AuxXxilium/synology-wireguard
1
0
Fork 0
mirror of https://github.com/AuxXxilium/synology-wireguard.git synced 2024-11-23 15:01:05 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add support for DSM 7.0

Browse Source
This commit is contained in:
Matige 2021-01-21 01:45:49 +01:00
parent b8ca535353
commit 0f29464e44
19 changed files with 361 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
INFO.sh
View File

@ -4,6 +4,7 @@ source /pkgscripts-ng/include/pkg_util.sh
package="WireGuard"
version="$WIREGUARD_VERSION"
displayname="WireGuard"
os_min_ver="OS_MIN_VER"
maintainer="Andreas Runfalk"
arch="$(pkg_get_platform)"
description="Adds WireGuard support for your Synology NAS."

15
Makefile
View File

@ -1,4 +1,5 @@
APPLY_MEMNEQ_PATCH ?= 0
APPLY_SPINLOCK_PATCH ?= 0
LIBMNL_TAR := libmnl-$(LIBMNL_VERSION).tar.bz2
LIBMNL_DIR := libmnl-$(LIBMNL_VERSION)
@ -40,12 +41,19 @@ $(WIREGUARD_TAR):
$(WIREGUARD_TOOLS_TAR):
wget https://git.zx2c4.com/wireguard-tools/snapshot/$(WIREGUARD_TOOLS_TAR)
# Unpack WireGuard source tarball and patch the compatibility layer to always
# use memneq implementation if required.
# Unpack WireGuard source tarball. Patch the wireguard interface verification
# due to the unavailability of rtnl_link_ops structure in the network device on DSM 7.0.
# If required, patch the compatibility layer to always use memneq implementation
# and patch the spinlock implementation.
$(WIREGUARD_DIR)/src/Makefile: $(WIREGUARD_TAR)
tar -xf $(WIREGUARD_TAR)
patch $(WIREGUARD_DIR)/src/netlink.c $(ROOT_DIR)/patch/netlink.patch
patch $(WIREGUARD_DIR)/src/peerlookup.c $(ROOT_DIR)/patch/peerlookup.patch
ifeq ($(APPLY_MEMNEQ_PATCH), 1)
patch $(WIREGUARD_DIR)/src/compat/Kbuild.include $(ROOT_DIR)/memneq.patch
patch $(WIREGUARD_DIR)/src/compat/Kbuild.include $(ROOT_DIR)/patch/memneq.patch
endif
ifeq ($(APPLY_SPINLOCK_PATCH), 1)
patch $(WIREGUARD_DIR)/src/ratelimiter.c $(ROOT_DIR)/patch/spinlock.patch
endif
$(WIREGUARD_TOOLS_DIR)/src/Makefile: $(WIREGUARD_TOOLS_TAR)
@ -68,6 +76,7 @@ install: all
install $(WG_TARGET) $(DESTDIR)/wireguard/
install $(WG_QUICK_TARGET) $(DESTDIR)/wireguard/
install $(WG_MODULE_TARGET) $(DESTDIR)/wireguard/
install $(ROOT_DIR)/wireguard/wg-init $(DESTDIR)/wireguard/
clean:
rm -rf $(LIBMNL_TAR) $(LIBMNL_DIR) $(WIREGUARD_TAR) $(WIREGUARD_DIR) $(WIREGUARD_TOOLS_TAR) $(WIREGUARD_TOOLS_DIR)

145
README.rst
View File

@ -41,39 +41,55 @@ All models marked *Is working* have been confirmed by users to work. If your
model has the same platform as one of the working ones, chances are it will
work for you too.
========= ========== =========== ===========================
Model Platform DSM Version Is working?
--------- ---------- ----------- ---------------------------
DS1019+ apollolake 6.2 Yes
DS114 armada370 *N/A* No (Kernel version too old)
DS115j armada370 *N/A* No (Kernel version too old)
DS116 armada38x 6.2 Yes
DS1511+ x64 6.2 Yes
DS1618+ denverton 6.2 Yes
DS1817+ avoton 6.2 Yes
DS1815+ avoton 6.2 Yes
DS213j armada370 *N/A* No (Kernel version too old)
DS213j armada370 *N/A* No (Kernel version too old)
DS214play armada370 *N/A* No (Kernel version too old)
DS214se armada370 *N/A* No (Kernel version too old)
DS216+II braswell 6.2 Yes
DS216se armada370 *N/A* No (Kernel version too old)
DS216Play monaco 6.2 Yes
DS218 rtd1296 6.2 Yes
DS218+ apollolake 6.2 Yes
DS218j armada38x 6.2 Yes
DS3617xs broadwell 6.2 Yes
DS414slim armada370 *N/A* No (Kernel version too old)
DS415+ avoton 6.2 Yes
DS418play apollolake 6.2 Yes
DS713+ cedarview 6.2 Yes
DS716+II braswell 6.2 Yes
DS718+ apollolake 6.2 Yes
DS916+ braswell 6.2 Yes
DS918+ apollolake 6.2 Yes
RS214 armada370 *N/A* No (Kernel version too old)
RS816 armada38x 6.2 Yes
========= ========== =========== ===========================
DSM 6
~~~~~
=========== ========== =========== ===========================
Model Platform DSM Version Is working?
----------- ---------- ----------- ---------------------------
DS1019+ apollolake 6.2 Yes
DS114 armada370 *N/A* No (Kernel version too old)
DS115j armada370 *N/A* No (Kernel version too old)
DS116 armada38x 6.2 Yes
DS1511+ x64 6.2 Yes
DS1618+ denverton 6.2 Yes
DS1817+ avoton 6.2 Yes
DS1815+ avoton 6.2 Yes
DS213j armada370 *N/A* No (Kernel version too old)
DS213j armada370 *N/A* No (Kernel version too old)
DS214play armada370 *N/A* No (Kernel version too old)
DS214se armada370 *N/A* No (Kernel version too old)
DS216+II braswell 6.2 Yes
DS216se armada370 *N/A* No (Kernel version too old)
DS216Play monaco 6.2 Yes
DS218 rtd1296 6.2 Yes
DS218+ apollolake 6.2 Yes
DS218j armada38x 6.2 Yes
DS3617xs broadwell 6.2 Yes
DS414slim armada370 *N/A* No (Kernel version too old)
DS415+ avoton 6.2 Yes
DS418play apollolake 6.2 Yes
DS713+ cedarview 6.2 Yes
DS716+II braswell 6.2 Yes
DS718+ apollolake 6.2 Yes
DS916+ braswell 6.2 Yes
DS918+ apollolake 6.2 Yes
RS214 armada370 *N/A* No (Kernel version too old)
RS816 armada38x 6.2 Yes
Virtual DSM kvmx64 6.2 Yes
=========== ========== =========== ===========================
DSM 7
~~~~~
=========== ========== =========== ===========================
Model Platform DSM Version Is working?
----------- ---------- ----------- ---------------------------
DS220+ geminilake 7.0 Beta Yes
Virtual DSM kvmx64 7.0 Beta Yes
=========== ========== =========== ===========================
The minimum required kernel version is 3.10. If you have a kernel version lower
than that, WireGuard will not work. You can check your kernel version by
@ -91,37 +107,27 @@ HP54NL DS3615xs bromolow 6.2 Yes
Installation
------------
Check the `releases <https://github.com/runfalk/synology-wireguard/releases>`_
page for SPKs for your platform. If there is no SPK you have to compile it
yourself using the instructions below.
1. Check the `releases <https://github.com/runfalk/synology-wireguard/releases>`_
page for SPKs for your platform and DSM version. If there is no SPK you have to compile it
yourself using the instruction below.
2. (*Not applicable for DSM from 7.0*)
In the Synology DSM web admin UI, open the Package Center and press the Settings button.
Set the trust level to Any publisher and press OK to confirm.
3. In the Package Center, press the *Manual install* button and provide the SPK file. Follow the instructions until done.
4. (*Only for DSM from 7.0*)
From DSM 7.0, an additional step is required for the WireGuard package to start.
This is related to `preventing packages not signed by Synology from running with root privileges <https://www.synology.com/en-us/knowledgebase/DSM/tutorial/Third_Party/supported_third_party_packages_beta>`_.
When installing the package, uncheck the ``run after installation`` option. After installing the package, `connect to the NAS via SSH <https://www.synology.com/en-us/knowledgebase/DSMUC/help/DSMUC/AdminCenter/system_terminal>`_ and run the ``sudo /var/packages/WireGuard/scripts/start`` command.
1. In the Synology DSM web admin UI, open the Package Center and press the
*Settings* button.
2. Set the trust level to *Any publisher* and press *OK* to confirm.
3. Press the *Manual install* button and provide the SPK file. Follow the
instructions until done.
Now you just need to figure out how to configure WireGuard. There are lots of
good guides on how to do that.
To put my WireGuard configuration on the NAS, I used SSH and created a
``wg-quick`` configuration in ``/etc/wireguard/wg0.conf``. Then I opened the
*Control panel*, opened the *Task scheduler* and created *Triggered task* that
runs ``wg-quick up wg0`` on startup.
When running ``iptables`` in the ``PostUp`` and ``PostDown`` rules I needed to
toggle the interface to make it work. My full startup task looks like this:
.. code-block:: bash
sleep 60
wg-quick up wg0
sleep 5
wg-quick down wg0
sleep 5
wg-quick up wg0
My ``/etc/wireguard/wg0.conf`` looks like this:
``wg-quick`` configuration in ``/etc/wireguard/wg0.conf``. My configuration looks like this:
.. code-block::
@ -141,6 +147,27 @@ Note that you need to modify the rules if your network interface is not
SSH session.
Adding WireGuard to autostart
-----------------------------
DSM since version 7.0 comes with `systemd unit <https://www.freedesktop.org/software/systemd/man/systemd.unit.html>`_ support, while for previous versions you can use the built-in `upstart <http://upstart.ubuntu.com/>`_.
To standardize the process of adding the WireGuard interface to the autostart, a simple ``wg-init`` script has been developed.
To add the ``wg0`` interface to the autostart, run the command:
.. code-block::
sudo wg-init enable wg0
To remove the ``wg0`` interface from the autostart, run the command:
.. code-block::
sudo wg-init disable wg0
**Important note:** before adding the interface to the autostart, start it manually by ``sudo wg-quick up wg0`` ensure that it does not cause the system to crash. Otherwise, it may not be possible to start the NAS.
Compiling
---------
I've used docker to compile everything, as ``pkgscripts-ng`` clutters the file
@ -176,7 +203,7 @@ contains your SPK files.
Avoiding timeouts when downloading build files
----------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It can take a long time to pull development files from SourceForge, including
occasional timeouts. To get around this, create a folder locally and map it to
the `/toolkit_tarballs` Docker volume using the following command:

