pavel.muhortov/wireguard-management
1
0
Fork 0
generated from pavel.muhortov/template-bash
Code Issues Pull Requests Projects Releases Wiki Activity
master
wireguard-management/README.md

5.6 KiB
Raw Permalink Blame History

wireguard-management

Wireguard management and monitoring utils.

wg_status.py

Description:

Wireguard server status parser.

Dependencies:

  • privileged rights
  • Python 3 (tested version 3.9.5 on Debian GNU/Linux 11)
  • requests Python 3 module (tested version 2.31.0)
  • to use peer names instead of their public keys, the existence of a directory with configurations or public keys of peers is required
PARAMETERS DESCRIPTION DEFAULT
[-p, --peers_root] root path to peers configs or public keys /etc/wireguard/pki
[-f, --filter] client names filter by regex .*
[-g, --geo] check client real ip geo location (may be slow) None

Example usage with Zabbix agent:

# install dependencies
sudo pip install requests
# download
sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg_status.py -O /etc/wireguard/wg_status.py
sudo chmod +x /etc/wireguard/wg_status.py

# edit sudoers
sudo sh -c "echo '
zabbix  ALL=(ALL) NOPASSWD:/etc/wireguard/wg_status.py
' > /etc/sudoers.d/zabbix_agentd"
# check permission
sudo -u zabbix sudo /etc/wireguard/wg_status.py

# add UserParameter to Zabbix agent
sudo sh -c "echo '
Timeout=30
AllowRoot=0
UserParameter=discovery.wg, sudo /etc/wireguard/wg_status.py
' >> /etc/zabbix/zabbix_agentd.conf"
sudo systemctl restart zabbix-agent

Download Wireguard_by_Zabbix_agent.yaml template
Zabbix Server -> Configuration -> Templates -> Import template

wg-client-management.sh

Description:

Creating or deleting client config for wireguard and sending config and info to email/telegram.

Dependencies:

POSITION PARAMETERS DESCRIPTION DEFAULT
1 <ifname> wireguard interface name REQUIRED
2 add|del add or delete client config REQUIRED
3 <username> client username REQUIRED
4 <address> client ip address REQUIRED
5 <additional> client description
6 [-f],[--force] service will restart after add|del username

Example usage:

# create client config template
sudo tee /etc/wireguard/client.conf.default > /dev/null <<'EOF'
[Interface]
  Address = clientaddr/32
  PrivateKey = clientprivkey
  DNS = 1.1.1.1,8.8.8.8                       # edit this line!
[Peer]
  PublicKey = serverpublkey
  AllowedIPs = 10.0.0.0/8,192.168.0.0/16      # edit this line!
  Endpoint = server.public.address:51820      # edit this line!
  PersistentKeepalive = 5
EOF

# download
sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg-client-management.sh -O /etc/wireguard/wg-client-management.sh
sudo chmod +x /etc/wireguard/wg-client-management.sh
# create log directory
sudo mkdir /var/log/wireguard

# edit wg-client-management.conf
sudo tee /etc/wireguard/wg-client-management.conf > /dev/null <<'EOF'
# sendmail configuration
from=user@host.zone
pass=password
dest=user@host.zone
smtp=smtp.host.zone
port=587
# telegram configuration
API_KEY=YOURAPIKEY
CHAT_ID=-100123456789
THRD_ID=123
EOF

# create link
ln -s /etc/wireguard/wg-client-management.sh ./wg

# create client
sudo ./wg wg0 add username address

# delete client and restart service
sudo  ./wg wg0 del username address -f

# check journal
tail -f /var/log/wireguard/wg-client-management.log

wg-heavy@wg1.service

Description:

Launch Wireguard without creating route table.

Dependencies:

  • privileged rights
  • existing /etc/wireguard/wg1.conf

Example usage:

# download
sudo wget https://git.hmp.today/pavel.muhortov/wireguard-management/raw/branch/master/wg-heavy@wg1.service -O /etc/init.d/wg-heavy@wg1.service
sudo chmod +x /etc/init.d/wg-heavy@wg1.service

# debian update init
sudo update-rc.d wg-heavy@wg1.service defaults
# rhel/alt update init
sudo chkconfig --add wg-heavy@wg1.service

# start service
sudo service wg-heavy@wg1 start
sudo service wg-heavy@wg1 status