Skip to content

A few python helper scripts to assist in scaffolding out a Wireguard VPN setup.

License

Notifications You must be signed in to change notification settings

cr-imson-co/wireguard-config

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Wireguard Config

This repository is a collection of simple scripts intended for Python 3.9+, designed to aid in the quick establishment and gentle maintenance and management of Wireguard clients in a traditional VPN architecture.

license

MIT license, see ./LICENSE.

verbiage

Within these scripts, there are three distinct kinds of files being worked with. Please note that the contents of all of these files should be regarded as sensitive and should not be exposed to interception.

identity files

These are JSON files which contain details regarding the server or client on the opposite side of the connection. For servers, a series of client identity files should reside server-side when building the server's Wireguard configuration file. For clients, the server's identity file should be present client-side when building the client's Wireguard configuration file.

configuration files

These are server-specific JSON files which contain all the data from server initialization, and are necessary for rebuilding the server's Wireguard configuration files when clients identities are being added or removed.

wireguard configuration files

These are the real-deal - they are the configuration files that Wireguard expects for client configuration.

usage

The order of execution is roughly as follows:

  1. Run the ./init_server.py file on your intended Wireguard server to initialize the Wireguard server configuration, providing all arguments necessary to execute the script.
  2. Capture the server identity file (specified by the --server-identity-path argument) generated by the above step. You will need this for client configuration.
  3. Copy the server identity file to your clients, then run the ./build_client_config.py script, providing all arguments necessary to execute the script.
  4. Capture the client identity files generated by each client (specified by the --client-identity-path argument). You will need these for the server configuration.
  5. Copy the client identity files to the same directory on your server, then run the ./build_server_config.py script, providing all arguments necessary to execute the script.
  6. Start the wg-quick@wg0.service systemd service on your server.
  7. Start the Wireguard client on your client systems.

Readers are highly encouraged to run each script with the -h or --help flags in order to review the autogenerated help text for each script.

recommendations

  • Deploy Wireguard config files (specified by the --wg-conf-path argument) to /etc/wireguard/, and note the filename (default is wg0.conf). This is useful as the wg-quick@.service systemd service will accept the base name of the file (wg0) as an argument when starting the namespaced service when provided after the @ sign.
  • Specify the --use-dns flag for client systems that are not acting as intranet services being exposed over the VPN.
  • Do not specify the --use-dns flag for client systems that are supposed to be intranet-available.
  • BACK UP ALL JSON FILES! You don't want to have to regenerate VPN configuration if you fumble a command, do you?
  • Ignore the ./migrate-identities.py script, it's there only as a workaround for a prior provisioning script I did in bash.

About

A few python helper scripts to assist in scaffolding out a Wireguard VPN setup.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages