in /etc/sysctl.conf
net.ipv4.ip_forward = 1
ufw (change interface as needed)
sudo ufw allow in on wg0 out enp2s0
sudo ufw allow in on enp2s0 out wg0
Last active
June 15, 2023 02:41
-
-
Save jwpleow/38b110545d5ea2b698925e736da1e577 to your computer and use it in GitHub Desktop.
wireguard setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -eux | |
| set -o pipefail | |
| if [ $# -lt 2 ]; then | |
| echo "Usage: create_peer.bash <config name> <config IP>" | |
| echo "e.g. create_peer.bash 4_joelFramework 10.10.127.4" | |
| exit 1 | |
| fi | |
| readonly PEER_NAME=$1 | |
| readonly PEER_ADDRESS=$2 | |
| if [ ${#PEER_NAME} -ge 16 ]; then | |
| echo "Peer config name cannot be >16chars" | |
| exit 1 | |
| fi | |
| readonly INTERFACE="wg0" | |
| # Generate peer keys | |
| readonly PRIVATE_KEY=$(wg genkey) | |
| readonly PUBLIC_KEY=$(echo ${PRIVATE_KEY} | wg pubkey) | |
| # Read server key from interface | |
| readonly SERVER_PUBLIC_KEY=$(wg show ${INTERFACE} public-key) | |
| wg set ${INTERFACE} peer ${PUBLIC_KEY} allowed-ips ${PEER_ADDRESS} || { | |
| echo "Cannot add peer ${PEER_ADDRESS} with public key ${PUBLIC_KEY}" | |
| return 1 | |
| } | |
| # wg-quick save ${INTERFACE} # this adds the endpoint of currently connected peers, so don't use this | |
| wg syncconf ${INTERFACE} <(wg-quick strip ${INTERFACE}) | |
| # Save config file out | |
| cat << EOF >> /etc/wireguard/generated_confs/${PEER_NAME}.conf | |
| [Interface] | |
| Address = ${PEER_ADDRESS}/32 | |
| PrivateKey = ${PRIVATE_KEY} | |
| [Peer] | |
| PublicKey = ${SERVER_PUBLIC_KEY} | |
| AllowedIPs = 10.10.127.0/24 | |
| Endpoint = cakepirate.duckdns.org:51820 | |
| PersistentKeepalive = 30 | |
| EOF | |
| echo "Added peer ${PEER_ADDRESS} with public key ${PUBLIC_KEY}" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Interface] | |
| Address = 10.10.127.1/24 | |
| ListenPort = 51820 | |
| PrivateKey = <redacted> | |
| # Peers we've created configuration files for go under this line | |
| [Peer] | |
| PublicKey = <Redacted> | |
| AllowedIPs = 10.10.127.2/32 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment