WG Shell

Wireguard shell script

A quick shell script to generate a subnet of INI format VPN client configs and one server for wireguard. Also creates PNG qrcodes.

Download

wget -q -N https://wgshell.com/wg.sh

curl -s -o wg.sh https://wgshell.com/wg.sh

fetch -q https://wgshell.com/wg.sh

Mikrotik too!

The script also creates a file named mikrotik.txt with a config to review and paste into your router.

When do I use this?

You are a system or network administrator, you have an afternoon to connect two hundred clients, and you want to know your keys were all generated locally. You do want to rename the client config files as they are assigned.

This script helps bootstrap your initial wireguard deployment and you should consider generating new private keys locally on each client device. I only use one or two of the ten I created for myself... a computer can run a loop quickly, create what you need.

What even is WireGuard?

Read the Wikipedia article. Download the official client from the links on wireguard.com or your vendor package management system only. After configuration and the first connection, it is important to see a handshake complete.

I want to change a value after running the script.

sed -i -e "s/172.19.21/10.11.12/g" *.conf

I want to remove support for the legacy Internet.

Me too. Change the AllowedIP and DNS and Address sections appropriately before running the script.

I have a unified diff for this script that might benefit everyone.

Cool, send it. If it only benefits you, keep your own patch, but let me know you’re using it.

How do you think I should get started?

I like Fedora or Mikrotik. You can install a Fedora (36+) virtual machine somewhere or get a $100 computer. Or a Mikrotik (7+) cloud router or RB4011.

After installation, firewall-cmd the default wireguard service. Enable forwarding in /etc/sysctl.d and review your routes.

firewall-cmd --permanent --add-service=wireguard

firewall-cmd --reload

echo "net.ipv6.conf.all.forwarding = 1" > /etc/sysctl.d/79-ip-forwarding.conf

echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/79-ip-forward.conf

nmcli con mod ens192 +ipv4.routes "172.16.0.0/12 192.0.2.254"

systemctl enable --now wg-quick@wg0.service

What? Ports and UDP and ... what?

You can do it. Nice to have a direction connection back home when you are travelling.

Follow a guide for installing Fedora on an old laptop. Follow a guide for port forwarding for your wifi access point/router.

See Also:

wg-party at codeberg

create wg profile script CC0 license

browser-based config

About

@ptudor