2
SynoBuildConf/depends
View File

@ -1,2 +1,2 @@
[default]
all="6.2"
all="DSM_VER"

5
SynoBuildConf/install
View File

@ -22,11 +22,16 @@ create_package_tgz() {
create_spk(){
local scripts_dir=$PKG_DIR/scripts
local conf_dir=$PKG_DIR/conf
### Copy package center scripts to PKG_DIR
mkdir -p $scripts_dir
cp -av scripts/* $scripts_dir
### Copy package conf to PKG_DIR
mkdir -p $conf_dir
cp -av conf/* $conf_dir
### Copy package icon
cp -av PACKAGE_ICON*.PNG $PKG_DIR

54
build.sh
View File

@ -33,7 +33,13 @@ echo
# Fetch Synology toolchain
if [[ ! -d /pkgscripts-ng ]] || [ -z "$(ls -A /pkgscripts-ng)" ]; then
git clone https://github.com/SynologyOpenSource/pkgscripts-ng
clone_args=""
# If the DSM version is 7.0, use the DSM7.0 branch of pkgscripts-ng
if [[ "$DSM_VER" =~ ^7\.[0-9]+$ ]]; then
clone_args="-b DSM7.0"
export PRODUCT="DSM"
fi
git clone ${clone_args} https://github.com/SynologyOpenSource/pkgscripts-ng
else
echo "Existing pkgscripts-ng repo found. Pulling latest from origin."
cd /pkgscripts-ng
@ -41,17 +47,37 @@ else
cd /
fi
# Temporary workaround for some architectures that are not part properly set as
# 64 bit: https://github.com/SynologyOpenSource/pkgscripts-ng/pull/26/
# NOTE: This fix breaks your workflow if you save the pkgscripts-ng repo state
# across runs
if [[ "$PACKAGE_ARCH" =~ ^geminilake|purley|v1000$ ]]; then
sed -i 's/\(local all64BitPlatforms\)=".*"/\1="PURLEY V1000 GEMINILAKE"/' /pkgscripts-ng/include/platforms
# Configure the package according to the DSM version
if [[ "$DSM_VER" =~ ^7\.[0-9]+$ ]]; then
os_min_ver="7.0-40000"
pkgscripts_args=""
# Synology has added a strict requirement on DSM 7.0 to prevent packages
# not signed by Synology from running with root privileges.
# Change the permission to run the package to lower in order
# to successfully install the package.
sed -i "s/root/package/" /source/WireGuard/conf/privilege
# For Virtual DSM 7.0 (vkmx64) the wireguard kernel module
# requires a spinlock implementation patch
if [[ "$PACKAGE_ARCH" =~ ^(kvmx64)$ ]]; then
export APPLY_SPINLOCK_PATCH=1
fi
else
os_min_ver="6.0-5941"
pkgscripts_args="-S"
# Temporary workaround for some architectures that are not part properly set as
# 64 bit: https://github.com/SynologyOpenSource/pkgscripts-ng/pull/26/
# NOTE: This fix breaks your workflow if you save the pkgscripts-ng repo state
# across runs
if [[ "$PACKAGE_ARCH" =~ ^(geminilake|purley|v1000)$ ]]; then
sed -i 's/\(local all64BitPlatforms\)=".*"/\1="PURLEY V1000 GEMINILAKE"/' /pkgscripts-ng/include/platforms
fi
fi
# Temporary add support for 7.0 (until the official repo is updated)
grep -q '^AvailablePlatform_7_0=' /pkgscripts-ng/include/toolkit.config || \
echo 'AvailablePlatform_7_0="6281 alpine alpine4k apollolake armada370 armada375 armada37xx armada38x armadaxp avoton braswell broadwell broadwellnk bromolow cedarview comcerto2k denverton dockerx64 evansport geminilake grantley hi3535 kvmx64 monaco purley qoriq rtd1296 v1000 x64"' >> /pkgscripts-ng/include/toolkit.config
sed -i "s/DSM_VER/$DSM_VER/" /source/WireGuard/SynoBuildConf/depends
sed -i "s/OS_MIN_VER/$os_min_ver/" /source/WireGuard/INFO.sh
# Install the toolchain for the given package arch and DSM version
build_env="/build_env/ds.$PACKAGE_ARCH-$DSM_VER"
@ -68,9 +94,6 @@ if [ ! -d "$build_env" ]; then
cp /etc/ssl/certs/ca-certificates.crt "$build_env/etc/ssl/certs/"
fi
# Disable quit if errors to allow printing of logfiles
set +e
# Patch WireGuard to use its own included memneq implementation if architecture
# does not have built in memneq support.
if [ -z ${APPLY_MEMNEQ_PATCH+x} ]; then
@ -88,6 +111,9 @@ if [ -z ${APPLY_MEMNEQ_PATCH+x} ]; then
fi
fi
# Disable quit if errors to allow printing of logfiles
set +e
# Build packages
# -p package arch
# -v DSM version
@ -98,7 +124,7 @@ fi
pkgscripts-ng/PkgCreate.py \
-p $PACKAGE_ARCH \
-v $DSM_VER \
-S \
${pkgscripts_args} \
--build-opt=-J \
--print-log \
-c WireGuard

5
conf/privilege Normal file
View File

@ -0,0 +1,5 @@
{
"defaults": {
"run-as": "root"
}
}

5
conf/resource Normal file
View File

@ -0,0 +1,5 @@
{
"usr-local-linker": {
"bin": ["wireguard/wg", "wireguard/wg-quick", "wireguard/wg-init"]
}
}

21
conf/systemd/pkg-wg-quick@.service Normal file
View File

@ -0,0 +1,21 @@
[Unit]
Description=WireGuard via wg-quick(8) for %I
After=pkgctl-WireGuard.service
Wants=pkgctl-WireGuard.service
Documentation=man:wg-quick(8)
Documentation=man:wg(8)
Documentation=https://www.wireguard.com/
Documentation=https://www.wireguard.com/quickstart/
Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/bin/wg-quick up %i
ExecStop=/usr/local/bin/wg-quick down %i
ExecReload=/bin/bash -c 'exec /usr/local/bin/wg syncconf %i <(exec /usr/local/bin/wg-quick strip %i)'
Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity
[Install]
WantedBy=syno-low-priority-packages.target

0
memneq.patch → patch/memneq.patch
View File

13
patch/netlink.patch Normal file
View File

@ -0,0 +1,13 @@
--- netlink.c 2021-01-09 19:18:42.109012366 +0100
+++ netlink.c 2021-01-09 16:08:05.098280000 +0100
@@ -62,8 +62,8 @@
nla_data(attrs[WGDEVICE_A_IFNAME]));
if (!dev)
return ERR_PTR(-ENODEV);
- if (!dev->rtnl_link_ops || !dev->rtnl_link_ops->kind ||
- strcmp(dev->rtnl_link_ops->kind, KBUILD_MODNAME)) {
+ if (!dev->dev.type || !dev->dev.type->name ||
+ strcmp(dev->dev.type->name, KBUILD_MODNAME)) {
dev_put(dev);
return ERR_PTR(-EOPNOTSUPP);
}

12
patch/peerlookup.patch Normal file
View File

@ -0,0 +1,12 @@
--- peerlookup.c 2021-01-19 01:34:52.624027083 +0100
+++ peerlookup.c 2021-01-19 01:40:12.063429383 +0100
@@ -7,6 +7,9 @@
#include "peer.h"
#include "noise.h"
+#define spin_lock_bh(lock) __raw_spin_lock_bh(&(lock)->rlock)
+#define spin_unlock_bh(lock) __raw_spin_unlock_bh(&(lock)->rlock)
+
static struct hlist_head *pubkey_bucket(struct pubkey_hashtable *table,
const u8 pubkey[NOISE_PUBLIC_KEY_LEN])
{

12
patch/spinlock.patch Normal file
View File

@ -0,0 +1,12 @@
--- ratelimiter.c 2021-01-19 01:34:52.624027083 +0100
+++ ratelimiter.c 2021-01-19 01:38:32.474371582 +0100
@@ -21,6 +21,9 @@
#include <linux/slab.h>
#include <net/ip.h>
+#define spin_lock(lock) __raw_spin_lock(&(lock)->rlock)
+#define spin_unlock(lock) __raw_spin_unlock(&(lock)->rlock)
+
static struct kmem_cache *entry_cache;
static hsiphash_key_t key;
static spinlock_t table_lock = __SPIN_LOCK_UNLOCKED("ratelimiter_table_lock");

72
release.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
VER=7.0
VERSIONS=(6.2 7.0)
ARCHS=(
# "apollolake"
"apollolake"
"armada38x"
"avoton"
"braswell"
@ -14,7 +14,7 @@ ARCHS=(
"kvmx64"
"monaco"
"rtd1296"
# "x64"
"x64"
)
set -e
@ -25,49 +25,51 @@ if [ `id -u` -ne 0 ]; then
exit 1
fi
# Create release directory if needed
if [ ! -d target/ ]; then
mkdir target/
fi
# Download all necessary tarballs before calling into the docker containers.
echo "Downloading environment tarballs"
url_base="https://sourceforge.net/projects/dsgpl/files/toolkit/DSM$VER"
pushd toolkit_tarballs/
if [ ! -f base_env-$VER.txz ]; then
wget -q --show-progress "$url_base/base_env-$VER.txz"
fi
for arch in ${ARCHS[@]}; do
if [ ! -f ds.$arch-$VER.dev.txz ]; then
wget -q --show-progress "$url_base/ds.$arch-$VER.dev.txz"
fi
if [ ! -f ds.$arch-$VER.env.txz ]; then
wget -q --show-progress "$url_base/ds.$arch-$VER.env.txz"
for ver in ${VERSIONS[@]}; do
url_base="https://sourceforge.net/projects/dsgpl/files/toolkit/DSM$ver"
pushd toolkit_tarballs/
if [ ! -f base_env-$ver.txz ]; then
wget -q --show-progress "$url_base/base_env-$ver.txz"
fi
for arch in ${ARCHS[@]}; do
if [ ! -f ds.$arch-$ver.dev.txz ]; then
wget -q --show-progress "$url_base/ds.$arch-$ver.dev.txz"
fi
if [ ! -f ds.$arch-$ver.env.txz ]; then
wget -q --show-progress "$url_base/ds.$arch-$ver.env.txz"
fi
done
popd
done
popd
# Ensure that we are using an up to date docker image
docker build -t synobuild .
for arch in ${ARCHS[@]}; do
echo "Building '$arch'"
for ver in ${VERSIONS[@]}; do
# Create release directory if needed
mkdir -p target/$ver
# Remove old artifact directory
if [ -d artifacts/ ]; then
rm -rf artifacts/
fi
for arch in ${ARCHS[@]}; do
echo "Building '$arch'"
docker run \
--rm \
--privileged \
--env PACKAGE_ARCH=$arch \
--env DSM_VER=$VER \
-v $(pwd)/artifacts:/result_spk \
-v $(pwd)/toolkit_tarballs:/toolkit_tarballs \
synobuild
# Remove old artifact directory
if [ -d artifacts/ ]; then
rm -rf artifacts/
fi
mv artifacts/WireGuard-*/* target/
docker run \
--rm \
--privileged \
--env PACKAGE_ARCH=$arch \
--env DSM_VER=$ver \
-v $(pwd)/artifacts:/result_spk \
-v $(pwd)/toolkit_tarballs:/toolkit_tarballs \
synobuild
mv artifacts/WireGuard-*/* target/$ver/
done
done
# Clean up artifact directory

