#!/bin/bash Version=240226-1434 debug=0 CORP=IngTegration RouterID=RB5009 Rtr_CCR1_Addr="199.168.223.11" Rtr_CCR1_Port="13232" Usr_CCR1_Addr="199.168.223.11" Usr_CCR1_Port="13233" ScriptName=$(basename "$0") BaseDir="/home/boig01/temp/wireguard/ingt" WgRtrDir="${BaseDir}/routers" WgUsrDir="${BaseDir}/users" RTR_CCR1_PUB_KEY="tZRvoRBOEBEz6sNZQmw1M2NE2OH78vkHib1iQgbxDDE=" USR_CCR1_PUB_KEY="tZRvoRBOEBEz6sNZQmw1M2NE2OH78vkHib1iQgbxDDE=" NumUser=0 NumRouter=0 NameUser=0 Mode=0 YELLOW='\033[0;33m' GREEN='\033[0;32m' RED='\033[0;31m' BLUE='\033[0;34m' NC='\033[0m' # No Color # Create paths if not there [ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" [ ! -d "$WgUsrDir" ] && mkdir -p "${WgUsrDir}" #---Client Router Subnets Start_Subnet=172.18.1.0 Bits_Subnet=8 Subnet_Bits=$((32-Bits_Subnet)) # Router address subnet bits NAPS=$((2**Bits_Subnet)) # Nombre d'Adresses Par Subnet #=================== function Help ============================================ # function Help() { echo -e " WireGuard-MikroTik ${BLUE}${CORP}${NC} configurator usage: ${ScriptName} [Options] -n User # (Unique user number between 1 and 253) -u User name (AdrianSmith) -r Router # (EVOQ router #, like 1 or 11) When in user mode, you must provide name & unique user number between 2 and 253. This user number will be assigned an ip address 10.1.40.[user #]. " && exit } #=================== function Info ============================================= # # Avec date / time prefix # Info() { printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" >&2; } # send to stderr #=================== function Message ========================================== # # Send to STDOUT # Message() { printf "\n${GREEN}[i] ${BLUE}%s${NC}" "$*" } #=================== function ip2int =========================================== # ip2int() { local a b c d { IFS=. read a b c d; } <<< $1 echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) } #=================== function int2ip =========================================== # int2ip() { local ui32=$1; shift local ip n for n in 1 2 3 4; do ip=$((ui32 & 0xff))${ip:+.}$ip ui32=$((ui32 >> 8)) done echo $ip } #======================== CreateUser ========================================== # function CreateUser() { ClientName=$1 ClientNum=$2 CLIENT_PRIV_KEY=$(wg genkey) CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) CLIENT_PRE_SHARED_KEY=$(wg genpsk) CLIENT_NUM=$(printf "%03d" $2) CLIENT_FILE_PREFIX="${CLIENT_NUM}-${ClientName}" CLIENT_FILE_WIN="${WgUsrDir}/${CLIENT_FILE_PREFIX}.conf" CLIENT_FILE_RTR="${WgUsrDir}/${CLIENT_FILE_PREFIX}.CCR1.rsc" ((debug)) && echo -e " ClientName = $1 CLIENT_NUM = $CLIENT_NUM CLIENT_FILE_WIN = $CLIENT_FILE_WIN CLIENT_FILE_RTR = $CLIENT_FILE_RTR " && exit echo -e "Client: ${GREEN}---------------------------------------------------------${NC}" echo -e "[Interface] PrivateKey = ${CLIENT_PRIV_KEY} ListenPort = 51821 Address = 10.8.38.${ClientNum}/32 DNS = 1.1.1.1,8.8.8.8 [Peer] PublicKey = ${USR_CCR1_PUB_KEY} PresharedKey = ${CLIENT_PRE_SHARED_KEY} AllowedIPs = 10.8.0.0/16 Endpoint = ${Usr_CCR1_Addr}:${Usr_CCR1_Port} PersistentKeepalive = 25 " | tee "${CLIENT_FILE_WIN}" echo -e "\nAtom Router: ${GREEN}---------------------------------------------------------${NC}" echo -e "/interface wireguard peers add allowed-address=10.8.38.