riipandi · June 3, 2024 00:41
diff --git a/wireguard-ubuntu.sh b/wireguard-ubuntu.sh
 #!/bin/bash
 if [[ $EUID -ne 0 ]]; then echo 'This script must be run as root' ; exit 1 ; fi
 [ -z $ROOTDIR ] && PWD=$(dirname $(dirname $(readlink -f $0))) || PWD=$ROOTDIR
 source "$PWD/setup.sh"

 # --------------------------------------------------------------------------------------------------
 # Install and configure WireGuard server
 # --------------------------------------------------------------------------------------------------
 LC_ALL=C.UTF-8 add-apt-repository -y ppa:wireguard/wireguard && apt -y full-upgrade
 apt -y install linux-headers-$(uname -r) wireguard iptables resolvconf qrencode gpw

 # Enable routing on the server
 crudini --set /etc/sysctl.conf '' 'net.ipv4.ip_forward'   '1'
 crudini --set /etc/sysctl.conf '' 'net.ipv6.conf.all.forwarding' '1'
 sysctl -p

 # Generate server key pair
 mkdir -p /etc/wireguard/clients && chmod 600 -R /etc/wireguard
 wg genkey | sudo tee /etc/wireguard/private_key >/dev/null 2>&1
 cat /etc/wireguard/private_key | wg pubkey | sudo tee /etc/wireguard/public_key >/dev/null 2>&1

 # Save WireGuard settings
 cat << EOF | sudo tee -a /etc/wireguard/params
 SERVER_PUB_IP=$(curl -s ifconfig.me)
 SERVER_PUB_NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
 SERVER_WG_NIC=wg0
 SERVER_WG_IPV4=10.66.66.1
 SERVER_WG_IPV6=fd42:42:42::1
 SERVER_PORT=51820
 SERVER_PRIV_KEY=$(cat /etc/wireguard/private_key)
 SERVER_PUB_KEY=$(cat /etc/wireguard/public_key)
 EOF

 # Add server interface and iptables forwarding rules
 source /etc/wireguard/params
 cat << EOF | sudo tee /etc/wireguard/$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC').conf
 [Interface]
 Address = $(crudini --get /etc/wireguard/params '' 'SERVER_WG_IPV4')/24,$(crudini --get /etc/wireguard/params '' 'SERVER_WG_IPV6')/64
 ListenPort = $(crudini --get /etc/wireguard/params '' 'SERVER_PORT')
 PrivateKey = $(crudini --get /etc/wireguard/params '' 'SERVER_PRIV_KEY')
 PostUp = iptables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
 PostDown = iptables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
 EOF

 # Check if WireGuard is running
 systemctl start "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
 systemctl enable "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
 systemctl is-active --quiet "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
 netstat -pltnu | grep 51820

 # --------------------------------------------------------------------------------------------------
 # Create and configure WireGuard Client
 # --------------------------------------------------------------------------------------------------

 # Client parameter
 source /etc/wireguard/params
 CLIENT_WG_IPV4="10.66.66.2"
 CLIENT_WG_IPV6="fd42:42:42::2"
 CLIENT_DNS_1="176.103.130.130"
 CLIENT_DNS_2="176.103.130.131"
 CLIENT_PRIV_KEY=$(wg genkey)
 CLIENT_PUB_KEY=$(echo "$CLIENT_PRIV_KEY" | wg pubkey)
 CLIENT_PRE_SHARED_KEY=$(wg genpsk)
 CLIENT_ENDPOINT="$SERVER_PUB_IP:$SERVER_PORT"
 CLIENT_NAME=$(gpw 1 8)

 # Create client file and add the server as a peer
 cat << EOF | sudo tee /etc/wireguard/clients/$SERVER_WG_NIC-client-$CLIENT_NAME.conf
 [Interface]
 PrivateKey = $CLIENT_PRIV_KEY
 Address = $CLIENT_WG_IPV4/24,$CLIENT_WG_IPV6/64
 DNS = $CLIENT_DNS_1,$CLIENT_DNS_2

 [Peer]
 PublicKey = $SERVER_PUB_KEY
 PresharedKey = $CLIENT_PRE_SHARED_KEY
 Endpoint = $CLIENT_ENDPOINT
 AllowedIPs = 0.0.0.0/0,::/0
 EOF

 # Add the client as a peer to the server
 cat << EOF | sudo tee -a /etc/wireguard/$SERVER_WG_NIC.conf
 [Peer]
 PublicKey = $CLIENT_PUB_KEY
 PresharedKey = $CLIENT_PRE_SHARED_KEY
 AllowedIPs = $CLIENT_WG_IPV4/32,$CLIENT_WG_IPV6/128
 EOF

 systemctl restart "wg-quick@$SERVER_WG_NIC"
 systemctl status "wg-quick@$SERVER_WG_NIC"
 netstat -pltnu | grep 51820

 # Print client config qrcode
 qrencode -t ansiutf8 -l L < /etc/wireguard/clients/$SERVER_WG_NIC-client-$CLIENT_NAME.conf
	#!/bin/bash
	if [[ $EUID -ne 0 ]]; then echo 'This script must be run as root' ; exit 1 ; fi
	[ -z $ROOTDIR ] && PWD=$(dirname $(dirname $(readlink -f $0))) \|\| PWD=$ROOTDIR
	source "$PWD/setup.sh"

	# --------------------------------------------------------------------------------------------------
	# Install and configure WireGuard server
	# --------------------------------------------------------------------------------------------------
	LC_ALL=C.UTF-8 add-apt-repository -y ppa:wireguard/wireguard && apt -y full-upgrade
	apt -y install linux-headers-$(uname -r) wireguard iptables resolvconf qrencode gpw

	# Enable routing on the server
	crudini --set /etc/sysctl.conf '' 'net.ipv4.ip_forward' '1'
	crudini --set /etc/sysctl.conf '' 'net.ipv6.conf.all.forwarding' '1'
	sysctl -p

	# Generate server key pair
	mkdir -p /etc/wireguard/clients && chmod 600 -R /etc/wireguard
	wg genkey \| sudo tee /etc/wireguard/private_key >/dev/null 2>&1
	cat /etc/wireguard/private_key \| wg pubkey \| sudo tee /etc/wireguard/public_key >/dev/null 2>&1

	# Save WireGuard settings
	cat << EOF \| sudo tee -a /etc/wireguard/params
	SERVER_PUB_IP=$(curl -s ifconfig.me)
	SERVER_PUB_NIC=$(ip -4 route ls \| grep default \| grep -Po '(?<=dev )(\S+)' \| head -1)
	SERVER_WG_NIC=wg0
	SERVER_WG_IPV4=10.66.66.1
	SERVER_WG_IPV6=fd42:42:42::1
	SERVER_PORT=51820
	SERVER_PRIV_KEY=$(cat /etc/wireguard/private_key)
	SERVER_PUB_KEY=$(cat /etc/wireguard/public_key)
	EOF

	# Add server interface and iptables forwarding rules
	source /etc/wireguard/params
	cat << EOF \| sudo tee /etc/wireguard/$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC').conf
	[Interface]
	Address = $(crudini --get /etc/wireguard/params '' 'SERVER_WG_IPV4')/24,$(crudini --get /etc/wireguard/params '' 'SERVER_WG_IPV6')/64
	ListenPort = $(crudini --get /etc/wireguard/params '' 'SERVER_PORT')
	PrivateKey = $(crudini --get /etc/wireguard/params '' 'SERVER_PRIV_KEY')
	PostUp = iptables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
	PostDown = iptables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
	EOF

	# Check if WireGuard is running
	systemctl start "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
	systemctl enable "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
	systemctl is-active --quiet "wg-quick@$(crudini --get /etc/wireguard/params '' 'SERVER_WG_NIC')"
	netstat -pltnu \| grep 51820

	# --------------------------------------------------------------------------------------------------
	# Create and configure WireGuard Client
	# --------------------------------------------------------------------------------------------------

	# Client parameter
	source /etc/wireguard/params
	CLIENT_WG_IPV4="10.66.66.2"
	CLIENT_WG_IPV6="fd42:42:42::2"
	CLIENT_DNS_1="176.103.130.130"
	CLIENT_DNS_2="176.103.130.131"
	CLIENT_PRIV_KEY=$(wg genkey)
	CLIENT_PUB_KEY=$(echo "$CLIENT_PRIV_KEY" \| wg pubkey)
	CLIENT_PRE_SHARED_KEY=$(wg genpsk)
	CLIENT_ENDPOINT="$SERVER_PUB_IP:$SERVER_PORT"
	CLIENT_NAME=$(gpw 1 8)

	# Create client file and add the server as a peer
	cat << EOF \| sudo tee /etc/wireguard/clients/$SERVER_WG_NIC-client-$CLIENT_NAME.conf
	[Interface]
	PrivateKey = $CLIENT_PRIV_KEY
	Address = $CLIENT_WG_IPV4/24,$CLIENT_WG_IPV6/64
	DNS = $CLIENT_DNS_1,$CLIENT_DNS_2

	[Peer]
	PublicKey = $SERVER_PUB_KEY
	PresharedKey = $CLIENT_PRE_SHARED_KEY
	Endpoint = $CLIENT_ENDPOINT
	AllowedIPs = 0.0.0.0/0,::/0
	EOF

	# Add the client as a peer to the server
	cat << EOF \| sudo tee -a /etc/wireguard/$SERVER_WG_NIC.conf
	[Peer]
	PublicKey = $CLIENT_PUB_KEY
	PresharedKey = $CLIENT_PRE_SHARED_KEY
	AllowedIPs = $CLIENT_WG_IPV4/32,$CLIENT_WG_IPV6/128
	EOF

	systemctl restart "wg-quick@$SERVER_WG_NIC"
	systemctl status "wg-quick@$SERVER_WG_NIC"
	netstat -pltnu \| grep 51820

	# Print client config qrcode
	qrencode -t ansiutf8 -l L < /etc/wireguard/clients/$SERVER_WG_NIC-client-$CLIENT_NAME.conf