Skip to content

Instantly share code, notes, and snippets.

@domderen

domderen/init_wg_server_conf.py

Last active August 15, 2022 19:11
Show Gist options
  • Save domderen/d228a7f9bff9ae6c7bfb3be59b9a3bfd to your computer and use it in GitHub Desktop.
Save domderen/d228a7f9bff9ae6c7bfb3be59b9a3bfd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
init_wg_server_conf.py
from pathlib import Path
import sys
# from wireguard import Server
client_public_key = sys.argv[1]
server_private_key = sys.argv[2]
wg_interface_name = sys.argv[3] if len(sys.argv) > 3 else 'devenvsrv'
out_interface_name = sys.argv[4] if len(sys.argv) > 4 else 'ens5'
config_path = sys.argv[5] if len(sys.argv) > 5 else './'
# server = Server(
# 'devenv_server_1234',
# '192.168.24.0/24',
# interface=wg_interface_name,
# address='192.168.24.1',
# port=51820,
# private_key=server_private_key,
# pre_up=[
# 'sysctl -w net.ipv4.ip_forward=1',
# 'sysctl -w net.ipv6.conf.all.forwarding=1',
# f'iptables -t mangle -A PREROUTING -i {wg_interface_name} -j MARK --set-mark 0x30',
# f'iptables -t nat -A POSTROUTING ! -o {wg_interface_name} -m mark --mark 0x30 -j MASQUERADE'
# ],
# post_up = [
# f'ufw route allow in on {wg_interface_name} out on {out_interface_name}',
# f'ip6tables -t nat -I POSTROUTING -o {out_interface_name} -j MASQUERADE',
# ],
# pre_down=[
# f'ufw route delete allow in on {wg_interface_name} out on {out_interface_name}',
# f'ip6tables -t nat -D POSTROUTING -o {out_interface_name} -j MASQUERADE',
# ],
# post_down=[
# f'iptables -t mangle -D PREROUTING -i {wg_interface_name} -j MARK --set-mark 0x30',
# f'iptables -t nat -D POSTROUTING ! -o {wg_interface_name} -m mark --mark 0x30 -j MASQUERADE',
# ],
# )
# peer = server.peer(
# 'devenv_client_1234',
# address='192.168.24.2',
# port=51820,
# public_key=client_public_key,
# )
# Path('/root/wg_pub.key').write_text(server.public_key)
# print("__WIREGUARD_SERVER_PUBLIC_KEY__:", server.public_key)
# server.config().write(config_path)
content = """[Interface]
Address = {cidr}
ListenPort = {port}
PrivateKey = {server_private_key}
PreUp = sysctl -w net.ipv4.ip_forward=1
PreUp = sysctl -w net.ipv6.conf.all.forwarding=1
PreUp = iptables -t mangle -A PREROUTING -i {wg_interface_name} -j MARK --set-mark 0x30
PreUp = iptables -t nat -A POSTROUTING ! -o {wg_interface_name} -m mark --mark 0x30 -j MASQUERADE
PostUp = ufw route allow in on {wg_interface_name} out on {out_interface_name}
PostUp = ip6tables -t nat -I POSTROUTING -o {out_interface_name} -j MASQUERADE
PreDown = ufw route delete allow in on {wg_interface_name} out on {out_interface_name}
PreDown = ip6tables -t nat -D POSTROUTING -o {out_interface_name} -j MASQUERADE
PostDown = iptables -t mangle -D PREROUTING -i {wg_interface_name} -j MARK --set-mark 0x30
PostDown = iptables -t nat -D POSTROUTING ! -o {wg_interface_name} -m mark --mark 0x30 -j MASQUERADE
[Peer]
AllowedIPs = {client_allowed_ips}
PublicKey = {client_public_key}""".format(
cidr='192.168.24.1/24',
client_allowed_ips='192.168.24.2/32',
port=51820,
server_private_key=server_private_key,
client_public_key=client_public_key,
wg_interface_name=wg_interface_name,
out_interface_name=out_interface_name
)
config_file_path = Path(config_path + '/' + wg_interface_name + '.conf')
config_file_path.write_text(content)
config_file_path.chmod(0o600)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment