Browse Source

wg-installer: generate new keys for every connection

Generate new keys on every new connection.

Signed-off-by: Nick Hainke <vincent@systemli.org>
lilik-openwrt-22.03
Nick Hainke 3 years ago
parent
commit
8ab044712a
3 changed files with 10 additions and 0 deletions
  1. +2
    -0
      net/wg-installer/common/wg.sh
  2. +1
    -0
      net/wg-installer/wg-server/config/wgserver.conf
  3. +7
    -0
      net/wg-installer/wg-server/lib/wg_functions.sh

+ 2
- 0
net/wg-installer/common/wg.sh View File

@ -20,6 +20,8 @@ cleanup_wginterfaces() {
delete_wg_interface() { delete_wg_interface() {
ip link del dev "$1" ip link del dev "$1"
[ -f "/tmp/run/wgserver/$1.key" ] && rm "/tmp/run/wgserver/$1.key"
[ -f "/tmp/run/wgserver/$1.pub" ] && rm "/tmp/run/wgserver/$1.pub"
} }
check_wg_neighbors() { check_wg_neighbors() {


+ 1
- 0
net/wg-installer/wg-server/config/wgserver.conf View File

@ -5,4 +5,5 @@ config server
option base_v4prefix '10.0.0.1/24' option base_v4prefix '10.0.0.1/24'
option wg_key '/root/wg.key' option wg_key '/root/wg.key'
option wg_pub '/root/wg.pub' option wg_pub '/root/wg.pub'
option wg_tmp_key '1'
option timeout_handshake '600' option timeout_handshake '600'

+ 7
- 0
net/wg-installer/wg-server/lib/wg_functions.sh View File

@ -53,6 +53,13 @@ wg_register () {
gw_key=$(uci get wgserver.@server[0].wg_key) gw_key=$(uci get wgserver.@server[0].wg_key)
gw_pub=$(uci get wgserver.@server[0].wg_pub) gw_pub=$(uci get wgserver.@server[0].wg_pub)
if [ $(uci get wgserver.@server[0].wg_tmp_key) -eq 1]; then
[ -d "/tmp/run/wgserver" ] || mkdir -p /tmp/run/wgserver
gw_key="/tmp/run/wgserver/${ifname}.key"
gw_pub="/tmp/run/wgserver/${ifname}.pub"
wg genkey | tee $gw_key | wg pubkey > $gw_pub
fi
wg_server_pubkey=$(cat $gw_pub) wg_server_pubkey=$(cat $gw_pub)
# create wg tunnel # create wg tunnel


Loading…
Cancel
Save