From 73894dad68b35d3802e38520e2f7e5c745d9539b Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Sun, 8 Mar 2026 16:08:31 -0400 Subject: [PATCH] testing --- piawg.sh | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/piawg.sh b/piawg.sh index 97e8261..a8e1fa2 100755 --- a/piawg.sh +++ b/piawg.sh @@ -98,7 +98,7 @@ pia_addkey() { --cacert ./ca.rsa.4096.crt \ --data-urlencode "pt=$pia_token" \ --data-urlencode "pubkey=$piawg_pubkey" \ - "https://$server_cn:1337/addKey" + "https://$server_cn:$server_port/addKey" ); then err "Failed connect to $server_cn to addKey" fi @@ -148,6 +148,10 @@ pia_addkey() { err "Failed to reload Wireguard service" fi + set -x + opn_curl 'routes/gateway/searchGateway' + set +x + # Update OpenBao config with response data server_vip="$(printf '%s' "$response" | jq -r '.server_vip')" info "Update server_vip at $BAO_PATH_CONFIG to $server_vip" @@ -333,6 +337,7 @@ opn_if_reply="$(opn_curl 'wireguard/server/searchServer' -d '{}' | piawg_uuid="$(printf '%s' "$opn_if_reply" | jq -r .uuid)" piawg_pubkey="$(printf '%s' "$opn_if_reply" | jq -r .pubkey)" piawg_tunaddr="$(printf '%s' "$opn_if_reply" | jq -r .tunneladdress)" +piawg_interface="$(printf '%s' "$opn_if_reply" | jq -r .interface)" debug -f "Wireguard instance $OPN_IF from OPNsense API\n%s" \ "$(printf '%s' "$opn_if_reply" | jq '.privkey = "[CENSORED]"')" unset opn_if_reply @@ -352,6 +357,7 @@ wg_reply="$(bao_curl "$BAO_KV_MOUNT/data/$BAO_PATH_CONFIG")" server_ip="$(printf '%s' "$wg_reply" | jq -r .data.data.server_ip)" server_cn="$(printf '%s' "$wg_reply" | jq -r .data.data.server_cn)" server_port="$(printf '%s' "$wg_reply" | jq -r .data.data.server_port)" +server_vip="$(printf '%s' "$wg_reply" | jq -r .data.data.server_vip)" debug -f "Config from OpenBao ($BAO_PATH_CONFIG)\n%s" \ "$(printf '%s' "$wg_reply" | jq .)" unset wg_reply @@ -382,3 +388,23 @@ else fi fi fi + +if conf_reply="$(bao_curl "$BAO_KV_MOUNT/data/$BAO_PATH_CONFIG")"; then + port_forward="$(printf '%s' "$conf_reply" | jq -r '.data.data.port_forward')" + if [ "$port_forward" = "true" ]; then + server_cn="$(printf '%s' "$conf_reply" | jq -r '.data.data.server_cn')" + server_vip="$(printf '%s' "$conf_reply" | jq -r '.data.data.server_vip')" + set -x + if ! pf_sig_reply="$(_curl -G --cacert ./ca.rsa.4096.crt \ + --interface "$piawg_interface" \ + --resolve "$server_cn:19999:$server_vip" \ + --data-urlencode "token=$pia_token" \ + "https://$server_cn:19999/getSignature")"; then + err "Failed to connect to https://$server_cn:19999/getSignature" + fi + set +x + debug -f "getSignature\n%s" "$(printf '%s' "$pf_sig_reply" | jq .)" + fi +fi +debug -f "Check for port_forward value in OpenBao ($BAO_PATH_CONFIG)\n%s" \ + "$(printf '%s' "$conf_reply" | jq .)"