-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathaddclient
More file actions
executable file
·93 lines (79 loc) · 2.32 KB
/
addclient
File metadata and controls
executable file
·93 lines (79 loc) · 2.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/bash
NAME=$1
if [ "$NAME" = "" ]
then
echo "Usage: script <clientname>"
exit 0
fi
[ -d /etc/wireguard/clients ] || mkdir -p /etc/wireguard/clients
# increment the IP address by the specified amount (IP base, increment value)
inc_ip() {
local ip=$1
local inc=$2
#IFS='.' read -r -a o <<< "$ip"
while IFS='.' read -r -a parts; do
for part in "${parts[@]}"; do
o+=("$part")
done
done <<< "$ip"
for (( i=3; i>=0; i-- )); do
s=$((o[i] + (inc % 256)))
if (( s <= 255 )); then
o[i]=$s
inc=$((inc / 256))
else
o[i]=$((s - 256))
inc=$((inc / 256 + 1))
fi
done
echo "${o[0]}.${o[1]}.${o[2]}.${o[3]}"
}
if [ ! -e "/etc/wireguard/clients/$NAME.pub" ]
then
wg genkey | tee /etc/wireguard/clients/"$NAME".key | wg pubkey > /etc/wireguard/clients/"$NAME".pub
SERV_PUB=$(cat /etc/wireguard/wg0.pub)
CLIENT_KEY=$(cat /etc/wireguard/clients/"$NAME".key)
[ -e /etc/wireguard/clients.num ] || echo 0 > /etc/wireguard/clients.num
N=$(cat /etc/wireguard/clients.num)
N=$((N+1))
# get public ip
if [ -z "$PUBLIC_IP" ] || [ "$PUBLIC_IP" = "1.2.3.4" ]
then
PUBLIC_IP=$(wget -q -O - ifconfig.so)
export PUBLIC_IP
fi
# create client's address
# 1. get base IP address
IP_BASE=$(echo "$SUBNET_IP" | awk -F '/' '{print $1}')
SUBNET_PREFIX=$(echo "$SUBNET_IP" | awk -F '/' '{print $2}')
IP_NEW=$(inc_ip "$IP_BASE" $N)
# create config
cat > /etc/wireguard/clients/"$NAME".conf << EOF
[Interface]
PrivateKey = $CLIENT_KEY
Address = $IP_NEW/$SUBNET_PREFIX
DNS = $DNS
MTU = $MTU
[Peer]
PublicKey = $SERV_PUB
Endpoint = $PUBLIC_IP:$PORT
PersistentKeepalive = 25
# AllowedIPs = 10.0.0.0/8 # example of routed network behind client
EOF
chmod go-rw /etc/wireguard/clients/"$NAME".key /etc/wireguard/clients/"$NAME".conf
echo $N > /etc/wireguard/clients.num
fi
echo
echo "Client \"$NAME\" config, you can create using following cmds:"
echo "cat > /etc/wireguard/wg0.conf << EOF"
cat /etc/wireguard/clients/"$NAME".conf
echo "EOF"
echo "systemctl enable wg-quick@wg0.service"
echo "systemctl start wg-quick@wg0.service"
echo
qrencode -t ansiutf8 < /etc/wireguard/clients/"$NAME".conf
if [ "$WG_CLIENTS_UNSAFE_PERMISSIONS" -eq 1 ]
then
chmod -R go+r /etc/wireguard/clients
chmod go+r /etc/wireguard/clients/"$NAME".conf
fi