diff --git a/README.md b/README.md index 2428075..f128d61 100644 --- a/README.md +++ b/README.md @@ -118,6 +118,20 @@ Use the command ```wg``` to setup. See [https://www.wireguard.com/quickstart/]( Some users have asked about tailscale support, I have tested and it works. See the issue #30 for further information. +Example setup: +``` +ENABLE_WIREGUARD="true" +WIREGUARD_IPV4="192.168.2.101/32" +WIREGUARD_PEER_ENDPOINT="x.x.x.x:51820" +WIREGUARD_PEER_PUBLIC_KEY="INSERT_PEER_PUBLIC_KEY_HERE" +WIREGUARD_PEER_ALLOWED_IPS="192.168.2.0/24" +WIREGUARD_PEER_KEEP_ALIVE="25" +``` + +To retrieve the public key that you'll need to add the peer to your wireguard endpoint: +1. Use SSH to log in +2. `wg` + --- Disable automatic firmware updates: @@ -260,6 +274,7 @@ WEB_CAM_FPS_RATE="25" ## Latest Updates +* 05-23-22: added simple wireguard startup configuration. * 05-22-22: added fps variable for rtsp server, thanks @claudobahn. * 05-22-22: Update wz_mini scripts and libraries to support v2 camera. experimental. * 05-20-22: updated to latest libcallback including mp4write, bug fixes: usb direct mac addr, usb webcam mode bad variable. diff --git a/SD_ROOT/wz_mini/run_mmc.sh b/SD_ROOT/wz_mini/run_mmc.sh index 7d12ed8..0e8be34 100755 --- a/SD_ROOT/wz_mini/run_mmc.sh +++ b/SD_ROOT/wz_mini/run_mmc.sh @@ -27,6 +27,11 @@ ENABLE_USB_RNDIS="false" ENABLE_IPV6="false" ENABLE_WIREGUARD="false" +WIREGUARD_IPV4="" +WIREGUARD_PEER_ENDPOINT="" +WIREGUARD_PEER_PUBLIC_KEY="" +WIREGUARD_PEER_ALLOWED_IPS="" +WIREGUARD_PEER_KEEP_ALIVE="" ENABLE_IPTABLES="false" @@ -336,6 +341,24 @@ if [[ "$ENABLE_WIREGUARD" == "true" ]]; then insmod $KMOD_PATH/kernel/net/ipv4/tunnel4.ko insmod $KMOD_PATH/kernel/net/ipv4/ip_tunnel.ko insmod $KMOD_PATH/kernel/net/wireguard/wireguard.ko + + if [[ "$WIREGUARD_IPV4" != "" ]]; then + mkdir -p /opt/wz_mini/etc/wireguard + + if [ ! -f /opt/wz_mini/etc/wireguard/privatekey ]; then + (umask 277 && /media/mmc/wz_mini/bin/wg genkey | /media/mmc/wz_mini/bin/busybox tee /opt/wz_mini/etc/wireguard/privatekey | /media/mmc/wz_mini/bin/wg pubkey > /opt/wz_mini/etc/wireguard/publickey) + fi + + /media/mmc/wz_mini/bin/busybox ip link add dev wg0 type wireguard + /media/mmc/wz_mini/bin/busybox ip address add dev wg0 $WIREGUARD_IPV4 + /media/mmc/wz_mini/bin/wg set wg0 private-key /opt/wz_mini/etc/wireguard/privatekey + /media/mmc/wz_mini/bin/busybox ip link set wg0 up + fi + + if [[ "$WIREGUARD_PEER_PUBLIC_KEY" != "" ]] && [[ "$WIREGUARD_PEER_ALLOWED_IPS" != "" ]] && [[ "$WIREGUARD_PEER_ENDPOINT" != "" ]] && [[ "$WIREGUARD_PEER_KEEP_ALIVE" != "" ]]; then + /media/mmc/wz_mini/bin/wg set wg0 peer $WIREGUARD_PEER_PUBLIC_KEY allowed-ips $WIREGUARD_PEER_ALLOWED_IPS endpoint $WIREGUARD_PEER_ENDPOINT persistent-keepalive $WIREGUARD_PEER_KEEP_ALIVE + /media/mmc/wz_mini/bin/busybox ip route add $WIREGUARD_PEER_ALLOWED_IPS dev wg0 + fi else echo "wireguard disabled" fi