allow using preshared keys

JeWe37 · JeWe37 · commit 67ca600fc60d · 2022-09-09T06:47:50.000+02:00
diff --git a/README.md b/README.md
@@ -73,6 +73,8 @@ expected values are set by default, most with dummy default values.
   The endpoint of the VPN provider's WireGuard server.
 - `WIREGUARD_VPN_PUBLIC_KEY`:
   The public key of the VPN provider's WireGuard peer.
+- `WIREGUARD_VPN_PPRESHARED_KEY`:
+  The preshared key of the VPN provider's WireGuard peer. Set to - to disable.
 - `WIREGUARD_ALLOWED_IPS`:
   Comma-separated list of IP addresses that may be contacted using the
   WireGuard interface. For a namespaced VPN, where the goal is to force all
diff --git a/bin/namespaced-wireguard-vpn-interface b/bin/namespaced-wireguard-vpn-interface
@@ -9,11 +9,21 @@ case "$1" in
     up)
         ip link add "$WIREGUARD_NAME" mtu $WIREGUARD_INITIAL_MTU type wireguard || die
 
-        wg set "$WIREGUARD_NAME" \
-            private-key <(echo "$WIREGUARD_PRIVATE_KEY") \
-            peer "$WIREGUARD_VPN_PUBLIC_KEY" \
-                endpoint "$WIREGUARD_ENDPOINT" \
-                allowed-ips "$WIREGUARD_ALLOWED_IPS" || die
+        if [ "$WIREGUARD_VPN_PRESHARED_KEY" == "-" ]
+        then
+            wg set "$WIREGUARD_NAME" \
+                private-key <(echo "$WIREGUARD_PRIVATE_KEY") \
+                peer "$WIREGUARD_VPN_PUBLIC_KEY" \
+                    endpoint "$WIREGUARD_ENDPOINT" \
+                    allowed-ips "$WIREGUARD_ALLOWED_IPS" || die
+        else
+            wg set "$WIREGUARD_NAME" \
+                private-key <(echo "$WIREGUARD_PRIVATE_KEY") \
+                peer "$WIREGUARD_VPN_PUBLIC_KEY" \
+                preshared-key <(echo "$WIREGUARD_VPN_PRESHARED_KEY") \
+                    endpoint "$WIREGUARD_ENDPOINT" \
+                    allowed-ips "$WIREGUARD_ALLOWED_IPS" || die
+        fi
 
         ip link set "$WIREGUARD_NAME" netns "$NETNS_NAME" || die
 
diff --git a/conf/namespaced-wireguard-vpn.conf b/conf/namespaced-wireguard-vpn.conf
@@ -13,6 +13,9 @@ WIREGUARD_ENDPOINT=1.2.3.4:56789
 # Public key of the VPN WireGuard peer
 WIREGUARD_VPN_PUBLIC_KEY=abcdFAKEefghFAKEijklFAKEmnopFAKEqrstFAKEuvw=
 
+# Preshared key of the VPN WireGuard peer, set to - to disable
+WIREGUARD_VPN_PRESHARED_KEY=-
+
 # Comma-separated list of allowed IP addresses for the VPN WireGuard interface
 WIREGUARD_ALLOWED_IPS=0.0.0.0/0,::0/0
 
