winjoda/wg-client diff Secret

## wg-client diff
--- wg-client-orig	2022-12-03 15:31:20
+++ wg-client-forked	2022-12-03 15:30:56
@@ -15,11 +15,11 @@
 CONF_FILE="/etc/wireguard.conf"

 start() {
-	# Check if WireGuard client is enabled
-	if [ ! "$WIREGUARD_ON" = "1" ]; then
-		echo "WireGuard client is not enabled in nvram. Exit." | tee -a $LOG_FILE
-		exit 0
-	fi
+    # REMOVED FOR TESTING -- Check if WireGuard client is enabled
+    #if [ ! "$WIREGUARD_ON" = "1" ]; then
+    #    echo "WireGuard client is not enabled in nvram. Exit." | tee -a $LOG_FILE
+    #    exit 0
+    #fi

     # Check WireGuard config file existence, exit if no such file
     if [ ! -f "$CONF_FILE" ]; then
@@ -95,8 +95,10 @@
 	echo "Start WireGuard client. Please wait." | tee -a $LOG_FILE
 	echo "IP of EndPoint $EndPoint is $IP." | tee -a $LOG_FILE

-	sleep 25

+    # sleep reduced from 25 to speed up testing
+    sleep 2
+
     # WireGuard: create wg0 interface
     insmod /lib/modules/"$KVER"/wireguard.ko
     ip link add dev wg0 type wireguard
@@ -133,7 +135,7 @@
 	ip route add $(ip route get "$IP" | sed '/ via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/{s/^\(.* via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/}' | head -n 1) 2>/dev/null
 	ip route add 0/1 dev wg0
 	ip route add 128/1 dev wg0
-	ip route delete default
+    # ip route delete default

     # Restart firewall to apply iptables rules for WireGuard
     echo "Restart firewall to apply iptables rules for WireGuard client." | tee -a $LOG_FILE
@@ -143,4 +145,95 @@
     # Start DNSCrypt and Stubby
     /etc/init.d/dnscrypt-proxy-2 start > /dev/null
     /etc/init.d/stubby start > /dev/null
+}
+
+stop() {
+    # Check if wg0 interface is available
+    ifconfig | grep -q wg0
+    if [ $? -ne 0 ]; then
+        echo "Error: wg0 interface does not exist. Wireguard already seems to be down." | tee -a $LOG_FILE
+        exit 1
+    fi
+
+    #### Loading in variables (copied from start)
+        . $CONF_FILE
+
+    # Check if value of EndPoint is defined
+    if [ -z "$EndPoint" ]; then
+        echo "Error: No EndPoint is defined." | tee -a $LOG_FILE
+        exit 1
+    fi
+
+    # Check if value of LocalIP is defined
+    if [ -z "$LocalIP" ]; then
+        echo "Error: No LocalIP is defined." | tee -a $LOG_FILE
+        exit 1
+    fi
+
+    # Check if value of PublicKey is defined
+    if [ -z "$PublicKey" ]; then
+        echo "Error: No PublicKey is defined." | tee -a $LOG_FILE
+        exit 1
+    fi
+
+    # Check if value of PrivateKey is defined
+    if [ -z "$PrivateKey" ]; then
+        echo "Error: No PrivateKey is defined." | tee -a $LOG_FILE
+        exit 1
+    fi
+
+    # Check if value of Port is defined
+    if [ -z "$Port" ]; then
+        echo "Error: No Port is defined." | tee -a $LOG_FILE
+        exit 1
+    fi
+
+    # Get IP(v4) of EndPoint
+    IP=$(nslookup "$EndPoint" | tail -n 1 | awk '{ print $3 }')
+    if [ -z "$IP" ]; then
+        echo "Error: Cannot get IP of $EndPoint." | tee -a $LOG_FILE
+        exit 1
+    fi
+
+
+    echo "Stopping WireGuard client. Please wait." | tee -a $LOG_FILE
+    echo "This will fail if you edited the configuration after the wireguard tunnel was started." | tee -a $LOG_FILE
+
+    sleep 2
+
+    # Stop DNSCrypt and Stubby
+    echo "Stopping dnscrypt and stubby."
+    /etc/init.d/dnscrypt-proxy-2 stop > /dev/null
+    /etc/init.d/stubby stop > /dev/null
+
+
+    # Remove the wireguard routing - this will revert traffic to original default gateway
+    echo "Restoring the original routes"
+    ip route del 128/1 dev wg0
+    ip route del 0/1 dev wg0
+    ip route del $(ip route get "$IP" | sed '/ via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/{s/^\(.* via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/}' | head -n 1) 2>/dev/null
+
+    # WireGuard: create wg0 interface
+    echo "Bringing down the tunnel."
+    ip link set down dev wg0
+    ip address del dev wg0 "$LocalIP"
+    ip link del dev wg0 type wireguard
+
+    # Restart firewall to remove iptables rules for WireGuard
+    echo "Restart firewall to apply iptables rules for WireGuard client." | tee -a $LOG_FILE
+    net-wall rule | tee -a $LOG_FILE
+    net-wall start | tee -a $LOG_FILE
+
+    # Sleep for a few seconds - this may not be required, but it helped in my testing.
+    sleep 5
+
+    # Check if wg0 interface is still available
+    ifconfig | grep -q wg0
+    if [ $? -eq 0 ]; then
+        echo "Error: Cannot delete wg0." | tee -a $LOG_FILE
+    #    exit 1
+    else
+        echo "Success - wireguard tunnel wg0 is down."
+    fi
+
 }
	--- wg-client-orig 2022-12-03 15:31:20
	+++ wg-client-forked 2022-12-03 15:30:56
	@@ -15,11 +15,11 @@
	CONF_FILE="/etc/wireguard.conf"

	start() {
	- # Check if WireGuard client is enabled
	- if [ ! "$WIREGUARD_ON" = "1" ]; then
	- echo "WireGuard client is not enabled in nvram. Exit." \| tee -a $LOG_FILE
	- exit 0
	- fi
	+ # REMOVED FOR TESTING -- Check if WireGuard client is enabled
	+ #if [ ! "$WIREGUARD_ON" = "1" ]; then
	+ # echo "WireGuard client is not enabled in nvram. Exit." \| tee -a $LOG_FILE
	+ # exit 0
	+ #fi

