Init
This commit is contained in:
mguschin
97
scripts/add-client.sh
Executable file
97
scripts/add-client.sh
Executable file
@@ -0,0 +1,97 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Script to add a new VPN client
|
||||
# Usage: ./add-client.sh <client_name>
|
||||
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "ERROR: Please run as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
echo "Usage: $0 <client_name>"
|
||||
echo "Example: $0 phone"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CLIENT_NAME="$1"
|
||||
KEYS_DIR="/etc/wireguard/keys"
|
||||
CLIENTS_DIR="/etc/wireguard/clients"
|
||||
WG_INTERFACE="wg0"
|
||||
|
||||
# Check if client already exists
|
||||
if [ -f "${KEYS_DIR}/client_${CLIENT_NAME}.key" ]; then
|
||||
echo "ERROR: Client '${CLIENT_NAME}' already exists"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Adding new VPN client: ${CLIENT_NAME}"
|
||||
echo ""
|
||||
|
||||
# Find next available IP
|
||||
USED_IPS=$(wg show ${WG_INTERFACE} allowed-ips 2>/dev/null | grep -oP '10\.10\.0\.\K[0-9]+' | sort -n)
|
||||
NEXT_IP=2
|
||||
for ip in $USED_IPS; do
|
||||
if [ $ip -ge $NEXT_IP ]; then
|
||||
NEXT_IP=$((ip + 1))
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $NEXT_IP -gt 254 ]; then
|
||||
echo "ERROR: No available IPs in 10.10.0.0/24 range"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CLIENT_IP="10.10.0.${NEXT_IP}"
|
||||
|
||||
echo "[1/5] Generating client keys..."
|
||||
wg genkey | tee "${KEYS_DIR}/client_${CLIENT_NAME}.key" | wg pubkey > "${KEYS_DIR}/client_${CLIENT_NAME}.pub"
|
||||
chmod 600 "${KEYS_DIR}/client_${CLIENT_NAME}."*
|
||||
|
||||
CLIENT_PRIVATE_KEY=$(cat "${KEYS_DIR}/client_${CLIENT_NAME}.key")
|
||||
CLIENT_PUBLIC_KEY=$(cat "${KEYS_DIR}/client_${CLIENT_NAME}.pub")
|
||||
SERVER_PUBLIC_KEY=$(cat "${KEYS_DIR}/server.pub")
|
||||
|
||||
echo "[2/5] Adding peer to WireGuard interface..."
|
||||
wg set ${WG_INTERFACE} peer ${CLIENT_PUBLIC_KEY} allowed-ips ${CLIENT_IP}/32
|
||||
|
||||
echo "[3/5] Saving WireGuard configuration..."
|
||||
wg-quick save ${WG_INTERFACE}
|
||||
|
||||
echo "[4/5] Creating client configuration file..."
|
||||
mkdir -p ${CLIENTS_DIR}
|
||||
|
||||
cat > "${CLIENTS_DIR}/${CLIENT_NAME}.conf" << EOF
|
||||
[Interface]
|
||||
PrivateKey = ${CLIENT_PRIVATE_KEY}
|
||||
Address = ${CLIENT_IP}/32
|
||||
DNS = 10.10.0.1
|
||||
|
||||
[Peer]
|
||||
PublicKey = ${SERVER_PUBLIC_KEY}
|
||||
Endpoint = 176.124.216.197:51820
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
PersistentKeepalive = 25
|
||||
EOF
|
||||
|
||||
chmod 600 "${CLIENTS_DIR}/${CLIENT_NAME}.conf"
|
||||
|
||||
echo "[5/5] Generating QR code..."
|
||||
echo ""
|
||||
echo "========================================="
|
||||
echo "Client added successfully!"
|
||||
echo "========================================="
|
||||
echo ""
|
||||
echo "Client name: ${CLIENT_NAME}"
|
||||
echo "Client IP: ${CLIENT_IP}"
|
||||
echo ""
|
||||
echo "Configuration file: ${CLIENTS_DIR}/${CLIENT_NAME}.conf"
|
||||
echo ""
|
||||
echo "QR Code (scan with WireGuard mobile app):"
|
||||
echo ""
|
||||
qrencode -t ansiutf8 < "${CLIENTS_DIR}/${CLIENT_NAME}.conf"
|
||||
echo ""
|
||||
echo "Or copy the configuration from:"
|
||||
echo " cat ${CLIENTS_DIR}/${CLIENT_NAME}.conf"
|
||||
echo ""
|
||||
Reference in New Issue
Block a user