Wireguard: Unterschied zwischen den Versionen

Aus Info-Theke
Zur Navigation springen Zur Suche springen
Zeile 24: Zeile 24:
</syntaxhighlight>
</syntaxhighlight>


=== Konfiguration erstellen ===
=== Scripts erstellen ===
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
WG_ID=vinfeos0
FN_SCRIPT=/etc/wireguard/Build
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
cat <<'ESCRIPT' >$FN_SCRIPT
if [ -e $FN_KEY_PRIVATE ]; then
#! /bin/bash
   echo "$FN_KEY_PRIVATE already exists!"
WG_ID=$1
 
function Server(){
  source db/$WG_ID/server.conf
  cat <<EOS >$WG_ID.conf
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
PrivateKey = $PRIVATE_KEY
 
EOS
  echo "= created: $WG_ID.conf"
}
 
function Client(){
  local config=$1
  source $config
  local fn=$WG_ID.conf
  cat <<EOS >>$fn
[Peer]
# client $CLIENT
PublicKey = $PUB_KEY
AllowedIPs = $ALLOWED_IPS
 
EOS
}
function Usage(){
  echo "Usage: Build VPN_ID"
  echo "Example: Build wg0"
  echo "+++ $*"
}
if [ -z "$WG_ID" ]; then
  Usage "missing VPN_ID"
elif [ ! -d db/$WG_ID ]; then
  Usage "VPN_ID not defined: $WG_ID"
  echo "= available:"
  for dir in db/*; do
    test -d $dir/clients && echo $(basename $dir)
  done
else
  Server
  for client in db/$WG_ID/clients/*.conf; do
    Client $client
  done
fi
ESCRIPT
echo "created: $FN_SCRIPT"
chmod +x $FN_SCRIPT
# =======
FN_SCRIPT=/etc/wireguard/BuildServer
cat <<'SCRIPT' >$FN_SCRIPT
#! /bin/bash
WG_ID=$1
IP_SERVER=$2
HOST=$3
PORT=$4
test -z "$HOST" && HOST=$(hostname)
test -z "$PORT" && PORT=51820
 
function Usage(){
  echo "Usage BuildServer VPN_ID IP [HOST [PORT]]"
  echo "Example: BuildServer wg0 10.10.100.1/24 dragon 51820"
}
 
function Create(){
  mkdir -p db/$WG_ID/clients
  local fnPrivateKey=db/$WG_ID/private.key
  if [ ! -e $fnPrivateKey ]; then
    wg genkey > $fnPrivateKey
    chmod go= $fnPrivateKey
    echo "= created: $fnPrivateKey"
  fi
  local fnPublicKey=db/$WG_ID/public.key
  if [ ! -e $fnPublicKey ]; then
    wg <$fnPrivateKey pubkey >$fnPublicKey
    echo "= created: $fnPublicKey"
  fi
  local fnConfig=db/$WG_ID/server.conf
  cat <<EOS >$fnConfig
WG_ID=$WG_ID
IP_SERVER=$IP_SERVER
PORT=$PORT
PRIVATE_KEY=$(cat $fnPrivateKey)
EOS
   echo "= created: $fnConfig"
}
 
if [ -z "$IP_SERVER" ]; then
  Usage "missing IP_SERVER"
elif [ ${1/\//} != $1 ]; then
  Usage "wrong IP_SERVER: $IP_SERVER"
else
else
   wg genkey | sudo tee $FN_KEY_PRIVATE
   Create
  chmod go= $FN_KEY_PRIVATE
fi
fi
SCRIPT
chmod +x $FN_SCRIPT
echo "= created: $FN_SCRIPT"
# =======
FN_SCRIPT=/etc/wireguard/BuildClient
cat <<'SCRIPT' >$FN_SCRIPT
#! /bin/bash
WG_ID=$1
CLIENT=$2
PUBLIC_KEY=$3
IP_CLIENT=$4
ALLOWED_IPS=$5
function Usage(){
  echo "Usage: BuildClient VPN_ID CLIENT_NAME IP_CLIENT PUB_KEY ALLOWED_IDS"
  echo "Example: BuildClient wg0 joe 10.10.100.44/32 0fajdkafkdla02jiw902902= 10.10.100.0/24,10.10.101.0/24"
  echo "+++ $*"
}


IP_SERVER=10.58.1.1/16
function Create(){
FN_CONFIG=/etc/wireguard/$WG_ID.conf
  mkdir -p db/$WG_ID/clients
PORT=51820
  local fnConfig=db/$WG_ID/clients/$CLIENT.conf
cat <<EOS >$FN_CONFIG
  cat <<EOS >$fnConfig
[Interface]
CLIENT=$CLIENT
Address = $IP_SERVER
PUB_KEY=$PUBLIC_KEY
ListenPort = $PORT
ALLOWED_IPS=$ALLOWED_IPS
# Use your own private key, from /etc/wireguard/privatekey
PrivateKey = $(cat $FN_KEY_PRIVATE)
EOS
EOS
for client in db/clients/*.conf; do
  echo "= created: $fnConfig"
   cat $client >>$FN_CONFIG
}
done
 
if [ -z "$ALLOWED_IPS" ]; then
  Usage "missing arguments"
elif [ ! -d db/$WG_ID ]; then
   Usage "unknown VPN_ID: $WG_ID"
else
  Create
fi
SCRIPT
  chmod +x $FN_SCRIPT
  echo "= created: $FN_SCRIPT"
</syntaxhighlight>
</syntaxhighlight>


=== Konfiguration Server ===
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
WG_ID=wg0
WG_ID=wg0
FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $KEY_PRIVATE
IP_SERVER=10.58.1.1/16
IP_SERVER=10.58.1.1/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf
HOST=$(hostname)
PORT=51820
PORT=51820
./BuildServer $WK_ID $IP_SERVER $HOST $PORT
</syntaxhighlight>


cat <<EOS >$FN_CONFIG
=== Konfiguration Client ===
[Interface]
<syntaxhighlight lang="bash">
Address = $IP_SERVER
WG_ID=wg0
ListenPort = $PORT
CLIENT=joe
# Use your own private key, from /etc/wireguard/privatekey
IP_CLIENT=10.58.1.10/32
PrivateKey = $(cat $KEY_PRIVATE)
PUB_KEY=0fajdkafkdla02jiw902902=
EOS
ALLOWED_IPS=10.58.1.0/24
for client in db/clients/*.conf; do
./BuildClient $WG_ID $CLIENT $IP_CLIENT $PUB_KEY $ALLOWED_IPS
  cat $client >>$FN_CONFIG
done
</syntaxhighlight>
</syntaxhighlight>


Version vom 1. April 2023, 16:01 Uhr

Links

Installation

apt install wireguard resolvconf

Zentrale einrichten

Für jeden Client

CLIENT_NAME=wk-rambo
FN_PEER=db/clients/$CLIENT_NAME.conf
ALLOWED_IPS=10.58.1.0/16
PUBKEY_CLIENT=kFJDiSluqYczby0AkXBjAT7iSF5qEW45CUxzzjqhbg8=
mkdir -p $(dirname $FN_PEER)
cat <<EOS >$FN_PEER
[Peer]
# $CLIENT_NAME public key:
PublicKey = $PUBKEY_CLIENT
# VPN client's IP address in the VPN
AllowedIPs = $ALLOWED_IPS
EOS

Scripts erstellen

FN_SCRIPT=/etc/wireguard/Build
cat <<'ESCRIPT' >$FN_SCRIPT
#! /bin/bash
WG_ID=$1

function Server(){
  source db/$WG_ID/server.conf
  cat <<EOS >$WG_ID.conf
[Interface]
Address = $IP_SERVER 
ListenPort = $PORT
PrivateKey = $PRIVATE_KEY

EOS
  echo "= created: $WG_ID.conf"
}

function Client(){
  local config=$1
  source $config
  local fn=$WG_ID.conf
  cat <<EOS >>$fn
[Peer]
# client $CLIENT
PublicKey = $PUB_KEY
AllowedIPs = $ALLOWED_IPS

EOS
}
function Usage(){
  echo "Usage: Build VPN_ID"
  echo "Example: Build wg0"
  echo "+++ $*"
}
if [ -z "$WG_ID" ]; then
  Usage "missing VPN_ID"
elif [ ! -d db/$WG_ID ]; then
  Usage "VPN_ID not defined: $WG_ID"
  echo "= available:"
  for dir in db/*; do
    test -d $dir/clients && echo $(basename $dir)
  done
else
  Server
  for client in db/$WG_ID/clients/*.conf; do
    Client $client
  done
fi
ESCRIPT
echo "created: $FN_SCRIPT"
chmod +x $FN_SCRIPT
# =======
FN_SCRIPT=/etc/wireguard/BuildServer
cat <<'SCRIPT' >$FN_SCRIPT
#! /bin/bash
WG_ID=$1
IP_SERVER=$2
HOST=$3
PORT=$4
test -z "$HOST" && HOST=$(hostname)
test -z "$PORT" && PORT=51820

function Usage(){
  echo "Usage BuildServer VPN_ID IP [HOST [PORT]]"
  echo "Example: BuildServer wg0 10.10.100.1/24 dragon 51820"
}

function Create(){
  mkdir -p db/$WG_ID/clients
  local fnPrivateKey=db/$WG_ID/private.key
  if [ ! -e $fnPrivateKey ]; then
    wg genkey > $fnPrivateKey
    chmod go= $fnPrivateKey
    echo "= created: $fnPrivateKey"
  fi
  local fnPublicKey=db/$WG_ID/public.key
  if [ ! -e $fnPublicKey ]; then
    wg <$fnPrivateKey pubkey >$fnPublicKey
    echo "= created: $fnPublicKey" 
  fi
  local fnConfig=db/$WG_ID/server.conf
  cat <<EOS >$fnConfig
WG_ID=$WG_ID
IP_SERVER=$IP_SERVER
PORT=$PORT
PRIVATE_KEY=$(cat $fnPrivateKey)
EOS
  echo "= created: $fnConfig"
}

if [ -z "$IP_SERVER" ]; then
  Usage "missing IP_SERVER"
elif [ ${1/\//} != $1 ]; then
  Usage "wrong IP_SERVER: $IP_SERVER"
else
  Create
fi
SCRIPT
chmod +x $FN_SCRIPT
echo "= created: $FN_SCRIPT"
# =======
FN_SCRIPT=/etc/wireguard/BuildClient
cat <<'SCRIPT' >$FN_SCRIPT
#! /bin/bash
WG_ID=$1
CLIENT=$2
PUBLIC_KEY=$3
IP_CLIENT=$4
ALLOWED_IPS=$5

function Usage(){
  echo "Usage: BuildClient VPN_ID CLIENT_NAME IP_CLIENT PUB_KEY ALLOWED_IDS"
  echo "Example: BuildClient wg0 joe 10.10.100.44/32 0fajdkafkdla02jiw902902= 10.10.100.0/24,10.10.101.0/24"
  echo "+++ $*"
}

function Create(){
  mkdir -p db/$WG_ID/clients
  local fnConfig=db/$WG_ID/clients/$CLIENT.conf
  cat <<EOS >$fnConfig
CLIENT=$CLIENT
PUB_KEY=$PUBLIC_KEY
ALLOWED_IPS=$ALLOWED_IPS
EOS
  echo "= created: $fnConfig"
}

if [ -z "$ALLOWED_IPS" ]; then
  Usage "missing arguments"
elif [ ! -d db/$WG_ID ]; then
  Usage "unknown VPN_ID: $WG_ID"
else
  Create
fi
SCRIPT
  chmod +x $FN_SCRIPT
  echo "= created: $FN_SCRIPT"

Konfiguration Server

WG_ID=wg0
IP_SERVER=10.58.1.1/16
HOST=$(hostname)
PORT=51820
./BuildServer $WK_ID $IP_SERVER $HOST $PORT

Konfiguration Client

WG_ID=wg0
CLIENT=joe
IP_CLIENT=10.58.1.10/32
PUB_KEY=0fajdkafkdla02jiw902902=
ALLOWED_IPS=10.58.1.0/24
./BuildClient $WG_ID $CLIENT $IP_CLIENT $PUB_KEY $ALLOWED_IPS

Linux Client einrichten

apt install wireguard-tools
WG_ID=vinfeos0
IP_SERVER=207.180.255.91
PUBKEY_SERVER=eK7tZw0WgbjjxkRdAwGvp8aAV/cfzhwpIymZdVTFE3k=
DNS_SERVER=9.9.9.9
PORT_SERVER=51820
IP2_SERVER=10.58.1.1
IP_CLIENT=10.58.1.11/32
ALLOWED_IPS=10.58.1.0/16
FN_CONFIG=/etc/wireguard/$WG_ID.conf

FN_KEY_PRIVATE=/etc/wireguard/$WG_ID.private.key
wg genkey | sudo tee $FN_KEY_PRIVATE
chmod go= $FN_KEY_PRIVATE
PUBKEY_CLIENT=$(wg <$FN_KEY_PRIVATE pubkey)
cat <<EOS >$FN_CONFIG
[Interface]
# The address your computer will use on the VPN
Address = $IP_CLIE:q:NT
DNS = $DNS_SERVER
# Load your privatekey from file
PostUp = wg set %i private-key $FN_KEY_PRIVATE
# Also ping the vpn server to ensure the tunnel is initialized
PostUp = ping -c1 $IP2_SERVER

[Peer]
# VPN server's wireguard public key
PublicKey = $PUBKEY_SERVER
# Public IP address of your VPN server (USE YOURS!)
Endpoint = $IP_SERVER:$PORT_SERVER
# 10.0.0.0/24 is the VPN subnet
AllowedIPs = $ALLOWED_IPS
# PersistentKeepalive = 25
EOS
Abgerufen von „https://wiki.hamatoma.de/index.php?title=Wireguard&oldid=2273