Användarforum
https://forum.integrity.st/
Code: Select all
#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-2.0
#
# Copyright (C) 2016-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
die() {
echo "[-] Error: $1" >&2
exit 1
}
PROGRAM="${0##*/}"
ARGS=( "$@" )
SELF="${BASH_SOURCE[0]}"
PRIVATE_KEY="$1"
[[ $SELF == */* ]] || SELF="./$SELF"
SELF="$(cd "${SELF%/*}" && pwd -P)/${SELF##*/}"
#[[ $UID == 0 ]] || exec sudo -p "[?] $PROGRAM must be run as root. Please enter the password for %u to continue: " -- "$BASH" -- "$SELF" "${ARGS[@]}"
[[ $UID == 0 ]] || echo "[?] $PROGRAM is not run as root. Saving configuration to $PWD for user $USER" \
&& echo "else exit script with ctrl-C and re-run as root, i.e with sudo, to get the configuration installed."
[[ ${BASH_VERSINFO[0]} -ge 4 ]] || die "bash ${BASH_VERSINFO[0]} detected, when bash 4+ required"
type curl >/dev/null || die "Please install curl and then try again."
type jq >/dev/null || die "Please install jq and then try again."
set -e
read -p "[?] Please enter your Integrity account username: " -r USER
read -p "[?] Please enter your IntegrityVPN password $PASS_TYPE: " -rs PASS
echo "[+] Contacting Integrity API for server locations."
declare -A SERVER_ENDPOINTS
declare -A SERVER_PUBLIC_KEYS
declare -A SERVER_LOCATIONS
declare -a SERVER_CODES
RESPONSE="$(curl -LsS https://api.5july.net/1.0/locations)" || die "Unable to connect to Integrity API."
FIELDS="$(jq -r '.[] | .hostname,.country,.city,.public_key,.dest_addr,.port' <<<"$RESPONSE")" || die "Unable to parse response."
while read -r HOSTNAME && read -r COUNTRY && read -r CITY && read -r PUBKEY && read -r IPADDR && read -r PORT; do
CODE="${HOSTNAME%-wireguard}"
SERVER_CODES+=( "$CODE" )
SERVER_LOCATIONS["$CODE"]="$CITY, $COUNTRY"
SERVER_PUBLIC_KEYS["$CODE"]="$PUBKEY"
SERVER_ENDPOINTS["$CODE"]="$IPADDR:$PORT"
done <<<"$FIELDS"
if [[ $UID == 0 ]]; then
shopt -s nocasematch
for CODE in "${SERVER_CODES[@]}"; do
CONFIGURATION_FILE="/etc/wireguard/integrity-$CODE.conf"
[[ -f $CONFIGURATION_FILE ]] || continue
while read -r line; do
[[ $line =~ ^PrivateKey\ *=\ *([a-zA-Z0-9+/]{43}=)\ *$ ]] && PRIVATE_KEY="${BASH_REMATCH[1]}" && break
done < "$CONFIGURATION_FILE"
[[ -n $PRIVATE_KEY ]] && echo "[+] Using existing private key." && break
done
shopt -u nocasematch
if [[ -z $PRIVATE_KEY ]]; then
echo "[+] Generating new private key."
PRIVATE_KEY="$(wg genkey)"
fi
else
CONFIGURATION_FILE="$PWD/integrity-$CODE.conf"
if [[ -z $PRIVATE_KEY ]]; then
echo "[+] Generating new private key for $USER."
PRIVATE_KEY="$(wg genkey)"
else
echo "[+] Using supplied private key."
fi
fi
PUBLIC_KEY="$(wg pubkey <<< $PRIVATE_KEY)"
echo "[+] Contacting Integrity API."
RESPONSE="$(curl -LsS https://api.5july.net/1.0/wireguard -X 'POST' -H "Content-Type: application/json" -d '{"username": "'$USER'", "password": "'$PASS'", "pubkey": "'$PUBLIC_KEY'"}')" || die "Could not talk to Integrity API."
#[[ $RESPONSE =~ ^[0-9a-f:/.,]+$ ]] || die "$RESPONSE"
FIELDS="$(jq -r '.success' <<<"$RESPONSE")" || die "Unable to parse response."
IFS=$'\n' read -r -d '' STATUS <<<"$FIELDS" || true
if [[ $STATUS != ok ]]; then
die "An unknown API error has occurred. Please try again later. $RESPONSE"
fi
FIELDS="$(jq -r '.dns,.ipv4,.ipv6' <<<"$RESPONSE")" || die "Unable to parse response."
IFS=$'\n' read -r -d '' DNS IPV4 IPV6 <<<"$FIELDS" || true
#ADDRESS="$RESPONSE"
#DNS="1.1.1.1"
echo "[+] Writing WriteGuard configuration files."
for CODE in "${SERVER_CODES[@]}"; do
if [[ $UID == 0 ]]; then
CONFIGURATION_FILE="/etc/wireguard/integrity-$CODE.conf"
umask 077
mkdir -p /etc/wireguard/
else
CONFIGURATION_FILE="$PWD/integrity-$CODE.conf"
fi
rm -f "$CONFIGURATION_FILE.tmp"
cat > "$CONFIGURATION_FILE.tmp" <<-_EOF
[Interface]
PrivateKey = $PRIVATE_KEY
Address = $IPV4,$IPV6
DNS = $DNS
[Peer]
PublicKey = ${SERVER_PUBLIC_KEYS["$CODE"]}
Endpoint = ${SERVER_ENDPOINTS["$CODE"]}
AllowedIPs = 0.0.0.0/0, ::/0
_EOF
mv "$CONFIGURATION_FILE.tmp" "$CONFIGURATION_FILE"
done
echo "[+] Success. The following commands may be run for connecting to Integrity:"
for CODE in "${SERVER_CODES[@]}"; do
echo "- ${SERVER_LOCATIONS["$CODE"]}:"
if [[ $UID != 0 ]]; then
echo "Copy integrity-$CODE to /etc/wireguard/ on the device with the prviate key!"
fi
echo " \$ wg-quick up integrity-$CODE"
done
echo "Please wait up to 60 seconds for your public key to be added to the servers."
Och så någon länk till hur man gör. Man skulle även kunna säga något i stil med att:För dem som använder Linux eller Mac är det möjligt att ytterligare förbättra konfigurationen.
.Använder du Windows kanske du kan be någon bekant som använder Linux eller Mac att hjälpa dig.
Code: Select all
umask 077 && wg genkey > privatekey1 Code: Select all
wg: Key is not the correct length or format
[-] Error: An unknown API error has occurred. Please try again later. {
"error": {
"error_code": 4001,
"error_name": "WireguardPubKeyInvalid",
"http_code": 422,
"innerError": {},
"message": "Invalid public key"
}
}Code: Select all
PUBLIC_KEY="....."
URL="https://wg.5july.net/ajax/user"
CODE="SE" # US, UK, FI
HEADER="Content-Type: application/x-www-form-urlencoded; charset=UTF-8"
DATA="username=${USER}&password=${PASS}&location=${CODE}&pubkey=${PUBLIC_KEY}"
curl -LsS -H "${HEADER}" -d "${DATA}" "${URL}"
Code: Select all
sh path/to/script.sh [--generate|-g] [--user|-u <username>] [--qrencode|-q] [--code|-c <SE,US,UK,FI>]
Code: Select all
#!/bin/sh
VERBOSE=""
QR=""
LOC_URL="https://api.5july.net/1.0/locations"
CONF_URL="https://wg.5july.net/ajax/user"
CODE="SE"
die() {
printf "[-] Error: %s\n" "${1}" >&2
[ -n "${2}" ] && printf "[-] %s\n" "${2}" >&2
exit 1
}
prereq() {
for prer in curl jq qrencode; do
type "${prer}" >/dev/null || die "Please install ${prer} and then try again."
done
if [ -n "${QR}" ] ; then
type qrencode >/dev/null || die "qrencode is needed for the --qr|-q arg.\n"
fi
}
locations_show() {
printf "\n[+] Contacting Integrity API for server locations.\n"
LOCATIONS="$(curl -LsS "${LOC_URL}")" || die "Unable to connect to API at:" "${LOC_URL}"
echo "${LOCATIONS}"|jq -c '.[]'|jq -c '[ .country, .country_code, .city, .hostname, .dest_addr, .port, .public_key ]'
}
while [ "${#}" -gt 0 ] ; do
case "${1}" in
--user|-u)
shift
USER="${1}" ;;
--password|-p)
shift
PASS="${1}" ;;
--key|-k)
shift
KEY="${1}" ;;
--env|-e)
shift
ENV="${1}" ;;
--code|-c)
shift
CODE="${1}";;
--filename|-f)
shift
CONFIGURATION_FILE="${1}" ;;
--locations|-l)
locations_show
exit 0 ;;
--verbose|-v)
VERBOSE="1" ;;
--generate|-g)
GENERATE="1" ;;
--qrencode|-q)
QR="1";;
--)
break;;
*)
die "Unknown arg!" ;;
esac
shift
done
[ -n "${VERBOSE}" ] && printf "[+] Get wireguard conf.\n"
set -e
prereq
if [ -n "${ENV}" ] && [ -f "${ENV}" ]; then
. "${ENV}"
fi
if [ -n "${GENERATE}" ]; then
KEY="$(wg genkey)"
fi
if [ -z "${USER}" ]; then
printf "[?] Enter Integrity account username: "
read -r USER
fi
# make this not echo
STTY_CONF="$(stty --save)"
trap 'stty ${STTY_CONF}' EXIT INT TERM
stty -echo
if [ -z "${PASS}" ]; then
printf "[?] Enter IntegrityVPN password: "
read -r PASS
printf "\n"
fi
if [ -z "${KEY}" ]; then
printf "[?] Enter PRIVATE key: "
read -r KEY
printf "\n"
fi
stty "${STTY_CONF}"
# make this echo
PUBLIC_KEY="$(printf "%s\n" "${KEY}" | wg pubkey)"
[ -n "${VERBOSE}" ] && printf "[+] Contacting Integrity API.\n"
HEADER="Content-Type: application/x-www-form-urlencoded; charset=UTF-8"
DATA="username=${USER}&password=${PASS}&location=${CODE}&pubkey=${PUBLIC_KEY}"
[ -n "${VERBOSE}" ] && printf "[+] Header: %s\n" "${HEADER}"
[ -n "${VERBOSE}" ] && printf "[+] Data: %s\n" "${DATA}"
RESPONSE="$(curl -LsS -H "${HEADER}" -d "${DATA}" "${CONF_URL}")"
[ -n "${VERBOSE}" ] && printf "[+] Resulting answer.\n"
[ -n "${VERBOSE}" ] && printf "%s\n" "${RESPONSE}" | jq -r '.'
OK="$(echo "${RESPONSE}" | jq -r '.success')"
if [ "${OK}" = "ok" ]; then
[ -n "${VERBOSE}" ] && printf "[+] API Success.\n"
else
die "API Response Failure." "${RESPONSE}"
fi
DNS="$(echo "${RESPONSE}" | jq -r '.dns')"
IPV4="$(echo "${RESPONSE}" | jq -r '.ipv4')"
IPV6="$(echo "${RESPONSE}" | jq -r '.ipv6')"
ENDPOINT="$(echo "${RESPONSE}" |jq -r '.endpoint')"
SERVER_KEY="$(echo "${RESPONSE}" |jq -r '.public_key')"
[ -n "${VERBOSE}" ] && printf "[+] Writing WriteGuard configuration files.\n\n"
umask 077
OUT="${CONFIGURATION_FILE:-integrity}-${CODE}"
rm -f "${OUT}.tmp"
cat > "${OUT}.tmp" <<-_EOF
[Interface]
PrivateKey = ${KEY}
Address = ${IPV4},${IPV6}
DNS = ${DNS}
[Peer]
PublicKey = ${SERVER_KEY}
Endpoint = ${ENDPOINT}
AllowedIPs = 0.0.0.0/0, ::/0
_EOF
unset KEY
while [ -f "${OUT}.conf" ]; do
printf "[!] Configurationfile already exist: (%s)\n" "${OUT}"
printf "[?] Enter a new name: "
read -r OUT
done
mv "${OUT}.tmp" "${OUT}.conf"
if [ -n "${QR}" ]; then
[ -n "${VERBOSE}" ] && printf "[+] Saving qr image as %s-qr.png:\n" "${OUT}"
qrencode -t ansiutf8 -r "${OUT}.conf"
qrencode -t png -o "${OUT}-qr.png" -r "${OUT}.conf"
fi
[ -n "${VERBOSE}" ] && printf "[+] The following commands may be run for connecting to Integrity:\n"
[ -n "${VERBOSE}" ] && printf "[+] \$ doas wg-quick up %s.conf\n" "${OUT}"
[ -n "${VERBOSE}" ] && printf "Please wait for your public key to be added to the servers.\n"