forked from Slava-Shchipunov/awg-openwrt
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathamneziawg-install.sh
More file actions
375 lines (321 loc) · 14.5 KB
/
amneziawg-install.sh
File metadata and controls
375 lines (321 loc) · 14.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
#!/bin/sh
#set -x
PKG_MANAGER=""
PKG_EXT=""
detect_package_manager() {
if command -v apk >/dev/null 2>&1; then
PKG_MANAGER="apk"
PKG_EXT="apk"
elif command -v opkg >/dev/null 2>&1; then
PKG_MANAGER="opkg"
PKG_EXT="ipk"
else
printf "\033[32;1mNo supported package manager found (apk/opkg).\033[0m\n"
exit 1
fi
}
pkg_update() {
if [ "$PKG_MANAGER" = "apk" ]; then
apk update
else
opkg update
fi
}
is_pkg_installed() {
pkg_name="$1"
if [ "$PKG_MANAGER" = "apk" ]; then
apk info -e "$pkg_name" >/dev/null 2>&1
else
opkg list-installed 2>/dev/null | grep -q "^${pkg_name} "
fi
}
install_local_pkg() {
pkg_file="$1"
if [ "$PKG_MANAGER" = "apk" ]; then
apk add --allow-untrusted "$pkg_file"
else
opkg install "$pkg_file"
fi
}
get_pkgarch() {
PKGARCH_UBUS=$(ubus call system board 2>/dev/null | jsonfilter -e '@.release.arch' 2>/dev/null)
if [ -n "$PKGARCH_UBUS" ]; then
echo "$PKGARCH_UBUS"
return
fi
if command -v opkg >/dev/null 2>&1; then
opkg print-architecture | awk 'BEGIN {max=0} {if ($3 > max) {max = $3; arch = $2}} END {print arch}'
return
fi
if [ -f /etc/openwrt_release ]; then
PKGARCH_RELEASE=$(grep "^DISTRIB_ARCH='" /etc/openwrt_release | cut -d"'" -f2)
if [ -n "$PKGARCH_RELEASE" ]; then
echo "$PKGARCH_RELEASE"
return
fi
fi
if command -v apk >/dev/null 2>&1; then
apk --print-arch
return
fi
uname -m
}
download_package() {
pkg_base_name="$1"
pkg_postfix_base="$2"
awg_dir="$3"
base_url="$4"
preferred_file="${pkg_base_name}${pkg_postfix_base}.${PKG_EXT}"
preferred_url="${base_url}${preferred_file}"
if wget -q -O "$awg_dir/$preferred_file" "$preferred_url" && [ -s "$awg_dir/$preferred_file" ]; then
echo "$preferred_file"
return 0
fi
rm -f "$awg_dir/$preferred_file"
if [ "$PKG_EXT" = "apk" ]; then
fallback_ext="ipk"
else
fallback_ext="apk"
fi
fallback_file="${pkg_base_name}${pkg_postfix_base}.${fallback_ext}"
fallback_url="${base_url}${fallback_file}"
if wget -q -O "$awg_dir/$fallback_file" "$fallback_url" && [ -s "$awg_dir/$fallback_file" ]; then
echo "$fallback_file"
return 0
fi
rm -f "$awg_dir/$fallback_file"
return 1
}
#Репозиторий OpenWRT должен быть доступен для установки зависимостей пакета kmod-amneziawg
check_repo() {
printf "\033[32;1mChecking OpenWrt repo availability...\033[0m\n"
if [ "$PKG_MANAGER" = "apk" ]; then
pkg_update >/dev/null 2>&1 || \
{ printf "\033[32;1mapk failed. Check internet or date. Command for force ntp sync: ntpd -p ptbtime1.ptb.de\033[0m\n"; exit 1; }
else
pkg_update | grep -q "Failed to download" && \
printf "\033[32;1mopkg failed. Check internet or date. Command for force ntp sync: ntpd -p ptbtime1.ptb.de\033[0m\n" && exit 1
fi
}
install_awg_packages() {
# Получение pkgarch с наибольшим приоритетом
PKGARCH=$(get_pkgarch)
TARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 1)
SUBTARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 2)
