QModem/rooter/0optionalapps/ext-wireguard/files/usr/lib/wireguard/startvpn.sh

#!/bin/sh
. /lib/functions.sh

log() {
	logger -t "Wireguard Start" "$@"
}

WG=$1

chk_zone() {
	local config=$1
	
	config_get src $config src
	config_get dest $config dest
	if [ $src = "lan" -a $dest = "wan" ]; then
		uci set firewall."$config".dest="wg"
		uci commit firewall
	fi
}

do_dns() {
	cdns=$1
	ldns=$(uci -q get network.wg0.dns)
	ex=$(echo "$ldns" | grep "$cdns")
	if [ -z $ex ]; then
		log "Add DNS $cdns to WG0"
		uci add_list network.wg0.dns="$cdns"
		uci commit network
		/etc/init.d/network reload
	fi
}

do_port() {
	PORT=$1
	udp=$2
	# look for rule for this port
	INB="inbound"$PORT$udp
	RULE=$(uci -q get firewall.$INB)
	if [ -z $RULE ]; then
		uci set firewall.$INB=rule
		uci set firewall.$INB.name=$INB
		uci set firewall.$INB.target=ACCEPT
		uci set firewall.$INB.src=*
		uci set firewall.$INB.proto=$udp
		uci set firewall.$INB.dest_port=$PORT
		uci commit firewall
		/etc/init.d/firewall reload
	fi
}

do_delete() {
	local config=$1
	
	uci delete network.$1
}

create_speer() {
	local config=$1

	uci set network.$config="wireguard_wg1"

	config_get persistent_keepalive $config persistent_keepalive
	uci set network.$config.persistent_keepalive="$persistent_keepalive"
	config_get route_allowed_ips $config route_allowed_ips
	uci set network.$config.route_allowed_ips="$route_allowed_ips"
	config_get publickey $config publickey
	uci set network.$config.public_key="$publickey"
	usepre=$(uci -q get wireguard.$WG.usepre)
	log "$usepre"
	if [ $usepre = "1" ]; then
		presharedkey=$(uci -q get wireguard.$WG.presharedkey)
		log "$presharedkey"
		uci set network.$config.preshared_key="$presharedkey"
	fi
	config_get allowed_ips $config allowed_ips
	allowed_ips=$allowed_ips","
	ips=$(echo $allowed_ips | cut -d, -f1)
	i=1
	while [ ! -z $ips ]
	do
		uci add_list network.$config.allowed_ips="$ips"
		i=$((i+1))
		ips=$(echo $allowed_ips | cut -d, -f$i)
	done

}

create_cpeer() {
	local config=$1
	
	uci set network.$config="wireguard_wg0"

	publickey=$(uci -q get wireguard."$config".publickey)
	uci set network.$config.public_key="$publickey"
	presharedkey=$(uci -q get wireguard."$WG".presharedkey)
	if [ ! -z $presharedkey ]; then
		uci set network.$config.preshared_key="$presharedkey"
	fi
	persistent_keepalive=$(uci -q get wireguard."$config".persistent_keepalive)
	if [ -z $persistent_keepalive ]; then
		persistent_keepalive=25
	fi
	uci set network.$config.persistent_keepalive="$persistent_keepalive"
	route_allowed_ips=1
	uci set network.$config.route_allowed_ips="$route_allowed_ips"
	
	if [ $UDP = 1 ]; then
		endpoint_host="127.0.0.1"
		uci set network.$config.endpoint_host="$endpoint_host"
		sport=$(uci -q get wireguard."$config".port)
		if [ -z $sport ]; then
			sport="54321"
		fi
		uci set network.$config.endpoint_port="$sport"
	else
		endpoint_host=$(uci -q get wireguard."$config".endpoint_host)
		uci set network.$config.endpoint_host="$endpoint_host"
		sport=$(uci -q get wireguard."$config".sport)
		if [ -z $sport ]; then
			sport="51280"
		fi
		uci set network.$config.endpoint_port="$sport"
	fi
	
	ips=$(uci -q get wireguard."$config".ips)","
	cips=$(echo $ips | cut -d, -f1)
	i=1
	while [ ! -z $cips ]
	do
		uci add_list network.$config.allowed_ips="$cips"
		i=$((i+1))
		cips=$(echo $ips | cut -d, -f$i)
	done
}

handle_server() {
	config_foreach do_delete wireguard_wg1
	
	uci delete network.wg1
	uci set network.wg1="interface"
	uci set network.wg1.proto="wireguard"
	
	auto=$(uci -q get wireguard."$WG".auto)
	if [ -z $auto ]; then
		auto="0"
	fi
	uci set network.wg1.auto="$auto"
	
	port=$(uci -q get wireguard."$WG".port)
	if [ -z $port ]; then
		port="51280"
	fi
	uci set network.wg1.listen_port="$port"
	do_port $port udp
	
	privatekey=$(uci -q get wireguard."$WG".privatekey)
	uci set network.wg1.private_key="$privatekey"

	ips=$(uci -q get wireguard."$WG".addresses)","
	cips=$(echo $ips | cut -d, -f1)
	i=1
	while [ ! -z $cips ]
	do
		uci add_list network.wg1.addresses="$cips"
		i=$((i+1))
		cips=$(echo $ips | cut -d, -f"$i")
		if [ -z $cips ]; then
			break
		fi
	done
	
	config_load wireguard
	config_foreach create_speer custom$WG
	
	uci commit network
}

handle_client() {
	config_foreach do_delete wireguard_wg0
	
	uci delete network.wg0
	uci set network.wg0="interface"
	uci set network.wg0.proto="wireguard"
	
	auto=$(uci -q get wireguard."$WG".auto)
	if [ -z $auto ]; then
		auto="0"
	fi
	uci set network.wg0.auto="$auto"
	mtu=$(uci -q get wireguard."$WG".mtu)
	if [ ! -z $mtu ]; then
		uci set network.wg0.mtu="$mtu"
	fi
	dns=$(uci -q get wireguard."$WG".dns)
	if [ ! -z $dns ]; then
		do_dns $dns
	fi
	port=$(uci -q get wireguard."$WG".port)
	if [ -z $port ]; then
		port="51280"
	fi
	uci set network.wg0.listen_port="$port"
	do_port $port udp
	
	privatekey=$(uci -q get wireguard."$WG".privatekey)
	uci set network.wg0.private_key="$privatekey"

	ips=$(uci -q get wireguard."$WG".addresses)","
	cips=$(echo $ips | cut -d, -f1)
	i=1
	while [ ! -z "$cips" ]
	do
		uci add_list network.wg0.addresses="$cips"
		i=$((i+1))
		cips=$(echo "$ips" | cut -d, -f"$i")
		if [ -z "$cips" ]; then
			break
		fi
	done
	uci add_list network.wg0.addresses="::/0"
	
	create_cpeer $WG
	
	uci commit network
}

udp_server() {
	local config=$1
	udpport=$(uci -q get wireguard."$WG".udpport)
	if [ -z $udpport ]; then
		udpport="54321"
	fi
	port=$(uci -q get wireguard."$WG".port)
	if [ -z $port ]; then
		port="54321"
	fi
	do_port $udpport tcp
	udptunnel -s -v "0.0.0.0:"$udpport "127.0.0.1:"$port &
	#log "udptunnel -s -v 0.0.0.0:$udpport 127.0.0.1:$port"
}

udp_client() {
	local config=$1
	port=$(uci -q get wireguard."$WG".port)
	if [ -z $port ]; then
		port="54321"
	fi
	endpoint_host=$(uci -q get wireguard.$WG.endpoint_host)
	sport=$(uci -q get wireguard.$WG.sport)
	if [ -z $sport ]; then
		sport="51280"
	fi
	
	udptunnel "127.0.0.1:"$port $endpoint_host":"$sport &
	#log "udptunnel 127.0.0.1:$port $endpoint_host:$sport"
}

forward=$(uci -q get wireguard."$WG".forward)
if [ "$forward" != "0" ]; then
	config_load firewall
	config_foreach chk_zone forwarding
else
	uci set firewall.wgwforward=forwarding
	uci set firewall.wgwforward.dest="wan"
	uci set firewall.wgwforward.src="wg"
	
	uci set firewall.wwgforward=forwarding
	uci set firewall.wwgforward.dest="wg"
	uci set firewall.wwgforward.src="wan"
	
	uci set firewall.lwgforward=forwarding
	uci set firewall.lwgforward.dest="wg"
	uci set firewall.lwgforward.src="lan"
	
	uci set firewall.wglforward=forwarding
	uci set firewall.wglforward.dest="lan"
	uci set firewall.wglforward.src="wg"
	uci commit firewall
fi
etc/init.d/firewall restart

config_load network
SERVE=$(uci -q get wireguard."$WG".client)
if [ $SERVE = "0" ]; then
	running=$(uci -q get wireguard.settings.server)
	if [ $running = 1 ]; then
		exit 0
	fi
	UDP=$(uci -q get wireguard."$WG".udptunnel)
	if [ $UDP = 1 ]; then
		udp_server $WG
	fi
	handle_server
	uci commit network
	ifup wg1
	sleep 2
	uci set wireguard.settings.server="1"
else
	running=$(uci -q get wireguard.settings.client)
	log "Client running $running"
	if [ $running = 1 ]; then
		exit 0
	fi
	UDP=$(uci -q get wireguard."$WG".udptunnel)
	if [ $UDP = 1 ]; then
		udp_client $WG
	fi
	handle_client
	uci commit network
	log "Start Interface"
	ifup wg0
	sleep 2
	uci set wireguard.settings.client="1"
fi

uci set wireguard."$WG".active="1"
uci commit wireguard