pcvolkmer/docker-wireguard-boringtun
1
0
Fork 0
mirror of https://github.com/pcvolkmer/docker-wireguard-boringtun.git synced 2025-04-19 13:26:50 +00:00
Code Issues Packages Releases Activity

Add ipv6 unique local addresses

Browse Source
This commit is contained in:
Paul-Christian Volkmer 2023-01-20 21:47:20 +01:00
parent 1e5d1088c3
commit 9bacc0cc4c
4 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -27,6 +27,7 @@ Customize the file `docker-compose`. You can change the following environment va
* `SERVER_HOST`: The host name of your server * `SERVER_HOST`: The host name of your server
* `SERVER_PORT`: The port the service should listen at * `SERVER_PORT`: The port the service should listen at
* `NETWORK`: Some custom /24 network. Defaults to `192.168.42.0` * `NETWORK`: Some custom /24 network. Defaults to `192.168.42.0`
* `NETWORK6`: Some custom /64 ipv6 network. Defaults to (partial) random unique local addresses starting with `fd42:`
* `MTU`: MTU to be used. Use default wireguard MTU if not set. * `MTU`: MTU to be used. Use default wireguard MTU if not set.
* `CLIENTS`: Number of clients for which configurations are to be created. Do not use more than 240 clients. * `CLIENTS`: Number of clients for which configurations are to be created. Do not use more than 240 clients.
* `DISABLE_FORWARD_ALL_TRAFFIC`: Use `true` or `yes` to not add iptables rules and do not forward all traffic. * `DISABLE_FORWARD_ALL_TRAFFIC`: Use `true` or `yes` to not add iptables rules and do not forward all traffic.
@ -45,7 +46,8 @@ Attaching to wireguard_wg_1
wg_1 | - Writing config to file tun0.conf wg_1 | - Writing config to file tun0.conf
wg_1 | - Using endpoint hostname example.com wg_1 | - Using endpoint hostname example.com
wg_1 | - Using port 51820 wg_1 | - Using port 51820
wg_1 | - Using network 192.168.42.0/24 wg_1 | - Using v4 network 192.168.42.0/24
wg_1 | - Using v6 network fd42:81e1:ae50:b0ee::/64
wg_1 | - Using default MTU wg_1 | - Using default MTU
wg_1 | - Forward all traffic wg_1 | - Forward all traffic
wg_1 | - Generating 5 client configs wg_1 | - Generating 5 client configs

1
docker-compose.yml
View File

@ -11,6 +11,7 @@ services:
sysctls: sysctls:
- net.ipv4.ip_forward=1 - net.ipv4.ip_forward=1
- net.ipv4.conf.all.rp_filter=2 - net.ipv4.conf.all.rp_filter=2
- net.ipv6.conf.all.disable_ipv6=0
devices: devices:
- "/dev/net/tun:/dev/net/tun" - "/dev/net/tun:/dev/net/tun"
volumes: volumes:

