wbk/wireguard-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'Nyr:master' into master

Browse source
This commit is contained in:
Ashwani Sharma 2022-05-26 19:19:15 +05:30 committed by GitHub
commit e3fed96f98
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 44 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -1,5 +1,5 @@
## wireguard-install ## wireguard-install
WireGuard [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Ubuntu, Debian, CentOS and Fedora. WireGuard [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora.
This script will let you set up your own VPN server in no more than a minute, even if you haven't used WireGuard before. It has been designed to be as unobtrusive and universal as possible. This script will let you set up your own VPN server in no more than a minute, even if you haven't used WireGuard before. It has been designed to be as unobtrusive and universal as possible.

61
wireguard-install.sh
View file

@ -28,15 +28,15 @@ if grep -qs "ubuntu" /etc/os-release; then
elif [[ -e /etc/debian_version ]]; then elif [[ -e /etc/debian_version ]]; then
os="debian" os="debian"
os_version=$(grep -oE '[0-9]+' /etc/debian_version | head -1) os_version=$(grep -oE '[0-9]+' /etc/debian_version | head -1)
elif [[ -e /etc/centos-release ]]; then elif [[ -e /etc/almalinux-release || -e /etc/rocky-release || -e /etc/centos-release ]]; then
os="centos" os="centos"
os_version=$(grep -oE '[0-9]+' /etc/centos-release | head -1) os_version=$(grep -shoE '[0-9]+' /etc/almalinux-release /etc/rocky-release /etc/centos-release | head -1)
elif [[ -e /etc/fedora-release ]]; then elif [[ -e /etc/fedora-release ]]; then
os="fedora" os="fedora"
os_version=$(grep -oE '[0-9]+' /etc/fedora-release | head -1) os_version=$(grep -oE '[0-9]+' /etc/fedora-release | head -1)
else else
echo "This installer seems to be running on an unsupported distribution. echo "This installer seems to be running on an unsupported distribution.
Supported distributions are Ubuntu, Debian, CentOS, and Fedora." Supported distros are Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora."
exit exit
fi fi
@ -180,6 +180,13 @@ EOF
} }
if [[ ! -e /etc/wireguard/wg0.conf ]]; then if [[ ! -e /etc/wireguard/wg0.conf ]]; then
# Detect some Debian minimal setups where neither wget nor curl are installed
if ! hash wget 2>/dev/null && ! hash curl 2>/dev/null; then
echo "Wget is required to use this installer."
read -n1 -r -p "Press any key to install Wget and continue..."
apt-get update
apt-get install -y wget
fi
clear clear
echo 'Welcome to this WireGuard road warrior installer!' echo 'Welcome to this WireGuard road warrior installer!'
# If system has a single IPv4, it is selected automatically. Else, ask the user # If system has a single IPv4, it is selected automatically. Else, ask the user
@ -255,7 +262,8 @@ if [[ ! -e /etc/wireguard/wg0.conf ]]; then
echo "$remove: invalid selection." echo "$remove: invalid selection."
read -p "Should automatic updates be enabled for it? [Y/n]: " boringtun_updates read -p "Should automatic updates be enabled for it? [Y/n]: " boringtun_updates
done done
if [[ "$boringtun_updates" =~ ^[yY]*$ ]]; then [[ -z "$boringtun_updates" ]] && boringtun_updates="y"
if [[ "$boringtun_updates" =~ ^[yY]$ ]]; then
if [[ "$os" == "centos" || "$os" == "fedora" ]]; then if [[ "$os" == "centos" || "$os" == "fedora" ]]; then
cron="cronie" cron="cronie"
elif [[ "$os" == "debian" || "$os" == "ubuntu" ]]; then elif [[ "$os" == "debian" || "$os" == "ubuntu" ]]; then
@ -265,7 +273,7 @@ if [[ ! -e /etc/wireguard/wg0.conf ]]; then
fi fi
echo echo
echo "WireGuard installation is ready to begin." echo "WireGuard installation is ready to begin."
# Install a firewall in the rare case where one is not already available # Install a firewall if firewalld or iptables are not already available
if ! systemctl is-active --quiet firewalld.service && ! hash iptables 2>/dev/null; then if ! systemctl is-active --quiet firewalld.service && ! hash iptables 2>/dev/null; then
if [[ "$os" == "centos" || "$os" == "fedora" ]]; then if [[ "$os" == "centos" || "$os" == "fedora" ]]; then
firewall="firewalld" firewall="firewalld"
@ -285,6 +293,10 @@ if [[ ! -e /etc/wireguard/wg0.conf ]]; then
# Ubuntu # Ubuntu
apt-get update apt-get update
apt-get install -y wireguard qrencode $firewall apt-get install -y wireguard qrencode $firewall
elif [[ "$os" == "debian" && "$os_version" -ge 11 ]]; then
# Debian 11 or higher
apt-get update
apt-get install -y wireguard qrencode $firewall
elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
# Debian 10 # Debian 10
if ! grep -qs '^deb .* buster-backports main' /etc/apt/sources.list /etc/apt/sources.list.d/*.list; then if ! grep -qs '^deb .* buster-backports main' /etc/apt/sources.list /etc/apt/sources.list.d/*.list; then
@ -327,6 +339,11 @@ if [[ ! -e /etc/wireguard/wg0.conf ]]; then
apt-get update apt-get update
apt-get install -y qrencode ca-certificates $cron $firewall apt-get install -y qrencode ca-certificates $cron $firewall
apt-get install -y wireguard-tools --no-install-recommends apt-get install -y wireguard-tools --no-install-recommends
elif [[ "$os" == "debian" && "$os_version" -ge 11 ]]; then
# Debian 11 or higher
apt-get update
apt-get install -y qrencode ca-certificates $cron $firewall
apt-get install -y wireguard-tools --no-install-recommends
elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
# Debian 10 # Debian 10
if ! grep -qs '^deb .* buster-backports main' /etc/apt/sources.list /etc/apt/sources.list.d/*.list; then if ! grep -qs '^deb .* buster-backports main' /etc/apt/sources.list /etc/apt/sources.list.d/*.list; then
@ -380,12 +397,12 @@ ListenPort = $port
EOF EOF
chmod 600 /etc/wireguard/wg0.conf chmod 600 /etc/wireguard/wg0.conf
# Enable net.ipv4.ip_forward for the system # Enable net.ipv4.ip_forward for the system
echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/30-wireguard-forward.conf echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/99-wireguard-forward.conf
# Enable without waiting for a reboot or service restart # Enable without waiting for a reboot or service restart
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
if [[ -n "$ip6" ]]; then if [[ -n "$ip6" ]]; then
# Enable net.ipv6.conf.all.forwarding for the system # Enable net.ipv6.conf.all.forwarding for the system
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.d/30-wireguard-forward.conf echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.d/99-wireguard-forward.conf
# Enable without waiting for a reboot or service restart # Enable without waiting for a reboot or service restart
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
fi fi
@ -445,7 +462,7 @@ WantedBy=multi-user.target" >> /etc/systemd/system/wg-iptables.service
# Enable and start the wg-quick service # Enable and start the wg-quick service
systemctl enable --now wg-quick@wg0.service systemctl enable --now wg-quick@wg0.service
# Set up automatic updates for BoringTun if the user wanted to # Set up automatic updates for BoringTun if the user wanted to
if [[ "$boringtun_updates" =~ ^[yY]*$ ]]; then if [[ "$boringtun_updates" =~ ^[yY]$ ]]; then
# Deploy upgrade script # Deploy upgrade script
cat << 'EOF' > /usr/local/sbin/boringtun-upgrade cat << 'EOF' > /usr/local/sbin/boringtun-upgrade
#!/bin/bash #!/bin/bash
@ -455,7 +472,7 @@ if ! head -1 <<< "$latest" | grep -qiE "^boringtun.+[0-9]+\.[0-9]+.*$"; then
echo "Update server unavailable" echo "Update server unavailable"
exit exit
fi fi
current=$(boringtun -V) current=$(/usr/local/sbin/boringtun -V)
if [[ "$current" != "$latest" ]]; then if [[ "$current" != "$latest" ]]; then
download="https://wg.nyr.be/1/latest/download" download="https://wg.nyr.be/1/latest/download"
xdir=$(mktemp -d) xdir=$(mktemp -d)
@ -465,7 +482,7 @@ if [[ "$current" != "$latest" ]]; then
rm -f /usr/local/sbin/boringtun rm -f /usr/local/sbin/boringtun
mv "$xdir"/boringtun /usr/local/sbin/boringtun mv "$xdir"/boringtun /usr/local/sbin/boringtun
systemctl start wg-quick@wg0.service systemctl start wg-quick@wg0.service
echo "Succesfully updated to $(boringtun -V)" echo "Succesfully updated to $(/usr/local/sbin/boringtun -V)"
else else
echo "boringtun update failed" echo "boringtun update failed"
fi fi
@ -567,7 +584,7 @@ else
# Remove from the live interface # Remove from the live interface
wg set wg0 peer "$(sed -n "/^# BEGIN_PEER $client$/,\$p" /etc/wireguard/wg0.conf | grep -m 1 PublicKey | cut -d " " -f 3)" remove wg set wg0 peer "$(sed -n "/^# BEGIN_PEER $client$/,\$p" /etc/wireguard/wg0.conf | grep -m 1 PublicKey | cut -d " " -f 3)" remove
# Remove from the configuration file # Remove from the configuration file
sed -i "/^# BEGIN_PEER $client/,/^# END_PEER $client/d" /etc/wireguard/wg0.conf sed -i "/^# BEGIN_PEER $client$/,/^# END_PEER $client$/d" /etc/wireguard/wg0.conf
echo echo
echo "$client removed!" echo "$client removed!"
