Direkt zum Hauptinhalt

WireGuard Gerät hinzufügen

PiVPN

Ich gehe davon aus, dass du als Server PiVPN nutzt. Das nimmt dir sehr viel Sachen ab und funst so weit.

neuer Client

pivpn -a

Du wirst bequem durch das Setup geleitet. Danach fällt ein QR-Code und .conf File bei raus.

  • Bist du mit Smartphone unterwegs:
    • nutze die WireGuard App und scanne den QR code
  • am PC:
    • zieh dir das File z.B. mit SCP
    • kopiere es nach /etc/wireguard

WireGuard

ich habe von irgendwo aus dem neuland mal nen script gefunden und es ein wenig angepasst, funktioniert soweit für mich:

#!/bin/bash

# This script creates a new "client peer" for a simple server-client WireGuard
# configuration by:
#
#   1.  Using `wg` to generate a private and public key (without exposing the
#       former in a command invocation to generate the latter)
#   2.  Creating client configuration files for both split-tunnel and
#       full-tunnel configurations
#   3.  Appending the new client to the peer list of the server configuration

# Run this command as the user who should have access to the client and server
# configuration files (i.e. probably root).


# SCRIPT CONFIGURATION

# directory storing all client and server configuration files
WG_DIR="/etc/wireguard/configs"

# VPN subnet (string-concatenated with IP_INDEX)
#   this script only supports the equivalent of netmask /24 but could be
#   modified to support others
IP_SUBNET="10.0.0"
IP_SUBNETv6="fd2d:64cb:1415:"

# location of the server configuration
SERVER_CONF="$WG_DIR/../wg0.conf"

# address and port of the WireGuard server
SERVER_ENDPOINT="vpn.hiajen.de:51820"

# server public key
SERVER_KEY_PUB=`cat $WG_DIR/../publickey`

###   ###   ###   ###   ###   ###   ###


if [ "$#" -ne 2 ]; then
    echo "Syntax: $0 CLIENT_NAME IP_INDEX"
    exit 1
fi

CLIENT_NAME="$1"
IP_INDEX="$2"

# specify the client configuration file names
CLIENT_PFX="$CLIENT_NAME"
CLIENT_CONF_SPLIT="$WG_DIR/${CLIENT_PFX}_split.conf"
CLIENT_CONF_FULL="$WG_DIR/${CLIENT_PFX}_full.conf"


# generate keys

# create a temporary file to store the private key so that it's not exposed in
# the command invocation to `wg pubkey`

CKEY_PRV_FILE=`mktemp -p "$WG_DIR"`
chmod 600 "$CKEY_PRV_FILE"
CKEY_PUB=`wg genkey | tee "$CKEY_PRV_FILE" | wg pubkey`
CKEY_PRV=`cat "$CKEY_PRV_FILE"`
rm -f "$CKEY_PRV_FILE"
CKEY_PSK=`wg genpsk`


# build the client configuration files

write_client_conf () {
cat << EOF > "$2"
[Interface]
Address = $IP_SUBNET.$IP_INDEX/24, $IP_SUBNETv6:$IP_INDEX/64
PrivateKey = $CKEY_PRV
DNS = $IP_SUBNET.1, $IP_SUBNETv6:1

[Peer]
# server
Endpoint = $SERVER_ENDPOINT
PublicKey = $SERVER_KEY_PUB
PresharedKey = $CKEY_PSK
AllowedIPs = $1, ::0/0
EOF
}

touch "$CLIENT_CONF_SPLIT" "$CLIENT_CONF_FULL"
chmod 600 "$CLIENT_CONF_SPLIT" "$CLIENT_CONF_FULL"
write_client_conf $IP_SUBNET.0/24 "$CLIENT_CONF_SPLIT"
write_client_conf 0.0.0.0/0 "$CLIENT_CONF_FULL"


# add the client peer to the server configuration

cat << EOF >> "$SERVER_CONF"

[Peer]
# $CLIENT_NAME
PublicKey = $CKEY_PUB
PresharedKey = $CKEY_PSK
AllowedIPs = $IP_SUBNET.$IP_INDEX/24, $IP_SUBNETv6:$IP_INDEX/64
EOF



echo "If you have qrencode installed, you can issue the following to configure"
echo "the client:"
echo "    qrencode -t ansiutf8 -r $CLIENT_CONF_SPLIT"
echo "    qrencode -t ansiutf8 -r $CLIENT_CONF_FULL"
Keine Kommentare
nach oben