7
scripts/add-client.sh
View File

@ -1,7 +1,8 @@
#!/bin/bash #!/bin/bash
SERVER_PUB_KEY=$(cat $DEVICE.conf | grep PrivateKey | sed 's/PrivateKey = //g' | wg pubkey) SERVER_PUB_KEY=$(cat $DEVICE.conf | grep PrivateKey | sed 's/PrivateKey = //g' | wg pubkey)
NETWORK=$(cat $DEVICE.conf | grep Address | sed 's/Address = //g; s/\.[0-9\/]*$//g') NETWORK=$(cat $DEVICE.conf | grep Address | sed 's/Address = //g; s/\.[0-9\/]*,.*$//g')
NETWORK6=$(cat $DEVICE.conf | grep Address | sed 's/Address = //g; s/^.*, //g; s/\:[0-9a-f\/]*$//g')
for i in {1..240}; do for i in {1..240}; do
if [ ! -f "$DEVICE-client_$i.conf" ]; then if [ ! -f "$DEVICE-client_$i.conf" ]; then
@ -37,7 +38,7 @@ cat << EOF >> $DEVICE.conf
# Client $CLIENT_ID # Client $CLIENT_ID
[Peer] [Peer]
PublicKey = ${CLIENT_PUB_KEY} PublicKey = ${CLIENT_PUB_KEY}
AllowedIPs = $NETWORK.$(($CLIENT_ID+10))/32 AllowedIPs = $NETWORK.$(($CLIENT_ID+10))/32, $NETWORK6:$(printf "%x" $(($CLIENT_ID+10)))/128
# <- $(date) # <- $(date)
EOF EOF
@ -50,7 +51,7 @@ cat <<EOF > $DEVICE-client_$CLIENT_ID.conf
############## ##############
[Interface] [Interface]
Address = $NETWORK.$(($CLIENT_ID+10))/24 Address = $NETWORK.$(($CLIENT_ID+10))/24, $NETWORK6:$(printf "%x" $(($CLIENT_ID+10)))/64
ListenPort = $SERVER_PORT ListenPort = $SERVER_PORT
PrivateKey = ${CLIENT_SEC_KEY} PrivateKey = ${CLIENT_SEC_KEY}
EOF EOF

19
scripts/create-config.sh
View File

@ -28,7 +28,18 @@ if [[ -z $NETWORK ]]; then
else else
NETWORK=$(echo -n $NETWORK | sed -r "s/\.[0-9]+$//") NETWORK=$(echo -n $NETWORK | sed -r "s/\.[0-9]+$//")
fi fi
echo " - Using network $NETWORK.0/24" echo " - Using v4 network $NETWORK.0/24"
if [[ -z $NETWORK6 ]]; then
NETWORK6="fd42:$(hexdump -n 6 -e '2/1 "%02x" 1 ":"' /dev/random)"
else
NETWORK6=$(echo -n $NETWORK6 | sed -r "s/\:[0-9a-f]*$//")
if [[ "$(echo $NETWORK6 | sed -e 's/.*\(\:\:\).*/\1/')" == "::" ]]; then
echo " ERROR: invalid v6 network $NETWORK6. Network must not contain '::'."
exit 1
fi
fi
echo " - Using v6 network $NETWORK6:/64"
if [[ -z $MTU ]]; then if [[ -z $MTU ]]; then
echo " - Using default MTU" echo " - Using default MTU"
@ -67,7 +78,7 @@ cat <<EOF >> $DEVICE.conf
# SERVER # SERVER
############## ##############
[Interface] [Interface]
Address = $NETWORK.1/24 Address = $NETWORK.1/24, $NETWORK6:1/64
ListenPort = $SERVER_PORT ListenPort = $SERVER_PORT
PrivateKey = $SERVER_SEC_KEY PrivateKey = $SERVER_SEC_KEY
EOF EOF
@ -94,7 +105,7 @@ cat << EOF >> $DEVICE.conf
# Client $i # Client $i
[Peer] [Peer]
PublicKey = ${CLIENT_PUB_KEYS[$i]} PublicKey = ${CLIENT_PUB_KEYS[$i]}
AllowedIPs = $NETWORK.$(($i+10))/32 AllowedIPs = $NETWORK.$(($i+10))/32, $NETWORK6:$(printf "%x" $(($i+10)))/128
# <- $(date) # <- $(date)
EOF EOF
done done
@ -109,7 +120,7 @@ cat <<EOF >> $DEVICE-client_$i.conf
# <- $(date) # <- $(date)
############## ##############
[Interface] [Interface]
Address = $NETWORK.$(($i+10))/24 Address = $NETWORK.$(($i+10))/24, $NETWORK6:$(printf "%x" $(($i+10)))/64
ListenPort = $SERVER_PORT ListenPort = $SERVER_PORT
PrivateKey = ${CLIENT_SEC_KEYS[$i]} PrivateKey = ${CLIENT_SEC_KEYS[$i]}
EOF EOF