blob: 56bec24c6594d562dc061a94c6c84e201fd96cc5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
#!/bin/sh
. /usr/share/libubox/jshn.sh
. /usr/share/wginstaller/wg.sh
wg_key_exists () {
local key=$1
wg show | grep -q "$key"
}
wg_timeout () {
local int=$1
handshake=$(wg show "$int" latest-handshakes | awk '{print $2}')
timeout=$(uci get wgserver.@server[0].timeout_handshake)
if [ "$handshake" -ge "$timeout" ]; then
echo "1"
else
echo "0"
fi
}
wg_check_interface () {
local int=$1
if [ "$(wg_timeout "$int")" -eq "1" ]; then
ip link del dev "$int"
fi
}
wg_check_interfaces () {
wg_interfaces=$(wg show interfaces)
for interface in $wg_interfaces; do
wg_check_interface "$interface"
done
}
wg_get_usage () {
num_interfaces=$(wg show interfaces | wc -w)
json_init
json_add_int "num_interfaces" "$num_interfaces"
json_dump
}
wg_register () {
local uplink_bw=$1
local mtu=$2
local public_key=$3
if wg_key_exists $public_key; then
logger -t "wginstaller" "Rejecting request since the public key is already used!" "$public_key"
json_init
json_add_int "response_code" 1
json_dump
return 1
fi
base_prefix_ipv6=$(uci get wgserver.@server[0].base_prefix_ipv6)
port_start=$(uci get wgserver.@server[0].port_start)
port_end=$(uci get wgserver.@server[0].port_end)
port=$(next_port "$port_start" "$port_end")
ifname="wg_$port"
offset=$((port - port_start))
gw_ipv6=$(owipcalc "$base_prefix_ipv6" add "$offset" next 128) # gateway ip
gw_ipv6_assign="${gw_ipv6}/128"
gw_key=$(uci get wgserver.@server[0].wg_key)
gw_pub=$(uci get wgserver.@server[0].wg_pub)
if [ "$(uci get wgserver.@server[0].wg_tmp_key)" -eq 1 ]; then
[ -d "/tmp/run/wgserver" ] || mkdir -p /tmp/run/wgserver
gw_key="/tmp/run/wgserver/${ifname}.key"
gw_pub="/tmp/run/wgserver/${ifname}.pub"
wg genkey | tee "$gw_key" | wg pubkey > "$gw_pub"
else
[ -d "$(dirname $gw_key)" ] || mkdir -p "$(dirname $gw_key)"
[ -f "$gw_key" ] || wg genkey | tee "$gw_key" | wg pubkey > "$gw_pub"
fi
wg_server_pubkey=$(cat "$gw_pub")
# create wg tunnel
ip link add dev "$ifname" type wireguard
wg set "$ifname" listen-port "$port" private-key "$gw_key" peer "$public_key" allowed-ips 0.0.0.0/0,::0/0
ip -6 addr add "$gw_ipv6_assign" dev "$ifname"
ip -6 addr add fe80::1/64 dev "$ifname"
base_prefix_ipv4=$(uci get wgserver.@server[0].base_prefix_ipv4)
if [ $? -eq 0 ]; then
gw_ipv4=$(owipcalc "$base_prefix_ipv4" add "$offset" next 32) # gateway ip
gw_ipv4_assign="${gw_ipv4}/32"
ip addr add "$gw_ipv4_assign" broadcast 255.255.255.255 dev "$ifname"
fi
ip link set up dev "$ifname"
ip link set mtu "$mtu" dev "$ifname"
# craft return address
json_init
json_add_int "response_code" 0
json_add_string "gw_pubkey" "$wg_server_pubkey"
if test -n "${gw_ipv4_assign-}"; then
json_add_string "gw_ipv4" "$gw_ipv4_assign"
fi
json_add_string "gw_ipv6" "$gw_ipv6_assign"
json_add_int "gw_port" "$port"
json_dump
}
|