else else
@ -607,29 +624,33 @@ else
fi fi
systemctl disable --now wg-quick@wg0.service systemctl disable --now wg-quick@wg0.service
rm -f /etc/systemd/system/wg-quick@wg0.service.d/boringtun.conf rm -f /etc/systemd/system/wg-quick@wg0.service.d/boringtun.conf
rm -f /etc/sysctl.d/30-wireguard-forward.conf rm -f /etc/sysctl.d/99-wireguard-forward.conf
# Different packages were installed if the system was containerized or not # Different packages were installed if the system was containerized or not
if [[ ! "$is_container" -eq 0 ]]; then if [[ ! "$is_container" -eq 0 ]]; then
if [[ "$os" == "ubuntu" ]]; then if [[ "$os" == "ubuntu" ]]; then
# Ubuntu # Ubuntu
rm -rf /etc/wireguard/ rm -rf /etc/wireguard/
apt-get remove --purge -y wireguard wireguard-tools apt-get remove --purge -y wireguard wireguard-tools
elif [[ "$os" == "debian" && "$os_version" -ge 11 ]]; then
# Debian 11 or higher
rm -rf /etc/wireguard/
apt-get remove --purge -y wireguard wireguard-tools
elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
# Debian 10 # Debian 10
rm -rf /etc/wireguard/ rm -rf /etc/wireguard/
apt-get remove --purge -y wireguard wireguard-dkms wireguard-tools apt-get remove --purge -y wireguard wireguard-dkms wireguard-tools
elif [[ "$os" == "centos" && "$os_version" -eq 8 ]]; then elif [[ "$os" == "centos" && "$os_version" -eq 8 ]]; then
# CentOS 8 # CentOS 8
rm -rf /etc/wireguard/
dnf remove -y kmod-wireguard wireguard-tools dnf remove -y kmod-wireguard wireguard-tools
rm -rf /etc/wireguard/
elif [[ "$os" == "centos" && "$os_version" -eq 7 ]]; then elif [[ "$os" == "centos" && "$os_version" -eq 7 ]]; then
# CentOS 7 # CentOS 7
rm -rf /etc/wireguard/
yum remove -y kmod-wireguard wireguard-tools yum remove -y kmod-wireguard wireguard-tools
rm -rf /etc/wireguard/
elif [[ "$os" == "fedora" ]]; then elif [[ "$os" == "fedora" ]]; then
# Fedora # Fedora
rm -rf /etc/wireguard/
dnf remove -y wireguard-tools dnf remove -y wireguard-tools
rm -rf /etc/wireguard/
fi fi
else else
{ crontab -l 2>/dev/null | grep -v '/usr/local/sbin/boringtun-upgrade' ; } | crontab - { crontab -l 2>/dev/null | grep -v '/usr/local/sbin/boringtun-upgrade' ; } | crontab -
@ -637,22 +658,26 @@ else
# Ubuntu # Ubuntu
rm -rf /etc/wireguard/ rm -rf /etc/wireguard/
apt-get remove --purge -y wireguard-tools apt-get remove --purge -y wireguard-tools
elif [[ "$os" == "debian" && "$os_version" -ge 11 ]]; then
# Debian 11 or higher
rm -rf /etc/wireguard/
apt-get remove --purge -y wireguard-tools
elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
# Debian 10 # Debian 10
rm -rf /etc/wireguard/ rm -rf /etc/wireguard/
apt-get remove --purge -y wireguard-tools apt-get remove --purge -y wireguard-tools
elif [[ "$os" == "centos" && "$os_version" -eq 8 ]]; then elif [[ "$os" == "centos" && "$os_version" -eq 8 ]]; then
# CentOS 8 # CentOS 8
rm -rf /etc/wireguard/
dnf remove -y wireguard-tools dnf remove -y wireguard-tools
rm -rf /etc/wireguard/
elif [[ "$os" == "centos" && "$os_version" -eq 7 ]]; then elif [[ "$os" == "centos" && "$os_version" -eq 7 ]]; then
# CentOS 7 # CentOS 7
rm -rf /etc/wireguard/
yum remove -y wireguard-tools yum remove -y wireguard-tools
rm -rf /etc/wireguard/
elif [[ "$os" == "fedora" ]]; then elif [[ "$os" == "fedora" ]]; then
# Fedora # Fedora
rm -rf /etc/wireguard/
dnf remove -y wireguard-tools dnf remove -y wireguard-tools
rm -rf /etc/wireguard/
fi fi
rm -f /usr/local/sbin/boringtun /usr/local/sbin/boringtun-upgrade rm -f /usr/local/sbin/boringtun /usr/local/sbin/boringtun-upgrade
fi fi