From 0a5e2594a389ee03f2efc6ea886d428fcd789361 Mon Sep 17 00:00:00 2001
From: Johan <johan.followit@gmail.com>
Date: Sat, 23 Mar 2024 17:48:45 +0100
Subject: [PATCH] Update Wireguard with port option

---
 BashScripts/install-wireguard-server.sh | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/BashScripts/install-wireguard-server.sh b/BashScripts/install-wireguard-server.sh
index 7eb2c8d..216ec24 100644
--- a/BashScripts/install-wireguard-server.sh
+++ b/BashScripts/install-wireguard-server.sh
@@ -8,6 +8,7 @@ read -e -p "Enter lan NIC: " -i $(ip route | grep default | sed -e 's/^.*dev.//'
 read -e -p "Enter VPN subnet: " -i "192.168.200" VPN_SUBNET
 read -e -p "Enter LAN subnet: " -i "192.168.0" LAN_SUBNET
 read -e -p "Enter VPN public hostname: " -i "home.myspace.nu" VPN_PUBLIC_HOST
+read -e -p "Enter VPN public portnumber: " -i "51820" VPN_PUBLIC_PORT
 read -e -p "Allowed destination LAN IPs (empty for all): " -i "${LAN_SUBNET}.1 ${LAN_SUBNET}.2" ALLOWED_HOST_IPs
 
 if [ $(dpkg-query -W -f='${Status}' wireguard 2>/dev/null | grep -c "ok installed") -eq 0 ];
@@ -21,12 +22,12 @@ cd /etc/wireguard/
 
 if [ ! -f privatekey ]
 then
-	echo "Generating private and public keys"
+	echo "Generating private and public keys..."
 	umask 077; wg genkey | tee privatekey | wg pubkey > publickey
 fi
 SERVER_PRIVATEKEY=$(cat "privatekey")
 SERVER_PUBLICKEY=$(cat "publickey")
-# sudo ufw allow 41194/udp
+# sudo ufw allow $VPN_PUBLIC_PORT/udp
 
 if ! grep -q "net.ipv4.ip_forward" "/etc/sysctl.d/10-wireguard.conf"; then
 	echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.d/10-wireguard.conf
@@ -44,8 +45,8 @@ else
 	for ip in ${ALLOWED_HOST_IPs// / }
 	do
 		if [[ $ip == *":"* ]]; then
-	        port=$(echo $ip | cut -f2 -d:)
-	        ip=$(echo $ip | cut -f1 -d:)
+			port=$(echo $ip | cut -f2 -d:)
+			ip=$(echo $ip | cut -f1 -d:)
 			POSTUP="$POSTUP""PostUp = iptables -A FORWARD -i %i -d $ip/32 -p tcp -m multiport --dports $port -j ACCEPT
 "
 			POSTDOWN="$POSTDOWN""PostDown = iptables -D FORWARD -i %i -d $ip/32 -p tcp -m multiport --dports $port -j ACCEPT
@@ -62,7 +63,7 @@ fi
 sudo tee /etc/wireguard/wg0.conf.base > /dev/null <<EOL
 [Interface]
 Address = $VPN_SUBNET.1/24
-ListenPort = 51820
+ListenPort = $VPN_PUBLIC_PORT
 PrivateKey = ${SERVER_PRIVATEKEY}
 
 ${POSTUP}
@@ -118,7 +119,7 @@ DNS = 1.1.1.1, 8.8.8.8
 PublicKey = \$SERVER_PUBLICKEY
 # AllowedIPs = 0.0.0.0/0 # Will route all traffic through the VPN
 AllowedIPs = $LAN_SUBNET.0/24, $VPN_SUBNET.0/24
-Endpoint = $VPN_PUBLIC_HOST:51820
+Endpoint = $VPN_PUBLIC_HOST:$VPN_PUBLIC_PORT
 PersistentKeepalive = 25
 LOE