-
-
Save r1w1s1/3ff2b983a7c86cada463dadc7ae965b5 to your computer and use it in GitHub Desktop.
Script to automatically add configration for a new peer to a wireguard server. It will then print a QR code to the console that can be used to add the config to the Android or OS X wireguard client.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| readonly INTERFACE="wg0" | |
| # Generate peer keys | |
| readonly PRIVATE_KEY=$(wg genkey) | |
| readonly PUBLIC_KEY=$(echo ${PRIVATE_KEY} | wg pubkey) | |
| readonly PRESHARED_KEY=$(wg genpsk) | |
| # Read server key from interface | |
| readonly SERVER_PUBLIC_KEY=$(wg show ${INTERFACE} public-key) | |
| # Get next free peer IP (This will break after x.x.x.255) | |
| readonly PEER_ADDRESS=$(wg show ${INTERFACE} allowed-ips | cut -f 2 | awk -F'[./]' '{print $1"."$2"."$3"."1+$4"/"$5}' | sort -t '.' -k 1,1 -k 2,2 -k 3,3 -k 4,4 -n | tail -n1) | |
| # Add peer | |
| wg set ${INTERFACE} peer ${PUBLIC_KEY} preshared-key <(echo ${PRESHARED_KEY}) allowed-ips ${PEER_ADDRESS} | |
| # Logging | |
| echo "Added peer ${PEER_ADDRESS} with public key ${PUBLIC_KEY}" | |
| # Generate peer config QR code | |
| cat << END_OF_CONFIG | qrencode -t ANSIUTF8 | |
| [Interface] | |
| Address = ${PEER_ADDRESS} | |
| PrivateKey = ${PRIVATE_KEY} | |
| DNS = 8.8.8.8 (Your internal DNS server here) | |
| [Peer] | |
| PublicKey = ${SERVER_PUBLIC_KEY} | |
| PresharedKey = ${PRESHARED_KEY} | |
| AllowedIPs = 0.0.0.0/0 | |
| Endpoint = example.com:443 (Your external Wireguard endpoint here) | |
| END_OF_CONFIG |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment