Last active
August 6, 2020 03:21
-
-
Save notyal/06557c4a45bcfb896e8888d20a704b2b to your computer and use it in GitHub Desktop.
Script to create peers for WireGuard
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# script location: /etc/wireguard/peers | |
# prereq: wg0 server config in /etc/wireguard/wg0.conf | |
# prereq: wg0 publickey in /etc/wireguard/publickey | |
# prereq: `systemctl enable wg-quick@wg0.service` | |
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | |
# !! MAKE SURE to replace [CHANGEME] with your public IP !! | |
# !! (see endpoint variable under PEER CONFIG) !! | |
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | |
# https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/ | |
# https://wiki.archlinux.org/index.php/WireGuard | |
umask 077 | |
dir=$(cd -P -- "$(dirname -- "$0")" && pwd -P) && cd "$dir" | |
_error(){ echo "An error occured at $(basename $0):$1"; exit 1; } | |
################################################# | |
# PEER CONFIG | |
################################################# | |
endpoint="[CHANGEME]:51820" # server url or ip address | |
ipaddr="172.17.17" | |
dns="${ipaddr}.1" | |
ipprefix="24" | |
serverpubkey="$(cat ../publickey)" || _error $LINENO | |
################################################# | |
################################################# | |
# Example wg0.conf | |
################################################# | |
# [Interface] | |
# Address = 172.17.17.1/24 | |
# PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
# PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE | |
# ListenPort = 51820 | |
# PrivateKey = [CHANGEME] | |
################################################# | |
# don't replace this [CHANGEME], it is a sanity check | |
if [[ "$endpoint" == "[CHANGEME]:51820" ]]; then | |
echo "Invalid endpoint config, update the '\$endpoint' variable in this script." | |
exit 1 | |
fi | |
# get args | |
peernum=0 | |
if [[ $# == 1 ]]; then | |
peernum=$1 | |
# check if ip octet will be exceeded | |
if (( $peernum + 2 > 254 )); then | |
echo "Script error: IP octet for peer will exceed 254." | |
_error $LINENO | |
fi | |
else | |
echo "Usage: $0 [peer number]" | |
exit 1 | |
fi | |
# create peer folder | |
mkdir $peernum || _error $LINENO | |
pushd $peernum || _error $LINENO | |
# generate peer secrets | |
wg genkey | tee privatekey | wg pubkey > publickey || _error $LINENO | |
wg genpsk > preshared || _error $LINENO | |
peerpubkey=$(cat publickey) | |
peerprivkey=$(cat privatekey) | |
peerpreshared=$(cat preshared) | |
# peer ip address | |
peerip=${ipaddr}.$((peernum+2)) | |
echo "Peer IP: $peerip" | |
################################################# | |
echo "Creating $peernum/peer.conf ..." | |
peerpath="$PWD/peer.conf" | |
cat > peer.conf <<EOF | |
[Interface] | |
Address = ${peerip}/${ipprefix} | |
PrivateKey = $peerprivkey | |
DNS = ${dns} | |
[Peer] | |
PublicKey = $serverpubkey | |
PresharedKey = $peerpreshared | |
AllowedIPs = 0.0.0.0/0 | |
Endpoint = $endpoint | |
EOF | |
################################################# | |
popd # exit peernum folder | |
################################################# | |
echo "Updating wg0.conf ..." | |
cp -v ../wg0.conf ../wg0.conf.bak | |
cat >> ../wg0.conf <<EOF | |
# $peernum | |
[Peer] | |
PublicKey = $peerpubkey | |
PresharedKey = $peerpreshared | |
AllowedIPs = ${peerip}/32 | |
EOF | |
################################################# | |
# restart wireguard | |
systemctl daemon-reload | |
systemctl restart wg-quick@wg0.service | |
wg show wg0 | |
echo | |
echo "Peer config at: $peerpath" | |
echo "For a QR code, run: qrencode -t ansiutf8 < $peerpath" | |
echo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment