hey,
here's a script I've been working on to randomize wireguard connections.
Ive set up wireguard clients 1-5 within the asus router gui.
using the script, I can randomize which client to use.
Hope you find it useful!
Im using Mullvad, and ipinfo. Feel free to customize it to your liking
Usage: $0 {start|stop|restart|toggle|status} [dynamic IPs]
here's a script I've been working on to randomize wireguard connections.
Ive set up wireguard clients 1-5 within the asus router gui.
using the script, I can randomize which client to use.
Hope you find it useful!
Im using Mullvad, and ipinfo. Feel free to customize it to your liking
Usage: $0 {start|stop|restart|toggle|status} [dynamic IPs]
Code:
#!/bin/sh
### CONFIGURATION ###
#Enter subnets to VPNify in CIDR format, space-delimited
WG_SUBNETS=""
#Enter hosts to VPNify in CIDR format, space-delimited
VPN_WHITELIST_HOSTS=""
#Enter hosts to never VPNify. Routers, access points, etc. in CIDR format, space-delimited
VPN_BLACKLIST_HOSTS=""
STATUS_URL="https://ipv4.am.i.mullvad.net/connected"
ORG_URL="https://ipinfo.io/org?token=XXXXXXXXXXXXX"
WG_TABLES="wgc1 wgc2 wgc3 wgc4 wgc5"
max_timeout=5
connect_timeout=5
DYNAMIC_HOSTS_FILE="/tmp/mullvad_dynamic_hosts"
DYNAMIC_WHITELIST_HOSTS=""
last_wg=""
load_dynamic_hosts() {
if [ -f "$DYNAMIC_HOSTS_FILE" ]; then
DYNAMIC_WHITELIST_HOSTS=$(cat "$DYNAMIC_HOSTS_FILE")
else
DYNAMIC_WHITELIST_HOSTS=""
fi
}
save_dynamic_hosts() {
echo "$DYNAMIC_WHITELIST_HOSTS" > "$DYNAMIC_HOSTS_FILE"
}
get_vpn_routes() {
ip rule show | grep -o 'lookup wgc[1-5]' | sed 's/lookup //g' | sort -u
}
randomize_wg() {
AVAILABLE_WG=""
for wg in $WG_TABLES; do
if [ "$wg" != "$last_wg" ]; then
AVAILABLE_WG="$AVAILABLE_WG $wg"
fi
done
set -- $AVAILABLE_WG
COUNT=$#
if [ "$COUNT" -eq 0 ]; then
set -- $WG_TABLES
COUNT=$#
fi
RANDOM_INDEX=$(( ( $(hexdump -n 2 -e '/2 "%u"' /dev/urandom) % COUNT ) + 1 ))
eval "NEW_WG=\$$RANDOM_INDEX"
last_wg="$NEW_WG"
echo "$NEW_WG"
}
apply_vpn_rules() {
NEW_WG=$(randomize_wg)
for SUBNET in $WG_SUBNETS; do
ip rule add from "$SUBNET" lookup "$NEW_WG" 2>/dev/null
for HOST in $VPN_BLACKLIST_HOSTS; do
case "$HOST" in
"${SUBNET%.*}".*) ip rule add from "$HOST" lookup main 2>/dev/null ;;
esac
done
done
for HOST in $VPN_WHITELIST_HOSTS $DYNAMIC_WHITELIST_HOSTS; do
ip rule add from "$HOST" lookup "$NEW_WG" 2>/dev/null
done
ip route flush cache
}
remove_vpn_rules() {
ip rule show | grep -o 'lookup wgc[1-5]' | sed 's/lookup //g' | while read -r RULE; do
ip rule del lookup "$RULE" 2>/dev/null
done
for HOST in $VPN_BLACKLIST_HOSTS; do
ip rule del from "$HOST" lookup main 2>/dev/null
done
ip route flush cache
}
check_status() {
ACTIVE_VPN=$(get_vpn_routes)
if [ -z "$ACTIVE_VPN" ]; then
echo "Active VPN Routes: None"
curl -sSk --ipv4 --max-time $max_timeout --connect-timeout $connect_timeout "$STATUS_URL"
curl -sSk --ipv4 --max-time $max_timeout --connect-timeout $connect_timeout "$ORG_URL"
else
echo "Active VPN Routes: $ACTIVE_VPN"
curl -sSk --interface "$ACTIVE_VPN" --ipv4 --max-time $max_timeout --connect-timeout $connect_timeout "$STATUS_URL"
curl -sSk --interface "$ACTIVE_VPN" --ipv4 --max-time $max_timeout --connect-timeout $connect_timeout "$ORG_URL"
fi
}
start_vpn() {
load_dynamic_hosts
last_wg=$(get_vpn_routes 2>/dev/null)
remove_vpn_rules
apply_vpn_rules
check_status
}
stop_vpn() {
remove_vpn_rules
rm -f "$DYNAMIC_HOSTS_FILE"
check_status
}
toggle_vpn() {
ACTIVE_VPN=$(get_vpn_routes)
if [ -z "$ACTIVE_VPN" ]; then
start_vpn
else
stop_vpn
fi
}
add_dynamic_hosts() {
for HOST in "$@"; do
ip rule add from "$HOST" lookup "$(get_vpn_routes)" 2>/dev/null
done
DYNAMIC_WHITELIST_HOSTS="$@"
save_dynamic_hosts
}
if [ "$1" != "start" ] && [ "$1" != "stop" ] && [ "$1" != "restart" ] && [ "$1" != "toggle" ] && [ "$1" != "status" ]; then
add_dynamic_hosts "$@"
exit 0
fi
case "$1" in
status) check_status ;;
start) start_vpn ;;
stop) stop_vpn ;;
restart) start_vpn ;;
toggle) toggle_vpn ;;
*) echo "Usage: $0 {start|stop|restart|toggle|status} [dynamic IPs]"; exit 1 ;;
esac
