Hey everyone, i am running a openwrt router with a wireguard interface that prevents traffic from accesing the web without going through that wireguard interface with a firewall.
I am wondering if it would be possible to create a script that perhaps replaces a simple file and then restarts the interface, to swap wireguard servers?
Currently i have to log into the luci interface and upload a configuration file for this. It would be nice if i can simply swap the server, dns and keep everything else intact, as my private keys stay valid. Then i can simply click a button on my pc/phone/etc and the server changes to the next one in line, with multiple options i can select.
Maybe there is a easy way to achieve this with replace file and restart interface command, so i figured to ask
Yes. Since WG is defined in /etc/config/network you could write some script that replaces the key lines effectively changing server, another line restarting the interface would finish the job. It's a bit hacky but should work if you do it right.
i created the following script using an hour of X's Grok AI, that should do it's job well, i tested it on a network backup file:
#!/bin/sh
# Define the file path
FILE="/etc/config/network2"
# Define the content for 'surfshark' interface
SURFSHARK_CONTENT="config interface 'surfshark'
option proto 'wireguard'
option private_key 'NEW_PRIVATE_KEY'
option metric '0'
option delegate '0'
option mtu '1420'
list addresses '10.10.10.1/32'
list addresses 'fc00::1/128'
list dns '1.1.1.1'
"
# Define the content for 'wireguard_surfshark'
WIREGUARD_CONTENT="config wireguard_surfshark
option description 'us-ny.conf'
option public_key 'NEW_PUBLIC_KEY'
list allowed_ips '0.0.0.0/0'
list allowed_ips '::/0'
option endpoint_host '198.51.100.1'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '20'"
# Escape special characters in the content for awk
SURFSHARK_CONTENT=$(echo "$SURFSHARK_CONTENT" | sed 's/[\/&]/\\&/g; s/[\n]/\\n/g')
WIREGUARD_CONTENT=$(echo "$WIREGUARD_CONTENT" | sed 's/[\/&]/\\&/g; s/[\n]/\\n/g')
# Function to replace content while preserving format
replace_content() {
local content="$1"
local pattern="$2"
local file="$3"
# Temporary file for awk output
tmpfile=$(mktemp)
# Use awk to replace content
awk -v content="$content" -v pattern="$pattern" '
BEGIN {
in_block = 0
}
{
if ($0 ~ pattern) {
print content
in_block = 1
next
}
if (in_block && ($0 == "")) {
in_block = 0
}
if (!in_block) {
print $0
}
}
END {
if (in_block) {
print ""
}
}
' "$file" > "$tmpfile"
# Move the temporary file to the original file
mv "$tmpfile" "$file"
}
# Replace 'surfshark' content
replace_content "$SURFSHARK_CONTENT" "config interface 'surfshark'" "$FILE"
# Replace 'wireguard_surfshark' content
replace_content "$WIREGUARD_CONTENT" "config wireguard_surfshark" "$FILE"
echo "Content for 'surfshark' and 'wireguard_surfshark' has been updated in $FILE"
Now i have to import all the server configuration and extract it from the network file to build into the above script, then call for the script using a automation at home.