Created
February 13, 2021 16:09
-
-
Save fasmat/2ccf2a3b814700ba89fdaa6ebe322cf3 to your computer and use it in GitHub Desktop.
A short shell script to manage wireguard clients
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| show_usage() { | |
| echo "Usage: $0 [list|add|show|remove] [client_name]" | |
| echo " list lists all registered peers" | |
| echo " add adds a new client with the given name to wireguard" | |
| echo " show shows the wireguard configuration for the client with the given name" | |
| echo " remove removes a client from wireguard" | |
| } | |
| list_clients() { | |
| cd /etc/wireguard/peers | |
| regex="wg-peer-[0-9]+-(.*)$" | |
| for d in *; do | |
| if [[ $d =~ $regex ]]; then | |
| echo "${BASH_REMATCH[1]}" | |
| fi | |
| done | |
| } | |
| add_client() { | |
| cd /etc/wireguard/peers | |
| regex="wg-peer-[0-9]+-${1}$" | |
| for d in *; do | |
| if [[ $d =~ $regex ]]; then | |
| echo "${1} already registered as peer" | |
| exit | |
| fi | |
| done | |
| id="0" | |
| for i in $(seq -f "%03g" 2 255); do | |
| regex="wg-peer-${i}-.*" | |
| for d in *; do | |
| if [[ $d =~ $regex ]]; then | |
| # peer with id $i already exists | |
| continue 2 | |
| fi | |
| done | |
| # found lowest usable id | |
| id="$i" | |
| break | |
| done | |
| if [ "$id" -eq 0 ]; then | |
| echo "255 peers already registered, delete peers first" | |
| exit | |
| fi | |
| name="wg-peer-${id}-${1}" | |
| echo "creating keys for ${name}" | |
| umask 077 | |
| mkdir "$name" | |
| cd "$name" | |
| wg genkey | tee "peer.key" | wg pubkey >"peer.pub" | |
| wg genpsk >"peer.psk" | |
| id=$(expr $id + 0) | |
| echo "[Peer]" >peer.conf | |
| echo "PublicKey = $(cat "peer.pub")" >>peer.conf | |
| echo "PresharedKey = $(cat "peer.psk")" >>peer.conf | |
| echo "AllowedIPs = 10.100.0.${id}/32, fd08:4711::${id}/128" >>peer.conf | |
| echo "[Interface]" >client.conf | |
| echo "Address = 10.100.0.${id}/32, fd08:4711::${id}/128" >>client.conf | |
| echo "DNS = 10.100.0.1" >>client.conf | |
| echo "PrivateKey = $(cat "peer.key")" >>client.conf | |
| echo "" >>client.conf | |
| echo "[Peer]" >>client.conf | |
| echo "AllowedIPs = 10.100.0.0/24, fd08::/64" >>client.conf | |
| echo "Endpoint = 34.73.216.192:47111" >>client.conf | |
| echo "PersistentKeepalive = 25" >>client.conf | |
| echo "PublicKey = $(cat "../../server.pub")" >>client.conf | |
| echo "PresharedKey = $(cat "peer.psk")" >>client.conf | |
| # qrencode -t ansiutf8 -r client.conf | |
| show_peer $1 | |
| update_wg_conf | |
| } | |
| update_wg_conf() { | |
| cd /etc/wireguard | |
| cat server.conf >wg0.conf | |
| for d in $(ls peers); do | |
| echo "" >>wg0.conf | |
| cat "peers/${d}/peer.conf" >>wg0.conf | |
| done | |
| systemctl restart wg-quick@wg0 | |
| } | |
| show_peer() { | |
| cd /etc/wireguard/peers | |
| regex="wg-peer-[0-9]+-${1}$" | |
| for d in *; do | |
| if [[ $d =~ $regex ]]; then | |
| qrencode -t ansiutf8 -r "${d}/client.conf" | |
| return | |
| fi | |
| done | |
| echo "peer ${1} not found" | |
| return | |
| } | |
| remove_peer() { | |
| cd /etc/wireguard/peers | |
| regex="wg-peer-[0-9]+-${1}$" | |
| for d in *; do | |
| if [[ $d =~ $regex ]]; then | |
| echo "removing ${d}" | |
| rm -r $d | |
| update_wg_conf | |
| return | |
| fi | |
| done | |
| echo "${1} not found" | |
| } | |
| if [ "$EUID" -ne 0 ]; then | |
| echo "Please run as root" | |
| exit | |
| fi | |
| if [ "$#" -lt 1 ]; then | |
| show_usage | |
| exit | |
| fi | |
| case $1 in | |
| list) | |
| list_clients | |
| ;; | |
| add) | |
| add_client $2 | |
| ;; | |
| show) | |
| show_peer $2 | |
| ;; | |
| remove) | |
| remove_peer $2 | |
| ;; | |
| *) | |
| echo "unknown sub-command ${1}" | |
| echo "" | |
| show_usage | |
| exit | |
| ;; | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment