38 lines
865 B
Bash
38 lines
865 B
Bash
#!/bin/bash
|
|
|
|
# Ensure the script is run as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root"
|
|
exit 1
|
|
fi
|
|
|
|
# Install WireGuard
|
|
apt update && apt install -y wireguard
|
|
|
|
# Configure IP forwarding
|
|
cat >/etc/sysctl.d/20-ip-forwarding.conf <<EOF
|
|
net.ipv4.ip_forward=1
|
|
EOF
|
|
|
|
# Load the new sysctl settings
|
|
sysctl -f /etc/sysctl.d/20-ip-forwarding.conf
|
|
|
|
# Store preconfugyred keys
|
|
echo "${private_key}" > /etc/wireguard/wg0.key
|
|
echo "${public_key}" > /etc/wireguard/wg0.pub
|
|
|
|
# Create server configuration file
|
|
cat >/etc/wireguard/wg0.conf <<EOF
|
|
[Interface]
|
|
ListenPort = 51820
|
|
Address = ${cidrhost(address_space, 1)}/30
|
|
PostUp = wg set %i private-key /etc/wireguard/%i.key
|
|
|
|
[Peer]
|
|
PublicKey = ${remote_public_key}
|
|
AllowedIPs = ${cidrhost(address_space, 2)}/32,${remote_address_space}
|
|
EOF
|
|
|
|
# Create WireGuard interface
|
|
systemctl enable --now wg-quick@wg0.service
|