Last active
June 25, 2024 06:51
-
-
Save salaros/d4bec5d50582a3a692db39bdf11bd51a to your computer and use it in GitHub Desktop.
Create a new Wireguard peer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| if [ -z "${1}" ]; then | |
| echo "Please provide the private key of the client." | |
| exit 1; | |
| fi | |
| if [ -z "${2}" ]; then | |
| echo "Please provide a valid device name, e.g. 'ivan@dell-insp-5500'." | |
| exit 1; | |
| fi | |
| WIREGUARD_CLIENT_PRIVATE_KEY="$1" | |
| WIREGUARD_CLIENT_PUBLIC_KEY=$(echo $WIREGUARD_CLIENT_PRIVATE_KEY | wg pubkey) | |
| WIREGUARD_CLIENT_DEVICE="$2" | |
| WIREGUARD_CLIENT_ALLOWEDIPS="${WIREGUARD_CLIENT_ALLOWEDIPS:-${3:-0.0.0.0/0}}" | |
| if [ -z "${WIREGUARD_CLIENT_ALLOWEDIPS}" ]; then | |
| echo "Please provide a valid list of allowed IPs e.g. '0.0.0.0/0'." | |
| exit 1; | |
| fi | |
| WIREGUARD_CLIENT_DNS="${WIREGUARD_CLIENT_DNS:-${4:-1.1.1.1, 8.8.8.8}}" | |
| if [ -z "${WIREGUARD_CLIENT_DNS}" ]; then | |
| echo "Please provide a valid list of DNS severs e.g. '1.1.1.1, 8.8.8.8'." | |
| exit 1; | |
| fi | |
| WIREGUARD_SERVER_HOSTNAME="${WIREGUARD_SERVER_HOSTNAME:-$5}" | |
| if [ -z "${WIREGUARD_SERVER_HOSTNAME}" ]; then | |
| WIREGUARD_SERVER_HOSTNAME=$(curl icanhazip.com) | |
| fi | |
| WIREGUARD_SERVER_INTERFACE="$6" | |
| if [ -z "${WIREGUARD_SERVER_INTERFACE}" ]; then | |
| WIREGUARD_SERVER_INTERFACE="wg0" | |
| fi | |
| WIREGUARD_SERVER_IP=$(sed -n -e 's/^Address = //p' /etc/wireguard/wg0.conf | sort -rn | head -n 1) | |
| WIREGUARD_SERVER_ID=$(sed -n -e 's/^AllowedIPs = //p' /etc/wireguard/wg0.conf | sort -rn | head -n 1) | |
| WIREGUARD_SERVER_PORT=$(sed -n -e 's/^ListenPort = //p' /etc/wireguard/wg0.conf) | |
| WIREGUARD_SERVER_PRIVATE_KEY=$(sed -n -e 's/^PrivateKey = //p' /etc/wireguard/wg0.conf) | |
| WIREGUARD_SERVER_PUBLIC_KEY=$(echo $WIREGUARD_SERVER_PRIVATE_KEY | wg pubkey) | |
| WIREGUARD_SERVER_PRESHARED_KEY=$(wg genpsk) | |
| if [ -z "${WIREGUARD_SERVER_PUBLIC_KEY}" ]; then | |
| echo "Couldn't read your server's private and public key." | |
| exit 1; | |
| fi | |
| nextip(){ | |
| IP=$1 | |
| IP_HEX=$(printf '%.2X%.2X%.2X%.2X\n' `echo $IP | sed -e 's/\./ /g'`) | |
| NEXT_IP_HEX=$(printf %.8X `echo $(( 0x$IP_HEX + 1 ))`) | |
| NEXT_IP=$(printf '%d.%d.%d.%d\n' `echo $NEXT_IP_HEX | sed -r 's/(..)/0x\1 /g'`) | |
| echo "$NEXT_IP" | |
| } | |
| WIREGUARD_CLIENT_LAST_IP=$(sed -n -e 's/^AllowedIPs = //p' /etc/wireguard/wg0.conf | sort -rn | head -n 1) | |
| if [ -z "${WIREGUARD_CLIENT_LAST_IP}" ]; then | |
| WIREGUARD_CLIENT_LAST_IP=$WIREGUARD_SERVER_IP | |
| fi | |
| WIREGUARD_CLIENT_NEXT_IP=$(nextip $WIREGUARD_CLIENT_LAST_IP) | |
| WIREGUARD_CLIENT_PUBLIC_KEY=$(echo $WIREGUARD_CLIENT_PRIVATE_KEY | wg pubkey) | |
| WIREGUARD_CLIENT_PRESHARED_KEY="/etc/wireguard/clients/$WIREGUARD_CLIENT_DEVICE-$WIREGUARD_CLIENT_NEXT_IP.psk" | |
| mkdir -p /etc/wireguard/clients/ | |
| echo $WIREGUARD_SERVER_PRESHARED_KEY > $WIREGUARD_CLIENT_PRESHARED_KEY | |
| wg set wg0 peer $WIREGUARD_CLIENT_PUBLIC_KEY preshared-key $WIREGUARD_CLIENT_PRESHARED_KEY allowed-ips $WIREGUARD_CLIENT_NEXT_IP/32 | |
| wg-quick down wg0 | |
| wg-quick up wg0 | |
| WIREGUARD_WIREGUARD_CLIENT_CONF="/etc/wireguard/clients/$WIREGUARD_CLIENT_DEVICE-$WIREGUARD_CLIENT_NEXT_IP.conf" | |
| mkdir -p /etc/wireguard/clients/ | |
| clear | |
| tee $WIREGUARD_WIREGUARD_CLIENT_CONF << END | |
| [Interface] | |
| PrivateKey = $WIREGUARD_CLIENT_PRIVATE_KEY | |
| Address = $WIREGUARD_CLIENT_NEXT_IP/24 | |
| DNS = $WIREGUARD_CLIENT_DNS | |
| [Peer] | |
| PublicKey = $WIREGUARD_SERVER_PUBLIC_KEY | |
| PresharedKey = $WIREGUARD_SERVER_PRESHARED_KEY | |
| AllowedIPs = $WIREGUARD_CLIENT_ALLOWEDIPS | |
| Endpoint = $WIREGUARD_SERVER_HOSTNAME:$WIREGUARD_SERVER_PORT | |
| PersistentKeepalive = 25 | |
| END | |
| qrencode -t ansiutf8 < $WIREGUARD_WIREGUARD_CLIENT_CONF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment