From 28312c1cf0f291c21529df137697d567ebb5d7d2 Mon Sep 17 00:00:00 2001 From: Pavel Muhortov Date: Tue, 30 May 2023 15:46:28 +0300 Subject: [PATCH] add wg-heavy --- README.md | 34 +++++++++++++++++++++++++ wg-heavy@wg1.service | 59 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+) create mode 100644 wg-heavy@wg1.service diff --git a/README.md b/README.md index fed79b9..be0800f 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ Wireguard management and monitoring utils. * [`wg-client-management`.sh](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-client-management-sh) * [`wg-connect-handling`.sh](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-connect-handling-sh) +* [`wg-heavy@wg1`.service](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-heavy@wg1-service) ____ @@ -104,3 +105,36 @@ watch cat /var/log/wireguard/wg-counts.log # check journal tail -f /var/log/wireguard/wg-connect-handling.log ``` + +____ + +## `wg-heavy@wg1`.service + +**Description:** +> Launch Wireguard without creating route table. + +**Dependencies:** +> +> * privileged rights +> * existing /etc/wireguard/wg1.conf + +Example usage: + +```bash +# download +sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg-heavy@wg1.service -O /etc/init.d/wg-heavy@wg1.service +sudo chmod +x /etc/init.d/wg-heavy@wg1.service +``` + +```bash +# debian update init +sudo update-rc.d wg-heavy@wg1.service defaults +# rhel/alt update init +sudo chkconfig --add wg-heavy@wg1.service +``` + +```bash +# start service +sudo service wg-heavy@wg1 start +sudo service wg-heavy@wg1 status +``` diff --git a/wg-heavy@wg1.service b/wg-heavy@wg1.service new file mode 100644 index 0000000..6e20d2c --- /dev/null +++ b/wg-heavy@wg1.service @@ -0,0 +1,59 @@ +#! /bin/sh +# chkconfig: 2345 20 80 + +### BEGIN INIT INFO +# Provides: wireguard +# Required-Start: $all +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Launch Wireguard without creating route table +### END INIT INFO + +wifname=$(basename -s .service "$0" | cut -d'@' -f2) +wifaddr=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'Address' | cut -d'=' -f2- | tr -d ' ') +wg_pkey=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PrivateKey' | cut -d'=' -f2- | tr -d ' ') +wg_cert=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PublicKey' | cut -d'=' -f2- | tr -d ' ') +wg_port=51820 +wg_endp=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | sudo grep 'Endpoint' | cut -d'=' -f2- | tr -d ' ') +wgallow=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'AllowedIPs' | cut -d'=' -f2- | tr -d ' ') +wgalive=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PersistentKeepalive' | cut -d'=' -f2- | tr -d ' ') + +start() { + ip link add dev "${wifname}" type wireguard && \ + ip address add dev "${wifname}" "${wifaddr}" && \ + printf "%s" "${wg_pkey}" > "/etc/wireguard/${wifname}.key" && \ + wg set "${wifname}" \ + listen-port "${wg_port}" \ + private-key "/etc/wireguard/${wifname}.key" \ + peer "${wg_cert}" \ + allowed-ips "${wgallow}" \ + endpoint "${wg_endp}" \ + persistent-keepalive "${wgalive}" && \ + ip link set up dev "${wifname}" || \ + exit 1 +} + +stop() { + ip link set down dev "${wifname}" + ip address del dev "${wifname}" "${wifaddr}" + ip link del dev "${wifname}" type wireguard + rm -f "/etc/wireguard/${wifname}.key" +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + *) + echo "Usage: $0 {start|stop|restart}" +esac + +exit 0 \ No newline at end of file