-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathWireguard_After.bash
60 lines (50 loc) · 1.27 KB
/
Wireguard_After.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/bash
# To remove a client:
# wg set wg0 peer <public-key> remove
# systemctl restart [email protected]
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
dir=$PWD
inet=$(ip route show default | awk '/default/ {print $5}')
ipaddr="$(hostname -I | awk '{print $1}')"
ipaddr6="$(hostname -I | awk '{print $3}')"
# Set to whatever new profiles you want
devs="new1 new2"
umask 077
cd /etc/wireguard
echo "Adding peers to wireguard config"
count=$((`grep -c '\[Peer\]' wg0.conf` + 2))
for i in $devs; do
wg genkey | tee $i-privkey | wg pubkey > $i-pubkey
echo "
[Peer]
# $i
PublicKey = $(<$i-pubkey)
PresharedKey = $(<preshared-key)
AllowedIPs = $intipaddr.$count/32, $intipaddr6::$count/128" >> wg0.conf
echo "[Interface]
Address = $intipaddr.$count/24, $intipaddr6::$count/64
MTU = 1420
DNS = $ipaddr, $ipaddr6
PrivateKey = $(<$i-privkey)
[Peer]
PublicKey = $(<server-pubkey)
PresharedKey = $(<preshared-key)
Endpoint = $ipaddr:$wgport
AllowedIPs = 0.0.0.0/0, ::/0" > $i.conf
echo "$i:"
qrencode -t ansiutf8 < $i.conf
sleep 1
cp -f $i.conf $dir/$i.conf
count=$((count+1))
done
chown -R root:root *
chmod -R og-rwx *
umask 0022
cd $dir
wg addconf wg0 <(wg-quick strip wg0)
systemctl restart [email protected]
echo "All Done!"
exit 0