| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- #!/bin/bash
-
- set -e
-
- # === CONFIGURATION ===
- WG_INTERFACE="wg0"
- WG_ADDRESS="10.0.0.1/32"
- WG_LISTEN_PORT="123"
- WG_PRIVATE_KEY_PATH="/etc/wireguard/privatekey"
- WG_PUBLIC_KEY_PATH="/etc/wireguard/publickey"
- WG_CONF_PATH="/etc/wireguard/${WG_INTERFACE}.conf"
- WG_PEER_PUBLIC_KEY="YOUR_CLIENT_PUBLIC_KEY_HERE"
-
- # IMPORTANT: Add all IP subnets that exist on the client-side LANs
- WG_ALLOWED_IPS="136.145.187.0/24, 10.0.0.2/32, 192.168.0.0/24"
- WG_KEEPALIVE=25
-
- # === INSTALL WIREGUARD ===
- echo " Installing WireGuard..."
- sudo apt-get update
- sudo apt-get install -y wireguard
-
- # === GENERATE SERVER KEYS ===
- echo "Generating WireGuard server keys..."
- sudo mkdir -p /etc/wireguard
- sudo chmod 700 /etc/wireguard
-
- if [ ! -f "$WG_PRIVATE_KEY_PATH" ]; then
- umask 077
- wg genkey | sudo tee "$WG_PRIVATE_KEY_PATH" | wg pubkey | sudo tee "$WG_PUBLIC_KEY_PATH"
- else
- echo " Private key already exists. Skipping key generation."
- fi
-
- PRIVATE_KEY=$(sudo cat "$WG_PRIVATE_KEY_PATH")
-
- # === WRITE CONFIG ===
- echo " Writing server config to $WG_CONF_PATH..."
- sudo tee "$WG_CONF_PATH" > /dev/null <<EOF
- [Interface]
- PrivateKey = ${PRIVATE_KEY}
- Address = ${WG_ADDRESS}
- ListenPort = ${WG_LISTEN_PORT}
-
- [Peer]
- PublicKey = ${WG_PEER_PUBLIC_KEY}
- AllowedIPs = ${WG_ALLOWED_IPS}
- PersistentKeepalive = ${WG_KEEPALIVE}
- EOF
-
- sudo chmod 600 "$WG_CONF_PATH"
-
- # === ENABLE IP FORWARDING ===
- echo "Enabling IP forwarding..."
- sudo sysctl -w net.ipv4.ip_forward=1
- echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf > /dev/null
-
- # === START WIREGUARD SERVER ===
- echo "Starting WireGuard interface ${WG_INTERFACE}..."
- sudo wg-quick up "${WG_INTERFACE}"
-
- echo "WireGuard server is now running and listening on port ${WG_LISTEN_PORT}."
- echo "IMPORTANT: Make sure AllowedIPs includes all subnets from the client's local networks!"
|
