From 80e84cfd79db56eb250b7a8415b9f7cd2a2ab4da Mon Sep 17 00:00:00 2001 From: Vladislav Plikin Date: Sat, 11 Nov 2023 17:27:46 +0300 Subject: [PATCH 1/6] Some improvements: - Kali Linux support - Removed resolvconf installation - Automatic PersistentKeepalive - Config file output right after client creation under QR code - Changed y/n to yes/no to avoid accidental press - Added confirmation for client removing - Replaced way to detect machine IPv4/6 - Updated permissions for whole /etc/wireguard from 644 to 600 - Added IPv6 random generation Used issues/PRs: https://github.com/angristan/wireguard-install/issues/474 https://github.com/angristan/wireguard-install/issues/430 https://github.com/angristan/wireguard-install/pull/482 by bushwhackr https://github.com/angristan/wireguard-install/pull/457 by dikeckaan https://github.com/angristan/wireguard-install/pull/456 by turekt --- LICENSE | 25 +++---- README.md | 37 +--------- wireguard-install.sh | 166 +++++++++++++++++++++++++++++++------------ 3 files changed, 134 insertions(+), 94 deletions(-) diff --git a/LICENSE b/LICENSE index 0daab558..7f170f89 100644 --- a/LICENSE +++ b/LICENSE @@ -1,20 +1,21 @@ MIT License -Copyright (c) 2019 angristan +Copyright (c) 2023 Vladislav Plikin -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md index a8fe2652..171c04f2 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,5 @@ # WireGuard installer -![Lint](https://github.com/angristan/wireguard-install/workflows/Lint/badge.svg) -[![Say Thanks!](https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg)](https://saythanks.io/to/angristan) - **This project is a bash script that aims to setup a [WireGuard](https://www.wireguard.com/) VPN on a Linux server, as easily as possible!** WireGuard is a point-to-point VPN that can be used in different ways. Here, we mean a VPN as in: the client will forward all its traffic through an encrypted tunnel to the server. @@ -10,7 +7,7 @@ The server will apply NAT to the client's traffic so it will appear as if the cl The script supports both IPv4 and IPv6. Please check the [issues](https://github.com/angristan/wireguard-install/issues) for ongoing development, bugs and planned features! You might also want to check the [discussions](https://github.com/angristan/wireguard-install/discussions) for help. -WireGuard does not fit your environment? Check out [openvpn-install](https://github.com/angristan/openvpn-install). +WireGuard does not fit your environment? For example, you can't use UDP, only TCP? Check out [openvpn-install](https://github.com/angristan/openvpn-install). ## Requirements @@ -37,34 +34,4 @@ chmod +x wireguard-install.sh It will install WireGuard (kernel module and tools) on the server, configure it, create a systemd service and a client configuration file. -Run the script again to add or remove clients! - -## Providers - -I recommend these cheap cloud providers for your VPN server: - -- [Vultr](https://www.vultr.com/?ref=8948982-8H): Worldwide locations, IPv6 support, starting at \$5/month -- [Hetzner](https://hetzner.cloud/?ref=ywtlvZsjgeDq): Germany, Finland and USA. IPv6, 20 TB of traffic, starting at 4.5€/month -- [Digital Ocean](https://m.do.co/c/ed0ba143fe53): Worldwide locations, IPv6 support, starting at \$4/month - -## Contributing - -## Discuss changes - -Please open an issue before submitting a PR if you want to discuss a change, especially if it's a big one. - -### Code formatting - -We use [shellcheck](https://github.com/koalaman/shellcheck) and [shfmt](https://github.com/mvdan/sh) to enforce bash styling guidelines and good practices. They are executed for each commit / PR with GitHub Actions, so you can check the configuration [here](https://github.com/angristan/wireguard-install/blob/master/.github/workflows/lint.yml). - -## Say thanks - -You can [say thanks](https://saythanks.io/to/angristan) if you want! - -## Credits & Licence - -This project is under the [MIT Licence](https://raw.githubusercontent.com/angristan/wireguard-install/master/LICENSE) - -## Star History - -[![Star History Chart](https://api.star-history.com/svg?repos=angristan/wireguard-install&type=Date)](https://star-history.com/#angristan/wireguard-install&Date) +Run the script again to add or remove clients! \ No newline at end of file diff --git a/wireguard-install.sh b/wireguard-install.sh index 2f95ecb0..f30d8969 100644 --- a/wireguard-install.sh +++ b/wireguard-install.sh @@ -1,7 +1,6 @@ #!/bin/bash - # Secure WireGuard server installer -# https://github.com/angristan/wireguard-install +# https://github.com/Anatr0p/wireguard-install RED='\033[0;31m' ORANGE='\033[0;33m' @@ -10,7 +9,7 @@ NC='\033[0m' function isRoot() { if [ "${EUID}" -ne 0 ]; then - echo "You need to run this script as root" + echo "You need to run this script as root. Use sudo bash wg.sh or just sudo ./wg.sh" exit 1 fi } @@ -61,8 +60,11 @@ function checkOS() { OS=oracle elif [[ -e /etc/arch-release ]]; then OS=arch + elif [[ -e /etc/os-release ]]; then + source /etc/os-release + OS=kali else - echo "Looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, AlmaLinux, Oracle or Arch Linux system" + echo "Looks like you aren't running this installer on a Debian, Ubuntu, Fedora, CentOS, AlmaLinux, Oracle, Kali or Arch Linux system" exit 1 fi } @@ -102,18 +104,21 @@ function initialCheck() { } function installQuestions() { - echo "Welcome to the WireGuard installer!" - echo "The git repository is available at: https://github.com/angristan/wireguard-install" + echo -e "${GREEN}Welcome to the WireGuard installer!${NC}" + echo "The git repository is available at: https://github.com/Anatr0p/wireguard-install" echo "" echo "I need to ask you a few questions before starting the setup." echo "You can keep the default options and just press enter if you are ok with them." echo "" + echo -e "${ORANGE}Remember to ensure, that this machine has static public IP!" + echo -e "Don't forget to forward choosen port if your machine is behind the NAT!${NC}" + echo "" # Detect public IPv4 or IPv6 address and pre-fill for the user - SERVER_PUB_IP=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | awk '{print $1}' | head -1) + SERVER_PUB_IP=$(curl -s -4 https://ifconfig.co) if [[ -z ${SERVER_PUB_IP} ]]; then # Detect public IPv6 address - SERVER_PUB_IP=$(ip -6 addr | sed -ne 's|^.* inet6 \([^/]*\)/.* scope global.*$|\1|p' | head -1) + SERVER_PUB_IP=$(curl -6 https://ifconfig.co) fi read -rp "IPv4 or IPv6 public address: " -e -i "${SERVER_PUB_IP}" SERVER_PUB_IP @@ -131,8 +136,9 @@ function installQuestions() { read -rp "Server WireGuard IPv4: " -e -i 10.66.66.1 SERVER_WG_IPV4 done + DEFAULT_IPV6=$(echo "`date +%s%N``cat /etc/machine-id`" | sha256sum | cut -c 55-65 | sed 's/../&\n/g' | xargs printf "fd%s:%s%s:%s%s::1") until [[ ${SERVER_WG_IPV6} =~ ^([a-f0-9]{1,4}:){3,4}: ]]; do - read -rp "Server WireGuard IPv6: " -e -i fd42:42:42::1 SERVER_WG_IPV6 + read -rp "Server WireGuard IPv6: " -e -i "${DEFAULT_IPV6}" SERVER_WG_IPV6 done # Generate random number within private ports range @@ -141,12 +147,12 @@ function installQuestions() { read -rp "Server WireGuard port [1-65535]: " -e -i "${RANDOM_PORT}" SERVER_PORT done - # Adguard DNS by default + # Cloudflare + Google DNS by default until [[ ${CLIENT_DNS_1} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do - read -rp "First DNS resolver to use for the clients: " -e -i 1.1.1.1 CLIENT_DNS_1 + read -rp "First DNS resolver to use for the clients (Cloudflare by default): " -e -i 1.1.1.1 CLIENT_DNS_1 done until [[ ${CLIENT_DNS_2} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; do - read -rp "Second DNS resolver to use for the clients (optional): " -e -i 1.0.0.1 CLIENT_DNS_2 + read -rp "Optional second DNS resolver to use for the clients (Cloudflare by default): " -e -i 1.0.0.1 CLIENT_DNS_2 if [[ ${CLIENT_DNS_2} == "" ]]; then CLIENT_DNS_2="${CLIENT_DNS_1}" fi @@ -154,7 +160,10 @@ function installQuestions() { until [[ ${ALLOWED_IPS} =~ ^.