Created
September 17, 2020 21:48
-
-
Save veggiemonk/d326552d7f970b1549c761962f5c80ad to your computer and use it in GitHub Desktop.
automated Install wireguard script for Ubuntu 20.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@!/usr/bin/env bash | |
set -xe | |
sudo apt update && sudo apt install -y wireguard | |
export CLIENT_PUBLIC_KEY="[INSERT CLIENT PUB KEY HERE]" | |
export CLIENT_VPN_IP="10.0.0.2" # change this if necessary, the server vpn ip is 10.0.0.1 as defined in the config | |
export SERVER_NAME="serverwg" | |
export INTERFACE_WG="wg0" | |
sudo mkdir -p /etc/wireguard/keys; | |
wg genkey | sudo tee "/etc/wireguard/keys/${SERVER_NAME}.key" | \ | |
wg pubkey | sudo tee "/etc/wireguard/keys/${SERVER_NAME}.key.pub"; | |
echo | |
echo "CREATING THE SERVER CONFIG" | |
echo | |
DEFAULT_INTERFACE="$(ip -o -4 route show to default | awk '{print $5}')" | |
PRIVATE_KEY=$(sudo cat /etc/wireguard/keys/beefy.key) | |
cat << EOF | sudo tee "/etc/wireguard/${INTERFACE_WG}.conf" | |
[Interface] | |
Address = 10.0.0.1/24 | |
ListenPort = 51820 | |
PrivateKey = ${PRIVATE_KEY} | |
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ${DEFAULT_INTERFACE} -j MASQUERADE | |
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ${DEFAULT_INTERFACE} -j MASQUERADE | |
SaveConfig = true | |
EOF | |
sudo chmod 600 "/etc/wireguard/${INTERFACE_WG}.conf" "/etc/wireguard/keys/${SERVER_NAME}.key" | |
echo | |
echo "ACTIVATING WIREGUARD SERVICE" | |
echo | |
sudo wg-quick up "${INTERFACE_WG}" | |
sudo wg show "${INTERFACE_WG}" | |
echo | |
echo "ENABLE WIREGUARD SERVICE AT BOOT" | |
echo | |
sudo systemctl enable wg-quick@wg0 | |
echo | |
echo "SETTING UP IP FORWARDING" | |
echo | |
sudo sed -i 's/^#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf | |
sudo sysctl -p | |
echo | |
echo "ACTIVATING FIREWALL" | |
echo | |
sudo ufw allow 51820/udp | |
sudo ufw allow 22/udp # might want to keep ssh open ;-) | |
sudo ufw enable # this will prompt yes/no :( | |
sudo ufw status verbose | |
echo | |
echo "AUTHORIZE CLIENT" | |
echo | |
sudo wg set "${INTERFACE_WG}" peer "${CLIENT_PUBLIC_KEY}" allowed-ips "${CLIENT_VPN_IP}" | |
echo | |
echo "SERVER PUBLIC KEY" | |
echo | |
echo "copy it to your client's configuration" | |
echo | |
sudo wg show "${INTERFACE_WG}" public-key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment