73 lines
1.7 KiB
Bash
73 lines
1.7 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
SERVER_KEY='abcdefghijklmnopqrstuvwxyz0123456789abcdefg=';
|
||
|
SERVER_IP='1.1.1.1';
|
||
|
WG_BLOCK='10.10.0';
|
||
|
|
||
|
if [[ $1 == '' ]]; then
|
||
|
echo "Need last octet as argument"
|
||
|
exit
|
||
|
elif grep -Pq '^[0-9]*$' <<< $(echo $1); then
|
||
|
echo "Good"
|
||
|
else
|
||
|
echo "Argument must be a number representing the last octet"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
sudo apt update
|
||
|
|
||
|
if grep -Pq '^arm' <<< $(uname -m); then
|
||
|
sudo apt install -y wireguard wireguard-dkms wireguard-tools raspberrypi-kernel raspberrypi-kernel-headers resolvconf
|
||
|
else
|
||
|
sudo apt install -y wireguard wireguard-tools linux-headers-$(uname -r) resolvconf
|
||
|
fi
|
||
|
|
||
|
if [[ "`which wg 2> /dev/null`" == '' ]]; then
|
||
|
echo "Failed to install wireguard"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
wg genkey | sudo tee /etc/wireguard/client_private.key | wg pubkey | sudo tee /etc/wireguard/client_public.key
|
||
|
|
||
|
if [[ "`sudo cat /etc/wireguard/client_public.key 2> /dev/null`" == '' ]]; then
|
||
|
echo "Failed to create keys"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
echo "[Interface]
|
||
|
Address = 10.10.0.${1}/24
|
||
|
DNS = 10.10.0.1
|
||
|
PrivateKey = $(sudo cat /etc/wireguard/client_private.key)
|
||
|
|
||
|
[Peer]
|
||
|
PublicKey = $SERVER_KEY
|
||
|
AllowedIPs = 0.0.0.0/0
|
||
|
Endpoint = $SERVER_IP:51820
|
||
|
PersistentKeepalive = 25" > wg0.conf
|
||
|
|
||
|
sudo mv wg0.conf /etc/wireguard/
|
||
|
sudo chown root:root /etc/wireguard/wg0.conf
|
||
|
sudo chmod 600 /etc/wireguard/wg0.conf
|
||
|
|
||
|
sudo systemctl enable wg-quick@wg0
|
||
|
|
||
|
echo "On server run:
|
||
|
|
||
|
sudo systemctl stop wg-quick@wg0
|
||
|
|
||
|
Then append the following to /etc/wireguard/wg0.conf:
|
||
|
|
||
|
[Peer]
|
||
|
PublicKey = $(sudo cat /etc/wireguard/client_public.key)
|
||
|
AllowedIPs = $WG_BLOCK.${1}/32
|
||
|
|
||
|
Then start it again with
|
||
|
|
||
|
sudo systemctl start wg-quick@wg0
|
||
|
|
||
|
Then on this client, enable and start wireguard:
|
||
|
|
||
|
sudo systemctl enable wg-quick@wg0
|
||
|
sudo systemctl start wg-quick@wg0
|
||
|
"
|