+$ ]]; do echo -e "\nWireGuard uses a parameter called AllowedIPs to determine what is routed over the VPN." - read -rp "Allowed IPs list for generated clients (leave default to route everything): " -e -i '0.0.0.0/0,::/0' ALLOWED_IPS + echo -e "${ORANGE}\nRemove "::/0" to disable IPv6 on the WG interface ${NC}" + echo "" + echo "Allowed IPs list for generated clients" + read -rp "Leave default to route all traffic or change to ${SERVER_WG_IPV4%.*}.0/24 for internal): " -e -i '0.0.0.0/0,::/0' ALLOWED_IPS if [[ ${ALLOWED_IPS} == "" ]]; then ALLOWED_IPS="0.0.0.0/0,::/0" fi @@ -171,16 +180,16 @@ function installWireGuard() { installQuestions # Install WireGuard tools and module - if [[ ${OS} == 'ubuntu' ]] || [[ ${OS} == 'debian' && ${VERSION_ID} -gt 10 ]]; then + if [[ ${OS} == 'ubuntu' ]] || [[ ${OS} == 'debian' && ${VERSION_ID} -gt 10 ]] || [[ ${OS} == 'kali' ]]; then apt-get update - apt-get install -y wireguard iptables resolvconf qrencode + apt-get install -y wireguard iptables qrencode elif [[ ${OS} == 'debian' ]]; then if ! grep -rqs "^deb .* buster-backports" /etc/apt/; then echo "deb http://deb.debian.org/debian buster-backports main" >/etc/apt/sources.list.d/backports.list apt-get update fi apt update - apt-get install -y iptables resolvconf qrencode + apt-get install -y iptables qrencode apt-get install -y -t buster-backports wireguard elif [[ ${OS} == 'fedora' ]]; then if [[ ${VERSION_ID} -lt 32 ]]; then @@ -208,8 +217,8 @@ function installWireGuard() { # Make sure the directory exists (this does not seem the be the case on fedora) mkdir /etc/wireguard >/dev/null 2>&1 - - chmod 600 -R /etc/wireguard/ + touch /etc/wireguard/${SERVER_WG_NIC}.conf + chmod 600 /etc/wireguard/${SERVER_WG_NIC}.conf SERVER_PRIV_KEY=$(wg genkey) SERVER_PUB_KEY=$(echo "${SERVER_PRIV_KEY}" | wg pubkey) @@ -237,25 +246,25 @@ PrivateKey = ${SERVER_PRIV_KEY}" >"/etc/wireguard/${SERVER_WG_NIC}.conf" FIREWALLD_IPV4_ADDRESS=$(echo "${SERVER_WG_IPV4}" | cut -d"." -f1-3)".0" FIREWALLD_IPV6_ADDRESS=$(echo "${SERVER_WG_IPV6}" | sed 's/:[^:]*$/:0/') echo "PostUp = firewall-cmd --add-port ${SERVER_PORT}/udp && firewall-cmd --add-rich-rule='rule family=ipv4 source address=${FIREWALLD_IPV4_ADDRESS}/24 masquerade' && firewall-cmd --add-rich-rule='rule family=ipv6 source address=${FIREWALLD_IPV6_ADDRESS}/24 masquerade' -PostDown = firewall-cmd --remove-port ${SERVER_PORT}/udp && firewall-cmd --remove-rich-rule='rule family=ipv4 source address=${FIREWALLD_IPV4_ADDRESS}/24 masquerade' && firewall-cmd --remove-rich-rule='rule family=ipv6 source address=${FIREWALLD_IPV6_ADDRESS}/24 masquerade'" >>"/etc/wireguard/${SERVER_WG_NIC}.conf" + PostDown = firewall-cmd --remove-port ${SERVER_PORT}/udp && firewall-cmd --remove-rich-rule='rule family=ipv4 source address=${FIREWALLD_IPV4_ADDRESS}/24 masquerade' && firewall-cmd --remove-rich-rule='rule family=ipv6 source address=${FIREWALLD_IPV6_ADDRESS}/24 masquerade'" >>"/etc/wireguard/${SERVER_WG_NIC}.conf" else echo "PostUp = iptables -I INPUT -p udp --dport ${SERVER_PORT} -j ACCEPT -PostUp = iptables -I FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT -PostUp = iptables -I FORWARD -i ${SERVER_WG_NIC} -j ACCEPT -PostUp = iptables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE -PostUp = ip6tables -I FORWARD -i ${SERVER_WG_NIC} -j ACCEPT -PostUp = ip6tables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE -PostDown = iptables -D INPUT -p udp --dport ${SERVER_PORT} -j ACCEPT -PostDown = iptables -D FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT -PostDown = iptables -D FORWARD -i ${SERVER_WG_NIC} -j