Script to install wireguard and generate config
This commit is contained in:
parent
3cfa85d5e5
commit
5dfdf7085a
|
@ -0,0 +1,72 @@
|
|||
#!/bin/bash
|
||||
|
||||
SERVER_KEY='abcdefghijklmnopqrstuvwxyz0123456789abcdefg=';
|
||||
SERVER_IP='1.1.1.1';
|
||||
WG_BLOCK='10.10.0';
|
||||
|
||||
if [[ $1 == '' ]]; then
|
||||
echo "Need last octet as argument"
|
||||
exit
|
||||
elif grep -Pq '^[0-9]*$' <<< $(echo $1); then
|
||||
echo "Good"
|
||||
else
|
||||
echo "Argument must be a number representing the last octet"
|
||||
exit
|
||||
fi
|
||||
|
||||
sudo apt update
|
||||
|
||||
if grep -Pq '^arm' <<< $(uname -m); then
|
||||
sudo apt install -y wireguard wireguard-dkms wireguard-tools raspberrypi-kernel raspberrypi-kernel-headers resolvconf
|
||||
else
|
||||
sudo apt install -y wireguard wireguard-tools linux-headers-$(uname -r) resolvconf
|
||||
fi
|
||||
|
||||
if [[ "`which wg 2> /dev/null`" == '' ]]; then
|
||||
echo "Failed to install wireguard"
|
||||
exit
|
||||
fi
|
||||
|
||||
wg genkey | sudo tee /etc/wireguard/client_private.key | wg pubkey | sudo tee /etc/wireguard/client_public.key
|
||||
|
||||
if [[ "`sudo cat /etc/wireguard/client_public.key 2> /dev/null`" == '' ]]; then
|
||||
echo "Failed to create keys"
|
||||
exit
|
||||
fi
|
||||
|
||||
echo "[Interface]
|
||||
Address = 10.10.0.${1}/24
|
||||
DNS = 10.10.0.1
|
||||
PrivateKey = $(sudo cat /etc/wireguard/client_private.key)
|
||||
|
||||
[Peer]
|
||||
PublicKey = $SERVER_KEY
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
Endpoint = $SERVER_IP:51820
|
||||
PersistentKeepalive = 25" > wg0.conf
|
||||
|
||||
sudo mv wg0.conf /etc/wireguard/
|
||||
sudo chown root:root /etc/wireguard/wg0.conf
|
||||
sudo chmod 600 /etc/wireguard/wg0.conf
|
||||
|
||||
sudo systemctl enable wg-quick@wg0
|
||||
|
||||
echo "On server run:
|
||||
|
||||
sudo systemctl stop wg-quick@wg0
|
||||
|
||||
Then append the following to /etc/wireguard/wg0.conf:
|
||||
|
||||
[Peer]
|
||||
PublicKey = $(sudo cat /etc/wireguard/client_public.key)
|
||||
AllowedIPs = $WG_BLOCK.${1}/32
|
||||
|
||||
Then start it again with
|
||||
|
||||
sudo systemctl start wg-quick@wg0
|
||||
|
||||
Then on this client, enable and start wireguard:
|
||||
|
||||
sudo systemctl enable wg-quick@wg0
|
||||
sudo systemctl start wg-quick@wg0
|
||||
"
|
Loading…
Reference in New Issue