git Service of IN-Ulm e.V. Explore Help
Sign In
ulpeters
/
snippets
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 3c505ccc11
Branches Tags
snippets
/
linux
/
wireguard
/
wg-persistent.sh

wg-persistent.sh 2.2 KB
History Raw

12345678910111213141516171819202122232425262728293031323334 
  1. #!/bin/bash
    2. 

  2. 

  3. ### References
    4. 

  4. # https://wiki.archlinux.org/title/WireGuard
    5. 

  5. 

  6. # Make an running config from wg-instant.sh persistent
    7. 

  7. 

  8. 

  9. wg showconf wg0 > /etc/wireguard/wg0.conf
    10. 

  10. # remove endpoint IPs from dynamic peers
    11. 

  11. # add for [Interface]
    12. 

  12. Address = 192.168.130.1/24
    13. 

  13. PostUp = iptables -t nat -I POSTROUTING 1 -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; iptables -I INPUT 1 -i %i -j ACCEPT; iptables -I FORWARD 1 -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; iptables -I FORWARD 1 -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; iptables -I INPUT 1 -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
    14. 

  14. PostDown = iptables -t nat -D POSTROUTING -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; iptables -D INPUT -i %i -j ACCEPT; iptables -D FORWARD -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; iptables -D FORWARD -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; iptables -D INPUT -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
    15. 

  15. 

  16. ## Rules in several lines for better readability
    17. 

  17. iptables -t nat -I POSTROUTING 1 -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; 
    18. 

  18. iptables -I INPUT 1 -i %i -j ACCEPT; 
    19. 

  19. iptables -I FORWARD 1 -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; 
    20. 

  20. iptables -I FORWARD 1 -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; 
    21. 

  21. iptables -I INPUT 1 -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
    22. 

  22. 

  23. iptables -t nat -D POSTROUTING -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; 
    24. 

  24. iptables -D INPUT -i %i -j ACCEPT; 
    25. 

  25. iptables -D FORWARD -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; 
    26. 

  26. iptables -D FORWARD -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; 
    27. 

  27. iptables -D INPUT -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
    28. 

  28. 

  29. iptables -t nat -D POSTROUTING -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; 
    30. 

  30. iptables -D INPUT -i wg0 -j ACCEPT; 
    31. 

  31. iptables -D FORWARD -i $(ip link | grep -o -E "ens[0-9]") -o wg0 -j ACCEPT; 
    32. 

  32. iptables -D FORWARD -i wg0 -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; 
    33. 

  33. iptables -D INPUT -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
    34. 

  34.