From 8ab044712abb7e1a319099a419b1265ea04fb53c Mon Sep 17 00:00:00 2001 From: Nick Hainke Date: Tue, 11 Jan 2022 23:06:22 +0100 Subject: [PATCH] wg-installer: generate new keys for every connection Generate new keys on every new connection. Signed-off-by: Nick Hainke --- net/wg-installer/common/wg.sh | 2 ++ net/wg-installer/wg-server/config/wgserver.conf | 1 + net/wg-installer/wg-server/lib/wg_functions.sh | 7 +++++++ 3 files changed, 10 insertions(+) diff --git a/net/wg-installer/common/wg.sh b/net/wg-installer/common/wg.sh index 60bc7109ab..b4f884dce5 100644 --- a/net/wg-installer/common/wg.sh +++ b/net/wg-installer/common/wg.sh @@ -20,6 +20,8 @@ cleanup_wginterfaces() { delete_wg_interface() { ip link del dev "$1" + [ -f "/tmp/run/wgserver/$1.key" ] && rm "/tmp/run/wgserver/$1.key" + [ -f "/tmp/run/wgserver/$1.pub" ] && rm "/tmp/run/wgserver/$1.pub" } check_wg_neighbors() { diff --git a/net/wg-installer/wg-server/config/wgserver.conf b/net/wg-installer/wg-server/config/wgserver.conf index 638ac19d89..41cafa2881 100644 --- a/net/wg-installer/wg-server/config/wgserver.conf +++ b/net/wg-installer/wg-server/config/wgserver.conf @@ -5,4 +5,5 @@ config server option base_v4prefix '10.0.0.1/24' option wg_key '/root/wg.key' option wg_pub '/root/wg.pub' + option wg_tmp_key '1' option timeout_handshake '600' diff --git a/net/wg-installer/wg-server/lib/wg_functions.sh b/net/wg-installer/wg-server/lib/wg_functions.sh index e431eca987..845bfb7294 100644 --- a/net/wg-installer/wg-server/lib/wg_functions.sh +++ b/net/wg-installer/wg-server/lib/wg_functions.sh @@ -53,6 +53,13 @@ wg_register () { gw_key=$(uci get wgserver.@server[0].wg_key) gw_pub=$(uci get wgserver.@server[0].wg_pub) + + if [ $(uci get wgserver.@server[0].wg_tmp_key) -eq 1]; then + [ -d "/tmp/run/wgserver" ] || mkdir -p /tmp/run/wgserver + gw_key="/tmp/run/wgserver/${ifname}.key" + gw_pub="/tmp/run/wgserver/${ifname}.pub" + wg genkey | tee $gw_key | wg pubkey > $gw_pub + fi wg_server_pubkey=$(cat $gw_pub) # create wg tunnel -- 2.30.2