-
Notifications
You must be signed in to change notification settings - Fork 8
/
create-new-peer.sh
executable file
·123 lines (97 loc) · 3.2 KB
/
create-new-peer.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/bin/bash
# Create and bind a new peer (client) to the setup WireGuard interface.
# Copyright (c) 2020 Hamidreza Hosseinkhani (xei) under the terms of the MIT license.
# https://github.com/xei/wireguard-setup-scripts
# Some parts of this script are inspired from https://github.com/angristan/wireguard-install
function set_peer_name() {
if [ $# -eq 0 ]
then
echo "Please pass a name for new peer as an argument."
echo "For example:"
echo "sudo ./create-new-peer.sh client2"
exit 1
else
PEER_NAME=$1
fi
}
function check_root_priviledge() {
if [ "${EUID}" -ne 0 ]; then
echo "Permission denied: Please run the script as root!"
exit 1
fi
}
function check_if_wireguard_is_setup() {
if [[ ! -e /etc/wireguard/params ]]; then
echo "WireGuard is not setup on the machine as a VPN server!."
echo "Please run \"sudo ./setup-wireguard-server.sh\" at first."
exit 1
fi
}
function retrieve_peer_id() {
if [[ -e /etc/wireguard/last-peer-id ]]; then
source /etc/wireguard/last-peer-id
((PEER_ID=PEER_ID+1))
else
PEER_ID=2 # 2-254 , 1 is reserved for the server
fi
}
function retrieve_wireguard_params() {
source /etc/wireguard/params
SUBNET_V4="${SERVER_PRIVATE_IPV4::-1}"
SUBNET_V6="${SERVER_PRIVATE_IPV6::-1}"
IPV4="${SUBNET_V4}${PEER_ID}"
IPV6="${SUBNET_V6}${PEER_ID}"
DNS=${SERVER_PRIVATE_IPV4}
}
function generate_keys() {
PRIVATE_KEY=$(wg genkey)
PUBLIC_KEY=$(echo "${PRIVATE_KEY}" | wg pubkey)
PRESHARED_KEY=$(wg genpsk)
}
function create_config_file() {
mkdir -p /etc/wireguard/peers/${PEER_ID}-${PEER_NAME}
echo "[Interface]
PrivateKey = ${PRIVATE_KEY}
Address = ${IPV4}/24, ${IPV6}/64
DNS = ${DNS}
[Peer]
PublicKey = ${SERVER_PUBLIC_KEY}
PresharedKey = ${PRESHARED_KEY}
Endpoint = ${SERVER_PUBLIC_IPV4}:${SERVER_PORT}
AllowedIPs = 0.0.0.0/0" > "/etc/wireguard/peers/${PEER_ID}-${PEER_NAME}/${PEER_NAME}.conf"
cat /etc/wireguard/peers/${PEER_ID}-${PEER_NAME}/${PEER_NAME}.conf | qrencode -o /etc/wireguard/peers/${PEER_ID}-${PEER_NAME}/${PEER_NAME}.png
}
function bind_peer_to_server() {
echo "
### Peer Name: ${PEER_NAME}
### Peer ID: ${PEER_ID}
[Peer]
PublicKey = ${PUBLIC_KEY}
PresharedKey = ${PRESHARED_KEY}
AllowedIPs = ${IPV4}/24, ${IPV6}/64" >> "/etc/wireguard/${NIC_WG}.conf"
systemctl restart wg-quick@${NIC_WG}
wg show ${NIC_WG}
}
function update_last_peer_id_file() {
echo "PEER_ID=${PEER_ID}" > "/etc/wireguard/last-peer-id"
}
function print_config_as_qr_code() {
qrencode -t ansiutf8 <"/etc/wireguard/peers/${PEER_ID}-${PEER_NAME}/${PEER_NAME}.conf"
}
function main() {
set_peer_name $1
check_root_priviledge
check_if_wireguard_is_setup
retrieve_peer_id
retrieve_wireguard_params
generate_keys
create_config_file
bind_peer_to_server
update_last_peer_id_file
echo "Peer \"${PEER_NAME}\" with ID: \"${PEER_ID}\" is bound to \"${NIC_WG}\" WireGuard interface successfully."
echo "You can find the peer configuration file in \"/etc/wireguard/peers/${PEER_ID}-${PEER_NAME}/\""
echo "You can also scan the following QR code by WireGuard mobile application to establish a VPN tunnel easily."
echo ""
print_config_as_qr_code
}
main $1