fazalmajid / edgewalker Goto Github PK
View Code? Open in Web Editor NEWA DIY VPN setup script based on OpenBSD, OpenIKEd, Wireguard and Let's Encrypt
License: MIT License
A DIY VPN setup script based on OpenBSD, OpenIKEd, Wireguard and Let's Encrypt
License: MIT License
Hello,
How exactly is wireguard setup in the script?
I don't see a wg0 interface, or a tun0, setup for wiregaurd. I see a few instances in the script for wireguard but nothing really establishing a wireguard tunnel.
What am I missing?
It's 2023 and this really should support IPv6, both as the way to reach the VPN server but also IPv6 connectivity from the VPN.
This would eliminate the Python and acme-tiny requirement and simplify the script
Hi,
Another enhancement for you to consider, though I know this would be a large undertaking.
Does the wireguard configuration depend on iked? Does the iked configuration depend on wireguard?
Maybe your script could have a case statement with a few options: 1. iked 2. wireguard 3. iked & wireguard
Depending on which is selected, it would know what to ask and how to proceed with the configuration.
Hi,
Thanks for creating this script. Keep up the good work.
On first pass, it looks like there needs to be some error checks. See this example:
$ doas ./edgewalker.sh
What is the FQDN hostname to use? opti3020.in.example.net
Secret: 3rd2U4kPM5U8YubK
setting up sysctl.conf
Setting up PF
Primary net interface re0 192.168.30.33
fe80::7a45:c4ff:fe07:6621%re0
Restarting PF
/etc/pf.conf:9: syntax error
/etc/pf.conf:11: syntax error
/etc/pf.conf:15: syntax error
/etc/pf.conf:20: syntax error
/etc/pf.conf:22: syntax error
/etc/pf.conf:24: syntax error
pfctl: Syntax error in config file: pf rules not loaded
rm: lets-encrypt-x3-cross-signed.pem*: No such file or directory
./edgewalker.sh[309]: wget: not found
cp: lets-encrypt-x3-cross-signed.pem: No such file or directory
Setting up httpd
httpd(ok)
httpd(ok)
Setting up OpenIKEd
Getting LE certificates
Generating private keys
vpn
Renewing certificates
Renewing certificates
vpn
Parsing account key...
Traceback (most recent call last):
File "acme_tiny.py", line 197, in <module>
main(sys.argv[1:])
File "acme_tiny.py", line 193, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args
.disable_check, directory_url=args.directory_url, contact=args.contact)
File "acme_tiny.py", line 75, in get_crt
out = _cmd(["openssl", "rsa", "-in", account_key, "-noout", "-text"], err_msg="OpenSSL Error")
File "acme_tiny.py", line 28, in _cmd
raise IOError("{0}\n{1}".format(err_msg, err))
OSError: OpenSSL Error
b'unable to load Private Key\n9310926458816:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/usr/src
/lib/libcrypto/pem/pem_lib.c:694:Expecting: ANY PRIVATE KEY\n'
Applying sysctl settings
net.inet.ip.forwarding: 1 -> 1
net.inet.ip.redirect: 0 -> 0
net.inet.ipcomp.enable: 1 -> 1
net.inet.ah.enable: 1 -> 1
net.inet.esp.enable: 1 -> 1
net.inet.esp.udpencap: 1 -> 1
Starting OpenIKEd
iked(failed)
Enabling SSL on HTTPd
httpd(ok)
httpd(ok)
quirks-3.494 signed on 2020-12-01T18:07:31Z
iOS/iPadOS/macOS VPN config QR code
So there's a few things:
Note: I didn't edit X509 or USERNAME. Would this have caused the failures above, though?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.