genneko/wgq-cfgen

## wgq-cfgen
#!/bin/sh
#
# wgq-cfgen - generates an initial configuration file pair for wg-quick
#
prog=$(basename $0)
bindir=$(dirname $(readlink -f $0))

echoerr() {
	echo "$@" >&2
}

usage() {
	echoerr "usage: $prog [options]"
	echoerr "    Generates an initial configuartion file pair for wg-quick."
	echoerr "    local config filename will be <ifname>.cfg"
	echoerr "    remote config filename will be <ifname>-<addr>.cfg"
	echoerr
	echoerr "    -a <addr>:<addr>: local:remote address [192.168.222.1:192.168.222.2]"
	echoerr "    -n <net,..>:<net,..>: local:remote networks (address/plen pairs) []"
	echoerr "    -p <port>[:<port>]: local:remote listen port [51820:51820]"
	echoerr "       * remote = local if only a single port (w/o colon) is specified."
	echoerr "    -e <addr>:<addr>: local:remote endpoint []"
	echoerr "    -i <ifname>[:<ifname>]: local and remote tunnel interface name [wg0:wg0]"
	echoerr "       * remote = local if only a single ifname (w/o colon) is specified."
	echoerr "    -f: force override existing config files"
	echoerr "    -s: dry-run. only outputs summary on console"
	echoerr "    -h: show this usage"
	echoerr
	echoerr "examples:"
	echoerr "    Connect two subnet 192.168.10.0/24 and 192.168.20.0/24"
	echoerr "    with a tunnel between 10.0.0.1 and 10.0.0.2."
	echoerr "    Tunnel interfaces are named wg1 on both side and"
	echoerr "    has the address 192.168.254.1 and 192.168.254.2."
	echoerr
	echoerr "    wgq-confgen -n 192.168.10.0/24:192.168.20.0/24 -e 10.0.0.1:10.0.0.2 -a 192.168.254.1:192.168.254.2 -i wg1"
	echoerr
}

usage_exit() {
	usage
	exit 1
}

has_colon() {
	local value="$1"
	echo "$value" | fgrep -q ':'
}

error_wo_colon() {
	local flag="$1"
	local value="$2"
	if ! has_colon "$value"; then
		echo "ERROR: -${flag} requires a colon. Check usage."
		usage_exit
	fi
}

DEFAULT_LADDR=192.168.222.1
DEFAULT_RADDR=192.168.222.2
DEFAULT_PORT=51820
DEFAULT_IFNAME=wg0

laddr=$DEFAULT_LADDR
raddr=$DEFAULT_RADDR
lnet=
rnet=
lport=$DEFAULT_PORT
rport=$DEFAULT_PORT
lep=
rep=
lifname=$DEFAULT_IFNAME
rifname=$DEFAULT_IFNAME
force=0
simulate=0
while getopts "a:n:p:e:i:fsh" opt
do
	case "$opt" in
		a)
			addrlist="$OPTARG"
			error_wo_colon a $addrlist
			laddr="${addrlist%%:*}"
			laddr="${laddr:-$DEFAULT_LADDR}"
			raddr="${addrlist##*:}"
			raddr="${raddr:-$DEFAULT_RADDR}"
			;;
		n)
			netlist="$OPTARG"
			error_wo_colon n $netlist
			lnet="${netlist%%:*}"
			lnet="${lnet:+$lnet}"
			rnet="${netlist##*:}"
			rnet="${rnet:+$rnet}"
			;;
		p)
			portlist="$OPTARG"
			if ! has_colon "$portlist"; then
				portlist="$portlist:$portlist"
			fi
			lport="${portlist%%:*}"
			lport="${lport:-$DEFAULT_PORT}"
			rport="${portlist##*:}"
			rport="${rport:-$DEFAULT_PORT}"
			;;
		e)
			eplist="$OPTARG"
			error_wo_colon e $eplist
			lep="${eplist%%:*}"
			rep="${eplist##*:}"
			;;
		i)
			ifnamelist="$OPTARG"
			if ! has_colon "$ifnamelist"; then
				ifnamelist="$ifnamelist:$ifnamelist"
			fi
			lifname="${ifnamelist%%:*}"
			lifname="${lifname:-$DEFAULT_IFNAME}"
			rifname="${ifnamelist##*:}"
			rifname="${rifname:-$DEFAULT_IFNAME}"
			;;
		f) force=1 ;;
		s) simulate=1 ;;
		h) usage_exit ;;
		*) usage_exit ;;
	esac
done
shift $(( $OPTIND - 1 ))

if [ "$simulate" -eq 1 ]; then
	echoerr "laddr=$laddr"
	echoerr "raddr=$raddr"
	echoerr "lnet=$lnet"
	echoerr "rnet=$rnet"
	echoerr "lport=$lport"
	echoerr "rport=$rport"
	echoerr "lep=$lep"
	echoerr "rep=$rep"
	echoerr "lifname=$lifname"
	echoerr "rifname=$rifname"
	exit 0
fi

lprivate=$(wg genkey)
lpublic=$(echo $lprivate | wg pubkey)
rprivate=$(wg genkey)
rpublic=$(echo $rprivate | wg pubkey)

if [ -e "${lifname}.conf" -a "$force" -ne 1 ]; then
	echoerr "Local configuration file '${lifname}.conf' already exists. Use -f to overwrite."
	exit 1
elif [ -e "${rifname}-${raddr}.conf" -a "$force" -ne 1 ]; then
	echoerr "Remote configuration file '${rifname}-${raddr}.conf' already exists. Use -f to overwrite."
	exit 1
fi

umask 077
cat <<EOS> ${lifname}.conf
[Interface]
Address = ${laddr}/32
PrivateKey = ${lprivate}
ListenPort = ${lport}

[Peer]
PublicKey = ${rpublic}
AllowedIPs = ${raddr}/32${rnet:+,${rnet}}
${rep:+Endpoint = ${rep}:${rport}}
EOS

cat <<EOS> ${rifname}-${raddr}.conf
[Interface]
Address = ${raddr}/32
PrivateKey = ${rprivate}
ListenPort = ${rport}

[Peer]
PublicKey = ${lpublic}
AllowedIPs = ${laddr}/32${lnet:+,${lnet}}
${lep:+Endpoint = ${lep}:${lport}}
EOS

exit 0
	#!/bin/sh
	#
	# wgq-cfgen - generates an initial configuration file pair for wg-quick
	#
	prog=$(basename $0)
	bindir=$(dirname $(readlink -f $0))

	echoerr() {
	echo "$@" >&2
	}

	usage() {
	echoerr "usage: $prog [options]"
	echoerr " Generates an initial configuartion file pair for wg-quick."
	echoerr " local config filename will be <ifname>.cfg"
	echoerr " remote config filename will be <ifname>-<addr>.cfg"
	echoerr
	echoerr " -a <addr>:<addr>: local:remote address [192.168.222.1:192.168.222.2]"
	echoerr " -n <net,..>:<net,..>: local:remote networks (address/plen pairs) []"
	echoerr " -p <port>[:<port>]: local:remote listen port [51820:51820]"
	echoerr " * remote = local if only a single port (w/o colon) is specified."
	echoerr " -e <addr>:<addr>: local:remote endpoint []"
	echoerr " -i <ifname>[:<ifname>]: local and remote tunnel interface name [wg0:wg0]"
	echoerr " * remote = local if only a single ifname (w/o colon) is specified."
	echoerr " -f: force override existing config files"
	echoerr " -s: dry-run. only outputs summary on console"
	echoerr " -h: show this usage"
	echoerr
	echoerr "examples:"
	echoerr " Connect two subnet 192.168.10.0/24 and 192.168.20.0/24"
	echoerr " with a tunnel between 10.0.0.1 and 10.0.0.2."
	echoerr " Tunnel interfaces are named wg1 on both side and"
	echoerr " has the address 192.168.254.1 and 192.168.254.2."
	echoerr
	echoerr " wgq-confgen -n 192.168.10.0/24:192.168.20.0/24 -e 10.0.0.1:10.0.0.2 -a 192.168.254.1:192.168.254.2 -i wg1"
	echoerr
	}

	usage_exit() {
	usage
	exit 1
	}

	has_colon() {
	local value="$1"
	echo "$value" \| fgrep -q ':'
	}

	error_wo_colon() {
	local flag="$1"
	local value="$2"
	if ! has_colon "$value"; then
	echo "ERROR: -${flag} requires a colon. Check usage."
	usage_exit
	fi
	}

	DEFAULT_LADDR=192.168.222.1
	DEFAULT_RADDR=192.168.222.2
	DEFAULT_PORT=51820
	DEFAULT_IFNAME=wg0

	laddr=$DEFAULT_LADDR
	raddr=$DEFAULT_RADDR
	lnet=
	rnet=
	lport=$DEFAULT_PORT
	rport=$DEFAULT_PORT
	lep=
	rep=
	lifname=$DEFAULT_IFNAME
	rifname=$DEFAULT_IFNAME
	force=0
	simulate=0
	while getopts "a:n:p:e:i:fsh" opt
	do
	case "$opt" in
	a)
	addrlist="$OPTARG"
	error_wo_colon a $addrlist
	laddr="${addrlist%%:*}"
	laddr="${laddr:-$DEFAULT_LADDR}"
	raddr="${addrlist##*:}"
	raddr="${raddr:-$DEFAULT_RADDR}"
	;;
	n)
	netlist="$OPTARG"
	error_wo_colon n $netlist
	lnet="${netlist%%:*}"
	lnet="${lnet:+$lnet}"
	rnet="${netlist##*:}"
	rnet="${rnet:+$rnet}"
	;;
	p)
	portlist="$OPTARG"
	if ! has_colon "$portlist"; then
	portlist="$portlist:$portlist"
	fi
	lport="${portlist%%:*}"
	lport="${lport:-$DEFAULT_PORT}"
	rport="${portlist##*:}"
	rport="${rport:-$DEFAULT_PORT}"
	;;
	e)
	eplist="$OPTARG"
	error_wo_colon e $eplist
	lep="${eplist%%:*}"
	rep="${eplist##*:}"
	;;
	i)
	ifnamelist="$OPTARG"
	if ! has_colon "$ifnamelist"; then
	ifnamelist="$ifnamelist:$ifnamelist"
	fi
	lifname="${ifnamelist%%:*}"
	lifname="${lifname:-$DEFAULT_IFNAME}"
	rifname="${ifnamelist##*:}"
	rifname="${rifname:-$DEFAULT_IFNAME}"
	;;
	f) force=1 ;;
	s) simulate=1 ;;
	h) usage_exit ;;
	*) usage_exit ;;
	esac
	done
	shift $(( $OPTIND - 1 ))

	if [ "$simulate" -eq 1 ]; then
	echoerr "laddr=$laddr"
	echoerr "raddr=$raddr"
	echoerr "lnet=$lnet"
	echoerr "rnet=$rnet"
	echoerr "lport=$lport"
	echoerr "rport=$rport"
	echoerr "lep=$lep"
	echoerr "rep=$rep"
	echoerr "lifname=$lifname"
	echoerr "rifname=$rifname"
	exit 0
	fi

	lprivate=$(wg genkey)
	lpublic=$(echo $lprivate \| wg pubkey)
	rprivate=$(wg genkey)
	rpublic=$(echo $rprivate \| wg pubkey)

	if [ -e "${lifname}.conf" -a "$force" -ne 1 ]; then
	echoerr "Local configuration file '${lifname}.conf' already exists. Use -f to overwrite."
	exit 1
	elif [ -e "${rifname}-${raddr}.conf" -a "$force" -ne 1 ]; then
	echoerr "Remote configuration file '${rifname}-${raddr}.conf' already exists. Use -f to overwrite."
	exit 1
	fi

	umask 077
	cat <<EOS> ${lifname}.conf
	[Interface]
	Address = ${laddr}/32
	PrivateKey = ${lprivate}
	ListenPort = ${lport}

	[Peer]
	PublicKey = ${rpublic}
	AllowedIPs = ${raddr}/32${rnet:+,${rnet}}
	${rep:+Endpoint = ${rep}:${rport}}
	EOS

	cat <<EOS> ${rifname}-${raddr}.conf
	[Interface]
	Address = ${raddr}/32
	PrivateKey = ${rprivate}
	ListenPort = ${rport}

	[Peer]
	PublicKey = ${lpublic}
	AllowedIPs = ${laddr}/32${lnet:+,${lnet}}
	${lep:+Endpoint = ${lep}:${lport}}
	EOS

	exit 0