commit - 73e96acb058078c4898b4566946e174c4a1d733c
commit + b1c3970b0072a37eb9d2cbceec084a5ac5bdedea
blob - /dev/null
blob + 325fe2f319fbbc9fd030c6183648da2b154a6bf5 (mode 644)
--- /dev/null
+++ bin/wg_config
+#!/bin/sh -e
+# This script creates wireguard Client and Server config files
+#
+#### Functions
+create_client_pubkey() {
+ ifconfig wg9 create wgkey $CLIENT_PRIVKEY
+ ifconfig wg9 | awk '/wgpubkey/ { print $2 }'
+ ifconfig wg9 destroy
+}
+
+get_server_pubkey() {
+ ifconfig wg0 | awk '/wgpubkey/ { print $2 }'
+}
+
+get_server_ip() {
+ ifconfig wg0 | awk '/inet/ { print $2 }'
+}
+
+
+#### Script
+
+if [[ $# -eq 0 ]]; then
+ echo "Usage: $0 ClientName ClientTunnelIP ServerPort"
+ exit 0
+fi
+
+#### Variables
+CLIENT_NAME="$1"
+CLIENT_IP="$2"
+SERVER_PORT="$3"
+DNS_SERVER="9.9.9.9"
+CLIENT_PRIVKEY="$(openssl rand -base64 32)"
+CLIENT_PUBKEY="$(create_client_pubkey)"
+SERVER_PUBKEY="$(get_server_pubkey)"
+SHARED_KEY="$(openssl rand -base64 32)"
+
+# Everything else config ($CLIENT_NAME.conf
+cat << EOF > $CLIENT_NAME.conf
+[Interface]
+# $CLIENT_NAME private key
+PrivateKey = $CLIENT_PRIVKEY
+Address = $CLIENT_IP/32
+DNS = $DNS_SERVER
+
+[Peer]
+# Wireguard server public key
+PublicKey = $SERVER_PUBKEY
+PresharedKey = $SHARED_KEY
+AllowedIPs = 0.0.0.0/0
+Endpoint = fugu.farm:${SERVER_PORT}
+PersistentKeepalive = 25
+EOF
+
+
+# OpenBSD Client config ($CLIENT_NAME.hostname.wg)
+cat << EOF > $CLIENT_NAME.hostname.wg
+# Interface
+wgkey $CLIENT_PRIVKEY
+$CLIENT_IP 255.255.255.0
+up
+
+# Peer fugu.farm
+wgpeer $SERVER_PUBKEY \\
+ wgpsk $SHARED_KEY \\
+ wgendpoint fugu.farm $SERVER_PORT \\
+ wgaip 0.0.0.0/0 wgpka 20
+EOF
+
+
+# Peer config for server ($CLIENT_NAME.hostname.wgserver)
+cat << EOF > $CLIENT_NAME.hostname.wgserver
+
+# Peer $CLIENT_NAME
+wgpeer $CLIENT_PUBKEY \\
+ wgpsk $SHARED_KEY \\
+ wgaip $CLIENT_IP/32
+EOF
+
+chown isaac:isaac \
+ ${CLIENT_NAME}.hostname.wgserver \
+ ${CLIENT_NAME}.hostname.wg \
+ ${CLIENT_NAME}.conf \
+
+exit 0
