Created by
Joseph D. Marhee
| #!/bin/bash
sudo add-apt-repository ppa:wireguard/wireguard -y ; \
sudo apt update ; \
sudo apt install -y wireguard
CLIENT_PUBLIC_KEY=$1
FORWARDING_RULE=$2
wg genkey | tee privatekey | wg pubkey > publickey && \
export PRIVATE_KEY=$(cat privatekey) ; \
export PUBLIC_KEY=$(cat publickey)
if [ $FOWARDING_RULE ]; then
FORWARDING_IF=$3
cat << EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 192.168.3.1, fd42:42:42::1/64
PrivateKey = $PRIVATE_KEY
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $FORWARDING_IF -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $FORWARDING_IF -j MASQUERADE
[Peer]
PublicKey = $CLIENT_PUBLIC_KEY
AllowedIPs = 192.168.3.2/32
EOF
else
cat << EOF > /etc/wireguard/wg0.conf
[Interface]
Address = 192.168.3.1, fd42:42:42::1/64
PrivateKey = $PRIVATE_KEY
ListenPort = 51820
[Peer]
PublicKey = $CLIENT_PUBLIC_KEY
AllowedIPs = 192.168.3.2/32
EOF
fi
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/wg.conf
echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.d/wg.conf
sysctl --system
wg-quick up wg0
cat << EOF > client-wg0.conf
[Interface]
Address = 192.168.3.2, fd42:42:42::2/64
PrivateKey = CLIENT_PRIVATE_KEY_HERE
ListenPort = 51820
[Peer]
PublicKey = $PUBLIC_KEY
AllowedIPs = 0.0.0.0/0, ::/0, 192.168.3.1/32
EOF
echo "Use the following client configuration, update CLIENT_PRIVATE_KEY with your Wireguard client's private key:"
cat client-wg0.conf
|