# wireguard-management

Wireguard management and monitoring utils.

* [`wg-client-management`.sh](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-client-management-sh)
* [`wg-connect-handling`.sh](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-connect-handling-sh)
* [`wg-heavy@wg1`.service](https://git.hmp.today/pavel.muhortov/wireguard-management#wg-heavy@wg1-service)

____

## `wg-client-management`.sh

**Description:**  
> Creating or deleting client config for wireguard and sending config and info to email.  

**Dependencies:**  
>
> * privileged rights
> * [wireguard](https://www.wireguard.com/) (tested version 1.0.2 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [qrencode](https://github.com/fukuchi/libqrencode) (tested version 4.1.1 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [grepcidr](https://github.com/ryantig/grepcidr) (tested version 2.0 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py)

|  POSITION | PARAMETERS   |       DESCRIPTION      |    DEFAULT    |
|-----------|--------------|------------------------|---------------|
|     1     |**add\|del**|add or delete client config|**REQUIRED**|
|     2     |**\<username\>**|client username|**REQUIRED**|
|     3     |**\<address\>**|client ip address|**REQUIRED**|
|     4     |**[-f]**,**[--force]**|service will restart after add\|del username||

Example usage:  

```bash
# download
sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg-client-management.sh -O /etc/wireguard/wg-client-management.sh
sudo chmod +x /etc/wireguard/wg-client-management.sh
```

```bash
# create link
ln -s /etc/wireguard/wg-client-management.sh ./wg
```

```bash
# create client
sudo ./wg add username address
```

```bash
# delete client and restart service
sudo  ./wg del username address -f
```

```bash
# check journal
tail -f /var/log/wireguard/wg.log
```

____

## `wg-connect-handling`.sh

**Description:**  
> Handling client connection and preparing stats for monitoring.  

**Dependencies:**  
>
> * privileged rights
> * [jq](https://github.com/stedolan/jq) (tested version 1.6 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [grepcidr](https://github.com/ryantig/grepcidr) (tested version 2.0 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/))
> * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py)
> * [bash](https://www.gnu.org/software/bash/) (tested versions: 5.1.4 on [Debian GNU/Linux 11](http://ftp.debian.org/debian/dists/bullseye/), 5.0.17 on [Ubuntu 20](https://wiki.ubuntu.com/FocalFossa/ReleaseNotes), 4.2.46 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009))

|  POSITION | PARAMETERS   |       DESCRIPTION      |    DEFAULT    |
|-----------|--------------|------------------------|---------------|
|     1     |**</path/to/dir>**|root path for counter, names, log|**REQUIRED**|
|     2     |**[mail]**|send email notification||
|     3     |**[geo]**|check client address geolocation||

Example usage:  

```bash
# download
sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg-connect-handling.sh -O /etc/wireguard/wg-connect-handling.sh
sudo chmod +x /etc/wireguard/wg-connect-handling.sh
```

```bash
# create root path for counter, names, log
sudo mkdir /var/log/wireguard
sudo chown -R root:root /var/log/wireguard
sudo chmod -R 755 /var/log/wireguard
```

```bash
# sudo crontab -e
* * * * * bash /etc/wireguard/wg-connect-handling.sh /var/log/wireguard mail geo
```

```bash
# check counter and names
watch cat /var/log/wireguard/wg-counts.log
# check journal
tail -f /var/log/wireguard/wg-connect-handling.log
```

____

## `wg-heavy@wg1`.service

**Description:**  
> Launch Wireguard without creating route table.  

**Dependencies:**  
>
> * privileged rights
> * existing /etc/wireguard/wg1.conf

Example usage:  

```bash
# download
sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg-heavy@wg1.service -O /etc/init.d/wg-heavy@wg1.service
sudo chmod +x /etc/init.d/wg-heavy@wg1.service
```

```bash
# debian update init
sudo update-rc.d wg-heavy@wg1.service defaults
# rhel/alt update init
sudo chkconfig --add wg-heavy@wg1.service
```

```bash
# start service
sudo service wg-heavy@wg1 start
sudo service wg-heavy@wg1 status
```