Skip to content

Instantly share code, notes, and snippets.

@maxried
Created January 17, 2020 14:46
Show Gist options
  • Save maxried/ac3f1a682bdc108098494993498b5e5d to your computer and use it in GitHub Desktop.
Save maxried/ac3f1a682bdc108098494993498b5e5d to your computer and use it in GitHub Desktop.
Wireguard in initrd

These scripts allow you to have a wireguard connection in your initrd. Make sure you have wireguard installed on your system and a busybox which supports ip, nslookup. If it does not work, change the copy_exec line for busybox in the hook and replace it with a better one. It reads /etc/wireguard/initramdisk.conf and expects at least one comment specifying all ip addresses like so: # Address = 1.2.3.4/12. Tested on Ubuntu 19.10.

#!/bin/sh
# /etc/initramfs-tools/hooks/wg
set -e
PREREQ=""
prereqs()
{
echo "${PREREQ}"
}
case "${1}" in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
force_load wireguard
copy_exec $(which wg)
copy_exec /usr/lib/initramfs-tools/bin/busybox-wg /bin/busybox-wg
copy_file config /etc/wireguard/initramdisk.conf /etc/wireguard/initramdisk.conf
#!/bin/sh
# /etc/initramfs-tools/scripts/init-bottom/wg-down
PREREQ=""
prereqs()
{
echo "$PREREQ"
}
case $1 in
prereqs)
prereqs
exit 0
;;
esac
IP_TOOL="/sbin/ip"
if [ "$(which busybox-wg)" ] ; then
IP_TOOL="$(which busybox-wg) ip"
echo "Found busybox-wg."
fi
echo "IP_TOOL is $IP_TOOL"
$IP_TOOL link delete wgInit
#!/bin/sh
# /etc/initramfs-tools/scripts/init-premount/wg-up
PREREQ="udev"
prereqs() {
echo "$PREREQ"
}
case "$1" in
prereqs)
prereqs
exit 0
;;
esac
[ "$IP" != off -a "$IP" != none ] || exit 0
. /scripts/functions
BLOCKING="y"
IP_TOOL="/sbin/ip"
NSLOOKUP_TOOL="nslookup"
setup_wg() {
configure_networking
CONFIG="/etc/wireguard/initramdisk.conf"
NAMESERVER="8.8.8.8"
if [ "$IPV4DNS0" ] ; then
echo "Using DNS0 server provided by ipconfig: $IPV4DNS0"
NAMESERVER="$IPV4DNS0"
else
echo "Using default DNS server: $NAMESERVER"
fi
ENDPOINTS=$(grep "^\s*EndPoint\s*=\s*.*:[0-9]*$" "$CONFIG" | grep -Ev "\s[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:" | grep -Ev "\s\[.+\]:")
while read LINE;
do
HOST=$(echo "$LINE" | cut -d':' -f1 | cut -d'=' -f2 | tr -d ' ')
echo "Looking up $HOST using $NAMESERVER"
$NSLOOKUP_TOOL -type=A "$HOST" "$NAMESERVER" | grep -A999 "nswer:" | grep "^Address: " | cut -d":" -f2- | sed -r "s/\s*(.*)/\1\t$HOST/g" >> /etc/hosts
done <<EOF
$ENDPOINTS
EOF
echo "Create interface"
$IP_TOOL link add dev wgInit type wireguard
echo "Stripping config"
grep -v "^\s*#\?\s*Address\s*=.*" $CONFIG > $CONFIG.strip
echo "Configure interface"
wg setconf wgInit $CONFIG.strip
echo "Upping interface"
$IP_TOOL link set dev wgInit up
for I in $(grep "^.*#\?\s*Address\s*=\s*..*" $CONFIG | cut -d "=" -f2 | tr -d ',')
do
echo "Add address $I to interface wgInit"
$IP_TOOL address add $I dev wgInit
done
for I in $(wg show wgInit | grep "allowed ips" | cut -d':' -f2- | tr -d ",")
do
echo "Adding route $I to wgInit"
$IP_TOOL route add $I dev wgInit
done
echo ============Summary===========
wg
echo ==============================
cat /run/net-enp4s0.conf
}
if [ "$(which busybox-wg)" ] ; then
IP_TOOL="$(which busybox-wg) ip"
NSLOOKUP_TOOL="$(which busybox-wg) nslookup"
echo "Found busybox-wg."
fi
echo "IP_TOOL is $IP_TOOL"
echo "NSLOOKUP_TOOL is $NSLOOKUP_TOOL"
if [ "$BLOCKING" = "y" ] ; then
setup_wg
else
setup_wg &
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment