Pi-hole/pivpn
Pi-hole/pivpn
1
0
Fork 0
mirror of https://github.com/pivpn/pivpn.git synced 2024-12-18 19:00:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Generate a unique pre-shared key for each client as per WireGuard protocol to improve post-quantum resistance.

Browse source
This commit is contained in:
jellemdekker 2020-04-21 10:52:35 +02:00
parent 4e8d4dfd8e
commit e643acce17
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
auto_install/install.sh
View file

@ -1977,9 +1977,9 @@ confWireGuard(){
$SUDO chmod 700 /etc/wireguard
if [ "${runUnattended}" = 'true' ]; then
echo "::: The Server Keys and Pre-Shared key will now be generated."
echo "::: The Server Keys will now be generated."
else
whiptail --title "Server Information" --msgbox "The Server Keys and Pre-Shared key will now be generated." "${r}" "${c}"
whiptail --title "Server Information" --msgbox "The Server Keys will now be generated." "${r}" "${c}"
fi
# Remove configs and keys folders to make space for a new server when using 'Repair' or 'Reconfigure'
@ -1993,10 +1993,9 @@ confWireGuard(){
# Generate private key and derive public key from it
wg genkey | $SUDO tee /etc/wireguard/keys/server_priv &> /dev/null
wg genpsk | $SUDO tee /etc/wireguard/keys/psk &> /dev/null
$SUDO cat /etc/wireguard/keys/server_priv | wg pubkey | $SUDO tee /etc/wireguard/keys/server_pub &> /dev/null
echo "::: Server Keys and Pre-Shared Key have been generated."
echo "::: Server Keys have been generated."
echo "[Interface]
PrivateKey = $($SUDO cat /etc/wireguard/keys/server_priv)

5
scripts/wireguard/makeCONF.sh
View file

@ -75,6 +75,7 @@ if [ -f "configs/${CLIENT_NAME}.conf" ]; then
fi
wg genkey | tee "keys/${CLIENT_NAME}_priv" | wg pubkey > "keys/${CLIENT_NAME}_pub"
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
echo "::: Client Keys generated"
# Find an unused number for the last octet of the client IP
@ -102,7 +103,7 @@ echo >> "configs/${CLIENT_NAME}.conf"
echo "[Peer]
PublicKey = $(cat keys/server_pub)
PresharedKey = $(cat keys/psk)
PresharedKey = ${CLIENT_PRE_SHARED_KEY}
Endpoint = ${pivpnHOST}:${pivpnPORT}
AllowedIPs = 0.0.0.0/0, ::0/0" >> "configs/${CLIENT_NAME}.conf"
echo "::: Client config generated"
@ -110,7 +111,7 @@ echo "::: Client config generated"
echo "# begin ${CLIENT_NAME}
[Peer]
PublicKey = $(cat "keys/${CLIENT_NAME}_pub")
PresharedKey = $(cat keys/psk)
PresharedKey = ${CLIENT_PRE_SHARED_KEY}
AllowedIPs = ${NET_REDUCED}.${COUNT}/32
# end ${CLIENT_NAME}" >> wg0.conf
echo "::: Updated server config"