Skip to content

UrielCh/wireguard

Repository files navigation

Wireguard

Wireguard Setup scripts writin in bash.

Main lines: Because this script is intended to be run as root, every call will invite you to enter the correct command with a shell redirection to fill the corresponding configuration files.

However, a file named allKeys.txt will be the only automatically created file; This file will contain a text database of all generated private keys. So if you create a user key twice, the key will be the same. allKeys.txt default permission will be 0600.

checkout the script in an existing /etc/wireguard:

cd /etc/wireguard
git init
git remote add origin https://github.com/UrielCh/wireguard.git
git fetch
git checkout main

Usage

  • Init your environement VPN with ./randconfig.sh > .env
  • customize it
  • source .env
  • ./init.sh > wg${WGID}.conf
  • ./add-key.sh 1 user01 >> wg${WGID}.conf
  • ./add-key.sh 2 user02 >> wg${WGID}.conf
  • systemctl restart wg-quick@wg${WGID}.service
  • systemctl enable wg-quick@wg${WGID}.service

You only choose an IP offset; the script will compute a valid IP address within your range.

Setup Wireguard

Install wireguard

Ensure that kernel headers are installed

  • debian 10 and older (ex: buster)
echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list"
  • for proxmox:
apt install pve-headers-$(uname -r) wireguard
  • for debian:
apt install -y linux-headers-$(uname -r) wireguard

Install extra dependences

apt-get install qrencode

Install the scripts

Clone this repo

cd  /etc/wireguard/
git clone git@github.com:UrielCh/wireguard.git .

Init config

Generate a random configuration environement, then customise it as you want.

./randconfig.sh > .env
nano .env
./init.sh

Create a new client

Use ./add-key.sh

./add-key.sh client_id_fron_0_to_1021 client_name >> wg1.conf

example:
./add-key.sh 1 user01 >> wg1.conf
./add-key.sh 2 user02 >> wg1.conf

Read output for guide

Display a key

./printKey.sh user-1

or

./printKey.sh user-1 QR

to view it as a QR code

List keys:

./list.sh 

Enable / Disable debug

modprobe wireguard
echo 'module wireguard +p' > /sys/kernel/debug/dynamic_debug/control
# tail -F /var/log/messages /var/log/kern.log
journalctl -f
# or
dmesg -wH

Diasble:

echo 'module wireguard -p' > /sys/kernel/debug/dynamic_debug/control

Sample

Create a serie of access key:

Sample generate bulk of keys in wg1.conf with IPs offset by 256 (only valid if with a MASK of 23 or more)

for X in {001..010};
  do ID=$(echo $X|sed -E s/^0+//);
  ./add-key.sh $((ID+256)) client-$X >> wg1.conf;
done

if your first IP os 10.0.0.0, this script will generate Acces with IPs 10.0.1.1, 10.0.1.2, 10.0.1.3 ...

References

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages