-
-
Save z0mb1e-kgd/54aede86adf2e30e390dba13886d18e1 to your computer and use it in GitHub Desktop.
| # Copyright (C) 2021 Max Schulze. All Rights Reserved. | |
| # near-literal Translation of the linux version by Jason A. Donenfeld | |
| # to decrypt the dpapi Credentials, you have to be the same user as the wireguard tunnel service, i.e. "nt authority\system", check with "whoami" | |
| # this script might be called by task scheduler as | |
| # powershell -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -Command "Get-ChildItem -File 'c:\Program Files\wireguard\data\configurations\*.dpapi' | foreach {& C:\<path to script>\wireguard_reresolve-dns.ps1 $_.FullName}" | |
| # if you want to try it in cmd, remember to elevate the user, i.e. with psexec from sysutils | |
| # psexec -s -i powershell -NoPr... | |
| Set-StrictMode -Version 3 | |
| Add-Type -AssemblyName System.Security | |
| Set-Variable CONFIG_FILE -Value $args[0].ToString().Trim('"') | |
| $byteCrypted = ((Get-Content -LiteralPath $CONFIG_FILE -Encoding Byte -ReadCount 0)) | |
| $config = [System.Security.Cryptography.ProtectedData]::Unprotect($byteCrypted,$null,[System.Security.Cryptography.DataProtectionScope]::LocalMachine) | |
| $config = [System.Text.UTF8Encoding]::UTF8.GetString($config) | |
| Set-Variable Interface -Option Constant -Value $(if ($CONFIG_FILE -match '.?([a-zA-Z0-9_=+.-]{1,18})\.conf.dpapi$') { $matches[1] } else { $null }) | |
| function process_peer () { | |
| if (-not $PEER_SECTION -or ($PUBLIC_KEY -eq $null) -or ($ENDPOINT -eq $null)) { return } | |
| if (-not ((& wg show "$INTERFACE" latest-handshakes) -replace $PUBLIC_KEY -match ('[0-9]+'))) { return } | |
| if (((Get-Date) - (New-Object -Type DateTime -ArgumentList 1970,1,1,0,0,0,0).AddSeconds($matches[0]).ToLocalTime()).TotalSeconds -le 135) { return } | |
| (& wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT") | |
| reset_peer_section | |
| } | |
| function reset_peer_section () { | |
| Set-Variable PEER_SECTION -Value $null | |
| Set-Variable PUBLIC_KEY -Value $null | |
| Set-Variable ENDPOINT -Value $null | |
| } | |
| reset_peer_section | |
| Set-Variable PEER_SECTION -Value $null | |
| foreach ($line in $config.Split([Environment]::NewLine,[StringSplitOptions]::RemoveEmptyEntries)) | |
| { | |
| if ($line.Trim().length -gt 0) { | |
| $stripped = $line.Trim() -ireplace '\#.*' | |
| $key = $stripped -ireplace '=.*'; $key = $key.Trim() | |
| $val = $stripped -ireplace '^.*?='; $val = $val.Trim() | |
| if ($key -match '\[.*') { process_peer; reset_peer_section; } | |
| if ($key -eq '[Peer]') { $PEER_SECTION = $true } | |
| if ($PEER_SECTION) { | |
| switch ($key) { | |
| "PublicKey" { $PUBLIC_KEY = $val; continue; } | |
| "Endpoint" { $ENDPOINT = $val; continue; } | |
| } | |
| } | |
| } | |
| } | |
| process_peer |
Hi friends, I have a problem with the Windows Wireguard client and a no-ip Endpoint "server", it looks that the reresolve-dns.ps1 is the solution, unfortunately I don't have any idea of the way to perform this solution, I don't have enough expertise in Windows scripts.
Please, help.
Hi friends, I have a problem with the Windows Wireguard client and a no-ip Endpoint "server", it looks that the reresolve-dns.ps1 is the solution, unfortunately I don't have any idea of the way to perform this solution, I don't have enough expertise in Windows scripts.
I recently wrote a blog about configuring DDNS on WG windows: https://kenvix.com/post/wireguard-ddns-windows/
This blog is written in Chinese, if you are not a native Chinese speaker, use google translate: https://kenvix-com.translate.goog/post/wireguard-ddns-windows/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=zh-CN&_x_tr_pto=wapp
I recently wrote a blog about configuring DDNS on WG windows: https://kenvix.com/post/wireguard-ddns-windows/
This blog is written in Chinese, if you are not a native Chinese speaker, use google translate: https://kenvix-com.translate.goog/post/wireguard-ddns-windows/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=zh-CN&_x_tr_pto=wapp
Hi friend, you are the best, thank you very very very much
I recently wrote a blog about configuring DDNS on WG windows: https://kenvix.com/post/wireguard-ddns-windows/
This blog is written in Chinese, if you are not a native Chinese speaker, use google translate: https://kenvix-com.translate.goog/post/wireguard-ddns-windows/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=zh-CN&_x_tr_pto=wappHi friend, you are the best, thank you very very very much
Can only sign that - Thank you kenvix - absolutely useful!
Since WireGuard creates Windows service for every active tunnel, you can also use
if you have many tunnels but only a few of them are actived.
This could also avoid reloading unused tunnels