hassio-addons/addon-wireguard
1
0
Fork 0
mirror of https://github.com/hassio-addons/addon-wireguard.git synced 2025-05-05 03:11:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Adds support for forwarding traffic

Browse source
This commit is contained in:
Franck Nijhof 2019-08-26 22:16:53 +02:00
parent d557dda1ea
commit 36e48fec7f
No known key found for this signature in database
GPG key ID: D62583BA8AB11CA3
2 changed files with 46 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
wireguard/config.json
View file

@ -36,8 +36,8 @@
"10.10.0.1/16" "10.10.0.1/16"
], ],
"dns": [ "dns": [
"8.8.8.8", "1.1.1.1",
"8.8.4.4" "9.9.9.9"
] ]
}, },
"peers": [ "peers": [
@ -58,7 +58,9 @@
"host": "str", "host": "str",
"addresses": ["str"], "addresses": ["str"],
"dns": ["str"], "dns": ["str"],
"private_key": "str?" "private_key": "str?",
"post_up": "str?",
"post_down": "str?"
}, },
"peers": [ "peers": [
{ {

41
wireguard/rootfs/etc/cont-init.d/config.sh
View file

@ -16,6 +16,8 @@ declare port
declare pre_shared_key declare pre_shared_key
declare private_key declare private_key
declare public_key declare public_key
declare post_up
declare post_down
if ! bashio::fs.directory_exists '/ssl/wireguard'; then if ! bashio::fs.directory_exists '/ssl/wireguard'; then
mkdir -p /ssl/wireguard || mkdir -p /ssl/wireguard ||
@ -24,6 +26,11 @@ fi
echo "[Interface]" > "${CONFIG}" echo "[Interface]" > "${CONFIG}"
# Check if at least 1 address is specified
if ! bashio::config.has_value 'server.addresses'; then
bashio::exit.nok 'You need at least 1 address configured for the server'
fi
# Add all server addresses to the configuration # Add all server addresses to the configuration
for address in $(bashio::config 'server.addresses'); do for address in $(bashio::config 'server.addresses'); do
echo "Address = ${address}" >> "${CONFIG}" echo "Address = ${address}" >> "${CONFIG}"
@ -46,12 +53,46 @@ else
private_key=$(</ssl/wireguard/private_key) private_key=$(</ssl/wireguard/private_key)
fi fi
# Post Up & Down defaults
post_up="iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
post_down="iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE"
if [[ $(</proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
bashio::log.warning
bashio::log.warning "IP forwarding is disabled on the host system!"
bashio::log.warning "You can still use WireGuard to access Hass.io,"
bashio::log.warning "however, you cannot access your home network or"
bashio::log.warning "the internet via the VPN tunnel."
bashio::log.warning
bashio::log.warning "Please consult the add-on documentation on how"
bashio::log.warning "to resolve this."
bashio::log.warning
# Set fake placeholders for Up & Down commands
post_up="true"
post_down="true"
fi
# Load custom PostUp setting if provided
if bashio::config.has_value 'server.post_up'; then
post_up=$(bashio::config 'server.post_up')
fi
# Load custom PostDown setting if provided
if bashio::config.has_value 'server.post_down'; then
post_down=$(bashio::config 'server.post_down')
fi
# Finish up the configuration
{ {
echo "PrivateKey = ${private_key}"; echo "PrivateKey = ${private_key}";
# Adds server port to the configuration # Adds server port to the configuration
echo "ListenPort = 51820"; echo "ListenPort = 51820";
# Post up & down
echo "PostUp = ${post_up}";
echo "PostDown = ${post_down}";
# End configuration file with an empty line # End configuration file with an empty line
echo ""; echo "";
} >> "${CONFIG}" } >> "${CONFIG}"