This script will install wireguard, generate configs for a specified number of clients, and enable IP forwarding for all connected clients. This script is idempotent, meaning you can run it multiple times without destroying your existing config. If you need to add another VPN client, just tell the script you need 4 clients instead of 3, etc.
- A Debian-based (Debian/Ubuntu) system with a public IPv4 address
- Root access
- Download this script to your system:
curl https://raw.githubusercontent.com/samurailink3/TomsEasyWireguardSetupScript/main/install-wireguard.bash > install-wireguard.bash - Make the script executable:
chmod +x install-wireguard.bash - Run the script:
./install-wireguard.bash
If you'd like to use this script in further automation/without user prompting, you'll need to set the following environment variables:
ENDPOINT_IPNUMBER_OF_CLIENTS
- Set the
WIREGUARD_INTERFACEvariable to set up new/existing Wireguard tunnels.- Example:
export WIREGUARD_INTERFACE=wg1 && /bin/bash install-wireguard.bash - Default:
wg0 - You can use this to run multiple wireguard tunnels on a single host
- Example:
- Set the
WIREGUARD_INTERNAL_IP_PARTIALvariable to control the IP range of the network created- Example:
export WIREGUARD_INTERNAL_IP_PARTIAL=10.72.72 && /bin/bash install-wireguard.bash - Default:
10.11.12 - Note: The network address will end in
.0 - Note: The network defaults to a
/24 - Note: The server address will end in
.1
- Example:
- Set the
WIREGUARD_LISTEN_PORTvariable to control what port wireguard will listen for incoming connections on.- Example:
export WIREGUARD_LISTEN_PORT=12345 && /bin/bash install-wireguard.bash - Default:
51820
- Example:
Public Domain - The Unlicense
You may use this code however you'd like, wherever you'd like, without any requirements, forever.
- The complete guide to setting up a multi-peer WireGuard VPN - Door jeroen
- Most of this script wouldn't be possible without the steps listed in this article...
- dddma's firewall post on Reddit
- ... and specifically this post by
dddma, without this step, traffic cannot be properly forwarded between clients.
- ... and specifically this post by