tliu93/linux-install-helper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add center no nat

Browse Source
This commit is contained in:
Tianyu Liu
2025-05-22 13:53:08 +02:00
parent 61e1204536
commit 250886a0ae
3 changed files with 55 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
wireguard/center_setup.sh
View File

@@ -1,17 +1,18 @@
#!/bin/bash #!/bin/bash
WG_NUM=$1 . ./env_center.sh
WG_CONF="/etc/wireguard" WG_CONF="/etc/wireguard"
PRIV_KEY_FILE="wg${WG_NUM}_privatekey" PRIV_KEY_FILE="wg${WG_NUM}_privatekey"
PUB_KEY_FILE="wg${WG_NUM}_publickey" PUB_KEY_FILE="wg${WG_NUM}_publickey"
CONF_FILE="wg${WG_NUM}.conf" CONF_FILE="wg${WG_NUM}.conf"
if [ -z "$1" ]; then if [ -z "$WG_NUM" ]; then
echo "Wireguard interface number not provided." echo "Wireguard interface number not provided."
exit 1 exit 1
fi fi
if ! [[ "$1" =~ ^-?[0-9]+([.][0-9]+)?$ ]]; then if ! [[ "$WG_NUM" =~ ^-?[0-9]+([.][0-9]+)?$ ]]; then
echo "Wireguard interface number has to be a number." echo "Wireguard interface number has to be a number."
exit 2 exit 2
fi fi
@@ -24,16 +25,10 @@ sudo mkdir -p $WG_CONF
sudo mv ./$PRIV_KEY_FILE $WG_CONF sudo mv ./$PRIV_KEY_FILE $WG_CONF
sudo mv ./$PUB_KEY_FILE $WG_CONF sudo mv ./$PUB_KEY_FILE $WG_CONF
read -p "Enter IP (as server) (e.g. 192.168.${WG_NUM}.1/24): " ADDRESS
read -p "Enter wireguard subnet, should be the subnet of server IP: " WG_SUBNET
read -p "Enter physical interface for nat out: " PHY
read -p "Enter port to listern (e.g. 51820): " LISTEN_PORT
CONF_CONTENT="[Interface] CONF_CONTENT="[Interface]
PrivateKey = $PRIVATE_KEY PrivateKey = $PRIVATE_KEY
SaveConfig = false SaveConfig = false
Address = $ADDRESS Address = $WG_IP
ListenPort = $LISTEN_PORT ListenPort = $LISTEN_PORT
PostUp = iptables -A FORWARD -i wg$WG_NUM -j ACCEPT; iptables -t nat -A POSTROUTING -s $WG_SUBNET -o $PHY -j MASQUERADE PostUp = iptables -A FORWARD -i wg$WG_NUM -j ACCEPT; iptables -t nat -A POSTROUTING -s $WG_SUBNET -o $PHY -j MASQUERADE
PostDown = iptables -D FORWARD -i wg$WG_NUM -j ACCEPT; iptables -t nat -D POSTROUTING -s $WG_SUBNET -o $PHY -j MASQUERADE PostDown = iptables -D FORWARD -i wg$WG_NUM -j ACCEPT; iptables -t nat -D POSTROUTING -s $WG_SUBNET -o $PHY -j MASQUERADE

41
wireguard/center_setup_no_nat.sh Executable file
View File

@@ -0,0 +1,41 @@
#!/bin/bash
. ./env_center.sh
WG_CONF="/etc/wireguard"
PRIV_KEY_FILE="wg${WG_NUM}_privatekey"
PUB_KEY_FILE="wg${WG_NUM}_publickey"
CONF_FILE="wg${WG_NUM}.conf"
if [ -z "$WG_NUM" ]; then
echo "Wireguard interface number not provided."
exit 1
fi
if ! [[ "$WG_NUM" =~ ^-?[0-9]+([.][0-9]+)?$ ]]; then
echo "Wireguard interface number has to be a number."
exit 2
fi
wg genkey | tee wg"$WG_NUM"_privatekey | wg pubkey > wg"$WG_NUM"_publickey
PRIVATE_KEY=$(cat $PRIV_KEY_FILE)
sudo mkdir -p $WG_CONF
sudo mv ./$PRIV_KEY_FILE $WG_CONF
sudo mv ./$PUB_KEY_FILE $WG_CONF
CONF_CONTENT="[Interface]
PrivateKey = $PRIVATE_KEY
SaveConfig = false
Address = $WG_IP
ListenPort = $LISTEN_PORT"
echo "$CONF_CONTENT" > "$CONF_FILE"
sudo mv "$CONF_FILE" "$WG_CONF"
echo "Config saved to: $WG_CONF/$CONF_FILE"
sudo systemctl enable wg-quick@"wg$WG_NUM"
sudo systemctl start wg-quick@"wg$WG_NUM"

9
wireguard/env_center.sh Normal file
View File

@@ -0,0 +1,9 @@
WG_NUM="1"
WG_IP="192.168.2.1/24" # IP of the server e.g. 192.168.2.1/24
WG_SUBNET="192.168.2.0/24" # Subnet of the server IP
PHY="eth0" # Physical interface for NAT out
LISTEN_PORT="51821" # Port to listen (e.g. 51820)
DNS_SERVER="8.8.8.8"
ALLOWED_IPS="$WG_SUBNET"