2 # Copyright 2016-2017 Dan Luedtke <mail@danrl.com>
3 # Licensed to the public under the Apache License 2.0.
8 logger -t "wireguard" "error: missing wireguard-tools (${WG})"
13 [ -n "$INCLUDE_ONLY" ] || {
20 proto_wireguard_init_config() {
21 proto_config_add_string "private_key"
22 proto_config_add_int "listen_port"
23 proto_config_add_int "mtu"
24 proto_config_add_string "fwmark"
30 proto_wireguard_setup_peer() {
31 local peer_config="$1"
36 local route_allowed_ips
39 local persistent_keepalive
41 config_get public_key "${peer_config}" "public_key"
42 config_get preshared_key "${peer_config}" "preshared_key"
43 config_get allowed_ips "${peer_config}" "allowed_ips"
44 config_get_bool route_allowed_ips "${peer_config}" "route_allowed_ips" 0
45 config_get endpoint_host "${peer_config}" "endpoint_host"
46 config_get endpoint_port "${peer_config}" "endpoint_port"
47 config_get persistent_keepalive "${peer_config}" "persistent_keepalive"
50 echo "[Peer]" >> "${wg_cfg}"
51 echo "PublicKey=${public_key}" >> "${wg_cfg}"
52 if [ "${preshared_key}" ]; then
53 echo "PresharedKey=${preshared_key}" >> "${wg_cfg}"
55 for allowed_ip in $allowed_ips; do
56 echo "AllowedIPs=${allowed_ip}" >> "${wg_cfg}"
58 if [ "${endpoint_host}" ]; then
59 case "${endpoint_host}" in
61 endpoint="[${endpoint_host}]"
64 endpoint="${endpoint_host}"
67 if [ "${endpoint_port}" ]; then
68 endpoint="${endpoint}:${endpoint_port}"
70 endpoint="${endpoint}:51820"
72 echo "Endpoint=${endpoint}" >> "${wg_cfg}"
74 if [ "${persistent_keepalive}" ]; then
75 echo "PersistentKeepalive=${persistent_keepalive}" >> "${wg_cfg}"
78 # add routes for allowed ips
79 if [ ${route_allowed_ips} -ne 0 ]; then
80 for allowed_ip in ${allowed_ips}; do
81 case "${allowed_ip}" in
83 proto_add_ipv6_route "${allowed_ip%%/*}" "${allowed_ip##*/}"
86 proto_add_ipv4_route "${allowed_ip%%/*}" "${allowed_ip##*/}"
89 proto_add_ipv6_route "${allowed_ip%%/*}" "128"
92 proto_add_ipv4_route "${allowed_ip%%/*}" "32"
100 proto_wireguard_setup() {
102 local wg_dir="/tmp/wireguard"
103 local wg_cfg="${wg_dir}/${config}"
111 config_get private_key "${config}" "private_key"
112 config_get listen_port "${config}" "listen_port"
113 config_get addresses "${config}" "addresses"
114 config_get mtu "${config}" "mtu"
115 config_get fwmark "${config}" "fwmark"
116 config_get ip6prefix "${config}" "ip6prefix"
119 ip link del dev "${config}" 2>/dev/null
120 ip link add dev "${config}" type wireguard
122 if [ "${mtu}" ]; then
123 ip link set mtu "${mtu}" dev "${config}"
126 proto_init_update "${config}" 1
128 # generate configuration file
131 echo "[Interface]" > "${wg_cfg}"
132 echo "PrivateKey=${private_key}" >> "${wg_cfg}"
133 if [ "${listen_port}" ]; then
134 echo "ListenPort=${listen_port}" >> "${wg_cfg}"
136 if [ "${fwmark}" ]; then
137 echo "FwMark=${fwmark}" >> "${wg_cfg}"
139 config_foreach proto_wireguard_setup_peer "wireguard_${config}"
141 # apply configuration file
142 ${WG} setconf ${config} "${wg_cfg}"
145 # delete configuration file
149 if [ ${WG_RETURN} -ne 0 ]; then
151 proto_setup_failed "${config}"
156 for address in ${addresses}; do
159 proto_add_ipv6_address "${address%%/*}" "${address##*/}"
162 proto_add_ipv4_address "${address%%/*}" "${address##*/}"
165 proto_add_ipv6_address "${address%%/*}" "128"
168 proto_add_ipv4_address "${address%%/*}" "32"
173 # support ip6 prefixes
174 for prefix in ${ip6prefix}; do
175 proto_add_ipv6_prefix "$prefix"
178 # endpoint dependency
179 wg show "${config}" endpoints | \
180 sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
181 while IFS=$'\t ' read -r key address port; do
182 [ -n "${port}" ] || continue
183 proto_add_host_dependency "${config}" "${address}"
186 proto_send_update "${config}"
190 proto_wireguard_teardown() {
192 ip link del dev "${config}" >/dev/null 2>&1
196 [ -n "$INCLUDE_ONLY" ] || {
197 add_protocol wireguard