mirror of
https://github.com/angristan/wireguard-install.git
synced 2025-04-05 03:43:30 +03:00
Merge master into branch multiple-client
This commit is contained in:
Stanislas Lange
commit
e761f37d07
3 changed files with 35 additions and 22 deletions
2
.github/workflows/push.yml
vendored
2
.github/workflows/push.yml
vendored
|
|
@ -8,6 +8,6 @@ jobs:
|
|||
- name: shellcheck
|
||||
uses: ludeeus/action-shellcheck@0.0.1
|
||||
env:
|
||||
SHELLCHECK_OPTS: -e SC1091,SC1117
|
||||
SHELLCHECK_OPTS: -e SC1091,SC1117,SC2001
|
||||
with:
|
||||
args: wireguard-install.sh
|
||||
|
|
|
|||
20
README.md
20
README.md
|
|
@ -1,6 +1,13 @@
|
|||
# WireGuard installer
|
||||
|
||||
Easily set up a dual-stack [WireGuard](https://www.wireguard.com/) VPN on a Linux server. See the issues for the WIP.
|
||||
**This project is a bash script that aims to setup a [WireGuard](https://www.wireguard.com/) VPN on a Linux server, as easily as possible!**
|
||||
|
||||
WireGuard is a point-to-point VPN that can be used in different ways. Here, we mean a VPN as in: the client will forward all its traffic trough an encrypted tunnel to the server.
|
||||
The server will apply NAT to the client's traffic so it will appear as if the client is browsing the web with the server's IP.
|
||||
|
||||
The script supports both IPv4 and IPv6. Please check the [issues](https://github.com/angristan/wireguard-install/issues) for ongoing development, bugs and planned features!
|
||||
|
||||
WireGuard does not fit your environment? Check out [openvpn-install](https://github.com/angristan/openvpn-install).
|
||||
|
||||
## Requirements
|
||||
|
||||
|
|
@ -9,7 +16,7 @@ Supported distributions:
|
|||
- Ubuntu
|
||||
- Debian
|
||||
- Fedora
|
||||
- Centos
|
||||
- CentOS
|
||||
- Arch Linux
|
||||
|
||||
I recommend these cheap cloud providers for your VPN server:
|
||||
|
|
@ -20,19 +27,14 @@ I recommend these cheap cloud providers for your VPN server:
|
|||
|
||||
## Usage
|
||||
|
||||
First, get the script and make it executable :
|
||||
Download and execute the script. Answer the questions asked by the script and it will take care of the rest.
|
||||
|
||||
```bash
|
||||
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
|
||||
chmod +x wireguard-install.sh
|
||||
```
|
||||
|
||||
Then run it :
|
||||
|
||||
```sh
|
||||
./wireguard-install.sh
|
||||
```
|
||||
|
||||
It will install wireguard on the server, configure, create a systemd service and a client configuration file. Mutliple clients are not yet supported.
|
||||
It will install WireGuard (kernel module and tools) on the server, configure it, create a systemd service and a client configuration file. Multiple clients are not yet supported. (WIP!)
|
||||
|
||||
Contributions are welcome!
