print peer config and fixes

Signed-off-by: Guillem Bonet <[email protected]>

go.mod

@@ -1,3 +1,7 @@
 module github.com/Guillembonet/nginx-wg-proxy
 
 go 1.19
+
+require golang.zx2c4.com/wireguard/wgctrl v0.0.0-20221104135756-97bc4ad4a1cb
+
+require golang.org/x/crypto v0.1.0 // indirect

go.sum

@@ -0,0 +1,5 @@
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
+golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.zx2c4.com/wireguard/wgctrl v0.0.0-20221104135756-97bc4ad4a1cb h1:9aqVcYEDHmSNb0uOWukxV5lHV09WqiSiCuhEgWNETLY=
+golang.zx2c4.com/wireguard/wgctrl v0.0.0-20221104135756-97bc4ad4a1cb/go.mod h1:mQqgjkW8GQQcJQsbBvK890TKqUK1DfKWkuBGbOkuMHQ=

main.go

@@ -8,49 +8,72 @@ import (
 	"os"
 	"os/exec"
 	"os/signal"
+	"strings"
+
+	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
 )
 
 var (
 	wireguardIP             = flag.String("wgIP", "10.0.0.1", "IP address for the Wireguard interface")
 	wireguardPort           = flag.String("wgPort", "52122", "Port for the Wireguard interface")
 	wireguardPrivateKey     = flag.String("wgPrivateKey", "", "Private key for the Wireguard interface")
+	wireguardEndpointIP     = flag.String("wgEndpointIP", "", "Endpoint IP used by the peer for the Wireguard tunnel")
+	wireguardEndpointPort   = flag.String("wgEndpointPort", "", "Endpoint port used by the peer for the Wireguard tunnel")
 	wireguardPeerPublicKey  = flag.String("wgPeerPublicKey", "", "Public key of the peer for the Wireguard tunnel")
-	wireguardPeerEndpoint   = flag.String("wgPeerEndpoint", "", "Endpoint (IP and port) of the peer for the Wireguard tunnel")
 	wireguardPeerAllowedIPs = flag.String("wgPeerAllowedIPs", "10.0.0.2/32", "Allowed IPs for the peer for the Wireguard tunnel")
 
 	nginxListenIP   = flag.String("nginxIP", "0.0.0.0", "IP address for the nginx to listen on")
 	nginxListenPort = flag.String("nginxPort", "8080", "Port for the nginx to listen on")
 	nginxServerName = flag.String("nginxServerName", "wg-proxy", "Server name for the nginx server")
+	nginxProxyPort  = flag.String("nginxProxyPort", "8080", "Port for the nginx to proxy to")
 )
 
 func main() {
 	flag.Parse()
-	fmt.Println(*wireguardIP, *wireguardPort, *wireguardPrivateKey, *wireguardPeerPublicKey, *wireguardPeerEndpoint, *wireguardPeerAllowedIPs, *nginxListenIP, *nginxListenPort)
+	if *wireguardEndpointPort == "" && *wireguardPort != "" {
+		log.Println("wireguard endpoint port is not specified, using wireguard port")
+		*wireguardEndpointPort = *wireguardPort
+	}
 	// check if all the required flags are passed or not
-	if *wireguardIP == "" || *wireguardPort == "" || *wireguardPrivateKey == "" || *wireguardPeerPublicKey == "" || *wireguardPeerEndpoint == "" || *wireguardPeerAllowedIPs == "" || *nginxListenIP == "" || *nginxListenPort == "" || *nginxServerName == "" {
+	if *wireguardIP == "" || *wireguardPort == "" || *wireguardPrivateKey == "" ||
+		*wireguardPeerPublicKey == "" || *wireguardEndpointIP == "" ||
+		*wireguardEndpointPort == "" || *wireguardPeerAllowedIPs == "" ||
+		*nginxListenIP == "" || *nginxListenPort == "" ||
+		*nginxServerName == "" || *nginxProxyPort == "" {
 		log.Fatal("All flags are not provided")
 	}
 
 	// Create Wireguard config file
-	wireguardConfig := []byte(fmt.Sprintf("[Interface]\nAddress = %s/32\nListenPort = %s\nPrivateKey = %s\n\n[Peer]\nPublicKey = %s\nEndpoint = %s\nAllowedIPs = %s\n",
-		*wireguardIP, *wireguardPort, *wireguardPrivateKey, *wireguardPeerPublicKey, *wireguardPeerEndpoint, *wireguardPeerAllowedIPs))
+	wireguardConfig := []byte(fmt.Sprintf("[Interface]\nAddress = %s/32\nListenPort = %s\nPrivateKey = %s\n\n[Peer]\nPublicKey = %s\nAllowedIPs = %s\n",
+		*wireguardIP, *wireguardPort, *wireguardPrivateKey, *wireguardPeerPublicKey, *wireguardPeerAllowedIPs))
 	err := ioutil.WriteFile("wg0.conf", wireguardConfig, 0644)
 	if err != nil {
 		log.Fatal(err)
 	}
 	fmt.Println("Wireguard config file created")
 
+	// Stop previous tunnel
+	cmd := exec.Command("wg-quick", "down", "./wg0.conf")
+	err = cmd.Run()
+	if err != nil {
+		log.Println("failed to stop previous tunnel:", err)
+	}
+
 	// Start Wireguard tunnel
-	cmd := exec.Command("wg-quick", "up", "./wg0.conf")
+	cmd = exec.Command("wg-quick", "up", "./wg0.conf")
 	err = cmd.Run()
 	if err != nil {
 		log.Fatal(err)
 	}
 	fmt.Println("Wireguard tunnel established")
 
+	peerIpSplit := strings.Split(*wireguardPeerAllowedIPs, "/")
+	if len(peerIpSplit) != 2 {
+		log.Fatal(fmt.Errorf("peer allowed ips has bad format: %s", *wireguardPeerAllowedIPs))
+	}
 	// Create nginx config file
 	nginxConfig := []byte(fmt.Sprintf("events {\n    worker_connections 1024;\n}\n\nhttp {\n    server {\n        listen %s:%s;\n        server_name %s;\n\n        location / {\n            proxy_pass http://%s:%s;\n        }\n    }\n}",
-		*nginxListenIP, *nginxListenPort, *nginxServerName, *wireguardIP, *wireguardPort))
+		*nginxListenIP, *nginxListenPort, *nginxServerName, peerIpSplit[0], *nginxProxyPort))
 	err = ioutil.WriteFile("nginx.conf", nginxConfig, 0644)
 	if err != nil {
 		log.Fatal(err)
@@ -68,6 +91,15 @@ func main() {
 	// cleanup the files
 	os.Remove("wg0.conf")
 
+	key, err := wgtypes.ParseKey(*wireguardPrivateKey)
+	if err != nil {
+		log.Fatal(err)
+	}
+	// Print Wireguard config file for the peer
+	fmt.Println("*** Wireguard config for peer ***")
+	fmt.Printf("[Interface]\nAddress = %s\nPrivateKey = privateKey\n\n[Peer]\nPublicKey = %s\nEndpoint = %s:%s\nAllowedIPs = %s/32\nPersistentKeepalive = 25\n", *wireguardPeerAllowedIPs, key.PublicKey().String(), *wireguardEndpointIP, *wireguardEndpointPort, *wireguardIP)
+	fmt.Println("*********      End      *********")
+
 	sig := make(chan os.Signal, 1)
 	signal.Notify(sig, os.Interrupt)