#!/bin/bash Version=250731-1953 debug=0 ScriptMode="" # Script gen mode for client: user or router BOLD=$( tput bold) NORMAL=$( tput sgr0) RESET=$( tput sgr0) NC=$( tput sgr0) # No color BOLD=$( tput bold) BLACK=$( tput setaf 0) RED=$( tput setaf 1) GREEN=$( tput setaf 2) YELLOW=$( tput setaf 3) BLUE=$( tput setaf 4) MAGENTA=$( tput setaf 5) CYAN=$( tput setaf 6) WHITE=$( tput setaf 7) DEFAULT=$( tput setaf 9) #---ini file parameters list unset PARAMS; PARAMS=( RtrInterface Rtr_Addr_Admin Rtr_Addr_Public Rrt_Port Rtr_Addr_Private Rtr_CIDR_Mask Rtr_PUB_KEY Rtr_DNS Rtr_Route ) export RouterName="" export RouterInterface="" export DeviceName="" export Company="" export CORP="" export UserName="" #========== INTERNAL FUNCTIONS ================================================ #---------- function Info ----------------------------------------------------- # # With date / time prefix # Info() { printf "${GREEN}%s ${NC} %s\n" "$( date +%F_%T )" "$*" } #---------- function Message -------------------------------------------------- # # Send to STDOUT # function Message() { printf "\n${GREEN}[i] ${BLUE}%s${NC}\n" "$*" } #---------- ip2int ------------------------------------------------------------ # function ip2int() { local a b c d { IFS=. read a b c d; } <<< $1 echo $(((((((a << 8) | b) << 8) | c) << 8) | d)) } #---------- int2ip ------------------------------------------------------------ # function int2ip() { local ui32=$1; shift local ip n for n in 1 2 3 4; do ip=$((ui32 & 0xff))${ip:+.}$ip ui32=$((ui32 >> 8)) done echo $ip } #---------- RouterCommand ----------------------------------------------------- # function RouterConnect() { local Command="$" } #---------- CreateUser -------------------------------------------------------- # function CreateUser() { local RouterName=$1 local RouterInterface=$2 local UserNumber=$3 local UserName=$4 local debug=0 RouterCfg="${RouterName}.cfg" #---Read values from config file for PARAM in "${PARAMS[@]}" do eval local ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) done Digits=000 Temp="${Digits}${UserNumber}" ClientNumPad=$(echo ${Temp:(-${#Digits})}) IFS=. read -r octet1 octet2 octet3 octet4 <<< "$Rtr_Addr_Private" Subnet="${octet1}.${octet2}.${octet3}" UserAddress=${Subnet}.${UserNumber}/32 Message "Subnet : $Subnet" Message "ClientNumPad : $ClientNumPad" ((debug)) && echo -e " DEBUG - CreateUser User Number = $1 UserName = $2 UserName = $3 UserAddress = $UserAddress Rtr_Addr_Public = $Rtr_Addr_Public Rrt_Port = $Rrt_Port RouterInterface = $RouterInterface Rtr_Addr_Private = $Rtr_Addr_Private Rtr_CIDR_Mask = $Rtr_CIDR_Mask Rtr_PUB_KEY = $Rtr_PUB_KEY Subnet = $Subnet " | column -t && exit CLIENT_PRIV_KEY=$(wg genkey) CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) CLIENT_PRE_SHARED_KEY=$(wg genpsk) ROUTER_PUB_KEY="$RouterPubKey" CLIENT_FILE_PREFIX="U-${ClientNumPad}-${UserName}" CLIENT_FILE_WIN="${CLIENT_FILE_PREFIX}.conf" CLIENT_FILE_RTR="${CLIENT_FILE_PREFIX}.Peer.rsc" echo -e "\nClient: ${GREEN}---------------------------------------------------------${NC}" echo -e "[Interface] PrivateKey = ${CLIENT_PRIV_KEY} ListenPort = 51821 Address = ${UserAddress} DNS = 1.1.1.1,8.8.8.8 [Peer] PublicKey = ${Rtr_PUB_KEY} PresharedKey = ${CLIENT_PRE_SHARED_KEY} AllowedIPs = 0.0.0.0/0 Endpoint = ${Rtr_Addr_Public}:${Rrt_Port} PersistentKeepalive = 25 " | tee "${CLIENT_FILE_WIN}" echo -e "\nRouter: ${GREEN}---------------------------------------------------------${NC}" echo -e "/interface wireguard peers add allowed-address=${Subnet}.${UserNumber}/32 disabled=no name=\"${UserName}\" interface=${RouterInterface} \\ preshared-key=\"${CLIENT_PRE_SHARED_KEY}\" public-key=\"${CLIENT_PUB_KEY}\""| tee "${CLIENT_FILE_RTR}" Message "QR Code:" qrencode -t ansiutf8 -l L < "${CLIENT_FILE_WIN}" qrencode -l L -s 6 -d 225 -o "${CLIENT_FILE_WIN}.png" < "${CLIENT_FILE_WIN}" Message "Generated User Files:" ls -1 ${CLIENT_FILE_PREFIX}* } #---------- CreateRouter ------------------------------------------------------ # function CreateRouter() { local debug=1 local RouterNum="$1" local RouterSubnet="$2" local Corp="$3" local BaseDir="${BaseDir}/${Corp}" # BaseDir global variable local WgRtrDir="${BaseDir}/routers" #---Create paths if not there [ ! -d "$WgRtrDir" ] && mkdir -p "${WgRtrDir}" RTR_PRIV_KEY=$(wg genkey) Endpoint_Rtr_PUB_KEY=$(echo "${RTR_PRIV_KEY}" | wg pubkey) RTR_PRE_SHARED_KEY=$(wg genpsk) RTR_NUM=$(printf "%03d" $1) RTR_FILE_PREFIX="${RTR_NUM}-Router" RTR_FILE_RTR="${WgRtrDir}/${RTR_FILE_PREFIX}_Client.rsc" RTR_FILE_RTR_ENDPOINT="${WgRtrDir}/${RTR_FILE_PREFIX}_Endpoint.rsc" ((debug)) && echo -e " Corp = $Corp RTR_NUM = $RTR_NUM CLIENT_FILE_RTR = $RTR_FILE_RTR BaseDir = $BaseDir PreShared Key = $RTR_PRE_SHARED_KEY " && exit [ -d "${BaseDir}" ] && Message "Creating dir ${BaseDir}" && mkdir -p "${BaseDir}" Message "Generated output files:" echo -e "${GREEN}---------------------------------------------------------${NC} ${RTR_FILE_RTR} ${RTR_FILE_RTR_ENDPOINT} " Message "Client Router Config:" echo -e "${GREEN}---------------------------------------------------------${NC}" echo -e "/interface wireguard add listen-port=13239 mtu=1420 name=wg01 private-key=\"${RTR_PRIV_KEY}\" /ip address add address=172.18.1.${RouterNum}/32 comment=wg-wg01 interface=wg01 /interface wireguard peers add allowed-address=172.16.18.254 client-keepalive=10 disabled=no comment=\"CCR1 Montreal\" interface=wg01 \\ endpoint-address=${Endpoint_Rtr_Addr_Public} endpoint-port=${Endpoint_Rrt_Port} preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" /system script add dont-require-permissions=no name=ping-CCR1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\\ \"/ping interval=10 10.1.8.11 count=61\" /system/scheduler add interval=10m name=Ping-CCR1 on-event=\"/system/script/run ping-CCR1\" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=apr/02/2022 start-time=12:00:00 " \ | tee "${RTR_FILE_RTR}" #echo -e "\n" Message "${EndpointID} endpoint Config:" echo -e "${GREEN}---------------------------------------------------------${NC}" echo -e "/interface wireguard peers add allowed-address=10.1.41.${RouterNum}/32,${RouterSubnet} disabled=no comment=\"Router ${RouterNum} ${NameRouter}\" \\ interface=WG-Routers preshared-key=\"${RTR_PRE_SHARED_KEY}\" public-key=\"${Endpoint_Rtr_PUB_KEY}\" /ip route add dst-address=${RouterSubnet} gateway=10.1.41.${RouterNum}" \ | tee "${RTR_FILE_RTR_ENDPOINT}" } #---------- GetRouter_Infos ---------------------------------------------------- # function GetRouter_Infos() { local RouterName="$1" local IniFile="${1}.cfg" local debug=0 ((debug)) && echo -e "\nIniFile = ${IniFile}\n" #read -p "Entrer l'interface du router: " RouterInterface echo -e "[${RouterName}]" >> ${IniFile} for PARAM in "${PARAMS[@]}" do echo -e "\nPARAM = $PARAM" eval 'read -p "Entrer ${PARAM} " Value' eval 'echo ${PARAM}=${Value} >> ${IniFile}' done ((debug)) && echo "${FUNCNAME[0]} exit" } #---------- Help --------------------------------------------------------------- # function Help() { cat << EOF usage: $(basename "$0") [OPTIONS] -a Debug mode -d Device Name -h Show this message -i Interactive -u User Name -n User / Device number EOF } #================= MAIN ======================================================= # ((!$#)) && Help && exit while getopts ad:hi:n:qu: option do case "${option}" in a) debug=1 ;; d) DeviceName="${OPTARG}" ;; h) Help exit ;; i) Interactive exit ;; n) UserNumber="${OPTARG}" ;; u) UserName="${OPTARG}" ;; *) Message "Usage (bad argument: $OPTARG)" exit 1 ;; esac done #---Init global variables #for PARAM in "${PARAMS[@]}" #do # eval export '${PARAM}=""' # done if [[ ! -z ${UserName} ]] # User mode prioritised if both specified then ScriptMode=User Message "User mode" elif [[ ! -z ${DeviceName} ]] then ScriptMode=Device Message "Device mode" else Message "Must use either -u or -d" exit fi CfgNum=$(find . -maxdepth 1 -iname "*.cfg" |wc -l) Message "Avant demande router infos" if [[ $CfgNum -eq 1 ]] then RouterCfg=$(find . -maxdepth 1 -iname "*.cfg" -printf "%f") RouterName="${RouterCfg%.*}" else read -p "Entrer Nom du Router: " RouterName ((debug)) && echo -e "Router Name = ${RouterName}" GetRouter_Infos "${RouterName}" RouterCfg=${RouterName}.cfg fi ((debug)) && echo -e " Après GetRouter_Infos RouterName : $RouterName RouterInterface : $RouterInterface " for PARAM in "${PARAMS[@]}" do eval ${PARAM}=$(sed -nr "/^\[${RouterName}\]/ { :l /^${PARAM}[ ]*=/ { s/[^=]*=[ ]*//; p; q;}; n; b l;}" $RouterCfg) done echo -e "Avant Create User" ((debug)) && echo -e " RouterName = $RouterName DeviceName = $DeviceName UserNumber = $UserNumber UserName = $UserName Rtr_Addr_Admin = $Rtr_Addr_Admin Rtr_Addr_Public = $Rtr_Addr_Public Rrt_Port = $Rrt_Port RtrInterface = $RtrInterface Rtr_Addr_Private = $Rtr_Addr_Private Rtr_CIDR_Mask = $Rtr_CIDR_Mask Rtr_PUB_KEY = $Rtr_PUB_KEY " | column -t && exit case "${ScriptMode}" in User) CreateUser ${RouterName} ${RtrInterface} ${UserNumber} ${UserName} exit ;; Router) CreateRouter ${RouterName} ${UserNumber} ${DeviceName} ;; *) Message "Bad mode passed ${ScriptMode}" exit 1 ;; esac Message "All done."