The edgewalker from fazalmajid

How is WG setup?

Hello,

How exactly is wireguard setup in the script?

I don't see a wg0 interface, or a tun0, setup for wiregaurd. I see a few instances in the script for wireguard but nothing really establishing a wireguard tunnel.

What am I missing?

Add Ad-blocking?

As per: https://marcocetica.com/posts/wireguard_openbsd/

IPv6 support

It's 2023 and this really should support IPv6, both as the way to reach the VPN server but also IPv6 connectivity from the VPN.

Use OpenBSD's native ACME support

This would eliminate the Python and acme-tiny requirement and simplify the script

Is iked necessary?

Hi,

Another enhancement for you to consider, though I know this would be a large undertaking.

Does the wireguard configuration depend on iked? Does the iked configuration depend on wireguard?

Maybe your script could have a case statement with a few options: 1. iked 2. wireguard 3. iked & wireguard

Depending on which is selected, it would know what to ask and how to proceed with the configuration.

Error checking needed

Hi,

Thanks for creating this script. Keep up the good work.

On first pass, it looks like there needs to be some error checks. See this example:

$ doas ./edgewalker.sh
What is the FQDN hostname to use? opti3020.in.example.net
Secret: 3rd2U4kPM5U8YubK
setting up sysctl.conf
Setting up PF
Primary net interface re0 192.168.30.33
fe80::7a45:c4ff:fe07:6621%re0
Restarting PF
/etc/pf.conf:9: syntax error
/etc/pf.conf:11: syntax error
/etc/pf.conf:15: syntax error
/etc/pf.conf:20: syntax error
/etc/pf.conf:22: syntax error
/etc/pf.conf:24: syntax error
pfctl: Syntax error in config file: pf rules not loaded
rm: lets-encrypt-x3-cross-signed.pem*: No such file or directory
./edgewalker.sh[309]: wget: not found
cp: lets-encrypt-x3-cross-signed.pem: No such file or directory
Setting up httpd
httpd(ok)
httpd(ok)
Setting up OpenIKEd
Getting LE certificates
Generating private keys
vpn

Renewing certificates
Renewing certificates
vpn
Parsing account key...
Traceback (most recent call last):
  File "acme_tiny.py", line 197, in <module>
    main(sys.argv[1:])
  File "acme_tiny.py", line 193, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args
.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "acme_tiny.py", line 75, in get_crt
    out = _cmd(["openssl", "rsa", "-in", account_key, "-noout", "-text"], err_msg="OpenSSL Error")
  File "acme_tiny.py", line 28, in _cmd
    raise IOError("{0}\n{1}".format(err_msg, err))
OSError: OpenSSL Error
b'unable to load Private Key\n9310926458816:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/usr/src
/lib/libcrypto/pem/pem_lib.c:694:Expecting: ANY PRIVATE KEY\n'
Applying sysctl settings
net.inet.ip.forwarding: 1 -> 1
net.inet.ip.redirect: 0 -> 0
net.inet.ipcomp.enable: 1 -> 1
net.inet.ah.enable: 1 -> 1
net.inet.esp.enable: 1 -> 1
net.inet.esp.udpencap: 1 -> 1
Starting OpenIKEd
iked(failed)
Enabling SSL on HTTPd
httpd(ok)
httpd(ok)
quirks-3.494 signed on 2020-12-01T18:07:31Z
iOS/iPadOS/macOS VPN config QR code

So there's a few things:

pf rejects the rules
wget isn't installed
There's some python issue with acme_tiny.py
iked failed to start

Note: I didn't edit X509 or USERNAME. Would this have caused the failures above, though?

fazalmajid / edgewalker Goto Github PK

edgewalker's People

Contributors

Stargazers

Watchers

Forkers

edgewalker's Issues

How is WG setup?

Add Ad-blocking?

IPv6 support

Use OpenBSD's native ACME support

Is iked necessary?

Error checking needed

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs