瀏覽代碼

Wireguard Unbound Helper Scripts

host-add-static-route
Adds a static route to a host that may be on the other side of a
Wireguard tunnel. If a static route is not created, Wireguard may
attempt to connect to the host running Wireguard over the Wireguard
tunnel itself instead of across the Internet. Adding a static route
to the Wireguard host on tunnel creation prevents this situation.

unbound-host-add-local
Adds a local-data section to Unbound for the Wireguard host just in
case Unbound is connecting to a DNS server for a domain that is on
the other side of the tunnel. e.g. wg.natrinicle.com should be
retrieved from external DNS servers while all other natrinicle.com
subdomains should come from 192.168.0.1 which is only available after
the tunnel is up.
master
Nate Bohman 6 年之前
父節點
當前提交
78fef5dc0b
共有 2 個文件被更改,包括 52 次插入0 次删除
  1. +39
    -0
      host-add-static-route
  2. +13
    -0
      unbound-host-add-local

+ 39
- 0
host-add-static-route 查看文件

@@ -0,0 +1,39 @@
#!/usr/bin/env bash

LOCAL_HOSTNAME=${1}

for LOCAL_IP in $(unbound-host ${LOCAL_HOSTNAME} | grep -Po "(([0-9]+\.){3}[0-9]+|([0-9a-f]+::?)+:?[0-9a-f]+)"); do
ROUTE=$(ip route get ${LOCAL_IP} | grep -P "(from|via)" 2>/dev/null)
if [ -z "${ROUTE}" ]; then
echo "No route for ${LOCAL_IP}"
continue
fi

DEV=$(echo ${ROUTE} | grep -Po "(?<=dev\s)[^\s]+")
SRC=$(echo ${ROUTE} | grep -Po "(?<=src\s)[^\s]+")

if [ -z "${DEV}" ]; then
echo "No dev for ${LOCAL_IP}"
continue
fi
if [ -z "${SRC}" ]; then
echo "No src for ${LOCAL_IP}"
continue
fi

if echo ${LOCAL_IP} | grep -q ":"; then
# IPv6
FROM=$(echo ${ROUTE} | grep -Po "(?<=from\s)[^\s]+")
if [ -n "${FROM}" ]; then
echo "Adding ${LOCAL_IP} from ${FROM} dev ${DEV} src ${SRC} metric 100"
ip route add ${LOCAL_IP} from ${FROM} dev ${DEV} src ${SRC} metric 100
fi
else
# IPv4
VIA=$(echo ${ROUTE} | grep -Po "(?<=via\s)[^\s]+")
if [ -n "${VIA}" ]; then
echo "Adding ${LOCAL_IP} via ${VIA} dev ${DEV} src ${SRC} metric 100"
ip route add ${LOCAL_IP} via ${VIA} dev ${DEV} src ${SRC} metric 100
fi
fi
done

+ 13
- 0
unbound-host-add-local 查看文件

@@ -0,0 +1,13 @@
#!/usr/bin/env bash

LOCAL_HOSTNAME=${1}

unbound-control local_data_remove ${LOCAL_HOSTNAME} > /dev/null 2>&1

for dns_lookup in $(unbound-host ${LOCAL_HOSTNAME} | grep -Po "(([0-9]+\.){3}[0-9]+|([0-9a-f]+::?)+:?[0-9a-f]+)"); do
if echo ${dns_lookup} | grep -q ":"; then
unbound-control local_data ${LOCAL_HOSTNAME} IN AAAA ${dns_lookup} > /dev/null 2>&1
else
unbound-control local_data ${LOCAL_HOSTNAME} IN A ${dns_lookup} > /dev/null 2>&1
fi
done

Loading…
取消
儲存