-
-
Save jinmiaoluo/afacf680ad29b109e6b3944c2bda452d to your computer and use it in GitHub Desktop.
gist of script for managing wireguard. wgsh means WireGuard SHell script which will be used in client for wireguard. wgssh means WireGuard Server SHell script which will be used in server for wireguard
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
################################################# | |
# note: wireguard-go is required | |
# please install it before use this script | |
# you can install wireguard-go with below command | |
# brew install wireguard-go | |
################################################# | |
IF='utun3' | |
case $1 in | |
if) | |
sudo wireguard-go $IF | |
sudo ifconfig $IF 10.1.1.2 10.1.1.3 mtu 1500 netmask 255.255.255.255 up | |
;; | |
cf) | |
sudo wg setconf $IF /usr/local/etc/wireguard/wireguard.conf | |
;; | |
rt) | |
sudo route -n add 192.168.3.0 10.1.1.3 255.255.255.0 | |
sudo route -n add 192.168.99.0 10.1.1.3 255.255.255.0 | |
sudo route -n add 192.168.50.0 10.1.1.3 255.255.255.0 | |
;; | |
all) | |
$0 if | |
$0 cf | |
$0 rt | |
;; | |
grt) | |
netstat -nr -f inet | grep --color=auto -iE '192.168.*|10.*|172.*' | |
;; | |
gif) | |
ifconfig $IF | |
;; | |
gcf) | |
sudo wg show | |
;; | |
gall) | |
$0 grt | |
$0 gif | |
$0 gcf | |
;; | |
*) | |
echo -e " | |
<command> <option> ... <description> | |
$0 if setup interface for wireguard | |
$0 cf setup config for wireguard | |
$0 rt setup custom route for wireguard NAT | |
$0 all setup all above three options | |
$0 gif show interface address config | |
$0 grt show route config | |
$0 gcf show wireguard config | |
$0 gall show all above three options | |
" | |
;; | |
esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
IF='wg0' | |
case $1 in | |
if) | |
sudo ip link add dev wg0 type wireguard | |
sudo ip address add dev wg0 10.1.1.3/24 | |
sudo ip link set wg0 up | |
;; | |
cf) | |
sudo wg setconf $IF /usr/local/etc/wireguard/wireguard.conf | |
;; | |
all) | |
$0 if | |
$0 cf | |
;; | |
gif) | |
ifconfig $IF | |
;; | |
gcf) | |
sudo wg show | |
;; | |
gall) | |
$0 gif | |
$0 gcf | |
;; | |
*) | |
echo -e " | |
<command> <option> ... <description> | |
$0 if setup interface for wireguard | |
$0 cf setup config for wireguard | |
$0 all setup all above three options | |
$0 gif show interface address config | |
$0 gcf show wireguard config | |
$0 gall show all above three options | |
" | |
;; | |
esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Interface] | |
PrivateKey = ... | |
ListenPort = 21841 | |
[Peer] | |
PublicKey = ... | |
Endpoint = <your server domain>:<your server port> | |
AllowedIPs = 0.0.0.0/0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Interface] | |
PrivateKey = ... | |
ListenPort = <your port for client connection> | |
[Peer] | |
PublicKey = ... | |
AllowedIPs = 0.0.0.0/0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
before begin:
I use Mac. so I assume the client platform is MacOS. Different platform have different method to use wireguard. you should figure it out by yourself .
usage:
curl -o wgsh https://gist.githubusercontent.com/jinmiaoluo/afacf680ad29b109e6b3944c2bda452d/raw/e0b75ca470747a5768ed908cd16ba7e6b6d1e78b/wgsh
wgsh
to/usr/local/bin
chmod 744 /usr/local/bin/wgsh
wireguard-go
for setup utun devicebrew install wireguard-go
wireguard.conf
for client is ready. create awireguard.conf
file in/usr/local/etc/wireguard/
. checkwireguard-client.conf
above.curl -o wgssh https://gist.githubusercontent.com/jinmiaoluo/afacf680ad29b109e6b3944c2bda452d/raw/e0b75ca470747a5768ed908cd16ba7e6b6d1e78b/wgssh
wgssh
to/usr/local/bin
chmod 744 /usr/local/bin/wgssh
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf && sysctl -p
iptables --wait 120 -t nat -A POSTROUTING -s 10.0.0.0/8 -j MASQUERADE
wireguard.conf
for server is ready. create awireguard.conf
file in/etc/wireguard/
. checkwireguard-server.conf
above.Last:
on client, exec
wgsh all
setup clienton server, exec
wgssh all
setup server[option] on server, add
@reboot /usr/local/bin/wgssh all &>/dev/null
to your crontab which will setup wireguard each rebooton client, exec
ping 10.1.1.3
test your vpn connectivity