4
scripts/postinst
View File

@ -1,4 +0,0 @@
#!/bin/bash
mkdir -p /usr/local/bin/
ln -s $SYNOPKG_PKGDEST/wireguard/wg /usr/local/bin/
ln -s $SYNOPKG_PKGDEST/wireguard/wg-quick /usr/local/bin/

3
scripts/preuninst
View File

@ -1,3 +0,0 @@
#!/bin/bash
rm /usr/local/bin/wg
rm /usr/local/bin/wg-quick

20
scripts/start Executable file
View File

@ -0,0 +1,20 @@
#!/bin/sh
if [ "$EUID" -ne 0 ]
then
echo "This script must be run as root"
exit 1
fi
dir=`dirname $0`
sed -i 's/package/root/' "$dir/../conf/privilege"
synopkg start WireGuard > /dev/null
if [ "$?" -eq 0 ]
then
echo "WireGuard has been successfully started"
exit 0
else
echo "An error occurred during WireGuard startup" 1>&2
exit 1
fi

3
scripts/start-stop-status
View File

@ -4,7 +4,6 @@
# support. For some reason it's not loaded by default. The other weird thing
# is that the .ko-files can't be loaded directly using insmod
IPTABLES_MODULE_LIST="/usr/syno/etc/iptables_modules_list"
source "$IPTABLES_MODULE_LIST"
# Binary that allows loading iptables kernel modules
SYNOMODULETOOL="/usr/syno/bin/synomoduletool"
@ -13,6 +12,7 @@ SERVICE_NAME="WireGuard"
case $1 in
start)
source "$IPTABLES_MODULE_LIST"
if [ -x "$SYNOMODULETOOL" -a -f "$IPTABLES_MODULE_LIST" ]; then
sysctl -w net.ipv4.ip_forward=1
@ -27,6 +27,7 @@ case $1 in
exit 0
;;
stop)
source "$IPTABLES_MODULE_LIST"
/sbin/rmmod $SYNOPKG_PKGDEST/wireguard/wireguard.ko
if [ -x "$SYNOMODULETOOL" -a -f "$IPTABLES_MODULE_LIST" ]; then

89
wireguard/wg-init Executable file
View File

@ -0,0 +1,89 @@
#!/bin/sh
read -r -d '' init_script <<EOF
start on syno.pkgctl.started WireGuard
script
exec /usr/local/bin/wg-quick up %i
end script
EOF
enable() {
if command -v systemctl &> /dev/null
then
systemctl is-enabled --quiet "pkg-wg-quick@${1}" &> /dev/null
if [ "$?" -ne 0 ]
then
systemctl enable "pkg-wg-quick@${1}" &> /dev/null
return 0
else
return 1
fi
else
if [ ! -f "/etc/init/wireguard-${1}.conf" ]
then
echo -e "$init_script" > "/etc/init/wireguard-${1}.conf"
sed -i "s/%i/${1}/g" "/etc/init/wireguard-${1}.conf"
return 0
else
return 1
fi
fi
}
disable() {
if command -v systemctl &> /dev/null
then
systemctl is-enabled --quiet "pkg-wg-quick@${1}" &> /dev/null
if [ "$?" -eq 0 ]
then
systemctl disable "pkg-wg-quick@${1}" &> /dev/null
return 0
else
return 1
fi
else
if [ -f "/etc/init/wireguard-${1}.conf" ]
then
rm -rf "/etc/init/wireguard-${1}.conf"
return 0
else
return 1
fi
fi
}
if [ "$EUID" -ne 0 ]
then
echo "This script must be run as root"
exit 1
fi
case "$1" in
enable)
enable "$2"
if [ "$?" -eq 0 ]
then
echo "wg-init $2 has been enabled successfully"
exit 0
else
echo "wg-init $2 is already enabled" 1>&2
exit 1
fi
;;
disable)
disable "$2"
if [ "$?" -eq 0 ]
then
echo "wg-init $2 has been disabled successfully"
exit 0
else
echo "wg-init $2 is already disabled" 1>&2
exit 1
fi
;;
*)
echo "Usage: $0 {enable|disable} [interface]" 1>&2
exit 1
esac