This is a set of Bash scripts to easily manage a set of WireGuard servers and clients.
This configuration allows you to add a number of servers that are mesh connected.
This allows you to configure clients to access particular server.
git clone https://github.com/ayufan/easy-wireguard
Or
git clone https://gitlab.com/ayufan/easy-wireguard
./init home
cd home/
../add-server scaleway scaleway.remote.hostname 192.168.60.1/24 192.168.60.2 192.168.60.127
The:
scaleway
is a name of serverscaleway.remote.hostname
is a remote endpoint192.168.60.1/24
is an tunnel address of the server192.168.60.2 192.168.60.127
the IP range from which the IPs are allocated to clients
cd home/
../add-client kamil-macbook
The:
kamil-macbook
the name of client
For each server follow the https://www.wireguard.com/install/:
sudo add-apt-repository ppa:wireguard/wireguard
sudo apt-get update
sudo apt-get install wireguard
cd home/
../emit-server --shell scaleway
This will print a set of commands that enable VPN on start. Just copy-paste it and voila, or:
cd home/
../emit-server --shell scaleway | ssh root@scaleway.server
Or doing the above in simpler form:
cd home/
../emit-server --ssh root@scaleway.server scaleway
However, if you did install easy-wireguard
on scaleway.server, you can also use:
cd home/
../emit-server --up scaleway
../emit-server --down scaleway
There are number of ways to grab config
cd home/
../emit-client scaleway kamil-macbook
This gets config for particular server.
cd home/
../emit-client --shell scaleway kamil-macbook
This is a new way to installing VPN config!
cd home/
../emit-client --qr scaleway kamil-macbook
It is possible to expose either on client, or on server additional routes.
Simply edit the servers/server.conf
or clients/client.conf
and modify Routes=
:
Routes="192.168.0.0/24,192.168.20.0/24"
And re-install each client and server.
Pass a default gateway interface via DefaultGateway=
in servers/server.conf
:
DefaultGateway=ens2
And re-install server.
cd home/
../emit-client --default scaleway kamil-macbook
../emit-client --default --qr scaleway kamil-macbook
../emit-client --default --shell scaleway kamil-macbook
There's number of additional configurations that you might be interested in:
Routes=
additional routesDNS=
configured DNS server used by clientsListenPort=
listen address for servers (and optionally clients)PersistentKeepalive=
keep connections aliveFwMark
a 32-bit fwmark for outgoing packets. If set to 0 or "off", this option is disabled. May be specified in hexadecimal by prepending "0x"MTU
a maximum packet size send on interfacePresharedKey
a base64 preshared key generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.Interface_${name_of_server}=0
disallow connecting this peer to given serverRoutes_${name_of_client}=
overwrite a set of routes returned to given client- ...
Kamil Trzciński, 2018-2019
MIT