Bash-Skriptgerüst zum Anlegen eines WireGuard-Zugangs inkl. hosts-Eintrag, Name und IP-Adressanteil sind als Parameter anzugeben

wgaddclient.sh

#!/bin/bash

NAME=$1
IP=$2

[ -e /etc/wireguard/$NAME.key ] && echo "Already present" && exit

DNS="1.1.1.1,2606:4700:4700::1111"
HOST="wg.example.com:12345"
SRVPUB=$(cat /etc/wireguard/private.key | wg pubkey)
PSK=$(cat /etc/wireguard/psk.key | wg pubkey)
wg genkey > /etc/wireguard/$NAME.key
chmod 600 /etc/wireguard/$NAME.key
PRIV=$(cat /etc/wireguard/$NAME.key)
PUB=$(echo $PRIV | wg pubkey)

echo "" >> /etc/wireguard/wg0.conf
echo "[peer]" >> /etc/wireguard/wg0.conf
echo "PublicKey = $PUB" >> /etc/wireguard/wg0.conf
echo "PresharedKey = $PSK" >> /etc/wireguard/wg0.conf
echo "AllowedIPs = 192.168.42.$IP, fd00:42::$IP/128" >> /etc/wireguard/wg0.conf

mkdir -p /etc/wireguard/clients
chmod 700 /etc/wireguard/clients

echo "[Interface]" > /etc/wireguard/clients/$NAME.conf
echo "PrivateKey = $PRIV" >> /etc/wireguard/clients/$NAME.conf
echo "Address = 192.168.42.$IP, fd00:42::$IP/128" >> /etc/wireguard/clients/$NAME.conf
echo "DNS = $DNS" >> /etc/wireguard/clients/$NAME.conf
echo "" >> /etc/wireguard/clients/$NAME.conf
echo "[Peer]" >> /etc/wireguard/clients/$NAME.conf
echo "PublicKey = $SRVPUB" >> /etc/wireguard/clients/$NAME.conf
echo "PresharedKey = $PSK" >> /etc/wireguard/clients/$NAME.conf
echo "Endpoint = $HOST" >> /etc/wireguard/clients/$NAME.conf
echo "AllowedIPs = 0.0.0.0/0, ::/0" >> /etc/wireguard/clients/$NAME.conf
chmod 600 /etc/wireguard/clients/$NAME.conf

echo "" >> /etc/hosts
echo "192.168.42.$IP	$NAME" >> /etc/hosts
echo "fd00:42::$IP	$NAME" >> /etc/hosts

wg setconf wg0 /etc/wireguard/wg0.conf