riipandi/wireguard-ubuntu.sh

## wireguard-ubuntu.sh
#!/bin/bash
if [[ $EUID -ne 0 ]]; then echo 'This script must be run as root' ; exit 1 ; fi
[ -z $ROOTDIR ] && PWD=$(dirname $(dirname $(readlink -f $0))) || PWD=$ROOTDIR
source "$PWD/setup.sh"

# --------------------------------------------------------------------------------------------------
# Install and configure WireGuard server
# --------------------------------------------------------------------------------------------------
LC_ALL=C.UTF-8 add-apt-repository -y ppa:wireguard/wireguard && apt -y full-upgrade
apt -y install linux-headers-$(uname -r) wireguard iptables resolvconf qrencode gpw

# Enable routing on the server
crudini --set /etc/sysctl.conf '' 'net.ipv4.ip_forward'   '1'
crudini --set /etc/sysctl.conf '' 'net.ipv6.conf.all.forwarding' '1'
sysctl -p

# Generate server key pair
mkdir -p /etc/wireguard/clients && chmod 600 -R /etc/wireguard
wg genkey | sudo tee /etc/wireguard/private_key >/dev/null 2>&1
cat /etc/wireguard/private_key | wg pubkey | sudo tee /etc/wireguard/public_key >/dev/null 2>&1

# Save WireGuard settings
cat << EOF | sudo tee -a /etc/wireguard/params
SERVER_PUB_IP=$(curl -s ifconfig.me)
SERVER_PUB_NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
SERVER_WG_NIC=wg0
SERVER_WG_IPV4=10.66.66.1
SERVER_WG_IPV6=fd42:42:42::1
SERVER_PORT=51820
SERVER_PRIV_KEY=$(cat /etc/wireguard/private_key)
SERVER_PUB_KEY=$(cat /etc/wireguard/public_key)
EOF

# Add server interface and iptables forwarding rules
source /etc/wireguard/params
cat << EOF | sudo tee /etc/wireguard/$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC').conf
[Interface]
Address = $(crudini --get /etc/wireguard/params '' 'SERVER_WG_IPV4')/24,$(crudini --get /etc/wireguard/params '' 'SERVER_WG_IPV6')/64
ListenPort = $(crudini --get /etc/wireguard/params '' 'SERVER_PORT')
PrivateKey = $(crudini --get /etc/wireguard/params '' 'SERVER_PRIV_KEY')
PostUp = iptables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
PostDown = iptables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
EOF

# Check if WireGuard is running
systemctl start "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
systemctl enable "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
systemctl is-active --quiet "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
netstat -pltnu | grep 51820

# --------------------------------------------------------------------------------------------------
# Create and configure WireGuard Client
# --------------------------------------------------------------------------------------------------

# Client parameter
source /etc/wireguard/params
CLIENT_WG_IPV4="10.66.66.2"
CLIENT_WG_IPV6="fd42:42:42::2"
CLIENT_DNS_1="176.103.130.130"
CLIENT_DNS_2="176.103.130.131"
CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "$CLIENT_PRIV_KEY" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
CLIENT_ENDPOINT="$SERVER_PUB_IP:$SERVER_PORT"
CLIENT_NAME=$(gpw 1 8)

# Create client file and add the server as a peer
cat << EOF | sudo tee /etc/wireguard/clients/$SERVER_WG_NIC-client-$CLIENT_NAME.conf
[Interface]
PrivateKey = $CLIENT_PRIV_KEY
Address = $CLIENT_WG_IPV4/24,$CLIENT_WG_IPV6/64
DNS = $CLIENT_DNS_1,$CLIENT_DNS_2

[Peer]
PublicKey = $SERVER_PUB_KEY
PresharedKey = $CLIENT_PRE_SHARED_KEY
Endpoint = $CLIENT_ENDPOINT
AllowedIPs = 0.0.0.0/0,::/0
EOF

# Add the client as a peer to the server
cat << EOF | sudo tee -a /etc/wireguard/$SERVER_WG_NIC.conf
[Peer]
PublicKey = $CLIENT_PUB_KEY
PresharedKey = $CLIENT_PRE_SHARED_KEY
AllowedIPs = $CLIENT_WG_IPV4/32,$CLIENT_WG_IPV6/128
EOF

systemctl restart "wg-quick@$SERVER_WG_NIC"
systemctl status "wg-quick@$SERVER_WG_NIC"
netstat -pltnu | grep 51820

# Print client config qrcode
qrencode -t ansiutf8 -l L < /etc/wireguard/clients/$SERVER_WG_NIC-client-$CLIENT_NAME.conf
	#!/bin/bash
	if [[ $EUID -ne 0 ]]; then echo 'This script must be run as root' ; exit 1 ; fi
	[ -z $ROOTDIR ] && PWD=$(dirname $(dirname $(readlink -f $0))) \|\| PWD=$ROOTDIR
	source "$PWD/setup.sh"

	# --------------------------------------------------------------------------------------------------
	# Install and configure WireGuard server
	# --------------------------------------------------------------------------------------------------
	LC_ALL=C.UTF-8 add-apt-repository -y ppa:wireguard/wireguard && apt -y full-upgrade
	apt -y install linux-headers-$(uname -r) wireguard iptables resolvconf qrencode gpw

	# Enable routing on the server
	crudini --set /etc/sysctl.conf '' 'net.ipv4.ip_forward' '1'
	crudini --set /etc/sysctl.conf '' 'net.ipv6.conf.all.forwarding' '1'
	sysctl -p

	# Generate server key pair
	mkdir -p /etc/wireguard/clients && chmod 600 -R /etc/wireguard
	wg genkey \| sudo tee /etc/wireguard/private_key >/dev/null 2>&1
	cat /etc/wireguard/private_key \| wg pubkey \| sudo tee /etc/wireguard/public_key >/dev/null 2>&1

	# Save WireGuard settings
	cat << EOF \| sudo tee -a /etc/wireguard/params
	SERVER_PUB_IP=$(curl -s ifconfig.me)
	SERVER_PUB_NIC=$(ip -4 route ls \| grep default \| grep -Po '(?<=dev )(\S+)' \| head -1)
	SERVER_WG_NIC=wg0
	SERVER_WG_IPV4=10.66.66.1
	SERVER_WG_IPV6=fd42:42:42::1
	SERVER_PORT=51820
	SERVER_PRIV_KEY=$(cat /etc/wireguard/private_key)
	SERVER_PUB_KEY=$(cat /etc/wireguard/public_key)
	EOF

	# Add server interface and iptables forwarding rules
	source /etc/wireguard/params
	cat << EOF \| sudo tee /etc/wireguard/$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC').conf
	[Interface]
	Address = $(crudini --get /etc/wireguard/params '' 'SERVER_WG_IPV4')/24,$(crudini --get /etc/wireguard/params '' 'SERVER_WG_IPV6')/64
	ListenPort = $(crudini --get /etc/wireguard/params '' 'SERVER_PORT')
	PrivateKey = $(crudini --get /etc/wireguard/params '' 'SERVER_PRIV_KEY')
	PostUp = iptables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
	PostDown = iptables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
	EOF

	# Check if WireGuard is running
	systemctl start "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
	systemctl enable "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
	systemctl is-active --quiet "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
	netstat -pltnu \| grep 51820

	# --------------------------------------------------------------------------------------------------
	# Create and configure WireGuard Client
	# --------------------------------------------------------------------------------------------------

	# Client parameter
	source /etc/wireguard/params
	CLIENT_WG_IPV4="10.66.66.2"
	CLIENT_WG_IPV6="fd42:42:42::2"
	CLIENT_DNS_1="176.103.130.130"
	CLIENT_DNS_2="176.103.130.131"
	CLIENT_PRIV_KEY=$(wg genkey)
	CLIENT_PUB_KEY=$(echo "$CLIENT_PRIV_KEY" \| wg pubkey)
	CLIENT_PRE_SHARED_KEY=$(wg genpsk)
	CLIENT_ENDPOINT="$SERVER_PUB_IP:$SERVER_PORT"
	CLIENT_NAME=$(gpw 1 8)

	# Create client file and add the server as a peer
	cat << EOF \| sudo tee /etc/wireguard/clients/$SERVER_WG_NIC-client-$CLIENT_NAME.conf
	[Interface]
	PrivateKey = $CLIENT_PRIV_KEY
	Address = $CLIENT_WG_IPV4/24,$CLIENT_WG_IPV6/64
	DNS = $CLIENT_DNS_1,$CLIENT_DNS_2

	[Peer]
	PublicKey = $SERVER_PUB_KEY
	PresharedKey = $CLIENT_PRE_SHARED_KEY
	Endpoint = $CLIENT_ENDPOINT
	AllowedIPs = 0.0.0.0/0,::/0
	EOF

	# Add the client as a peer to the server
	cat << EOF \| sudo tee -a /etc/wireguard/$SERVER_WG_NIC.conf
	[Peer]
	PublicKey = $CLIENT_PUB_KEY
	PresharedKey = $CLIENT_PRE_SHARED_KEY
	AllowedIPs = $CLIENT_WG_IPV4/32,$CLIENT_WG_IPV6/128
	EOF

	systemctl restart "wg-quick@$SERVER_WG_NIC"
	systemctl status "wg-quick@$SERVER_WG_NIC"
	netstat -pltnu \| grep 51820

	# Print client config qrcode
	qrencode -t ansiutf8 -l L < /etc/wireguard/clients/$SERVER_WG_NIC-client-$CLIENT_NAME.conf