wireguard
parent
15a20cdba2
commit
7e43d3400a
|
|
@ -0,0 +1,95 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
# Remove unattended-upgrades
|
||||
apt remove --purge -y unattended-upgrades
|
||||
|
||||
# Update and upgrade
|
||||
apt update && apt upgrade -y
|
||||
|
||||
# Install basic tools and WireGuard
|
||||
apt install -y git curl wget tmux nano net-tools unzip zip gnupg tzdata qrencode wireguard
|
||||
|
||||
# Setup WireGuard directory
|
||||
WG_DIR="/etc/wireguard"
|
||||
mkdir -p "$WG_DIR/self"
|
||||
cd "$WG_DIR/self"
|
||||
|
||||
# Generate server keys
|
||||
wg genkey | tee private | wg pubkey > public
|
||||
|
||||
# Enable IP forwarding
|
||||
echo "net.ipv4.ip_forward=1" | tee -a /etc/sysctl.conf
|
||||
echo "net.ipv6.conf.all.forwarding=1" | tee -a /etc/sysctl.conf
|
||||
sysctl -p
|
||||
|
||||
# Create basic wg0.conf if it doesn't exist
|
||||
WG_CONF="$WG_DIR/wg0.conf"
|
||||
if [ ! -f "$WG_CONF" ]; then
|
||||
SERVER_PRIVATE_KEY=$(cat private)
|
||||
SERVER_PUBLIC_KEY=$(cat public)
|
||||
SERVER_PORT=51820
|
||||
SERVER_INTERFACE=$(ip route get 8.8.8.8 | awk '{print $5; exit}') # Detect network interface (e.g., eth0, ens3, etc.)
|
||||
|
||||
cat > "$WG_CONF" <<EOF
|
||||
[Interface]
|
||||
Address = 10.0.0.1/24
|
||||
ListenPort = $SERVER_PORT
|
||||
PrivateKey = $SERVER_PRIVATE_KEY
|
||||
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $SERVER_INTERFACE -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $SERVER_INTERFACE -j MASQUERADE
|
||||
EOF
|
||||
fi
|
||||
|
||||
# Enable and start WireGuard
|
||||
systemctl enable wg-quick@wg0
|
||||
systemctl start wg-quick@wg0
|
||||
|
||||
# Detect public IP
|
||||
PUBLIC_IP=$(curl -s ifconfig.me)
|
||||
|
||||
# Setup Mobile Peer
|
||||
MOBILE_DIR="$WG_DIR/mobile_1"
|
||||
mkdir -p "$MOBILE_DIR"
|
||||
cd "$MOBILE_DIR"
|
||||
|
||||
# Generate mobile peer keys
|
||||
wg genkey | tee private | wg pubkey > public
|
||||
|
||||
MOBILE_PRIVATE_KEY=$(cat private)
|
||||
MOBILE_PUBLIC_KEY=$(cat public)
|
||||
|
||||
# Create peer config for mobile
|
||||
cat > mobile.conf <<EOF
|
||||
[Interface]
|
||||
PrivateKey = $MOBILE_PRIVATE_KEY
|
||||
Address = 10.0.0.2/24
|
||||
DNS = 1.1.1.1
|
||||
|
||||
[Peer]
|
||||
PublicKey = $(cat "$WG_DIR/self/public")
|
||||
Endpoint = $PUBLIC_IP:51820
|
||||
AllowedIPs = 0.0.0.0/0, ::/0
|
||||
PersistentKeepalive = 25
|
||||
EOF
|
||||
|
||||
# Add mobile peer to server config
|
||||
cat >> "$WG_CONF" <<EOF
|
||||
|
||||
[Peer]
|
||||
PublicKey = $MOBILE_PUBLIC_KEY
|
||||
AllowedIPs = 10.0.0.2/32
|
||||
EOF
|
||||
|
||||
# Restart WireGuard to apply new peer
|
||||
systemctl restart wg-quick@wg0
|
||||
|
||||
# Generate QR code for mobile
|
||||
qrencode -t ansiutf8 < mobile.conf
|
||||
|
||||
echo
|
||||
echo "✅ WireGuard server setup complete!"
|
||||
echo "📱 Scan the above QR code from your mobile WireGuard app!"
|
||||
echo
|
||||
echo "If needed, your mobile config is saved here: $MOBILE_DIR/mobile.conf"
|
||||
Loading…
Reference in New Issue