Last active
March 21, 2023 10:08
-
-
Save UZziell/8288ff40b425103660a565899f1e6c77 to your computer and use it in GitHub Desktop.
Install and setup warp on debian based distros. Only routes Google, AWS Cloudfront traffic through warp.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
WG_CONFIG_DIR="/etc/wireguard" | |
WG_CONFIG_FILE="/etc/wireguard/wg0.conf" | |
function print_ok() { | |
echo -e "\033[0;32m[OK] $1 \033[0m" | |
} | |
function print_error() { | |
echo -e "\033[0;91m[ERROR] $1 \033[0m" | |
} | |
function print_info() { | |
echo -e "\033[0;32m[INFO] $1 \033[0m" | |
} | |
function check_root() { | |
if [ "${EUID}" -ne 0 ]; then | |
echo "You need to run this script as root" | |
exit 1 | |
fi | |
} | |
function generate_config_and_activate() { | |
# generate wireguard config | |
wgcf generate | |
if [[ $1 == "v4v6" ]]; then | |
# change wireguard config | |
sed -e '/MTU/s/1280/1420/' -e '/DNS/s/^/#/' -e '/AllowedIPs/d' wgcf-profile.conf >$WG_CONFIG_FILE | |
# Fetching IPs | |
GOOGLE_CIDRS=$(curl -s https://www.gstatic.com/ipranges/goog.json | jq -r '.prefixes[] | {ipv4Prefix,ipv6Prefix} | join("")' | grep -vE "^$" | sed ':a;N;$!ba;s/\n/,/g') | |
CLOUDFRONT_CIDRS=$(curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service | match("CLOUDFRONT")) | {ip_prefix} | join(",") ' | grep -vE "^$" | sed ':a;N;$!ba;s/\n/,/g') | |
CLOUDFLARE_CIDRS=$({ curl -s https://www.cloudflare.com/ips-v4;echo; curl -s https://www.cloudflare.com/ips-v6; } | grep -v 162.158.0.0 | sed ':a;N;$!ba;s/\n/,/g') | |
elif [[ $1 == "v4-only" ]]; then | |
# change wireguard config | |
sed -e '/Address \= 2.*\/128/s/^/#/' -e '/MTU/s/1280/1420/' -e '/DNS/s/^/#/' -e '/AllowedIPs/d' wgcf-profile.conf >$WG_CONFIG_FILE | |
# Fetching IPs | |
GOOGLE_CIDRS=$(curl -s https://www.gstatic.com/ipranges/goog.json | jq -r '.prefixes[] | {ipv4Prefix} | join("")' | grep -vE "^$" | sed ':a;N;$!ba;s/\n/,/g') | |
CLOUDFRONT_CIDRS=$(curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[] | select(.service | match("CLOUDFRONT")) | {ip_prefix} | join(",") ' | grep -vE "^$" | sed ':a;N;$!ba;s/\n/,/g') | |
CLOUDFLARE_CIDRS=$(curl -s https://www.cloudflare.com/ips-v4 | grep -v 162.158.0.0 | grep -vE "^$" | sed ':a;N;$!ba;s/\n/,/g') | |
fi | |
cat <<-EOF >>$WG_CONFIG_FILE | |
AllowedIPS = ${GOOGLE_CIDRS} | |
# AWS CloudFront | |
AllowedIPS = ${CLOUDFRONT_CIDRS} | |
# CLOUDFLARE (COMMENTED BY DEFAULT) | |
#AllowedIPS = ${CLOUDFLARE_CIDRS} | |
PersistentKeepalive = 5 | |
EOF | |
# Activate wireguard | |
wg-quick down wg0 2>/dev/null | |
wg-quick up wg0 | |
} | |
function setup_warp() { | |
# install wireguard | |
apt-get update && apt-get install -y wireguard iptables resolvconf jq | |
# download and install wgcf | |
curl -s https://api.github.com/repos/ViRb3/wgcf/releases/latest | | |
grep "browser_download_url.*linux_amd64" | cut -d : -f 2,3 | tr -d '"' | | |
wget -qO /usr/bin/wgcf -i - && | |
chmod +x /usr/bin/wgcf | |
# ensure wireguard config directory exists | |
umask 0277 | |
mkdir -p $WG_CONFIG_DIR | |
cd $WG_CONFIG_DIR || exit 1 | |
# Register with WARP | |
if [[ -s ./wgcf-account.toml ]] || [[ 0 -eq $(wgcf register --accept-tos) ]]; then | |
generate_config_and_activate "v4v6" | |
# Check if warp has been activated | |
if curl -s --max-time 4 https://ipinfo.io | grep -qi cloudflare; then | |
print_ok "WARP activation (IPv4-IPv6)" && systemctl enable --now wg-quick@wg0 | |
else # if not activated try IPv4 mode | |
print_error "WARP activation (IPv4-IPv6)" && | |
wg-quick down wg0 | |
print_info "Trying again with IPv4-only" | |
generate_config_and_activate "v4" | |
# Check if warp has been activated | |
if curl -s --max-time 4 https://ipinfo.io | grep -qi cloudflare; then | |
print_ok "WARP activation (IPv4-only)" && systemctl enable --now wg-quick@wg0 | |
else | |
print_error "WARP activation (IPv4-only)" && | |
wg-quick down wg0 | |
fi | |
fi | |
else | |
print_error "wgcf register failed" | |
fi | |
} | |
check_root | |
setup_warp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This command will download and run the script: