63 lines
1.6 KiB
Bash
63 lines
1.6 KiB
Bash
#!/bin/sh
|
|
|
|
# https://openwrt.org/docs/guide-user/services/vpn/wireguard/client
|
|
|
|
# Install packages
|
|
opkg update
|
|
# 21.02 or above
|
|
opkg install wireguard-tools
|
|
|
|
# Configuration parameters
|
|
WG_IF="vpn"
|
|
WG_SERV="SERVER_ADDRESS"
|
|
WG_PORT="51820"
|
|
WG_ADDR="192.168.9.2/24"
|
|
WG_ADDR6="fdf1:e8a1:8d3f:9::2/64"
|
|
|
|
# Generate keys
|
|
umask go=
|
|
wg genkey | tee wgserver.key | wg pubkey > wgserver.pub
|
|
wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
|
|
wg genpsk > wgclient.psk
|
|
|
|
# Client private key
|
|
WG_KEY="$(cat wgclient.key)"
|
|
|
|
# Pre-shared key
|
|
WG_PSK="$(cat wgclient.psk)"
|
|
|
|
# Server public key
|
|
WG_PUB="$(cat wgserver.pub)"
|
|
|
|
# Configure firewall
|
|
uci rename firewall.@zone[0]="lan"
|
|
uci rename firewall.@zone[1]="wan"
|
|
uci del_list firewall.wan.network="${WG_IF}"
|
|
uci add_list firewall.wan.network="${WG_IF}"
|
|
uci commit firewall
|
|
/etc/init.d/firewall restart
|
|
|
|
# Configure network
|
|
uci -q delete network.${WG_IF}
|
|
uci set network.${WG_IF}="interface"
|
|
uci set network.${WG_IF}.proto="wireguard"
|
|
uci set network.${WG_IF}.private_key="${WG_KEY}"
|
|
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
|
|
uci add_list network.${WG_IF}.addresses="${WG_ADDR6}"
|
|
|
|
# Add VPN peers
|
|
uci -q delete network.wgserver
|
|
uci set network.wgserver="wireguard_${WG_IF}"
|
|
uci set network.wgserver.public_key="${WG_PUB}"
|
|
uci set network.wgserver.preshared_key="${WG_PSK}"
|
|
uci set network.wgserver.endpoint_host="${WG_SERV}"
|
|
uci set network.wgserver.endpoint_port="${WG_PORT}"
|
|
uci set network.wgserver.route_allowed_ips="1"
|
|
uci set network.wgserver.persistent_keepalive="25"
|
|
uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
|
|
uci add_list network.wgserver.allowed_ips="::/0"
|
|
uci commit network
|
|
/etc/init.d/network restart
|
|
|
|
|