distribution/packages/network/wireguard-tools/scripts/wg-genconfig

74 lines
1.8 KiB
Text
Raw Normal View History

#!/bin/sh
2022-06-01 17:10:39 +00:00
# SPDX-License-Identifier: Apache-2.0
# Copyright (C) 2022-present kkoshelev
echo "wg-genconfig script generates WireGuard VPN config files for both device and server."
echo
SRV_PUBLIC_IP=$(curl -4 -s ifconfig.co)
PORT=51820
WG_NET=10.111.10
# Make sure that interface name matches main interface
HOST_IFC=eth0
PVT_KEY=$(wg genkey)
PUB_KEY=$(wg pubkey <<< "$PVT_KEY")
SRV_PVT_KEY=$(wg genkey)
SRV_PUB_KEY=$(wg pubkey <<< "$SRV_PVT_KEY")
# Server config file
read -r -d '' SRV_CONF << EOF
[Interface]
PrivateKey = $SRV_PVT_KEY
# PublicKey = $SRV_PUB_KEY
Address = $WG_NET.1/24
ListenPort = $PORT
# If you want to access other devices on the same network,
# you need to enable SNAT, the lines below.
# Make sure that $HOST_IFC matches your main network interface.
#PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward
#PostUp = iptables -A FORWARD -i %i -j ACCEPT
#PostUp = iptables -A FORWARD -o %i -j ACCEPT
#PostUp = iptables -t nat -A POSTROUTING -s $WG_NET.0/24 -o $HOST_IFC -j MASQUERADE
#PostDown = iptables -D FORWARD -i %i -j ACCEPT
#PostDown = iptables -D FORWARD -o %i -j ACCEPT
#PostDown = iptables -t nat -D POSTROUTING -s $WG_NET.0/24 -o $HOST_IFC -j MASQUERADE
[Peer]
PublicKey = $PUB_KEY
AllowedIPs = $WG_NET.2/32
EOF
# Device config file
read -r -d '' CONF << EOF
[Interface]
PrivateKey = $PVT_KEY
Address = $WG_NET.2/24
[Peer]
PublicKey = $SRV_PUB_KEY
AllowedIPs = 0.0.0.0/0
Endpoint = $SRV_PUBLIC_IP:$PORT
PersistentKeepalive = 25
EOF
echo "Generating /storage/.config/wireguard/wg0.conf file"
cat > /storage/.config/wireguard/wg0.conf << EOF
$CONF
EOF
echo "Generating /storage/.config/wireguard/wg0.conf.server file"
cat > /storage/.config/wireguard/wg0.conf.server << EOF
$SRV_CONF
EOF
echo
cat << EOF
Use the following config on the server:
--- server config ---
$SRV_CONF
---
EOF