network-scripts/wireguard/autowg.sh

#!/bin/bash
#
# AUTOWG written by Hamdi KADRI 
# APACHE LICENSE version 2.0 applies
# This script is intended to create configurations for 
# a point-to-point Wireguard connection between a server
# and a client (/30 network)
#

# Step zero: declare configurations as variables

servercfg="[Interface]
Address = <serverwgIP>
SaveConfig = true
ListenPort = <port>
PrivateKey = <server-privatekey>
[Peer]
PublicKey = <client-pubkey>
PresharedKey = <psk>
AllowedIPs = <clientwgIP>"

clientcfg="[Interface]
PrivateKey = <client-privatekey>
Address = <clientwgIP> <dnsconfiguration>
[Peer]
PublicKey = <server-pubkey>
PresharedKey = <psk>
AllowedIPs = <clientwgIP>
EndPoint = <serverIP>:<port>
PersistentKeepalive = 20"

postcfg="[Interface]
Address = <serverwgIP>
SaveConfig = true
ListenPort = <port>
PrivateKey = <server-privatekey>
PostUp = iptables -A FORWARD -i <wgintname> -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o <srvinternetintname> -j MASQUERADE
PostDown = iptables -D FORWARD -i <wgintname> -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o <srvinternetintname> -j MASQUERADE
[Peer]
PublicKey = <client-pubkey>
PresharedKey = <psk>
AllowedIPs = <clientwgIP>
"

# Step one: ask for some parameters (as an assistant)
# We need: point-to-point IPs, Server IP, port

echo "AutoWG requires some informations before generating your config"
echo "Please provide the next parameters."
echo "This script will not check if the IPs and netmask are valid!"
echo "Press Enter to continue.."
echo
read
read -p "Server IP for the Wireguard interface: " serverwgIP
read -p "Client IP for the Wireguard interface: " clientwgIP
read -p "Network Mask (in CIDR) for both server and client WG interfaces (example: /30): " netmask
read -p "Server Public IP address: " serverIP 
read -p "Network Port for Wireguard communication: " port
read -p "Wireguard interface name? (for example wg0): " wgintname
read -p "Route all traffic to server via Wireguard? [y/N]: " internetaccess
if [[ "$internetaccess" =~ ^([yY][eE][sS]|[yY])$ ]]
then
	clientcfg=$(echo "$clientcfg" | sed "s|AllowedIPs = <clientwgIP>|AllowedIPs = 0.0.0.0/0|g" )
	read -p "Which server interface has internet access? " srvinternetintname
    servercfg=$(echo "$postcfg" | sed "s|<wgintname>|${wgintname}|g" | sed "s|<srvinternetintname>|${srvinternetintname}|g" )
	echo
    RED='\033[0;31m'
    NC='\033[0m' # No Color
    printf "${RED}IMPORTANT:${NC} You need to enable IP Forwarding on the server\n"
    echo "On Linux servers, uncomment the line \"net.ipv4.ip_forward=1\" in /etc/sysctl.conf"
    echo "then run \"sysctl -p\""
	echo 

	#### Experimental DNS support ####
	read -p "Push DNS servers to client? [y/N]: " dns
	if [[ "$dns" =~ ^([yY][eE][sS]|[yY])$ ]]
	then
	    read -p "Enter dns servers IPs separated by spaces: " dnsservers
	    dnscfg="\nDNS = $dnsservers"
	    clientcfg=$(echo "$clientcfg" | sed "s|<dnsconfiguration>|$dnscfg|g" )
	else
		clientcfg=$(echo "$clientcfg" | sed "s|<dnsconfiguration>||g" )
	fi
	##################################
else 
	clientcfg=$(echo "$clientcfg" | sed "s|<dnsconfiguration>||g" )
fi


# Step two: generate keypairs
## Generate keypairs for machine 1 (client)
client_prvkey=$(wg genkey)
client_pubkey=$(echo $client_prvkey | wg pubkey)

## Generate keypairs for machine 2 (server)
server_prvkey=$(wg genkey)
server_pubkey=$(echo $server_prvkey | wg pubkey)

# New : generate PSK

psk=$(wg genpsk)

