feat(scripts): add the option to enter custom Client IP

script/wireguard: add the '--client-ip' option to enter any Client IP from a given range when creating a client profile. This gives the user better control over which IP address will be assigned to the client.
2025-04-15 11:59:02 +00:00 · 2025-01-25 14:52:01 +01:00 · 2025-01-25 14:52:01 +01:00 · 2cafbbf997
commit 2cafbbf997
parent 4e4d608b35
1 changed files with 61 additions and 7 deletions
--- a/scripts/wireguard/makeCONF.sh
+++ b/scripts/wireguard/makeCONF.sh
@ -27,11 +27,12 @@ err() {
 helpFunc() {
  echo "::: Create a client conf profile"
  echo ":::"
-  echo "::: Usage: pivpn <-a|add> [-n|--name <arg>] [-h|--help]"
+  echo "::: Usage: pivpn <-a|add> [-n|--name <arg>] [-ip|--client-ip <ipv4>] [-h|--help]"
  echo ":::"
  echo "::: Commands:"
  echo ":::  [none]               Interactive mode"
  echo ":::  -n,--name            Name for the Client (default: '${HOSTNAME}')"
+  echo ":::  -ip,--client-ip      IPv4 address of the Client"
  echo ":::  -h,--help            Show this help dialog"
 }

@ -67,6 +68,18 @@ checkName() {
  fi
 }

+checkClientIP() {
+  local ip ipv4_regex
+  ip="$1"
+  ipv4_regex="^((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.){3}"
+  ipv4_regex+="(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])$"
+
+  if [[ ! "${ip}" =~ $ipv4_regex ]]; then
+    err "::: Invalid IP: ${ip}"
+    exit 1
+  fi
+}
+
 ### Script
 if [[ ! -f "${setupVars}" ]]; then
  err "::: Missing setup vars file!"
@ -93,6 +106,20 @@ while [[ "$#" -gt 0 ]]; do
      CLIENT_NAME="${_val}"
      checkName
      ;;
+    -ip | --client-ip | --client-ip=*)
+      _val="${_key##--client-ip=}"
+
+      if [[ "${_val}" == "${_key}" ]]; then
+        [[ "$#" -lt 2 ]] \
+          && err "::: Missing value for the optional argument '${_key}'." \
+          && exit 1
+
+        _val="${2}"
+        shift
+      fi
+
+      CLIENT_IP="${_val}"
+      ;;
    -h | --help)
      helpFunc
      exit 0
@ -128,16 +155,43 @@ if [ "$(wc -l configs/clients.txt | awk '{print $1}')" -ge "${MAX_CLIENTS}" ]; t
 fi

 # shellcheck disable=SC2154
-FIRST_IPV4_DEC="$(dotIPv4FirstDec "${pivpnNET}" "${subnetClass}")"
-LAST_IPV4_DEC="$(dotIPv4LastDec "${pivpnNET}" "${subnetClass}")"
+NETID_IPV4_DEC="$(dotIPv4FirstDec "${pivpnNET}" "${subnetClass}")"
+BROADCAST_IPV4_DEC="$(dotIPv4LastDec "${pivpnNET}" "${subnetClass}")"
+
+FIRST_IPV4_DEC=$((NETID_IPV4_DEC + 2))
+LAST_IPV4_DEC=$((BROADCAST_IPV4_DEC - 1))
+FIRST_IPV4="$(decIPv4ToDot "${FIRST_IPV4_DEC}")"
+LAST_IPV4="$(decIPv4ToDot "${LAST_IPV4_DEC}")"
+
+if [[ -z "${CLIENT_IP}" ]]; then
+  read -p "Enter the Client IP from range ${FIRST_IPV4} - ${LAST_IPV4} (optional): " CLIENT_IP
+fi
+
+if [[ -n "${CLIENT_IP}" ]]; then
+  checkClientIP "${CLIENT_IP}"
+  ip="$(dotIPv4ToDec "${CLIENT_IP}")"
+
+  if [[ "${ip}" -lt "${FIRST_IPV4_DEC}" || "${ip}" -gt "${LAST_IPV4_DEC}" ]]; then
+    err "::: The specified IP ${CLIENT_IP} is not in range ${FIRST_IPV4} - ${LAST_IPV4}"
+    exit 1
+  fi

-# Find an unused address for the client IP
-for ((ip = FIRST_IPV4_DEC + 2; ip <= LAST_IPV4_DEC - 1; ip++)); do
  if ! grep -q " ${ip}$" configs/clients.txt; then
    UNUSED_IPV4_DEC="${ip}"
-    break
+  else
+    err "::: IP address ${CLIENT_IP} is already in use"
+    exit 1
  fi
-done
+else
+  # Find an unused address for the client IP
+  for ((ip = FIRST_IPV4_DEC; ip <= LAST_IPV4_DEC; ip++)); do
+    if ! grep -q " ${ip}$" configs/clients.txt; then
+      UNUSED_IPV4_DEC="${ip}"
+      echo "::: Chosen Client IP: $(decIPv4ToDot "${ip}")"
+      break
+    fi
+  done
+fi

 if [[ -z "${CLIENT_NAME}" ]]; then
  read -r -p "Enter a Name for the Client: " CLIENT_NAME