├── .github └── workflows │ ├── dockerimage.yml │ └── tests.yml ├── Dockerfile ├── LICENSE.txt ├── README.md ├── example ├── .gitignore ├── README.md ├── docker-compose.yml ├── up.sh ├── wg-client.env └── wg-server.env ├── hook-examples ├── update-dns-zone.sh └── update-hosts-list.sh ├── install.sh ├── start.sh ├── tests ├── add-peer │ ├── args-error-abort.args │ ├── args-error-abort.expected │ ├── args-error-abort.result │ ├── args-error-abort.stdin │ ├── args-error-abort.stdout │ ├── args-error-allowedips-exists.args │ ├── args-error-allowedips-exists.conf │ ├── args-error-allowedips-exists.expected │ ├── args-error-allowedips-exists.result │ ├── args-error-allowedips-exists.stderr │ ├── args-error-f-file-not-found.args │ ├── args-error-f-file-not-found.expected │ ├── args-error-f-file-not-found.result │ ├── args-error-f-file-not-found.stderr │ ├── args-error-f-i-conflict.args │ ├── args-error-f-i-conflict.expected │ ├── args-error-f-i-conflict.result │ ├── args-error-f-i-conflict.stderr │ ├── args-error-f-ifname-not-found.args │ ├── args-error-f-ifname-not-found.expected │ ├── args-error-f-ifname-not-found.netdev │ ├── args-error-f-ifname-not-found.result │ ├── args-error-f-ifname-not-found.stderr │ ├── args-error-must-be-root.args │ ├── args-error-must-be-root.expected │ ├── args-error-must-be-root.netdev │ ├── args-error-must-be-root.result │ ├── args-error-must-be-root.stderr │ ├── args-error-name-exists.args │ ├── args-error-name-exists.expected │ ├── args-error-name-exists.netdev │ ├── args-error-name-exists.result │ ├── args-error-name-exists.stderr │ ├── args-error-pubkey-exists.args │ ├── args-error-pubkey-exists.expected │ ├── args-error-pubkey-exists.netdev │ ├── args-error-pubkey-exists.result │ ├── args-error-pubkey-exists.stderr │ ├── args-error-too-few-arguments.args │ ├── args-error-too-few-arguments.expected │ ├── args-error-too-few-arguments.result │ ├── args-error-too-few-arguments.stderr │ ├── args-error-too-few-arguments.stdout │ ├── args-error-wg0-file-not-found.args │ ├── args-error-wg0-file-not-found.expected │ ├── args-error-wg0-file-not-found.netdev │ ├── args-error-wg0-file-not-found.result │ ├── args-error-wg0-file-not-found.stderr │ ├── args-f-conf-success.args │ ├── args-f-conf-success.conf │ ├── args-f-conf-success.expected │ ├── args-f-conf-success.stdin │ ├── args-f-conf-success.stdout │ ├── args-f-success.args │ ├── args-f-success.expected │ ├── args-f-success.netdev │ ├── args-f-success.stdin │ ├── args-f-success.stdout │ ├── args-i-success.args │ ├── args-i-success.expected │ ├── args-i-success.netdev │ ├── args-i-success.stdin │ ├── args-i-success.stdout │ ├── args-success-hooks.args │ ├── args-success-hooks.expected │ ├── args-success-hooks.stdin │ ├── args-success-hooks.stdout │ ├── args-success-hooks │ │ └── test.sh │ ├── args-success.args │ ├── args-success.expected │ ├── args-success.stdin │ ├── args-success.stdout │ ├── args-two-files-success.args │ ├── args-two-files-success.conf │ ├── args-two-files-success.expected │ ├── args-two-files-success.stdin │ ├── args-two-files-success.stdout │ ├── args-y-success.args │ ├── args-y-success.expected │ ├── args-y-success.stdout │ ├── interactive-error-abort.expected │ ├── interactive-error-abort.stdin │ ├── interactive-error-abort.stdout │ ├── interactive-error-allowedips-exists.expected │ ├── interactive-error-allowedips-exists.netdev │ ├── interactive-error-allowedips-exists.result │ ├── interactive-error-allowedips-exists.stdin │ ├── interactive-error-allowedips-exists.stdout │ ├── interactive-error-invalid-allowedips.expected │ ├── interactive-error-invalid-allowedips.stdin │ ├── interactive-error-invalid-allowedips.stdout │ ├── interactive-error-invalid-name.expected │ ├── interactive-error-invalid-name.stdin │ ├── interactive-error-invalid-name.stdout │ ├── interactive-error-invalid-pubkey.expected │ ├── interactive-error-invalid-pubkey.stdin │ ├── interactive-error-invalid-pubkey.stdout │ ├── interactive-error-name-exists.conf │ ├── interactive-error-name-exists.expected │ ├── interactive-error-name-exists.result │ ├── interactive-error-name-exists.stdin │ ├── interactive-error-name-exists.stdout │ ├── interactive-error-no-allowedips.expected │ ├── interactive-error-no-allowedips.stdin │ ├── interactive-error-no-allowedips.stdout │ ├── interactive-error-no-name.expected │ ├── interactive-error-no-name.stdin │ ├── interactive-error-no-name.stdout │ ├── interactive-error-no-pubkey.expected │ ├── interactive-error-no-pubkey.stdin │ ├── interactive-error-no-pubkey.stdout │ ├── interactive-error-pubkey-exists.expected │ ├── interactive-error-pubkey-exists.netdev │ ├── interactive-error-pubkey-exists.result │ ├── interactive-error-pubkey-exists.stdin │ ├── interactive-error-pubkey-exists.stdout │ ├── interactive-success-nocidr.expected │ ├── interactive-success-nocidr.stdin │ ├── interactive-success-nocidr.stdout │ ├── interactive-success.expected │ ├── interactive-success.stdin │ ├── interactive-success.stdout │ ├── interactive-y-success.args │ ├── interactive-y-success.expected │ ├── interactive-y-success.stdin │ └── interactive-y-success.stdout ├── docker.sh ├── list-peers │ ├── args-added.args │ ├── args-added.expected │ ├── args-added.netdev │ ├── args-added.stdout │ ├── args-dns-zone.args │ ├── args-dns-zone.expected │ ├── args-dns-zone.netdev │ ├── args-dns-zone.stdout │ ├── args-hosts.args │ ├── args-hosts.expected │ ├── args-hosts.netdev │ ├── args-hosts.stdout │ ├── args-invalid.args │ ├── args-invalid.expected │ ├── args-invalid.netdev │ ├── args-invalid.result │ ├── args-invalid.stdout │ ├── args-none.expected │ ├── args-none.netdev │ ├── args-none.stdout │ ├── args-pubkeys.args │ ├── args-pubkeys.expected │ ├── args-pubkeys.netdev │ ├── args-pubkeys.stdout │ ├── args-too-many.args │ ├── args-too-many.expected │ ├── args-too-many.result │ ├── args-too-many.stderr │ └── args-too-many.stdout ├── remove-peer │ ├── args-error-abort.args │ ├── args-error-abort.expected │ ├── args-error-abort.netdev │ ├── args-error-abort.result │ ├── args-error-abort.stdin │ ├── args-error-abort.stdout │ ├── args-error-multiple.args │ ├── args-error-multiple.expected │ ├── args-error-multiple.netdev │ ├── args-error-multiple.result │ ├── args-error-multiple.stderr │ ├── args-error-multiple.stdout │ ├── args-error-must-be-root.args │ ├── args-error-must-be-root.expected │ ├── args-error-must-be-root.netdev │ ├── args-error-must-be-root.result │ ├── args-error-must-be-root.stderr │ ├── args-error-pubkey-not-found.args │ ├── args-error-pubkey-not-found.expected │ ├── args-error-pubkey-not-found.netdev │ ├── args-error-pubkey-not-found.result │ ├── args-error-pubkey-not-found.stderr │ ├── args-error-too-many-arguments.args │ ├── args-error-too-many-arguments.expected │ ├── args-error-too-many-arguments.result │ ├── args-error-too-many-arguments.stderr │ ├── args-error-too-many-arguments.stdout │ ├── args-success-by-ip.args │ ├── args-success-by-ip.expected │ ├── args-success-by-ip.netdev │ ├── args-success-by-ip.stdin │ ├── args-success-by-ip.stdout │ ├── args-success-by-name.args │ ├── args-success-by-name.expected │ ├── args-success-by-name.netdev │ ├── args-success-by-name.stdin │ ├── args-success-by-name.stdout │ ├── args-success-hooks.args │ ├── args-success-hooks.expected │ ├── args-success-hooks.netdev │ ├── args-success-hooks.stdin │ ├── args-success-hooks.stdout │ ├── args-success-hooks │ │ └── test.sh │ ├── args-success.args │ ├── args-success.expected │ ├── args-success.netdev │ ├── args-success.stdin │ ├── args-success.stdout │ ├── args-y-success.args │ ├── args-y-success.expected │ ├── args-y-success.netdev │ ├── args-y-success.stdout │ ├── interactive-error-abort.expected │ ├── interactive-error-abort.netdev │ ├── interactive-error-abort.stdin │ ├── interactive-error-abort.stdout │ ├── interactive-error-pubkey-not-found.expected │ ├── interactive-error-pubkey-not-found.netdev │ ├── interactive-error-pubkey-not-found.stdin │ ├── interactive-error-pubkey-not-found.stdout │ ├── interactive-success-by-ip.expected │ ├── interactive-success-by-ip.netdev │ ├── interactive-success-by-ip.stdin │ ├── interactive-success-by-ip.stdout │ ├── interactive-success-by-name.expected │ ├── interactive-success-by-name.netdev │ ├── interactive-success-by-name.stdin │ ├── interactive-success-by-name.stdout │ ├── interactive-success-extra.expected │ ├── interactive-success-extra.netdev │ ├── interactive-success-extra.stdin │ ├── interactive-success-extra.stdout │ ├── interactive-success-malformed.expected │ ├── interactive-success-malformed.netdev │ ├── interactive-success-malformed.stdin │ ├── interactive-success-malformed.stdout │ ├── interactive-success-noblank.expected │ ├── interactive-success-noblank.netdev │ ├── interactive-success-noblank.stdin │ ├── interactive-success-noblank.stdout │ ├── interactive-success-noblank2.expected │ ├── interactive-success-noblank2.netdev │ ├── interactive-success-noblank2.stdin │ ├── interactive-success-noblank2.stdout │ ├── interactive-success.expected │ ├── interactive-success.netdev │ ├── interactive-success.stdin │ ├── interactive-success.stdout │ ├── interactive-y-success.args │ ├── interactive-y-success.expected │ ├── interactive-y-success.netdev │ ├── interactive-y-success.stdin │ └── interactive-y-success.stdout └── run_tests.sh ├── wg-setup ├── wg-setup-client └── wg-setup-client.sig /.github/workflows/dockerimage.yml: -------------------------------------------------------------------------------- 1 | name: Build Docker Image 2 | 3 | on: 4 | push: 5 | branches: [ master ] 6 | workflow_dispatch: 7 | 8 | jobs: 9 | docker: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Pull repository 13 | uses: actions/checkout@v4 14 | - name: Login to Docker Hub 15 | uses: docker/login-action@v3 16 | with: 17 | username: ${{ secrets.DOCKERHUB_USERNAME }} 18 | password: ${{ secrets.DOCKERHUB_TOKEN }} 19 | - name: Login to ghcr.io 20 | uses: docker/login-action@v3 21 | with: 22 | registry: ghcr.io 23 | username: ${{ github.actor }} 24 | password: ${{ secrets.GITHUB_TOKEN }} 25 | - name: Build and push the image 26 | uses: docker/build-push-action@v5 27 | with: 28 | context: . 29 | push: true 30 | provenance: false 31 | tags: | 32 | docker.io/wolletd/wg-setup:latest 33 | ghcr.io/wolletd/wg-setup:latest 34 | -------------------------------------------------------------------------------- /.github/workflows/tests.yml: -------------------------------------------------------------------------------- 1 | name: Tests 2 | 3 | on: [ push ] 4 | 5 | jobs: 6 | unit-tests: 7 | runs-on: ubuntu-latest 8 | steps: 9 | - uses: actions/checkout@v4 10 | - name: Run tests 11 | working-directory: ${{github.workspace}}/tests 12 | run: ./run_tests.sh 13 | 14 | docker-setup: 15 | runs-on: ubuntu-latest 16 | steps: 17 | - uses: actions/checkout@v4 18 | - run: sudo modprobe wireguard 19 | - name: Run docker test 20 | working-directory: ${{github.workspace}}/tests 21 | run: ./docker.sh 22 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:latest 2 | 3 | RUN apk add --no-cache wireguard-tools kmod iproute2 4 | 5 | ADD wg-setup wg-setup-client start.sh /usr/local/bin/ 6 | 7 | CMD [ "start.sh" ] 8 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020-2021 Eicke Herbertz 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # wg-setup WireGuard Management 2 | 3 | Trivial CLI tool to simplify WireGuard interface management. 4 | 5 | Highlights: 6 | * add and remove peers while keeping files and running interface configuration in sync 7 | * list peers in condensed formats 8 | * purely implemented in bash (which already is a dependency of `wg-quick`) 9 | * works seamlessly with both `wg-quick` and `systemd-networkd` as interface backend 10 | * adds a concept of "hostnames" to WireGuard peers that can also be used to remove peers 11 | * uses existing configuration files, no additional services (hostnames are stored as simple comments) 12 | * basic hook support for e.g. automatically updating a DNS zone 13 | 14 | The `wg-setup-client` tool is used to setup WireGuard client (and server) interfaces. 15 | It will use `systemd-networkd` if enabled, otherwise fallback to `wg-quick`. 16 | 17 | ## Examples 18 | 19 | ``` 20 | # Add a peer 21 | $ wg-setup add-peer my-peer DX/sYzuD9AYsKegfLpklFboYAWLyxKoe7CU00g9iSzc= 172.16.10.2 22 | [Peer] 23 | # my-peer 24 | # Added by root at 2020-05-20 25 | PublicKey = DX/sYzuD9AYsKegfLpklFboYAWLyxKoe7CU00g9iSzc= 26 | AllowedIPs = 172.16.10.2/32 27 | 28 | Add this configuration to /etc/wireguard/wg0.conf? [Y/n] 29 | $ 30 | 31 | # Remove a peer (using hostname, IP address or public key) 32 | $ wg-setup remove-peer 172.16.10.2 33 | [Peer] 34 | # my-peer 35 | # Added by root at 2020-05-20 36 | PublicKey = DX/sYzuD9AYsKegfLpklFboYAWLyxKoe7CU00g9iSzc= 37 | AllowedIPs = 172.16.10.2/32 38 | 39 | Remove this configuration from /etc/wireguard/wg0.conf? [y/N] 40 | $ 41 | 42 | # List registered peers 43 | $ wg-setup list-peers pubkeys 44 | 172.16.10.2 my-peer DX/sYzuD9AYsKegfLpklFboYAWLyxKoe7CU00g9iSzc= 45 | $ 46 | ``` 47 | 48 | ## Installation 49 | 50 | ### Docker 51 | See the [example](example) directory for how to use docker-compose to set up server and client. 