First Commit

2025-08-12 23:01:13 -04:00 · 2025-08-12 23:01:13 -04:00 · bd67283438
commit bd67283438
142 changed files with 5061 additions and 0 deletions
--- a/wireguard/WireguardManjaro/evoq/WG999-GB
+++ b/wireguard/WireguardManjaro/evoq/WG999-GB
@ -0,0 +1,3 @@
+[Interface]
+ListenPort = 13231
+PrivateKey = oIdmd/wFdL54lgkkThbIcDAeg9nKmS5wxH4fLBJbwEo=
--- a/wireguard/WireguardManjaro/evoq/privatekey
+++ b/wireguard/WireguardManjaro/evoq/privatekey
@ -0,0 +1 @@
+mCscj1wPL4+kGrDMAKY3Ek8drGvxcgOlfudGAq9j+Vo=
--- a/wireguard/WireguardManjaro/evoq/publickey
+++ b/wireguard/WireguardManjaro/evoq/publickey
@ -0,0 +1 @@
+pWs3b9kfSZ+Uvg7Q9tYT52Lqxh7OEbOhkzmvE0NT/GM=
--- a/wireguard/WireguardManjaro/exoc/rutgers/client_guy.txt
+++ b/wireguard/WireguardManjaro/exoc/rutgers/client_guy.txt
@ -0,0 +1 @@
+GPBSyPyU06/jsowN9ScTpXDkMAzrGxKB217gVWcSVng=
--- a/wireguard/WireguardManjaro/exoc/rutgers/client_guy_psk.txt
+++ b/wireguard/WireguardManjaro/exoc/rutgers/client_guy_psk.txt
@ -0,0 +1 @@
+tJsNqiNzwJ7PCLRvF83olIffVq9FAWSvOlYC7wbUp0=
--- a/wireguard/WireguardManjaro/exoc/rutgers/client_guy_pub.txt
+++ b/wireguard/WireguardManjaro/exoc/rutgers/client_guy_pub.txt
@ -0,0 +1 @@
+rtbXn9kJ32AqTbOeNcQjWT31UW+508ENhP1+Whez5TQ=
--- a/wireguard/WireguardManjaro/exoc/rutgers/client_pascal.txt
+++ b/wireguard/WireguardManjaro/exoc/rutgers/client_pascal.txt
@ -0,0 +1 @@
+APeJ2lVKE90EUHsDO+bYC5OAnpeUATCeGZWDL9K0dVM=
--- a/wireguard/WireguardManjaro/exoc/rutgers/client_pascal_psk.txt
+++ b/wireguard/WireguardManjaro/exoc/rutgers/client_pascal_psk.txt
@ -0,0 +1 @@
+isW7BmJAwEq6B2PeDbG4sN8z/dg2zfuhuLdPQY3WovU=
--- a/wireguard/WireguardManjaro/exoc/rutgers/client_pascal_pub.txt
+++ b/wireguard/WireguardManjaro/exoc/rutgers/client_pascal_pub.txt
@ -0,0 +1 @@
+GkRup6bdiXqb8GOaytLBQ1tFcQJ+SEu+KgkQlR17oE4=
--- a/wireguard/WireguardManjaro/exoc/rutgers/wg01-guy.conf
+++ b/wireguard/WireguardManjaro/exoc/rutgers/wg01-guy.conf
@ -0,0 +1,10 @@
+[Interface]
+PrivateKey = GPBSyPyU06/jsowN9ScTpXDkMAzrGxKB217gVWcSVng=
+Address = 172.16.28.1/32
+DNS = 1.1.1.1,8.8.8.8
+
+[Peer]
+PublicKey = rtbXn9kJ32AqTbOeNcQjWT31UW+508ENhP1+Whez5TQ=
+PresharedKey = +tJsNqiNzwJ7PCLRvF83olIffVq9FAWSvOlYC7wbUp0=
+Endpoint = 172.16.24.1:13239
+AllowedIPs = 0.0.0.0/0,::/0
--- a/wireguard/WireguardManjaro/exoc/rutgers/wg02-pascal.conf
+++ b/wireguard/WireguardManjaro/exoc/rutgers/wg02-pascal.conf
@ -0,0 +1,10 @@
+[Interface]
+PrivateKey = APeJ2lVKE90EUHsDO+bYC5OAnpeUATCeGZWDL9K0dVM=
+Address = 172.16.28.2/32
+DNS = 1.1.1.1,8.8.8.8
+
+[Peer]
+PublicKey = 3ZnjnM9d/TL2MoNnEgNRlDztYEhHLNjb8EXai9utzCk=
+PresharedKey = isW7BmJAwEq6B2PeDbG4sN8z/dg2zfuhuLdPQY3WovU=
+Endpoint = 192.168.88.168:13239
+AllowedIPs = 0.0.0.0/0
--- a/wireguard/WireguardManjaro/exoc/rutgers/wireguard-rutgers.sh
+++ b/wireguard/WireguardManjaro/exoc/rutgers/wireguard-rutgers.sh
@ -0,0 +1,316 @@
+#!/bin/bash
+
+
+#=================== Environment ===============================================
+#
+ScriptName=$(basename "$0")
+SshUser=ansible
+#SshKey="/home/wireguard/.ssh/ansible_evoq_rsa"
+SshKey="/home/boig01/.ssh/ansible_evoq_rsa"
+#BaseDir="/home/wireguard"
+BaseDir="/dev/shm"
+CCR1=10.1.8.11
+CCR2=10.1.8.12
+Version=240222_1842
+CORP="EVOQ"
+TmpUserList=$(mktemp -p /dev/shm)
+
+# Wireguard For Routers
+RtrCCR1Int=WG-Routers
+RtrCCR1PubKey="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw="
+RtrCCR1Prefix="10.1.32"
+RtrCCR1Address="10.1.32.254/24"
+RtrCCR1Port=13232
+WgRtrDir="${BaseDir}/routers"
+
+# Wireguard For Users
+UsrCCR1Int=WG-Users
+UsrCCR1PubKey="EsxauwYNBotyfDJzy9yCUXDci2gHbtZLhUWnMgMP0AY="
+UsrCCR1Prefix="10.1.33"
+UsrCCR1Address="10.1.33.254/24"
+UsrCCR1Port=13233
+WgUsrDir="${BaseDir}/users"
+
+YELLOW='\033[0;33m'
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+BLUE='\033[0;34m'
+NC='\033[0m' 		# No Color
+
+
+# Create paths if not there
+[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}"
+[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}"
+
+
+
+#=================== function Info =============================================
+#
+# Avec date / time prefix
+#
+Info() { printf "${GREEN} %s ${NC} %s\n" "$( date +%F_%T )" "$*" >&2; }      # send to stderr
+
+
+#=================== function Message ==========================================
+#
+Message() { printf "${GREEN}%s ${NC}\n" "$*" ;}      # send to stderr
+
+
+
+#=================== function Help =============================================
+#
+function Help ()
+{
+echo -e "
+usage: $ScriptName [options]
+
+  -l  List WireGuard clients on CCR1
+  -h  This help
+
+"
+}
+
+
+#=================== function addCCR1 ==========================================
+#
+function addCCR1() {
+ local Router="$1"	
+ echo -e "\nAdding ${Router} Wireguard account to CCR1..."
+ ssh -i ${SSHKey} ansible@${CCR1}  "/ppp secret add local-address=10.1.31.254 name=${Router} password=${L2TPPass} remote-address=${CCRSideIP} routes=\"${ip_Subnet} $CCRSideIP 1\" service=l2tp"
+
+ if [ $? = 0 ]
+ then
+   echo "${Router} Wireguard account successfully added to CCR1"
+ else
+   echo "Failed to add ${Router} Wireguard account to CCR1"
+ fi
+}
+
+
+#=================== function newClient =======================================
+#
+function newClient() {
+        ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}"
+
+        echo ""
+        echo "Tell me a name for the client."
+        echo "The name must consist of alphanumeric character. It may also include an underscore or a dash and can't exceed 15 chars."
+
+        until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do
+                read -rp "Client name: " -e CLIENT_NAME
+                CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf")
+
+                if [[ ${CLIENT_EXISTS} == '1' ]]; then
+                        echo ""
+                        echo "A client with the specified name was already created, please choose another name."
+                        echo ""
+                fi
+        done
+
+        for DOT_IP in {2..254}; do
+                DOT_EXISTS=$(grep -c "${SERVER_WG_IPV4::-1}${DOT_IP}" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf")
+                if [[ ${DOT_EXISTS} == '0' ]]; then
+                        break
+                fi
+        done
+
+        if [[ ${DOT_EXISTS} == '1' ]]; then
+                echo ""
+                echo "The subnet configured supports only 253 clients."
+                exit 99
+        fi
+
+        BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }')
+        until [[ ${IPV4_EXISTS} == '0' ]]; do
+                read -rp "Client's WireGuard IPv4: ${BASE_IP}." -e -i "${DOT_IP}" DOT_IP
+                CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}"
+                IPV4_EXISTS=$(grep -c "$CLIENT_WG_IPV4/24" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf")
+
+                if [[ ${IPV4_EXISTS} == '1' ]]; then
+                        echo ""
+                        echo "A client with the specified IPv4 was already created, please choose another IPv4."
+                        echo ""
+                fi
+        done
+
+        BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }')
+        until [[ ${IPV6_EXISTS} == '0' ]]; do
+                read -rp "Client's WireGuard IPv6: ${BASE_IP}::" -e -i "${DOT_IP}" DOT_IP
+                CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}"
+                IPV6_EXISTS=$(grep -c "${CLIENT_WG_IPV6}/64" "$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf")
+
+                if [[ ${IPV6_EXISTS} == '1' ]]; then
+                        echo ""
+                        echo "A client with the specified IPv6 was already created, please choose another IPv6."
+                        echo ""
+                fi
+        done
+
+        # Generate key pair for the client
+        CLIENT_PRIV_KEY=$(wg genkey)
+        CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
+        CLIENT_PRE_SHARED_KEY=$(wg genpsk)
+
+    mkdir -p "$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}" >/dev/null 2>&1
+        HOME_DIR="$(pwd)/wireguard/${SERVER_WG_NIC}/client/${CLIENT_NAME}"
+
+        # Create client file and add the server as a peer
+        echo "[Interface]
+PrivateKey = ${CLIENT_PRIV_KEY}
+Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128
+DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2}
+
+[Peer]
+PublicKey = ${SERVER_PUB_KEY}
+PresharedKey = ${CLIENT_PRE_SHARED_KEY}
+Endpoint = ${ENDPOINT}
+AllowedIPs = 0.0.0.0/0,::/0" >>"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf"
+
+    # Add the client as a peer to the MikroTik (to client folder)
+    echo "# WireGuard client peer configure
+/interface wireguard peers
+add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\
+    ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\
+    preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\
+    \"${CLIENT_PUB_KEY}\"
+    " >"${HOME_DIR}/mikrotik-peer-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc"
+
+    # Add the client as a peer to the MikroTik
+    echo "# WireGuard client peer configure
+/interface wireguard peers
+add allowed-address=${CLIENT_WG_IPV4}/32 comment=\\
+    ${SERVER_WG_NIC}-client-${CLIENT_NAME} interface=${SERVER_WG_NIC} \\
+    preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\\
+    \"${CLIENT_PUB_KEY}\"
+    " >> "$(pwd)/wireguard/${SERVER_WG_NIC}/mikrotik/${SERVER_WG_NIC}.rsc"
+
+        # Add the client as a peer to the server
+        echo -e "\n### Client ${CLIENT_NAME}
+[Peer]
+PublicKey = ${CLIENT_PUB_KEY}
+PresharedKey = ${CLIENT_PRE_SHARED_KEY}
+AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"$(pwd)/wireguard/${SERVER_WG_NIC}/${SERVER_WG_NIC}.conf"
+
+        echo -e "\nHere is your client config file as a QR Code:"
+
+        qrencode -t ansiutf8 -l L <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf"
+    qrencode -l L -s 6 -d 225 -o "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png" <"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf"
+
+        echo -e "${INFO} Config available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf"
+    echo -e "${INFO} QR is also available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.png"
+        echo -e "${INFO} MikroTik peer config available in ${HOME_DIR}/mikrotik-${SERVER_WG_NIC}-client-${CLIENT_NAME}.rsc"
+}
+
+
+
+
+#=================== function manageMenu ======================================
+#
+function manageMenu() {
+        echo ""
+        echo "It looks like this WireGuard interface is already."
+        echo ""
+        echo "What do you want to do?"
+        echo "   1) Add a new client"
+        echo "   2) Exit"
+        until [[ ${MENU_OPTION} =~ ^[1-4]$ ]]; do
+                read -rp "Select an option [1-2]: " MENU_OPTION
+        done
+        case "${MENU_OPTION}" in
+        1)
+                newClient
+                ;;
+        2)
+                exit 0
+                ;;
+        esac
+}
+
+
+
+#=================== function listConfs =======================================
+#
+function listConfs() {
+        local directory
+        directory="$(pwd)/wireguard"
+
+        if [ -d "${directory}" ]; then
+                echo "List of existing configurations:"
+                i=1
+                for folder in "${directory}"/*/; do
+                        local users count folder_name
+                        users="${folder}/client/"
+                        count=$(find "$users" -maxdepth 1 -mindepth 1 -type d 2>/dev/null | wc -l)
+                        folder_name=$(basename "${folder}")
+                        echo "${i}. ${folder_name} [${count} user(s)]"
+                        ((i++))
+                done
+        fi
+        echo ""
+}
+
+
+#=================== function listCCR1 =========================================
+#
+# Filter 1: enlever les ";" et remplacer ^m par LF
+# Filter 2: Grouper 2 lignes consecutives
+# Filter 3: Print field #4 et #3
+#
+function ListCCR() {
+
+Message "User List"
+ssh -i $SshKey ${SshUser}@${CCR1} "/interface/wireguard/peers/print proplist=comment,interface" \
+ | grep User | tr -d ";"  | sed -e "s/\r//g" \
+ | awk 'NR%2 {printf("%s ", $0); next} {print $0}' \
+ | awk '{print $4, $3}' | tee ${TmpUserList}
+
+LastEntry=$(cat ${TmpUserList} | sort -r | head -1 | awk '{ print $1 }')
+NextEntry=$(($LastEntry+1))
+echo -e "
+Last Entry = $LastEntry
+Next Entry = $NextEntry
+"
+}
+
+
+#=================== MAIN =====================================================
+#
+echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator\n"
+
+((!$#)) && Help && exit
+
+
+while getopts cfhl option
+do
+ case "${option}" in
+    c) BoolCreate=1 ;;
+    f) VarFileLog=1;;
+    h) Help
+       exit 0;;
+	l) ListCCR ;;
+    *) Help
+       exit 1;;
+ esac
+done
+
+
+rm -f ${TmpUserList}
+exit
+
+#? Check for root, OS, WireGuard
+installCheck
+
+listConfs
+
+#? Check server exist
+serverName
+
+#? Check if WireGuard is already installed and load params
+if [[ -e $(pwd)/wireguard/${SERVER_WG_NIC}/params ]]; then
+        # shellcheck source=/dev/null
+        source "$(pwd)/wireguard/${SERVER_WG_NIC}/params"
+        manageMenu
+else
+        newInterface
+fi
+
				`@ -0,0 +1 @@`
				`mCscj1wPL4+kGrDMAKY3Ek8drGvxcgOlfudGAq9j+Vo=`
				`@ -0,0 +1 @@`
				`pWs3b9kfSZ+Uvg7Q9tYT52Lqxh7OEbOhkzmvE0NT/GM=`
				`@ -0,0 +1 @@`
				`GPBSyPyU06/jsowN9ScTpXDkMAzrGxKB217gVWcSVng=`
				`@ -0,0 +1 @@`
				`+tJsNqiNzwJ7PCLRvF83olIffVq9FAWSvOlYC7wbUp0=`
				`@ -0,0 +1 @@`
				`rtbXn9kJ32AqTbOeNcQjWT31UW+508ENhP1+Whez5TQ=`
				`@ -0,0 +1 @@`
				`APeJ2lVKE90EUHsDO+bYC5OAnpeUATCeGZWDL9K0dVM=`
				`@ -0,0 +1 @@`
				`isW7BmJAwEq6B2PeDbG4sN8z/dg2zfuhuLdPQY3WovU=`
				`@ -0,0 +1 @@`
				`GkRup6bdiXqb8GOaytLBQ1tFcQJ+SEu+KgkQlR17oE4=`