75 lines
2.1 KiB
Bash
75 lines
2.1 KiB
Bash
#!/bin/bash
|
|
|
|
SERVER_PRIVATE_KEY_PATH="/etc/wireguard/privatekey"
|
|
SERVER_PUBLIC_KEY_PATH="/etc/wireguard/publickey"
|
|
CLIENT_PRIVATE_KEY_PATH="/etc/wireguard/client_privatekey"
|
|
CLIENT_PUBLIC_KEY_PATH="/etc/wireguard/client_publickey"
|
|
WG_CONFIG="/etc/wireguard/wg0.conf"
|
|
CLIENT_CONFIG="/etc/wireguard/wg-client.conf"
|
|
SERVER_ADDRESS="10.0.0.1/24"
|
|
CLIENT_ADDRESS="10.0.0.2/32"
|
|
SERVER_PORT="51820"
|
|
DNS="1.1.1.1"
|
|
|
|
mkdir -p /etc/wireguard
|
|
|
|
if [ ! -f "$SERVER_PRIVATE_KEY_PATH" ]; then
|
|
wg genkey | tee $SERVER_PRIVATE_KEY_PATH | wg pubkey > $SERVER_PUBLIC_KEY_PATH
|
|
fi
|
|
|
|
SERVER_PRIVATE_KEY=$(cat $SERVER_PRIVATE_KEY_PATH)
|
|
SERVER_PUBLIC_KEY=$(cat $SERVER_PUBLIC_KEY_PATH)
|
|
|
|
if [ ! -f "$CLIENT_PRIVATE_KEY_PATH" ]; then
|
|
wg genkey | tee $CLIENT_PRIVATE_KEY_PATH | wg pubkey > $CLIENT_PUBLIC_KEY_PATH
|
|
fi
|
|
|
|
CLIENT_PRIVATE_KEY=$(cat $CLIENT_PRIVATE_KEY_PATH)
|
|
CLIENT_PUBLIC_KEY=$(cat $CLIENT_PUBLIC_KEY_PATH)
|
|
|
|
if [ ! -f "$WG_CONFIG" ]; then
|
|
cat > $WG_CONFIG << EOF
|
|
[Interface]
|
|
PrivateKey = $SERVER_PRIVATE_KEY
|
|
Address = $SERVER_ADDRESS
|
|
ListenPort = $SERVER_PORT
|
|
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
[Peer]
|
|
PublicKey = $CLIENT_PUBLIC_KEY
|
|
AllowedIPs = $CLIENT_ADDRESS
|
|
EOF
|
|
fi
|
|
chmod 600 /etc/wireguard/wg0.conf
|
|
|
|
# Obtain the external IP address of the server
|
|
EXTERNAL_IP=$(curl -s ifconfig.me)
|
|
|
|
# Check if we successfully got the IP
|
|
if [ -z "$EXTERNAL_IP" ]; then
|
|
echo "Failed to obtain external IP address."
|
|
exit 1
|
|
fi
|
|
EXTERNAL_IP=$(curl -s ifconfig.me)
|
|
CLIENTS=${CLIENTS:-1} # Default to 1 client if not specified
|
|
|
|
for ((i = 1; i <= CLIENTS; i++)); do
|
|
CLIENT_PRIVATE_KEY=$(wg genkey)
|
|
CLIENT_PUBLIC_KEY=$(echo "$CLIENT_PRIVATE_KEY" | wg pubkey)
|
|
CLIENT_CONFIG="/etc/wireguard/client$i.conf"
|
|
|
|
# Generate client config
|
|
cat > "$CLIENT_CONFIG" << EOF
|
|
[Interface]
|
|
PrivateKey = $CLIENT_PRIVATE_KEY
|
|
Address = 10.0.0.$((i+1))/32
|
|
DNS = $DNS
|
|
|
|
[Peer]
|
|
PublicKey = $SERVER_PUBLIC_KEY
|
|
Endpoint = $EXTERNAL_IP:$SERVER_PORT
|
|
AllowedIPs = 0.0.0.0/0
|
|
EOF
|
|
done
|