Making a script to switch wireguard servers remotely, possible?

Hey everyone, i am running a openwrt router with a wireguard interface that prevents traffic from accesing the web without going through that wireguard interface with a firewall.

I am wondering if it would be possible to create a script that perhaps replaces a simple file and then restarts the interface, to swap wireguard servers?
Currently i have to log into the luci interface and upload a configuration file for this. It would be nice if i can simply swap the server, dns and keep everything else intact, as my private keys stay valid. Then i can simply click a button on my pc/phone/etc and the server changes to the next one in line, with multiple options i can select.

Maybe there is a easy way to achieve this with replace file and restart interface command, so i figured to ask :slight_smile:

Yes. Since WG is defined in /etc/config/network you could write some script that replaces the key lines effectively changing server, another line restarting the interface would finish the job. It's a bit hacky but should work if you do it right.

1 Like

Appriciated! Gonna cook something up.

have a clean /etc/config/network, then >> the WG part, and restart the network.

always have a un-WG:ed copy of /etc/config/network available.

you could do

cp /etc/config/network /tmp/network 
cat WG.profile >> /etc/config/network
service network restart (or perhaps ifup <wg.interface.name>)
cp /tmp/network /etc/config/network
1 Like

I use a script for that purpose see:

i created the following script using an hour of X's Grok AI, that should do it's job well, i tested it on a network backup file:

#!/bin/sh

# Define the file path
FILE="/etc/config/network2"

# Define the content for 'surfshark' interface
SURFSHARK_CONTENT="config interface 'surfshark'
	option proto 'wireguard'
	option private_key 'NEW_PRIVATE_KEY'
	option metric '0'
	option delegate '0'
	option mtu '1420'
	list addresses '10.10.10.1/32'
	list addresses 'fc00::1/128'
	list dns '1.1.1.1'
"

# Define the content for 'wireguard_surfshark'
WIREGUARD_CONTENT="config wireguard_surfshark
	option description 'us-ny.conf'
	option public_key 'NEW_PUBLIC_KEY'
	list allowed_ips '0.0.0.0/0'
	list allowed_ips '::/0'
	option endpoint_host '198.51.100.1'
	option endpoint_port '51820'
	option route_allowed_ips '1'
	option persistent_keepalive '20'"

# Escape special characters in the content for awk
SURFSHARK_CONTENT=$(echo "$SURFSHARK_CONTENT" | sed 's/[\/&]/\\&/g; s/[\n]/\\n/g')
WIREGUARD_CONTENT=$(echo "$WIREGUARD_CONTENT" | sed 's/[\/&]/\\&/g; s/[\n]/\\n/g')

# Function to replace content while preserving format
replace_content() {
    local content="$1"
    local pattern="$2"
    local file="$3"
    
    # Temporary file for awk output
    tmpfile=$(mktemp)
    
    # Use awk to replace content
    awk -v content="$content" -v pattern="$pattern" '
    BEGIN {
        in_block = 0
    }
    {
        if ($0 ~ pattern) {
            print content
            in_block = 1
            next
        }
        if (in_block && ($0 == "")) {
            in_block = 0
        }
        if (!in_block) {
            print $0
        }
    }
    END {
        if (in_block) {
            print ""
        }
    }
    ' "$file" > "$tmpfile"
    
    # Move the temporary file to the original file
    mv "$tmpfile" "$file"
}

# Replace 'surfshark' content
replace_content "$SURFSHARK_CONTENT" "config interface 'surfshark'" "$FILE"

# Replace 'wireguard_surfshark' content
replace_content "$WIREGUARD_CONTENT" "config wireguard_surfshark" "$FILE"

echo "Content for 'surfshark' and 'wireguard_surfshark' has been updated in $FILE"

Now i have to import all the server configuration and extract it from the network file to build into the above script, then call for the script using a automation at home.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.