notebookvb

WireGuard/gen_clients.py

@@ -0,0 +1,55 @@
+#!/usr/bin/env python3
+"""Generate WireGuard road-warrior client configs + QR PNGs, and emit RouterOS peer-add commands."""
+import subprocess, pathlib, qrcode
+
+WG = r"C:\Program Files\WireGuard\wg"
+SERVER_PUB = "CGGFHYR83W8IuTB46cJ49IuL/tL3w4yu3o0hQh0Cxwo="
+ENDPOINT   = "78.80.38.51:51821"
+LAN        = "192.168.1.0/24"   # split tunnel -> only LAN goes through VPN
+DNS        = "192.168.1.2"      # router LAN IP
+
+CLIENTS = [2, 3, 4]
+outdir = pathlib.Path(__file__).resolve().parent / "wg-clients"
+outdir.mkdir(exist_ok=True)
+
+
+def wg(*args, inp=None):
+    return subprocess.run([WG, *args], input=inp, capture_output=True,
+                          text=True, check=True).stdout.strip()
+
+
+peer_cmds = []
+for i in CLIENTS:
+    name = f"client{i}"
+    priv = wg("genkey")
+    pub  = wg("pubkey", inp=priv)
+    psk  = wg("genpsk")
+
+    conf = f"""[Interface]
+PrivateKey = {priv}
+Address = 10.10.10.{i}/32
+DNS = {DNS}
+
+[Peer]
+PublicKey = {SERVER_PUB}
+PresharedKey = {psk}
+AllowedIPs = {LAN}
+Endpoint = {ENDPOINT}
+PersistentKeepalive = 25
+"""
+    (outdir / f"{name}.conf").write_text(conf, encoding="utf-8")
+
+    img = qrcode.make(conf)
+    img.save(outdir / f"{name}.png")
+
+    peer_cmds.append(
+        f'/interface wireguard peers add interface=wg-vpn '
+        f'public-key="{pub}" preshared-key="{psk}" '
+        f'allowed-address=10.10.10.{i}/32 comment="{name}"'
+    )
+    print(f"[ok] {name}: pub={pub} -> {name}.conf, {name}.png")
+
+(outdir / "_peers_add.rsc").write_text("\n".join(peer_cmds) + "\n", encoding="utf-8")
+print("\n--- RouterOS peer-add commands written to wg-clients/_peers_add.rsc ---")
+for c in peer_cmds:
+    print(c)