├── LICENSE ├── RouterOS-v7 ├── README.MD ├── script body.script └── script creator.script └── Linux ├── gen.sh └── README.MD /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Igor Zhukovets 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /RouterOS-v7/README.MD: -------------------------------------------------------------------------------- 1 | # RouterOS v7 Wireguard Generator 2 | Automate generation of wireguard config 3 | 4 | Simple script to auto adding new p2s vpn "account". 5 | 6 | **Before the first run you need to edit the specific parameters inside script!** 7 | 8 | ## How to use 9 | - Before running the script you need to set two parameters - address and username: 10 | - :global address \addresses with CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed\ 11 | - :global username \user name used as comment and filename\ 12 | - /system/script/\script name\ 13 | 14 | ### Example 15 | :global address "10.100.200.3/32" 16 | 17 | :global username "john.smith" 18 | 19 | /system/script/wg 20 | 21 | 22 | After executing these commands a new user will be added to wireguard/peers and a corresponding file will appear in the Files, which can be imported into the client. 23 | 24 | **Unfortunately ROS for some reason add ".txt" extension to created file. _This must be fixed for import to be successful!_** Eg. john.smith.conf.txt must be changed to john.smith.conf. 25 | 26 | ## TODO 27 | - [ ] Replace hardcoded preshared key with a generated one 28 | - [ ] Find a way to pass agruments directly to script 29 | - [ ] Fix .txt file extension problem 30 | - [ ] Replace temporary wg interface by more "elegant" solution a.k.a. direct generation 31 | -------------------------------------------------------------------------------- /RouterOS-v7/script body.script: -------------------------------------------------------------------------------- 1 | /interface/wireguard/ 2 | #variables 3 | :local presharedkey ""; 4 | :global username; 5 | :local filename "$username.conf"; 6 | :global address; 7 | :local interface ""; 8 | :local tempinterface "temp"; 9 | :local publickeyserver [get $interface value-name=public-key]; 10 | :local persistentkeepalive 30; 11 | :local dns ""; 12 | :local port [get $interface value-name=listen-port]; 13 | :local endpoint ":$port"; 14 | :local allowedips ""; 15 | 16 | #using temporary 17 | add name=$tempinterface 18 | :local privatekey [get $tempinterface value-name=private-key]; 19 | :local publickey [get $tempinterface value-name=public-key]; 20 | remove $tempinterface; 21 | 22 | #adding peer to MT 23 | peers/add interface=$interface preshared-key=$presharedkey comment=$username allowed-address=$address public-key=$publickey persistent-keepalive=$persistentkeepalive 24 | 25 | #exporting client side config to file 26 | :local config "[Interface]\nPrivateKey = $privatekey\nAddress = $address\nDNS = $dns\n\n[Peer]\nPublicKey = $publickeyserver\nPresharedKey = $presharedkey\nAllowedIPs = $allowedips\nEndpoint = $endpoint\nPersistentKeepalive = $persistentkeepalive"; 27 | :put $config 28 | /file print file=$filename 29 | /file set $filename contents=$config 30 | -------------------------------------------------------------------------------- /Linux/gen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | username=$1 4 | address=$2 5 | netmask=$3 6 | exp=$4 7 | mtip= 8 | mtsshport= 9 | mtuser= 10 | interface= 11 | port=$(ssh $mtuser@$mtip -p $mtsshport ":put [/interface/wireguard/get $interface value-name=listen-port]") 12 | endpoint=":$port" 13 | dns='' 14 | publickeyserver=$(ssh $mtuser@$mtip -p $mtsshport ":put [/interface/wireguard/get $interface value-name=public-key]") 15 | persistentkeepalive=30 16 | allowedips='' 17 | 18 | echo 'Creating keys...' 19 | privatekey=$(wg genkey) 20 | publickey=$(printf '%s' "$privatekey" | wg pubkey) 21 | presharedkey=$(wg genpsk) 22 | 23 | echo 'Adding peer to MT...' 24 | ssh $mtuser@$mtip -p $mtsshport "/interface/wireguard/peers/add interface=$interface preshared-key=$presharedkey comment=$username allowed-address=$address public-key=$publickey persistent-keepalive=$persistentkeepalive" 25 | 26 | echo 'Generating config...' 27 | conf="[Interface] 28 | PrivateKey = $privatekey 29 | Address = $address/$netmask 30 | DNS = $dns 31 | 32 | [Peer] 33 | PublicKey = $publickeyserver 34 | PresharedKey = $presharedkey 35 | AllowedIPs = $allowedips 36 | Endpoint = $endpoint 37 | PersistentKeepalive = $persistentkeepalive" 38 | echo "$conf" 39 | if test -n "${exp-}"; then 40 | echo 'Exporting config to file...' 41 | echo "$conf" > "$exp/$username.conf" 42 | fi 43 | exit 0 44 | -------------------------------------------------------------------------------- /Linux/README.MD: -------------------------------------------------------------------------------- 1 | # RouterOS v7 Wireguard Generator for Linux 2 | Automate generation of wireguard config from any Linux machine 3 | 4 | Simple script to auto adding new p2s vpn "account" in MT router, but directly from Linux machine. Without helps, usage examples, error checks etc. 5 | 6 | **Before the first run you need to edit the specific parameters inside script and install wireguard binaries (for example: apt install wireguard)!** 7 | 8 | _It is recommended to use an SSH key to avoid entering passwords multiple times on SSH connections_ 9 | 10 | ## How to use 11 | This script must be run not on the router directly, but on any other Linux machine. 12 | The script takes 4 parameters, 3 of which are required: 13 | 1. Username - user name used as comment and filename 14 | 2. Address - addresses **without** CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed 15 | 3. Netmask - CIDR mask related to the previous parameter 16 | 4. (Optional) Export folder - the path where the text configuration will be exported 17 | 18 | ```` 19 | ./gen.sh
[export folder] 20 | ```` 21 | After executing these commands a new user will be added to wireguard/peers and a corresponding configuration will be displayed on the screen and (if chosen) also be written to the file, each of which can be imported in the client. 22 | 23 | ### Example 24 | ```` 25 | ./gen.sh jsmith 10.100.200.3 29 26 | ```` 27 | in this case, the configuration will be added to the router and displayed only on the screen 28 | ```` 29 | ./gen.sh jsmith 10.100.200.3 29 /some/path 30 | ```` 31 | in this case, in addition to the previous example, the configuration will also be written to the file /some/path/jsmith.conf 32 | -------------------------------------------------------------------------------- /RouterOS-v7/script creator.script: -------------------------------------------------------------------------------- 1 | /system script 2 | add dont-require-permissions=no name=wg policy=read,write,policy source="/interface/wireguard/\ 3 | \n#variables\ 4 | \n:local presharedkey \"\";\ 5 | \n:global username;\ 6 | \n:local filename \"\$username.conf\";\ 7 | \n:global address;\ 8 | \n:local interface \"\";\ 9 | \n:local tempinterface \"temp\";\ 10 | \n:local publickeyserver [get \$interface value-name=public-key];\ 11 | \n:local persistentkeepalive 30;\ 12 | \n:local dns \"\";\ 13 | \n:local port [get \$interface value-name=listen-port];\ 14 | \n:local endpoint \":\$port\";\ 15 | \n:local allowedips \"\";\ 16 | \n\ 17 | \n#using temporary \ 18 | \nadd name=\$tempinterface\ 19 | \n:local privatekey [get \$tempinterface value-name=private-key];\ 20 | \n:local publickey [get \$tempinterface value-name=public-key];\ 21 | \nremove \$tempinterface;\ 22 | \n\ 23 | \n#adding peer to MT\ 24 | \npeers/add interface=\$interface preshared-key=\$presharedkey comment=\$username allowed-address=\$address public-key=\$publickey persistent-keepalive=\$persistentkeepalive\ 25 | \n\ 26 | \n#exporting client side config to file\ 27 | \n:local config \"[Interface]\\nPrivateKey = \$privatekey\\nAddress = \$address\\nDNS = \$dns\\n\\n[Peer]\\nPublicKey = \$publickeyserver\\nPresharedKey = \$presharedkey\\nAllowedIPs = \$allowedips\\nEndpoint = \$endpoint\\nPersistentKeepalive = \ 28 | \$persistentkeepalive\";\ 29 | \n:put \$config\ 30 | \n/file print file=\$filename\ 31 | \n/file set \$filename contents=\$config" 32 | --------------------------------------------------------------------------------