Code cho file script .sh
#!/bin/bash
# Update package list and install WireGuard
sudo apt update
sudo apt install -y wireguard
# Enable IP forwarding
sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sudo sysctl -p
# Create directory for WireGuard configuration
sudo mkdir -p /etc/wireguard
cd /etc/wireguard
# Generate server private and public keys
wg genkey | sudo tee server_private.key | wg pubkey | sudo tee server_public.key
# Generate client private and public keys
wg genkey | sudo tee client_private.key | wg pubkey | sudo tee client_public.key
# Read the keys into variables
SERVER_PRIVATE_KEY=$(sudo cat server_private.key)
SERVER_PUBLIC_KEY=$(sudo cat server_public.key)
CLIENT_PRIVATE_KEY=$(sudo cat client_private.key)
CLIENT_PUBLIC_KEY=$(sudo cat client_public.key)
# Define the WireGuard interface (e.g., wg0)
WG_INTERFACE="wg0"
# Define server and client IPs
SERVER_IP="10.0.0.1/24"
CLIENT_IP="10.0.0.2"
# Create WireGuard server configuration file
sudo bash -c "cat > /etc/wireguard/$WG_INTERFACE.conf" <<EOL
[Interface]
PrivateKey = $SERVER_PRIVATE_KEY
Address = $SERVER_IP
ListenPort = 51820
# Enable IP forwarding
PostUp = iptables -A FORWARD -i $WG_INTERFACE -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i $WG_INTERFACE -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = $CLIENT_PUBLIC_KEY
AllowedIPs = $CLIENT_IP/32
EOL
# Change permissions of the config file
sudo chmod 600 /etc/wireguard/$WG_INTERFACE.conf
# Start and enable WireGuard service
sudo systemctl start wg-quick@$WG_INTERFACE
sudo systemctl enable wg-quick@$WG_INTERFACE
# Prompt for client configuration details
read -p "Enter the Endpoint (e.g., nbvps.anhtuanlqd.com): " ENDPOINT
read -p "Enter the port (e.g., 51820): " PORT
read -p "Enter the DNS server (e.g., 1.1.1.1): " DNS
read -p "Enter the location to copy the client.conf file to (e.g., /root/vpn/): " COPY_LOCATION
# Create client configuration file
sudo bash -c "cat > /etc/wireguard/client.conf" <<EOL
[Interface]
PrivateKey = $CLIENT_PRIVATE_KEY
Address = $CLIENT_IP
DNS = $DNS
[Peer]
PublicKey = $SERVER_PUBLIC_KEY
Endpoint = $ENDPOINT:$PORT
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 21
EOL
# Create the directory if it doesn't exist
sudo mkdir -p $COPY_LOCATION
# Copy the client configuration to the specified location
sudo cp /etc/wireguard/client.conf $COPY_LOCATION
# Output the client configuration location
echo "Client configuration has been copied to: $COPY_LOCATION/client.conf"
Code for Raspian
#!/bin/bash
# Update package list and install WireGuard
sudo apt update
sudo apt install -y wireguard
# Enable IP forwarding
sudo echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
# Create directory for WireGuard configuration
sudo mkdir -p /etc/wireguard
cd /etc/wireguard
# Generate server private and public keys
wg genkey | sudo tee server_private.key | wg pubkey | sudo tee server_public.key
# Generate client private and public keys
wg genkey | sudo tee client_private.key | wg pubkey | sudo tee client_public.key
# Read the keys into variables
SERVER_PRIVATE_KEY=$(sudo cat server_private.key)
SERVER_PUBLIC_KEY=$(sudo cat server_public.key)
CLIENT_PRIVATE_KEY=$(sudo cat client_private.key)
CLIENT_PUBLIC_KEY=$(sudo cat client_public.key)
# Define the WireGuard interface (e.g., wg0)
WG_INTERFACE="wg0"
# Define server and client IPs
SERVER_IP="10.0.0.1/24"
CLIENT_IP="10.0.0.2"
# Create WireGuard server configuration file
sudo bash -c "cat > /etc/wireguard/$WG_INTERFACE.conf" <<EOL
[Interface]
PrivateKey = $SERVER_PRIVATE_KEY
Address = $SERVER_IP
ListenPort = 51820
# Enable IP forwarding
PostUp = iptables -A FORWARD -i $WG_INTERFACE -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i $WG_INTERFACE -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = $CLIENT_PUBLIC_KEY
AllowedIPs = $CLIENT_IP/32
EOL
# Change permissions of the config file
sudo chmod 600 /etc/wireguard/$WG_INTERFACE.conf
# Start and enable WireGuard service
sudo systemctl start wg-quick@$WG_INTERFACE
sudo systemctl enable wg-quick@$WG_INTERFACE
# Prompt for client configuration details
read -p "Enter the Endpoint (e.g., nbvps.anhtuanlqd.com): " ENDPOINT
read -p "Enter the port (e.g., 51820): " PORT
read -p "Enter the DNS server (e.g., 1.1.1.1): " DNS
read -p "Enter the location to copy the client.conf file to (e.g., /root/vpn/): " COPY_LOCATION
# Create client configuration file
sudo bash -c "cat > /etc/wireguard/client.conf" <<EOL
[Interface]
PrivateKey = $CLIENT_PRIVATE_KEY
Address = $CLIENT_IP
DNS = $DNS
[Peer]
PublicKey = $SERVER_PUBLIC_KEY
Endpoint = $ENDPOINT:$PORT
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 21
EOL
# Create the directory if it doesn't exist
sudo mkdir -p $COPY_LOCATION
# Copy the client configuration to the specified location
sudo cp /etc/wireguard/client.conf $COPY_LOCATION
# Output the client configuration location
echo "Client configuration has been copied to: $COPY_LOCATION/client.conf"
