#!/bin/bash # # AUTOWG written by Hamdi KADRI # APACHE LICENSE version 2.0 applies # This script is intended to create configurations for # a point-to-point Wireguard connection between a server # and a client (/30 network) # # Step zero: declare configurations as variables servercfg="[Interface] Address = SaveConfig = true ListenPort = PrivateKey = [Peer] PublicKey = PresharedKey = AllowedIPs = " clientcfg="[Interface] PrivateKey = Address = [Peer] PublicKey = PresharedKey = AllowedIPs = EndPoint = : PersistentKeepalive = 20" postcfg="[Interface] Address = SaveConfig = true ListenPort = PrivateKey = PostUp = iptables -A FORWARD -i -j ACCEPT PostUp = iptables -t nat -A POSTROUTING -o -j MASQUERADE PostDown = iptables -D FORWARD -i -j ACCEPT PostDown = iptables -t nat -D POSTROUTING -o -j MASQUERADE [Peer] PublicKey = PresharedKey = AllowedIPs = " # Step one: ask for some parameters (as an assistant) # We need: point-to-point IPs, Server IP, port echo "AutoWG requires some informations before generating your config" echo "Please provide the next parameters." echo "This script will not check if the IPs and netmask are valid!" echo "Press Enter to continue.." echo read read -p "Server IP for the Wireguard interface: " serverwgIP read -p "Client IP for the Wireguard interface: " clientwgIP read -p "Network Mask (in CIDR) for both server and client WG interfaces (example: /30): " netmask read -p "Server Public IP address: " serverIP read -p "Network Port for Wireguard communication: " port read -p "Wireguard interface name? (for example wg0): " wgintname read -p "Route all traffic to server via Wireguard? [y/N]: " internetaccess if [[ "$internetaccess" =~ ^([yY][eE][sS]|[yY])$ ]] then clientcfg=$(echo "$clientcfg" | sed "s|AllowedIPs = |AllowedIPs = 0.0.0.0/0|g" ) read -p "Which server interface has internet access? " srvinternetintname servercfg=$(echo "$postcfg" | sed "s||${wgintname}|g" | sed "s||${srvinternetintname}|g" ) echo RED='\033[0;31m' NC='\033[0m' # No Color printf "${RED}IMPORTANT:${NC} You need to enable IP Forwarding on the server\n" echo "On Linux servers, uncomment the line \"net.ipv4.ip_forward=1\" in /etc/sysctl.conf" echo "then run \"sysctl -p\"" echo #### Experimental DNS support #### read -p "Push DNS servers to client? [y/N]: " dns if [[ "$dns" =~ ^([yY][eE][sS]|[yY])$ ]] then read -p "Enter dns servers IPs separated by spaces: " dnsservers dnscfg="\nDNS = $dnsservers" clientcfg=$(echo "$clientcfg" | sed "s||$dnscfg|g" ) else clientcfg=$(echo "$clientcfg" | sed "s|||g" ) fi ################################## else clientcfg=$(echo "$clientcfg" | sed "s|||g" ) fi # Step two: generate keypairs ## Generate keypairs for machine 1 (client) client_prvkey=$(wg genkey) client_pubkey=$(echo $client_prvkey | wg pubkey) ## Generate keypairs for machine 2 (server) server_prvkey=$(wg genkey) server_pubkey=$(echo $server_prvkey | wg pubkey) # New : generate PSK psk=$(wg genpsk) # Step three: generate configuration serverconf=$(echo "$servercfg" | sed "s||${serverwgIP}${netmask}|g" | \ sed "s||${port}|g" | sed "s||${server_prvkey}|g" |\ sed "s||${client_pubkey}|g" | sed "s||${clientwgIP}|g" |\ sed "s||${psk}|g" ) clientconf=$(echo "$clientcfg" | sed "s||${client_prvkey}|g" | \ sed "s||${clientwgIP}${netmask}|g" | sed "s||${server_pubkey}|g" | \ sed "s||${serverIP}|g" | sed "s||${port}|g" | sed "s||${psk}|g" ) # Step four: display configuration for machine 1 (client) echo echo "** Client Side /etc/wireguard/${wgintname}.conf **" echo "$clientconf" echo # Step five: display configuration for machine 2 (server) echo echo "** Server Side /etc/wireguard/${wgintname}.conf **" echo "$serverconf" echo # Step Seven: Saving to a text file # echo "** Client Side /etc/wireguard/${wgintname}.conf **" > wireguard-conf.txt echo "$clientconf" >> wireguard-conf.txt echo >> wireguard-conf.txt echo "** Server Side /etc/wireguard/${wgintname}.conf **" >> wireguard-conf.txt echo "$serverconf" >> wireguard-conf.txt echo >> wireguard-conf.txt