ftk · December 20, 2024 12:49
diff --git a/awg-mkconfig.sh b/awg-mkconfig.sh
 #!/usr/bin/env bash
 ## Simple config generator for AmneziaWG server and clients (1 client by default) with random headers.
 ## It will generate files wg0s.conf, wg0c2.conf, ...
 ## wg0s.conf must be placed in /etc/amnezia/amneziawg/ on the server, other files must be distributed to clients.
 ## Usage: ./awg-mkconfig.sh [remote ip] [remote wan iface] (remote ssh name - optional)
 ## To get remote interface run "ip address show" on the server. Usually it starts with "ens".
 ## Environment variables:
 ##  num_peers=2 - increase to generate configs for more than 1 client
 ##  port - defaults to random port from 1024 to 33792
 ##  subnet=10.100.0 - first 3 octets for awg interface
 ##
 ## amneziawg-tools or wireguard-tools must be installed for the script to work.

 set -euo pipefail

 # print help
 [[ $# -eq 0 || $1 == --help ]] && exec sed -n 's/^## //p' -- "$0"

 remoteip="${1}" # $(curl -s -4 ifconfig.co)
 iface_wan="${2-eth0}"
 ssh_remote="${3-root@$remoteip}"
 subnet="${subnet-10.100.0}" # /24 subnet prefix
 port="${port-$(( RANDOM + 1024 ))}"
 awg="${awg-$(command -v awg || command -v amneziawg || command -v wg)}"

 # generate obfuscation parameters
 while [[ ${h1-0} -lt 5 ]]; do
    h1="$(( ((RANDOM<<30) | (RANDOM<<15) | RANDOM) & 0xffffffff ))";
 done
 while [[ ${h2-0} -lt 5 || $h2 -eq $h1 ]]; do
    h2="$(( ((RANDOM<<30) | (RANDOM<<15) | RANDOM) & 0xffffffff ))"
 done
 while [[ ${h3-0} -lt 5 || $h3 -eq $h1 || $h3 -eq $h2 ]]; do
    h3="$(( ((RANDOM<<30) | (RANDOM<<15) | RANDOM) & 0xffffffff ))"
 done
 while [[ ${h4-0} -lt 5 || $h4 -eq $h1 || $h4 -eq $h2 || $h4 -eq $h3 ]]; do
    h4="$(( ((RANDOM<<30) | (RANDOM<<15) | RANDOM) & 0xffffffff ))"
 done

 s1="$(( (RANDOM & 0xff) + 1 ))"
 while [[ ${s2-0} -lt 1 || $s2 -eq $((s1 + 56)) ]]; do
    s2="$(( RANDOM & 0xff ))"
 done

 # generate server key
 server_key="$($awg genkey)"
 server_pubkey="$(echo "$server_key" | $awg pubkey)"


 cat > wg0s.conf <<EOF
 # Auto generated by $0 $@
 [Interface]
 Address = $subnet.1/24
 PrivateKey = $server_key
 ListenPort = $port
 PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $iface_wan -j MASQUERADE
 #PostUp = systemctl restart miniupnpd.service
 PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $iface_wan -j MASQUERADE
 #PostDown = systemctl stop miniupnpd.service
 H1 = $h1
 H2 = $h2
 H3 = $h3
 H4 = $h4
 S1 = $s1
 S2 = $s2
 Jc = $(((RANDOM & 0x7) + 1))
 Jmin = 16
 Jmax = 1024
 MTU = 1420

 EOF

 # generate peers
 for i in $(seq 2 "${num_peers-2}")
 do

 peer_key="$($awg genkey)"
 psk="PresharedKey = $($awg genpsk)" # additional encryption layer (comment to disable)
 echo "Generating peer ${i}..."

 cat >> wg0s.conf <<EOF
 [Peer]
 PublicKey = $(echo "$peer_key" | $awg pubkey)
 AllowedIPs = $subnet.$i/32
 ${psk-}

 EOF

 cat > wg0c$i.conf <<EOF
 # Auto generated by $0 $@
 [Interface]
 Address = $subnet.$i
 PrivateKey = $peer_key
 H1 = $h1
 H2 = $h2
 H3 = $h3
 H4 = $h4
 S1 = $s1
 S2 = $s2
 Jc = $(((RANDOM & 0x7) + 1))
 Jmin = 16
 Jmax = 1024
 MTU = 1420

 [Peer]
 PublicKey = $server_pubkey
 Endpoint = $remoteip:$port
 # PersistentKeepalive = 25 # if port forwarding is used
 # forward all traffic
 AllowedIPs = 0.0.0.0/0, ::/0
 # only direct connection
 #AllowedIPs = $subnet.0/24
 ${psk-}

