wassup-/create-vpn-client.sh

## create-vpn-client.sh
#!/usr/bin/env bash

# usage: create-vpn-client name
#
# stores client configurations in /etc/wireguard/clients/
# will expose server LAN to clients
#
# assumes the wireguard configuration directory is /etc/wireguard/
# assumed the wireguard interface is wg0
# assumes qrencode is installed

# fail on first error
set -euo pipefail

# make sure we have admin rights
if [[ $EUID > 0 ]]; then
    echo >&2 "Need admin rights"
    exit 1
fi

# make sure the name argument is present
if [ $# -ne 1 ]; then
    echo >&2 "usage: create-vpn-client name"
    exit 1;
elif [[ "$1" =~ [^0-9a-zA-Z_-] ]]; then
    echo >&2 "name may only contain alphanumerical characters (and the '_' and '-' characters)"
    exit 1;
fi

name=${1,,}

umask 077

# create the clients directory if it does not exist already
mkdir -p /etc/wireguard/clients

SERVER_LAN="192.168.178.0/24"
NUM_CLIENTS=$(ls -1q /etc/wireguard/clients/*.conf | wc -l)
PEER_NUM=$((NUM_CLIENTS+2)) # + 2 because server has .1
ipv4="10.100.0.${PEER_NUM}"
ipv6="fd08:4711::${PEER_NUM}"

# create client keys
wg genkey | tee "/etc/wireguard/clients/${name}.key" | wg pubkey > "/etc/wireguard/clients/${name}.pub"
wg genpsk > "/etc/wireguard/clients/${name}.psk"

# update server config
echo "" >> /etc/wireguard/wg0.conf
echo "[Peer]" >> /etc/wireguard/wg0.conf
echo "PublicKey = $(cat "/etc/wireguard/clients/${name}.pub")" >> /etc/wireguard/wg0.conf
echo "PresharedKey = $(cat "/etc/wireguard/clients/${name}.psk")" >> /etc/wireguard/wg0.conf
echo "AllowedIPs = ${ipv4}/32, ${ipv6}/128" >> /etc/wireguard/wg0.conf

# restart server to apply changes
systemctl restart wg-quick@wg0

# create client config
echo "[Interface]" > "/etc/wireguard/clients/${name}.conf"
echo "Address = ${ipv4}/32, ${ipv6}/128" >> "/etc/wireguard/clients/${name}.conf"
echo "PrivateKey = $(cat "/etc/wireguard/clients/${name}.key")" >> "/etc/wireguard/clients/${name}.conf"
echo "" >> "/etc/wireguard/clients/${name}.conf"
echo "[Peer]" >> "/etc/wireguard/clients/${name}.conf"
echo "AllowedIPs = 10.100.0.1/32, fd08:4711::1/128, ${SERVER_LAN}" >> "/etc/wireguard/clients/${name}.conf"
echo "Endpoint = vpn.ddns.knapen.io:47111" >> "/etc/wireguard/clients/${name}.conf"
echo "PersistentKeepalive = 25" >> "/etc/wireguard/clients/${name}.conf"
echo "PublicKey = $(cat /etc/wireguard/server.pub)" >> "/etc/wireguard/clients/${name}.conf"
echo "PresharedKey = $(cat "/etc/wireguard/clients/${name}.psk")" >> "/etc/wireguard/clients/${name}.conf"

# display QR code for scanning with WireGuard app
qrencode -t ansiutf8 -r "/etc/wireguard/clients/${name}.conf"
	#!/usr/bin/env bash

	# usage: create-vpn-client name
	#
	# stores client configurations in /etc/wireguard/clients/
	# will expose server LAN to clients
	#
	# assumes the wireguard configuration directory is /etc/wireguard/
	# assumed the wireguard interface is wg0
	# assumes qrencode is installed

	# fail on first error
	set -euo pipefail

	# make sure we have admin rights
	if [[ $EUID > 0 ]]; then
	echo >&2 "Need admin rights"
	exit 1
	fi

	# make sure the name argument is present
	if [ $# -ne 1 ]; then
	echo >&2 "usage: create-vpn-client name"
	exit 1;
	elif [[ "$1" =~ [^0-9a-zA-Z_-] ]]; then
	echo >&2 "name may only contain alphanumerical characters (and the '_' and '-' characters)"
	exit 1;
	fi

	name=${1,,}

	umask 077

	# create the clients directory if it does not exist already
	mkdir -p /etc/wireguard/clients

	SERVER_LAN="192.168.178.0/24"
	NUM_CLIENTS=$(ls -1q /etc/wireguard/clients/*.conf \| wc -l)
	PEER_NUM=$((NUM_CLIENTS+2)) # + 2 because server has .1
	ipv4="10.100.0.${PEER_NUM}"
	ipv6="fd08:4711::${PEER_NUM}"

	# create client keys
	wg genkey \| tee "/etc/wireguard/clients/${name}.key" \| wg pubkey > "/etc/wireguard/clients/${name}.pub"
	wg genpsk > "/etc/wireguard/clients/${name}.psk"

	# update server config
	echo "" >> /etc/wireguard/wg0.conf
	echo "[Peer]" >> /etc/wireguard/wg0.conf
	echo "PublicKey = $(cat "/etc/wireguard/clients/${name}.pub")" >> /etc/wireguard/wg0.conf
	echo "PresharedKey = $(cat "/etc/wireguard/clients/${name}.psk")" >> /etc/wireguard/wg0.conf
	echo "AllowedIPs = ${ipv4}/32, ${ipv6}/128" >> /etc/wireguard/wg0.conf

	# restart server to apply changes
	systemctl restart wg-quick@wg0

	# create client config
	echo "[Interface]" > "/etc/wireguard/clients/${name}.conf"
	echo "Address = ${ipv4}/32, ${ipv6}/128" >> "/etc/wireguard/clients/${name}.conf"
	echo "PrivateKey = $(cat "/etc/wireguard/clients/${name}.key")" >> "/etc/wireguard/clients/${name}.conf"
	echo "" >> "/etc/wireguard/clients/${name}.conf"
	echo "[Peer]" >> "/etc/wireguard/clients/${name}.conf"
	echo "AllowedIPs = 10.100.0.1/32, fd08:4711::1/128, ${SERVER_LAN}" >> "/etc/wireguard/clients/${name}.conf"
	echo "Endpoint = vpn.ddns.knapen.io:47111" >> "/etc/wireguard/clients/${name}.conf"
	echo "PersistentKeepalive = 25" >> "/etc/wireguard/clients/${name}.conf"
	echo "PublicKey = $(cat /etc/wireguard/server.pub)" >> "/etc/wireguard/clients/${name}.conf"
	echo "PresharedKey = $(cat "/etc/wireguard/clients/${name}.psk")" >> "/etc/wireguard/clients/${name}.conf"

	# display QR code for scanning with WireGuard app
	qrencode -t ansiutf8 -r "/etc/wireguard/clients/${name}.conf"