Wireguard Scripts

add and remove clients from a wireguard server.

bash add-client.sh <client_name> will create a config in clients for that client.

bash remove-peer.sh <client_pub_key> will remove the peer.

Download the generated <client_name>.tar.gz file and extract it. Follow the instructions in SETUP.txt in the resulting folder.

Installation

NOTE: this assumes some decent commandline knowlege.

Clone/fork(if you want to save your own configs) the Repo
install wireguard on server (https://www.wireguard.com/install/)
install qrencode for easier addition of peers (apt install qrencode)
as root, cd /etc/wireguard, and create server keys: wg genkey | tee server_private_key | wg pubkey > server_public_key
copy wg0-server.example.conf in this project to /etc/wireguard/wg0.conf
edit /etc/wireguard/wg0.conf replace PrivateKey = asdf123= with the private key created above. Change any other settings you need different (ip range, network interfaces[eth0 is outgoing interface in this example]) stop being root
start wireguard: sudo wg-quick up wg0
add a client bash add-client.sh <new-client>

Track VPN Connection

iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

VPN Traffic

iptables -A INPUT -p udp -m udp --dport 51820 -m conntrack --ctstate NEW -j ACCEPT

Forwarding/NAT

iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Make iptables persist:

apt-get install iptables-persistent
systemctl enable netfilter-persistent
netfilter-persistent save

If you see something wrong and have fixed it, or have something to add, make a Pull Request!