Generates a WireGuard peer configuration file, including private, public, and pre-shared keys for secure VPN connections. Prompts the user for server address, port, peer details, and routing preferences, then outputs a ready-to-use configuration and server setup instructions.

generate_wireguard_peer.sh

#!/bin/bash

# Function to create a WireGuard peer configuration
create_peer_config() {
    # Prompt the user for the VPN server address and port
    read -p "Please enter the VPN server address (e.g., vpn.example.com): " SERVER_ADDRESS
    read -p "Please enter the VPN server port (e.g., 51820): " SERVER_PORT

    # Ask the user for the name of the peer
    read -p "Please enter the name of the peer: " PEER_NAME
    
    # Create a directory for the peer's configuration files
    mkdir -p "./${PEER_NAME}"

    echo "Generating keys for the new WireGuard peer..."
    # Generate the private key and public key for the peer
    PRIVATE_KEY=$(wg genkey)
    PUBLIC_KEY=$(echo $PRIVATE_KEY | wg pubkey)
    # Generate a pre-shared key for additional security
    PRESHARED_KEY=$(wg genpsk)

    # Save the keys in separate files within the peer's directory
    echo $PRIVATE_KEY > "./${PEER_NAME}/privatekey"
    echo $PUBLIC_KEY > "./${PEER_NAME}/publickey"
    echo $PRESHARED_KEY > "./${PEER_NAME}/presharedkey"
    echo "Keys saved: ./${PEER_NAME}/privatekey, ./${PEER_NAME}/publickey, ./${PEER_NAME}/presharedkey"

    # Prompt the user to specify the IP address for the peer in the VPN network
    read -p "Please enter the IP address for the new peer (e.g., 10.8.0.2): " PEER_IP

    # Ask if all traffic should go through the VPN (default routes 0.0.0.0/0, ::/0)
    read -p "Do you want all traffic to go through the VPN? (Y/N): " ALL_TRAFFIC

    # Define AllowedIPs based on whether full traffic is routed through the VPN
    if [[ "$ALL_TRAFFIC" =~ ^[Yy]$ ]]; then
        ALLOWED_IPS="0.0.0.0/0, ::/0"  # Full traffic routed through VPN
    else
        ALLOWED_IPS="${PEER_IP}/32"     # Only specific IP for this peer
    fi

    # Create the peer's configuration file
    CONFIG_FILE="./${PEER_NAME}/home.conf"

    cat <<EOL > $CONFIG_FILE
[Interface]
# Private key of the peer
PrivateKey = $PRIVATE_KEY
# Assigned IP address within the VPN
Address = ${PEER_IP}/24
# DNS servers for the peer to use within the VPN
DNS = 9.9.9.9, 1.1.1.1

[Peer]
# Public key of the WireGuard server
PublicKey = SERVER_PUBLIC_KEY_PLACEHOLDER
# Pre-shared key for added encryption security
PresharedKey = $PRESHARED_KEY
# Allowed IPs determines which traffic goes through the VPN
AllowedIPs = $ALLOWED_IPS
# Keepalive packets to maintain the connection through NATs
PersistentKeepalive = 25
# Server endpoint address and port
Endpoint = ${SERVER_ADDRESS}:${SERVER_PORT}
EOL

    echo "Configuration file generated: $CONFIG_FILE"

    # Instructions for adding this peer to the WireGuard server configuration
    echo -e "\nTo add this peer to the WireGuard server, append the following to the server's wg0.conf:\n"
    echo -e "[Peer]"
    echo -e "# ${PEER_NAME}"
    echo -e "PublicKey = $PUBLIC_KEY"
    echo -e "PresharedKey = $PRESHARED_KEY"
    echo -e "AllowedIPs = ${PEER_IP}/32"
    echo -e "PersistentKeepalive = 25"
}

# Start the script by calling the function
create_peer_config

Description

This script generates a WireGuard peer configuration file by asking the user for the VPN server address, port, peer name, peer IP address, and traffic routing preferences. It sets up a secure VPN connection for the peer with optional full traffic routing through the VPN.

What the Script Does

1. Prompts for Server and Peer Details: The script first asks for the VPN server address and port, the peer name, and the peer’s VPN IP address.
2. Generates Cryptographic Keys: The script generates a private key, public key, and an optional pre-shared key for added security.
3. Sets Traffic Routing Options: The user can choose if all network traffic should route through the VPN, which affects the AllowedIPs setting. If “yes,” all traffic will route through the VPN. If “no,” only traffic specifically destined for the peer’s IP subnet will route through the VPN.
4. Creates a Configuration File: The script writes a configuration file (home.conf) for the peer, including all necessary WireGuard parameters: private key, DNS servers, server endpoint, and the peer's public key, as well as the optional pre-shared key.
5. Displays Server Configuration Instructions: Finally, the script outputs a configuration snippet that needs to be added to the server’s wg0.conf to register the new peer, enabling the VPN connection.

Usage

1. Make the script executable:

   chmod +x generate_wireguard_peer.sh 

2. Run the script:

   ./generate_wireguard_peer.sh 

3. Follow the prompts:
   • Server Address and Port: Enter the VPN server's domain or IP address and the port it uses.
   • Peer Name and IP Address: Enter a name for the peer and specify the IP address to be used within the VPN.
   • Traffic Routing: Choose if all traffic should be routed through the VPN (Y/N).

This process results in a configuration file with all necessary settings and instructions to connect the peer to the WireGuard server securely.