First Commit

2025-08-12 23:01:13 -04:00 · 2025-08-12 23:01:13 -04:00 · bd67283438
commit bd67283438
142 changed files with 5061 additions and 0 deletions
--- a/wireguard/real/genconfig
+++ b/wireguard/real/genconfig
@ -0,0 +1,288 @@
+#!/bin/bash
+
+Version=240226-1434
+debug=0
+CORP=EVOQ
+Rtr_CCR1_Addr="d90d0d815e13.sn.mynetname.net"
+Rtr_CCR1_Port="13232"
+Usr_CCR1_Addr="d90d0d815e13.sn.mynetname.net"
+Usr_CCR1_Port="13233"
+
+
+ScriptName=$(basename "$0")
+BaseDir="/home/boig01/temp/wireguard/real"
+WgRtrDir="${BaseDir}/routers"
+WgUsrDir="${BaseDir}/users"
+
+RTR_CCR1_PUB_KEY="9au45IDNJhHDNtN+LIpJDyMFTEYdN9WOSSHEJS8WRmw="
+USR_CCR1_PUB_KEY="vaH/ozwjGfhC1ODOJZ6PExwDNTRlms2kU43xmGi67yg="
+
+NumUser=0
+NumRouter=0
+NameUser=0
+Mode=0
+
+YELLOW='\033[0;33«m'
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+BLUE='\033[0;34m'
+NC='\033[0m' 		# No Color
+
+# Create paths if not there
+[ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}"
+[ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}"
+
+
+Start_Subnet=10.1.32.0
+Bits_Subnet=3
+Subnet_Bits=$((32-Bits_Subnet))              # Router address subnet bits
+NAPS=$((2**Bits_Subnet))                     # Nombre d'Adresses Par Subnet
+
+
+
+#=================== function Help ============================================
+#
+function Help()
+{
+echo -e "
+WireGuard-MikroTik ${BLUE}${CORP}${NC} configurator
+
+usage:
+  ${ScriptName} [Options]
+
+  -n  User #      (Unique user number between 1 and 253)
+  -u  User name   (AdrianSmith)
+  -r  Router #    (EVOQ router #, like 1 or 11)
+
+When in user mode, you must provide name & unique user number between 2 and 253.
+This user number will be assigned an ip address 10.1.40.[user #].
+
+" && exit
+}
+
+
+
+#=================== function Info =============================================
+#
+# Avec date / time prefix
+#
+Info() { printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" >&2; }	# send to stderr
+
+#=================== function Message ==========================================
+#
+#
+Message() { printf "\n${GREEN}%s${NC}\n"  "$*"; }      			# send to stdout
+
+
+
+
+#=================== function ip2int ===========================================
+#
+ip2int()
+{
+    local a b c d
+    { IFS=. read a b c d; } <<< $1
+    echo $(((((((a << 8) | b) << 8) | c) << 8) | d))
+}
+
+
+#=================== function int2ip ===========================================
+#
+int2ip()
+{
+    local ui32=$1; shift
+    local ip n
+    for n in 1 2 3 4; do
+        ip=$((ui32 & 0xff))${ip:+.}$ip
+        ui32=$((ui32 >> 8))
+    done
+    echo $ip
+}
+
+
+
+#======================== CreateUser ==========================================
+#
+function CreateUser()
+{
+ClientName=$1
+ClientNum=$2
+
+CLIENT_PRIV_KEY=$(wg genkey)
+CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey)
+CLIENT_PRE_SHARED_KEY=$(wg genpsk)
+CLIENT_NUM=$(printf "%03d" $2)
+CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}"
+CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf"
+CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.CCR1.rsc"
+
+((debug)) && echo -e "
+ClientName      = $1
+CLIENT_NUM      = $CLIENT_NUM
+CLIENT_FILE_WIN = $CLIENT_FILE_WIN
+CLIENT_FILE_RTR = $CLIENT_FILE_RTR
+" && exit
+
+
+echo -e "Client:
+${GREEN}---------------------------------------------------------${NC}"
+echo -e "[Interface]
+PrivateKey = ${CLIENT_PRIV_KEY}
+ListenPort = 51821
+Address = 192.168.10.${ClientNum}/32
+DNS = 192.168.10.1,1.1.1.1
+
+[Peer]
+PublicKey = ${USR_CCR1_PUB_KEY}
+PresharedKey = ${CLIENT_PRE_SHARED_KEY}
+AllowedIPs = 192.168.0.0/16
+Endpoint = ${Usr_CCR1_Addr}:${Usr_CCR1_Port}
+" | tee "${CLIENT_FILE_WIN}"
+
+
+echo -e "\nCCR:
+---------------------------------------------------------"
+echo -e "/interface wireguard peers add
+allowed-address=192.168.10.${ClientNum}/32 client-keepalive=10 disabled=no comment=\"User ${ClientName}\" interface=wg1 \\
+   preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}"
+}
+
+
+
+
+
+
+#======================== CreateRouter ========================================
+#
+function CreateRouter()
+{
+RouterNum="$1"
+RouterSubnet="$2"
+
+RTR_PRIV_KEY=$(wg genkey)
+RTR_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey)
+RTR_PRE_SHARED_KEY=$(wg genpsk)
+RTR_NUM=$(printf "%03d" $1)
+RTR_FILE_PREFIX="${RTR_NUM}-Router"
+RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}.rsc"
+RTR_FILE_RTR_CCR1="${WgRtrDir}/${RTR_FILE_PREFIX}.CCR1.rsc"
+
+
+((debug)) && echo -e "
+ClientName      = $1
+CLIENT_NUM      = $RTR_NUM
+CLIENT_FILE_RTR = $RTR_FILE_RTR
+" && exit
+
+
+Message "** Generated output files:"
+echo -e "${GREEN}---------------------------------------------------------${NC}
+${RTR_FILE_RTR}
+${RTR_FILE_RTR_CCR1}
+"
+Message "** Router Client Config:"
+echo -e "${GREEN}---------------------------------------------------------${NC}"
+echo -e "/interface wireguard
+add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\"
+
+/ip address add address=10.1.41.${RouterNum}/32 comment=wg-wg01 interface=wg01
+/ip route add dst-address=10.0.0.0/8 gateway=wg01
+/ip route add dst-address=192.168.0.0/16 gateway=wg01
+
+/interface wireguard peers add allowed-address=10.0.0.0/8,192.168.0.0/16 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\
+  endpoint-address=${Rtr_CCR1_Addr} endpoint-port=${Rtr_CCR1_Port}  preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_CCR1_PUB_KEY}\"
+
+/system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\
+  \"/ping interval=10 10.1.8.11 count=61\"
+
+/system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \
+| tee "${RTR_FILE_RTR}"
+
+
+#echo -e "\n"
+Message "** CCR1 Config:"
+echo -e "${GREEN}---------------------------------------------------------${NC}"
+echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum}\"  \\
+interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_PUB_KEY}\"
+
+/ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \
+| tee "${RTR_FILE_RTR_CCR1}"
+
+}
+
+
+
+#=================== function RrtSubnet ========================================
+#
+RtrSubnet()
+{
+  local RtrNum=$1
+
+  BaseNum=$(ip2int $Start_Subnet)      # Subnet de depart en format integer
+  Nth=$((RtrNum-1))                    # Le router #1 est "0" dans la séquence de subnet, #2 est 1, etc
+  Nth=$((Nth*NAPS))                    # Decimal a aditionner en fonction pour le Nth router
+  Subnet=$((BaseNum+Nth))              # Nth subnet calculé
+#  Subnet="${Subnet}/$(Bits_Subnet=3})"
+  
+  echo -e "$(int2ip $Subnet)/${Subnet_Bits}"
+}
+
+
+
+
+#================ MAIN ========================================================
+#
+
+((!$#)) && Help && exit		# If no command parameters passed, help and bail out
+echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator version $Version\n"
+
+while getopts dhn:r:u: option
+do
+ case "${option}" in
+    d) debug=1
+       ;;
+    h) Help 
+       exit ;;
+    n) NumUser=${OPTARG}
+       Mode="User"
+       ;;
+    r) NumRouter=${OPTARG}
+       Mode="Router"
+       ;;
+    u) NameUser=${OPTARG}
+       ;;
+    *) echo -e "Usage (bad argument: $OPTARG) \n"
+       exit 1;;
+ esac
+done
+
+
+((debug)) && echo -e "
+NumRouter = ${NumRouter}
+NumUser   = ${NumUser}
+RtrSubnet = $(RtrSubnet ${NumRouter})
+" && exit
+
+
+
+
+if [[ "${NumRouter}" -ne "0" && "${NumUser}" -ne "0" ]]
+then	
+  echo "** Error, can't use user and router # simulteaneously"
+  exit 1
+fi
+
+
+case "$Mode" in
+   User) CreateUser $NameUser $NumUser
+         exit
+         ;;
+ Router) CreateRouter $NumRouter $(RtrSubnet ${NumRouter})
+         exit
+         ;;
+      *) echo -e "\n** ERROR : User # was not provided"
+         Help
+	 ;;
+esac
+
+
--- a/wireguard/real/users/001-Real.CCR1.rsc
+++ b/wireguard/real/users/001-Real.CCR1.rsc
@ -0,0 +1,3 @@
+/interface wireguard peers add
+allowed-address=10.1.40.1/32 client-keepalive=10 disabled=no comment="User Real" interface=wg1 \
+   preshared-key="EGEruoS+9iFaDV7MOydXdkE8eQGpDhil446OzImIfOY=" public-key="J4nC/m8G2wMNDYeywORCYIo9eZq6v6fMgZVOFpRv3m0="
--- a/wireguard/real/users/001-Real.conf
+++ b/wireguard/real/users/001-Real.conf
@ -0,0 +1,12 @@
+[Interface]
+ListenPort = 51821
+PrivateKey = QHjXJWfo+G2BoJTKaLEviueDyK90nW/14ibUD3X31HI=
+Address = 192.168.10.1/32
+DNS = 192.168.10.254,1.1.1.1
+
+[Peer]
+PublicKey = vaH/ozwjGfhC1ODOJZ6PExwDNTRlms2kU43xmGi67yg=
+PresharedKey = EGEruoS+9iFaDV7MOydXdkE8eQGpDhil446OzImIfOY=
+Endpoint = d90d0d815e13.sn.mynetname.net:13233
+AllowedIPs = 192.168.0.0/16
+
--- a/wireguard/real/users/002-Guy.CCR1.rsc
+++ b/wireguard/real/users/002-Guy.CCR1.rsc
@ -0,0 +1,3 @@
+/interface wireguard peers add
+allowed-address=192.168.10.2/32 client-keepalive=10 disabled=no comment="User Guy" interface=wg1 \
+   preshared-key="0FaSQ2/iTj2Eu7ttME16pIet6nJnh0gtfEACK9aCCBI=" public-key="tQk6OTijE3YawHAQk6jfcVmgMzvH3zUyNqrhl3zRmHQ="
--- a/wireguard/real/users/002-Guy.conf
+++ b/wireguard/real/users/002-Guy.conf
@ -0,0 +1,12 @@
+[Interface]
+ListenPort = 51821
+PrivateKey = wDaoTqcCfIar7dukhYQYu8M5LDN+3BZc8Zcn/UetjWQ=
+Address = 192.168.10.2/32
+DNS = 1.1.1.1
+
+[Peer]
+PublicKey = vaH/ozwjGfhC1ODOJZ6PExwDNTRlms2kU43xmGi67yg=
+PresharedKey = 0FaSQ2/iTj2Eu7ttME16pIet6nJnh0gtfEACK9aCCBI=
+Endpoint = d90d0d815e13.sn.mynetname.net:13233
+AllowedIPs = 192.168.2.0/24
+
--- a/wireguard/real/users/Real-maison.conf
+++ b/wireguard/real/users/Real-maison.conf
@ -0,0 +1 @@
+/home/boig01/Nextcloud2/guydev/network/wireguard/real/users/002-Guy.conf
				`@ -0,0 +1 @@`
				`/home/boig01/Nextcloud2/guydev/network/wireguard/real/users/002-Guy.conf`