52 | 53 | ### Server 54 | ``` 55 | $ git clone https://github.com/WolleTD/wg-setup.git && cd wg-setup 56 | 57 | # To install wg-setup scripts and services 58 | $ sudo ./install.sh 59 | 60 | # To also configure a WireGuard server interface 61 | $ sudo ./wg-setup-client --server [SERVER_IP] [LISTENING_PORT] 62 | ``` 63 | 64 | ### Client 65 | ``` 66 | $ gpg --recv-keys FB9DA662 67 | $ curl -O https://raw.githubusercontent.com/WolleTD/wg-setup/$ref/wg-setup-client 68 | $ curl -O https://raw.githubusercontent.com/WolleTD/wg-setup/$ref/wg-setup-client.sig 69 | $ gpg --verify wg-setup-client.sig && chmod +x wg-setup-client 70 | ... 71 | gpg: Good signature ... 72 | $ sudo ./wg-setup-client -e vpn.example.com:12345 -p Vq12...3a4= 172.16.1.10/16 73 | ... 74 | ============================================================ 75 | WireGuard setup successful! Server side add-peer command: 76 | wg-setup add-peer my_hostname my_publickey 172.16.1.10 77 | ``` 78 | 79 | Paste the last line printed by `wg-setup-client` in a terminal on the server and you're done. 80 | 81 | ## Motivation 82 | 83 | A WireGuard interface and thus a WireGuard server is usually configured in a file only editable 84 | by root, also the running interface has to be restarted or configured separately to the file for 85 | the change to take effect. 86 | Doing this manually is tedious and error-prone, so `wg-setup` provides `add-peer` and `remove-peer` 87 | commands to make this easier and safer. 88 | `wg-setup` always updates both the interface and the backing configuration files and provides 89 | an input validation layer for the file content. 90 | 91 | While `wg-quick` supports an additional `SaveConfig` parameter, this only exports the running 92 | interface configuration upon wg-quick shutdown, carrying the risk of losing new peer configuration 93 | if the service or machine terminates abnormally. 94 | Also, it simply doesn't work with `systemd-networkd` and that's what I wanted to use for my 95 | WireGuard interfaces. 96 | 97 | The next pain point of plain WireGuard is that there are no human-readable names assigned to peers. 98 | So from the beginning, my tools added a comment line with a supplied hostname for each peer. 99 | It's not tagged, it's just the first comment line in a `[Peer]` section. 100 | 101 | 102 | `list-peers` provides a convenient way to export the client list into some other format. 103 | Currently, three formats are supported: 104 | 105 | * `hosts`: an `/etc/hosts`-like list of names and IP addresses 106 | * `pubkeys`: like `hosts` but with the pubkeys in a third column 107 | * `dns`: BIND zonefile format (only host lines, no header) 108 | 109 | ### Hooks 110 | 111 | `wg-setup` provides a simple hook mechanism, which will call all executables in 112 | `WG_SETUP_HOOK_DIR` (which defaults to `/etc/wg-setup`) with these arguments: 113 | `added|removed `. This can be used to e.g. update 114 | a condensed list of hosts or a DNS zone. The example hooks don't even use the 115 | provided arguments, but simply call `list-peers` to get a full list each time. 116 | 117 | ## Setup clients with `wg-setup-client` 118 | 119 | This is kind of a companion script. Where `wg-setup` shall help managing larger WireGuard 120 | networks, a large amount of clients has to be setup as well. 121 | 122 | Basic usage: 123 | ```bash 124 | sudo ./wg-setup-client -e -p 125 | ``` 126 | 127 | - If `` is specified without prefix-length, `/24` is used 128 | - If any of the three required parameters is missing, the values are queried interactively 129 | - See `--help` for more options 130 | 131 | ##### Security 132 | 133 | To easily setup "bare" clients, `wg-setup-client` can basically be executed from GitHub directly. 134 | You may also serve your own copy, in any case you should _always_ incorporate some kind of 135 | signature validation in such automatic setup environments and don't trust HTTP(S): 136 | 137 | ```bash 138 | gpg --recv-keys FB9DA662 139 | curl -O https://raw.githubusercontent.com/WolleTD/wg-setup/$ref/wg-setup-client 140 | curl -O https://raw.githubusercontent.com/WolleTD/wg-setup/$ref/wg-setup-client.sig 141 | gpg --verify wg-setup-client.sig && chmod +x setup-wg-quick 142 | ``` 143 | -------------------------------------------------------------------------------- /example/.gitignore: -------------------------------------------------------------------------------- 1 | wg-pubkey.env 2 | -------------------------------------------------------------------------------- /example/README.md: -------------------------------------------------------------------------------- 1 | Run `./up.sh` for the example. The WireGuard keys are freshly generated, so it requires some 2 | steps to connect client and server. The advantage is that the script showcases more stuff. 3 | 4 | If successful, it will have done a HTTP download on the WireGuard server from a HTTP server 5 | provided "through" the WireGuard client. 6 | 7 | See `docker-compose.yml` for some more words about the three different containers and their 8 | configuration. 9 | 10 | **NOTE:** `docker-compose` prior v2.x is apparently unable to do anything when the container 11 | defined in `network_mode:` doesn't already exist. In that case, you have to comment out that 12 | line, run `docker-compose up -d wg-client`, remove the comment and continue. This is currently 13 | incompatible with using the `up.sh` script. 14 | 15 | Furthermore, recreating the `wg-client` container _requires_ also recreating the dependent 16 | `nginx` container, as the network stack is bound to a particular container, not an abstract 17 | name. Unfortunately, you can't define this kind of dependency in `docker-compose`, so it must 18 | be done manually. 19 | -------------------------------------------------------------------------------- /example/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | 3 | # wg-server is the WireGuard server. We don't have to map any ports in this example 4 | # as it's only communicating with other containers within it's network. A "real" 5 | # server with clients in the real world would have to be exposed somehow. 6 | # 7 | # wg-client is a WireGuard client that will be connected to the server. It also 8 | # servers as a VPN gateway to the nginx container, but still doesn't need to 9 | # map or expose any ports as the WireGuard connection terminates inside the network 10 | # stack of the container itself. 11 | # 12 | # nginx is an example webserver that is provided to the WireGuard VPN through 13 | # the wg-client container by using network_mode "container". Unfortunately, this 14 | # mode seems to be undocumented. It works just like host-mode, but shares it's 15 | # network stack with another container, wg-client in this case. 16 | # So, as long as the service should only be provided in the VPN, we still don't 17 | # have to expose any ports or do any network configuration at all. It just works. 18 | # 19 | # As the keys for this example are generated locally, the server must be started 20 | # before the client and keys must be exchanged. The `up.sh` script takes care of 21 | # all this and runs a demonstrative `wget` on the server, downloading the default 22 | # page from nginx behind the client. 23 | 24 | services: 25 | wg-server: 26 | image: wolletd/wg-setup:latest 27 | restart: unless-stopped 28 | # The wg-setup container requires CAP_NET_ADMIN to modify it's WireGuard interface 29 | cap_add: 30 | - NET_ADMIN 31 | # Disabled for demonstration purposes 32 | # volumes: 33 | # - wg-server:/etc/wireguard 34 | env_file: 35 | - wg-server.env 36 | 37 | wg-client: 38 | image: wolletd/wg-setup:latest 39 | restart: unless-stopped 40 | # optional, used for the network mode below (if not set, it would be example_wg-client_1, 41 | # which would also do, but is dependent on the directory name) 42 | container_name: wireguard-gateway 43 | # The wg-setup container requires CAP_NET_ADMIN to modify it's WireGuard interface 44 | cap_add: 45 | - NET_ADMIN 46 | # If running watchtower, this container should be set to monitor-only, because the network 47 | # configuration of the nginx container depends on the particular container-id found on startup. 48 | # When this container gets recreated, nginx has to be recreated as well. 49 | labels: 50 | - com.centurylinklabs.watchtower.monitor-only="true" 51 | # Disabled for demonstration purposes 52 | # volumes: 53 | # - wg-client:/etc/wireguard 54 | env_file: 55 | - wg-client.env 56 | # The split is only useful in this example, where the key is unknown 57 | - wg-pubkey.env 58 | 59 | nginx: 60 | image: nginx:latest 61 | restart: unless-stopped 62 | # map the network stack of this container into wireguard-gateway 63 | network_mode: "container:wireguard-gateway" 64 | # we need a depends_on because wg-client has to run for the network_mode to work 65 | depends_on: 66 | - wg-client 67 | 68 | # Disabled for demonstration purposes 69 | # volumes: 70 | # wg-server: 71 | # wg-client: 72 | -------------------------------------------------------------------------------- /example/up.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | touch wg-pubkey.env 5 | 6 | echo "Starting WireGuard server..." 7 | docker-compose up -d wg-server 8 | 9 | while ! docker-compose logs wg-server | grep "PublicKey:"; do 10 | sleep 0.1 11 | done 12 | SERVER_KEY="$(docker-compose logs --no-log-prefix wg-server | awk '/PublicKey:/{print $2}')" 13 | 14 | echo "WG_PKEY=${SERVER_KEY}" > wg-pubkey.env 15 | 16 | echo "Starting WireGuard client..." 17 | # Note: this may not work with some versions of docker-compose that unnecessarily recreate 18 | # containers. I experienced this with v2.16.0 and my particular bug may be fixed in v2.16.1, 19 | # but there seem to be older issues as well. See https://github.com/docker/compose/issues/9600 20 | # as an entrypoint. 21 | # If you experience any issues, run this line instead: 22 | #docker-compose up -d wg-client nginx 23 | # Though I refuse to make this the default, because I *expect* this line to work: 24 | docker-compose up -d 25 | 26 | while ! docker-compose logs wg-client 2>/dev/null | grep "wg-setup add-peer"; do 27 | sleep 0.1 28 | done 29 | ADD_CMD="$(docker-compose logs --no-log-prefix wg-client | grep "wg-setup add-peer")" 30 | 31 | echo "Adding client to server..." 32 | docker-compose exec wg-server ${ADD_CMD} -y 33 | 34 | echo "Testing connection..." 35 | docker-compose exec wg-client ping -c 1 172.16.10.1 36 | docker-compose exec wg-client ping -c 2 172.16.10.1 37 | docker-compose exec wg-server ping -c 2 172.16.10.2 38 | 39 | echo "Trying to connect to nginx from the server" 40 | docker-compose exec wg-server wget http://172.16.10.2/ 41 | 42 | echo "==== If you can read this, everything seems to work. Yay! ====" 43 | echo "The containers are still running, use docker-compose down to stop them." 44 | -------------------------------------------------------------------------------- /example/wg-client.env: -------------------------------------------------------------------------------- 1 | WG_ADDR="172.16.10.2/24" 2 | WG_PEER="wg-server:55555" 3 | -------------------------------------------------------------------------------- /example/wg-server.env: -------------------------------------------------------------------------------- 1 | WG_ADDR="172.16.10.1/24" 2 | WG_LISTEN_PORT=55555 3 | -------------------------------------------------------------------------------- /hook-examples/update-dns-zone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | ZONE="example.org" 3 | FILE="/var/named/${ZONE}.zone" 4 | 5 | [[ -f "${FILE}" ]] && cp "${FILE}" "${FILE}.bak" 6 | sed "s/ZONESERIAL/$(date +%Y%m%d%H)/" > "${FILE}" <> "${FILE}" 20 | rndc reload 21 | -------------------------------------------------------------------------------- /hook-examples/update-hosts-list.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | FILE="/usr/local/share/vpn-hosts.txt" 3 | 4 | [[ -f "${FILE}" ]] && cp "${FILE}" "${FILE}.bak" 5 | cat > "${FILE}" <> "${FILE}" 16 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | script_dir="${BASH_SOURCE[0]%/*}" 4 | DESTDIR=${DESTDIR:-/usr/local} 5 | 6 | echo "Install ${DESTDIR}/bin/wg-setup" 7 | install -m755 ${script_dir}/wg-setup ${DESTDIR}/bin/wg-setup 8 | -------------------------------------------------------------------------------- /start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -eu 2 | 3 | if [ -f /etc/wireguard/wg0.conf ]; then 4 | wg-quick up wg0 5 | elif [ -z "${WG_LISTEN_PORT:-}" ]; then 6 | wg-setup-client -e $WG_PEER -p $WG_PKEY $WG_ADDR 7 | else 8 | wg-setup-client -s $WG_ADDR $WG_LISTEN_PORT 9 | fi 10 | 11 | # We have no command, just keep the container running 12 | trap 'wg-quick down wg0' EXIT 13 | sleep infinity 14 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-abort.args: -------------------------------------------------------------------------------- 1 | peer2 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-abort.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-abort.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-abort.stdin: -------------------------------------------------------------------------------- 1 | n 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-abort.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer2 3 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] 8 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-allowedips-exists.args: -------------------------------------------------------------------------------- 1 | peer2 2 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 3 | 172.16.1.1/32 4 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-allowedips-exists.conf: -------------------------------------------------------------------------------- 1 | # wg0 2 | 3 | [Peer] 4 | # peer1 5 | # Added by wolle at 2020-03-01 6 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 7 | AllowedIPs = 172.16.1.1/32 8 | 9 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-allowedips-exists.expected: -------------------------------------------------------------------------------- 1 | # wg0 2 | 3 | \[Peer\] 4 | # peer1 5 | # Added by wolle at 2020-03-01 6 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 7 | AllowedIPs = 172\.16\.1\.1/32 8 | 9 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-allowedips-exists.result: -------------------------------------------------------------------------------- 1 | 2 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-allowedips-exists.stderr: -------------------------------------------------------------------------------- 1 | A peer with this AllowedIPs already exists! 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-file-not-found.args: -------------------------------------------------------------------------------- 1 | -f /etc/wireguard/wg1.conf peer1 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.1/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-file-not-found.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-file-not-found.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-file-not-found.stderr: -------------------------------------------------------------------------------- 1 | Error: /etc/wireguard/wg1\.conf not found! 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-i-conflict.args: -------------------------------------------------------------------------------- 1 | -f /etc/wireguard/wg0.conf -i wg0 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-i-conflict.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-i-conflict.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-i-conflict.stderr: -------------------------------------------------------------------------------- 1 | Error: Can't use -i and -f together! 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-ifname-not-found.args: -------------------------------------------------------------------------------- 1 | -f /etc/systemd/network/90-wireguard.netdev peer1 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.1/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-ifname-not-found.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-ifname-not-found.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-ifname-not-found.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-f-ifname-not-found.stderr: -------------------------------------------------------------------------------- 1 | Error: Could not find interface from file /etc/systemd/network/90-wireguard\.netdev! 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-must-be-root.args: -------------------------------------------------------------------------------- 1 | peer2 aWoSqEDNDrEQ6DIlEgQ2BKKl0fFGA7v/3Qbwu9pbYxg= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-must-be-root.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-must-be-root.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-must-be-root.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-must-be-root.stderr: -------------------------------------------------------------------------------- 1 | Error: Must be root to add new peers! 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-name-exists.args: -------------------------------------------------------------------------------- 1 | peer1 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.1/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-name-exists.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-name-exists.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-name-exists.result: -------------------------------------------------------------------------------- 1 | 2 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-name-exists.stderr: -------------------------------------------------------------------------------- 1 | A peer with this Name already exists! 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-pubkey-exists.args: -------------------------------------------------------------------------------- 1 | peer2 aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-pubkey-exists.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-pubkey-exists.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-pubkey-exists.result: -------------------------------------------------------------------------------- 1 | 2 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-pubkey-exists.stderr: -------------------------------------------------------------------------------- 1 | A peer with this PublicKey already exists! 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-too-few-arguments.args: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-too-few-arguments.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-too-few-arguments.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-too-few-arguments.stderr: -------------------------------------------------------------------------------- 1 | Error: Expected 0 or 3 arguments, got 2! 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-too-few-arguments.stdout: -------------------------------------------------------------------------------- 1 | Usage: wg-setup \[-y\] \[-f \] \[args\.\.\.\] 2 | -f systemd .netdev file to edit 3 | -y no confirmation required 4 | 5 | Commands: 6 | Without arguments, all commands except for list-\* run interactively. 7 | 8 | add-peer 9 | Add the provided configuration to WireGuard interface 10 | remove-peer 11 | Remove a peer from the WireGuard interface 12 | list-peers \[format\] 13 | List all valid wg-setup peers \(those with a hostname\) known to WireGuard\. 14 | By default, a hosts-like list of addresses and hostnames is generated\. 15 | Available formats are: hosts, added, pubkeys, dns-zone 16 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-wg0-file-not-found.args: -------------------------------------------------------------------------------- 1 | peer1 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.1/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-wg0-file-not-found.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg1 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-wg0-file-not-found.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg1 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-wg0-file-not-found.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-error-wg0-file-not-found.stderr: -------------------------------------------------------------------------------- 1 | Could not find backing config file for wg0! Do you have permissions to read it\? 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-f-conf-success.args: -------------------------------------------------------------------------------- 1 | -f /etc/wireguard/wg0.conf peer2 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-f-conf-success.conf: -------------------------------------------------------------------------------- 1 | # wg0 2 | 3 | -------------------------------------------------------------------------------- /tests/add-peer/args-f-conf-success.expected: -------------------------------------------------------------------------------- 1 | # wg0 2 | 3 | \[Peer\] 4 | # peer2 5 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 6 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 7 | AllowedIPs = 172\.16\.1\.2/32 8 | 9 | -------------------------------------------------------------------------------- /tests/add-peer/args-f-conf-success.stdin: -------------------------------------------------------------------------------- 1 | y 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-f-conf-success.stdout: -------------------------------------------------------------------------------- 1 | Using interface name wg0 2 | \[Peer\] 3 | # peer2 4 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 5 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 6 | AllowedIPs = 172\.16\.1\.2/32 7 | 8 | Add this configuration to /etc/wireguard/wg0.conf\? \[Y/n\] 9 | -------------------------------------------------------------------------------- /tests/add-peer/args-f-success.args: -------------------------------------------------------------------------------- 1 | -f /etc/systemd/network/90-wireguard.netdev peer2 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-f-success.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg_test 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/args-f-success.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg_test 3 | 4 | -------------------------------------------------------------------------------- /tests/add-peer/args-f-success.stdin: -------------------------------------------------------------------------------- 1 | y 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-f-success.stdout: -------------------------------------------------------------------------------- 1 | Using interface name wg_test 2 | \[WireGuardPeer\] 3 | # peer2 4 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 5 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 6 | AllowedIPs = 172\.16\.1\.2/32 7 | 8 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] 9 | -------------------------------------------------------------------------------- /tests/add-peer/args-i-success.args: -------------------------------------------------------------------------------- 1 | -i wg1 peer2 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-i-success.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg1 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/args-i-success.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg1 3 | 4 | -------------------------------------------------------------------------------- /tests/add-peer/args-i-success.stdin: -------------------------------------------------------------------------------- 1 | y 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-i-success.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer2 3 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] 8 | -------------------------------------------------------------------------------- /tests/add-peer/args-success-hooks.args: -------------------------------------------------------------------------------- 1 | peer2 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-success-hooks.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/args-success-hooks.stdin: -------------------------------------------------------------------------------- 1 | y 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-success-hooks.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer2 3 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] 8 | -------------------------------------------------------------------------------- /tests/add-peer/args-success-hooks/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | [[ $1 == added ]] 4 | [[ $2 == peer2 ]] 5 | [[ $3 == "iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs=" ]] 6 | [[ $4 == "172.16.1.2/32" ]] 7 | exit 0 8 | -------------------------------------------------------------------------------- /tests/add-peer/args-success.args: -------------------------------------------------------------------------------- 1 | peer2 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-success.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/args-success.stdin: -------------------------------------------------------------------------------- 1 | y 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-success.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer2 3 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] 8 | -------------------------------------------------------------------------------- /tests/add-peer/args-two-files-success.args: -------------------------------------------------------------------------------- 1 | peer2 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-two-files-success.conf: -------------------------------------------------------------------------------- 1 | # wg0 2 | 3 | -------------------------------------------------------------------------------- /tests/add-peer/args-two-files-success.expected: -------------------------------------------------------------------------------- 1 | # wg0 2 | 3 | \[Peer\] 4 | # peer2 5 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 6 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 7 | AllowedIPs = 172\.16\.1\.2/32 8 | 9 | -------------------------------------------------------------------------------- /tests/add-peer/args-two-files-success.stdin: -------------------------------------------------------------------------------- 1 | y 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-two-files-success.stdout: -------------------------------------------------------------------------------- 1 | \[Peer\] 2 | # peer2 3 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | Add this configuration to /etc/wireguard/wg0.conf\? \[Y/n\] 8 | -------------------------------------------------------------------------------- /tests/add-peer/args-y-success.args: -------------------------------------------------------------------------------- 1 | -y peer2 iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/add-peer/args-y-success.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/args-y-success.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer2 3 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-abort.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-abort.stdin: -------------------------------------------------------------------------------- 1 | peer2 2 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 3 | 172.16.1.2/32 4 | n 5 | y 6 | peer3 7 | sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 8 | 172.16.1.3/32 9 | n 10 | n 11 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-abort.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: PublicKey: AllowedIPs: 3 | \[WireGuardPeer\] 4 | # peer2 5 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 6 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 7 | AllowedIPs = 172\.16\.1\.2/32 8 | 9 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] Name: PublicKey: AllowedIPs: 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] 17 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-allowedips-exists.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-allowedips-exists.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-allowedips-exists.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-allowedips-exists.stdin: -------------------------------------------------------------------------------- 1 | peer2 2 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 3 | 172.16.1.1/32 4 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-allowedips-exists.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: PublicKey: AllowedIPs: A peer with this AllowedIPs already exists! 3 | Name: 4 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-invalid-allowedips.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-invalid-allowedips.stdin: -------------------------------------------------------------------------------- 1 | peer2 2 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 3 | 192.1681.01.2 4 | peer2 5 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 6 | 172.16.1.2/32 7 | y 8 | n 9 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-invalid-allowedips.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: PublicKey: AllowedIPs: Error: Invalid AllowedIPs \(\[/cidr\]\[,\[/cidr\]\[,\.\.\.\]\]\) 3 | Name: PublicKey: AllowedIPs: 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] 11 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-invalid-name.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-invalid-name.stdin: -------------------------------------------------------------------------------- 1 | peer 2 2 | peer2 3 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 4 | 172.16.1.2/32 5 | y 6 | n 7 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-invalid-name.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: Error: Not a valid hostname! 3 | Name: PublicKey: AllowedIPs: 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] 11 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-invalid-pubkey.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-invalid-pubkey.stdin: -------------------------------------------------------------------------------- 1 | peer2 2 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyr 3 | peer2 4 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 5 | 172.16.1.2/32 6 | y 7 | n 8 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-invalid-pubkey.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: PublicKey: Error: PublicKey invalid! 3 | Name: PublicKey: AllowedIPs: 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] 11 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-name-exists.conf: -------------------------------------------------------------------------------- 1 | # wg0 2 | 3 | [Peer] 4 | # peer1 5 | # Added by wolle at 2020-03-01 6 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 7 | AllowedIPs = 172.16.1.1/32 8 | 9 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-name-exists.expected: -------------------------------------------------------------------------------- 1 | # wg0 2 | 3 | \[Peer\] 4 | # peer1 5 | # Added by wolle at 2020-03-01 6 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 7 | AllowedIPs = 172\.16\.1\.1/32 8 | 9 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-name-exists.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-name-exists.stdin: -------------------------------------------------------------------------------- 1 | peer1 2 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-name-exists.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/wireguard/wg0.conf 2 | Name: A peer with this Name already exists! 3 | Name: 4 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-no-allowedips.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-no-allowedips.stdin: -------------------------------------------------------------------------------- 1 | peer2 2 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 3 | 4 | peer2 5 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 6 | 172.16.1.2/32 7 | y 8 | n 9 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-no-allowedips.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: PublicKey: AllowedIPs: Error: Invalid AllowedIPs \(\[/cidr\]\[,\[/cidr\]\[,\.\.\.\]\]\) 3 | Name: PublicKey: AllowedIPs: 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] 11 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-no-name.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-no-name.stdin: -------------------------------------------------------------------------------- 1 | 2 | peer2 3 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 4 | 172.16.1.2/32 5 | y 6 | n 7 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-no-name.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: Error: Not a valid hostname! 3 | Name: PublicKey: AllowedIPs: 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] 11 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-no-pubkey.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-no-pubkey.stdin: -------------------------------------------------------------------------------- 1 | peer2 2 | 3 | peer2 4 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 5 | 172.16.1.2/32 6 | y 7 | n 8 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-no-pubkey.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: PublicKey: Error: PublicKey invalid! 3 | Name: PublicKey: AllowedIPs: 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] 11 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-pubkey-exists.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-pubkey-exists.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-pubkey-exists.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-pubkey-exists.stdin: -------------------------------------------------------------------------------- 1 | peer2 2 | aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 3 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-error-pubkey-exists.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: PublicKey: A peer with this PublicKey already exists! 3 | Name: 4 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-success-nocidr.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-success-nocidr.stdin: -------------------------------------------------------------------------------- 1 | peer2 2 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 3 | 172.16.1.2 4 | y 5 | y 6 | peer3 7 | sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 8 | 172.16.1.3 9 | y 10 | n 11 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-success-nocidr.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: PublicKey: AllowedIPs: 3 | \[WireGuardPeer\] 4 | # peer2 5 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 6 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 7 | AllowedIPs = 172\.16\.1\.2/32 8 | 9 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] Name: PublicKey: AllowedIPs: 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] 17 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-success.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-success.stdin: -------------------------------------------------------------------------------- 1 | peer2 2 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 3 | 172.16.1.2/32 4 | y 5 | y 6 | peer3 7 | sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 8 | 172.16.1.3/32 9 | y 10 | n 11 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-success.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: PublicKey: AllowedIPs: 3 | \[WireGuardPeer\] 4 | # peer2 5 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 6 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 7 | AllowedIPs = 172\.16\.1\.2/32 8 | 9 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] Name: PublicKey: AllowedIPs: 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | Add this configuration to /etc/systemd/network/90-wireguard.netdev\? \[Y/n\] Add another peer\? \[y/N\] 17 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-y-success.args: -------------------------------------------------------------------------------- 1 | -y 2 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-y-success.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer2 6 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 7 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 8 | AllowedIPs = 172\.16\.1\.2/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-y-success.stdin: -------------------------------------------------------------------------------- 1 | peer2 2 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 3 | 172.16.1.2/32 4 | y 5 | peer3 6 | sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 7 | 172.16.1.3/32 8 | n 9 | -------------------------------------------------------------------------------- /tests/add-peer/interactive-y-success.stdout: -------------------------------------------------------------------------------- 1 | Add WireGuard peer\(s\) to /etc/systemd/network/90-wireguard.netdev 2 | Name: PublicKey: AllowedIPs: 3 | \[WireGuardPeer\] 4 | # peer2 5 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 6 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 7 | AllowedIPs = 172\.16\.1\.2/32 8 | 9 | Add another peer\? \[y/N\] Name: PublicKey: AllowedIPs: 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | Add another peer\? \[y/N\] 17 | -------------------------------------------------------------------------------- /tests/docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | DOCKERIMAGE="wolletd/wg-setup:latest" 5 | 6 | docker build -t "$DOCKERIMAGE" .. 7 | 8 | # Create a new network for the test to have DNS resolving 9 | docker network create wg-test >/dev/null 10 | 11 | trap "docker stop wg-server wg-client >/dev/null 2>&1; docker network rm wg-test >/dev/null" EXIT 12 | 13 | echo "Setting up WireGuard server..." 14 | docker run -d \ 15 | --name wg-server \ 16 | --network wg-test \ 17 | --rm \ 18 | --cap-add NET_ADMIN \ 19 | -e WG_ADDR="172.16.20.1/24" \ 20 | -e WG_LISTEN_PORT=12345 \ 21 | "$DOCKERIMAGE" >/dev/null 22 | 23 | while ! docker logs wg-server 2>/dev/null | grep "PublicKey:"; do 24 | sleep 0.1 25 | done 26 | SERVER_KEY="$(docker logs wg-server | awk '/PublicKey:/{print $2}')" 27 | 28 | echo "Setting up client..." 29 | docker run -d \ 30 | --name wg-client \ 31 | --network wg-test \ 32 | --rm \ 33 | --cap-add NET_ADMIN \ 34 | -e WG_ADDR="172.16.20.2/24" \ 35 | -e WG_PKEY="${SERVER_KEY}" \ 36 | -e WG_PEER="wg-server:12345" \ 37 | "$DOCKERIMAGE" >/dev/null 38 | 39 | while ! docker logs wg-client 2>/dev/null | grep "wg-setup add-peer"; do 40 | sleep 0.1 41 | done 42 | ADD_CMD="$(docker logs wg-client | grep "wg-setup add-peer")" 43 | 44 | echo "Adding client to server..." 