initial

linux/wireguard/create-config/.gitignore

@@ -0,0 +1 @@
+peers.txt

linux/wireguard/create-config/peers.txt.example

@@ -0,0 +1,2 @@
+10.150.60.21 marie 
+10.150.60.22 john 

linux/wireguard/create-config/wg-createconfig.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+
+### References
+# https://wiki.archlinux.org/title/WireGuard
+
+### Installation
+# Install wireguard tools and QR-Code generator and local dns unbound
+apt-get install --yes wireguard qrencode 
+
+### Variables
+network='192.168.130.1/24'
+confdir='/etc/wireguard'
+
+### Create key material
+cd $confdir
+wgkeypair() { wg genkey | (umask 0077 && tee   $1.key) | wg pubkey > $1.pub; }
+wgpsk()     { wg genpsk | (umask 0077 && cat > $1.psk) } 
+wgkeypair host
+peers="dspx4 zino2"
+for peer in $peers; do wgkeypair $peer && wgpsk $peer; done
+
+### Configuration
+# Setup wireguard network interface
+ip link add dev wg0 type wireguard
+ip addr add $network dev wg0
+wg set wg0 listen-port 51871 private-key $confdir/host.key 
+
+wgsetpeer() {
+peer=$1
+ip=$2
+wg set wg0                                 \
+   peer           `cat $confdir/$peer.pub` \
+   preshared-key  $confdir/$peer.psk       \
+   allowed-ips    $ip
+ip link set wg0 up
+
+cat >$confdir/$peer.conf <<EOL
+# Client config for $peer
+[Interface]
+PrivateKey = `cat $confdir/$peer.key`
+Address = $ip
+DNS = 127.0.0.1
+ 
+[Peer]
+PublicKey = `cat $confdir/host.pub`
+AllowedIPs = 0.0.0.0/0
+Endpoint = blue.s-up.net:51871
+PersistentKeepalive = 15
+PresharedKey = `cat $confdir/$peer.psk`
+EOL
+
+qrencode  -t ANSIUTF8 -r $confdir/$peer.conf
+}
+
+wgsetpeer dspx4 192.168.130.2
+
+# https://www.cyberciti.biz/faq/how-to-set-up-wireguard-firewall-rules-in-linux/
+iptables -t nat -I POSTROUTING 1 -s 192.168.130.0/24 -o ens3 -j MASQUERADE
+iptables -I INPUT 1 -i wg0 -j ACCEPT
+iptables -I FORWARD 1 -i ens3 -o wg0 -j ACCEPT
+iptables -I FORWARD 1 -i wg0 -o ens3 -j ACCEPT
+iptables -I INPUT 1 -i eth0 -p udp --dport 51871 -j ACCEPT
+sysctl -w net.ipv4.ip_forward=1