2015-06-05 15:58:00 +02:00
#!/bin/bash
2017-11-30 16:23:50 +01:00
# SPDX-License-Identifier: GPL-2.0
#
2018-01-03 21:58:00 +01:00
# Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
2016-11-18 06:22:00 +01:00
2015-06-05 15:58:00 +02:00
set -e
[ [ $UID = = 0 ] ] || { echo "You must be root to run this." ; exit 1; }
umask 077
trap 'rm -f /tmp/wg_private_key' EXIT INT TERM
2017-07-16 16:12:20 +02:00
exec 3<>/dev/tcp/demo.wireguard.com/42912
2015-06-05 15:58:00 +02:00
wg genkey | tee /tmp/wg_private_key | wg pubkey >& 3
IFS = : read -r status server_pubkey server_port internal_ip <& 3
[ [ $status = = OK ] ]
ip link del dev wg0 2>/dev/null || true
ip link add dev wg0 type wireguard
2017-07-16 16:12:20 +02:00
wg set wg0 private-key /tmp/wg_private_key peer " $server_pubkey " allowed-ips 0.0.0.0/0 endpoint " demo.wireguard.com: $server_port " persistent-keepalive 25
2015-06-05 15:58:00 +02:00
ip address add " $internal_ip " /24 dev wg0
ip link set up dev wg0
if [ " $1 " = = "default-route" ] ; then
host = " $( wg show wg0 endpoints | sed -n 's/.*\t\(.*\):.*/\1/p' ) "
ip route add $( ip route get $host | sed '/ via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/{s/^\(.* via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/}' | head -n 1) 2>/dev/null || true
ip route add 0/1 dev wg0
ip route add 128/1 dev wg0
fi
