Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up

Wireguard configuration management suite

License

NotificationsYou must be signed in to change notification settings

amateur80lvl/wgman

Repository files navigation

These scripts generate wireguard configuration files and HTML files with QR codes for mobile clients.

How to use

  • Fetch this suite
  • Install python packagespyyaml andqrcode
  • Сhange directory towgman
  • Make subdirectory with the name of your server and copyconfig.yaml.sample into it:
$ mkdir sample-server$ cp config.yaml.sample sample-server/config.yaml
  • Edit configuration file. It's pretty simple:
subnet:10.10.0.0subnet_bits:24server_private_address:10.10.0.1client_address_start:2server_public_address:1.2.3.4server_port:443use_preshared_key:truedefault_route:truedns:1.1.1.1

Minimal required changes areserver_public_address andserver_port. All the rest, such asdefault_route,dns,use_preshared_key is global, for all clients. This is a flaw but you can editconfig.yaml before creating new client,or edit generated configuration. Although, in the latter case it's not possible to update QR code easily.

So, we have server directory withconfig.yaml. It's time to create server configuration for wireguard:

$ ./create-server sample-server

Here's what we get:

$ ls sample-server/
config.yaml  private-key  public-key  wg0.conf

wg0.conf is the configuration for server's interface. Copy or symlink it to /etc/wireguard and then, if you're an involuntarily systemd fan as me:

systemctlenable wg-quick@wg0

It's not necessary to start wg0 right now because configuration is half-way:

$ less sample-server/wg0.conf
[Interface]PrivateKey = AAbwXXEFu/Hy1zncqri+dsTmZEdEpr5SwWlF0bdsdks=  # server private keyListenPort = 443Address = 10.10.0.1

We have to create clients. A couple, for instance:

$ ./create-client sample-server client-one$ ./create-client sample-server client-two

Now we have:

$ ls sample-server/
client-one.conf           client-two.conf           config.yamlclient-one.html           client-two.html           ipaddr-mapclient-one.preshared-key  client-two.preshared-key  private-keyclient-one.private-key    client-two.private-key    public-keyclient-one.public-key     client-two.public-key     wg0.conf

Server configuration file now looks like this:

$ less sample-server/wg0.conf
[Interface]PrivateKey = AAbwXXEFu/Hy1zncqri+dsTmZEdEpr5SwWlF0bdsdks=  # server private keyListenPort = 443Address = 10.10.0.1[Peer]PublicKey = KcNIa1/Tbv43nWZ+GEXfmr+cNL951yoduX7ucwtB4FM=  # client-two public keyAllowedIPs = 10.10.0.3/32  # client-two IP addressPresharedKey = f734D81tizY35ypm1urnUFlKhxMAKp1cCpanWfuuhSA=[Peer]PublicKey = yRrVT/Hgo4uOFejvSATHKRzAcAmpWKO0zw25j/lLDBA=  # client-one public keyAllowedIPs = 10.10.0.2/32  # client-one IP addressPresharedKey = pzEP1x4b3g50AqzFiI9nsLAu+zUjjg+KcqjJuOO/jLU=

Here's one of clients configuration:

$ less sample-server/client-one.conf
[Interface]PrivateKey = oJs9Df5oWhqMiKOv/77SUTh6n16F5i2BqJW4bQ5/ZE8=  # client private keyAddress = 10.10.0.2/32DNS = 1.1.1.1[Peer]Endpoint = 1.2.3.4:443PublicKey = C/hqK9Bza7m13KSgpqykb2/IsXaw+W2I0ii5/9xOZXE=  # server public keyPersistentKeepalive = 15  # we need this if we're behind a firewallAllowedIPs = 0.0.0.0/0  # default routePresharedKey = pzEP1x4b3g50AqzFiI9nsLAu+zUjjg+KcqjJuOO/jLU=

That's all. Don't forget to restart server interface after adding new clients. Although you can do without restart

$ wg syncconf wg0<(wg-quick strip wg0)

but you'll have to add routes manually then.

About

Wireguard configuration management suite

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

[8]ページ先頭
©2009-2025 Movatter.jp