Created
November 22, 2022 13:22
-
-
Save piggynl/f8c136fc17170e37f3e6faa59a580d6f to your computer and use it in GitHub Desktop.
My script to add a peer in DN42.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
if [ "$(id -u -n)" != "root" ]; then | |
echo "You need to run this script as root" | |
exit 1 | |
fi | |
WG_PRIVKEY= | |
WG_PUBKEY= | |
LINK_LOCAL_ADDR= | |
IPV4_ADDR= | |
IPV6_ADDR= | |
if [ "$(echo $WG_PRIVKEY | wg pubkey)" != "$WG_PUBKEY" ]; then | |
echo "WireGuard key integrity check failed" | |
exit 1 | |
fi | |
read -p "Peer ASN: " -e -i "424242" PEER_ASN | |
PEER_ASN_NUMBER=$(echo "$PEER_ASN" | tr -cd "[:digit:]") | |
if [ "$PEER_ASN_NUMBER" != "$PEER_ASN" ]; then | |
echo "Invalid peer ASN" | |
exit 1 | |
fi | |
if [ "$PEER_ASN" -le 0 -o "$PEER_ASN" -ge "$((2 ** 32))" ]; then | |
echo "Invalid peer ASN" | |
exit 1 | |
fi | |
if [ "$PEER_ASN" -ge 4242420000 -a "$PEER_ASN" -le 4242423999 ]; then | |
LISTEN_PORT=$((20000 + "$PEER_ASN" % 10000)) | |
PEER_HANDLE=$(("$PEER_ASN" % 10000)) | |
else | |
LISTEN_PORT=$((30000 + "$PEER_ASN" % 1000)) | |
PEER_HANDLE="as$PEER_ASN" | |
fi | |
read -p "Local link-local address: " -e -i "$LINK_LOCAL_ADDR" LINK_LOCAL_ADDR | |
if [ -z "$LINK_LOCAL_ADDR" ]; then | |
echo "Invalid local link-local address" | |
exit 1 | |
fi | |
read -p "Peer WireGuard public key: " PEER_PUBKEY | |
if [ -z "$PEER_PUBKEY" ]; then | |
echo "Invalid peer WireGuard public key" | |
exit 1 | |
fi | |
INTERFACE_NAME="dn42-$PEER_HANDLE" | |
WG_CONFIG_FILENAME="/etc/wireguard/$INTERFACE_NAME.conf" | |
WG_CONFIG="[Interface] | |
PrivateKey = $WG_PRIVKEY | |
Address = $LINK_LOCAL_ADDR | |
PostUp = ip addr add $IPV4_ADDR/32 dev %i | |
PostUp = ip addr add $IPV6_ADDR/128 dev %i | |
ListenPort = $LISTEN_PORT | |
Table = off | |
[Peer] | |
PublicKey = $PEER_PUBKEY | |
" | |
read -p "WireGuard preshared key (optional): " WG_PSK | |
if [ -n "$WG_PSK" ]; then | |
WG_CONFIG+="PresharedKey = $WG_PSK | |
" | |
fi | |
read -p "Peer endpoint (optional): " PEER_ENDPOINT | |
if [ -n "$PEER_ENDPOINT" ]; then | |
WG_CONFIG+="EndPoint = $PEER_ENDPOINT | |
" | |
fi | |
WG_CONFIG+="AllowedIPs = 172.16.0.0/12, 10.0.0.0/8, fd00::/8, fe80::/64 | |
" | |
read -p "Peer link-local address: " PEER_LINK_LOCAL_ADDR | |
if [ -z "$PEER_LINK_LOCAL_ADDR" ]; then | |
echo "Invalid peer link-local address" | |
exit 1; | |
fi | |
BIRD_PROTOCOL_NAME="dn42_$PEER_HANDLE" | |
BIRD_CONFIG_FILENAME="/etc/bird/peers/$BIRD_PROTOCOL_NAME.conf" | |
BIRD_CONFIG="protocol bgp $BIRD_PROTOCOL_NAME from dnpeers { | |
neighbor $PEER_LINK_LOCAL_ADDR%'$INTERFACE_NAME' as $PEER_ASN; | |
direct; | |
} | |
" | |
echo | |
echo "========== $WG_CONFIG_FILENAME ==========" | |
echo "$WG_CONFIG" | |
echo "========== $BIRD_CONFIG_FILENAME ==========" | |
echo "$BIRD_CONFIG" | |
read -p "Confirm? (YES) " CONFIRM | |
if [ "$CONFIRM" != "YES" ]; then | |
echo "Abort" | |
exit 1 | |
fi | |
echo -n "$WG_CONFIG" > "$WG_CONFIG_FILENAME" | |
chmod 600 "$WG_CONFIG_FILENAME" | |
systemctl enable --now "wg-quick@$INTERFACE_NAME" | |
echo -n "$BIRD_CONFIG" > "$BIRD_CONFIG_FILENAME" | |
chown bird:bird "$BIRD_CONFIG_FILENAME" | |
birdc configure |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment