Snippets

Joseph D. Marhee Wireguard Server Configuration Script

Created by Joseph D. Marhee
wg_config.sh
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/bin/bash

sudo add-apt-repository ppa:wireguard/wireguard -y ; \
sudo apt update ; \
sudo apt install -y wireguard

CLIENT_PUBLIC_KEY=$1
FORWARDING_RULE=$2

wg genkey | tee privatekey | wg pubkey > publickey && \
export PRIVATE_KEY=$(cat privatekey) ; \
export PUBLIC_KEY=$(cat publickey)

if [ $FOWARDING_RULE ]; then
    FORWARDING_IF=$3
    cat << EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 192.168.3.1, fd42:42:42::1/64
PrivateKey = $PRIVATE_KEY
ListenPort = 51820
PostUp   = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $FORWARDING_IF -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $FORWARDING_IF -j MASQUERADE

[Peer]
PublicKey = $CLIENT_PUBLIC_KEY
AllowedIPs = 192.168.3.2/32
EOF
else
cat << EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 192.168.3.1, fd42:42:42::1/64
PrivateKey = $PRIVATE_KEY
ListenPort = 51820

[Peer]
PublicKey = $CLIENT_PUBLIC_KEY
AllowedIPs = 192.168.3.2/32
EOF
fi
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/wg.conf
echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.d/wg.conf
sysctl --system

wg-quick up wg0

cat << EOF > client-wg0.conf
[Interface]
Address = 192.168.3.2, fd42:42:42::2/64
PrivateKey = CLIENT_PRIVATE_KEY_HERE
ListenPort = 51820

[Peer]
PublicKey = $PUBLIC_KEY
AllowedIPs = 0.0.0.0/0, ::/0, 192.168.3.1/32
EOF

echo "Use the following client configuration, update CLIENT_PRIVATE_KEY with your Wireguard client's private key:"
cat client-wg0.conf

Comments (0)

HTTPS SSH

You can clone a snippet to your computer for local editing. Learn more.