Update freebsd/freebsd-secure.sh
This commit is contained in:
parent
a65a5e04f8
commit
8289292403
1 changed files with 14 additions and 11 deletions
|
|
@ -18,19 +18,22 @@ pw useradd -n "$USERNAME" -m -s /usr/local/bin/bash -w no
|
|||
# --- WireGuard setup ---
|
||||
echo "Configuring WireGuard..."
|
||||
|
||||
if [ -z "$WG_CLIENT_IP" ] || [ -z "$WG_SERVER_IP" ]; then
|
||||
if [ -z "$CLIENT_IP" ] || [ -z "$SERVER_IP" ] || [ -z "$PREFIXLEN" ]; then
|
||||
SUB_START="fc$(openssl rand -hex 1):$(openssl rand -hex 2):$(openssl rand -hex 2):$(openssl rand -hex 2)"
|
||||
WG_CLIENT_IP="$SUB_START::2"
|
||||
WG_SERVER_IP="$SUB_START::1"
|
||||
SUBNET_MASK=64
|
||||
CLIENT_IP="$SUB_START::2"
|
||||
SERVER_IP="$SUB_START::1"
|
||||
PREFIXLEN=64
|
||||
fi
|
||||
|
||||
if [ "$WG_CLIENT_IP" == *"."* ]; then
|
||||
if [ "$CLIENT_IP" == *"."* ]; then
|
||||
HOST_MASK=32
|
||||
else
|
||||
HOST_MASK=128
|
||||
fi
|
||||
|
||||
CLIENT_IP=$(echo "$CLIENT_IP" | cut -d"/" -f1)
|
||||
SERVER_IP=$(echo "$SERVER_IP" | cut -d"/" -f1)
|
||||
|
||||
WG_LISTEN_PORT=${WG_LISTEN_PORT:-$(jot -r 1 49152 65535)}
|
||||
WG_PRESHARED_KEY=${WG_PRESHARED_KEY:-$(wg genpsk)}
|
||||
|
||||
|
|
@ -43,12 +46,12 @@ cat <<EOF > /usr/local/etc/wireguard/vmh-ssh-vpn.conf
|
|||
[Interface]
|
||||
ListenPort = $WG_LISTEN_PORT
|
||||
PrivateKey = $WG_LOCAL_PRIVKEY
|
||||
Address = $WG_SERVER_IP/$SUBNET_MASK
|
||||
Address = $SERVER_IP/$PREFIXLEN
|
||||
|
||||
[Peer]
|
||||
PublicKey = $WIREGUARD_PUBKEY
|
||||
PresharedKey = $WG_PRESHARED_KEY
|
||||
AllowedIPs = $WG_CLIENT_SUBNET/$HOST_MASK
|
||||
AllowedIPs = $CLIENT_IP/$HOST_MASK
|
||||
EOF
|
||||
|
||||
chmod 600 /usr/local/etc/wireguard/vmh-ssh-vpn.conf
|
||||
|
|
@ -79,7 +82,7 @@ PasswordAuthentication no
|
|||
PubkeyAuthentication yes
|
||||
PermitRootLogin no
|
||||
|
||||
ListenAddress $WG_SERVER_IP
|
||||
ListenAddress $SERVER_IP
|
||||
EOF
|
||||
|
||||
|
||||
|
|
@ -106,16 +109,16 @@ echo "1. Install the WireGuard config (fill in the gaps)"
|
|||
echo
|
||||
echo "[Interface]"
|
||||
echo "PrivateKey = ..."
|
||||
echo "Address = $WG_CLIENT_IP/$SUBNET_MASK"
|
||||
echo "Address = $CLIENT_IP/$PREFIXLEN"
|
||||
echo "[Peer]"
|
||||
echo "Endpoint = ...:$WG_LISTEN_PORT"
|
||||
echo "PublicKey = $WG_LOCAL_PUBKEY"
|
||||
echo "PresharedKey = $WG_PRESHARED_KEY"
|
||||
echo "AllowedIPs = $WG_SERVER_IP/$HOST_MASK"
|
||||
echo "AllowedIPs = $SERVER_IP/$HOST_MASK"
|
||||
echo
|
||||
echo "2. Use this command to connect"
|
||||
echo
|
||||
echo "ssh $USERNAME@$WG_SERVER_IP"
|
||||
echo "ssh $USERNAME@$SERVER_IP"
|
||||
echo
|
||||
echo "NOTICE:"
|
||||
echo "If you need to change the port or other VPN settings, do it NOW. /usr/local/etc/wireguard/vmh-ssh-vpn.conf"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue