Browse Source
Wireguard Unbound Helper Scripts
host-add-static-route Adds a static route to a host that may be on the other side of a Wireguard tunnel. If a static route is not created, Wireguard may attempt to connect to the host running Wireguard over the Wireguard tunnel itself instead of across the Internet. Adding a static route to the Wireguard host on tunnel creation prevents this situation. unbound-host-add-local Adds a local-data section to Unbound for the Wireguard host just in case Unbound is connecting to a DNS server for a domain that is on the other side of the tunnel. e.g. wg.natrinicle.com should be retrieved from external DNS servers while all other natrinicle.com subdomains should come from 192.168.0.1 which is only available after the tunnel is up.master
Nate Bohman
6 years ago
2 changed files with 52 additions and 0 deletions
+ 39
- 0
host-add-static-route
View File
| #!/usr/bin/env bash | |||||
| LOCAL_HOSTNAME=${1} | |||||
| for LOCAL_IP in $(unbound-host ${LOCAL_HOSTNAME} | grep -Po "(([0-9]+\.){3}[0-9]+|([0-9a-f]+::?)+:?[0-9a-f]+)"); do | |||||
| ROUTE=$(ip route get ${LOCAL_IP} | grep -P "(from|via)" 2>/dev/null) | |||||
| if [ -z "${ROUTE}" ]; then | |||||
| echo "No route for ${LOCAL_IP}" | |||||
| continue | |||||
| fi | |||||
| DEV=$(echo ${ROUTE} | grep -Po "(?<=dev\s)[^\s]+") | |||||
| SRC=$(echo ${ROUTE} | grep -Po "(?<=src\s)[^\s]+") | |||||
| if [ -z "${DEV}" ]; then | |||||
| echo "No dev for ${LOCAL_IP}" | |||||
| continue | |||||
| fi | |||||
| if [ -z "${SRC}" ]; then | |||||
| echo "No src for ${LOCAL_IP}" | |||||
| continue | |||||
| fi | |||||
| if echo ${LOCAL_IP} | grep -q ":"; then | |||||
| # IPv6 | |||||
| FROM=$(echo ${ROUTE} | grep -Po "(?<=from\s)[^\s]+") | |||||
| if [ -n "${FROM}" ]; then | |||||
| echo "Adding ${LOCAL_IP} from ${FROM} dev ${DEV} src ${SRC} metric 100" | |||||
| ip route add ${LOCAL_IP} from ${FROM} dev ${DEV} src ${SRC} metric 100 | |||||
| fi | |||||
| else | |||||
| # IPv4 | |||||
| VIA=$(echo ${ROUTE} | grep -Po "(?<=via\s)[^\s]+") | |||||
| if [ -n "${VIA}" ]; then | |||||
| echo "Adding ${LOCAL_IP} via ${VIA} dev ${DEV} src ${SRC} metric 100" | |||||
| ip route add ${LOCAL_IP} via ${VIA} dev ${DEV} src ${SRC} metric 100 | |||||
| fi | |||||
| fi | |||||
| done |
+ 13
- 0
unbound-host-add-local
View File
| #!/usr/bin/env bash | |||||
| LOCAL_HOSTNAME=${1} | |||||
| unbound-control local_data_remove ${LOCAL_HOSTNAME} > /dev/null 2>&1 | |||||
| for dns_lookup in $(unbound-host ${LOCAL_HOSTNAME} | grep -Po "(([0-9]+\.){3}[0-9]+|([0-9a-f]+::?)+:?[0-9a-f]+)"); do | |||||
| if echo ${dns_lookup} | grep -q ":"; then | |||||
| unbound-control local_data ${LOCAL_HOSTNAME} IN AAAA ${dns_lookup} > /dev/null 2>&1 | |||||
| else | |||||
| unbound-control local_data ${LOCAL_HOSTNAME} IN A ${dns_lookup} > /dev/null 2>&1 | |||||
| fi | |||||
| done |
Loading…