Impl full subnet clients for wireguardConfigGenerator.sh

This commit is contained in:
Stephen Seo 2021-05-22 17:46:40 +09:00
parent d99c70fc78
commit 39bc54234a

View file

@ -10,13 +10,15 @@ function print_help {
echo "Generates config for wireguard"
echo "-h - prints this help"
echo "-n <name> - gives a name to the config"
echo "-c <count> - number of clients to generate for"
echo "-c <count> - number of clients to generate for. Mutually exclusive with \"-u\""
echo "-s <ipv4_second> - sets the second byte of the ipv4"
echo "-i <ipv4_third> - sets the third byte of the ipv4"
echo "-e <endpoint> - ip address or domain name (required)"
echo "-p <port> - listen port of server (defaults to 50000)"
echo "-k - enables persistent keepalive for clients"
echo "-o <directory> - output dir to place configs (required)"
echo "-u <subnet> - subnet to use (default 24). Mutually exclusive with \"-c\""
echo "-f <ipv4_fourth> - must use with \"-u\" to set partial fourth byte"
}
WGNAME="wg$(date | sha1sum | head -c 8)"
@ -24,14 +26,18 @@ CLIENT_COUNT=1
IPV4_FIRST=10
IPV4_SECOND=8 # this can be modified with "-s <integer>"
IPV4_THIRD=0 # this can be modified with "-i <integer>"
# IPV4_FOURTH is generated automatically. Server starts with 1, and clients increment afterward.
IPV4_FOURTH=0 # used when "-u <subnet>" is used
SERVER_ENDPOINT="REQUIRED"
SERVER_LISTEN_PORT=50000
ENABLE_PERSISTENT_KEEPALIVE=0
CONFIG_OUTPUT_DIRECTORY="REQUIRED"
WG_SUBNET=24
CLIENT_COUNT_SET=0
WG_SUBNET_SET=0
IPV4_FOURTH_SET=0
# OPTARG
while getopts 'hn:c:s:i:e:p:ko:' opt; do
while getopts 'hn:c:s:i:e:p:ko:u:f:' opt; do
if [ "$opt" == "?" ]; then
print_help
exit 1
@ -42,6 +48,7 @@ while getopts 'hn:c:s:i:e:p:ko:' opt; do
WGNAME="$OPTARG"
elif [ "$opt" == "c" ]; then
CLIENT_COUNT="$OPTARG"
CLIENT_COUNT_SET=1
elif [ "$opt" == "s" ]; then
IPV4_SECOND="$OPTARG"
if (($IPV4_SECOND < 0 || $IPV4_SECOND > 255)); then
@ -69,9 +76,16 @@ while getopts 'hn:c:s:i:e:p:ko:' opt; do
ENABLE_PERSISTENT_KEEPALIVE=1
elif [ "$opt" == "o" ]; then
CONFIG_OUTPUT_DIRECTORY="$OPTARG"
elif [ "$opt" == "u" ]; then
WG_SUBNET="$OPTARG"
WG_SUBNET_SET=1
elif [ "$opt" == "f" ]; then
IPV4_FOURTH="$OPTARG"
IPV4_FOURTH_SET=1
fi
done
# validation
if [ "$SERVER_ENDPOINT" == "REQUIRED" ]; then
echo "ERROR: Endpoint is not set with \"-e\" !"
exit 2
@ -81,9 +95,38 @@ elif [ "$CONFIG_OUTPUT_DIRECTORY" == "REQUIRED" ]; then
elif [ ! -d "$CONFIG_OUTPUT_DIRECTORY" ]; then
echo "ERROR: dir set with \"-o\" is not a directory!"
exit 4
elif (( $CLIENT_COUNT_SET )) && (( $WG_SUBNET_SET )); then
echo "ERROR: \"-c\" and \"-u\" is mutually exclusive!"
exit 12
elif (( $IPV4_FOURTH_SET )) && (( $WG_SUBNET_SET == 0 )); then
echo "ERROR: fourth byte set but \"-u\" not used!"
exit 13
fi
echo "Creating config with name \"$WGNAME\" with \"$CLIENT_COUNT\" clients..."
# validation of "-u <subnet>"
if (( $WG_SUBNET < 24 )); then
echo "ERROR: subnet cannot be less than 24!"
exit 9
elif (( $WG_SUBNET > 24 )); then
USED_BITS=$(( 32 - $WG_SUBNET ))
if (( $USED_BITS < 2 )); then
echo "ERROR: subnet \"$WG_SUBNET\" is too large! Use 24-30!"
exit 11
fi
TEMP_A="$IPV4_FOURTH"
while (( $USED_BITS > 0 )); do
if (( $TEMP_A & 1 != 0 )); then
echo "ERROR: Invalid IPV4_FOURTH when using subnet \"$WG_SUBNET\"!"
exit 10
fi
TEMP_A=$(( $TEMP_A >> 1 ))
USED_BITS=$(( $USED_BITS - 1 ))
done
CLIENT_COUNT=$(( 2**(32 - $WG_SUBNET) - 2 ))
fi
echo "Creating config with name \"$WGNAME\" with \"$CLIENT_COUNT\" clients and subnet \"$WG_SUBNET\"..."
mkdir -p "$HOME/temp"
@ -97,7 +140,7 @@ SERVER_PUB="$(echo -n ${SERVER_PRK} | wg pubkey)"
echo "Creating server conf (will be appended to with client info)..."
cat >> "${SERVER_CONF}" <<EOF
[Interface]
Address = ${IPV4_FIRST}.${IPV4_SECOND}.${IPV4_THIRD}.1/24
Address = ${IPV4_FIRST}.${IPV4_SECOND}.${IPV4_THIRD}.$(( 1 | $IPV4_FOURTH ))/$WG_SUBNET
ListenPort = ${SERVER_LISTEN_PORT}
PrivateKey = ${SERVER_PRK}
EOF
@ -115,19 +158,19 @@ for ((i = 0; i < $CLIENT_COUNT; ++i)); do
[Peer]
PublicKey = ${CLIENT_PUB}
PresharedKey = ${CLIENT_PRE}
AllowedIPs = ${IPV4_FIRST}.${IPV4_SECOND}.${IPV4_THIRD}.$((i + 2))/32
AllowedIPs = ${IPV4_FIRST}.${IPV4_SECOND}.${IPV4_THIRD}.$(( (i + 2) | $IPV4_FOURTH ))/32
EOF
echo "Creating client $((i + 1)) conf..."
cat >> "${CLIENT_CONF}" <<EOF
[Interface]
Address = ${IPV4_FIRST}.${IPV4_SECOND}.${IPV4_THIRD}.$((i + 2))/24
Address = ${IPV4_FIRST}.${IPV4_SECOND}.${IPV4_THIRD}.$(( (i + 2) | $IPV4_FOURTH ))/$WG_SUBNET
PrivateKey = ${CLIENT_PRK}
[Peer]
PublicKey = ${SERVER_PUB}
PresharedKey = ${CLIENT_PRE}
AllowedIPs = ${IPV4_FIRST}.${IPV4_SECOND}.${IPV4_THIRD}.1/32
AllowedIPs = ${IPV4_FIRST}.${IPV4_SECOND}.${IPV4_THIRD}.$(( 1 | $IPV4_FOURTH ))/32
Endpoint = ${SERVER_ENDPOINT}:${SERVER_LISTEN_PORT}
EOF