ACCEPT -PostDown = iptables -t nat -D POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE -PostDown = ip6tables -D FORWARD -i ${SERVER_WG_NIC} -j ACCEPT -PostDown = ip6tables -t nat -D POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE" >>"/etc/wireguard/${SERVER_WG_NIC}.conf" + PostUp = iptables -I FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT + PostUp = iptables -I FORWARD -i ${SERVER_WG_NIC} -j ACCEPT + PostUp = iptables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE + PostUp = ip6tables -I FORWARD -i ${SERVER_WG_NIC} -j ACCEPT + PostUp = ip6tables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE + PostDown = iptables -D INPUT -p udp --dport ${SERVER_PORT} -j ACCEPT + PostDown = iptables -D FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT + PostDown = iptables -D FORWARD -i ${SERVER_WG_NIC} -j ACCEPT + PostDown = iptables -t nat -D POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE + PostDown = ip6tables -D FORWARD -i ${SERVER_WG_NIC} -j ACCEPT + PostDown = ip6tables -t nat -D POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE" >>"/etc/wireguard/${SERVER_WG_NIC}.conf" fi # Enable routing on the server echo "net.ipv4.ip_forward = 1 -net.ipv6.conf.all.forwarding = 1" >/etc/sysctl.d/wg.conf + net.ipv6.conf.all.forwarding = 1" >/etc/sysctl.d/wg.conf sysctl --system @@ -279,6 +288,8 @@ net.ipv6.conf.all.forwarding = 1" >/etc/sysctl.d/wg.conf echo -e "${GREEN}You can check the status of WireGuard with: systemctl status wg-quick@${SERVER_WG_NIC}\n\n${NC}" echo -e "${ORANGE}If you don't have internet connectivity from your client, try to reboot the server.${NC}" fi + + chmod 600 -R /etc/wireguard/ } function newClient() { @@ -291,9 +302,10 @@ function newClient() { ENDPOINT="${SERVER_PUB_IP}:${SERVER_PORT}" echo "" - echo "Client configuration" + echo -e "${GREEN}Client configuration${NC}" echo "" echo "The client name must consist of alphanumeric character(s). It may also include underscores or dashes and can't exceed 15 chars." + echo "" until [[ ${CLIENT_NAME} =~ ^[a-zA-Z0-9_-]+$ && ${CLIENT_EXISTS} == '0' && ${#CLIENT_NAME} -lt 16 ]]; do read -rp "Client name: " -e CLIENT_NAME @@ -362,7 +374,8 @@ DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} PublicKey = ${SERVER_PUB_KEY} PresharedKey = ${CLIENT_PRE_SHARED_KEY} Endpoint = ${ENDPOINT} -AllowedIPs = ${ALLOWED_IPS}" >"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" +AllowedIPs = ${ALLOWED_IPS} +PersistentKeepalive = 5" >"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" # Add the client as a peer to the server echo -e "\n### Client ${CLIENT_NAME} @@ -381,6 +394,25 @@ AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128" >>"/etc/wireguard/${SER fi echo -e "${GREEN}Your client config file is in ${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf${NC}" + echo "" + echo -e "Raw config file to copy & paste if you need: + +### + +[Interface] +PrivateKey = ${CLIENT_PRIV_KEY} +Address = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128 +DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} + +[Peer] +PublicKey = ${SERVER_PUB_KEY} +PresharedKey = ${CLIENT_PRE_SHARED_KEY} +Endpoint = ${ENDPOINT} +AllowedIPs = ${ALLOWED_IPS} +PeristentKeepalive = 5 + +" + } function listClients() { @@ -390,8 +422,42 @@ function listClients() { echo "You have no existing clients!" exit 1 fi - + + echo "" + echo "List of existing client(s):" grep -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf" | cut -d ' ' -f 3 | nl -s ') ' + echo "" + echo "What do you want to do?" + echo " 1) Show config file and QR code" + echo " 2) Revoke user" + echo " 3) Exit" + until [[ ${CLIENTS_LIST_MENU_OPTION} =~ ^[1-3]$ ]]; do + read -rp "Select an option [1-3]: " CLIENTS_LIST_MENU_OPTION + done + case "${CLIENTS_LIST_MENU_OPTION}" in + 1) + echo "" + echo "Select the existing client you want to show config file and QR code" + grep -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf" | cut -d ' ' -f 3 | nl -w4 -s ') ' + until [[ ${CLIENT_NUMBER} -ge 1 && ${CLIENT_NUMBER} -le ${NUMBER_OF_CLIENTS} ]]; do + if [[ ${CLIENT_NUMBER} == '1' ]]; then + read -rp "Select one client [1]: " CLIENT_NUMBER + else + read -rp "Select one client [1-${NUMBER_OF_CLIENTS}]: " CLIENT_NUMBER + fi + done + # match the selected number to a client name + CLIENT_NAME=$(grep -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf" | cut -d ' ' -f 3 | sed -n "${CLIENT_NUMBER}"p) + + generateQR "${CLIENT_NAME}" + ;; + 2) + revokeClient + ;; + 3) + exit 0 + ;; + esac } function revokeClient() { @@ -412,28 +478,34 @@ function revokeClient() { read -rp "Select one client [1-${NUMBER_OF_CLIENTS}]: " CLIENT_NUMBER fi done + read -rp "Do you really want to remove client? [yes/no]: " -e REMOVE + REMOVE=${REMOVE:-n} + if [[ $REMOVE == 'yes' ]]; then + # match the selected number to a client name + CLIENT_NAME=$(grep -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf" | cut -d ' ' -f 3 | sed -n "${CLIENT_NUMBER}"p) - # match the selected number to a client name - CLIENT_NAME=$(grep -E "^### Client" "/etc/wireguard/${SERVER_WG_NIC}.conf" | cut -d ' ' -f 3 | sed -n "${CLIENT_NUMBER}"p) - - # remove [Peer] block matching $CLIENT_NAME - sed -i "/^### Client ${CLIENT_NAME}\$/,/^$/d" "/etc/wireguard/${SERVER_WG_NIC}.conf" + # remove [Peer] block matching $CLIENT_NAME + sed -i "/^### Client ${CLIENT_NAME}\$/,/^$/d" "/etc/wireguard/${SERVER_WG_NIC}.conf" - # remove generated client file - HOME_DIR=$(getHomeDirForClient "${CLIENT_NAME}") - rm -f "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" + # remove generated client file + HOME_DIR=$(getHomeDirForClient "${CLIENT_NAME}") + rm -f "${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" - # restart wireguard to apply changes - wg syncconf "${SERVER_WG_NIC}" <(wg-quick strip "${SERVER_WG_NIC}") + # restart wireguard to apply changes + wg syncconf "${SERVER_WG_NIC}" <(wg-quick strip "${SERVER_WG_NIC}") + else + echo "" + echo "Removal aborted!" + fi } function uninstallWg() { echo "" echo -e "\n${RED}WARNING: This will uninstall WireGuard and remove all the configuration files!${NC}" echo -e "${ORANGE}Please backup the /etc/wireguard directory if you want to keep your configuration files.\n${NC}" - read -rp "Do you really want to remove WireGuard? [y/n]: " -e REMOVE + read -rp "Do you really want to remove WireGuard? [yes/no]: " -e REMOVE REMOVE=${REMOVE:-n} - if [[ $REMOVE == 'y' ]]; then + if [[ $REMOVE == 'yes' ]]; then checkOS systemctl stop "wg-quick@${SERVER_WG_NIC}" @@ -485,7 +557,7 @@ function uninstallWg() { function manageMenu() { echo "Welcome to WireGuard-install!" - echo "The git repository is available at: https://github.com/angristan/wireguard-install" + echo "The git repository is available at: https://github.com/Anatr0p/wireguard-install" echo "" echo "It looks like WireGuard is already installed." echo "" From ef683ce1cdbdea65e1e83f013b3fc87a13a50573 Mon Sep 17 00:00:00 2001 From: Vladislav Plikin Date: Sat, 11 Nov 2023 17:29:55 +0300 Subject: [PATCH 2/6] removed .github dir --- .github/FUNDING.yml | 2 -- .github/dependabot.yml | 6 ------ .github/issue_template.md | 10 ---------- .github/pull_request_template.md | 7 ------- .github/workflows/lint.yml | 22 ---------------------- 5 files changed, 47 deletions(-) delete mode 100644 .github/FUNDING.yml delete mode 100644 .github/dependabot.yml delete mode 100644 .github/issue_template.md delete mode 100644 .github/pull_request_template.md delete mode 100644 .github/workflows/lint.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index cda97192..00000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1,2 +0,0 @@ -ko_fi: stanislas -custom: https://coindrop.to/stanislas diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 5ace4600..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" diff --git a/.github/issue_template.md b/.github/issue_template.md deleted file mode 100644 index 37c544e7..00000000 --- a/.github/issue_template.md +++ /dev/null @@ -1,10 +0,0 @@ - diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md deleted file mode 100644 index 2940147c..00000000 --- a/.github/pull_request_template.md +++ /dev/null @@ -1,7 +0,0 @@ - diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 71c569a7..00000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,22 +0,0 @@ -on: [push, pull_request, pull_request_target] - -name: Lint - -jobs: - shellcheck: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: shellcheck - uses: ludeeus/action-shellcheck@1.1.0 - env: - SHELLCHECK_OPTS: -e SC1091,SC1117,SC2001,SC2034 - - shfmt: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: shfmt - uses: bltavares/actions/shfmt@master - env: - SHFMT_ARGS: -d From c2e904a4591777f14a5203055806d28381e97c9b Mon Sep 17 00:00:00 2001 From: Vladislav Plikin <106341126+Anatr0p@users.noreply.github.com> Date: Sat, 11 Nov 2023 17:41:00 +0300 Subject: [PATCH 3/6] Fixed script name and download/run script --- README.md | 4 ++-- wireguard-install.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 171c04f2..4aa8a20e 100644 --- a/README.md +++ b/README.md @@ -27,8 +27,8 @@ Supported distributions: Download and execute the script. Answer the questions asked by the script and it will take care of the rest. ```bash -curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh -chmod +x wireguard-install.sh +curl -O https://raw.githubusercontent.com/Anatr0p/wireguard-install/master/wg.sh +chmod +x wg.sh ./wireguard-install.sh ``` diff --git a/wireguard-install.sh b/wireguard-install.sh index f30d8969..44a8e930 100644 --- a/wireguard-install.sh +++ b/wireguard-install.sh @@ -9,7 +9,7 @@ NC='\033[0m' function isRoot() { if [ "${EUID}" -ne 0 ]; then - echo "You need to run this script as root. Use sudo bash wg.sh or just sudo ./wg.sh" + echo "You need to run this script as root" exit 1 fi } From 9477a1afb86a5bb4e9dabdb0c0f4c272d33f4ad7 Mon Sep 17 00:00:00 2001 From: Vladislav Plikin <106341126+Anatr0p@users.noreply.github.com> Date: Sat, 11 Nov 2023 17:41:53 +0300 Subject: [PATCH 4/6] Fixed script name --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4aa8a20e..1e8fe2a6 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Download and execute the script. Answer the questions asked by the script and it ```bash curl -O https://raw.githubusercontent.com/Anatr0p/wireguard-install/master/wg.sh chmod +x wg.sh -./wireguard-install.sh +./wg.sh ``` It will install WireGuard (kernel module and tools) on the server, configure it, create a systemd service and a client configuration file. From 33f4e32045a0699d6a80e5cb9fc513e1b52c5b61 Mon Sep 17 00:00:00 2001 From: Vladislav Plikin <106341126+Anatr0p@users.noreply.github.com> Date: Sat, 11 Nov 2023 17:42:41 +0300 Subject: [PATCH 5/6] Changed script filename --- wireguard-install.sh => wg.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename wireguard-install.sh => wg.sh (100%) diff --git a/wireguard-install.sh b/wg.sh similarity index 100% rename from wireguard-install.sh rename to wg.sh From 29d0e2e75f880d298ccbcba1af1de960ad83bb10 Mon Sep 17 00:00:00 2001 From: Vladislav Plikin <106341126+Anatr0p@users.noreply.github.com> Date: Wed, 15 Nov 2023 19:29:22 +0300 Subject: [PATCH 6/6] Fixed PersistentKeepalive --- wg.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wg.sh b/wg.sh index 44a8e930..7821e029 100644 --- a/wg.sh +++ b/wg.sh @@ -409,7 +409,7 @@ PublicKey = ${SERVER_PUB_KEY} PresharedKey = ${CLIENT_PRE_SHARED_KEY} Endpoint = ${ENDPOINT} AllowedIPs = ${ALLOWED_IPS} -PeristentKeepalive = 5 +PersistentKeepalive = 5 "