61 lines
1.4 KiB
Bash
61 lines
1.4 KiB
Bash
#!/bin/bash
|
|
apt update
|
|
|
|
# Install wireguard
|
|
apt install -y wireguard
|
|
|
|
LISTENPORT=51820
|
|
umask 077
|
|
# Generate public and private key
|
|
mkdir /root/wireguard-conf
|
|
cd /root/wireguard-conf
|
|
|
|
wg genkey > privatekey
|
|
wg pubkey < privatekey > publickey
|
|
mkdir client
|
|
|
|
wg genkey > client/privatekey
|
|
wg pubkey < client/privatekey > client/publickey
|
|
|
|
|
|
echo "[Interface]
|
|
Address = 10.66.66.1/24,fd42:42:42::1/64
|
|
ListenPort = $LISTENPORT
|
|
PrivateKey = $(cat privatekey)
|
|
|
|
### Client mike-home
|
|
[Peer]
|
|
PublicKey = $(cat client/publickey)
|
|
AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
|
|
" > /etc/wireguard/do.conf
|
|
|
|
wg-quick up do
|
|
|
|
echo "[Interface]
|
|
PrivateKey = $(cat client/privatekey)
|
|
Address = 10.66.66.2/32,fd42:42:42::2/128
|
|
DNS = 1.1.1.1,1.0.0.1
|
|
|
|
[Peer]
|
|
PublicKey = $(cat publickey)
|
|
Endpoint = $(curl icanhazip.com):$LISTENPORT
|
|
AllowedIPs = 0.0.0.0/0,::/0
|
|
" > client-config.conf
|
|
|
|
# Add iptables rules to forward internet traffic through this box
|
|
# We are assuming our Wireguard interface is called do and our
|
|
# primary public facing interface is called eth0.
|
|
iptables -I INPUT -p udp --dport 51820 -j ACCEPT
|
|
iptables -I FORWARD -i eth0 -o do -j ACCEPT
|
|
iptables -I FORWARD -i do -j ACCEPT
|
|
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
ip6tables -I FORWARD -i do -j ACCEPT
|
|
ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
# Enable routing on the server
|
|
echo "net.ipv4.ip_forward = 1
|
|
net.ipv6.conf.all.forwarding = 1" >/etc/sysctl.d/wg.conf
|
|
sysctl --system
|
|
|
|
|
|
cat client-config.conf |