mar
/
sysadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

updates to wireguard scripts

master
Mario Alegre 5 years ago
parent
b994e1b854
commit
b787c506f9
2 changed files with 37 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      bin/wg-addpeer
  2. 33
      docs/linux/wireguard/install.sh

12
bin/wg-addpeer
View File

@ -33,12 +33,12 @@ dest_key=$(sshp sudo wg show $wg_dev public-key)
# add peer on host # add peer on host
sudo wg set $wg_dev peer "${dest_key}" endpoint $dest_fqdn:$dest_port allowed-ips $dest_wgip/32 sudo wg set $wg_dev peer "${dest_key}" endpoint $dest_fqdn:$dest_port allowed-ips $dest_wgip/32
search="^[0-9.]+\s+$dest_name.$wg_domain\$" line="$dest_wgip\t$dest_name.$wg_domain"
replace="$dest_wgip\t$dest_name.$wg_domain" regex="^[0-9.]+\s+$dest_name.$wg_domain\$"
eval "(grep -qE '$search' /etc/hosts && sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null" sed -E -e "/$regex/{s/.*/$line/;:a;n;ba;q}" -e "\$a $line" /etc/hosts | sudo tee /etc/hosts >/dev/null
# add peer on dest # add peer on dest
sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32 sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32
search="^[0-9.]+\s+$host_name.$wg_domain" line="$host_wgip\t$host_name.$wg_domain"
replace="$host_wgip\t$host_name.$wg_domain" regex="^[0-9.]+\s+$host_name.$wg_domain"
sshp "(grep -qE '$search' /etc/hosts && sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null" sshp "sed -E -e '/$regex/{s/.*/$line/;:a;n;ba;q}' -e '\$a $line' /etc/hosts | sudo tee /etc/hosts >/dev/null"

33
docs/linux/wireguard/install.sh
View File

@ -15,12 +15,41 @@ fi
sudo apt install -y wireguard sudo apt install -y wireguard
cd /etc/wireguard/ cd /etc/wireguard/
echo "Configuring wireguard ..."
(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee wg0.conf > /dev/null) (umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee wg0.conf > /dev/null)
wg genkey | sudo tee -a wg0.conf | wg pubkey | sudo tee wg0.pubkey > /dev/null wg genkey | sudo tee -a wg0.conf | wg pubkey | sudo tee wg0.pubkey > /dev/null
echo "ListenPort = ${wireguard_port:?} echo "ListenPort = ${wireguard_port:?}
SaveConfig = true SaveConfig = true
Address = ${wireguard_ip:?}/24" | sudo tee -a wg0.conf > /dev/null Address = ${wireguard_ip:?}/24" | sudo tee -a wg0.conf > /dev/null
if [[ -e /etc/nftables.firewall ]]; then
echo "detected firewall config: nftables.firewall"
echo "opening port $wireguard_port on firewall ..."
line="tcp dport 9271 accept"
regex="$line"
sed -E -e "/$regex/{s/.*/$line/;:a;n;ba;q}" -e "\$a $line" /etc/nftables.firewall | sudo tee nftables.firewall >/dev/null
sudo /etc/nftables.conf
else
echo "No firewall detected."
echo "If you are using a firewall, make sure port $wireguard_port is open."
fi
echo "Starting wireguard ..."
sudo systemctl start wg-quick@wg0 sudo systemctl start wg-quick@wg0
#sudo systemctl enable wg-quick@wg0 read -p "Enable wireguard to automatically start on boot? [Y/n] " tmp
wg while true; do
case tmp in
''|y|Y|yes|Yes)
sudo systemctl enable wg-quick@wg0
echo "Wireguard will now automatically start on boot."
echo "To disable, run 'sudo systemctl disable wg-quick@wg0'"
break
;;
n|N|no|No)
echo "Wireguard will not start on boot."
echo "To enable auto-start, run 'sudo systemctl enable wg-quick@wg0'"
break
;;
*) echo "error: unrecognized input";;
esac
done

Write Preview
Loading…
Cancel
Save