-
Notifications
You must be signed in to change notification settings - Fork 0
/
0vpn-server
executable file
·93 lines (67 loc) · 3.2 KB
/
0vpn-server
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/bash
set -e
my_path=$(dirname "$0")
source "$my_path"/0vpn-options
echo Creating temporary file...
TMPFILE=$(mktemp) || exit 1
echo TMPFILE is "$TMPFILE"
TMPDIR=$(mktemp -d) || exit 1
echo TMPDIR is "$TMPDIR"
mkdir "$TMPDIR/hosts"
mkdir "$TMPDIR/configs"
chmod -R 755 "$TMPDIR"
trap 'kill $(cat "$TMPDIR/dnsmasq.pid"); rm -f "$TMPFILE"; rm -rf "$TMPDIR"' EXIT
server_wg_ipv6="$("$my_path"/0vpn-ipv6-address "$ZEROVPN_KEYFILE" "$ZEROVPN_SERVER_NAME")"
echo server wg ipv6: "$server_wg_ipv6"
{
echo "$server_wg_ipv6" "$ZEROVPN_SERVER_NAME"."$ZEROVPN_TLD"
} > "$TMPDIR"/hosts/"$ZEROVPN_SERVER_NAME"
echo Setting up wireguard device "$ZEROVPN_WIREGUARD_DEVICE"...
echo Deleting device..."$(ip link delete "$ZEROVPN_WIREGUARD_DEVICE")"
ip link add "$ZEROVPN_WIREGUARD_DEVICE" type wireguard
ip addr add "$server_wg_ipv6" dev "$ZEROVPN_WIREGUARD_DEVICE"
"$my_path"/0vpn-tool mixin "$ZEROVPN_KEYFILE" "$ZEROVPN_SERVER_NAME" > "$TMPFILE"
echo Root public key: "$(wg pubkey < "$TMPFILE")"
wg set "$ZEROVPN_WIREGUARD_DEVICE" private-key "$TMPFILE"
wg set "$ZEROVPN_WIREGUARD_DEVICE" listen-port "$ZEROVPN_WIREGUARD_PORT"
ip link set "$ZEROVPN_WIREGUARD_DEVICE" up
echo Output of wg show "$ZEROVPN_WIREGUARD_DEVICE":
wg show "$ZEROVPN_WIREGUARD_DEVICE"
echo Adding route...
ip route add "$("$my_path"/0vpn-ipv6-prefix "$ZEROVPN_KEYFILE")"::0/64 dev "$ZEROVPN_WIREGUARD_DEVICE"
echo Setting up static clients...
for client in $ZEROVPN_STATIC_CLIENTS; do
echo " Leaf: $client"
client_private=$("$my_path"/0vpn-tool mixin "$ZEROVPN_KEYFILE" "$client")
client_public=$(echo "$client_private" | wg pubkey)
client_wg_ipv6="$("$my_path"/0vpn-ipv6-address "$ZEROVPN_KEYFILE" "$client")"
echo " $client public key: $client_public"
echo " $client VPN IPv6: $client_wg_ipv6"
wg set "$ZEROVPN_WIREGUARD_DEVICE" peer "$client_public" persistent-keepalive 10 allowed-ips "$client_wg_ipv6"
client_config="$TMPDIR"/configs/"$client".conf
echo " Creating config for static client $client_config..."
{
echo '[Interface]'
echo "PrivateKey = $client_private"
echo "Address = $client_wg_ipv6"
echo "DNS = $server_wg_ipv6, "$ZEROVPN_TLD""
echo '[Peer]'
echo "PublicKey = $(wg pubkey < "$TMPFILE")"
echo "AllowedIps = $("$my_path"/0vpn-ipv6-prefix "$ZEROVPN_KEYFILE")::0/64"
echo "Endpoint = $ZEROVPN_SERVER_HOSTNAME:$ZEROVPN_WIREGUARD_PORT"
echo "PersistentKeepalive = 10"
} > "$client_config"
echo " Creating hosts entry..."
{
echo "$client_wg_ipv6" "$client"
# echo "$client_wg_ipv6" "$client"."$ZEROVPN_TLD"
} > "$TMPDIR"/hosts/"$client"
done
echo Starting dnsmasq on port "$ZEROVPN_DNS_PORT"...
touch "$TMPDIR/dnsmasq.conf"
dnsmasq --expand-hosts --domain-needed --bogus-priv --domain=internal --pid-file="$TMPDIR/dnsmasq.pid" --no-hosts --addn-hosts="$TMPDIR/hosts" -p "$ZEROVPN_DNS_PORT" --conf-file="$TMPDIR"/dnsmasq.conf --log-facility=- --interface="$ZEROVPN_WIREGUARD_DEVICE"
echo Listening for dynamic nodes...
while true; do
"$my_path"/0vpn-handle-client-announcements "$ZEROVPN_WIREGUARD_DEVICE" "$ZEROVPN_KEYFILE" "$ZEROVPN_ANNOUNCE_PORT" "$TMPDIR" "$ZEROVPN_TLD"
sleep 10
done