Script to create peers for WireGuard

wg0-makepeer.sh

#!/bin/bash
# script location: /etc/wireguard/peers
# prereq: wg0 server config in /etc/wireguard/wg0.conf
# prereq: wg0 publickey in /etc/wireguard/publickey
# prereq: `systemctl enable wg-quick@wg0.service`

# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# !! MAKE SURE to replace [CHANGEME] with your public IP !!
# !! (see endpoint variable under PEER CONFIG)           !!
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

# https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/
# https://wiki.archlinux.org/index.php/WireGuard
umask 077
dir=$(cd -P -- "$(dirname -- "$0")" && pwd -P) && cd "$dir"

_error(){ echo "An error occured at $(basename $0):$1"; exit 1; }

#################################################
# PEER CONFIG
#################################################
endpoint="[CHANGEME]:51820"  # server url or ip address
ipaddr="172.17.17"
dns="${ipaddr}.1"
ipprefix="24"
serverpubkey="$(cat ../publickey)" || _error $LINENO
#################################################

#################################################
# Example wg0.conf
#################################################
# [Interface]
# Address = 172.17.17.1/24
# PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# ListenPort = 51820
# PrivateKey = [CHANGEME]
#################################################

# don't replace this [CHANGEME], it is a sanity check
if [[ "$endpoint" == "[CHANGEME]:51820" ]]; then
	echo "Invalid endpoint config, update the '\$endpoint' variable in this script."
	exit 1
fi

# get args
peernum=0
if [[ $# == 1 ]]; then
	peernum=$1

	# check if ip octet will be exceeded
	if (( $peernum + 2 > 254 )); then
		echo "Script error: IP octet for peer will exceed 254."
		_error $LINENO
	fi
else
	echo "Usage: $0 [peer number]"
	exit 1
fi

# create peer folder
mkdir $peernum || _error $LINENO
pushd $peernum || _error $LINENO

# generate peer secrets
wg genkey | tee privatekey | wg pubkey > publickey || _error $LINENO
wg genpsk > preshared || _error $LINENO
peerpubkey=$(cat publickey)
peerprivkey=$(cat privatekey)
peerpreshared=$(cat preshared)

# peer ip address
peerip=${ipaddr}.$((peernum+2))
echo "Peer IP: $peerip"


#################################################
echo "Creating $peernum/peer.conf ..."
peerpath="$PWD/peer.conf"

cat > peer.conf <<EOF
[Interface]
Address = ${peerip}/${ipprefix}
PrivateKey = $peerprivkey
DNS = ${dns}

[Peer]
PublicKey = $serverpubkey
PresharedKey = $peerpreshared
AllowedIPs = 0.0.0.0/0
Endpoint = $endpoint
EOF
#################################################

popd  # exit peernum folder

#################################################
echo "Updating wg0.conf ..."
cp -v ../wg0.conf ../wg0.conf.bak

cat >> ../wg0.conf <<EOF

# $peernum
[Peer]
PublicKey = $peerpubkey
PresharedKey = $peerpreshared
AllowedIPs = ${peerip}/32
EOF
#################################################

# restart wireguard
systemctl daemon-reload
systemctl restart wg-quick@wg0.service
wg show wg0

echo
echo "Peer config at: $peerpath"
echo "For a QR code, run: qrencode -t ansiutf8 < $peerpath"
echo