8 files changed, 108 insertions, 0 deletions

diff --git a/contrib/examples/ncat-client-server/README b/contrib/examples/ncat-client-server/README
new file mode 100644
index 0000000..fd3088a
--- /dev/null
+++ b/contrib/examples/ncat-client-server/README
@@ -0,0 +1,16 @@
+                === IMPORTANT NOTE ===
+
+Do not use these scripts in production. They are simply a
+demonstration of how easy the `wg(8)` tool is at the command
+line, but by no means should you actually attempt to use
+these. They are horribly insecure and defeat the purpose
+of WireGuard.
+
+                     STAY AWAY!
+
+Distros: do not distribute these with your packages.
+
+
+
+That all said, this is a pretty cool example of just how
+darn easy WireGuard can be.
diff --git a/contrib/examples/ncat-client-server/client.sh b/contrib/examples/ncat-client-server/client.sh
new file mode 100755
index 0000000..fbae46a
--- /dev/null
+++ b/contrib/examples/ncat-client-server/client.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+[[ $UID == 0 ]] || { echo "You must be root to run this."; exit 1; }
+umask 077
+trap 'rm -f /tmp/wg_private_key' EXIT INT TERM
+exec 3<>/dev/tcp/demo.wireguard.io/42912
+wg genkey | tee /tmp/wg_private_key | wg pubkey >&3
+IFS=: read -r status server_pubkey server_port internal_ip <&3
+[[ $status == OK ]]
+ip link del dev wg0 2>/dev/null || true
+ip link add dev wg0 type wireguard
+wg set wg0 private-key /tmp/wg_private_key peer "$server_pubkey" allowed-ips 0.0.0.0/0 endpoint "demo.wireguard.io:$server_port"
+ip address add "$internal_ip"/24 dev wg0
+ip link set up dev wg0
+if [ "$1" == "default-route" ]; then
+	host="$(wg show wg0 endpoints | sed -n 's/.*\t\(.*\):.*/\1/p')"
+	ip route add $(ip route get $host | sed '/ via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/{s/^\(.* via [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/}' | head -n 1) 2>/dev/null || true
+	ip route add 0/1 dev wg0
+	ip route add 128/1 dev wg0
+fi
diff --git a/contrib/examples/ncat-client-server/server.sh b/contrib/examples/ncat-client-server/server.sh
new file mode 100755
index 0000000..e37861f
--- /dev/null
+++ b/contrib/examples/ncat-client-server/server.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+if [[ -z $NCAT_REMOTE_ADDR ]]; then
+	ip link del dev wg0 2>/dev/null
+	set -e
+	ip link add dev wg0 type wireguard
+	ip address add 192.168.4.1/24 dev wg0
+	wg set wg0 private-key <(wg genkey) listen-port 12912
+	ip link set up dev wg0
+	exec ncat -e "$(readlink -f "$0")" -k -l -p 42912 -v
+fi
+read -r public_key
+[[ $(wg show wg0 | grep peer | wc -l) -ge 253 ]] && wg set wg0 peer $(wg show wg0 latest-handshakes | sort -k 2 -b -n | head -n 1 | cut -f 1) remove
+next_ip=$(all="$(wg show wg0 allowed-ips)"; for ((i=2; i<=254; i++)); do ip="192.168.4.$i"; [[ $all != *$ip/32* ]] && echo $ip && break; done)
+wg set wg0 peer "$public_key" allowed-ips $next_ip/32 2>/dev/null && echo "OK:$(wg show wg0 private-key | wg pubkey):$(wg show wg0 listen-port):$next_ip" || echo ERROR
diff --git a/contrib/examples/synergy/README b/contrib/examples/synergy/README
new file mode 100644
index 0000000..b75fb77
--- /dev/null
+++ b/contrib/examples/synergy/README
@@ -0,0 +1,3 @@
+These scripts should be modified according to your precise setup.
+They provide a very simple way of tunneling synergy inside of a
+WireGuard tunnel, to protect your data in transit.
diff --git a/contrib/examples/synergy/synergy-client.sh b/contrib/examples/synergy/synergy-client.sh
new file mode 100755
index 0000000..56cfdb2
--- /dev/null
+++ b/contrib/examples/synergy/synergy-client.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+set -ex
+if [[ $UID == 0 ]]; then
+	ip link del dev synergy || true
+	ip link add dev synergy type wireguard
+	ip address add 10.193.125.39/32 peer 10.193.125.38/32 dev synergy
+	wg set synergy \
+		listen-port 29184 \
+		private-key <(echo oNcsXA5Ma56q9xHmvvKuzLfwXYy7Uqy+bTmmXg/XtVs=) \
+		peer m321UMZXoJ6qw8Jli2spbAVBc2MdOzV/EHDKfZQy0g0= \
+			allowed-ips 10.193.125.38/32 \
+			endpoint 10.10.10.100:29184
+	ip link set up dev synergy
+else
+	sudo "$(readlink -f "$0")"
+	killall synergyc || true
+	synergyc 10.193.125.38:38382
+fi
diff --git a/contrib/examples/synergy/synergy-server.sh b/contrib/examples/synergy/synergy-server.sh
new file mode 100755
index 0000000..6bef423
--- /dev/null
+++ b/contrib/examples/synergy/synergy-server.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -ex
+if [[ $UID == 0 ]]; then
+	ip link del dev synergy || true
+	ip link add dev synergy type wireguard
+	ip address add 10.193.125.38/32 peer 10.193.125.39/32 dev synergy
+	wg set synergy \
+		listen-port 29184 \
+		private-key <(echo 2InSrlZA5eQfI/MvnvPieqNTBo9cd+udc3SOO9yFpXo=) \
+		peer CBnoidQLjlbRsrqrI56WQbANWwkll41w/rVUIW9zISI= \
+			allowed-ips 10.193.125.39/32
+	ip link set up dev synergy
+else
+	sudo "$(readlink -f "$0")"
+	killall synergys || true
+	synergys -a 10.193.125.38:38382
+fi
diff --git a/contrib/examples/systemd/README b/contrib/examples/systemd/README
new file mode 100644
index 0000000..1ef51aa
--- /dev/null
+++ b/contrib/examples/systemd/README
@@ -0,0 +1,5 @@
+Until WireGuard receives full integration to the various network
+management utilities, there are a number of ways of setting up
+a WireGuard tunnel at boot time. This systemd unit file is one
+such way of doing things. Probably it should be tweaked before
+using.
diff --git a/contrib/examples/systemd/wgserver.service b/contrib/examples/systemd/wgserver.service
new file mode 100644
index 0000000..dfce1e9
--- /dev/null
+++ b/contrib/examples/systemd/wgserver.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=WireGuard Server
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/ip link add dev wgserver type wireguard
+ExecStart=/bin/ip address add 192.168.177.1/24 dev wgserver
+ExecStart=/usr/bin/wg setconf wgserver /etc/wireguard-server.conf
+ExecStart=/bin/ip link set up dev wgserver
+ExecStop=/bin/sh -c 'umask 077; /usr/bin/wg showconf wgserver > /etc/wireguard-server.conf.tmp && mv /etc/wireguard-server.conf.tmp /etc/wireguard-server.conf'
+ExecStop=/bin/ip link del dev wgserver
+
+[Install]
+WantedBy=multi-user.target