| Next revision | Previous revision Next revisionBoth sides next revision |
| docs:guide-user:services:vpn:wireguard:automated [2021/04/25 16:07] – created willowen100 | docs:guide-user:services:vpn:wireguard:automated [2022/06/14 04:03] – Removed erroneous /24 from lines beginning export WG_${LAN}_server_IP= in scripts c) & d) iainbullock |
|---|
| This example creates 4 peers with usernames 'Alpha', 'Bravo', 'Charlie' and 'Delta' on a private LAN called 'lan'. The only changes you should need to make are in the 'Defining Variables' section below. | This example creates 4 peers with usernames 'Alpha', 'Bravo', 'Charlie' and 'Delta' on a private LAN called 'lan'. The only changes you should need to make are in the 'Defining Variables' section below. |
| |
| Copy the script below to the CLI and then call the script with <code>/root/auto_wg_username-id.sh></code> | Copy the script below to the CLI and then call the script with <code>/root/auto_wg_username-id.sh</code> |
| <code bash> | <code bash> |
| |
| export WG_${LAN}_server_IP="${interface}.1" | export WG_${LAN}_server_IP="${interface}.1" |
| export WG_${LAN}_server_firewall_zone="${LAN}" | export WG_${LAN}_server_firewall_zone="${LAN}" |
| | export quantity="4" # Change the number '4' to any number of peers you would like to create |
| | export user_1="Alpha" |
| | export user_2="Bravo" |
| | export user_3="Charlie" |
| | export user_4="Delta" |
| echo "Done" | echo "Done" |
| |
| # Create directories | # Create directories |
| echo -n "Creating directories and pre-defining permissions on those directories... " | echo -n "Creating directories and pre-defining permissions on those directories... " |
| umask 077; mkdir -p /etc/wireguard/networks/${LAN}/peers | mkdir -p /etc/wireguard/networks/${LAN}/peers |
| echo "Done" | echo "Done" |
| |
| echo -n "Generating WireGuard server keys for '${LAN}' network... " | echo -n "Generating WireGuard server keys for '${LAN}' network... " |
| wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1 | wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1 |
| | echo "Done" |
| | |
| | echo -n "Rename firewall.@zone[0] to lan and firewall.@zone[1] to wan... " |
| | uci rename firewall.@zone[0]="lan" |
| | uci rename firewall.@zone[1]="wan" |
| echo "Done" | echo "Done" |
| |
| # Loop | # Loop |
| n="0" | n="0" |
| while [ "$n" -lt 1 ] ; | while [ "$n" -lt ${quantity} ] ; |
| do | do |
| |
| for username in alpha bravo charlie delta | for username in ${user_1} ${user_2} ${user_3} ${user_4} |
| do | do |
| |
| echo "" | echo "" |
| # Create directory for storing peers | # Create directory for storing peers |
| echo -n "Creating directory for peer '${LAN}_${username}_${peer_ID}'... " | echo -n "Creating directory for peer '${peer_ID}_${LAN}_${username}'... " |
| umask 022; mkdir -p "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}" | mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}" |
| echo "Done" | echo "Done" |
| |
| # Generate peer keys | # Generate peer keys |
| echo -n "Generating peer keys for '${LAN}_${username}_${peer_ID}'... " | echo -n "Generating peer keys for '${peer_ID}_${LAN}_${username}'... " |
| umask 077; wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_public.key" >/dev/null 2>&1 | wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key" >/dev/null 2>&1 |
| echo "Done" | echo "Done" |
| |
| # Generate Pre-shared key | # Generate Pre-shared key |
| echo -n "Generating peer PSK for '${LAN}_${username}_${peer_ID}'... " | echo -n "Generating peer PSK for '${peer_ID}_${LAN}_${username}'... " |
| wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.psk" >/dev/null 2>&1 | wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk" >/dev/null 2>&1 |
| echo "Done" | echo "Done" |
| |
| # Add peer to server | # Add peer to server |
| echo -n "Adding '${LAN}_${username}_${peer_ID}' to WireGuard server... " | echo -n "Adding '${peer_ID}_${LAN}_${username}' to WireGuard server... " |
| uci add network wireguard_wg_${LAN} >/dev/null 2>&1 | uci add network wireguard_wg_${LAN} >/dev/null 2>&1 |
| uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_public.key)" | uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key)" |
| uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.psk)" | uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk)" |
| uci set network.@wireguard_wg_${LAN}[-1].description="${LAN}_${username}_${peer_ID}" | uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}_${username}" |
| uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32" | uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32" |
| uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1' | uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1' |
| | |
| # Create peer configuration | # Create peer configuration |
| echo -n "Creating config for '${LAN}_${username}_${peer_ID}'... " | echo -n "Creating config for '${peer_ID}_${LAN}_${username}'... " |
| cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.conf" | cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.conf" |
| [Interface] | [Interface] |
| Address = ${interface}.${peer_IP}/32 | Address = ${interface}.${peer_IP}/32 |
| PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}_private.key) # Peer's private key | PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key) # Peer's private key |
| DNS = ${server_IP} | DNS = ${server_IP} |
| |
| [Peer] | [Peer] |
| PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key | PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key |
| PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${username}_${peer_ID}/${LAN}_${username}_${peer_ID}.psk) # Peer's pre-shared key | PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk) # Peer's pre-shared key |
| PersistentKeepalive = 25 | PersistentKeepalive = 25 |
| AllowedIPs = 0.0.0.0/0, ::/0 | AllowedIPs = 0.0.0.0/0, ::/0 |
| # Create directories | # Create directories |
| echo -n "Creating directories and pre-defining permissions on those directories... " | echo -n "Creating directories and pre-defining permissions on those directories... " |
| umask 077; mkdir -p /etc/wireguard/networks/${LAN}/peers | mkdir -p /etc/wireguard/networks/${LAN}/peers |
| echo "Done" | echo "Done" |
| |
| echo -n "Generating WireGuard server keys for '${LAN}' network... " | echo -n "Generating WireGuard server keys for '${LAN}' network... " |
| wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1 | wg genkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/${LAN}_server_public.key" >/dev/null 2>&1 |
| | echo "Done" |
| | |
| | echo -n "Rename firewall.@zone[0] to lan and firewall.@zone[1] to wan... " |
| | uci rename firewall.@zone[0]="lan" |
| | uci rename firewall.@zone[1]="wan" |
| echo "Done" | echo "Done" |
| |
| echo "" | echo "" |
| # Create directory for storing peers | # Create directory for storing peers |
| echo -n "Creating directory for peer '${LAN}_${peer_ID}'... " | echo -n "Creating directory for peer '${peer_ID}_${LAN}'... " |
| umask 022; mkdir -p "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}" | mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}" |
| echo "Done" | echo "Done" |
| |
| # Generate peer keys | # Generate peer keys |
| echo -n "Generating peer keys for '${LAN}_${peer_ID}'... " | echo -n "Generating peer keys for '${peer_ID}_${LAN}'... " |
| umask 077; wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key" >/dev/null 2>&1 | wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key" >/dev/null 2>&1 |
| echo "Done" | echo "Done" |
| |
| # Generate Pre-shared key | # Generate Pre-shared key |
| echo -n "Generating peer PSK for '${LAN}_${peer_ID}'... " | echo -n "Generating peer PSK for '${peer_ID}_${LAN}'... " |
| wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk" >/dev/null 2>&1 | wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk" >/dev/null 2>&1 |
| echo "Done" | echo "Done" |
| |
| # Add peer to server | # Add peer to server |
| echo -n "Adding '${LAN}_${peer_ID}' to WireGuard server... " | echo -n "Adding '${peer_ID}_${LAN}' to WireGuard server... " |
| uci add network wireguard_wg_${LAN} >/dev/null 2>&1 | uci add network wireguard_wg_${LAN} >/dev/null 2>&1 |
| uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key)" | uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key)" |
| uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk)" | uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk)" |
| uci set network.@wireguard_wg_${LAN}[-1].description="${LAN}_${peer_ID}" | uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}" |
| uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32" | uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32" |
| uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1' | uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1' |
| | |
| # Create peer configuration | # Create peer configuration |
| echo -n "Creating config for '${LAN}_${peer_ID}'... " | echo -n "Creating config for '${peer_ID}_${LAN}'... " |
| cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.conf" | cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.conf" |
| [Interface] | [Interface] |
| Address = ${interface}.${peer_IP}/32 | Address = ${interface}.${peer_IP}/32 |
| PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key) # Peer's private key | PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key) # Peer's private key |
| DNS = ${server_IP} | DNS = ${server_IP} |
| |
| [Peer] | [Peer] |
| PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key | PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key |
| PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk) # Peer's pre-shared key | PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk) # Peer's pre-shared key |
| PersistentKeepalive = 25 | PersistentKeepalive = 25 |
| AllowedIPs = 0.0.0.0/0, ::/0 | AllowedIPs = 0.0.0.0/0, ::/0 |
| </code> | </code> |
| |
| ==== c) Add Additional Set Number of Peers with IDs ==== | ==== c) Add Additional Set Number of Peers with Names and IDs ==== |
| This script allows you to add a set number of extra peers with unique IDs alongside any pre-existing peers already on the system. | This script allows you to add a set number of extra peers with names and unique IDs alongside any pre-existing peers already on the system. |
| |
| Copy the script below to the CLI and then call the script with <code>/root/auto_wg_id_extra.sh</code> | Copy the script below to the CLI and then call the script with <code>/etc/wireguard/scripts/add_named-id_peers.sh</code> |
| <code bash> | <code bash> |
| | mkdir "/etc/wireguard/scripts" |
| | cat > "/etc/wireguard/scripts/add_named-id_peers.sh" <<-'SCRIPT_EOF' |
| | #!/bin/ash |
| | clear |
| | echo "=========================================================" |
| | echo "| Automated WireGuard Script |" |
| | echo "| Add Additional Set Number of Peers with Names and IDs |" |
| | echo "=========================================================" |
| | # Define Variables |
| | echo -n "Defining variables... " |
| | export LAN="lan" |
| | export interface="10.0.5" |
| | export DDNS="my-ddns.no-ip.com" |
| | export WG_${LAN}_server_port="51820" |
| | export WG_${LAN}_server_IP="${interface}.1" |
| | export WG_${LAN}_server_firewall_zone="${LAN}" |
| | export quantity="4" # Change the number '4' to any number of peers you would like to create |
| | export user_1="Alpha" |
| | export user_2="Bravo" |
| | export user_3="Charlie" |
| | export user_4="Delta" |
| | function last_peer_ID () { |
| | cd "/etc/wireguard/networks/${LAN}/peers" |
| | ls | sort -V | tail -1 | cut -d '_' -f 1 |
| | } |
| | export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1)) |
| | function last_peer_IP () { |
| | cd "/etc/wireguard/networks/${LAN}/peers" |
| | peer=$(ls | sort -V | tail -1) |
| | awk '/Address/' $peer/*.conf | cut -d '.' -f 3 | tr -d /24 |
| | cd |
| | } |
| | export peer_IP=$(last_peer_IP) ; export peer_IP=$((peer_IP+1)) |
| | echo "Done" |
| |
| cat <<-"SCRIPT_EOF" > "/root/auto_wg_id_extra.sh" | n=0 |
| | while [ "$n" -lt ${quantity} ] ; |
| | do |
| | for username in ${user_1} ${user_2} ${user_3} ${user_4} |
| | do |
| | # Configure Variables |
| | echo "" |
| | echo -n "Defining variables for '${peer_ID}_${LAN}_${username}'... " |
| | eval "peer_ID_${username}=${peer_ID}" |
| | eval "peer_IP_${username}=${peer_IP}" |
| | |
| | eval "peer_ID=\${peer_ID_${username}}" |
| | eval "peer_IP=\${peer_IP_${username}}" |
| | |
| | eval "server_port=\${WG_${LAN}_server_port}" |
| | eval "server_IP=\${WG_${LAN}_server_IP}" |
| | echo "Done" |
| | |
| | # Create directory for storing peers |
| | echo -n "Creating directory for peer '${peer_ID}_${LAN}_${username}'... " |
| | mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}" |
| | echo "Done" |
| | |
| | # Generate peer keys |
| | echo -n "Generating peer keys for '${peer_ID}_${LAN}_${username}'... " |
| | wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key" >/dev/null 2>&1 |
| | echo "Done" |
| | |
| | # Generate Pre-shared key |
| | echo -n "Generating peer PSK for '${peer_ID}_${LAN}_${username}'... " |
| | wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk" >/dev/null 2>&1 |
| | echo "Done" |
| | |
| | # Add peer to server |
| | echo -n "Adding '${peer_ID}_${LAN}_${username}' to WireGuard server... " |
| | uci add network wireguard_wg_${LAN} >/dev/null 2>&1 |
| | uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_public.key)" |
| | uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk)" |
| | uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}_${username}" |
| | uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32" |
| | uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1' |
| | uci set network.@wireguard_wg_${LAN}[-1].persistent_keepalive='25' |
| | echo "Done" |
| | |
| | # Create peer configuration |
| | echo -n "Creating config for '${peer_ID}_${LAN}_${username}'... " |
| | cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.conf" |
| | [Interface] |
| | Address = ${interface}.${peer_IP}/32 |
| | PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}_private.key) # Peer's private key |
| | DNS = ${server_IP} |
| | |
| | [Peer] |
| | PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key |
| | PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}_${username}/${peer_ID}_${LAN}_${username}.psk) # Peer's pre-shared key |
| | PersistentKeepalive = 25 |
| | AllowedIPs = 0.0.0.0/0, ::/0 |
| | Endpoint = ${DDNS}:${server_port} |
| | EOF |
| | echo "Done" |
| | |
| | # Increment variables by '1' |
| | peer_ID=$((peer_ID+1)) |
| | peer_IP=$((peer_IP+1)) |
| | n=$((n+1)) |
| | done |
| | done |
| | |
| | # Commit UCI changes |
| | echo -en "\nCommiting changes... " |
| | uci commit |
| | echo "Done" |
| | |
| | # Restart WireGuard interface |
| | echo -en "\nRestarting WireGuard interface... " |
| | ifup wg_${LAN} |
| | echo "Done" |
| | |
| | # Restart firewall |
| | echo -en "\nRestarting firewall... " |
| | /etc/init.d/firewall restart >/dev/null 2>&1 |
| | echo "Done" |
| | SCRIPT_EOF |
| | chmod +x "/etc/wireguard/scripts/add_named-id_peers.sh" |
| | |
| | </code> |
| | |
| | ==== d) Add Additional Set Number of Peers with IDs ==== |
| | This script allows you to add a set number of extra peers with unique IDs alongside any pre-existing peers already on the system. |
| | |
| | Copy the script below to the CLI and then call the script with <code>/etc/wireguard/scripts/add_id_peers.sh</code> |
| | <code bash> |
| | mkdir "/etc/wireguard/scripts" |
| | cat > "/etc/wireguard/scripts/add_id_peers.sh" <<-'SCRIPT_EOF' |
| #!/bin/ash | #!/bin/ash |
| clear | clear |
| export DDNS="my-ddns.no-ip.com" | export DDNS="my-ddns.no-ip.com" |
| export WG_${LAN}_server_port="51821" | export WG_${LAN}_server_port="51821" |
| export WG_${LAN}_server_IP="${interface}.1/24" | export WG_${LAN}_server_IP="${interface}.1" |
| export WG_${LAN}_server_firewall_zone="${LAN}" | export WG_${LAN}_server_firewall_zone="${LAN}" |
| export quantity="4" # Change the number '4' to any number of peers you would like to create | export quantity="4" # Change the number '4' to any number of peers you would like to create |
| function last_peer_ID () { | function last_peer_ID () { |
| cd "/etc/wireguard/networks/${LAN}/peers" | cd "/etc/wireguard/networks/${LAN}/peers" |
| ls | sort -V | tail -1 | cut -d '_' -f 2 | ls | sort -V | tail -1 | cut -d '_' -f 1 |
| } | } |
| export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1)) | export peer_ID=$(last_peer_ID) ; export peer_ID=$((peer_ID+1)) |
| function last_peer_IP () { | function last_peer_IP () { |
| cd "/etc/wireguard/networks/${LAN}/peers" | cd "/etc/wireguard/networks/${LAN}/peers" |
| peer=$(ls | sort -n | tail -1) | peer=$(ls | sort -V | tail -1) |
