-
-
Save winjoda/09004df18bec2a661d8d2b3b2c283824 to your computer and use it in GitHub Desktop.
My own wg-client fork of Voxel firmware to add the option to stop the tunnel without rebooting the LBR20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- wg-client-orig 2022-12-03 15:31:20 | |
+++ wg-client-forked 2022-12-03 15:30:56 | |
@@ -15,11 +15,11 @@ | |
CONF_FILE="/etc/wireguard.conf" | |
start() { | |
- # Check if WireGuard client is enabled | |
- if [ ! "$WIREGUARD_ON" = "1" ]; then | |
- echo "WireGuard client is not enabled in nvram. Exit." | tee -a $LOG_FILE | |
- exit 0 | |
- fi | |
+ # REMOVED FOR TESTING -- Check if WireGuard client is enabled | |
+ #if [ ! "$WIREGUARD_ON" = "1" ]; then | |
+ # echo "WireGuard client is not enabled in nvram. Exit." | tee -a $LOG_FILE | |
+ # exit 0 | |
+ #fi | |
# Check WireGuard config file existence, exit if no such file | |
if [ ! -f "$CONF_FILE" ]; then | |
@@ -95,8 +95,10 @@ | |
echo "Start WireGuard client. Please wait." | tee -a $LOG_FILE | |
echo "IP of EndPoint $EndPoint is $IP." | tee -a $LOG_FILE | |
- sleep 25 | |
+ # sleep reduced from 25 to speed up testing | |
+ sleep 2 | |
+ | |
# WireGuard: create wg0 interface | |
insmod /lib/modules/"$KVER"/wireguard.ko | |
ip link add dev wg0 type wireguard | |
@@ -133,7 +135,7 @@ | |
ip route add $(ip route get "$IP" | sed '/ via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/{s/^\(.* via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/}' | head -n 1) 2>/dev/null | |
ip route add 0/1 dev wg0 | |
ip route add 128/1 dev wg0 | |
- ip route delete default | |
+ # ip route delete default | |
# Restart firewall to apply iptables rules for WireGuard | |
echo "Restart firewall to apply iptables rules for WireGuard client." | tee -a $LOG_FILE | |
@@ -143,4 +145,95 @@ | |
# Start DNSCrypt and Stubby | |
/etc/init.d/dnscrypt-proxy-2 start > /dev/null | |
/etc/init.d/stubby start > /dev/null | |
+} | |
+ | |
+stop() { | |
+ # Check if wg0 interface is available | |
+ ifconfig | grep -q wg0 | |
+ if [ $? -ne 0 ]; then | |
+ echo "Error: wg0 interface does not exist. Wireguard already seems to be down." | tee -a $LOG_FILE | |
+ exit 1 | |
+ fi | |
+ | |
+ #### Loading in variables (copied from start) | |
+ . $CONF_FILE | |
+ | |
+ # Check if value of EndPoint is defined | |
+ if [ -z "$EndPoint" ]; then | |
+ echo "Error: No EndPoint is defined." | tee -a $LOG_FILE | |
+ exit 1 | |
+ fi | |
+ | |
+ # Check if value of LocalIP is defined | |
+ if [ -z "$LocalIP" ]; then | |
+ echo "Error: No LocalIP is defined." | tee -a $LOG_FILE | |
+ exit 1 | |
+ fi | |
+ | |
+ # Check if value of PublicKey is defined | |
+ if [ -z "$PublicKey" ]; then | |
+ echo "Error: No PublicKey is defined." | tee -a $LOG_FILE | |
+ exit 1 | |
+ fi | |
+ | |
+ # Check if value of PrivateKey is defined | |
+ if [ -z "$PrivateKey" ]; then | |
+ echo "Error: No PrivateKey is defined." | tee -a $LOG_FILE | |
+ exit 1 | |
+ fi | |
+ | |
+ # Check if value of Port is defined | |
+ if [ -z "$Port" ]; then | |
+ echo "Error: No Port is defined." | tee -a $LOG_FILE | |
+ exit 1 | |
+ fi | |
+ | |
+ # Get IP(v4) of EndPoint | |
+ IP=$(nslookup "$EndPoint" | tail -n 1 | awk '{ print $3 }') | |
+ if [ -z "$IP" ]; then | |
+ echo "Error: Cannot get IP of $EndPoint." | tee -a $LOG_FILE | |
+ exit 1 | |
+ fi | |
+ | |
+ | |
+ echo "Stopping WireGuard client. Please wait." | tee -a $LOG_FILE | |
+ echo "This will fail if you edited the configuration after the wireguard tunnel was started." | tee -a $LOG_FILE | |
+ | |
+ sleep 2 | |
+ | |
+ # Stop DNSCrypt and Stubby | |
+ echo "Stopping dnscrypt and stubby." | |
+ /etc/init.d/dnscrypt-proxy-2 stop > /dev/null | |
+ /etc/init.d/stubby stop > /dev/null | |
+ | |
+ | |
+ # Remove the wireguard routing - this will revert traffic to original default gateway | |
+ echo "Restoring the original routes" | |
+ ip route del 128/1 dev wg0 | |
+ ip route del 0/1 dev wg0 | |
+ ip route del $(ip route get "$IP" | sed '/ via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/{s/^\(.* via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/}' | head -n 1) 2>/dev/null | |
+ | |
+ # WireGuard: create wg0 interface | |
+ echo "Bringing down the tunnel." | |
+ ip link set down dev wg0 | |
+ ip address del dev wg0 "$LocalIP" | |
+ ip link del dev wg0 type wireguard | |
+ | |
+ # Restart firewall to remove iptables rules for WireGuard | |
+ echo "Restart firewall to apply iptables rules for WireGuard client." | tee -a $LOG_FILE | |
+ net-wall rule | tee -a $LOG_FILE | |
+ net-wall start | tee -a $LOG_FILE | |
+ | |
+ # Sleep for a few seconds - this may not be required, but it helped in my testing. | |
+ sleep 5 | |
+ | |
+ # Check if wg0 interface is still available | |
+ ifconfig | grep -q wg0 | |
+ if [ $? -eq 0 ]; then | |
+ echo "Error: Cannot delete wg0." | tee -a $LOG_FILE | |
+ # exit 1 | |
+ else | |
+ echo "Success - wireguard tunnel wg0 is down." | |
+ fi | |
+ | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment