joltcan · February 17, 2020 09:04
diff --git a/gen-wireguard-client.sh b/gen-wireguard-client.sh
 #!/bin/bash
 # License: MIT
 # Author: Fredrik Lundhag <[email protected]>
 # Date: 2020-02-17
 #

 # range for the VPN itself
 IPRANGE=192.168.255.1/24

 WGSERVER="<hostname or IP of the vpn server>"

 # for sending emails after client creation. Only to one receiver that needs to forward it.
 EMAIL="changeme"

 # 0.0.0.0/0 or a comma separated list of subnets to use vpn for, we default to IPRANGE
 ALLOWEDIPS="$IPRANGE"

 # This should be defaults
 WGDIR="/etc/wireguard"
 CLIENTDIR="$WGDIR/clients"
 WG_INTERFACE="wg0"
 WGFILE="$WGDIR/$WG_INTERFACE.conf"
 SENDEMAIL="False"
 LISTENPORT=$(grep ListenPort wg0.conf | awk -F'= ' '{print $2}')

 # GET IP from RANGE and set defaults
 IPPARSE=$(echo $IPRANGE | awk -F '/' '{print $0}')
 IFS=. read ip1 ip2 ip3 ip4 <<< "$IPPARSE"
 IPNET=$ip1.$ip2.$ip3
 DNS=$IPNET.1

 [ -d "$CLIENTDIR" ] || mkdir $CLIENTDIR
 LASTIP=$(cat $CLIENTDIR/serial || echo 10 | tee $CLIENTDIR/serial)

 if [ "$1" == "" ]
 then
    echo "please add a name: $0 <name>"
    exit 1
 # if no IP on cmdline, use from serial
 elif [ "$2" == "" ]
 then
    IP=$((LASTIP+1))
 fi

 # generate keys and add to wg server config.
 wg genkey | tee "$CLIENTDIR/$1-private.key" | wg pubkey > "$CLIENTDIR/$1-public.key"
 chmod 0600 "$CLIENTDIR"/"$1"-*.key
 PUBKEY=$(cat "$CLIENTDIR/$1-public.key")
 cat >> $WGFILE <<EOL
 # peer for "$1"
 [peer]
 PublicKey = $PUBKEY
 AllowedIPs = $IPNET.$IP/32

 EOL

 # create client config
 PRIVKEY=$(cat "$CLIENTDIR/$1-private.key")
 SERVERKEY=$(cat "$WGDIR/wg_public.key")
 cat >$CLIENTDIR/"$1".conf <<EOL
 [Interface]
 PrivateKey = $PRIVKEY
 Address = $IPNET.$IP/32
 DNS = $DNS

 [Peer]
 PublicKey = $SERVERKEY
 Endpoint = $WGSERVER:$LISTENPORT
 AllowedIPs = $ALLOWEDIPS
 # PersistentKeepalive = 25
 EOL

 echo "Client config for $1"
 echo ""
 cat "$CLIENTDIR/$1.conf"
 echo ""

 # save curr IP
 echo $IP > $CLIENTDIR/serial

 # generate code and show on screen
 which qrencode | grep -q qrencode
 if [ $? -eq 0 ]
 then
    qrencode  < "$CLIENTDIR/$1.conf" -t ansiutf8
 fi

 # mail to $EMAIL instead of manual copying
 which mpack |grep -q mpack
 if [ "$SENDEMAIL" == "True" ] && [ "$?" -eq 0 ]
 then
    mpack -s "Wireguard config for $1" "$CLIENTDIR/$1.conf" "$EMAIL"
 fi

 # reload server config (enable new peer)
 wg setconf $WG_INTERFACE $WGFILE
	#!/bin/bash
	# License: MIT
	# Author: Fredrik Lundhag <[email protected]>
	# Date: 2020-02-17
	#

	# range for the VPN itself
	IPRANGE=192.168.255.1/24

	WGSERVER="<hostname or IP of the vpn server>"

	# for sending emails after client creation. Only to one receiver that needs to forward it.
	EMAIL="changeme"

	# 0.0.0.0/0 or a comma separated list of subnets to use vpn for, we default to IPRANGE
	ALLOWEDIPS="$IPRANGE"

	# This should be defaults
	WGDIR="/etc/wireguard"
	CLIENTDIR="$WGDIR/clients"
	WG_INTERFACE="wg0"
	WGFILE="$WGDIR/$WG_INTERFACE.conf"
	SENDEMAIL="False"
	LISTENPORT=$(grep ListenPort wg0.conf \| awk -F'= ' '{print $2}')

	# GET IP from RANGE and set defaults
	IPPARSE=$(echo $IPRANGE \| awk -F '/' '{print $0}')
	IFS=. read ip1 ip2 ip3 ip4 <<< "$IPPARSE"
	IPNET=$ip1.$ip2.$ip3
	DNS=$IPNET.1

	[ -d "$CLIENTDIR" ] \|\| mkdir $CLIENTDIR
	LASTIP=$(cat $CLIENTDIR/serial \|\| echo 10 \| tee $CLIENTDIR/serial)

	if [ "$1" == "" ]
	then
	echo "please add a name: $0 <name>"
	exit 1
	# if no IP on cmdline, use from serial
	elif [ "$2" == "" ]
	then
	IP=$((LASTIP+1))
	fi

	# generate keys and add to wg server config.
	wg genkey \| tee "$CLIENTDIR/$1-private.key" \| wg pubkey > "$CLIENTDIR/$1-public.key"
	chmod 0600 "$CLIENTDIR"/"$1"-*.key
	PUBKEY=$(cat "$CLIENTDIR/$1-public.key")
	cat >> $WGFILE <<EOL
	# peer for "$1"
	[peer]
	PublicKey = $PUBKEY
	AllowedIPs = $IPNET.$IP/32

	EOL

	# create client config
	PRIVKEY=$(cat "$CLIENTDIR/$1-private.key")
	SERVERKEY=$(cat "$WGDIR/wg_public.key")
	cat >$CLIENTDIR/"$1".conf <<EOL
	[Interface]
	PrivateKey = $PRIVKEY
	Address = $IPNET.$IP/32
	DNS = $DNS

	[Peer]
	PublicKey = $SERVERKEY
	Endpoint = $WGSERVER:$LISTENPORT
	AllowedIPs = $ALLOWEDIPS
	# PersistentKeepalive = 25
	EOL

	echo "Client config for $1"
	echo ""
	cat "$CLIENTDIR/$1.conf"
	echo ""

	# save curr IP
	echo $IP > $CLIENTDIR/serial

	# generate code and show on screen
	which qrencode \| grep -q qrencode
	if [ $? -eq 0 ]
	then
	qrencode < "$CLIENTDIR/$1.conf" -t ansiutf8
	fi

	# mail to $EMAIL instead of manual copying
	which mpack \|grep -q mpack
	if [ "$SENDEMAIL" == "True" ] && [ "$?" -eq 0 ]
	then
	mpack -s "Wireguard config for $1" "$CLIENTDIR/$1.conf" "$EMAIL"
	fi

	# reload server config (enable new peer)
	wg setconf $WG_INTERFACE $WGFILE