| awk '/Address/' $peer/*.conf | cut -d '.' -f 4 | tr -d /24 | awk '/Address/' $peer/*.conf | cut -d '.' -f 3 | tr -d /24 |
| cd | cd |
| } | } |
| echo "" | echo "" |
| # Create directory for storing peers | # Create directory for storing peers |
| echo -n "Creating directory for peer '${LAN}_${peer_ID}'... " | echo -n "Creating directory for peer '${peer_ID}_${LAN}'... " |
| umask 022; mkdir -p "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}" | mkdir -p "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}" |
| echo "Done" | echo "Done" |
| |
| # Generate peer keys | # Generate peer keys |
| echo -n "Generating peer keys for '${LAN}_${peer_ID}'... " | echo -n "Generating peer keys for '${peer_ID}_${LAN}'... " |
| umask 077; wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key" >/dev/null 2>&1 | wg genkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key" | wg pubkey | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key" >/dev/null 2>&1 |
| echo "Done" | echo "Done" |
| |
| # Generate Pre-shared key | # Generate Pre-shared key |
| echo -n "Generating peer PSK for '${LAN}_${peer_ID}'... " | echo -n "Generating peer PSK for '${peer_ID}_${LAN}'... " |
| wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk" >/dev/null 2>&1 | wg genpsk | tee "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk" >/dev/null 2>&1 |
| echo "Done" | echo "Done" |
| |
| # Add peer to server | # Add peer to server |
| echo -n "Adding '${LAN}_${peer_ID}' to WireGuard server... " | echo -n "Adding '${peer_ID}_${LAN}' to WireGuard server... " |
| uci add network wireguard_wg_${LAN} >/dev/null 2>&1 | uci add network wireguard_wg_${LAN} >/dev/null 2>&1 |
| uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_public.key)" | uci set network.@wireguard_wg_${LAN}[-1].public_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_public.key)" |
| uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk)" | uci set network.@wireguard_wg_${LAN}[-1].preshared_key="$(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk)" |
| uci set network.@wireguard_wg_${LAN}[-1].description="${LAN}_${peer_ID}" | uci set network.@wireguard_wg_${LAN}[-1].description="${peer_ID}_${LAN}" |
| uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32" | uci add_list network.@wireguard_wg_${LAN}[-1].allowed_ips="${interface}.${peer_IP}/32" |
| uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1' | uci set network.@wireguard_wg_${LAN}[-1].route_allowed_ips='1' |
| | |
| # Create peer configuration | # Create peer configuration |
| echo -n "Creating config for '${LAN}_${peer_ID}'... " | echo -n "Creating config for '${peer_ID}_${LAN}'... " |
| cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.conf" | cat <<-EOF > "/etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.conf" |
| [Interface] | [Interface] |
| Address = ${interface}.${peer_IP}/32 | Address = ${interface}.${peer_IP}/32 |
| PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}_private.key) # Peer's private key | PrivateKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}_private.key) # Peer's private key |
| DNS = ${server_IP} | DNS = ${server_IP} |
| |
| [Peer] | [Peer] |
| PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key | PublicKey = $(cat /etc/wireguard/networks/${LAN}/${LAN}_server_public.key) # Server's public key |
| PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${LAN}_${peer_ID}/${LAN}_${peer_ID}.psk) # Peer's pre-shared key | PresharedKey = $(cat /etc/wireguard/networks/${LAN}/peers/${peer_ID}_${LAN}/${peer_ID}_${LAN}.psk) # Peer's pre-shared key |
| PersistentKeepalive = 25 | PersistentKeepalive = 25 |
| AllowedIPs = 0.0.0.0/0, ::/0 | AllowedIPs = 0.0.0.0/0, ::/0 |
| echo "Done" | echo "Done" |
| SCRIPT_EOF | SCRIPT_EOF |
| chmod +x "/root/auto_wg_id_extra.sh" | chmod +x "/etc/wireguard/scripts/add_id_peers.sh" |
| </code> | </code> |
| |
| # Set permissions on peer directories | # Set permissions on peer directories |
| echo -en "\nSetting permissions on peer directories... " | echo -en "\nSetting permissions on peer directories... " |
| chmod -R 744 /etc/wireguard/networks/${LAN}/peers/ | chmod -R 755 /etc/wireguard/networks/${LAN}/peers/ |
| echo "Done" | echo "Done" |
| |