-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f83706e
commit a593400
Showing
1 changed file
with
35 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,36 +1,57 @@ | ||
| #!/bin/bash | ||
|
|
||
| # Define log file | ||
| LOGFILE="/var/log/wg_install.log" | ||
|
|
||
| # Function to write to log file | ||
| write_log() { | ||
| echo "$(date '+%Y-%m-%d %H:%M:%S') - $*" >> "$LOGFILE" | ||
| } | ||
|
|
||
| # Ensure script is running as root | ||
| if [ "$(id -u)" -ne 0 ]; then | ||
| write_log "This script must be run as root." | ||
| exit 1 | ||
| fi | ||
|
|
||
| # Install WireGuard | ||
| apt update | ||
| apt install -y wireguard | ||
| write_log "Starting WireGuard installation..." | ||
| apt-get update -y >> "$LOGFILE" 2>&1 || write_log "ERROR: Failed to update package list." | ||
| apt-get install -y wireguard >> "$LOGFILE" 2>&1 || write_log "ERROR: WireGuard installation failed." | ||
|
|
||
| # Generate server keys | ||
| SERVER_PRIVATE_KEY=$(wg genkey) | ||
| SERVER_PUBLIC_KEY=$(echo $SERVER_PRIVATE_KEY | wg pubkey) | ||
| write_log "Generating server keys..." | ||
| SERVER_PRIVATE_KEY=$(wg genkey) || write_log "ERROR: Failed to generate server private key." | ||
| SERVER_PUBLIC_KEY=$(echo "$SERVER_PRIVATE_KEY" | wg pubkey) || write_log "ERROR: Failed to generate server public key." | ||
|
|
||
| # Create WireGuard configuration file | ||
| write_log "Creating WireGuard configuration..." | ||
| cat <<EOF > /etc/wireguard/wg0.conf | ||
| [Interface] | ||
| PrivateKey = $SERVER_PRIVATE_KEY | ||
| Address = 10.0.0.1/24 | ||
| ListenPort = 51820 | ||
| [Peer] | ||
| PublicKey = $SERVER_PUBLIC_KEY | ||
| AllowedIPs = 10.0.0.0/24 | ||
| EOF | ||
|
|
||
| # Enable IP forwarding | ||
| echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf | ||
| sysctl -p | ||
| write_log "Enabling IP forwarding..." | ||
| echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p >> "$LOGFILE" 2>&1 || write_log "ERROR: Failed to set up IP forwarding." | ||
|
|
||
| # Start WireGuard | ||
| systemctl enable wg-quick@wg0 | ||
| systemctl start wg-quick@wg0 | ||
| write_log "Starting WireGuard..." | ||
| systemctl enable wg-quick@wg0 >> "$LOGFILE" 2>&1 || write_log "ERROR: Failed to enable WireGuard." | ||
| systemctl start wg-quick@wg0 >> "$LOGFILE" 2>&1 || write_log "ERROR: Failed to start WireGuard." | ||
|
|
||
| # Output server keys | ||
| echo "Server private key: $SERVER_PRIVATE_KEY" | ||
| echo "Server public key: $SERVER_PUBLIC_KEY" | ||
| write_log "Server private key: $SERVER_PRIVATE_KEY" | ||
| write_log "Server public key: $SERVER_PUBLIC_KEY" | ||
|
|
||
| # Uncomment and adjust this line according to your network interface | ||
| #iptables command should be modified according to your network interface | ||
| #sudo iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ens3 -j MASQUERADE | ||
|
|
||
| write_log "WireGuard installation complete." | ||
|
|
||
|
|
||
| #sudo iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ens3 -j MASQUERADE | ||
|
|