Skip to content

Commit

Permalink
Update wg_manager.sh
Browse files Browse the repository at this point in the history 
Release v4.15

	FIX: When creating Road Warrior peer 'create xxxx' eliminate spurious prompt for non-existant 'server' Peer
	
		Press y to ADD device Peer 'xxxx' to remote 'server' Peer () or press [Enter] to SKIP.
		y
		cat: can't open '/tmp/xxxx.conf': No such file or directory
		cat: can't open '/opt/etc/wireguard.d/_public.key': No such file or directory

	FIX: 'create xxxx site=ssss' command defaults to DNS '1.1.1.1'; should include tunnel DNS servers i.e. '10.9.8.1,1.1.1.1'
	FIX: 'peer xxxx del' for a Site-to-Site 'server' should delete its sibling 'device' Peer
	CHANGE: Allow 'auto=S' when creating/importing Site-to-Site 'server' Peer
	CHANGE: When creating a new Road Warrior Peer, only display QRCode if it is bound to its target 'server' Peer



	FIX: Command 'peer xxxx comment This is a descriptive comment' request was not applied for 'device' Peers
	FIX: Command 'site2site Home Cabin' now includes 'Home.conf' in list of files to be ported to remote site and instructions to then import as 'device'
	CHANGE: Reorder Peer initialisation sequence during @boot 'start' command i.e. Servers first but in ascending order 'wg21' then 'wg22' etc.
	CHANGE: Before appending Road Warrior Peers to 'server' Peer .conf file(s); delete all trailing blank lines.
	EXPERIMENTAL: Add 'bind' option 'peer server_peer bind device_peer [allowed_ips]' e.g. peer wg21 bind iPad



	FIX: When initialising 'server' Peer, route for its Subnet (say 10.50.1.1/24) is already added to 'wg2x' interface, but processing function cmd(); 'AllowedIPS=' Road Warrior 'client' Peer can generate duplicates:
	
			ip route add 10.50.1.2/32 dev wg21
			RTNETLINK answers: File exists

	FIX: Command 'peer new wg27' fails because 'ip=' directive is not specified, so imply/use 'ip=10.50.7.0/24' 
	     
		 ***ERROR: '' must be IPv4 CIDR
		 
	CHANGE: If using wg-quick Pre*/Post* directives in the .conf files, attempt to prevent duplicate firewall rules being created on Peer initialisation.
	


	FIX: Issue 'chmod 600 ${CONFIG_DIR}wgxx.conf' etc. for 'import xxxx/peer new' and 'site2site' commands to prevent wg-quick issuing
        	
			"Warning: '/opt/etc/wireguard.d/wgxx.conf' is world accessible"


	FIX: 'unbound' file reference corrected to 'wg_manager'
	CHANGE: Change 'livin' command to allow any source IP/CIDR



	NEW: 'menu [ hide | show ]' to temporarily suppress the menu being display after every command (useful on mobiles)
			Uncomment 'NOMENU' in '/jffs/addons/wireguard/WireguardVPN.conf' for permanent suppression.
	NEW: 'colo[u]r { on | off }' to permanently disable the ANSI/ASCII colour/attribute escape sequences
	CHANGE: Suppress ANSI colours/attributes escape sequences if menu command 'colo[u]r off' was used.
	

	
	FIX: Revert detection of possible duplicate 'AllowIPs' routes for Site-to-Site 'server' Peers- SNB Forums member @jgrana
	FIX: 'site2site' command prevent duplicate site names
	CHANGE: Recognise/allow use of '^MTU =' in 'server' .conf to override 1420 default - SNB Forums member @bearnet
	


	FIX: 'site2site' command should not allow duplicate site names
	CHANGE: 'site2site' command will (if 7z installed) now create ZIP file of remote Peer files to be copied to remote site
	
		WireGuard Site-to-Site Peers Home and Cabin created


	    Copy Cabin/Home files: (included in ZIP '/opt/etc/wireguard.d/WireGuard_Cabin.7z')

2022-02-17 09:01:49 ....A          645          395  Cabin.conf
2022-02-17 09:01:33 ....A           45           49  Cabin_private.key
2022-02-17 09:01:33 ....A           45           49  Cabin_public.key
2022-02-17 09:01:49 ....A          642          393  Home.conf
2022-02-17 09:01:33 ....A           45           49  Home_private.key
2022-02-17 09:01:33 ....A           45           49  Home_public.key

	    to remote location


        Import Home.conf on remote site using 'import Home type=device'


        Press y to import Home or press [Enter] to SKIP.


	Import Home.conf on remote site using 'import Home type=device'
	CHANGE: 'site2site' command will not add remote SiteB to SQL table 'devices' unless local SiteA .config is imported.
	NEW: Include @ZebMcKayhan's 'wgmExpo.sh' script during install/'uf' request
	NEW: Expose 'uninstall' to command line

	

	NEW: Expose menu option (3) 'list' to command line
	FIX: Generate Stats for Site-to-Site configuration ALWAYS shows Bytes received Rx=0; Bytes sent Tx=0 for 'Period:' - Thanks SNB forums member @jgrana

         Feb 24 03:59:00 RT-AX86U-Cabin (wg_manager.sh): 21734 Home: transfer: 94.80 MiB received, 163.31 MiB sent               1 days 09:39:35 from 2022-02-22 18:19:25
         Feb 24 03:59:00 RT-AX86U-Cabin (wg_manager.sh): 21734 Home: period : 0 Bytes received, 0 Bytes sent (Rx=0;Tx=0)

	NEW: If Site-to-Site configuration uses DDNS as the Endpoints rather than resolved IPv4(IPv6?) addresses, then use cru (cron) to schedule 'wg_ChkEndpointDDNS.sh' to refresh the DDNS IP address if Peer is found to be dormant.
         NOTE: This is also applicable to 'client' Peers although most WireGuard VPN ISPs such as Mullvad only use resolved IPv4(IPv6?) Endpoint addresses?
         (Road Warrior Peers will be exposed unless they can use say Tasker on Android etc. to perform a similar function otherwise force restart the Road Warrior WireGuard connection profile).



	FIX: Site2-to-Site for hourly ('generatestats') Period metrics are negative???.... Beta fix to attempt to reset on interface start....
	NEW: Creation of a 'server' Peer can now be IPv4 (default or forced via 'NOIPV6') or Dual-stack (IPv4+IPv6) or IPv6 ONLY.
	
	     peer help
		 
			peer new [peer_name [options]]       - Create new server Peer             e.g. peer new wg27 ip=10.50.99.1/24 port=12345
			peer new [peer_name] {ipv6}          - Create new IPv4+IPv6  server Peer  e.g. peer new ipv6
			peer new [peer_name] {ipv6 noipv4}	 - Create new IPv6 Only  server Peer  e.g. peer new ipv6 noipv4

	NEW: Creation of a Road-Warrior 'client' Peer will honour the 'server' Peer it is bound to - i.e. 'client' Peer Address = IPv4 (default) or IPv4+IPv6 or IPv6 Only
	NEW: Expose menu option '?' to command line
	

	FIX: Allow user to specify both IPv4 & IPv6 subnets when creating the Dual-stack 'server' Peer
	
	     peer new ip=192.168.100.1/24 ipv6=fc00:192:168:100::1/64
	FIX: Reinstate missing 'server' Peer rule 'iptables -I FORWARD -i $VPN_ID -j ACCEPT'  - SNB Forums member @ZebMcKayhan
	FIX: When creating 'server' Peer, only NAT IPv4 addresses
	CHANGE: When creating 'server' Peer, add both IPv4 & IPv6 addresses to interface for Dual-stack (IPv4+IPv6)
	
	FIX: Creating Road-Warrior 'device' Peer uses corrupted IPv6 - Thanks SNB Forums member @ZebMcKayhan
		e.g. ipv6=fc00:192:168:100::1/64 used to create 'server' Peer but 
		
		Road-Warrior 'device' Peer iPhone assigned fc00:192:168::2/128
		
	FIX: Road-Warrior 'device' Peers get duplicate IPv6 address
		
	NEW: Allow purging of stale statistics records using command
	
		trimdb { '?' | days [ 'traffic' | 'sessions' ] ['auto'] } 
		
		e.g. Manually schedule cron to purge records older than 90 days @07:00 every Sunday
		
				cru a Wireguard_Database "0 7 * * 6 /jffs/addons/wireguard/wireguard_manager.sh trimdb 90"
		
		trimdb ?
		
				Table traffic: oldest Tue Mar 8 11:09:17 2022 records 12345
				Table session: oldest Mon Mar 7 20:08:30 2022 records 45
  • Loading branch information
@MartineauUK
MartineauUK authored Mar 9, 2022
1 parent f1d77aa commit cce397e
Showing 1 changed file with 1,420 additions and 401 deletions.
Loading

0 comments on commit cce397e

Please sign in to comment.