genneko · February 2, 2019 07:01
diff --git a/wgq-cfgen b/wgq-cfgen
 #!/bin/sh
 #
 # wgq-cfgen - generates an initial configuration file pair for wg-quick
 #
 prog=$(basename $0)
 bindir=$(dirname $(readlink -f $0))

 echoerr() {
 	echo "$@" >&2
 }

 usage() {
 	echoerr "usage: $prog [options]"
 	echoerr "    Generates an initial configuartion file pair for wg-quick."
 	echoerr "    local config filename will be <ifname>.cfg"
 	echoerr "    remote config filename will be <ifname>-<addr>.cfg"
 	echoerr
 	echoerr "    -a <addr>:<addr>: local:remote address [192.168.222.1:192.168.222.2]"
 	echoerr "    -n <net,..>:<net,..>: local:remote networks (address/plen pairs) []"
 	echoerr "    -p <port>[:<port>]: local:remote listen port [51820:51820]"
 	echoerr "       * remote = local if only a single port (w/o colon) is specified."
 	echoerr "    -e <addr>:<addr>: local:remote endpoint []"
 	echoerr "    -i <ifname>[:<ifname>]: local and remote tunnel interface name [wg0:wg0]"
 	echoerr "       * remote = local if only a single ifname (w/o colon) is specified."
 	echoerr "    -f: force override existing config files"
 	echoerr "    -s: dry-run. only outputs summary on console"
 	echoerr "    -h: show this usage"
 	echoerr
 	echoerr "examples:"
 	echoerr "    Connect two subnet 192.168.10.0/24 and 192.168.20.0/24"
 	echoerr "    with a tunnel between 10.0.0.1 and 10.0.0.2."
 	echoerr "    Tunnel interfaces are named wg1 on both side and"
 	echoerr "    has the address 192.168.254.1 and 192.168.254.2."
 	echoerr
 	echoerr "    wgq-confgen -n 192.168.10.0/24:192.168.20.0/24 -e 10.0.0.1:10.0.0.2 -a 192.168.254.1:192.168.254.2 -i wg1"
 	echoerr
 }

 usage_exit() {
 	usage
 	exit 1
 }

 has_colon() {
 	local value="$1"
 	echo "$value" | fgrep -q ':'
 }

 error_wo_colon() {
 	local flag="$1"
 	local value="$2"
 	if ! has_colon "$value"; then
 		echo "ERROR: -${flag} requires a colon. Check usage."
 		usage_exit
 	fi
 }

 DEFAULT_LADDR=192.168.222.1
 DEFAULT_RADDR=192.168.222.2
 DEFAULT_PORT=51820
 DEFAULT_IFNAME=wg0

 laddr=$DEFAULT_LADDR
 raddr=$DEFAULT_RADDR
 lnet=
 rnet=
 lport=$DEFAULT_PORT
 rport=$DEFAULT_PORT
 lep=
 rep=
 lifname=$DEFAULT_IFNAME
 rifname=$DEFAULT_IFNAME
 force=0
 simulate=0
 while getopts "a:n:p:e:i:fsh" opt
 do
 	case "$opt" in
 		a)
 			addrlist="$OPTARG"
 			error_wo_colon a $addrlist
 			laddr="${addrlist%%:*}"
 			laddr="${laddr:-$DEFAULT_LADDR}"
 			raddr="${addrlist##*:}"
 			raddr="${raddr:-$DEFAULT_RADDR}"
 			;;
 		n)
 			netlist="$OPTARG"
 			error_wo_colon n $netlist
 			lnet="${netlist%%:*}"
 			lnet="${lnet:+$lnet}"
 			rnet="${netlist##*:}"
 			rnet="${rnet:+$rnet}"
 			;;
 		p)
 			portlist="$OPTARG"
 			if ! has_colon "$portlist"; then
 				portlist="$portlist:$portlist"
 			fi
 			lport="${portlist%%:*}"
 			lport="${lport:-$DEFAULT_PORT}"
 			rport="${portlist##*:}"
 			rport="${rport:-$DEFAULT_PORT}"
 			;;
 		e)
 			eplist="$OPTARG"
 			error_wo_colon e $eplist
 			lep="${eplist%%:*}"
 			rep="${eplist##*:}"
 			;;
 		i)
 			ifnamelist="$OPTARG"
 			if ! has_colon "$ifnamelist"; then
 				ifnamelist="$ifnamelist:$ifnamelist"
 			fi
 			lifname="${ifnamelist%%:*}"
 			lifname="${lifname:-$DEFAULT_IFNAME}"
 			rifname="${ifnamelist##*:}"
 			rifname="${rifname:-$DEFAULT_IFNAME}"
 			;;
 		f) force=1 ;;
 		s) simulate=1 ;;
 		h) usage_exit ;;
 		*) usage_exit ;;
 	esac
 done
 shift $(( $OPTIND - 1 ))

 if [ "$simulate" -eq 1 ]; then
 	echoerr "laddr=$laddr"
 	echoerr "raddr=$raddr"
 	echoerr "lnet=$lnet"
 	echoerr "rnet=$rnet"
 	echoerr "lport=$lport"
 	echoerr "rport=$rport"
 	echoerr "lep=$lep"
 	echoerr "rep=$rep"
 	echoerr "lifname=$lifname"
 	echoerr "rifname=$rifname"
 	exit 0
 fi

 lprivate=$(wg genkey)
 lpublic=$(echo $lprivate | wg pubkey)
 rprivate=$(wg genkey)
 rpublic=$(echo $rprivate | wg pubkey)

 if [ -e "${lifname}.conf" -a "$force" -ne 1 ]; then
 	echoerr "Local configuration file '${lifname}.conf' already exists. Use -f to overwrite."
 	exit 1
 elif [ -e "${rifname}-${raddr}.conf" -a "$force" -ne 1 ]; then
 	echoerr "Remote configuration file '${rifname}-${raddr}.conf' already exists. Use -f to overwrite."
 	exit 1
 fi

 umask 077
 cat <<EOS> ${lifname}.conf
 [Interface]
 Address = ${laddr}/32
 PrivateKey = ${lprivate}
 ListenPort = ${lport}

 [Peer]
 PublicKey = ${rpublic}
 AllowedIPs = ${raddr}/32${rnet:+,${rnet}}
 ${rep:+Endpoint = ${rep}:${rport}}
 EOS

 cat <<EOS> ${rifname}-${raddr}.conf
 [Interface]
 Address = ${raddr}/32
 PrivateKey = ${rprivate}
 ListenPort = ${rport}

 [Peer]
 PublicKey = ${lpublic}
 AllowedIPs = ${laddr}/32${lnet:+,${lnet}}
 ${lep:+Endpoint = ${lep}:${lport}}
 EOS

 exit 0
	#!/bin/sh
	#
	# wgq-cfgen - generates an initial configuration file pair for wg-quick
	#
	prog=$(basename $0)
	bindir=$(dirname $(readlink -f $0))

	echoerr() {
	echo "$@" >&2
	}

	usage() {
	echoerr "usage: $prog [options]"
	echoerr " Generates an initial configuartion file pair for wg-quick."
	echoerr " local config filename will be <ifname>.cfg"
	echoerr " remote config filename will be <ifname>-<addr>.cfg"
	echoerr
	echoerr " -a <addr>:<addr>: local:remote address [192.168.222.1:192.168.222.2]"
	echoerr " -n <net,..>:<net,..>: local:remote networks (address/plen pairs) []"
	echoerr " -p <port>[:<port>]: local:remote listen port [51820:51820]"
	echoerr " * remote = local if only a single port (w/o colon) is specified."
	echoerr " -e <addr>:<addr>: local:remote endpoint []"
	echoerr " -i <ifname>[:<ifname>]: local and remote tunnel interface name [wg0:wg0]"
	echoerr " * remote = local if only a single ifname (w/o colon) is specified."
	echoerr " -f: force override existing config files"
	echoerr " -s: dry-run. only outputs summary on console"
	echoerr " -h: show this usage"
	echoerr
	echoerr "examples:"
	echoerr " Connect two subnet 192.168.10.0/24 and 192.168.20.0/24"
	echoerr " with a tunnel between 10.0.0.1 and 10.0.0.2."
	echoerr " Tunnel interfaces are named wg1 on both side and"
	echoerr " has the address 192.168.254.1 and 192.168.254.2."
	echoerr
	echoerr " wgq-confgen -n 192.168.10.0/24:192.168.20.0/24 -e 10.0.0.1:10.0.0.2 -a 192.168.254.1:192.168.254.2 -i wg1"
	echoerr
	}

	usage_exit() {
	usage
	exit 1
	}

	has_colon() {
	local value="$1"
	echo "$value" \| fgrep -q ':'
	}

	error_wo_colon() {
	local flag="$1"
	local value="$2"
	if ! has_colon "$value"; then
	echo "ERROR: -${flag} requires a colon. Check usage."
	usage_exit
	fi
	}

	DEFAULT_LADDR=192.168.222.1
	DEFAULT_RADDR=192.168.222.2
	DEFAULT_PORT=51820
	DEFAULT_IFNAME=wg0

	laddr=$DEFAULT_LADDR
	raddr=$DEFAULT_RADDR
	lnet=
	rnet=
	lport=$DEFAULT_PORT
	rport=$DEFAULT_PORT
	lep=
	rep=
	lifname=$DEFAULT_IFNAME
	rifname=$DEFAULT_IFNAME
	force=0
	simulate=0
	while getopts "a:n:p:e:i:fsh" opt
	do
	case "$opt" in
	a)
	addrlist="$OPTARG"
	error_wo_colon a $addrlist
	laddr="${addrlist%%:*}"
	laddr="${laddr:-$DEFAULT_LADDR}"
	raddr="${addrlist##*:}"
	raddr="${raddr:-$DEFAULT_RADDR}"
	;;
	n)
	netlist="$OPTARG"
	error_wo_colon n $netlist
	lnet="${netlist%%:*}"
	lnet="${lnet:+$lnet}"
	rnet="${netlist##*:}"
	rnet="${rnet:+$rnet}"
	;;
	p)
	portlist="$OPTARG"
	if ! has_colon "$portlist"; then
	portlist="$portlist:$portlist"
	fi
	lport="${portlist%%:*}"
	lport="${lport:-$DEFAULT_PORT}"
	rport="${portlist##*:}"
	rport="${rport:-$DEFAULT_PORT}"
	;;
	e)
	eplist="$OPTARG"
	error_wo_colon e $eplist
	lep="${eplist%%:*}"
	rep="${eplist##*:}"
	;;
	i)
	ifnamelist="$OPTARG"
	if ! has_colon "$ifnamelist"; then
	ifnamelist="$ifnamelist:$ifnamelist"
	fi
	lifname="${ifnamelist%%:*}"
	lifname="${lifname:-$DEFAULT_IFNAME}"
	rifname="${ifnamelist##*:}"
	rifname="${rifname:-$DEFAULT_IFNAME}"
	;;
	f) force=1 ;;
	s) simulate=1 ;;
	h) usage_exit ;;
	*) usage_exit ;;
	esac
	done
	shift $(( $OPTIND - 1 ))

	if [ "$simulate" -eq 1 ]; then
	echoerr "laddr=$laddr"
	echoerr "raddr=$raddr"
	echoerr "lnet=$lnet"
	echoerr "rnet=$rnet"
	echoerr "lport=$lport"
	echoerr "rport=$rport"
	echoerr "lep=$lep"
	echoerr "rep=$rep"
	echoerr "lifname=$lifname"
	echoerr "rifname=$rifname"
	exit 0
	fi

	lprivate=$(wg genkey)
	lpublic=$(echo $lprivate \| wg pubkey)
	rprivate=$(wg genkey)
	rpublic=$(echo $rprivate \| wg pubkey)

	if [ -e "${lifname}.conf" -a "$force" -ne 1 ]; then
	echoerr "Local configuration file '${lifname}.conf' already exists. Use -f to overwrite."
	exit 1
	elif [ -e "${rifname}-${raddr}.conf" -a "$force" -ne 1 ]; then
	echoerr "Remote configuration file '${rifname}-${raddr}.conf' already exists. Use -f to overwrite."
	exit 1
	fi

	umask 077
	cat <<EOS> ${lifname}.conf
	[Interface]
	Address = ${laddr}/32
	PrivateKey = ${lprivate}
	ListenPort = ${lport}

	[Peer]
	PublicKey = ${rpublic}
	AllowedIPs = ${raddr}/32${rnet:+,${rnet}}
	${rep:+Endpoint = ${rep}:${rport}}
	EOS

	cat <<EOS> ${rifname}-${raddr}.conf
	[Interface]
	Address = ${raddr}/32
	PrivateKey = ${rprivate}
	ListenPort = ${rport}

	[Peer]
	PublicKey = ${lpublic}
	AllowedIPs = ${laddr}/32${lnet:+,${lnet}}
	${lep:+Endpoint = ${lep}:${lport}}
	EOS

	exit 0