-
-
Save jinmiaoluo/afacf680ad29b109e6b3944c2bda452d to your computer and use it in GitHub Desktop.
gist of script for managing wireguard. wgsh means WireGuard SHell script which will be used in client for wireguard. wgssh means WireGuard Server SHell script which will be used in server for wireguard
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ################################################# | |
| # note: wireguard-go is required | |
| # please install it before use this script | |
| # you can install wireguard-go with below command | |
| # brew install wireguard-go | |
| ################################################# | |
| IF='utun3' | |
| case $1 in | |
| if) | |
| sudo wireguard-go $IF | |
| sudo ifconfig $IF 10.1.1.2 10.1.1.3 mtu 1500 netmask 255.255.255.255 up | |
| ;; | |
| cf) | |
| sudo wg setconf $IF /usr/local/etc/wireguard/wireguard.conf | |
| ;; | |
| rt) | |
| sudo route -n add 192.168.3.0 10.1.1.3 255.255.255.0 | |
| sudo route -n add 192.168.99.0 10.1.1.3 255.255.255.0 | |
| sudo route -n add 192.168.50.0 10.1.1.3 255.255.255.0 | |
| ;; | |
| all) | |
| $0 if | |
| $0 cf | |
| $0 rt | |
| ;; | |
| grt) | |
| netstat -nr -f inet | grep --color=auto -iE '192.168.*|10.*|172.*' | |
| ;; | |
| gif) | |
| ifconfig $IF | |
| ;; | |
| gcf) | |
| sudo wg show | |
| ;; | |
| gall) | |
| $0 grt | |
| $0 gif | |
| $0 gcf | |
| ;; | |
| *) | |
| echo -e " | |
| <command> <option> ... <description> | |
| $0 if setup interface for wireguard | |
| $0 cf setup config for wireguard | |
| $0 rt setup custom route for wireguard NAT | |
| $0 all setup all above three options | |
| $0 gif show interface address config | |
| $0 grt show route config | |
| $0 gcf show wireguard config | |
| $0 gall show all above three options | |
| " | |
| ;; | |
| esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| IF='wg0' | |
| case $1 in | |
| if) | |
| sudo ip link add dev wg0 type wireguard | |
| sudo ip address add dev wg0 10.1.1.3/24 | |
| sudo ip link set wg0 up | |
| ;; | |
| cf) | |
| sudo wg setconf $IF /usr/local/etc/wireguard/wireguard.conf | |
| ;; | |
| all) | |
| $0 if | |
| $0 cf | |
| ;; | |
| gif) | |
| ifconfig $IF | |
| ;; | |
| gcf) | |
| sudo wg show | |
| ;; | |
| gall) | |
| $0 gif | |
| $0 gcf | |
| ;; | |
| *) | |
| echo -e " | |
| <command> <option> ... <description> | |
| $0 if setup interface for wireguard | |
| $0 cf setup config for wireguard | |
| $0 all setup all above three options | |
| $0 gif show interface address config | |
| $0 gcf show wireguard config | |
| $0 gall show all above three options | |
| " | |
| ;; | |
| esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Interface] | |
| PrivateKey = ... | |
| ListenPort = 21841 | |
| [Peer] | |
| PublicKey = ... | |
| Endpoint = <your server domain>:<your server port> | |
| AllowedIPs = 0.0.0.0/0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Interface] | |
| PrivateKey = ... | |
| ListenPort = <your port for client connection> | |
| [Peer] | |
| PublicKey = ... | |
| AllowedIPs = 0.0.0.0/0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
before begin:
I use Mac. so I assume the client platform is MacOS. Different platform have different method to use wireguard. you should figure it out by yourself .
usage:
curl -o wgsh https://gist.githubusercontent.com/jinmiaoluo/afacf680ad29b109e6b3944c2bda452d/raw/e0b75ca470747a5768ed908cd16ba7e6b6d1e78b/wgshwgshto/usr/local/binchmod 744 /usr/local/bin/wgshwireguard-gofor setup utun devicebrew install wireguard-gowireguard.conffor client is ready. create awireguard.conffile in/usr/local/etc/wireguard/. checkwireguard-client.confabove.curl -o wgssh https://gist.githubusercontent.com/jinmiaoluo/afacf680ad29b109e6b3944c2bda452d/raw/e0b75ca470747a5768ed908cd16ba7e6b6d1e78b/wgsshwgsshto/usr/local/binchmod 744 /usr/local/bin/wgsshecho net.ipv4.ip_forward=1 >> /etc/sysctl.conf && sysctl -piptables --wait 120 -t nat -A POSTROUTING -s 10.0.0.0/8 -j MASQUERADEwireguard.conffor server is ready. create awireguard.conffile in/etc/wireguard/. checkwireguard-server.confabove.Last:
on client, exec
wgsh allsetup clienton server, exec
wgssh allsetup server[option] on server, add
@reboot /usr/local/bin/wgssh all &>/dev/nullto your crontab which will setup wireguard each rebooton client, exec
ping 10.1.1.3test your vpn connectivity