Created
May 6, 2022 08:11
-
-
Save wassup-/4125838eaedd0638b1738a2ec1bbfcbe to your computer and use it in GitHub Desktop.
Create a new WireGuard VPN client
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# usage: create-vpn-client name | |
# | |
# stores client configurations in /etc/wireguard/clients/ | |
# will expose server LAN to clients | |
# | |
# assumes the wireguard configuration directory is /etc/wireguard/ | |
# assumed the wireguard interface is wg0 | |
# assumes qrencode is installed | |
# fail on first error | |
set -euo pipefail | |
# make sure we have admin rights | |
if [[ $EUID > 0 ]]; then | |
echo >&2 "Need admin rights" | |
exit 1 | |
fi | |
# make sure the name argument is present | |
if [ $# -ne 1 ]; then | |
echo >&2 "usage: create-vpn-client name" | |
exit 1; | |
elif [[ "$1" =~ [^0-9a-zA-Z_-] ]]; then | |
echo >&2 "name may only contain alphanumerical characters (and the '_' and '-' characters)" | |
exit 1; | |
fi | |
name=${1,,} | |
umask 077 | |
# create the clients directory if it does not exist already | |
mkdir -p /etc/wireguard/clients | |
SERVER_LAN="192.168.178.0/24" | |
NUM_CLIENTS=$(ls -1q /etc/wireguard/clients/*.conf | wc -l) | |
PEER_NUM=$((NUM_CLIENTS+2)) # + 2 because server has .1 | |
ipv4="10.100.0.${PEER_NUM}" | |
ipv6="fd08:4711::${PEER_NUM}" | |
# create client keys | |
wg genkey | tee "/etc/wireguard/clients/${name}.key" | wg pubkey > "/etc/wireguard/clients/${name}.pub" | |
wg genpsk > "/etc/wireguard/clients/${name}.psk" | |
# update server config | |
echo "" >> /etc/wireguard/wg0.conf | |
echo "[Peer]" >> /etc/wireguard/wg0.conf | |
echo "PublicKey = $(cat "/etc/wireguard/clients/${name}.pub")" >> /etc/wireguard/wg0.conf | |
echo "PresharedKey = $(cat "/etc/wireguard/clients/${name}.psk")" >> /etc/wireguard/wg0.conf | |
echo "AllowedIPs = ${ipv4}/32, ${ipv6}/128" >> /etc/wireguard/wg0.conf | |
# restart server to apply changes | |
systemctl restart wg-quick@wg0 | |
# create client config | |
echo "[Interface]" > "/etc/wireguard/clients/${name}.conf" | |
echo "Address = ${ipv4}/32, ${ipv6}/128" >> "/etc/wireguard/clients/${name}.conf" | |
echo "PrivateKey = $(cat "/etc/wireguard/clients/${name}.key")" >> "/etc/wireguard/clients/${name}.conf" | |
echo "" >> "/etc/wireguard/clients/${name}.conf" | |
echo "[Peer]" >> "/etc/wireguard/clients/${name}.conf" | |
echo "AllowedIPs = 10.100.0.1/32, fd08:4711::1/128, ${SERVER_LAN}" >> "/etc/wireguard/clients/${name}.conf" | |
echo "Endpoint = vpn.ddns.knapen.io:47111" >> "/etc/wireguard/clients/${name}.conf" | |
echo "PersistentKeepalive = 25" >> "/etc/wireguard/clients/${name}.conf" | |
echo "PublicKey = $(cat /etc/wireguard/server.pub)" >> "/etc/wireguard/clients/${name}.conf" | |
echo "PresharedKey = $(cat "/etc/wireguard/clients/${name}.psk")" >> "/etc/wireguard/clients/${name}.conf" | |
# display QR code for scanning with WireGuard app | |
qrencode -t ansiutf8 -r "/etc/wireguard/clients/${name}.conf" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment