1
Rtr_Addr_Public=184.95.250.138
Rrt_Port=13421
Rtr_Addr_Private=10.3.13.254
Rtr_CIDR_Mask=24
Rtr_PUB_KEY=ZypJ/xU5ieCA3+iHR5AhoPP6XDsSTpMuzo5foi+bWWc=

Some files were not shown because too many files have changed in this diff Show more