|
||||
|
|
|
|||
|
|
@ -96,7 +96,8 @@ if [[ -e /etc/debian_version ]]; then
|
|||
source /etc/os-release
|
||||
OS=$ID # debian or ubuntu
|
||||
elif [[ -e /etc/fedora-release ]]; then
|
||||
OS=fedora
|
||||
source /etc/os-release
|
||||
OS=$ID
|
||||
elif [[ -e /etc/centos-release ]]; then
|
||||
OS=centos
|
||||
elif [[ -e /etc/arch-release ]]; then
|
||||
|
|
@ -118,13 +119,14 @@ SERVER_WG_NIC="wg0"
|
|||
read -rp "WireGuard interface name: " -e -i "$SERVER_WG_NIC" SERVER_WG_NIC
|
||||
|
||||
SERVER_WG_IPV4="10.66.66.1"
|
||||
read -rp "Server's WireGuard IPv4 " -e -i "$SERVER_WG_IPV4" SERVER_WG_IPV4
|
||||
read -rp "Server's WireGuard IPv4: " -e -i "$SERVER_WG_IPV4" SERVER_WG_IPV4
|
||||
|
||||
SERVER_WG_IPV6="fd42:42:42::1"
|
||||
read -rp "Server's WireGuard IPv6 " -e -i "$SERVER_WG_IPV6" SERVER_WG_IPV6
|
||||
read -rp "Server's WireGuard IPv6: " -e -i "$SERVER_WG_IPV6" SERVER_WG_IPV6
|
||||
|
||||
SERVER_PORT=1194
|
||||
read -rp "Server's WireGuard port " -e -i "$SERVER_PORT" SERVER_PORT
|
||||
# Generate random number within private ports range
|
||||
SERVER_PORT=$(shuf -i49152-65535 -n1)
|
||||
read -rp "Server's WireGuard port: " -e -i "$SERVER_PORT" SERVER_PORT
|
||||
|
||||
# Install WireGuard tools and module
|
||||
if [[ "$OS" = 'ubuntu' ]]; then
|
||||
|
|
@ -140,9 +142,12 @@ elif [[ "$OS" = 'debian' ]]; then
|
|||
apt-get install -y "linux-headers-$(uname -r)"
|
||||
apt-get install -y wireguard iptables resolvconf qrencode
|
||||
elif [[ "$OS" = 'fedora' ]]; then
|
||||
dnf install -y dnf-plugins-core
|
||||
dnf copr enable -y jdoss/wireguard
|
||||
dnf install -y wireguard-dkms wireguard-tools iptables qrencode
|
||||
if [[ "$VERSION_ID" -lt 32 ]]; then
|
||||
dnf install -y dnf-plugins-core
|
||||
dnf copr enable -y jdoss/wireguard
|
||||
dnf install -y wireguard-dkms
|
||||
fi
|
||||
dnf install -y wireguard-tools iptables qrencode
|
||||
elif [[ "$OS" = 'centos' ]]; then
|
||||
curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
|
||||
yum -y install epel-release
|
||||
|
|
@ -177,11 +182,17 @@ source /etc/wireguard/params
|
|||
echo "[Interface]
|
||||
Address = $SERVER_WG_IPV4/24,$SERVER_WG_IPV6/64
|
||||
ListenPort = $SERVER_PORT
|
||||
PrivateKey = $SERVER_PRIV_KEY" > "/etc/wireguard/$SERVER_WG_NIC.conf"
|
||||
|
||||
PrivateKey = $SERVER_PRIV_KEY
|
||||
|
||||
PostUp = iptables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE" > "/etc/wireguard/$SERVER_WG_NIC.conf"
|
||||
if [ -x "$(command -v firewall-cmd)" ]; then
|
||||
FIREWALLD_IPV4_ADDRESS=$(echo "$SERVER_WG_IPV4" | cut -d"." -f1-3)".0"
|
||||
FIREWALLD_IPV6_ADDRESS=$(echo "$SERVER_WG_IPV6" | sed 's/:[^:]*$/:0/')
|
||||
echo "PostUp = firewall-cmd --add-port $SERVER_PORT/udp && firewall-cmd --add-rich-rule='rule family=ipv4 source address=$FIREWALLD_IPV4_ADDRESS/24 masquerade' && firewall-cmd --add-rich-rule='rule family=ipv6 source address=$FIREWALLD_IPV6_ADDRESS/24 masquerade'
|
||||
PostDown = firewall-cmd --remove-port $SERVER_PORT/udp && firewall-cmd --remove-rich-rule='rule family=ipv4 source address=$FIREWALLD_IPV4_ADDRESS/24 masquerade' && firewall-cmd --remove-rich-rule='rule family=ipv6 source address=$FIREWALLD_IPV6_ADDRESS/24 masquerade'" >> "/etc/wireguard/$SERVER_WG_NIC.conf"
|
||||
else
|
||||
echo "PostUp = iptables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE" >> "/etc/wireguard/$SERVER_WG_NIC.conf"
|
||||
fi
|
||||
|
||||
# Enable routing on the server
|
||||
echo "net.ipv4.ip_forward = 1
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue