You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 lines
1.3 KiB
Bash
56 lines
1.3 KiB
Bash
#!/bin/bash
|
|
|
|
# enable ip forward
|
|
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
|
|
sysctl -p
|
|
|
|
# install wireguard, wireguard-tools and curl
|
|
sudo apt-get update && sudo apt-get install -y wireguard wireguard-tools curl
|
|
|
|
conf="/root/conf"
|
|
server="$conf/server"
|
|
user="$conf/user"
|
|
|
|
# create dir for configs && set umask
|
|
mkdir -p $server && mkdir $user && umask 077 $conf
|
|
|
|
# create server keys
|
|
wg genkey | tee $server/privatekey | wg pubkey > $server/publickey
|
|
priv=`cat $server/privatekey`
|
|
pub=`cat $server/publickey`
|
|
|
|
# create user keys
|
|
wg genkey | tee $user/privatekey | wg pubkey > $user/publickey
|
|
upriv=`cat $user/privatekey`
|
|
upub=`cat $user/publickey`
|
|
|
|
# get server ip
|
|
ip=`curl ifconfig.me`
|
|
|
|
# generate server config
|
|
cat > $server/wg0.conf <<EOF
|
|
[Interface]
|
|
PrivateKey = $priv
|
|
Address = 10.1.1.1/24
|
|
ListenPort = 51820
|
|
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
|
[Peer]
|
|
PublicKey = $upub
|
|
AllowedIPs = 10.1.1.2/32
|
|
EOF
|
|
|
|
# generate user config
|
|
cat > $user/user.conf <<EOF
|
|
[Interface]
|
|
PrivateKey = $upriv
|
|
Address = 10.1.1.2/24
|
|
[Peer]
|
|
PublicKey = $pub
|
|
Endpoint = $ip:51820
|
|
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1
|
|
EOF
|
|
|
|
# copy config to /etc/wireguard and start interface
|
|
cp $server/wg0.conf /etc/wireguard && wg-quick up wg0
|