Toastie 9 months ago
parent
commit
ce8741af8f
1 changed files with 34 additions and 0 deletions
  1. 34 0
      linux/wireguard/wg-persistent.sh

+ 34 - 0
linux/wireguard/wg-persistent.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+### References
+# https://wiki.archlinux.org/title/WireGuard
+
+# Make an running config from wg-instant.sh persistent
+
+
+wg showconf wg0 > /etc/wireguard/wg0.conf
+# remove endpoint IPs from dynamic peers
+# add for [Interface]
+Address = 192.168.130.1/24
+PostUp = iptables -t nat -I POSTROUTING 1 -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; iptables -I INPUT 1 -i %i -j ACCEPT; iptables -I FORWARD 1 -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; iptables -I FORWARD 1 -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; iptables -I INPUT 1 -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
+PostDown = iptables -t nat -D POSTROUTING -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; iptables -D INPUT -i %i -j ACCEPT; iptables -D FORWARD -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; iptables -D FORWARD -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; iptables -D INPUT -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
+
+## Rules in several lines for better readability
+iptables -t nat -I POSTROUTING 1 -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; 
+iptables -I INPUT 1 -i %i -j ACCEPT; 
+iptables -I FORWARD 1 -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; 
+iptables -I FORWARD 1 -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; 
+iptables -I INPUT 1 -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
+
+iptables -t nat -D POSTROUTING -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; 
+iptables -D INPUT -i %i -j ACCEPT; 
+iptables -D FORWARD -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; 
+iptables -D FORWARD -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; 
+iptables -D INPUT -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
+
+iptables -t nat -D POSTROUTING -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; 
+iptables -D INPUT -i wg0 -j ACCEPT; 
+iptables -D FORWARD -i $(ip link | grep -o -E "ens[0-9]") -o wg0 -j ACCEPT; 
+iptables -D FORWARD -i wg0 -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; 
+iptables -D INPUT -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
+