	# Check WireGuard config file existence, exit if no such file
	if [ ! -f "$CONF_FILE" ]; then
	@@ -95,8 +95,10 @@
	echo "Start WireGuard client. Please wait." \| tee -a $LOG_FILE
	echo "IP of EndPoint $EndPoint is $IP." \| tee -a $LOG_FILE

	- sleep 25

	+ # sleep reduced from 25 to speed up testing
	+ sleep 2
	+
	# WireGuard: create wg0 interface
	insmod /lib/modules/"$KVER"/wireguard.ko
	ip link add dev wg0 type wireguard
	@@ -133,7 +135,7 @@
	ip route add $(ip route get "$IP" \| sed '/ via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/{s/^\(.* via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/}' \| head -n 1) 2>/dev/null
	ip route add 0/1 dev wg0
	ip route add 128/1 dev wg0
	- ip route delete default
	+ # ip route delete default

	# Restart firewall to apply iptables rules for WireGuard
	echo "Restart firewall to apply iptables rules for WireGuard client." \| tee -a $LOG_FILE
	@@ -143,4 +145,95 @@
	# Start DNSCrypt and Stubby
	/etc/init.d/dnscrypt-proxy-2 start > /dev/null
	/etc/init.d/stubby start > /dev/null
	+}
	+
	+stop() {
	+ # Check if wg0 interface is available
	+ ifconfig \| grep -q wg0
	+ if [ $? -ne 0 ]; then
	+ echo "Error: wg0 interface does not exist. Wireguard already seems to be down." \| tee -a $LOG_FILE
	+ exit 1
	+ fi
	+
	+ #### Loading in variables (copied from start)
	+ . $CONF_FILE
	+
	+ # Check if value of EndPoint is defined
	+ if [ -z "$EndPoint" ]; then
	+ echo "Error: No EndPoint is defined." \| tee -a $LOG_FILE
	+ exit 1
	+ fi
	+
	+ # Check if value of LocalIP is defined
	+ if [ -z "$LocalIP" ]; then
	+ echo "Error: No LocalIP is defined." \| tee -a $LOG_FILE
	+ exit 1
	+ fi
	+
	+ # Check if value of PublicKey is defined
	+ if [ -z "$PublicKey" ]; then
	+ echo "Error: No PublicKey is defined." \| tee -a $LOG_FILE
	+ exit 1
	+ fi
	+
	+ # Check if value of PrivateKey is defined
	+ if [ -z "$PrivateKey" ]; then
	+ echo "Error: No PrivateKey is defined." \| tee -a $LOG_FILE
	+ exit 1
	+ fi
	+
	+ # Check if value of Port is defined
	+ if [ -z "$Port" ]; then
	+ echo "Error: No Port is defined." \| tee -a $LOG_FILE
	+ exit 1
	+ fi
	+
	+ # Get IP(v4) of EndPoint
	+ IP=$(nslookup "$EndPoint" \| tail -n 1 \| awk '{ print $3 }')
	+ if [ -z "$IP" ]; then
	+ echo "Error: Cannot get IP of $EndPoint." \| tee -a $LOG_FILE
	+ exit 1
	+ fi
	+
	+
	+ echo "Stopping WireGuard client. Please wait." \| tee -a $LOG_FILE
	+ echo "This will fail if you edited the configuration after the wireguard tunnel was started." \| tee -a $LOG_FILE
	+
	+ sleep 2
	+
	+ # Stop DNSCrypt and Stubby
	+ echo "Stopping dnscrypt and stubby."
	+ /etc/init.d/dnscrypt-proxy-2 stop > /dev/null
	+ /etc/init.d/stubby stop > /dev/null
	+
	+
	+ # Remove the wireguard routing - this will revert traffic to original default gateway
	+ echo "Restoring the original routes"
	+ ip route del 128/1 dev wg0
	+ ip route del 0/1 dev wg0
	+ ip route del $(ip route get "$IP" \| sed '/ via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/{s/^\(.* via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/}' \| head -n 1) 2>/dev/null
	+
	+ # WireGuard: create wg0 interface
	+ echo "Bringing down the tunnel."
	+ ip link set down dev wg0
	+ ip address del dev wg0 "$LocalIP"
	+ ip link del dev wg0 type wireguard
	+
	+ # Restart firewall to remove iptables rules for WireGuard
	+ echo "Restart firewall to apply iptables rules for WireGuard client." \| tee -a $LOG_FILE
	+ net-wall rule \| tee -a $LOG_FILE
	+ net-wall start \| tee -a $LOG_FILE
	+
	+ # Sleep for a few seconds - this may not be required, but it helped in my testing.
	+ sleep 5
	+
	+ # Check if wg0 interface is still available
	+ ifconfig \| grep -q wg0
	+ if [ $? -eq 0 ]; then
	+ echo "Error: Cannot delete wg0." \| tee -a $LOG_FILE
	+ # exit 1
	+ else
	+ echo "Success - wireguard tunnel wg0 is down."
	+ fi
	+
	}