# Step three: generate configuration

serverconf=$(echo "$servercfg" | sed "s|<serverwgIP>|${serverwgIP}${netmask}|g" | \
	sed "s|<port>|${port}|g" | sed "s|<server-privatekey>|${server_prvkey}|g" |\
	sed "s|<client-pubkey>|${client_pubkey}|g" | sed "s|<clientwgIP>|${clientwgIP}|g" |\
	sed "s|<psk>|${psk}|g" )

clientconf=$(echo "$clientcfg" | sed "s|<client-privatekey>|${client_prvkey}|g" | \
	sed "s|<clientwgIP>|${clientwgIP}${netmask}|g" | sed "s|<server-pubkey>|${server_pubkey}|g" | \
	sed "s|<serverIP>|${serverIP}|g" | sed "s|<port>|${port}|g" | sed "s|<psk>|${psk}|g" )

# Step four: display configuration for machine 1 (client)
echo 
echo "** Client Side /etc/wireguard/${wgintname}.conf **"
echo "$clientconf"
echo

# Step five: display configuration for machine 2 (server)
echo 
echo "** Server Side /etc/wireguard/${wgintname}.conf **"
echo "$serverconf"
echo

# Step Seven: Saving to a text file 
#
echo "** Client Side /etc/wireguard/${wgintname}.conf **" > wireguard-conf.txt
echo "$clientconf" >> wireguard-conf.txt
echo  >> wireguard-conf.txt
echo "** Server Side /etc/wireguard/${wgintname}.conf **" >> wireguard-conf.txt
echo "$serverconf" >> wireguard-conf.txt
echo >> wireguard-conf.txt
First Commit 2025-08-12 23:01:13 -04:00			`#!/bin/bash`
			`#`
			`# AUTOWG written by Hamdi KADRI`
			`# APACHE LICENSE version 2.0 applies`
			`# This script is intended to create configurations for`
			`# a point-to-point Wireguard connection between a server`
			`# and a client (/30 network)`
			`#`

			`# Step zero: declare configurations as variables`

			`servercfg="[Interface]`
			`Address = <serverwgIP>`
			`SaveConfig = true`
			`ListenPort = <port>`
			`PrivateKey = <server-privatekey>`
			`[Peer]`
			`PublicKey = <client-pubkey>`
			`PresharedKey = <psk>`
			`AllowedIPs = <clientwgIP>"`

			`clientcfg="[Interface]`
			`PrivateKey = <client-privatekey>`
			`Address = <clientwgIP> <dnsconfiguration>`
			`[Peer]`
			`PublicKey = <server-pubkey>`
			`PresharedKey = <psk>`
			`AllowedIPs = <clientwgIP>`
			`EndPoint = <serverIP>:<port>`
			`PersistentKeepalive = 20"`

			`postcfg="[Interface]`
			`Address = <serverwgIP>`
			`SaveConfig = true`
			`ListenPort = <port>`
			`PrivateKey = <server-privatekey>`
			`PostUp = iptables -A FORWARD -i <wgintname> -j ACCEPT`
			`PostUp = iptables -t nat -A POSTROUTING -o <srvinternetintname> -j MASQUERADE`
			`PostDown = iptables -D FORWARD -i <wgintname> -j ACCEPT`
			`PostDown = iptables -t nat -D POSTROUTING -o <srvinternetintname> -j MASQUERADE`
			`[Peer]`
			`PublicKey = <client-pubkey>`
			`PresharedKey = <psk>`
			`AllowedIPs = <clientwgIP>`
			`"`

			`# Step one: ask for some parameters (as an assistant)`
			`# We need: point-to-point IPs, Server IP, port`

			`echo "AutoWG requires some informations before generating your config"`
			`echo "Please provide the next parameters."`
			`echo "This script will not check if the IPs and netmask are valid!"`
			`echo "Press Enter to continue.."`
			`echo`
			`read`
			`read -p "Server IP for the Wireguard interface: " serverwgIP`
			`read -p "Client IP for the Wireguard interface: " clientwgIP`
			`read -p "Network Mask (in CIDR) for both server and client WG interfaces (example: /30): " netmask`
			`read -p "Server Public IP address: " serverIP`
			`read -p "Network Port for Wireguard communication: " port`
			`read -p "Wireguard interface name? (for example wg0): " wgintname`
			`read -p "Route all traffic to server via Wireguard? [y/N]: " internetaccess`
			`if [[ "$internetaccess" =~ ^([yY][eE][sS]\|[yY])$ ]]`
			`then`
			`clientcfg=$(echo "$clientcfg" \| sed "s\|AllowedIPs = <clientwgIP>\|AllowedIPs = 0.0.0.0/0\|g" )`
			`read -p "Which server interface has internet access? " srvinternetintname`
			`servercfg=$(echo "$postcfg" \| sed "s\|<wgintname>\|${wgintname}\|g" \| sed "s\|<srvinternetintname>\|${srvinternetintname}\|g" )`
			`echo`
			`RED='\033[0;31m'`
			`NC='\033[0m' # No Color`
			`printf "${RED}IMPORTANT:${NC} You need to enable IP Forwarding on the server\n"`
			`echo "On Linux servers, uncomment the line \"net.ipv4.ip_forward=1\" in /etc/sysctl.conf"`
			`echo "then run \"sysctl -p\""`
			`echo`

			`#### Experimental DNS support ####`
			`read -p "Push DNS servers to client? [y/N]: " dns`
			`if [[ "$dns" =~ ^([yY][eE][sS]\|[yY])$ ]]`
			`then`
			`read -p "Enter dns servers IPs separated by spaces: " dnsservers`
			`dnscfg="\nDNS = $dnsservers"`
			`clientcfg=$(echo "$clientcfg" \| sed "s\|<dnsconfiguration>\|$dnscfg\|g" )`
			`else`
			`clientcfg=$(echo "$clientcfg" \| sed "s\|<dnsconfiguration>\|\|g" )`
			`fi`
			`##################################`
			`else`
			`clientcfg=$(echo "$clientcfg" \| sed "s\|<dnsconfiguration>\|\|g" )`
			`fi`


			`# Step two: generate keypairs`
			`## Generate keypairs for machine 1 (client)`
			`client_prvkey=$(wg genkey)`
			`client_pubkey=$(echo $client_prvkey \| wg pubkey)`

			`## Generate keypairs for machine 2 (server)`
			`server_prvkey=$(wg genkey)`
			`server_pubkey=$(echo $server_prvkey \| wg pubkey)`

			`# New : generate PSK`

			`psk=$(wg genpsk)`

			`# Step three: generate configuration`

			`serverconf=$(echo "$servercfg" \| sed "s\|<serverwgIP>\|${serverwgIP}${netmask}\|g" \| \`
			`sed "s\|<port>\|${port}\|g" \| sed "s\|<server-privatekey>\|${server_prvkey}\|g" \|\`
			`sed "s\|<client-pubkey>\|${client_pubkey}\|g" \| sed "s\|<clientwgIP>\|${clientwgIP}\|g" \|\`
			`sed "s\|<psk>\|${psk}\|g" )`

			`clientconf=$(echo "$clientcfg" \| sed "s\|<client-privatekey>\|${client_prvkey}\|g" \| \`
			`sed "s\|<clientwgIP>\|${clientwgIP}${netmask}\|g" \| sed "s\|<server-pubkey>\|${server_pubkey}\|g" \| \`
			`sed "s\|<serverIP>\|${serverIP}\|g" \| sed "s\|<port>\|${port}\|g" \| sed "s\|<psk>\|${psk}\|g" )`

			`# Step four: display configuration for machine 1 (client)`
			`echo`
			`echo " Client Side /etc/wireguard/${wgintname}.conf "`
			`echo "$clientconf"`
			`echo`

			`# Step five: display configuration for machine 2 (server)`
			`echo`
			`echo " Server Side /etc/wireguard/${wgintname}.conf "`
			`echo "$serverconf"`
			`echo`

			`# Step Seven: Saving to a text file`
			`#`
			`echo " Client Side /etc/wireguard/${wgintname}.conf " > wireguard-conf.txt`
			`echo "$clientconf" >> wireguard-conf.txt`
			`echo >> wireguard-conf.txt`
			`echo " Server Side /etc/wireguard/${wgintname}.conf " >> wireguard-conf.txt`
			`echo "$serverconf" >> wireguard-conf.txt`
			`echo >> wireguard-conf.txt`