wg-installer: generate new keys for every connection

Generate new keys on every new connection.

Signed-off-by: Nick Hainke <vincent@systemli.org>

diff --git a/net/wg-installer/common/wg.sh b/net/wg-installer/common/wg.sh
index 60bc7109ab22301c3cd7173a597ec9f885f65140..b4f884dce53492db69ff42f1d4dd36ec432e71e1 100644 (file)
--- a/net/wg-installer/common/wg.sh
+++ b/net/wg-installer/common/wg.sh
@@ -20,6 +20,8 @@ cleanup_wginterfaces() {
 
 delete_wg_interface() {
     ip link del dev "$1"
+    [ -f "/tmp/run/wgserver/$1.key" ] && rm "/tmp/run/wgserver/$1.key"
+    [ -f "/tmp/run/wgserver/$1.pub" ] && rm "/tmp/run/wgserver/$1.pub"
 }
 
 check_wg_neighbors() {

diff --git a/net/wg-installer/wg-server/config/wgserver.conf b/net/wg-installer/wg-server/config/wgserver.conf
index 638ac19d89d6d24b6de25206779bd70b337c0974..41cafa2881559a5512df6789d4024b2ce7e789c0 100644 (file)
--- a/net/wg-installer/wg-server/config/wgserver.conf
+++ b/net/wg-installer/wg-server/config/wgserver.conf
@@ -5,4 +5,5 @@ config server
     option base_v4prefix '10.0.0.1/24'
     option wg_key '/root/wg.key'
     option wg_pub '/root/wg.pub'
+    option wg_tmp_key '1'
     option timeout_handshake '600'

diff --git a/net/wg-installer/wg-server/lib/wg_functions.sh b/net/wg-installer/wg-server/lib/wg_functions.sh
index e431eca987748a3d9c3fa28ef1be302ce5f3bb85..845bfb7294958c9ccb39081892adff6dc81e57f1 100644 (file)
--- a/net/wg-installer/wg-server/lib/wg_functions.sh
+++ b/net/wg-installer/wg-server/lib/wg_functions.sh
@@ -53,6 +53,13 @@ wg_register () {
 
        gw_key=$(uci get wgserver.@server[0].wg_key)
        gw_pub=$(uci get wgserver.@server[0].wg_pub)
+
+       if [ $(uci get wgserver.@server[0].wg_tmp_key) -eq 1]; then
+               [ -d "/tmp/run/wgserver" ] || mkdir -p /tmp/run/wgserver
+               gw_key="/tmp/run/wgserver/${ifname}.key"
+               gw_pub="/tmp/run/wgserver/${ifname}.pub"
+               wg genkey | tee $gw_key | wg pubkey > $gw_pub
+       fi
        wg_server_pubkey=$(cat $gw_pub)
 
        # create wg tunnel