Last active
September 22, 2022 18:44
-
-
Save ph0llux/25b0f54a65e53b8ad1d22de18e7634b8 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script requires sipcalc (or you have to enter the ipv6 prefix manually | |
| ### To edit: | |
| WGS_ETC="/etc/wireguard" | |
| WG_IF="wg0" | |
| WG0_CONF="$WGS_ETC/$WG_IF.conf" | |
| WG_IF_DIR="$WGS_ETC/$WG_IF" | |
| FQDN="mysuperduper.domain.com" | |
| LISTENPORT=$(grep "ListenPort" $WG0_CONF | rev | cut -d "=" -f1 | rev | xargs) | |
| SERVER_PUB_KEY=$(cat "$WG_IF_DIR/public.key") | |
| DNS="fd00:1::dead:beef:0:1, 2606:4700:4700::1001" | |
| MTU="1280" | |
| ### | |
| ENDPOINT="$FQDN:$LISTENPORT" | |
| CLIENTS_IPV6_FILE="$WG_IF_DIR/client-ipv6.txt" | |
| CLIENT_DIR="$WG_IF_DIR/clients" | |
| IPV6_PREFIXES=$(grep "Address" /etc/wireguard/wg0.conf | rev | cut -d "=" -f1 | rev | sed 's/,//' | xargs sipcalc | grep "Subnet prefix" | rev | cut -d "-" -f1 | rev | xargs sipcalc | grep "Compressed address" | rev | cut -d "-" -f1 | rev | xargs) | |
| if [ $# -eq 0 ]; then | |
| echo "must pass a client name as an arg: wireguard-ipv6-client-generator.sh YOUR_CLIENTNAME" | |
| else | |
| umask 077 | |
| if ! [ -s $CLIENTS_IPV6_FILE ]; then | |
| echo "$IPV6_PREFIX""1" > $CLIENTS_IPV6_FILE | |
| fi | |
| mkdir -p "$CLIENT_DIR/$1" | |
| wg genkey | tee $CLIENT_DIR/$1/private.key | wg pubkey > $CLIENT_DIR/$1/public.key | |
| wg genpsk > $CLIENT_DIR/$1/preshared.key | |
| PRIVATEKEY=$(cat $CLIENT_DIR/$1/private.key) | |
| PUBLICKEY=$(cat $CLIENT_DIR/$1/public.key) | |
| PRESHARED_KEY=$(cat $CLIENT_DIR/$1/preshared.key) | |
| LAST_IPV6=$(tail -n1 "$CLIENTS_IPV6_FILE") | |
| IPV6_IID=$(printf "%x\n" $(expr $(( 16#$( echo "$LAST_IPV6" | rev | cut -d ":" -f 1 | rev ) )) + 1)) | |
| CLIENT_IPV6=$(echo "${IPV6_PREFIXES// /$IPV6_IID, }""$IPV6_IID") | |
| LAST_CLIENT_IPV6=$(echo "$CLIENT_IPV6" | rev | cut -d " " -f1 | rev) | |
| echo "$LAST_CLIENT_IPV6" >> $CLIENTS_IPV6_FILE | |
| CLIENTS_WITH_MASKS=$(echo "$CLIENT_IPV6" | sed 's/,/\/128,/g') | |
| CLIENT_CONF=$(echo "[Interface] | |
| Address = $CLIENT_IPV6 | |
| DNS = $DNS | |
| PrivateKey = $PRIVATEKEY | |
| MTU=$MTU | |
| [Peer] | |
| AllowedIPs = ::/0 | |
| Endpoint = $ENDPOINT | |
| PreSharedKey = $PRESHARED_KEY | |
| PublicKey = $SERVER_PUB_KEY | |
| ") | |
| echo $CLIENT_CONF > $CLIENT_DIR/$1/$1.conf | |
| echo "$CLIENT_CONF" | |
| echo " | |
| [Peer] | |
| PublicKey = $PUBLICKEY | |
| PreSharedKey = $PRESHARED_KEY | |
| AllowedIPs = $CLIENTS_WITH_MASKS/128 | |
| " >> $WG0_CONF | |
| #restart wireguard daemon | |
| systemctl restart wg-quick@$WG_IF | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment