mar
/
sysadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

updates to wireguard scripts

master
Mario Alegre 5 years ago
parent
b994e1b854
commit
b787c506f9
2 changed files with 37 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      bin/wg-addpeer
  2. 33
      docs/linux/wireguard/install.sh

12
bin/wg-addpeer
View File

@ -33,12 +33,12 @@ dest_key=$(sshp sudo wg show $wg_dev public-key)
# add peer on host
sudo wg set $wg_dev peer "${dest_key}" endpoint $dest_fqdn:$dest_port allowed-ips $dest_wgip/32
search="^[0-9.]+\s+$dest_name.$wg_domain\$"
replace="$dest_wgip\t$dest_name.$wg_domain"
eval "(grep -qE '$search' /etc/hosts && sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null"
line="$dest_wgip\t$dest_name.$wg_domain"
regex="^[0-9.]+\s+$dest_name.$wg_domain\$"
sed -E -e "/$regex/{s/.*/$line/;:a;n;ba;q}" -e "\$a $line" /etc/hosts | sudo tee /etc/hosts >/dev/null
# add peer on dest
sshp sudo wg set $wg_dev peer "'${host_key}'" endpoint $host_fqdn:$host_port allowed-ips $host_wgip/32
search="^[0-9.]+\s+$host_name.$wg_domain"
replace="$host_wgip\t$host_name.$wg_domain"
sshp "(grep -qE '$search' /etc/hosts && sed -E 's/$search/$replace/' /etc/hosts || echo -e '$replace' | cat /etc/hosts -) | sudo tee /etc/hosts >/dev/null"
line="$host_wgip\t$host_name.$wg_domain"
regex="^[0-9.]+\s+$host_name.$wg_domain"
sshp "sed -E -e '/$regex/{s/.*/$line/;:a;n;ba;q}' -e '\$a $line' /etc/hosts | sudo tee /etc/hosts >/dev/null"

33
docs/linux/wireguard/install.sh
View File

@ -15,12 +15,41 @@ fi
sudo apt install -y wireguard
cd /etc/wireguard/
echo "Configuring wireguard ..."
(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee wg0.conf > /dev/null)
wg genkey | sudo tee -a wg0.conf | wg pubkey | sudo tee wg0.pubkey > /dev/null
echo "ListenPort = ${wireguard_port:?}
SaveConfig = true
Address = ${wireguard_ip:?}/24" | sudo tee -a wg0.conf > /dev/null
if [[ -e /etc/nftables.firewall ]]; then
echo "detected firewall config: nftables.firewall"
echo "opening port $wireguard_port on firewall ..."
line="tcp dport 9271 accept"
regex="$line"
sed -E -e "/$regex/{s/.*/$line/;:a;n;ba;q}" -e "\$a $line" /etc/nftables.firewall | sudo tee nftables.firewall >/dev/null
sudo /etc/nftables.conf
else
echo "No firewall detected."
echo "If you are using a firewall, make sure port $wireguard_port is open."
fi
echo "Starting wireguard ..."
sudo systemctl start wg-quick@wg0
#sudo systemctl enable wg-quick@wg0
wg
read -p "Enable wireguard to automatically start on boot? [Y/n] " tmp
while true; do
case tmp in
''|y|Y|yes|Yes)
sudo systemctl enable wg-quick@wg0
echo "Wireguard will now automatically start on boot."
echo "To disable, run 'sudo systemctl disable wg-quick@wg0'"
break
;;
n|N|no|No)
echo "Wireguard will not start on boot."
echo "To enable auto-start, run 'sudo systemctl enable wg-quick@wg0'"
break
;;
*) echo "error: unrecognized input";;
esac
done

Write Preview
Loading…
Cancel
Save