add wg-heavy

2023-05-30 15:46:28 +03:00 · 2023-05-30 15:46:28 +03:00 · 28312c1cf0
commit 28312c1cf0
parent 64257d8a58
2 changed files with 93 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -4,6 +4,7 @@ Wireguard management and monitoring utils.

 * [`wg-client-management`.sh](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-client-management-sh)
 * [`wg-connect-handling`.sh](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-connect-handling-sh)
+* [`wg-heavy@wg1`.service](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-heavy@wg1-service)

 ____

@ -104,3 +105,36 @@ watch cat /var/log/wireguard/wg-counts.log
 # check journal
 tail -f /var/log/wireguard/wg-connect-handling.log
 ```
+
+____
+
+## `wg-heavy@wg1`.service
+
+**Description:**  
+> Launch Wireguard without creating route table.  
+
+**Dependencies:**  
+>
+> * privileged rights
+> * existing /etc/wireguard/wg1.conf
+
+Example usage:  
+
+```bash
+# download
+sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg-heavy@wg1.service -O /etc/init.d/wg-heavy@wg1.service
+sudo chmod +x /etc/init.d/wg-heavy@wg1.service
+```
+
+```bash
+# debian update init
+sudo update-rc.d wg-heavy@wg1.service defaults
+# rhel/alt update init
+sudo chkconfig --add wg-heavy@wg1.service
+```
+
+```bash
+# start service
+sudo service wg-heavy@wg1 start
+sudo service wg-heavy@wg1 status
+```
--- a/wg-heavy@wg1.service
+++ b/wg-heavy@wg1.service
@ -0,0 +1,59 @@
+#! /bin/sh
+# chkconfig: 2345 20 80
+
+### BEGIN INIT INFO
+# Provides:				wireguard
+# Required-Start:		$all
+# Required-Stop:	
+# Default-Start:		2 3 4 5
+# Default-Stop:		
+# Short-Description:	Launch Wireguard without creating route table
+### END INIT INFO
+
+wifname=$(basename -s .service "$0" | cut -d'@' -f2)
+wifaddr=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'Address' | cut -d'=' -f2- | tr -d ' ')
+wg_pkey=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PrivateKey' | cut -d'=' -f2- | tr -d ' ')
+wg_cert=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PublicKey' | cut -d'=' -f2- | tr -d ' ')
+wg_port=51820
+wg_endp=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | sudo grep 'Endpoint' | cut -d'=' -f2- | tr -d ' ')
+wgallow=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'AllowedIPs' | cut -d'=' -f2- | tr -d ' ')
+wgalive=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PersistentKeepalive' | cut -d'=' -f2- | tr -d ' ')
+
+start() {
+  ip link add dev "${wifname}" type wireguard && \
+  ip address add dev "${wifname}" "${wifaddr}"  && \
+  printf "%s" "${wg_pkey}" > "/etc/wireguard/${wifname}.key"  && \
+  wg set "${wifname}" \
+    listen-port "${wg_port}" \
+    private-key "/etc/wireguard/${wifname}.key" \
+    peer "${wg_cert}" \
+    allowed-ips "${wgallow}" \
+    endpoint "${wg_endp}" \
+    persistent-keepalive "${wgalive}" && \
+  ip link set up dev "${wifname}" || \
+  exit 1
+}
+
+stop() {
+  ip link set down dev "${wifname}"
+  ip address del dev "${wifname}" "${wifaddr}"
+  ip link del dev "${wifname}" type wireguard
+  rm -f "/etc/wireguard/${wifname}.key"
+}
+
+case "$1" in 
+    start)
+       start
+       ;;
+    stop)
+       stop
+       ;;
+    restart)
+       stop
+       start
+       ;;
+    *)
+       echo "Usage: $0 {start|stop|restart}"
+esac
+
+exit 0