|
@ -1,14 +1,21 @@ |
|
|
#!/bin/bash |
|
|
#!/bin/bash |
|
|
|
|
|
|
|
|
|
|
|
# This script can be used directly from bash after defining the IP address for the node with : |
|
|
|
|
|
# IP=x bash <(curl -s https://gitlab.altinea.fr/altinea/install-scripts/raw/branch/master/wireguard/deploy-wg-clients.sh) |
|
|
|
|
|
|
|
|
if ! [[ $IP =~ ^[0-9]{1,3}$ ]] ; then |
|
|
if ! [[ $IP =~ ^[0-9]{1,3}$ ]] ; then |
|
|
echo "error: Please set IP variable (with IP=1-254. See https://phpipam.altinea.fr" >&2; exit 1 |
|
|
echo "error: Please set IP variable (with IP=1-254. See https://phpipam.altinea.fr" >&2; exit 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
# Create keys subdir, generate private and derive public key |
|
|
mkdir -p /etc/wireguard/keys |
|
|
mkdir -p /etc/wireguard/keys |
|
|
umask 077 && wg genkey > /etc/wireguard/keys/private.key && wg pubkey < /etc/wireguard/keys/private.key > /etc/wireguard/keys/public.key && umask 0022 |
|
|
umask 077 && wg genkey > /etc/wireguard/keys/private.key && wg pubkey < /etc/wireguard/keys/private.key > /etc/wireguard/keys/public.key && umask 0022 |
|
|
|
|
|
|
|
|
|
|
|
# Calculate IPv4 and IPv6 address |
|
|
IP4="10.17.25.$IP" |
|
|
IP4="10.17.25.$IP" |
|
|
IP6="fd42:42:42:25"`printf '%.2x\n' $IP`"::" |
|
|
IP6="fd42:42:42:25"`printf '%.2x\n' $IP`"::" |
|
|
|
|
|
|
|
|
|
|
|
# Create config file for wireguard interface |
|
|
echo "[Interface] |
|
|
echo "[Interface] |
|
|
Address = $IP4/32 |
|
|
Address = $IP4/32 |
|
|
Address = $IP6/64 |
|
|
Address = $IP6/64 |
|
@ -21,10 +28,13 @@ AllowedIPs = 10.17.24.0/22, fd42:42:42::/48 |
|
|
Endpoint = vpn.altinea.fr:58212 |
|
|
Endpoint = vpn.altinea.fr:58212 |
|
|
PersistentKeepalive = 25" > /etc/wireguard/wg0.conf |
|
|
PersistentKeepalive = 25" > /etc/wireguard/wg0.conf |
|
|
|
|
|
|
|
|
|
|
|
# Enable and start interface (systemctl needed) |
|
|
systemctl enable wg-quick@wg0.service && systemctl daemon-reload && systemctl start wg-quick@wg0 |
|
|
systemctl enable wg-quick@wg0.service && systemctl daemon-reload && systemctl start wg-quick@wg0 |
|
|
|
|
|
|
|
|
|
|
|
# Run a ping to make the interface usable |
|
|
ping -c1 192.168.25.1 |
|
|
ping -c1 192.168.25.1 |
|
|
|
|
|
|
|
|
echo -n "Clé publique : " |
|
|
|
|
|
|
|
|
# Display the public key to add it on the wireguard concentrator |
|
|
|
|
|
echo -n "Public key : " |
|
|
cat /etc/wireguard/keys/public.key |
|
|
cat /etc/wireguard/keys/public.key |
|
|
exit 0; |
|
|
exit 0; |