1mm0rt41PC · April 24, 2022 21:22
diff --git a/wireguard-generator.sh b/wireguard-generator.sh
 #!/bin/bash
 apt-get install wireguard qrencode wireguard-dkms -y
 modprobe wireguard
 lsmod | grep wireguard

 mkdir -p /etc/wireguard
 wg-quick down wg0 2>&1 >/dev/null

 export wg_key=`wg genkey`
 export wg_psk=`wg genkey`
 export wg_pub=`echo -n $wg_key | wg pubkey`
 [ -z "$wg_eth" ] && export wg_eth='ens3'
 [ -z "$wg_endpoint" ] && export wg_endpoint='example.lo:1337'
 [ -z "$wg_rng" ] && export wg_rng='10.13.37'
 [ -z "$wg_dns" ] && export wg_dns='9.9.9.9'
 export wg_port=`echo -n $wg_endpoint | cut -d : -f 2`

 cat <<EOD > /etc/wireguard/wg0.conf
 [Interface]
 Address = ${wg_rng}.1/24
 ListenPort = $wg_port
 PrivateKey = $wg_key
 #PublicKey = $wg_pub
 PostUp = sysctl -w net.ipv4.ip_forward=1
 PostUp = sysctl -w net.ipv6.conf.all.forwarding=1
 PostUp = sysctl -w net.ipv4.conf.all.rp_filter=1
 PostUp = sysctl -w net.ipv4.conf.default.rp_filter=1
 PostUp = iptables -I INPUT 1 -i ${wg_eth} -p udp --dport ${wg_port} -j ACCEPT
 PostUp = iptables  -A FORWARD -i %i -j ACCEPT; iptables  -t nat -A POSTROUTING -o $wg_eth -j MASQUERADE
 PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $wg_eth -j MASQUERADE
 PostDown = sysctl -w net.ipv4.ip_forward=0
 PostDown = sysctl -w net.ipv6.conf.all.forwarding=0
 PostDown = sysctl -w net.ipv4.conf.all.rp_filter=0
 PostDown = sysctl -w net.ipv4.conf.default.rp_filter=0
 PostDown = iptables -D INPUT -i ${wg_eth} -p udp --dport ${wg_port} -j ACCEPT
 PostDown = iptables  -D FORWARD -i %i -j ACCEPT; iptables  -t nat -D POSTROUTING -o $wg_eth -j MASQUERADE
 PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $wg_eth -j MASQUERADE

 EOD

 for i in `seq 2 3`; do
 	export wg_key_cli=`wg genkey`
 	export wg_pub_cli=`echo -n $wg_key_cli | wg pubkey`
 	cat <<EOD >> /etc/wireguard/wg0.conf
 [Peer]
 # Name = Client $i
 PublicKey = $wg_pub_cli
 PresharedKey = $wg_psk
 AllowedIPs = ${wg_rng}.$i/32
 PersistentKeepalive = 120
 EOD
 	cat <<EOD > /etc/wireguard/wg0-cli$i.conf
 [Interface]
 #PublicKey = $wg_pub_cli
 PrivateKey = $wg_key_cli
 Address = ${wg_rng}.$i/32
 DNS = $wg_dns

 [Peer]
 PublicKey = $wg_pub
 PresharedKey = $wg_psk
 AllowedIPs = 0.0.0.0/0
 Endpoint = $wg_endpoint
 EOD
 	qrencode -t ansiutf8 < /etc/wireguard/wg0-cli$i.conf
 done

 chmod 600 /etc/wireguard/*

 wg-quick up wg0
 systemctl enable wg-quick@wg0
	#!/bin/bash
	apt-get install wireguard qrencode wireguard-dkms -y
	modprobe wireguard
	lsmod \| grep wireguard

	mkdir -p /etc/wireguard
	wg-quick down wg0 2>&1 >/dev/null

	export wg_key=`wg genkey`
	export wg_psk=`wg genkey`
	export wg_pub=`echo -n $wg_key \| wg pubkey`
	[ -z "$wg_eth" ] && export wg_eth='ens3'
	[ -z "$wg_endpoint" ] && export wg_endpoint='example.lo:1337'
	[ -z "$wg_rng" ] && export wg_rng='10.13.37'
	[ -z "$wg_dns" ] && export wg_dns='9.9.9.9'
	export wg_port=`echo -n $wg_endpoint \| cut -d : -f 2`

	cat <<EOD > /etc/wireguard/wg0.conf
	[Interface]
	Address = ${wg_rng}.1/24
	ListenPort = $wg_port
	PrivateKey = $wg_key
	#PublicKey = $wg_pub
	PostUp = sysctl -w net.ipv4.ip_forward=1
	PostUp = sysctl -w net.ipv6.conf.all.forwarding=1
	PostUp = sysctl -w net.ipv4.conf.all.rp_filter=1
	PostUp = sysctl -w net.ipv4.conf.default.rp_filter=1
	PostUp = iptables -I INPUT 1 -i ${wg_eth} -p udp --dport ${wg_port} -j ACCEPT
	PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $wg_eth -j MASQUERADE
	PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $wg_eth -j MASQUERADE
	PostDown = sysctl -w net.ipv4.ip_forward=0
	PostDown = sysctl -w net.ipv6.conf.all.forwarding=0
	PostDown = sysctl -w net.ipv4.conf.all.rp_filter=0
	PostDown = sysctl -w net.ipv4.conf.default.rp_filter=0
	PostDown = iptables -D INPUT -i ${wg_eth} -p udp --dport ${wg_port} -j ACCEPT
	PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $wg_eth -j MASQUERADE
	PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $wg_eth -j MASQUERADE

	EOD

	for i in `seq 2 3`; do
	export wg_key_cli=`wg genkey`
	export wg_pub_cli=`echo -n $wg_key_cli \| wg pubkey`
	cat <<EOD >> /etc/wireguard/wg0.conf
	[Peer]
	# Name = Client $i
	PublicKey = $wg_pub_cli
	PresharedKey = $wg_psk
	AllowedIPs = ${wg_rng}.$i/32
	PersistentKeepalive = 120
	EOD
	cat <<EOD > /etc/wireguard/wg0-cli$i.conf
	[Interface]
	#PublicKey = $wg_pub_cli
	PrivateKey = $wg_key_cli
	Address = ${wg_rng}.$i/32
	DNS = $wg_dns

	[Peer]
	PublicKey = $wg_pub
	PresharedKey = $wg_psk
	AllowedIPs = 0.0.0.0/0
	Endpoint = $wg_endpoint
	EOD
	qrencode -t ansiutf8 < /etc/wireguard/wg0-cli$i.conf
	done

	chmod 600 /etc/wireguard/*

	wg-quick up wg0
	systemctl enable wg-quick@wg0