veggiemonk/install_wireguard.sh

## install_wireguard.sh
@!/usr/bin/env bash

set -xe

sudo apt update && sudo apt install -y wireguard

export CLIENT_PUBLIC_KEY="[INSERT CLIENT PUB KEY HERE]"
export CLIENT_VPN_IP="10.0.0.2" # change this if necessary, the server vpn ip is 10.0.0.1 as defined in the config

export SERVER_NAME="serverwg"
export INTERFACE_WG="wg0"

sudo mkdir -p /etc/wireguard/keys;

wg genkey | sudo tee "/etc/wireguard/keys/${SERVER_NAME}.key" | \
    wg pubkey | sudo tee "/etc/wireguard/keys/${SERVER_NAME}.key.pub";

echo
echo "CREATING THE SERVER CONFIG"
echo

DEFAULT_INTERFACE="$(ip -o -4 route show to default | awk '{print $5}')"

PRIVATE_KEY=$(sudo cat /etc/wireguard/keys/beefy.key)

cat << EOF | sudo tee "/etc/wireguard/${INTERFACE_WG}.conf"
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = ${PRIVATE_KEY}
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ${DEFAULT_INTERFACE} -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ${DEFAULT_INTERFACE} -j MASQUERADE
SaveConfig = true
EOF

sudo chmod 600 "/etc/wireguard/${INTERFACE_WG}.conf" "/etc/wireguard/keys/${SERVER_NAME}.key"

echo
echo "ACTIVATING WIREGUARD SERVICE"
echo

sudo wg-quick up "${INTERFACE_WG}"

sudo wg show "${INTERFACE_WG}"

echo
echo "ENABLE WIREGUARD SERVICE AT BOOT"
echo

sudo systemctl enable wg-quick@wg0

echo
echo "SETTING UP IP FORWARDING"
echo

sudo sed -i 's/^#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf

sudo sysctl -p

echo
echo "ACTIVATING FIREWALL"
echo

sudo ufw allow 51820/udp

sudo ufw allow 22/udp # might want to keep ssh open ;-)

sudo ufw enable # this will prompt yes/no :(

sudo ufw status verbose

echo
echo "AUTHORIZE CLIENT"
echo

sudo wg set "${INTERFACE_WG}" peer "${CLIENT_PUBLIC_KEY}" allowed-ips "${CLIENT_VPN_IP}"

echo
echo "SERVER PUBLIC KEY"
echo
echo "copy it to your client's configuration"
echo

sudo wg show "${INTERFACE_WG}" public-key
	@!/usr/bin/env bash

	set -xe

	sudo apt update && sudo apt install -y wireguard

	export CLIENT_PUBLIC_KEY="[INSERT CLIENT PUB KEY HERE]"
	export CLIENT_VPN_IP="10.0.0.2" # change this if necessary, the server vpn ip is 10.0.0.1 as defined in the config

	export SERVER_NAME="serverwg"
	export INTERFACE_WG="wg0"

	sudo mkdir -p /etc/wireguard/keys;

	wg genkey \| sudo tee "/etc/wireguard/keys/${SERVER_NAME}.key" \| \
	wg pubkey \| sudo tee "/etc/wireguard/keys/${SERVER_NAME}.key.pub";

	echo
	echo "CREATING THE SERVER CONFIG"
	echo

	DEFAULT_INTERFACE="$(ip -o -4 route show to default \| awk '{print $5}')"

	PRIVATE_KEY=$(sudo cat /etc/wireguard/keys/beefy.key)

	cat << EOF \| sudo tee "/etc/wireguard/${INTERFACE_WG}.conf"
	[Interface]
	Address = 10.0.0.1/24
	ListenPort = 51820
	PrivateKey = ${PRIVATE_KEY}
	PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ${DEFAULT_INTERFACE} -j MASQUERADE
	PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ${DEFAULT_INTERFACE} -j MASQUERADE
	SaveConfig = true
	EOF

	sudo chmod 600 "/etc/wireguard/${INTERFACE_WG}.conf" "/etc/wireguard/keys/${SERVER_NAME}.key"

	echo
	echo "ACTIVATING WIREGUARD SERVICE"
	echo

	sudo wg-quick up "${INTERFACE_WG}"

	sudo wg show "${INTERFACE_WG}"

	echo
	echo "ENABLE WIREGUARD SERVICE AT BOOT"
	echo

	sudo systemctl enable wg-quick@wg0

	echo
	echo "SETTING UP IP FORWARDING"
	echo

	sudo sed -i 's/^#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf

	sudo sysctl -p

	echo
	echo "ACTIVATING FIREWALL"
	echo

	sudo ufw allow 51820/udp

	sudo ufw allow 22/udp # might want to keep ssh open ;-)

	sudo ufw enable # this will prompt yes/no :(

	sudo ufw status verbose

	echo
	echo "AUTHORIZE CLIENT"
	echo

	sudo wg set "${INTERFACE_WG}" peer "${CLIENT_PUBLIC_KEY}" allowed-ips "${CLIENT_VPN_IP}"

	echo
	echo "SERVER PUBLIC KEY"
	echo
	echo "copy it to your client's configuration"
	echo

	sudo wg show "${INTERFACE_WG}" public-key