I've been following the WireGuard multi-client guide here and have I tried to adopt it to loop over a 'x' numbers of times and pre-fix a name pulled from an array list. To cut a long a story short I was doing some troubleshooting for another post regarding WiFi and I have installed the stock OpenWrt firmware for my router so doesn't come with Bash shell which my custom compiled firmware had. I'm now testing my script especially the WireGuard section and I've realised that some of the commands don't work with ash so I'm currently trying to make my script more compatible bu I'm having issues.
Below is the WireGuard section I'm having trouble with. Please ignore file descriptors redirects; they're currently commented out so I can diagnose.
# Define foreground and background colours
RED_FG="\033[0;31m" #>&3
GREEN_FG="\033[0;32m" #>&3
WHITE_FG="\033[1;97m" #>&3 # Has bold styling
BLUE_BG="\033[44m" #>&3
LIGHT_BLUE_BG="\033[104m" #>&3
RC="\033[0;39m\033[0;49m" #>&3 # Resets colour and style
# Define section styling
Section="${BLUE_BG}${WHITE_FG}" #>&3
Config="${LIGHT_BLUE_BG}${WHITE_FG}" #>&3
Success="${GREEN_FG}" #>&3
Warning="${RED_FG}" #>&3
# LAN WireGuard
echo -e "\t> Configuring LAN WireGuard... " #>&3
# Server configuration
# Create directories
echo -en "\t\t> Creating directories and pre-defining permissions... " #>&3
#umask 077; mkdir -p /etc/wireguard/networks/{lan/peers}
umask 077; mkdir -p /etc/wireguard/networks/lan/peers
echo -e "${Success}Done${RC}" #>&3
# Variables
echo -en "\t\t> Defining server configuration variables... " #>&3
wg_lan_server_port="51820"
wg_lan_server_IP="10.0.5.0/24"
wg_lan_server_firewall_zone="lan"
echo -e "${Success}Done${RC}" #>&3
# Generate WireGuard server keys for 'LAN' network
echo -en "\t\t> Generating WireGuard server keys for 'LAN' network... " #>&3
wg genkey | tee /etc/wireguard/networks/lan/lan_server_private.key | wg pubkey | tee /etc/wireguard/networks/lan/lan_server_public.key
echo -e "${Success}Done${RC}" #>&3
# Remove pre-existing WireGuard interface
echo -en "\t\t> Removing pre-existing WireGuard interface... " #>&3
uci del network.wg_lan
echo -e "${Success}Done${RC}" #>&3
# Rename firewall zone
echo -en "\t\t> Renaming firewall zone... " #>&3
uci rename firewall.@zone[1]="lan"
echo -e "${Success}Done${RC}" #>&3
# Create WireGuard interface for 'LAN' network
echo -en "\t\t> Creating WireGuard interface for 'LAN' network... " #>&3
uci set network.wg_lan=interface
uci set network.wg_lan.proto='wireguard'
uci set network.wg_lan.private_key="$(cat /etc/wireguard/networks/lan/lan_server_private.key)"
uci set network.wg_lan.listen_port="${wg_lan_server_port}"
uci add_list network.wg_lan.addresses="${wg_lan_server_IP}"
uci set firewall.lan.network="${wg_lan_server_firewall_zone} wg_lan"
echo -e "${Success}Done${RC}" #>&3
# Peer configuration
# Remove existing peers
echo -en "\t\t> Removing pre-existing peers... " #>&3
while uci -q delete network.@wireguard_wg_lan[0]; do :; done
rm /etc/wireguard/networks/lan/peers/*
echo -e "${Success}Done${RC}" #>&3
# Variables
echo -en "\t\t> Defining variables... " #>&3
interface="10.0.5"
DDNS="me.ddns.com"
wg_lan_server_port="51820"
wg_lan_server_IP="10.0.5.1/24"
echo -e "${Success}Done${RC}" #>&3
n=0
while [ "$n" -lt 4 ] ;
do
usernames=(
user-A
user-B
user-C
user-D
)
sleep 30
for (( peer_ID in {1..4}; peer_IP in {1..254}; username in "${usernames[@]}" ))
do
# Create directory for storing peers
echo -en "\t\t> Creating directory for peers '$username($peer_ID)'... " #>&3
umask 022; mkdir -p /etc/wireguard/networks/lan/peers/lan_${username}(${peer_ID})
echo -e "${Success}Done${RC}" #>&3
# Generate peer keys
echo -en "\t\t> Generating peer keys... " #>&3
wg genkey | tee /etc/wireguard/networks/lan/peers/lan_${username}(${peer_ID})/lan_${username}(${peer_ID})_private.key | wg pubkey | tee /etc/wireguard/networks/lan/peers/lan_${username}(${peer_ID})/lan_${username}(${peer_ID})_public.key
echo -e "${Success}Done${RC}" #>&3
# Generate Pre-shared key
echo -en "\t\t> Generating peer PSK... " #>&3
wg genpsk > /etc/wireguard/networks/lan/peers/lan_${username}(${peer_ID})/lan_${username}(${peer_ID}).psk
echo -e "${Success}Done${RC}" #>&3
# Add peer to server
echo -en "\t\t> Adding peer to WireGuard server... " #>&3
uci add network wireguard_wg_lan
uci set network.@wireguard_wg_lan[-1].public_key="$(cat /etc/wireguard/networks/lan/peers/lan_${username}(${peer_ID})/lan_${username}(${peer_ID})_public.key)"
uci set network.@wireguard_wg_lan[-1].preshared_key="$(cat /etc/wireguard/networks/lan/peers/lan_${username}(${peer_ID})/lan_${username}(${peer_ID}).psk)"
uci set network.@wireguard_wg_lan[-1].description="LAN_${username}(${peer_ID})"
uci add_list network.@wireguard_wg_lan[-1].allowed_ips="${username}(${peer_ID})/24"
uci set network.@wireguard_wg_lan[-1].route_allowed_ips='1'
uci set network.@wireguard_wg_lan[-1].persistent_keepalive='25'
echo -e "${Success}Done${RC}" #>&3
# Create peer configuration
echo -en "\t\t> Creating 'LAN_${username}(${peer_ID})' config... " #>&3
cat <<-EOF > /etc/wireguard/networks/lan/peers/lan_${username}(${peer_ID})/lan_${username}(${peer_ID}).conf
[Interface]
Address = ${interface}.$(( $peer_IP + 1 ))/24
PrivateKey = $(cat /etc/wireguard/networks/lan/peers/lan_${username}(${peer_ID})/lan_${username}(${peer_ID})_private.key) # Peer's private key
DNS = ${wg_lan_server_IP}
[Peer]
PublicKey = $(cat /etc/wireguard/networks/lan/lan_server_public.key) # Server's public key
PresharedKey = $(cat /etc/wireguard/networks/lan/peers/lan_${username}(${peer_ID})/lan_${username}(${peer_ID}).psk) # Peer's pre-shared key
PersistentKeepalive = 25
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = ${DDNS}:${wg_lan_server_port}
EOF
echo -e "${Success}Done${RC}\n" #>&3
# Increment variables by '1'
n=$((n+1))
done
done
# Create SMB share to access configuration files
echo en "\t\t> Creating SAMBA share for peers to pull their configurations from... " #>&3
uci batch <<-"EOF"
set samba4.lan=interface
add samba4 wireguard
set samba4.@wireguard[-1].path='/etc/wireguard/networks/lan/peers'
set samba4.@wireguard[-1].name='WireGuard'
set samba4.@wireguard[-1].create_mask='0700'
set samba4.@wireguard[-1].dir_mask='0700'
set samba4.@wireguard[-1].read_only='yes'
set samba4.@wireguard[-1].guest_ok='yes'
#commit samba4
EOF
echo -e "${Success}Done${RC}" #>&3
echo -en "\n${Warning}Reverting changes...${RC} " #>&3
rm -rf /tmp/.uci/
sleep 2
echo -e "${Success}Done${RC}" #>&3
Output
> Configuring LAN WireGuard...
> Creating directories and pre-defining permissions... Done
> Defining server configuration variables... Done
> Generating WireGuard server keys for 'LAN' network... NogyiiTDiMD58xpHMwXvJeuSObiUiUzUi5ul/n1AXjY=
Done
> Removing pre-existing WireGuard interface... Done
> Renaming firewall zone... Done
> Creating WireGuard interface for 'LAN' network... Done
> Removing pre-existing peers... rm: can't remove '/etc/wireguard/networks/lan/peers/*': No such file or directory
Done
> Defining variables... Done
/root/LAN WireGuard.sh: line 77: syntax error: unexpected "(" (expecting "done")
Essentially this script willl run 4 times creating the following naming scheme for the users:
- User-A(1)
- User-B(2)
- User-C(3)
- User-D(4)