MySpace/Docs
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update Wireguard with port option

Browse Source
This commit is contained in:
Johan 2024-03-23 17:48:45 +01:00
parent 109670bd12
commit 0a5e2594a3
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
BashScripts/install-wireguard-server.sh
View File

@ -8,6 +8,7 @@ read -e -p "Enter lan NIC: " -i $(ip route | grep default | sed -e 's/^.*dev.//'
read -e -p "Enter VPN subnet: " -i "192.168.200" VPN_SUBNET read -e -p "Enter VPN subnet: " -i "192.168.200" VPN_SUBNET
read -e -p "Enter LAN subnet: " -i "192.168.0" LAN_SUBNET read -e -p "Enter LAN subnet: " -i "192.168.0" LAN_SUBNET
read -e -p "Enter VPN public hostname: " -i "home.myspace.nu" VPN_PUBLIC_HOST read -e -p "Enter VPN public hostname: " -i "home.myspace.nu" VPN_PUBLIC_HOST
read -e -p "Enter VPN public portnumber: " -i "51820" VPN_PUBLIC_PORT
read -e -p "Allowed destination LAN IPs (empty for all): " -i "${LAN_SUBNET}.1 ${LAN_SUBNET}.2" ALLOWED_HOST_IPs read -e -p "Allowed destination LAN IPs (empty for all): " -i "${LAN_SUBNET}.1 ${LAN_SUBNET}.2" ALLOWED_HOST_IPs
if [ $(dpkg-query -W -f='${Status}' wireguard 2>/dev/null | grep -c "ok installed") -eq 0 ]; if [ $(dpkg-query -W -f='${Status}' wireguard 2>/dev/null | grep -c "ok installed") -eq 0 ];
@ -21,12 +22,12 @@ cd /etc/wireguard/
if [ ! -f privatekey ] if [ ! -f privatekey ]
then then
echo "Generating private and public keys" echo "Generating private and public keys..."
umask 077; wg genkey | tee privatekey | wg pubkey > publickey umask 077; wg genkey | tee privatekey | wg pubkey > publickey
fi fi
SERVER_PRIVATEKEY=$(cat "privatekey") SERVER_PRIVATEKEY=$(cat "privatekey")
SERVER_PUBLICKEY=$(cat "publickey") SERVER_PUBLICKEY=$(cat "publickey")
# sudo ufw allow 41194/udp # sudo ufw allow $VPN_PUBLIC_PORT/udp
if ! grep -q "net.ipv4.ip_forward" "/etc/sysctl.d/10-wireguard.conf"; then if ! grep -q "net.ipv4.ip_forward" "/etc/sysctl.d/10-wireguard.conf"; then
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.d/10-wireguard.conf echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.d/10-wireguard.conf
@ -44,8 +45,8 @@ else
for ip in ${ALLOWED_HOST_IPs// / } for ip in ${ALLOWED_HOST_IPs// / }
do do
if [[ $ip == *":"* ]]; then if [[ $ip == *":"* ]]; then
port=$(echo $ip | cut -f2 -d:) port=$(echo $ip | cut -f2 -d:)
ip=$(echo $ip | cut -f1 -d:) ip=$(echo $ip | cut -f1 -d:)
POSTUP="$POSTUP""PostUp = iptables -A FORWARD -i %i -d $ip/32 -p tcp -m multiport --dports $port -j ACCEPT POSTUP="$POSTUP""PostUp = iptables -A FORWARD -i %i -d $ip/32 -p tcp -m multiport --dports $port -j ACCEPT
" "
POSTDOWN="$POSTDOWN""PostDown = iptables -D FORWARD -i %i -d $ip/32 -p tcp -m multiport --dports $port -j ACCEPT POSTDOWN="$POSTDOWN""PostDown = iptables -D FORWARD -i %i -d $ip/32 -p tcp -m multiport --dports $port -j ACCEPT
@ -62,7 +63,7 @@ fi
sudo tee /etc/wireguard/wg0.conf.base > /dev/null <<EOL sudo tee /etc/wireguard/wg0.conf.base > /dev/null <<EOL
[Interface] [Interface]
Address = $VPN_SUBNET.1/24 Address = $VPN_SUBNET.1/24
ListenPort = 51820 ListenPort = $VPN_PUBLIC_PORT
PrivateKey = ${SERVER_PRIVATEKEY} PrivateKey = ${SERVER_PRIVATEKEY}
${POSTUP} ${POSTUP}
@ -118,7 +119,7 @@ DNS = 1.1.1.1, 8.8.8.8
PublicKey = \$SERVER_PUBLICKEY PublicKey = \$SERVER_PUBLICKEY
# AllowedIPs = 0.0.0.0/0 # Will route all traffic through the VPN # AllowedIPs = 0.0.0.0/0 # Will route all traffic through the VPN
AllowedIPs = $LAN_SUBNET.0/24, $VPN_SUBNET.0/24 AllowedIPs = $LAN_SUBNET.0/24, $VPN_SUBNET.0/24
Endpoint = $VPN_PUBLIC_HOST:51820 Endpoint = $VPN_PUBLIC_HOST:$VPN_PUBLIC_PORT
PersistentKeepalive = 25 PersistentKeepalive = 25
LOE LOE