UrielCh/wireguard

Wireguard

Wireguard Setup scripts writin in bash.

Main lines: Because this script is intended to be run as root, every call will invite you to enter the correct command with a shell redirection to fill the corresponding configuration files.

However, a file named allKeys.txt will be the only automatically created file; This file will contain a text database of all generated private keys. So if you create a user key twice, the key will be the same. allKeys.txt default permission will be 0600.

checkout the script in an existing /etc/wireguard:

cd /etc/wireguard
git init
git remote add origin https://github.com/UrielCh/wireguard.git
git fetch
git checkout main

Usage

• Init your environement VPN with ./randconfig.sh > .env
• customize it
• source .env
• ./init.sh > wg${WGID}.conf
• ./add-key.sh 1 user01 >> wg${WGID}.conf
• ./add-key.sh 2 user02 >> wg${WGID}.conf
• systemctl restart wg-quick@wg${WGID}.service
• systemctl enable wg-quick@wg${WGID}.service

You only choose an IP offset; the script will compute a valid IP address within your range.

Setup Wireguard

Install wireguard

Ensure that kernel headers are installed

• debian 10 and older (ex: buster)

echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' > /etc/apt/sources.list.d/buster-backports.list"

• for proxmox:

apt install pve-headers-$(uname -r) wireguard

• for debian:

apt install -y linux-headers-$(uname -r) wireguard

Install extra dependences

apt-get install qrencode

Install the scripts

Clone this repo

cd  /etc/wireguard/
git clone git@github.com:UrielCh/wireguard.git .

Init config

Generate a random configuration environement, then customise it as you want.

./randconfig.sh > .env
nano .env
./init.sh

Create a new client

Use ./add-key.sh

./add-key.sh client_id_fron_0_to_1021 client_name >> wg1.conf

example:
./add-key.sh 1 user01 >> wg1.conf
./add-key.sh 2 user02 >> wg1.conf

Read output for guide

Display a key

./printKey.sh user-1

or

./printKey.sh user-1 QR

to view it as a QR code

List keys:

./list.sh 

Enable / Disable debug

modprobe wireguard
echo 'module wireguard +p' > /sys/kernel/debug/dynamic_debug/control
# tail -F /var/log/messages /var/log/kern.log
journalctl -f
# or
dmesg -wH

Diasble:

echo 'module wireguard -p' > /sys/kernel/debug/dynamic_debug/control

Sample

Create a serie of access key:

Sample generate bulk of keys in wg1.conf with IPs offset by 256 (only valid if with a MASK of 23 or more)

for X in {001..010};
  do ID=$(echo $X|sed -E s/^0+//);
  ./add-key.sh $((ID+256)) client-$X >> wg1.conf;
done

if your first IP os 10.0.0.0, this script will generate Acces with IPs 10.0.1.1, 10.0.1.2, 10.0.1.3 ...

References

• wireguard guide
• conf sample + ipV6
• debug Wireguard
• debug Kernel