mgreen27 · June 26, 2024 01:29
diff --git a/setup_wireguard.sh b/setup_wireguard.sh
 #!/bin/bash

 # This script sets up a WireGuard VPN server and generates a basic client configuration

 # Exit immediately if a command exits with a non-zero status
 set -e

 # Check if run as root
 if [ "$(id -u)" -ne 0 ]; then
  echo "This script must be run as root"
  exit 1
 fi

 # Install WireGuard
 apt-get update
 apt-get install -y wireguard

 # Define variables
 WG_DIR="/etc/wireguard"
 WG_CONF="${WG_DIR}/wg0.conf"
 SERVER_PRIV_KEY="${WG_DIR}/server_private.key"
 SERVER_PUB_KEY="${WG_DIR}/server_public.key"
 CLIENT_PRIV_KEY="${WG_DIR}/client_private.key"
 CLIENT_PUB_KEY="${WG_DIR}/client_public.key"
 CLIENT_CONF="${WG_DIR}/client.conf"
 SERVER_PORT=51820
 SERVER_IP=$(hostname -I | awk '{print $1}')  # Assuming the first IP is the server IP
 CLIENT_IP="10.0.0.2"
 WG_INTERFACE="wg0"
 WG_CIDR="10.0.0.1/24"
 POST_UP="iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
 POST_DOWN="iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE"

 # Create WireGuard directory
 mkdir -p ${WG_DIR}
 chmod 700 ${WG_DIR}

 # Function to generate key pair using wg utility
 generate_keys() {
    local priv_key_path=$1
    local pub_key_path=$2
    wg genkey | tee ${priv_key_path} | wg pubkey > ${pub_key_path}
    chmod 600 ${priv_key_path}
    chmod 600 ${pub_key_path}
 }

 # Generate server keys
 generate_keys ${SERVER_PRIV_KEY} ${SERVER_PUB_KEY}
 SERVER_PRIV_KEY=$(cat ${SERVER_PRIV_KEY})
 SERVER_PUB_KEY=$(cat ${SERVER_PUB_KEY})

 # Generate client keys
 generate_keys ${CLIENT_PRIV_KEY} ${CLIENT_PUB_KEY}
 CLIENT_PRIV_KEY=$(cat ${CLIENT_PRIV_KEY})
 CLIENT_PUB_KEY=$(cat ${CLIENT_PUB_KEY})

 # Create server configuration
 cat << EOF > ${WG_CONF}
 [Interface]
 Address = ${WG_CIDR}
 ListenPort = ${SERVER_PORT}
 PrivateKey = ${SERVER_PRIV_KEY}
 SaveConfig = true
 PostUp = ${POST_UP}
 PostDown = ${POST_DOWN}

 [Peer]
 PublicKey = ${CLIENT_PUB_KEY}
 AllowedIPs = ${CLIENT_IP}/32
 EOF

 # Enable IP forwarding
 echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-sysctl.conf
 sysctl --system

 # Start WireGuard
 wg-quick up ${WG_INTERFACE}
 systemctl enable wg-quick@${WG_INTERFACE}

 # Create client configuration
 cat << EOF > ${CLIENT_CONF}
 [Interface]
 PrivateKey = ${CLIENT_PRIV_KEY}
 Address = ${CLIENT_IP}/32
 DNS = 8.8.8.8

 [Peer]
 PublicKey = ${SERVER_PUB_KEY}
 Endpoint = ${SERVER_IP}:${SERVER_PORT}
 AllowedIPs = 0.0.0.0/0, ::/0
 EOF

 # Print success message and client configuration
 echo "WireGuard VPN setup is complete."
 echo "Server configuration file: ${WG_CONF}"
 echo "Client configuration file: ${CLIENT_CONF}"
 echo ""
 echo "Copy the following client configuration to your client device:"
 cat ${CLIENT_CONF}
	#!/bin/bash

	# This script sets up a WireGuard VPN server and generates a basic client configuration

	# Exit immediately if a command exits with a non-zero status
	set -e

	# Check if run as root
	if [ "$(id -u)" -ne 0 ]; then
	echo "This script must be run as root"
	exit 1
	fi

	# Install WireGuard
	apt-get update
	apt-get install -y wireguard

	# Define variables
	WG_DIR="/etc/wireguard"
	WG_CONF="${WG_DIR}/wg0.conf"
	SERVER_PRIV_KEY="${WG_DIR}/server_private.key"
	SERVER_PUB_KEY="${WG_DIR}/server_public.key"
	CLIENT_PRIV_KEY="${WG_DIR}/client_private.key"
	CLIENT_PUB_KEY="${WG_DIR}/client_public.key"
	CLIENT_CONF="${WG_DIR}/client.conf"
	SERVER_PORT=51820
	SERVER_IP=$(hostname -I \| awk '{print $1}') # Assuming the first IP is the server IP
	CLIENT_IP="10.0.0.2"
	WG_INTERFACE="wg0"
	WG_CIDR="10.0.0.1/24"
	POST_UP="iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"
	POST_DOWN="iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE"

	# Create WireGuard directory
	mkdir -p ${WG_DIR}
	chmod 700 ${WG_DIR}

	# Function to generate key pair using wg utility
	generate_keys() {
	local priv_key_path=$1
	local pub_key_path=$2
	wg genkey \| tee ${priv_key_path} \| wg pubkey > ${pub_key_path}
	chmod 600 ${priv_key_path}
	chmod 600 ${pub_key_path}
	}

	# Generate server keys
	generate_keys ${SERVER_PRIV_KEY} ${SERVER_PUB_KEY}
	SERVER_PRIV_KEY=$(cat ${SERVER_PRIV_KEY})
	SERVER_PUB_KEY=$(cat ${SERVER_PUB_KEY})

	# Generate client keys
	generate_keys ${CLIENT_PRIV_KEY} ${CLIENT_PUB_KEY}
	CLIENT_PRIV_KEY=$(cat ${CLIENT_PRIV_KEY})
	CLIENT_PUB_KEY=$(cat ${CLIENT_PUB_KEY})

	# Create server configuration
	cat << EOF > ${WG_CONF}
	[Interface]
	Address = ${WG_CIDR}
	ListenPort = ${SERVER_PORT}
	PrivateKey = ${SERVER_PRIV_KEY}
	SaveConfig = true
	PostUp = ${POST_UP}
	PostDown = ${POST_DOWN}

	[Peer]
	PublicKey = ${CLIENT_PUB_KEY}
	AllowedIPs = ${CLIENT_IP}/32
	EOF

	# Enable IP forwarding
	echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/99-sysctl.conf
	sysctl --system

	# Start WireGuard
	wg-quick up ${WG_INTERFACE}
	systemctl enable wg-quick@${WG_INTERFACE}

	# Create client configuration
	cat << EOF > ${CLIENT_CONF}
	[Interface]
	PrivateKey = ${CLIENT_PRIV_KEY}
	Address = ${CLIENT_IP}/32
	DNS = 8.8.8.8

	[Peer]
	PublicKey = ${SERVER_PUB_KEY}
	Endpoint = ${SERVER_IP}:${SERVER_PORT}
	AllowedIPs = 0.0.0.0/0, ::/0
	EOF

	# Print success message and client configuration
	echo "WireGuard VPN setup is complete."
	echo "Server configuration file: ${WG_CONF}"
	echo "Client configuration file: ${CLIENT_CONF}"
	echo ""
	echo "Copy the following client configuration to your client device:"
	cat ${CLIENT_CONF}