Wireguard: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 171: | Zeile 171: | ||
=== Erzeugen Client (Keys werden erzeugt) === | === Erzeugen Client (Keys werden erzeugt) === | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
cd /etc/wireguard | |||
WG_ID=wg0 | WG_ID=wg0 | ||
CLIENT=joe | CLIENT=joe | ||
Version vom 2. April 2023, 08:10 Uhr
Links
Installation
apt install wireguard resolvconf
Zentrale einrichten
Scripts erstellen
FN_SCRIPT=/etc/wireguard/Build
cat <<'ESCRIPT' >$FN_SCRIPT
#! /bin/bash
WG_ID=$1
function Server(){
source db/$WG_ID/server.conf
cat <<EOS >$WG_ID.conf
[Interface]
Address = $IP_SERVER
ListenPort = $PORT
PrivateKey = $PRIVATE_KEY
EOS
echo "= created: $WG_ID.conf"
}
function Client(){
local config=$1
source $config
local fn=$WG_ID.conf
cat <<EOS >>$fn
[Peer]
# client $CLIENT
PublicKey = $PUB_KEY
AllowedIPs = $ALLOWED_IPS
EOS
}
function Usage(){
echo "Usage: Build VPN_ID"
echo "Example: Build wg0"
echo "+++ $*"
}
if [ -z "$WG_ID" ]; then
Usage "missing VPN_ID"
elif [ ! -d db/$WG_ID ]; then
Usage "VPN_ID not defined: $WG_ID"
echo "= available:"
for dir in db/*; do
test -d $dir/clients && echo $(basename $dir)
done
else
Server
for client in db/$WG_ID/clients/*.conf; do
Client $client
done
fi
ESCRIPT
echo "created: $FN_SCRIPT"
chmod +x $FN_SCRIPT
# =======
FN_SCRIPT=/etc/wireguard/BuildServer
cat <<'SCRIPT' >$FN_SCRIPT
#! /bin/bash
WG_ID=$1
IP_SERVER=$2
HOST=$3
PORT=$4
test -z "$HOST" && HOST=$(hostname)
test -z "$PORT" && PORT=51820
function Usage(){
echo "Usage BuildServer VPN_ID IP [HOST [PORT]]"
echo "Example: BuildServer wg0 10.10.100.1/24 dragon 51820"
}
function Create(){
mkdir -p db/$WG_ID/clients
local fnPrivateKey=db/$WG_ID/private.key
if [ ! -e $fnPrivateKey ]; then
wg genkey > $fnPrivateKey
chmod go= $fnPrivateKey
echo "= created: $fnPrivateKey"
fi
local fnPublicKey=db/$WG_ID/public.key
if [ ! -e $fnPublicKey ]; then
wg <$fnPrivateKey pubkey >$fnPublicKey
echo "= created: $fnPublicKey"
fi
local fnConfig=db/$WG_ID/server.conf
cat <<EOS >$fnConfig
WG_ID=$WG_ID
IP_SERVER=$IP_SERVER
PORT=$PORT
PRIVATE_KEY=$(cat $fnPrivateKey)
EOS
echo "= created: $fnConfig"
}
if [ -z "$IP_SERVER" ]; then
Usage "missing IP_SERVER"
elif [ ${1/\//} != $1 ]; then
Usage "wrong IP_SERVER: $IP_SERVER"
else
Create
fi
SCRIPT
chmod +x $FN_SCRIPT
echo "= created: $FN_SCRIPT"
# =======
FN_SCRIPT=/etc/wireguard/ImportClient
cat <<'SCRIPT' >$FN_SCRIPT
#! /bin/bash
WG_ID=$1
CLIENT=$2
PUBLIC_KEY=$3
IP_CLIENT=$4
ALLOWED_IPS=$5
function Usage(){
echo "Usage: BuildClient VPN_ID CLIENT_NAME IP_CLIENT PUB_KEY ALLOWED_IDS"
echo "Example: BuildClient wg0 joe 10.10.100.44/32 0fajdkafkdla02jiw902902= 10.10.100.0/24,10.10.101.0/24"
echo "+++ $*"
}
function Create(){
mkdir -p db/$WG_ID/clients
local fnConfig=db/$WG_ID/clients/$CLIENT.conf
cat <<EOS >$fnConfig
CLIENT=$CLIENT
PUB_KEY=$PUBLIC_KEY
ALLOWED_IPS=$ALLOWED_IPS
EOS
echo "= created: $fnConfig"
}
if [ -z "$ALLOWED_IPS" ]; then
Usage "missing arguments"
elif [ ! -d db/$WG_ID ]; then
Usage "unknown VPN_ID: $WG_ID"
else
Create
fi
SCRIPT
chmod +x $FN_SCRIPT
echo "= created: $FN_SCRIPT"
Konfiguration Server
cd /etc/wireguard
WG_ID=wg0
IP_SERVER=10.58.1.1/16
HOST=$(hostname)
PORT=51820
./BuildServer $WK_ID $IP_SERVER $HOST $PORT
Konfiguration existierender Client (Public Key bekannt)
WG_ID=wg0
CLIENT=joe
IP_CLIENT=10.58.1.10/32
PUB_KEY=0fajdkafkdla02jiw902902=
ALLOWED_IPS=10.58.1.0/24
./ImportClient $WG_ID $CLIENT $IP_CLIENT $PUB_KEY $ALLOWED_IPS
Erzeugen Client (Keys werden erzeugt)
cd /etc/wireguard
WG_ID=wg0
CLIENT=joe
IP_CLIENT=10.58.1.10/32
ALLOWED_IPS=10.58.1.0/24
./CreateClient $WG_ID $CLIENT $IP_CLIENT ALLOWED_IPS
Linux Client einrichten
apt install wireguard-tools
Script erzeugen
FN_SCRIPT=/etc/wireguard/Import
cat <<'SCRIPT' >$FN_SCRIPT
#! /bin/bash
CONFIG=$1
function Usage(){
echo "Usage: Import IMPORT_FILE"
echo "Example: Import db/wg0.joe.conf"
echo "+++ $*"
}
function Create(){
local fn=$1
source $fn
if [ -z "$VPN_ID" -o -z "$DNS_SERVER" -o -z "$IP_SERVER" -o -z "$IP_CLIENT" ]; then
echo "+++ wrong import data in $fn: vpn: $VPN_ID dns: $DNS_SERVER ip: $IP_SERVER ipcl: $IP_CLIENT"
elif [ -z "$PORT_SERVER" -o -z "$ALLOWED_IPS" ]; then
echo "+++ wrong import data: port: $PORT_SERVER allowed: $ALLOWED_IPS"
elif [ -z "$PRIV_KEY" -o -z "$PUB_KEY" -o -z "$PUBKEY_SERVER" ]; then
echo "+++ wrong import data: pub: $PUB_KEY priv: $PRIV_KEY pub-sv: $PUBKEY_SERVER"
else
local fnPrivate=/etc/wireguard/db/$VPN_ID.private.key
echo $PUB_KEY > db/$VPN_ID.public.key
echo $PRIV_KEY > $fnPrivate
chmod og= $fnPrivate
local config=/etc/wireguard/$VPN_ID.conf
cat <<EOS >$config
[Interface]
Address = $IP_CLIENT
DNS = $DNS_SERVER
# Load your privatekey from file
PostUp = wg set %i private-key $fnPrivate
# Also ping the vpn server to ensure the tunnel is initialized
PostUp = ping -c1 $IP_SERVER
[Peer]
PublicKey = $PUBKEY_SERVER
Endpoint = $IP_SERVER:$PORT_SERVER
AllowedIPs = $ALLOWED_IPS
PersistentKeepalive = 15
EOS
echo "= created: $config"
fi
}
if [ -z "$CONFIG" ]; then
Usage "Missing parameter CONFIG_FILE"
elif [ ! -e $CONFIG ]; then
Usage "Missing configuration file $CONFIG"
else
Create $CONFIG
fi
SCRIPT
Importieren der Daten
CONFIG=db/wg0.joe.conf
./Import $CONFIG