Cleanup - move discrete blocks of code into functions.

vpnerator.sh

@@ -13,7 +13,6 @@ INTERFACE_NAME=tun-${RAND}
 SERVER_ADDR=10.99.255.1/24
 CLIENT_ADDR=10.99.255.2/32
 DNS=8.8.8.8
-#INTERFACE_NAME=${INTERFACE_PFX}-${RAND}
 
 echo "Generating keys..."
 SERVER_KEY=$(wg genkey)
@@ -84,88 +83,81 @@ cleanup() {
 END
 )
 
-echo
+setup_server() {
-echo "Starting server..."
+	echo "Starting server..."
-ssh -T ${HOST} /bin/bash << END
+	ssh -T ${HOST} /bin/bash <<- END
-# include SERVER_LIB
+	# include SERVER_LIB
-${SERVER_LIB}
+	${SERVER_LIB}
 
-# Check/install depends
+	# Check/install depends
-deps || exit 1
+	deps || exit 1
 
-# Cleanup previous tunnel
+	# Cleanup previous tunnel
-cleanup
+	cleanup
-if [ "\$?" -eq 2 ] ; then
+	if [ "\$?" -eq 2 ] ; then
 		echo "$SERVER_ADDR is already being used on the server."
 		echo "Please choose another address."
 		exit 1
-fi
+	fi
 
-umask 0177
+	umask 0177
-TMP=\$(mktemp)
+	TMP=\$(mktemp)
-cat << EOF > \${TMP}
+	cat << EOF > \${TMP}
-[Interface]
+	[Interface]
-ListenPort = 51820
+	ListenPort = 51820
-PrivateKey = ${SERVER_KEY}
+	PrivateKey = ${SERVER_KEY}
 
-[Peer]
+	[Peer]
-# foo
+	# foo
-PublicKey = ${CLIENT_PUB}
+	PublicKey = ${CLIENT_PUB}
-PresharedKey = ${PSK}
+	PresharedKey = ${PSK}
-AllowedIPs = ${CLIENT_ADDR}
+	AllowedIPs = ${CLIENT_ADDR}
-EOF
+	EOF
 
-exec_sudo ip link add "${INTERFACE_NAME}" type wireguard
+	exec_sudo ip link add "${INTERFACE_NAME}" type wireguard
-exec_sudo wg setconf "${INTERFACE_NAME}" "\${TMP}"
+	exec_sudo wg setconf "${INTERFACE_NAME}" "\${TMP}"
-rm "\${TMP}"
+	rm "\${TMP}"
 
-exec_sudo ip addr add "${SERVER_ADDR}" dev "${INTERFACE_NAME}"
+	exec_sudo ip addr add "${SERVER_ADDR}" dev "${INTERFACE_NAME}"
-exec_sudo ip link set mtu 1420 up dev "${INTERFACE_NAME}"
+	exec_sudo ip link set mtu 1420 up dev "${INTERFACE_NAME}"
 
-exec_sudo iptables -A FORWARD -i "${INTERFACE_NAME}" -j ACCEPT
+	exec_sudo iptables -A FORWARD -i "${INTERFACE_NAME}" -j ACCEPT
-exec_sudo iptables -A FORWARD -o "${INTERFACE_NAME}" -j ACCEPT
+	exec_sudo iptables -A FORWARD -o "${INTERFACE_NAME}" -j ACCEPT
-exec_sudo iptables -t nat -A POSTROUTING -s "${CLIENT_ADDR}" -o "\${DEFAULT_IFACE}" -j MASQUERADE
+	exec_sudo iptables -t nat -A POSTROUTING -s "${CLIENT_ADDR}" -o "\${DEFAULT_IFACE}" -j MASQUERADE
 
-enable_forwarding
+	enable_forwarding
 
-echo
+	echo
-sudo wg show "$INTERFACE_NAME"
+	sudo wg show "$INTERFACE_NAME"
-END
+	END
+}
 
-if [ "$?" -ne 0 ]; then
+setup_client() {
-    echo "Error starting server, aborting."
+	umask 0177
-    exit 1
+	FILE="/tmp/${INTERFACE_NAME}.conf"
-fi
+	cat <<- CONF > "${FILE}"
+	[Interface]
+	Address = ${CLIENT_ADDR}
+	PrivateKey = ${CLIENT_KEY}
+	DNS = ${DNS}
 
-umask 0177
+	[Peer]
-FILE="/tmp/${INTERFACE_NAME}.conf"
+	PublicKey = ${SERVER_PUB}
-cat << CONF > "${FILE}"
+	PresharedKey = ${PSK}
-[Interface]
+	Endpoint = ${HOST_ADDR}:51820
-Address = ${CLIENT_ADDR}
+	AllowedIPs = 0.0.0.0/0, ::/0
-PrivateKey = ${CLIENT_KEY}
+	CONF
-DNS = ${DNS}
 
-[Peer]
+	echo "Starting client..."
-PublicKey = ${SERVER_PUB}
+	sudo wg-quick up "${FILE}"
-PresharedKey = ${PSK}
+	RESULT=$?
-Endpoint = ${HOST_ADDR}:51820
-AllowedIPs = 0.0.0.0/0, ::/0
-CONF
 
-echo
+	sleep 1
-echo "Starting client..."
+	echo
-sudo wg-quick up "${FILE}"
+	sudo wg show "${INTERFACE_NAME}"
 
-sleep 1
+	return $RESULT
-echo
+}
-sudo wg show "${INTERFACE_NAME}"
-echo
-echo "Connected! SIGINT or Enter to disconnect and stop server."
-
-# clear sensitive variables from memory
-PSK=
-CLIENT_KEY=
-SERVER_KEY=
 
 cleanup() {
 	set -e
@@ -188,6 +180,20 @@ cleanup() {
 	exit
 }
 
+clear_env() {
+	# clear sensitive variables from memory
+	unset PSK
+	unset CLIENT_KEY
+	unset SERVER_KEY
+}
+
+echo
+setup_server || { echo "Error starting server, aborting."; exit 1; }
+echo
+setup_client || { echo "Error starting client, cleaning up..."; cleanup; exit 1; }
+clear_env
+echo -e "\nConnected! SIGINT or Enter to disconnect and stop server."
+
 trap cleanup INT TERM
 read var
 cleanup