 EOF
 done

 echo scp wg0s.conf $ssh_remote:/etc/amnezia/amneziawg/wg0.conf
 echo ssh $ssh_remote systemctl enable --now [email protected]
 echo
 echo sudo mv wg0c2.conf /etc/amnezia/amneziawg/wg0.conf
 echo sudo systemctl enable --now [email protected]
	#!/usr/bin/env bash
	## Simple config generator for AmneziaWG server and clients (1 client by default) with random headers.
	## It will generate files wg0s.conf, wg0c2.conf, ...
	## wg0s.conf must be placed in /etc/amnezia/amneziawg/ on the server, other files must be distributed to clients.
	## Usage: ./awg-mkconfig.sh [remote ip] [remote wan iface] (remote ssh name - optional)
	## To get remote interface run "ip address show" on the server. Usually it starts with "ens".
	## Environment variables:
	## num_peers=2 - increase to generate configs for more than 1 client
	## port - defaults to random port from 1024 to 33792
	## subnet=10.100.0 - first 3 octets for awg interface
	##
	## amneziawg-tools or wireguard-tools must be installed for the script to work.

	set -euo pipefail

	# print help
	[[ $# -eq 0 \|\| $1 == --help ]] && exec sed -n 's/^## //p' -- "$0"

	remoteip="${1}" # $(curl -s -4 ifconfig.co)
	iface_wan="${2-eth0}"
	ssh_remote="${3-root@$remoteip}"
	subnet="${subnet-10.100.0}" # /24 subnet prefix
	port="${port-$(( RANDOM + 1024 ))}"
	awg="${awg-$(command -v awg \|\| command -v amneziawg \|\| command -v wg)}"

	# generate obfuscation parameters
	while [[ ${h1-0} -lt 5 ]]; do
	h1="$(( ((RANDOM<<30) \| (RANDOM<<15) \| RANDOM) & 0xffffffff ))";
	done
	while [[ ${h2-0} -lt 5 \|\| $h2 -eq $h1 ]]; do
	h2="$(( ((RANDOM<<30) \| (RANDOM<<15) \| RANDOM) & 0xffffffff ))"
	done
	while [[ ${h3-0} -lt 5 \|\| $h3 -eq $h1 \|\| $h3 -eq $h2 ]]; do
	h3="$(( ((RANDOM<<30) \| (RANDOM<<15) \| RANDOM) & 0xffffffff ))"
	done
	while [[ ${h4-0} -lt 5 \|\| $h4 -eq $h1 \|\| $h4 -eq $h2 \|\| $h4 -eq $h3 ]]; do
	h4="$(( ((RANDOM<<30) \| (RANDOM<<15) \| RANDOM) & 0xffffffff ))"
	done

	s1="$(( (RANDOM & 0xff) + 1 ))"
	while [[ ${s2-0} -lt 1 \|\| $s2 -eq $((s1 + 56)) ]]; do
	s2="$(( RANDOM & 0xff ))"
	done

	# generate server key
	server_key="$($awg genkey)"
	server_pubkey="$(echo "$server_key" \| $awg pubkey)"


	cat > wg0s.conf <<EOF
	# Auto generated by $0 $@
	[Interface]
	Address = $subnet.1/24
	PrivateKey = $server_key
	ListenPort = $port
	PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $iface_wan -j MASQUERADE
	#PostUp = systemctl restart miniupnpd.service
	PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $iface_wan -j MASQUERADE
	#PostDown = systemctl stop miniupnpd.service
	H1 = $h1
	H2 = $h2
	H3 = $h3
	H4 = $h4
	S1 = $s1
	S2 = $s2
	Jc = $(((RANDOM & 0x7) + 1))
	Jmin = 16
	Jmax = 1024
	MTU = 1420

	EOF

	# generate peers
	for i in $(seq 2 "${num_peers-2}")
	do

	peer_key="$($awg genkey)"
	psk="PresharedKey = $($awg genpsk)" # additional encryption layer (comment to disable)
	echo "Generating peer ${i}..."

	cat >> wg0s.conf <<EOF
	[Peer]
	PublicKey = $(echo "$peer_key" \| $awg pubkey)
	AllowedIPs = $subnet.$i/32
	${psk-}

	EOF

	cat > wg0c$i.conf <<EOF
	# Auto generated by $0 $@
	[Interface]
	Address = $subnet.$i
	PrivateKey = $peer_key
	H1 = $h1
	H2 = $h2
	H3 = $h3
	H4 = $h4
	S1 = $s1
	S2 = $s2
	Jc = $(((RANDOM & 0x7) + 1))
	Jmin = 16
	Jmax = 1024
	MTU = 1420

	[Peer]
	PublicKey = $server_pubkey
	Endpoint = $remoteip:$port
	# PersistentKeepalive = 25 # if port forwarding is used
	# forward all traffic
	AllowedIPs = 0.0.0.0/0, ::/0
	# only direct connection
	#AllowedIPs = $subnet.0/24
	${psk-}

	EOF
	done

	echo scp wg0s.conf $ssh_remote:/etc/amnezia/amneziawg/wg0.conf
	echo ssh $ssh_remote systemctl enable --now [email protected]
	echo
	echo sudo mv wg0c2.conf /etc/amnezia/amneziawg/wg0.conf
	echo sudo systemctl enable --now [email protected]