VERSION=$(ubus call system board | jsonfilter -e '@.release.version')
PKGPOSTFIX_BASE="_v${VERSION}_${PKGARCH}_${TARGET}_${SUBTARGET}"
BASE_URL="https://github.com/Slava-Shchipunov/awg-openwrt/releases/download/"
# Определяем версию AWG протокола (2.0 для OpenWRT >= 23.05.6 и >= 24.10.3)
AWG_VERSION="1.0"
MAJOR_VERSION=$(echo "$VERSION" | cut -d '.' -f 1)
MINOR_VERSION=$(echo "$VERSION" | cut -d '.' -f 2)
PATCH_VERSION=$(echo "$VERSION" | cut -d '.' -f 3)
if [ "$MAJOR_VERSION" -gt 24 ] || \
[ "$MAJOR_VERSION" -eq 24 -a "$MINOR_VERSION" -gt 10 ] || \
[ "$MAJOR_VERSION" -eq 24 -a "$MINOR_VERSION" -eq 10 -a "$PATCH_VERSION" -ge 3 ] || \
[ "$MAJOR_VERSION" -eq 23 -a "$MINOR_VERSION" -eq 5 -a "$PATCH_VERSION" -ge 6 ]; then
AWG_VERSION="2.0"
LUCI_PACKAGE_NAME="luci-proto-amneziawg"
else
LUCI_PACKAGE_NAME="luci-app-amneziawg"
fi
printf "\033[32;1mDetected AWG version: $AWG_VERSION\033[0m\n"
AWG_DIR="/tmp/amneziawg"
mkdir -p "$AWG_DIR"
if is_pkg_installed "kmod-amneziawg"; then
echo "kmod-amneziawg already installed"
else
KMOD_AMNEZIAWG_FILENAME=$(download_package "kmod-amneziawg" "$PKGPOSTFIX_BASE" "$AWG_DIR" "${BASE_URL}v${VERSION}/")
if [ $? -eq 0 ]; then
echo "kmod-amneziawg file downloaded successfully"
else
echo "Error downloading kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
exit 1
fi
install_local_pkg "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME"
if [ $? -eq 0 ]; then
echo "kmod-amneziawg installed successfully"
else
echo "Error installing kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
exit 1
fi
fi
if is_pkg_installed "amneziawg-tools"; then
echo "amneziawg-tools already installed"
else
AMNEZIAWG_TOOLS_FILENAME=$(download_package "amneziawg-tools" "$PKGPOSTFIX_BASE" "$AWG_DIR" "${BASE_URL}v${VERSION}/")
if [ $? -eq 0 ]; then
echo "amneziawg-tools file downloaded successfully"
else
echo "Error downloading amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
exit 1
fi
install_local_pkg "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME"
if [ $? -eq 0 ]; then
echo "amneziawg-tools installed successfully"
else
echo "Error installing amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
exit 1
fi
fi
# Проверяем оба возможных названия пакета
if is_pkg_installed "luci-proto-amneziawg" || is_pkg_installed "luci-app-amneziawg"; then
echo "$LUCI_PACKAGE_NAME already installed"
else
LUCI_AMNEZIAWG_FILENAME=$(download_package "$LUCI_PACKAGE_NAME" "$PKGPOSTFIX_BASE" "$AWG_DIR" "${BASE_URL}v${VERSION}/")
if [ $? -eq 0 ]; then
echo "$LUCI_PACKAGE_NAME file downloaded successfully"
else
echo "Error downloading $LUCI_PACKAGE_NAME. Please, install $LUCI_PACKAGE_NAME manually and run the script again"
exit 1
fi
install_local_pkg "$AWG_DIR/$LUCI_AMNEZIAWG_FILENAME"
if [ $? -eq 0 ]; then
echo "$LUCI_PACKAGE_NAME installed successfully"
else
echo "Error installing $LUCI_PACKAGE_NAME. Please, install $LUCI_PACKAGE_NAME manually and run the script again"
exit 1
fi
fi
# Устанавливаем русскую локализацию только для AWG 2.0
if [ "$AWG_VERSION" = "2.0" ]; then
printf "\033[32;1mУстанавливаем пакет с русской локализацией? Install Russian language pack? (y/n) [n]: \033[0m\n"
read INSTALL_RU_LANG
INSTALL_RU_LANG=${INSTALL_RU_LANG:-n}
if [ "$INSTALL_RU_LANG" = "y" ] || [ "$INSTALL_RU_LANG" = "Y" ]; then
if is_pkg_installed "luci-i18n-amneziawg-ru"; then
echo "luci-i18n-amneziawg-ru already installed"
else
LUCI_I18N_AMNEZIAWG_RU_FILENAME=$(download_package "luci-i18n-amneziawg-ru" "$PKGPOSTFIX_BASE" "$AWG_DIR" "${BASE_URL}v${VERSION}/")
if [ $? -eq 0 ]; then
echo "luci-i18n-amneziawg-ru file downloaded successfully"
install_local_pkg "$AWG_DIR/$LUCI_I18N_AMNEZIAWG_RU_FILENAME"
if [ $? -eq 0 ]; then
echo "luci-i18n-amneziawg-ru installed successfully"
else
echo "Warning: Error installing luci-i18n-amneziawg-ru (non-critical)"
fi
else
echo "Warning: Russian localization not available for this version/platform (non-critical)"
fi
fi
else
printf "\033[32;1mSkipping Russian language pack installation.\033[0m\n"
fi
fi
rm -rf "$AWG_DIR"
}
configure_amneziawg_interface() {
INTERFACE_NAME="awg1"
CONFIG_NAME="amneziawg_awg1"
PROTO="amneziawg"
ZONE_NAME="awg1"
read -r -p "Enter the private key (from [Interface]):"$'\n' AWG_PRIVATE_KEY_INT
while true; do
read -r -p "Enter internal IP address with subnet, example 192.168.100.5/24 (from [Interface]):"$'\n' AWG_IP
if echo "$AWG_IP" | egrep -oq '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+$'; then
break
else
echo "This IP is not valid. Please repeat"
fi
done
read -r -p "Enter the public key (from [Peer]):"$'\n' AWG_PUBLIC_KEY_INT
read -r -p "If use PresharedKey, Enter this (from [Peer]). If your don't use leave blank:"$'\n' AWG_PRESHARED_KEY_INT
read -r -p "Enter Endpoint host without port (Domain or IP) (from [Peer]):"$'\n' AWG_ENDPOINT_INT
read -r -p "Enter Endpoint host port (from [Peer]) [51820]:"$'\n' AWG_ENDPOINT_PORT_INT
AWG_ENDPOINT_PORT_INT=${AWG_ENDPOINT_PORT_INT:-51820}
if [ "$AWG_ENDPOINT_PORT_INT" = '51820' ]; then
echo $AWG_ENDPOINT_PORT_INT
fi
read -r -p "Enter Jc value (from [Interface]):"$'\n' AWG_JC
read -r -p "Enter Jmin value (from [Interface]):"$'\n' AWG_JMIN
read -r -p "Enter Jmax value (from [Interface]):"$'\n' AWG_JMAX
read -r -p "Enter S1 value (from [Interface]):"$'\n' AWG_S1
read -r -p "Enter S2 value (from [Interface]):"$'\n' AWG_S2
read -r -p "Enter H1 value (from [Interface]):"$'\n' AWG_H1
read -r -p "Enter H2 value (from [Interface]):"$'\n' AWG_H2
read -r -p "Enter H3 value (from [Interface]):"$'\n' AWG_H3
read -r -p "Enter H4 value (from [Interface]):"$'\n' AWG_H4
# AWG 2.0 новые параметры
if [ "$AWG_VERSION" = "2.0" ]; then
read -r -p "Enter S3 value (from [Interface]) [optional, leave blank to skip]:"$'\n' AWG_S3
read -r -p "Enter S4 value (from [Interface]) [optional, leave blank to skip]:"$'\n' AWG_S4
read -r -p "Enter I1 value (from [Interface]) [optional, leave blank to skip]:"$'\n' AWG_I1
read -r -p "Enter I2 value (from [Interface]) [optional, leave blank to skip]:"$'\n' AWG_I2
read -r -p "Enter I3 value (from [Interface]) [optional, leave blank to skip]:"$'\n' AWG_I3
read -r -p "Enter I4 value (from [Interface]) [optional, leave blank to skip]:"$'\n' AWG_I4
read -r -p "Enter I5 value (from [Interface]) [optional, leave blank to skip]:"$'\n' AWG_I5
fi
uci set network.${INTERFACE_NAME}=interface
uci set network.${INTERFACE_NAME}.proto=$PROTO
uci set network.${INTERFACE_NAME}.private_key=$AWG_PRIVATE_KEY_INT
uci set network.${INTERFACE_NAME}.listen_port='51821'
uci set network.${INTERFACE_NAME}.addresses=$AWG_IP
uci set network.${INTERFACE_NAME}.awg_jc=$AWG_JC
uci set network.${INTERFACE_NAME}.awg_jmin=$AWG_JMIN
uci set network.${INTERFACE_NAME}.awg_jmax=$AWG_JMAX
uci set network.${INTERFACE_NAME}.awg_s1=$AWG_S1
uci set network.${INTERFACE_NAME}.awg_s2=$AWG_S2
uci set network.${INTERFACE_NAME}.awg_h1=$AWG_H1
uci set network.${INTERFACE_NAME}.awg_h2=$AWG_H2
uci set network.${INTERFACE_NAME}.awg_h3=$AWG_H3
uci set network.${INTERFACE_NAME}.awg_h4=$AWG_H4
# Устанавливаем новые параметры для AWG 2.0 (только если они заданы)
if [ "$AWG_VERSION" = "2.0" ]; then
[ -n "$AWG_S3" ] && uci set network.${INTERFACE_NAME}.awg_s3=$AWG_S3
[ -n "$AWG_S4" ] && uci set network.${INTERFACE_NAME}.awg_s4=$AWG_S4
[ -n "$AWG_I1" ] && uci set network.${INTERFACE_NAME}.awg_i1=$AWG_I1
[ -n "$AWG_I2" ] && uci set network.${INTERFACE_NAME}.awg_i2=$AWG_I2
[ -n "$AWG_I3" ] && uci set network.${INTERFACE_NAME}.awg_i3=$AWG_I3
[ -n "$AWG_I4" ] && uci set network.${INTERFACE_NAME}.awg_i4=$AWG_I4
[ -n "$AWG_I5" ] && uci set network.${INTERFACE_NAME}.awg_i5=$AWG_I5
fi
if ! uci show network | grep -q ${CONFIG_NAME}; then
uci add network ${CONFIG_NAME}
fi
uci set network.@${CONFIG_NAME}[0]=$CONFIG_NAME
uci set network.@${CONFIG_NAME}[0].name="${INTERFACE_NAME}_client"
uci set network.@${CONFIG_NAME}[0].public_key=$AWG_PUBLIC_KEY_INT
uci set network.@${CONFIG_NAME}[0].preshared_key=$AWG_PRESHARED_KEY_INT
uci set network.@${CONFIG_NAME}[0].route_allowed_ips='1'
uci set network.@${CONFIG_NAME}[0].persistent_keepalive='25'
uci set network.@${CONFIG_NAME}[0].endpoint_host=$AWG_ENDPOINT_INT
uci set network.@${CONFIG_NAME}[0].allowed_ips='0.0.0.0/0'
uci add_list network.@${CONFIG_NAME}[0].allowed_ips='::/0'
uci set network.@${CONFIG_NAME}[0].endpoint_port=$AWG_ENDPOINT_PORT_INT
uci commit network
if ! uci show firewall | grep -q "@zone.*name='${ZONE_NAME}'"; then
printf "\033[32;1mZone Create\033[0m\n"
uci add firewall zone
uci set firewall.@zone[-1].name=$ZONE_NAME
uci set firewall.@zone[-1].network=$INTERFACE_NAME
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci set firewall.@zone[-1].family='ipv4'
uci commit firewall
fi
if ! uci show firewall | grep -q "@forwarding.*name='${ZONE_NAME}'"; then
printf "\033[32;1mConfigured forwarding\033[0m\n"
uci add firewall forwarding
uci set firewall.@forwarding[-1]=forwarding
uci set firewall.@forwarding[-1].name="${ZONE_NAME}-lan"
uci set firewall.@forwarding[-1].dest=${ZONE_NAME}
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].family='ipv4'
uci commit firewall
fi
service network restart
}
detect_package_manager
check_repo
install_awg_packages
printf "\033[32;1mDo you want to configure the amneziawg interface? (y/n): \033[0m\n"
read IS_SHOULD_CONFIGURE_AWG_INTERFACE
if [ "$IS_SHOULD_CONFIGURE_AWG_INTERFACE" = "y" ] || [ "$IS_SHOULD_CONFIGURE_AWG_INTERFACE" = "Y" ]; then
configure_amneziawg_interface
else
printf "\033[32;1mSkipping amneziawg interface configuration.\033[0m\n"
fi