Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Generate a unique pre-shared key for each client as per WireGuard protocol to improve post-quantum resistance.

Browse source
This commit is contained in:
jellemdekker 2020-04-21 10:52:35 +02:00
parent 4e8d4dfd8e
commit e643acce17
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
auto_install/install.sh
View file

@ -1977,9 +1977,9 @@ confWireGuard(){
$SUDO chmod 700 /etc/wireguard $SUDO chmod 700 /etc/wireguard
if [ "${runUnattended}" = 'true' ]; then if [ "${runUnattended}" = 'true' ]; then
echo "::: The Server Keys and Pre-Shared key will now be generated." echo "::: The Server Keys will now be generated."
else else
whiptail --title "Server Information" --msgbox "The Server Keys and Pre-Shared key will now be generated." "${r}" "${c}" whiptail --title "Server Information" --msgbox "The Server Keys will now be generated." "${r}" "${c}"
fi fi
# Remove configs and keys folders to make space for a new server when using 'Repair' or 'Reconfigure' # Remove configs and keys folders to make space for a new server when using 'Repair' or 'Reconfigure'
@ -1993,10 +1993,9 @@ confWireGuard(){
# Generate private key and derive public key from it # Generate private key and derive public key from it
wg genkey | $SUDO tee /etc/wireguard/keys/server_priv &> /dev/null wg genkey | $SUDO tee /etc/wireguard/keys/server_priv &> /dev/null
wg genpsk | $SUDO tee /etc/wireguard/keys/psk &> /dev/null
$SUDO cat /etc/wireguard/keys/server_priv | wg pubkey | $SUDO tee /etc/wireguard/keys/server_pub &> /dev/null $SUDO cat /etc/wireguard/keys/server_priv | wg pubkey | $SUDO tee /etc/wireguard/keys/server_pub &> /dev/null
echo "::: Server Keys and Pre-Shared Key have been generated." echo "::: Server Keys have been generated."
echo "[Interface] echo "[Interface]
PrivateKey = $($SUDO cat /etc/wireguard/keys/server_priv) PrivateKey = $($SUDO cat /etc/wireguard/keys/server_priv)

5
scripts/wireguard/makeCONF.sh
View file

@ -75,6 +75,7 @@ if [ -f "configs/${CLIENT_NAME}.conf" ]; then
fi fi
wg genkey | tee "keys/${CLIENT_NAME}_priv" | wg pubkey > "keys/${CLIENT_NAME}_pub" wg genkey | tee "keys/${CLIENT_NAME}_priv" | wg pubkey > "keys/${CLIENT_NAME}_pub"
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
echo "::: Client Keys generated" echo "::: Client Keys generated"
# Find an unused number for the last octet of the client IP # Find an unused number for the last octet of the client IP
@ -102,7 +103,7 @@ echo >> "configs/${CLIENT_NAME}.conf"
echo "[Peer] echo "[Peer]
PublicKey = $(cat keys/server_pub) PublicKey = $(cat keys/server_pub)
PresharedKey = $(cat keys/psk) PresharedKey = ${CLIENT_PRE_SHARED_KEY}
Endpoint = ${pivpnHOST}:${pivpnPORT} Endpoint = ${pivpnHOST}:${pivpnPORT}
AllowedIPs = 0.0.0.0/0, ::0/0" >> "configs/${CLIENT_NAME}.conf" AllowedIPs = 0.0.0.0/0, ::0/0" >> "configs/${CLIENT_NAME}.conf"
echo "::: Client config generated" echo "::: Client config generated"
@ -110,7 +111,7 @@ echo "::: Client config generated"
echo "# begin ${CLIENT_NAME} echo "# begin ${CLIENT_NAME}
[Peer] [Peer]
PublicKey = $(cat "keys/${CLIENT_NAME}_pub") PublicKey = $(cat "keys/${CLIENT_NAME}_pub")
PresharedKey = $(cat keys/psk) PresharedKey = ${CLIENT_PRE_SHARED_KEY}
AllowedIPs = ${NET_REDUCED}.${COUNT}/32 AllowedIPs = ${NET_REDUCED}.${COUNT}/32
# end ${CLIENT_NAME}" >> wg0.conf # end ${CLIENT_NAME}" >> wg0.conf
echo "::: Updated server config" echo "::: Updated server config"