${ClientNum}/32 disabled=no comment=\"User ${ClientName}\" interface=wg1 \\ preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" } #======================== CreateRouter ======================================== # function CreateRouter() { RouterNum="$1" RouterSubnet="$2" RTR_PRIV_KEY=$(wg genkey) RTR_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) RTR_PRE_SHARED_KEY=$(wg genpsk) RTR_NUM=$(printf "%03d" $1) RTR_FILE_PREFIX="${RTR_NUM}-Router" RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}.rsc" RTR_FILE_RTR_CCR1="${WgRtrDir}/${RTR_FILE_PREFIX}.CCR1.rsc" ((debug)) && echo -e " ClientName = $1 CLIENT_NUM = $RTR_NUM CLIENT_FILE_RTR = $RTR_FILE_RTR " && exit Message "Generated output files:" echo -e "${GREEN}---------------------------------------------------------${NC} ${RTR_FILE_RTR} ${RTR_FILE_RTR_CCR1} " Message "Router Client Config:" echo -e "${GREEN}---------------------------------------------------------${NC}" echo -e "/interface wireguard add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" /ip address add address=10.1.41.${RouterNum}/32 comment=wg-wg01 interface=wg01 /ip route add dst-address=10.0.0.0/8 gateway=wg01 /ip route add dst-address=192.168.0.0/16 gateway=wg01 /interface wireguard peers add allowed-address=10.0.0.0/8,192.168.0.0/16 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ endpoint-address=${Rtr_CCR1_Addr} endpoint-port=${Rtr_CCR1_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_CCR1_PUB_KEY}\" /system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ \"/ping interval=10 10.1.8.11 count=61\" /system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ | tee "${RTR_FILE_RTR}" #echo -e "\n" Message "${RouterID} Config:" echo -e "${GREEN}---------------------------------------------------------${NC}" echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum}\" \\ interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${RTR_PUB_KEY}\" /ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ | tee "${RTR_FILE_RTR_CCR1}" } #=================== function RrtSubnet ======================================== # RtrSubnet() { local RtrNum=$1 BaseNum=$(ip2int $Start_Subnet) # Subnet de depart en format integer Nth=$((RtrNum-1)) # Le router #1 est "0" dans la séquence de subnet, #2 est 1, etc Nth=$((Nth*NAPS)) # Decimal a aditionner en fonction pour le Nth router Subnet=$((BaseNum+Nth)) # Nth subnet calculé # Subnet="${Subnet}/$(Bits_Subnet=3})" echo -e "$(int2ip $Subnet)/${Subnet_Bits}" } #================ MAIN ======================================================== # ((!$#)) && Help && exit # If no command parameters passed, help and bail out echo -e "\nWireGuard-MikroTik ${BLUE}${CORP}${NC} configurator version $Version\n" while getopts dhn:r:u: option do case "${option}" in d) debug=1 ;; h) Help exit ;; n) NumUser=${OPTARG} Mode="User" ;; r) NumRouter=${OPTARG} Mode="Router" ;; u) NameUser=${OPTARG} ;; *) echo -e "Usage (bad argument: $OPTARG) \n" exit 1;; esac done ((debug)) && echo -e " NumRouter = ${NumRouter} NumUser = ${NumUser} RtrSubnet = $(RtrSubnet ${NumRouter}) " && exit if [[ "${NumRouter}" -ne "0" && "${NumUser}" -ne "0" ]] then echo "** Error, can't use user and router # simulteaneously" exit 1 fi case "$Mode" in User) Message "Creating User" CreateUser $NameUser $NumUser exit ;; Router) Message "Creating Router with $(RtrSubnet ${NumRouter})" CreateRouter $NumRouter $(RtrSubnet ${NumRouter}) exit ;; *) echo -e "\n** ERROR : User # was not provided" Help ;; esac