Skip to content

Instantly share code, notes, and snippets.

@hazcod

hazcod/wgcf.sh

Created October 16, 2019 06:10
Show Gist options
  • Save hazcod/ea1fb95ec648a59d573bbba1ed5cf8f3 to your computer and use it in GitHub Desktop.
Save hazcod/ea1fb95ec648a59d573bbba1ed5cf8f3 to your computer and use it in GitHub Desktop.
Download ZIP
Connect to Cloudflare Warp from macOS.
Raw
wgcf.sh
#!/usr/bin/env bash
set -euo pipefail
shopt -s inherit_errexit 2>/dev/null || true
# this script will connect macOS to Cloudflare Warp using Wireguard
# note: this is *absolutely not* an official client from Cloudflare
# Copyright (C) 2019 Jay Freeman (saurik)
# Zero Clause BSD license {{{
#
# Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# }}}
if ! which jq >/dev/null || ! which wg >/dev/null; then
echo "you must brew install these first:"
echo "~\$ brew install jq wireguard-tools"
exit 0
fi
mkdir -p ~/.wgcf
chmod 700 ~/.wgcf
prv=~/.wgcf/private.key
usr=~/.wgcf/identity.cfg
sudo killall wireguard-go 2>/dev/null || true
declare -a blk
for tun in $(ifconfig -l); do
[[ ${tun} == utun* ]] || continue
blk[${tun#utun}]=
done
for ((tun = 0;; ++tun)); do
[[ -z ${blk[tun]-@} ]] && continue
tun=utun${tun}
break
done
sudo wireguard-go "${tun}"
pub=$({ cat "${prv}" 2>/dev/null || wg genkey | tee "${prv}"; } | wg pubkey)
test -n "${pub}"
api=https://api.cloudflareclient.com/v0i1909051800
ins() { vrb=$1; shift; curl -s -H 'user-agent:' -H 'content-type: application/json' -X "${vrb}" "${api}/$@"; }
sec() { ins "$@" -H 'authorization: Bearer '"${reg[1]}"''; }
cfg=($(if [[ -e "${usr}" ]]; then
reg=($(cat "${usr}"))
test "${#reg[@]}" -eq 2
sec GET "reg/${reg[0]}"
else
reg=($(ins POST "reg" -d '{"install_id":"","tos":"'"$(date -u +%FT%T.000Z)"'","key":"'"${pub}"'","fcm_token":"","type":"ios","locale":"en_US"}' |
jq -r '.result|.id+" "+.token'))
test "${#reg[@]}" -eq 2
echo "${reg[@]}" >"${usr}"
sec PATCH "reg/${reg[0]}" -d '{"warp_enabled":true}'
fi | jq -r '.result.config|(.peers[0]|.public_key+" "+.endpoint.v4)+" "+.interface.addresses.v4'))
test "${#cfg[@]}" -eq 3
end=${cfg[1]%:*}
sudo route -n delete "${end}" 2>/dev/null || true
gtw=$(route -n get "${end}" | sed -e '/^ *gateway: /!d;s///')
sudo route -n add "${end}" "${gtw}"
# XXX: maybe add route bypass for addresses listed from `ins GET "client_config"`
sudo ifconfig "${tun}" inet "${cfg[2]}" "${cfg[2]}" netmask 255.255.255.255
sudo wg set "${tun}" private-key "${prv}" peer "${cfg[0]}" endpoint "${cfg[1]}" allowed-ips 0.0.0.0/0
sudo route -n add 0.0.0.0/1 -interface "${tun}"
sudo route -n add 128.0.0.0/1 -interface "${tun}"
@rscarrera27
Copy link

I'm trying to run this script, but I got those error messages.

~ on ☁️  ap-northeast-1
❯ curl https://cache.saurik.com/twitter/wgcf.sh | sudo sh -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2847  100  2847    0     0   1615      0  0:00:01  0:00:01 --:--:--  1615
INFO: (utun6) 2020/05/15 13:22:14 Starting wireguard-go version 0.0.20200320
parse error: Invalid numeric literal at line 1, column 6

@xardit
Copy link

xardit commented May 24, 2020

I'm trying to run this script, but I got those error messages.

~ on ☁️  ap-northeast-1
❯ curl https://cache.saurik.com/twitter/wgcf.sh | sudo sh -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2847  100  2847    0     0   1615      0  0:00:01  0:00:01 --:--:--  1615
INFO: (utun6) 2020/05/15 13:22:14 Starting wireguard-go version 0.0.20200320
parse error: Invalid numeric literal at line 1, column 6

Yes i did have same problem because the script is not made for some of the latest macOS versions
But you can use https://github.com/ViRb3/wgcf to generate a wireguard tunnel profile and use Wireguard macOs Client to connect by importing that profile as described here:

https://gist.github.com/a3diti/70c342217bc45353e46a9f5f532f019b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment