From 225882ccc447af850f966f1dceec947b0a142086 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 31 Oct 2017 16:15:19 +0100 Subject: [PATCH] contrib: add reresolve-dns Signed-off-by: Jason A. Donenfeld --- contrib/reresolve-dns/README | 9 ++++++ contrib/reresolve-dns/reresolve-dns.sh | 39 ++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 contrib/reresolve-dns/README create mode 100755 contrib/reresolve-dns/reresolve-dns.sh diff --git a/contrib/reresolve-dns/README b/contrib/reresolve-dns/README new file mode 100644 index 0000000..f228caa --- /dev/null +++ b/contrib/reresolve-dns/README @@ -0,0 +1,9 @@ +reresolve-dns +============= + +Run this script from cron every thirty seconds or so, and it will ensure +that if, when using a dynamic DNS service, the DNS entry for a hosts +changes, the kernel will get the update to the DNS entry. + +This works by parsing configuration files, and simply running: + $ wg set wg0 peer ... endpoint ... diff --git a/contrib/reresolve-dns/reresolve-dns.sh b/contrib/reresolve-dns/reresolve-dns.sh new file mode 100755 index 0000000..d63f5fa --- /dev/null +++ b/contrib/reresolve-dns/reresolve-dns.sh @@ -0,0 +1,39 @@ +#!/bin/bash +set -e +shopt -s nocasematch +shopt -s extglob +export LC_ALL=C + +CONFIG_FILE="$1" +[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf" +[[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]] +INTERFACE="${BASH_REMATCH[1]}" + +process_peer() { + [[ $PEER_SECTION -ne 1 || -z $PUBLIC_KEY || -z $ENDPOINT ]] && return 0 + [[ $(wg show "$INTERFACE" latest-handshakes) =~ ^${PUBLIC_KEY//+/\\+}\ ([0-9]+)$ ]] || return 0 + (( ($(date +%s) - ${BASH_REMATCH[1]}) > 135 )) || return 0 + wg set "$INTERFACE" peer "$PUBLIC_KEY" endpoint "$ENDPOINT" + reset_peer_section +} + +reset_peer_section() { + PEER_SECTION=0 + PUBLIC_KEY="" + ENDPOINT="" +} + +reset_peer_section +while read -r line || [[ -n $line ]]; do + key="${line%%=*}"; key="${key##*( )}"; key="${key%%*( )}" + value="${line#*=}"; value="${value##*( )}"; value="${value%%*( )}" + [[ $key == "["* ]] && { process_peer; reset_peer_section; } + [[ $key == "[Peer]" ]] && PEER_SECTION=1 + if [[ $PEER_SECTION -eq 1 ]]; then + case "$key" in + PublicKey) PUBLIC_KEY="$value"; continue ;; + Endpoint) ENDPOINT="$value"; continue ;; + esac + fi +done < "$CONFIG_FILE" +process_peer