git Service of IN-Ulm e.V. Explore Help
Sign In
ulpeters
/
snippets
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8a457fbe84
Branches Tags
snippets
/
linux
/
wireguard.sh

wireguard.sh 1.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. #!/bin/bash
    2. 

  2. 

  3. ### Installation
    4. 

  4. # Install wireguard tools and QR-Code generator
    5. 

  5. apt-get install --yes wireguard qrencode
    6. 

  6. 

  7. ### Variables
    8. 

  8. network='192.168.130.1/24'
    9. 

  9. confdir='/etc/wireguard'
    10. 

  10. 

  11. ### Create key material
    12. 

  12. cd $confdir
    13. 

  13. wgkeypair() { wg genkey | (umask 0077 && tee   $1.key) | wg pubkey > $1.pub; }
    14. 

  14. wgpsk()     { wg genpsk | (umask 0077 && cat > $1.psk) } 
    15. 

  15. wgkeypair host
    16. 

  16. peers="dspx4 zino2"
    17. 

  17. for peer in $peers; do wgkeypair $peer && wgpsk $peer; done
    18. 

  18. 

  19. ### Configuration
    20. 

  20. # Setup wireguard network interface
    21. 

  21. ip link add dev wg0 type wireguard
    22. 

  22. ip addr add $network dev wg0
    23. 

  23. wg set wg0 listen-port 51871 private-key $confdir/host.key 
    24. 

  24. 

  25. wgsetpeer() {
    26. 

  26. peer=$1
    27. 

  27. ip=$2
    28. 

  28. wg set wg0                                 \
    29. 

  29.    peer           `cat $confdir/$peer.pub` \
    30. 

  30.    preshared-key  $confdir/$peer.psk       \
    31. 

  31.    allowed-ips    $ip
    32. 

  32. ip link set wg0 up
    33. 

  33. 

  34. cat >$confdir/$peer.conf <<EOL
    35. 

  35. # Client config for $peer
    36. 

  36. [Interface]
    37. 

  37. PrivateKey = `cat $confdir/$peer.key`
    38. 

  38. Address = $ip
    39. 

  39. DNS = 8.8.8.8
    40. 

  40.  
    41. 

  41. [Peer]
    42. 

  42. PublicKey = `cat $confdir/host.pub`
    43. 

  43. AllowedIPs = 0.0.0.0/0
    44. 

  44. Endpoint = blue.s-up.net:51871
    45. 

  45. PersistentKeepalive = 15
    46. 

  46. PresharedKey = `cat $confdir/$peer.psk`
    47. 

  47. EOL
    48. 

  48. 

  49. qrencode  -t ANSIUTF8 -r $confdir/$peer.conf
    50. 

  50. }
    51. 

  51. 

  52. wgsetpeer dspx4 192.168.130.2
    53. 

  53. 

  54. # https://www.cyberciti.biz/faq/how-to-set-up-wireguard-firewall-rules-in-linux/
    55. 

  55. iptables -t nat -I POSTROUTING 1 -s 192.168.130.0/24 -o ens3 -j MASQUERADE
    56. 

  56. iptables -I INPUT 1 -i wg0 -j ACCEPT
    57. 

  57. iptables -I FORWARD 1 -i ens3 -o wg0 -j ACCEPT
    58. 

  58. iptables -I FORWARD 1 -i wg0 -o ens3 -j ACCEPT
    59. 

  59. iptables -I INPUT 1 -i eth0 -p udp --dport 51871 -j ACCEPT
    60. 

  60. sysctl -w net.ipv4.ip_forward=1
    61.