diff --git a/vpnerator.sh b/vpnerator.sh index e7697af..0ee8206 100755 --- a/vpnerator.sh +++ b/vpnerator.sh @@ -8,9 +8,12 @@ HOST=$1 HOST_ADDR=$(echo ${HOST} | awk -F '@' '{ print $NF }') +INTERFACE_NAME=tun +RAND=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 8 | head -1) SERVER_ADDR=10.99.255.1/24 CLIENT_ADDR=10.99.255.2/32 DNS=8.8.8.8 +#INTERFACE_NAME=${INTERFACE_PFX}-${RAND} echo "Generating keys..." SERVER_KEY=$(wg genkey) @@ -21,47 +24,93 @@ PSK=$(wg genpsk) echo " Server pubkey: ${SERVER_PUB}" echo " Client pubkey: ${CLIENT_PUB}" -SERVER_SETUP=$(cat << END -if [ -z "\$(which wg-quick 2>/dev/null)" ]; then - echo "wg-quick not found, installing..." - sudo apt install -y wireguard-tools 2>/dev/null \ - || sudo pacman -S --noconfirm wireguard-tools 2>/dev/null \ - || sudo dnf install -y wireguard-tools iptables 2>/dev/null \ - [ "\$?" -eq 0 ] || { echo "Could not install wireguard-tools, aborting."; exit 1; } -fi +SERVER_LIB=$(cat << END +DEFAULT_IFACE=\$(awk '\$2 == 00000000 { print \$1 }' /proc/net/route) + +exec_sudo() { + echo "[#] \$@" + sudo \$@ 2>/dev/null +} + +deps() { + if ! type -p wg iptables >/dev/null ; then + echo "wireguard-tools or iptables missing, installing..." + sudo apt install -y wireguard-tools iptables 2>/dev/null \ + || sudo pacman -S --noconfirm wireguard-tools iptables 2>/dev/null \ + || sudo dnf install -y wireguard-tools iptables 2>/dev/null + if [ "\$?" -ne 0 ] ; then + echo "Could not install wireguard-tools and/or iptables. Aborting." + return 1 + fi + fi + return 0 +} + +cleanup() { + if ip link show ${INTERFACE_NAME} type wireguard > /dev/null 2>&1 ; then + exec_sudo iptables -D FORWARD -i ${INTERFACE_NAME} -j ACCEPT + exec_sudo iptables -D FORWARD -o ${INTERFACE_NAME} -j ACCEPT + exec_sudo iptables -t nat -D POSTROUTING -o \${DEFAULT_IFACE} -j MASQUERADE + exec_sudo ip link del dev ${INTERFACE_NAME} + exec_sudo sysctl -wq net.ipv4.ip_forward=0 + return 0 + else + return 1 + fi +} +END +) + +echo +echo "Starting server..." +ssh -T ${HOST} /bin/bash << END +# include SERVER_LIB +${SERVER_LIB} + +# Install depends +deps || exit 1 + +# Cleanup previous tunnel +cleanup -sysctl -w net.ipv4.ip_forward=1 umask 0177 -cat << CONF > /tmp/tun.conf +exec_sudo ip link add "${INTERFACE_NAME}" type wireguard + +TMP=\$(mktemp) +cat << EOF > \${TMP} [Interface] -Address = ${SERVER_ADDR} ListenPort = 51820 PrivateKey = ${SERVER_KEY} -PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] # foo PublicKey = ${CLIENT_PUB} PresharedKey = ${PSK} AllowedIPs = ${CLIENT_ADDR} -CONF +EOF -sudo wg-quick up /tmp/tun.conf +exec_sudo wg setconf "${INTERFACE_NAME}" "\${TMP}" +rm "\${TMP}" + +exec_sudo sysctl -wq net.ipv4.ip_forward=1 + +exec_sudo ip addr add "${SERVER_ADDR}" dev "${INTERFACE_NAME}" +exec_sudo ip link set mtu 1420 up dev "${INTERFACE_NAME}" + +exec_sudo iptables -A FORWARD -i "${INTERFACE_NAME}" -j ACCEPT +exec_sudo iptables -A FORWARD -o "${INTERFACE_NAME}" -j ACCEPT +exec_sudo iptables -t nat -A POSTROUTING -o "\${DEFAULT_IFACE}" -j MASQUERADE END -) -echo -echo "Starting server..." -ssh -T ${HOST} sh <<< "${SERVER_SETUP}" 1>/dev/null if [ "$?" -ne 0 ]; then echo "Error starting server, aborting." exit 1 fi umask 0177 -cat << CONF > /tmp/tun.conf +FILE="/tmp/${INTERFACE_NAME}.conf" +cat << CONF > "${FILE}" [Interface] Address = ${CLIENT_ADDR} PrivateKey = ${CLIENT_KEY} @@ -76,31 +125,32 @@ CONF echo echo "Starting client..." -sudo wg-quick up /tmp/tun.conf - -# clear these variables from memory -PSK= -CLIENT_KEY= -SERVER_KEY= +sudo wg-quick up "${FILE}" sleep 1 echo -sudo wg show tun +sudo wg show "${INTERFACE_NAME}" echo echo "Connected! Interrupt or press Enter to disconnect and stop server." +# clear sensitive variables from memory +PSK= +CLIENT_KEY= +SERVER_KEY= + cleanup() { set -e echo echo "Stopping client..." - sudo wg-quick down /tmp/tun.conf - rm /tmp/tun.conf + sudo wg-quick down ${FILE} + rm ${FILE} echo echo "Stopping server..." - ssh -T ${HOST} <<- END - wg-quick down /tmp/tun.conf - rm /tmp/tun.conf + ssh -T ${HOST} /bin/bash <<- END + ${SERVER_LIB} + + cleanup || echo "Server was already shut down." END echo