45 | docker exec wg-server ${ADD_CMD} -y 46 | 47 | echo "Testing connection..." 48 | docker exec wg-client ping -c 1 172.16.20.1 49 | docker exec wg-client ping -c 2 172.16.20.1 50 | docker exec wg-server ping -c 2 172.16.20.2 51 | 52 | echo "Removing peer..." 53 | docker exec wg-server wg-setup remove-peer -y 172.16.20.2 54 | 55 | echo "Success!" 56 | rm -rf ${shared} 57 | -------------------------------------------------------------------------------- /tests/list-peers/args-added.args: -------------------------------------------------------------------------------- 1 | added 2 | -------------------------------------------------------------------------------- /tests/list-peers/args-added.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172\.16\.1\.2/32 15 | 16 | \[WireGuardPeer\] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172\.16\.1\.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-added.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-added.stdout: -------------------------------------------------------------------------------- 1 | 172\.16\.1\.1 peer1 # Added by wolle at 2020-03-01 2 | 172\.16\.1\.2 peer2 # Added by wolle at 2020-03-01 3 | 172\.16\.1\.3 peer3 # Added by wolle at 2020-03-01 4 | -------------------------------------------------------------------------------- /tests/list-peers/args-dns-zone.args: -------------------------------------------------------------------------------- 1 | dns-zone 2 | -------------------------------------------------------------------------------- /tests/list-peers/args-dns-zone.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172\.16\.1\.2/32 15 | 16 | \[WireGuardPeer\] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172\.16\.1\.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-dns-zone.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-dns-zone.stdout: -------------------------------------------------------------------------------- 1 | peer1 IN A 172\.16\.1\.1 2 | peer2 IN A 172\.16\.1\.2 3 | peer3 IN A 172\.16\.1\.3 4 | -------------------------------------------------------------------------------- /tests/list-peers/args-hosts.args: -------------------------------------------------------------------------------- 1 | hosts 2 | -------------------------------------------------------------------------------- /tests/list-peers/args-hosts.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172\.16\.1\.2/32 15 | 16 | \[WireGuardPeer\] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172\.16\.1\.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-hosts.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-hosts.stdout: -------------------------------------------------------------------------------- 1 | 172\.16\.1\.1 peer1 2 | 172\.16\.1\.2 peer2 3 | 172\.16\.1\.3 peer3 4 | -------------------------------------------------------------------------------- /tests/list-peers/args-invalid.args: -------------------------------------------------------------------------------- 1 | invalid 2 | -------------------------------------------------------------------------------- /tests/list-peers/args-invalid.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172\.16\.1\.2/32 15 | 16 | \[WireGuardPeer\] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172\.16\.1\.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-invalid.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-invalid.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/list-peers/args-invalid.stdout: -------------------------------------------------------------------------------- 1 | Available formats: hosts, added, pubkeys, dns-zone 2 | Error: Unknown format invalid! 3 | -------------------------------------------------------------------------------- /tests/list-peers/args-none.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172\.16\.1\.2/32 15 | 16 | \[WireGuardPeer\] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172\.16\.1\.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-none.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-none.stdout: -------------------------------------------------------------------------------- 1 | 172\.16\.1\.1 peer1 2 | 172\.16\.1\.2 peer2 3 | 172\.16\.1\.3 peer3 4 | -------------------------------------------------------------------------------- /tests/list-peers/args-pubkeys.args: -------------------------------------------------------------------------------- 1 | pubkeys 2 | -------------------------------------------------------------------------------- /tests/list-peers/args-pubkeys.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172\.16\.1\.2/32 15 | 16 | \[WireGuardPeer\] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172\.16\.1\.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-pubkeys.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/list-peers/args-pubkeys.stdout: -------------------------------------------------------------------------------- 1 | 172\.16\.1\.1 peer1 aWosQEdndReq6diLeGq2BKKl0fFGA7v\/3Qbwu9pbYxg= 2 | 172\.16\.1\.2 peer2 iCJSbobpCRHCG2\/WP9D1\/viGlv\+WrNpWtd1XkRzyrFs= 3 | 172\.16\.1\.3 peer3 sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 4 | -------------------------------------------------------------------------------- /tests/list-peers/args-too-many.args: -------------------------------------------------------------------------------- 1 | hosts added 2 | -------------------------------------------------------------------------------- /tests/list-peers/args-too-many.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | -------------------------------------------------------------------------------- /tests/list-peers/args-too-many.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/list-peers/args-too-many.stderr: -------------------------------------------------------------------------------- 1 | Error: Too many arguments! 2 | -------------------------------------------------------------------------------- /tests/list-peers/args-too-many.stdout: -------------------------------------------------------------------------------- 1 | Usage: wg-setup \[-y\] \[-f \] \[args\.\.\.\] 2 | -f systemd .netdev file to edit 3 | -y no confirmation required 4 | 5 | Commands: 6 | Without arguments, all commands except for list-\* run interactively. 7 | 8 | add-peer 9 | Add the provided configuration to WireGuard interface 10 | remove-peer 11 | Remove a peer from the WireGuard interface 12 | list-peers \[format\] 13 | List all valid wg-setup peers \(those with a hostname\) known to WireGuard\. 14 | By default, a hosts-like list of addresses and hostnames is generated\. 15 | Available formats are: hosts, added, pubkeys, dns-zone 16 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-abort.args: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-abort.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172\.16\.1\.2/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-abort.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-abort.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-abort.stdin: -------------------------------------------------------------------------------- 1 | n 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-abort.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer2 3 | # Added by wolle at 2020-03-01 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] 8 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-multiple.args: -------------------------------------------------------------------------------- 1 | 172.16 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-multiple.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172\.16\.1\.2/32 15 | 16 | \[WireGuardPeer\] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172\.16\.1\.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-multiple.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-multiple.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-multiple.stderr: -------------------------------------------------------------------------------- 1 | Multiple peers matching the search string found! 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-multiple.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer1 3 | # Added by wolle at 2020-03-01 4 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 5 | AllowedIPs = 172\.16\.1\.1/32 6 | 7 | \[WireGuardPeer\] 8 | # peer2 9 | # Added by wolle at 2020-03-01 10 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 11 | AllowedIPs = 172\.16\.1\.2/32 12 | 13 | \[WireGuardPeer\] 14 | # peer3 15 | # Added by wolle at 2020-03-01 16 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 17 | AllowedIPs = 172\.16\.1\.3/32 18 | 19 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-must-be-root.args: -------------------------------------------------------------------------------- 1 | peer2 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-must-be-root.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-must-be-root.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-must-be-root.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-must-be-root.stderr: -------------------------------------------------------------------------------- 1 | Error: Must be root to remove peers! 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-pubkey-not-found.args: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-pubkey-not-found.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-pubkey-not-found.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-pubkey-not-found.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-pubkey-not-found.stderr: -------------------------------------------------------------------------------- 1 | No peer matching the search string was found! 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-too-many-arguments.args: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 172.16.1.2/32 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-too-many-arguments.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-too-many-arguments.result: -------------------------------------------------------------------------------- 1 | 1 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-too-many-arguments.stderr: -------------------------------------------------------------------------------- 1 | Error: Expected 0 or 1 arguments, got 2! 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-error-too-many-arguments.stdout: -------------------------------------------------------------------------------- 1 | Usage: wg-setup \[-y\] \[-f \] \[args\.\.\.\] 2 | -f systemd .netdev file to edit 3 | -y no confirmation required 4 | 5 | Commands: 6 | Without arguments, all commands except for list-\* run interactively. 7 | 8 | add-peer 9 | Add the provided configuration to WireGuard interface 10 | remove-peer 11 | Remove a peer from the WireGuard interface 12 | list-peers \[format\] 13 | List all valid wg-setup peers \(those with a hostname\) known to WireGuard\. 14 | By default, a hosts-like list of addresses and hostnames is generated\. 15 | Available formats are: hosts, added, pubkeys, dns-zone 16 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-by-ip.args: -------------------------------------------------------------------------------- 1 | 172.16.1.2 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-by-ip.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-by-ip.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-by-ip.stdin: -------------------------------------------------------------------------------- 1 | y 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-by-ip.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer2 3 | # Added by wolle at 2020-03-01 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] 8 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-by-name.args: -------------------------------------------------------------------------------- 1 | peer2 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-by-name.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-by-name.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-by-name.stdin: -------------------------------------------------------------------------------- 1 | y 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-by-name.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer2 3 | # Added by wolle at 2020-03-01 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] 8 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-hooks.args: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-hooks.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-hooks.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-hooks.stdin: -------------------------------------------------------------------------------- 1 | y 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-hooks.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer2 3 | # Added by wolle at 2020-03-01 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] 8 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success-hooks/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | [[ $1 == removed ]] 4 | [[ $2 == peer2 ]] 5 | [[ $3 == "iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs=" ]] 6 | [[ $4 == "172.16.1.2/32" ]] 7 | exit 0 8 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success.args: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success.stdin: -------------------------------------------------------------------------------- 1 | y 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-success.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer2 3 | # Added by wolle at 2020-03-01 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] 8 | -------------------------------------------------------------------------------- /tests/remove-peer/args-y-success.args: -------------------------------------------------------------------------------- 1 | -y iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | -------------------------------------------------------------------------------- /tests/remove-peer/args-y-success.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/args-y-success.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/remove-peer/args-y-success.stdout: -------------------------------------------------------------------------------- 1 | \[WireGuardPeer\] 2 | # peer2 3 | # Added by wolle at 2020-03-01 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-error-abort.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172\.16\.1\.2/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-error-abort.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-error-abort.stdin: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | n 3 | n 4 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-error-abort.stdout: -------------------------------------------------------------------------------- 1 | Remove WireGuard peer\(s\) from /etc/systemd/network/90-wireguard.netdev 2 | Enter PublicKey/Hostname/IPAddress: \[WireGuardPeer\] 3 | # peer2 4 | # Added by wolle at 2020-03-01 5 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 6 | AllowedIPs = 172\.16\.1\.2/32 7 | 8 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] Remove another peer\? \[y/N\] 9 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-error-pubkey-not-found.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-error-pubkey-not-found.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-error-pubkey-not-found.stdin: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | n 3 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-error-pubkey-not-found.stdout: -------------------------------------------------------------------------------- 1 | Remove WireGuard peer\(s\) from /etc/systemd/network/90-wireguard.netdev 2 | Enter PublicKey/Hostname/IPAddress: No peer matching the search string was found! 3 | Remove another peer\? \[y/N\] 4 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-by-ip.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-by-ip.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-by-ip.stdin: -------------------------------------------------------------------------------- 1 | 172.16.1.2 2 | y 3 | n 4 | n 5 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-by-ip.stdout: -------------------------------------------------------------------------------- 1 | Remove WireGuard peer\(s\) from /etc/systemd/network/90-wireguard.netdev 2 | Enter PublicKey/Hostname/IPAddress: \[WireGuardPeer\] 3 | # peer2 4 | # Added by wolle at 2020-03-01 5 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 6 | AllowedIPs = 172\.16\.1\.2/32 7 | 8 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] Remove another peer\? \[y/N\] 9 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-by-name.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-by-name.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-by-name.stdin: -------------------------------------------------------------------------------- 1 | peer2 2 | y 3 | n 4 | n 5 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-by-name.stdout: -------------------------------------------------------------------------------- 1 | Remove WireGuard peer\(s\) from /etc/systemd/network/90-wireguard.netdev 2 | Enter PublicKey/Hostname/IPAddress: \[WireGuardPeer\] 3 | # peer2 4 | # Added by wolle at 2020-03-01 5 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 6 | AllowedIPs = 172\.16\.1\.2/32 7 | 8 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] Remove another peer\? \[y/N\] 9 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-extra.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-extra.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | PersistentKeepalive = 25 16 | 17 | [WireGuardPeer] 18 | # peer3 19 | # Added by wolle at 2020-03-01 20 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 21 | AllowedIPs = 172.16.1.3/32 22 | 23 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-extra.stdin: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | y 3 | n 4 | n 5 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-extra.stdout: -------------------------------------------------------------------------------- 1 | Remove WireGuard peer\(s\) from /etc/systemd/network/90-wireguard.netdev 2 | Enter PublicKey/Hostname/IPAddress: \[WireGuardPeer\] 3 | # peer2 4 | # Added by wolle at 2020-03-01 5 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 6 | AllowedIPs = 172\.16\.1\.2/32 7 | PersistentKeepalive = 25 8 | 9 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] Remove another peer\? \[y/N\] 10 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-malformed.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-malformed.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer without "Added"-line 12 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 13 | AllowedIPs = 172.16.1.2/32 14 | 15 | [WireGuardPeer] 16 | # peer3 17 | # Added by wolle at 2020-03-01 18 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 19 | AllowedIPs = 172.16.1.3/32 20 | 21 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-malformed.stdin: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | y 3 | n 4 | n 5 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-malformed.stdout: -------------------------------------------------------------------------------- 1 | Remove WireGuard peer\(s\) from /etc/systemd/network/90-wireguard.netdev 2 | Enter PublicKey/Hostname/IPAddress: \[WireGuardPeer\] 3 | # peer without "Added"-line 4 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 5 | AllowedIPs = 172\.16\.1\.2/32 6 | 7 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] Remove another peer\? \[y/N\] 8 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-noblank.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-noblank.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | [WireGuardPeer] 16 | # peer3 17 | # Added by wolle at 2020-03-01 18 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 19 | AllowedIPs = 172.16.1.3/32 20 | 21 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-noblank.stdin: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | y 3 | n 4 | n 5 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-noblank.stdout: -------------------------------------------------------------------------------- 1 | Remove WireGuard peer\(s\) from /etc/systemd/network/90-wireguard.netdev 2 | Enter PublicKey/Hostname/IPAddress: \[WireGuardPeer\] 3 | # peer2 4 | # Added by wolle at 2020-03-01 5 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 6 | AllowedIPs = 172\.16\.1\.2/32 7 | 8 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] Remove another peer\? \[y/N\] 9 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-noblank2.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-noblank2.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | [WireGuardPeer] 10 | # peer2 11 | # Added by wolle at 2020-03-01 12 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 13 | AllowedIPs = 172.16.1.2/32 14 | 15 | [WireGuardPeer] 16 | # peer3 17 | # Added by wolle at 2020-03-01 18 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 19 | AllowedIPs = 172.16.1.3/32 20 | 21 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-noblank2.stdin: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | y 3 | n 4 | n 5 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success-noblank2.stdout: -------------------------------------------------------------------------------- 1 | Remove WireGuard peer\(s\) from /etc/systemd/network/90-wireguard.netdev 2 | Enter PublicKey/Hostname/IPAddress: \[WireGuardPeer\] 3 | # peer2 4 | # Added by wolle at 2020-03-01 5 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 6 | AllowedIPs = 172\.16\.1\.2/32 7 | 8 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] Remove another peer\? \[y/N\] 9 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success.stdin: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | y 3 | n 4 | n 5 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-success.stdout: -------------------------------------------------------------------------------- 1 | Remove WireGuard peer\(s\) from /etc/systemd/network/90-wireguard.netdev 2 | Enter PublicKey/Hostname/IPAddress: \[WireGuardPeer\] 3 | # peer2 4 | # Added by wolle at 2020-03-01 5 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 6 | AllowedIPs = 172\.16\.1\.2/32 7 | 8 | Remove this configuration from /etc/systemd/network/90-wireguard.netdev\? \[y/N\] Remove another peer\? \[y/N\] 9 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-y-success.args: -------------------------------------------------------------------------------- 1 | -y 2 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-y-success.expected: -------------------------------------------------------------------------------- 1 | \[NetDev\] 2 | Name = wg0 3 | 4 | \[WireGuardPeer\] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172\.16\.1\.1/32 9 | 10 | \[WireGuardPeer\] 11 | # peer3 12 | # Added by [[:alnum:]_-]+ at [0-9]{4}-[0-9]{2}-[0-9]{2} 13 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 14 | AllowedIPs = 172\.16\.1\.3/32 15 | 16 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-y-success.netdev: -------------------------------------------------------------------------------- 1 | [NetDev] 2 | Name = wg0 3 | 4 | [WireGuardPeer] 5 | # peer1 6 | # Added by wolle at 2020-03-01 7 | PublicKey = aWosQEdndReq6diLeGq2BKKl0fFGA7v/3Qbwu9pbYxg= 8 | AllowedIPs = 172.16.1.1/32 9 | 10 | [WireGuardPeer] 11 | # peer2 12 | # Added by wolle at 2020-03-01 13 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 14 | AllowedIPs = 172.16.1.2/32 15 | 16 | [WireGuardPeer] 17 | # peer3 18 | # Added by wolle at 2020-03-01 19 | PublicKey = sumgkcdEO3HytLakj3eFdiYU7V0GKANDdIMDLNHxl1c= 20 | AllowedIPs = 172.16.1.3/32 21 | 22 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-y-success.stdin: -------------------------------------------------------------------------------- 1 | iCJSbobpCRHCG2/WP9D1/viGlv+WrNpWtd1XkRzyrFs= 2 | n 3 | -------------------------------------------------------------------------------- /tests/remove-peer/interactive-y-success.stdout: -------------------------------------------------------------------------------- 1 | Remove WireGuard peer\(s\) from /etc/systemd/network/90-wireguard.netdev 2 | Enter PublicKey/Hostname/IPAddress: \[WireGuardPeer\] 3 | # peer2 4 | # Added by wolle at 2020-03-01 5 | PublicKey = iCJSbobpCRHCG2/WP9D1/viGlv\+WrNpWtd1XkRzyrFs= 6 | AllowedIPs = 172\.16\.1\.2/32 7 | 8 | Remove another peer\? \[y/N\] 9 | -------------------------------------------------------------------------------- /tests/run_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | unshare_again() { 6 | unshare --map-user=1000 "$@" 7 | } 8 | export -f unshare_again 9 | 10 | add_netdev() { 11 | printf '[NetDev]\nName = wg0\n\n' > /etc/systemd/network/90-wireguard.netdev 12 | "$@" 13 | } 14 | export -f add_netdev 15 | 16 | _run_test() { 17 | local test=$1 18 | local wrapper=${2:-} 19 | local command=${test%%/*} 20 | local has_stdin=0 expres=0 error=0 21 | local args= regexp res 22 | [[ -f ${test}.stdin ]] && has_stdin=1 23 | [[ -f ${test}.args ]] && args="$(<${test}.args)" 24 | 25 | # We are in our own mount namespace and pretend to be root: 26 | # Mount over /run first, bind-mount original /etc to /run/etc, because we 27 | # need /etc/alternatives and then mount over /etc to mask actual system 28 | # configuration and allow tests to write files. 29 | mount -t tmpfs tmpfs /run 30 | mkdir -p /run/etc 31 | mount --bind /etc /run/etc 32 | mount -t tmpfs tmpfs /etc 33 | 34 | # Required for awk on some distributions 35 | ln -s /run/etc/alternatives /etc/alternatives 36 | # Required for `id -un` 37 | echo "root:x:0:0:root:/root:/bin/bash" > /etc/passwd 38 | 39 | # Create the directories we care about 40 | mkdir -p /etc/wireguard /etc/systemd/network 41 | # Copy the tests hooks if necessary 42 | [[ -d "${test}" ]] && cp -r "${test}" /etc/wg-setup 43 | 44 | # Create the configuration file to test 45 | test_file=/etc/systemd/network/90-wireguard.netdev 46 | if [[ -f ${test}.conf ]]; then 47 | test_file=/etc/wireguard/wg0.conf 48 | cp ${test}.conf ${test_file} 49 | elif [[ -f ${test}.netdev ]]; then 50 | cp ${test}.netdev ${test_file} 51 | else 52 | printf '[NetDev]\nName = wg0\n\n' > ${test_file} 53 | fi 54 | 55 | # Run wg-setup 56 | if [[ $has_stdin -eq 1 ]]; then 57 | ! ${wrapper} wg-setup ${command} ${args} <${test}.stdin 1>/run/stdout 2>/run/stderr 58 | else 59 | ! ${wrapper} wg-setup ${command} ${args} 1>/run/stdout 2>/run/stderr 60 | fi 61 | 62 | # Evaluate the results 63 | res=${PIPESTATUS[0]} 64 | [[ -f ${test}.result ]] && expres=$(<${test}.result) 65 | if [[ $res -ne $expres ]]; then 66 | echo "Test ${test} failed: Exit code $res doesn't match expected exit code $expres!" 67 | error=1 68 | fi 69 | regexp="" 70 | [[ -f ${test}.expected ]] && regexp=$(<${test}.expected) 71 | if [[ ! "$(<${test_file})" =~ ^${regexp}$ ]]; then 72 | echo "Test ${test} failed: Output file doesn't match expectation!" 73 | cat ${test_file} 74 | error=1 75 | fi 76 | regexp="" 77 | [[ -f ${test}.stdout ]] && regexp=$(<${test}.stdout) 78 | if [[ ! "$([/cidr][,[/cidr][,...]])" 36 | return 1 37 | fi 38 | test_exists "AllowedIPs" "$1" 39 | } 40 | 41 | # A WireGuard PublicKey consists of 43 random Base64 characters and a trailing '=' 42 | test_publickey() { 43 | if [[ ! "$1" =~ ^[A-Za-z0-9/+]{43}=$ ]]; then 44 | echo "Error: PublicKey invalid!" 45 | return 1 46 | fi 47 | test_exists "PublicKey" "$1" 48 | } 49 | 50 | # Inner function for cmd_add_peer 51 | add_peer() { 52 | local name="$1" 53 | local peer="$2" 54 | local allowed_ips="$3" 55 | 56 | # Add CIDR /32 to ip addresses without suffix 57 | allowed_ips=$(echo "${allowed_ips}" | sed 's#\.\([0-9]\+\)\(,\|$\)#.\1/32\2#g') 58 | 59 | test_name "${name}" 1>&2 || return $? 60 | test_publickey "${peer}" 1>&2 || return $? 61 | test_allowedips "${allowed_ips}" 1>&2 || return $? 62 | 63 | local config 64 | config="[${IS_NETDEV:+WireGuard}Peer]\n" 65 | config+="# ${name}\n" 66 | config+="# Added by ${SUDO_USER:-$(id -un)} at $(date +%F)\n" 67 | config+="PublicKey = ${peer}\n" 68 | config+="AllowedIPs = ${allowed_ips}\n" 69 | 70 | echo -e "${config}" 71 | 72 | if [[ -z "${NO_CONFIRM}" ]]; then 73 | echo -n "Add this configuration to ${WG_CONFFILE}? [Y/n] " 74 | local add 75 | read -r add 76 | [[ -z "${add}" || "${add,}" == "y" ]] || return 1 77 | fi 78 | 79 | echo -e "${config}" >> "${WG_CONFFILE}" 80 | 81 | # Check if interface is non-zero and actually existing 82 | if [[ -z ${WG_TEST} && -e /sys/class/net/${WG_IFNAME} ]]; then 83 | wg set "${WG_IFNAME}" peer "${peer}" allowed-ips "${allowed_ips}" 84 | fi 85 | run_hooks added "$name" "$peer" "$allowed_ips" 86 | } 87 | 88 | # Inner function for cmd_remove_peer 89 | remove_peer() { 90 | local peer="$1" 91 | local awkScript='{ l[++n]=$0 } 92 | /^(\[(WireGuard)?Peer\])?$/ { 93 | if ((f && !r) || (!f && r)) { for (i=1;i1) { print "" } } 94 | delete l; n=(NF > 0); f=0; l[n]=$0 95 | } 96 | /^PublicKey/ { if($3==pk){ f=1; if(fs){m=1} fs=1 } } 97 | /^# / { if($2==pk) { f=1; if(fs){m=1} fs=1 } } 98 | /^AllowedIPs/ { if(index($3,pk)) { f=1; if(fs){m=1} fs=1 } } 99 | END { if(m){ exit 2 }else{ exit !fs } }' 100 | 101 | # Always print portion that is removed to stdout 102 | if awk -v pk="${peer}" "${awkScript}" "${WG_CONFFILE}"; then 103 | if [[ -z "${NO_CONFIRM}" ]]; then 104 | echo -n "Remove this configuration from ${WG_CONFFILE}? [y/N] " 105 | local del 106 | read -r del 107 | [[ "${del,}" == "y" ]] || return 1 108 | fi 109 | 110 | # Rerun the awk script to extract the peer data, we expect it to be a fine result now 111 | local name pubkey ips 112 | read name pubkey ips < <(awk -v pk="${peer}" "${awkScript}" "${WG_CONFFILE}" | 113 | awk '/^# /&&!n{n=$2}/^PublicKey/{k=$3}/^AllowedIPs/{i=$3}END{print n,k,i}') 114 | 115 | # Remove the entry from WG_CONFFILE and write the result to a temporary file 116 | local tmpfile 117 | tmpfile=$(mktemp "${WG_CONFFILE}.XXXXXX") 118 | awk -v pk="${peer}" -v r=1 "${awkScript}" "${WG_CONFFILE}" > "$tmpfile" 119 | 120 | # Copy ownership and permissions to the new file and then replace the original with it 121 | local fuid fgid perms 122 | read fuid fgid fperms < <(stat -c "%u %g %a" "$WG_CONFFILE") 123 | chmod "$fperms" "$tmpfile" 124 | chown "$fuid:$fgid" "$tmpfile" 125 | mv "$tmpfile" "$WG_CONFFILE" 126 | 127 | # Remove peer from interface if the interface actually is present 128 | if [[ -z ${WG_TEST} && -e /sys/class/net/${WG_IFNAME} ]]; then 129 | wg set "${WG_IFNAME}" peer "${pubkey}" remove 130 | fi 131 | run_hooks removed "$name" "$pubkey" "$ips" 132 | return 0 133 | elif [[ $? -eq 2 ]]; then 134 | echo "Multiple peers matching the search string found!" >&2 135 | else 136 | echo "No peer matching the search string was found!" >&2 137 | fi 138 | return 1 139 | } 140 | 141 | run_hooks() { 142 | [[ -d "${WG_SETUP_HOOK_DIR}" ]] || return 0 143 | local file 144 | for file in ${WG_SETUP_HOOK_DIR}/*; do 145 | [[ -x "${file}" ]] && "${file}" "$@" 146 | done 147 | } 148 | 149 | usage() { 150 | cat <|-i ] [args...] 152 | -f systemd .netdev file to edit (incompatible with -i) 153 | -i WireGuard interface to edit (incompatible with -f) 154 | -y no confirmation required 155 | 156 | Commands: 157 | Without arguments, all commands except for list-* run interactively. 158 | 159 | add-peer 160 | Add the provided configuration to WireGuard interface 161 | remove-peer 162 | Remove a peer from the WireGuard interface 163 | list-peers [format] 164 | List all valid wg-setup peers (those with a hostname) known to WireGuard. 165 | By default, a hosts-like list of addresses and hostnames is generated. 166 | Available formats are: $LIST_FORMATS 167 | EOF 168 | exit $1 169 | } 170 | 171 | cmd_add_peer() { 172 | if [[ $# -ne 0 && $# -ne 3 ]]; then 173 | echo "Error: Expected 0 or 3 arguments, got $#!" >&2 174 | usage 1 175 | 176 | elif [[ $UID -ne 0 ]]; then 177 | echo "Error: Must be root to add new peers!" >&2 178 | return 1 179 | 180 | elif [[ $# -eq 3 ]]; then 181 | local name=$1 182 | local pubkey=$2 183 | local allowed_ips=$3 184 | add_peer "${name}" "${pubkey}" "${allowed_ips}" 185 | 186 | else 187 | echo "Add WireGuard peer(s) to ${WG_CONFFILE}" 188 | 189 | local cont="y" 190 | local name pubkey allowedips 191 | while [[ "${cont}" == "y" || "${cont}" == "Y" ]]; do 192 | echo -n "Name: " 193 | read -r name 194 | test_name "${name}" || continue 195 | 196 | echo -n "PublicKey: " 197 | read -r pubkey 198 | test_publickey "${pubkey}" || continue 199 | 200 | echo -n "AllowedIPs: " 201 | read -r allowedips 202 | test_allowedips "${allowedips}" || continue 203 | 204 | echo 205 | ! add_peer "${name}" "${pubkey}" "${allowedips}" 2>&1 206 | echo -n "Add another peer? [y/N] " 207 | read -r cont 208 | done 209 | fi 210 | } 211 | 212 | cmd_remove_peer() { 213 | if [[ $# -gt 1 ]]; then 214 | echo "Error: Expected 0 or 1 arguments, got $#!" >&2 215 | usage 1 216 | 217 | elif [[ $UID -ne 0 ]]; then 218 | echo "Error: Must be root to remove peers!" >&2 219 | return 1 220 | 221 | elif [[ $# -eq 1 ]]; then 222 | local peer=$1 223 | remove_peer "${peer}" 224 | 225 | else 226 | echo "Remove WireGuard peer(s) from ${WG_CONFFILE}" 227 | 228 | local cont="y" 229 | local peer 230 | while [[ "${cont}" == "y" || "${cont}" == "Y" ]]; do 231 | echo -n "Enter PublicKey/Hostname/IPAddress: " 232 | read -r peer 233 | ! remove_peer "${peer}" 2>&1 234 | echo -n "Remove another peer? [y/N] " 235 | read -r cont 236 | done 237 | fi 238 | } 239 | 240 | LIST_FORMATS="hosts, added, pubkeys, dns-zone" 241 | cmd_list_peers() { 242 | if [[ $# -gt 1 ]]; then 243 | echo "Error: Too many arguments!" >&2 244 | usage 1 245 | fi 246 | 247 | local format=${1:-hosts} 248 | 249 | case "${format}" in 250 | hosts) 251 | awk '/^\[(WireGuard)?Peer\]$/{getline;if($1=="#"&&$2!="Added"){name=$2}else{name=""}} 252 | /^AllowedIPs/{sub(/\/[0-9]+/,"",$3);printf("%-19s %s\n",$3,name)}' \ 253 | ${WG_CONFFILE} 254 | ;; 255 | added) 256 | awk '/^\[(WireGuard)?Peer\]$/{getline;if($1=="#"){ 257 | if($2!="Added"){name=$2;getline;if($1=="#"&&$2=="Added"){comment=$0}} 258 | else{name="";comment=$0}}} 259 | /^AllowedIPs/{sub(/\/[0-9]+/,"",$3);printf("%-19s %-30s %s\n",$3,name,comment)}' \ 260 | ${WG_CONFFILE} 261 | ;; 262 | pubkeys) 263 | awk '/^\[(WireGuard)?Peer\]$/{getline;if($1=="#"&&$2!="Added"){name=$2}else{name=""}} 264 | /^PublicKey/{pubkey=$3}/^AllowedIPs/{sub(/\/[0-9]+/,"",$3);ip=$3} 265 | name&&pubkey&&ip{printf("%-19s %-30s %s\n",ip,name,pubkey);name=pubkey=ip=""}' \ 266 | ${WG_CONFFILE} 267 | ;; 268 | dns-zone) 269 | awk '/^\[(WireGuard)?Peer\]$/{getline;if($1=="#"&&$2!="Added"){name=$2}else{name=""}} 270 | /^AllowedIPs/{sub(/\/[0-9]+/,"",$3);printf("%-24s IN A %s\n",name,$3)}' \ 271 | ${WG_CONFFILE} 272 | ;; 273 | *) 274 | echo "Available formats: $LIST_FORMATS" 275 | [[ "${format}" == "help" ]] || { echo "Error: Unknown format ${format}!"; return 1; } 276 | ;; 277 | esac 278 | } 279 | 280 | ifname_from_conffile() { 281 | local conffile="$1" 282 | if [[ ! -f "${conffile}" ]]; then 283 | echo "Error: ${conffile} not found!" >&2 284 | exit 1 285 | fi 286 | 287 | local ext basename ifname 288 | 289 | local ext="${conffile##*.}" 290 | 291 | if [[ "${ext}" == "conf" ]]; then 292 | # wg-quick uses .conf as filename 293 | local basename="${conffile##*/}" 294 | ifname="${basename%.*}" 295 | elif [[ "${ext}" == "netdev" ]]; then 296 | # networkd has a Name field in the netdev file 297 | ifname=$(awk '/^Name/{gsub(/Name ?= ?/,"",$0);print}' "${conffile}") 298 | fi 299 | 300 | if [[ -z "${ifname}" ]]; then 301 | echo "Error: Could not find interface from file ${conffile}!" >&2 302 | exit 1 303 | fi 304 | 305 | echo "${ifname}" 306 | } 307 | 308 | conffile_from_ifname() { 309 | local ifname=$1 310 | 311 | # wg-quick files are named after the interface they are for 312 | local wg_quick_file="/etc/wireguard/${ifname}.conf" 313 | 314 | # systemd-networkd files contain the interface name, so we grep and hope for a single result. 315 | local networkd_file="$(grep -lR "${ifname}" /etc/systemd/network/*.netdev 2>/dev/null || true)" 316 | 317 | if [[ -f "${wg_quick_file}" && -f "${networkd_file}" ]]; then 318 | # If both files exist, we check if systemd-networkd is enabled. In that case, we have 319 | # to assume that it's also responsible for the interface it has a configuration file for. 320 | # If it's not enabled, we assume we are using wg-quick. 321 | systemctl is-enabled systemd-networkd >/dev/null && echo "${networkd_file}" || echo "${wg_quick_file}" 322 | 323 | elif [[ -f "${wg_quick_file}" ]]; then 324 | echo "${wg_quick_file}" 325 | 326 | elif [[ -f "${networkd_file}" ]]; then 327 | echo "${networkd_file}" 328 | 329 | else 330 | echo "Could not find backing config file for ${ifname}! Do you have permissions to read it?" >&2 331 | exit 1 332 | fi 333 | } 334 | 335 | WG_SETUP_HOOK_DIR="${WG_SETUP_HOOK_DIR:-/etc/wg-setup}" 336 | 337 | # use enhanced getopt 338 | OPTS=f:hi:y 339 | LOPTS=file:,help,ifname:,noconfirm 340 | PARSED_OPTS=$(getopt -o $OPTS -l $LOPTS -n "$0" -- "$@") 341 | eval set -- "$PARSED_OPTS" 342 | 343 | WG_CONFFILE= 344 | WG_IFNAME= 345 | NO_CONFIRM= 346 | WG_TEST=${WG_TEST:-} 347 | 348 | while [[ "$1" != "--" ]]; do 349 | case $1 in 350 | -f|--file) 351 | WG_CONFFILE="$2" 352 | shift 2 353 | ;; 354 | -h|--help) 355 | usage 356 | ;; 357 | -i|--ifname) 358 | WG_IFNAME="$2" 359 | shift 2 360 | ;; 361 | -y|--noconfirm) 362 | NO_CONFIRM=yes 363 | shift 364 | ;; 365 | *) 366 | echo "Programming error" >&2 367 | exit 1 368 | ;; 369 | esac 370 | done 371 | shift # away the -- 372 | 373 | IS_NETDEV= 374 | 375 | # With an interface, wg-setup will automatically find the target 376 | # configuration file and won't accept any -f argument 377 | if [[ -n "${WG_IFNAME}" && -n "${WG_CONFFILE}" ]]; then 378 | echo "Error: Can't use -i and -f together!" >&2 379 | exit 1 380 | 381 | elif [[ -n "${WG_CONFFILE}" ]]; then 382 | # If an existing file is provided, use it and determine interface name 383 | WG_IFNAME=$(ifname_from_conffile "${WG_CONFFILE}") 384 | echo "Using interface name ${WG_IFNAME}" 385 | 386 | else 387 | # No configuration file is provided, try to figure it out. 388 | # Use wg0 if no interface name is provided, either. 389 | WG_IFNAME=${WG_IFNAME:-wg0} 390 | 391 | WG_CONFFILE="$(conffile_from_ifname "${WG_IFNAME}")" 392 | fi 393 | 394 | [[ "${WG_CONFFILE##*.