cloudnull · March 9, 2019 01:58
diff --git a/gistfile1.txt b/gistfile1.txt
 sysctl -w net.ipv4.ip_forward=1 | tee /etc/sysctl.d/10-wireguard.conf
 sysctl -w net.ipv4.conf.all.proxy_arp=1 | tee -a /etc/sysctl.d/10-wireguard.conf


 pushd /etc/wireguard
  wg genkey | tee privatekey | wg pubkey > publickey
  wg genpsk > preshared
 popd 


 pushd /etc/wireguard
  wg genkey | tee x1-privatekey | wg pubkey > x1-publickey
 popd


 cat > /etc/wireguard/wg0.conf <<EOF
 [Interface]
 PrivateKey = $(cat /etc/wireguard/privatekey)
 Address = 10.100.100.1/24
 ListenPort = 51820
 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $(ip r g 1 | awk '{print $5}') -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(ip r g 1 | awk '{print $5}') -j MASQUERADE; 
 PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $(ip r g 1 | awk '{print $5}') -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(ip r g 1 | awk '{print $5}') -j MASQUERADE;
 SaveConfig = true

 [Peer]
 PublicKey = $(cat /etc/wireguard/x1-publickey)
 PresharedKey = $(cat /etc/wireguard/preshared)
 PersistentKeepalive = 25
 AllowedIPs = 10.100.100.101/32
 EOF


 systemctl restart wg-quick@wg0


 cat > /etc/wireguard/x1.client <<EOF
 [Interface]
 Address = 10.100.100.101/24
 PrivateKey = $(cat /etc/wireguard/x1-privatekey)
 DNS = 10.100.100.1, 8.8.8.8

 [Peer]
 PublicKey = $(cat /etc/wireguard/x1-publickey)
 PresharedKey = $(cat /etc/wireguard/preshared)
 Endpoint = $(ip r g 1 | awk '{print $7}'):51820
 PersistentKeepalive = 25
 AllowedIPs = 0.0.0.0/0, ::/0
 EOF


 echo "server address: $(ip -o a l | grep $(ip r g 1 | awk '{print $5}') | awk '/inet/ {print $4}' | tr '\n' ' ')"


 cat /etc/wireguard/x1.client
	sysctl -w net.ipv4.ip_forward=1 \| tee /etc/sysctl.d/10-wireguard.conf
	sysctl -w net.ipv4.conf.all.proxy_arp=1 \| tee -a /etc/sysctl.d/10-wireguard.conf


	pushd /etc/wireguard
	wg genkey \| tee privatekey \| wg pubkey > publickey
	wg genpsk > preshared
	popd


	pushd /etc/wireguard
	wg genkey \| tee x1-privatekey \| wg pubkey > x1-publickey
	popd


	cat > /etc/wireguard/wg0.conf <<EOF
	[Interface]
	PrivateKey = $(cat /etc/wireguard/privatekey)
	Address = 10.100.100.1/24
	ListenPort = 51820
	PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $(ip r g 1 \| awk '{print $5}') -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(ip r g 1 \| awk '{print $5}') -j MASQUERADE;
	PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $(ip r g 1 \| awk '{print $5}') -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(ip r g 1 \| awk '{print $5}') -j MASQUERADE;
	SaveConfig = true

	[Peer]
	PublicKey = $(cat /etc/wireguard/x1-publickey)
	PresharedKey = $(cat /etc/wireguard/preshared)
	PersistentKeepalive = 25
	AllowedIPs = 10.100.100.101/32
	EOF


	systemctl restart wg-quick@wg0


	cat > /etc/wireguard/x1.client <<EOF
	[Interface]
	Address = 10.100.100.101/24
	PrivateKey = $(cat /etc/wireguard/x1-privatekey)
	DNS = 10.100.100.1, 8.8.8.8

	[Peer]
	PublicKey = $(cat /etc/wireguard/x1-publickey)
	PresharedKey = $(cat /etc/wireguard/preshared)
	Endpoint = $(ip r g 1 \| awk '{print $7}'):51820
	PersistentKeepalive = 25
	AllowedIPs = 0.0.0.0/0, ::/0
	EOF


	echo "server address: $(ip -o a l \| grep $(ip r g 1 \| awk '{print $5}') \| awk '/inet/ {print $4}' \| tr '\n' ' ')"


	cat /etc/wireguard/x1.client