|
|
@@ -0,0 +1,72 @@ |
|
|
|
#!/bin/bash |
|
|
|
|
|
|
|
SERVER_KEY='abcdefghijklmnopqrstuvwxyz0123456789abcdefg='; |
|
|
|
SERVER_IP='1.1.1.1'; |
|
|
|
WG_BLOCK='10.10.0'; |
|
|
|
|
|
|
|
if [[ $1 == '' ]]; then |
|
|
|
echo "Need last octet as argument" |
|
|
|
exit |
|
|
|
elif grep -Pq '^[0-9]*$' <<< $(echo $1); then |
|
|
|
echo "Good" |
|
|
|
else |
|
|
|
echo "Argument must be a number representing the last octet" |
|
|
|
exit |
|
|
|
fi |
|
|
|
|
|
|
|
sudo apt update |
|
|
|
|
|
|
|
if grep -Pq '^arm' <<< $(uname -m); then |
|
|
|
sudo apt install -y wireguard wireguard-dkms wireguard-tools raspberrypi-kernel raspberrypi-kernel-headers resolvconf |
|
|
|
else |
|
|
|
sudo apt install -y wireguard wireguard-tools linux-headers-$(uname -r) resolvconf |
|
|
|
fi |
|
|
|
|
|
|
|
if [[ "`which wg 2> /dev/null`" == '' ]]; then |
|
|
|
echo "Failed to install wireguard" |
|
|
|
exit |
|
|
|
fi |
|
|
|
|
|
|
|
wg genkey | sudo tee /etc/wireguard/client_private.key | wg pubkey | sudo tee /etc/wireguard/client_public.key |
|
|
|
|
|
|
|
if [[ "`sudo cat /etc/wireguard/client_public.key 2> /dev/null`" == '' ]]; then |
|
|
|
echo "Failed to create keys" |
|
|
|
exit |
|
|
|
fi |
|
|
|
|
|
|
|
echo "[Interface] |
|
|
|
Address = 10.10.0.${1}/24 |
|
|
|
DNS = 10.10.0.1 |
|
|
|
PrivateKey = $(sudo cat /etc/wireguard/client_private.key) |
|
|
|
|
|
|
|
[Peer] |
|
|
|
PublicKey = $SERVER_KEY |
|
|
|
AllowedIPs = 0.0.0.0/0 |
|
|
|
Endpoint = $SERVER_IP:51820 |
|
|
|
PersistentKeepalive = 25" > wg0.conf |
|
|
|
|
|
|
|
sudo mv wg0.conf /etc/wireguard/ |
|
|
|
sudo chown root:root /etc/wireguard/wg0.conf |
|
|
|
sudo chmod 600 /etc/wireguard/wg0.conf |
|
|
|
|
|
|
|
sudo systemctl enable wg-quick@wg0 |
|
|
|
|
|
|
|
echo "On server run: |
|
|
|
|
|
|
|
sudo systemctl stop wg-quick@wg0 |
|
|
|
|
|
|
|
Then append the following to /etc/wireguard/wg0.conf: |
|
|
|
|
|
|
|
[Peer] |
|
|
|
PublicKey = $(sudo cat /etc/wireguard/client_public.key) |
|
|
|
AllowedIPs = $WG_BLOCK.${1}/32 |
|
|
|
|
|
|
|
Then start it again with |
|
|
|
|
|
|
|
sudo systemctl start wg-quick@wg0 |
|
|
|
|
|
|
|
Then on this client, enable and start wireguard: |
|
|
|
|
|
|
|
sudo systemctl enable wg-quick@wg0 |
|
|
|
sudo systemctl start wg-quick@wg0 |
|
|
|
" |