}" == "netdev" ]] && IS_NETDEV=yes 395 | 396 | cmd="$1"; shift || usage 1 397 | 398 | case "${cmd}" in 399 | add-peer|a*) 400 | cmd_add_peer "$@" 401 | ;; 402 | remove-peer|r|rm|rmp*|rem*) 403 | cmd_remove_peer "$@" 404 | ;; 405 | list-peers|ls|lsp*|lp|list-p*) 406 | cmd_list_peers "$@" 407 | ;; 408 | help|h*) 409 | usage 0 410 | ;; 411 | *) 412 | echo "Unknown command ${cmd}!" >&2 413 | usage 1 414 | ;; 415 | esac 416 | 417 | -------------------------------------------------------------------------------- /wg-setup-client: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Generate a WireGuard configuration for wg-quick or 3 | # systemd-networkd, if it's the active network manager. 4 | # Meant to easily setup large amounts of clients to a network by just 5 | # providing individual IP addresses 6 | # This is not sophisticated, but meant to customize or just inspire. Have fun. 7 | # created by Eicke Herbertz, 2020 8 | 9 | set -euo pipefail 10 | 11 | error() { 12 | echo "Error: $*" >&2 13 | exit 1 14 | } 15 | 16 | has-systemd() { 17 | command -v systemctl >/dev/null 18 | } 19 | 20 | systemd-booted() { 21 | [[ -d /run/systemd/system ]] 22 | } 23 | 24 | usage() { 25 | cat <] [-i ] [-p pubkey] 27 | [ip-addr] [port (with -s)] 28 | 29 | -b,--backend= Backend to configure (networkd, wg-quick or auto (default)) 30 | -d,--descr= Description for .netdev (default: WireGuard VPN) 31 | -e,--endpoint= WireGuard endpoint of the Server 32 | -f,--force overwrite existing files 33 | -h,--help Show this usage text 34 | -i,--iface= name of the WireGuard interface to create (default: wg0) 35 | -o,--out-file= File mode: don't configure interface, write configuration to 36 | given file (- for stdout). For networkd files, either .netdev 37 | or .network can be provided and both will be created. 38 | -p,--pubkey= WireGuard public key of the Server 39 | -s,--server Create a server configuration (skip peer setup) 40 | -t,--type= Type of output for file mode, supported values are: 41 | auto (default), wg-quick, networkd, zip, qr-utf8, qr-png 42 | *auto* uses qr-utf8 if out-file is stdout, otherwise tries 43 | to read the file extension and falls back to wg-quick format. 44 | ip-addr ip address for this client 45 | port listening port in --server mode 46 | EOF 47 | exit $1 48 | } 49 | 50 | # Adapted from https://stackoverflow.com/a/32690695/2208453 51 | ip2int() { 52 | local a b c d 53 | { IFS=. read a b c d; } <<< $1 54 | echo $(( ( ( ( ( (a << 8) | b) << 8) | c) << 8) | d)) 55 | } 56 | 57 | int2ip() { 58 | local ui32=$1 ip n 59 | for n in 0 8 16 24; do 60 | ip=$(((ui32 & 0xff << $n) >> $n))${ip:+.${ip}} 61 | done 62 | echo $ip 63 | } 64 | 65 | network() { 66 | local addr="$(ip2int $1)" 67 | local mask="$((0xffffffff << (32 - $2)))" 68 | int2ip $((addr & mask)) 69 | } 70 | 71 | networkd_network_header() { 72 | local ifname=$1 73 | cat </dev/null || error "wg not found. Please install wireguard-tools first!" 104 | 105 | opts=d:e:fhi:o:p:st: 106 | lopts=descr:,endpoint:,force,help,iface:,out-file:,pubkey:,server,type: 107 | parsed_opts=$(getopt -o $opts -l $lopts -n "$0" -- "$@") 108 | eval set -- "$parsed_opts" 109 | 110 | wg_description="WireGuard VPN" 111 | wg_endpoint= 112 | backend=auto 113 | force= 114 | wg_ifname=wg0 115 | wg_public_key= 116 | file_mode= 117 | out_file= 118 | out_type=auto 119 | create_server= 120 | ip_address= 121 | server_port= 122 | 123 | while [[ "$1" != "--" ]]; do 124 | case $1 in 125 | -b|--backend) 126 | backend="$2" 127 | shift 2 128 | ;; 129 | -d|--descr) 130 | wg_description="$2" 131 | shift 2 132 | ;; 133 | -e|--endpoint) 134 | wg_endpoint="$2" 135 | shift 2 136 | ;; 137 | -f|--force) 138 | force=yes 139 | shift 140 | ;; 141 | -h|--help) 142 | usage 143 | ;; 144 | -i|--iface) 145 | wg_ifname="$2" 146 | shift 2 147 | ;; 148 | -o|--out-file) 149 | file_mode=1 150 | out_file="$2" 151 | shift 2 152 | ;; 153 | -p|--pubkey) 154 | wg_public_key="$2" 155 | shift 2 156 | ;; 157 | -s|--server) 158 | create_server=yes 159 | shift 160 | ;; 161 | -t|--type) 162 | out_type="$2" 163 | shift 2 164 | ;; 165 | *) 166 | echo "Programming error" >&2 167 | usage 1 168 | ;; 169 | esac 170 | done 171 | shift # away the -- 172 | 173 | # All positional arguments are optional. Client setup accepts one, server setup two values. 174 | [[ $# -ge 1 ]] && ip_address="$1" 175 | [[ $# -ge 2 ]] && server_port="$2" 176 | [[ $# -ge 3 ]] && usage 1 177 | # Fail when client setup is called with a second positional. 178 | [[ ! ${create_server} && -n "${server_port}" ]] && usage 1 179 | 180 | # Check that we are running as root or testing (TODO: have an actual test suite) 181 | [[ $UID -eq 0 || -n "${file_mode}" ]] || error "Please run as root!" 182 | 183 | # Now read all required parameters that weren't provided as arguments interactively 184 | 185 | # The IP address is required for both server and client 186 | if [[ -z "${ip_address}" ]]; then 187 | [[ ${create_server} ]] && \ 188 | echo -n "Enter server ip address: " || \ 189 | echo -n "Enter ip address for this client: " 190 | read -r ip_address 191 | fi 192 | 193 | [[ "${ip_address}" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?$ ]] || error "Invalid ip address" 194 | 195 | # Then, read the listening port for a server or a server´s public key and endpoint for a client 196 | if [[ ${create_server} ]]; then 197 | if [[ -z "${server_port}" ]]; then 198 | echo -n "Enter server listening port (empty: random port): " 199 | read -r server_port 200 | fi 201 | 202 | [[ "${server_port}" =~ ^[0-9]{1,5}$ ]] || error "Invalid port" 203 | else 204 | if [[ -z "${wg_public_key}" ]]; then 205 | echo -n "Server PublicKey: " 206 | read -r wg_public_key 207 | fi 208 | 209 | [[ "${wg_public_key}" =~ ^[A-Za-z0-9/+]{43}=$ ]] || error "Invalid PublicKey format!" 210 | 211 | if [[ -z "${wg_endpoint}" ]]; then 212 | echo -n "Server Endpoint: " 213 | read -r wg_endpoint 214 | fi 215 | 216 | [[ "${wg_endpoint}" =~ ^[A-Za-z0-9.-]+:[0-9]+$ ]] || error "Invalid Endpoint (host:port)!" 217 | fi 218 | 219 | # If subnet is provided on ip address use it 220 | if [[ "${ip_address%/*}" != "${ip_address}" ]]; then 221 | ip_netmask="${ip_address#*/}" 222 | ip_address="${ip_address%/*}" 223 | [[ "${ip_netmask}" =~ ^[0-9]{2}$ ]] || error "Invalid subnet length ${ip_netmask}" 224 | else 225 | echo "Warning: No subnet lenght provided, using /24!" 226 | ip_netmask=24 227 | fi 228 | 229 | # Calculate network from IP address and subnet length 230 | network_addr=$(network "${ip_address}" "${ip_netmask}") 231 | 232 | # Check parsed result (TODO: write tests for the conversion and not check here) 233 | [[ "${network_addr}" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]] || 234 | error "Failed to calculate network address (Result: ${network_addr})" 235 | 236 | # TODO: make this configurable 237 | wg_allowed_ips="${network_addr}/${ip_netmask}" 238 | 239 | # If backend is set to auto, check which one to use 240 | if [[ "$backend" == "auto" ]]; then 241 | if [[ $file_mode ]]; then 242 | backend=none 243 | if [[ "$out_type" == "auto" ]]; then 244 | case "$out_file" in 245 | -) 246 | out_type=qr-utf8 ;; 247 | *.png) 248 | out_type=qr-png ;; 249 | *.zip) 250 | out_type=zip ;; 251 | *.network|*.netdev) 252 | out_type=networkd ;; 253 | *) 254 | out_type=wg-quick ;; 255 | esac 256 | fi 257 | elif has-systemd && systemctl is-enabled systemd-networkd.service >/dev/null; then 258 | backend=networkd 259 | out_type=networkd 260 | wg_basename=${WG_BASENAME:-90-wireguard} 261 | out_file=/etc/systemd/network/${wg_basename}.netdev 262 | else 263 | backend=wg-quick 264 | out_type=wg-quick 265 | out_file=/etc/wireguard/${wg_ifname}.conf 266 | fi 267 | fi 268 | 269 | [[ -f "${out_file}" && -z "${force}" ]] && 270 | error "${out_file} already exists (use -f to overwrite)!" 271 | 272 | # Setup the selected backend. The code further below will not use the $backend variable directly, 273 | # but the WG_QUICK_CONF, WG_NETDEV and WG_NETWORK variables defined here. 274 | # It is possible to predefine these variables in the environment and use custom paths. 275 | case "$out_type" in 276 | networkd) 277 | echo "Using systemd-networkd for configuration" 278 | 279 | if [[ "$out_file" == "-" ]]; then 280 | error "Can't write systemd-networkd configuration to stdout!" 281 | elif [[ "${out_file%.netdev}" == "${out_file}" ]]; then 282 | wg_netdev=${out_file%.network}.netdev 283 | wg_network=${out_file} 284 | else 285 | wg_netdev=${out_file} 286 | wg_network=${out_file%.netdev}.network 287 | fi 288 | 289 | # Check for existing files one more since we mangled filenames. 290 | [[ -f "${wg_netdev}" && -z "${force}" ]] && 291 | error "${wg_netdev} already exists (use -f to overwrite)!" 292 | [[ -f "${wg_network}" && -z "${force}" ]] && 293 | error "${wg_network} already exists (use -f to overwrite)!" 294 | ;; 295 | wg-quick) 296 | echo "Using wg-quick for configuration" 297 | [[ "$out_file" == "-" ]] && out_file=/dev/stdout 298 | wg_quick_conf=${out_file} 299 | 300 | ;; 301 | zip|qr-utf8|qr-png) 302 | echo "Creating temporary configuration for ${out_type}" 303 | temp_dir=$(mktemp -d) 304 | temp_file=${out_file##*/} 305 | temp_file=${temp_file%.*}.conf 306 | wg_quick_conf=${temp_dir}/${temp_file} 307 | ;; 308 | *) 309 | error "Unknown output type ${out_type}!" 310 | ;; 311 | esac 312 | 313 | # The networkd configuration is split into a .network and a .netdev file, while wg-quick has only one. 314 | if [[ ${wg_network:-} ]]; then 315 | networkd_network_header "${wg_ifname}" > "${wg_network}" 316 | networkd_netdev_header "${wg_ifname}" "${wg_description}" > "${wg_netdev}" 317 | else 318 | wg_quick_conf_header "${wg_ifname}" "${wg_description}" > "${wg_quick_conf}" 319 | fi 320 | 321 | # The configuration keys and format of networkd and wg-quick are identical, only the 322 | # sections have different names. So we can use the same code for both. 323 | wg_conf_target="${wg_quick_conf:-${wg_netdev}}" 324 | 325 | # This will write an empty value if no server_port is provided. If we bring the interface 326 | # up successfully, the actual port will be set later in the script. 327 | [[ ${create_server} ]] && echo "ListenPort = ${server_port}" >> "${wg_conf_target}" 328 | 329 | # Generate and write the private key. We'll only keep the public key to print out at the end. 330 | private_key="$(wg genkey)" 331 | public_key="$(wg pubkey <<<${private_key})" 332 | echo "PrivateKey = ${private_key}" >> "${wg_conf_target}" 333 | unset private_key 334 | 335 | # Only the IP address goes into the network file when using systemd-networkd 336 | echo "Address = ${ip_address}/${ip_netmask}" >> "${wg_quick_conf:-${wg_network}}" 337 | 338 | # Add a blank line before peer configuration 339 | echo >> "${wg_conf_target}" 340 | 341 | # If configuring a client, write the server peer configuration 342 | [[ ! ${create_server} ]] && cat >> "${wg_conf_target}" </dev/null && ! modprobe wireguard; then 384 | echo "Can't load WireGuard module! Probably the kernel got updated, please reboot!" >&2 385 | if [[ ${create_server} && -z "${server_port}" ]]; then 386 | echo "Could not start server and no port was set!" >&2 387 | echo "You will have to set the ListenPort manually in ${wg_conf_target}" >&2 388 | fi 389 | else 390 | if has-systemd && systemd-booted; then 391 | echo "(Re)starting ${service}" 392 | systemctl restart "${service}" 393 | elif has-systemd; then 394 | echo "systemd not booted, skipping (re)starting ${service}." 395 | else 396 | echo "Installing without systemd: Running wg-quick up ${wg_ifname}" 397 | if ! wg-quick up ${wg_ifname}; then 398 | echo "Couldn't start WireGuard interface! If running in a container, probably CAP_NET_ADMIN is missing." >&2 399 | fi 400 | fi 401 | 402 | # If we are setting up a server and had no listening port provided, WireGuard will select a 403 | # random port which we'll extract and write it to the configuration to make it persistent. 404 | if [[ ${create_server} && -z "${server_port}" ]]; then 405 | server_port=$(wg show "${wg_ifname}" | awk '/listening port/{print $3}') 406 | if [[ -z "${server_port}" ]]; then 407 | echo "Warning: Could not determine ListenPort!" >&2 408 | echo "You will have to set the ListenPort manually in ${wg_conf_target}" >&2 409 | else 410 | sed -i "s/ListenPort = /ListenPort = ${server_port}/" "${wg_conf_target}" 411 | fi 412 | fi 413 | fi 414 | 415 | if [[ ! ${create_server} ]]; then 416 | echo "============================================================ 417 | WireGuard setup successful! Server side add-peer command: 418 | wg-setup add-peer ${HOSTNAME} ${public_key} ${ip_address}" 419 | exit 0 420 | else 421 | echo "============================================================ 422 | WireGuard server setup successful! 423 | PublicKey: ${public_key} 424 | ListenPort: ${server_port}" 425 | exit 0 426 | fi 427 | -------------------------------------------------------------------------------- /wg-setup-client.sig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WolleTD/wg-setup/6e991fa6447d7ac26c7354022d61108fdd674951/wg-setup-client.sig --------------------------------------------------------------------------------