Last active
October 28, 2021 06:58
-
-
Save itailulu/b18282153094d2922d6e618b3a25e5d7 to your computer and use it in GitHub Desktop.
Wireguard: Add multiple clients script. Based on angristan/wireguard-install
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script is based on code from https://github.com/angristan/wireguard-install and might not work if you use another script. Use it on your own responsibility. | |
| # Usage: `./add-users.sh "marty;emmet;biff"` | |
| # Check if WireGuard is already installed and load params | |
| if [[ -e /etc/wireguard/params ]]; then | |
| source /etc/wireguard/params | |
| else | |
| echo "wireguard is not installed, please install using this script: https://github.com/angristan/wireguard-install" | |
| fi | |
| # parse vars | |
| for CLIENT_NAME in $(echo $1 | tr ";" "\n") | |
| do | |
| # check if client already exist | |
| CLIENT_EXISTS=$(grep -c -E "^### Client ${CLIENT_NAME}\$" "/etc/wireguard/${SERVER_WG_NIC}.conf") | |
| if [[ ${CLIENT_EXISTS} != '0' ]]; then | |
| echo "" | |
| echo "A client with the specified name was already created, please choose another name." | |
| echo "" | |
| exit 1 | |
| fi | |
| echo "creating config for user: ${CLIENT_NAME}" | |
| ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}" | |
| for DOT_IP in {2..254}; do | |
| DOT_EXISTS=$(grep -c "${SERVER_WG_IPV4::-1}${DOT_IP}" "/etc/wireguard/${SERVER_WG_NIC}.conf") | |
| if [[ ${DOT_EXISTS} == '0' ]]; then | |
| break | |
| fi | |
| done | |
| if [[ ${DOT_EXISTS} == '1' ]]; then | |
| echo "" | |
| echo "The subnet configured supports only 253 clients." | |
| exit 1 | |
| fi | |
| BASE_IP=$(echo "$SERVER_WG_IPV4" | awk -F '.' '{ print $1"."$2"."$3 }') | |
| CLIENT_WG_IPV4="${BASE_IP}.${DOT_IP}" | |
| BASE_IP=$(echo "$SERVER_WG_IPV6" | awk -F '::' '{ print $1 }') | |
| CLIENT_WG_IPV6="${BASE_IP}::${DOT_IP}" | |
| # Generate key pair for the client | |
| CLIENT_PRIV_KEY=$(wg genkey) | |
| CLIENT_PUB_KEY=$(echo "${CLIENT_PRIV_KEY}" | wg pubkey) | |
| CLIENT_PRE_SHARED_KEY=$(wg genpsk) | |
| # Home directory of the user, where the client configuration will be written | |
| if [ -e "/home/${CLIENT_NAME}" ]; then | |
| # if $1 is a user name | |
| HOME_DIR="/home/${CLIENT_NAME}" | |
| elif [ "${SUDO_USER}" ]; then | |
| # if not, use SUDO_USER | |
| if [ "${SUDO_USER}" == "root" ]; then | |
| # If running sudo as root | |
| HOME_DIR="/root" | |
| else | |
| HOME_DIR="/home/${SUDO_USER}" | |
| fi | |
| else | |
| # if not SUDO_USER, use /root | |
| HOME_DIR="/root" | |
| fi | |
| # Create client file and add the server as a peer | |
| echo "[Interface] | |
| PrivateKey = ${CLIENT_PRIV_KEY} | |
| Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128 | |
| DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} | |
| [Peer] | |
| PublicKey = ${SERVER_PUB_KEY} | |
| PresharedKey = ${CLIENT_PRE_SHARED_KEY} | |
| Endpoint = ${ENDPOINT} | |
| AllowedIPs = 0.0.0.0/0,::/0" >>"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" | |
| # Add the client as a peer to the server | |
| echo -e "\n### Client ${CLIENT_NAME} | |
| [Peer] | |
| PublicKey = ${CLIENT_PUB_KEY} | |
| PresharedKey = ${CLIENT_PRE_SHARED_KEY} | |
| AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"/etc/wireguard/${SERVER_WG_NIC}.conf" | |
| wg syncconf "${SERVER_WG_NIC}" <(wg-quick strip "${SERVER_WG_NIC}") | |
| echo "It is also available in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment