pavel.muhortov/wireguard-management
1
0
Fork 0
generated from pavel.muhortov/template-bash
Code Issues Pull Requests Projects Releases Wiki Activity

add wg-heavy

Browse Source
This commit is contained in:
Pavel Muhortov 2023-05-30 15:46:28 +03:00
parent 64257d8a58
commit 28312c1cf0
2 changed files with 93 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
README.md
View File

@ -4,6 +4,7 @@ Wireguard management and monitoring utils.
* [`wg-client-management`.sh](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-client-management-sh) * [`wg-client-management`.sh](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-client-management-sh)
* [`wg-connect-handling`.sh](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-connect-handling-sh) * [`wg-connect-handling`.sh](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-connect-handling-sh)
* [`wg-heavy@wg1`.service](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-heavy@wg1-service)
____ ____
@ -104,3 +105,36 @@ watch cat /var/log/wireguard/wg-counts.log
# check journal # check journal
tail -f /var/log/wireguard/wg-connect-handling.log tail -f /var/log/wireguard/wg-connect-handling.log
``` ```
____
## `wg-heavy@wg1`.service
**Description:**
> Launch Wireguard without creating route table.
**Dependencies:**
>
> * privileged rights
> * existing /etc/wireguard/wg1.conf
Example usage:
```bash
# download
sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg-heavy@wg1.service -O /etc/init.d/wg-heavy@wg1.service
sudo chmod +x /etc/init.d/wg-heavy@wg1.service
```
```bash
# debian update init
sudo update-rc.d wg-heavy@wg1.service defaults
# rhel/alt update init
sudo chkconfig --add wg-heavy@wg1.service
```
```bash
# start service
sudo service wg-heavy@wg1 start
sudo service wg-heavy@wg1 status
```

59
wg-heavy@wg1.service Normal file
View File

@ -0,0 +1,59 @@
#! /bin/sh
# chkconfig: 2345 20 80
### BEGIN INIT INFO
# Provides: wireguard
# Required-Start: $all
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop:
# Short-Description: Launch Wireguard without creating route table
### END INIT INFO
wifname=$(basename -s .service "$0" | cut -d'@' -f2)
wifaddr=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'Address' | cut -d'=' -f2- | tr -d ' ')
wg_pkey=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PrivateKey' | cut -d'=' -f2- | tr -d ' ')
wg_cert=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PublicKey' | cut -d'=' -f2- | tr -d ' ')
wg_port=51820
wg_endp=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | sudo grep 'Endpoint' | cut -d'=' -f2- | tr -d ' ')
wgallow=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'AllowedIPs' | cut -d'=' -f2- | tr -d ' ')
wgalive=$(grep -v '#' "/etc/wireguard/${wifname}.conf" | grep 'PersistentKeepalive' | cut -d'=' -f2- | tr -d ' ')
start() {
ip link add dev "${wifname}" type wireguard && \
ip address add dev "${wifname}" "${wifaddr}" && \
printf "%s" "${wg_pkey}" > "/etc/wireguard/${wifname}.key" && \
wg set "${wifname}" \
listen-port "${wg_port}" \
private-key "/etc/wireguard/${wifname}.key" \
peer "${wg_cert}" \
allowed-ips "${wgallow}" \
endpoint "${wg_endp}" \
persistent-keepalive "${wgalive}" && \
ip link set up dev "${wifname}" || \
exit 1
}
stop() {
ip link set down dev "${wifname}"
ip address del dev "${wifname}" "${wifaddr}"
ip link del dev "${wifname}" type wireguard
rm -f "/etc/wireguard/${wifname}.key"
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Usage: $0 {start|stop|restart}"
esac
exit 0