jody/wireguard-add-client-qr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

Initial commit of README and functioning script.

Browse Source
This commit is contained in:
jkaplon 2025-03-11 14:51:03 -04:00
commit 84a50618da
2 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md Normal file
View File

@ -0,0 +1,3 @@
Bash script for use on wireguard hub/server to auto-configure new clients.
Output displays a QR code on the terminal for easy setup of wireguard mobile or PC apps.
Script must be run on central wireguard hub/server, but resulting QR works on a mobile terminal app or ssh-client (tested with Termux on android).

52
wg-qr-client.sh Executable file
View File

@ -0,0 +1,52 @@
#! /bin/bash
# Require descriptive device name arg from user.
device_name=$1
if [ -z "$device_name" ]; then
echo 'Missing device name arg' >&2
exit 1
fi
# Want this script to be executed w/`sudo` so don't need it anywhere in here.
wg genkey | tee /etc/wireguard/clients/${device_name}.key | wg pubkey | tee /etc/wireguard/clients/${device_name}.key.pub
priv_key=$(cat /etc/wireguard/clients/${device_name}.key)
pub_key=$(cat /etc/wireguard/clients/${device_name}.key.pub)
# start client numbering at 150, store next value in ~/bin/wg-qr-client-nxt-ip.conf
nxt_ip=$(cat /home/jody/bin/wg-qr-client-nxt-ip.conf)
echo $((nxt_ip+1)) > /home/jody/bin/wg-qr-client-nxt-ip.conf
# IPv4 & Public key for primary wireguard hub/server (assuming this script is running on that machine...look them up to avoid hard-coding so this script can be shared).
hub_ip_addr=$(ifconfig eth0 | grep 'inet ' | cut -d' ' -f10)
hub_pub_key=$(wg | grep public | cut -d' ' -f5)
cat > /etc/wireguard/clients/${device_name}.conf <<EOL
[Interface]
Address = 10.0.0.${nxt_ip}/32
ListenPort = 61666
PrivateKey = ${priv_key}
DNS = 10.0.0.143
[Peer]
PublicKey = ${hub_pub_key}
AllowedIPs = 10.0.0.0/24
Endpoint = ${hub_ip_addr}:61666
EOL
# Append new peer to ISH-VPS server in /etc/wireguard/wg0.conf
cat >> /etc/wireguard/wg0.conf <<EOL
[Peer]
# ${device_name}
PublicKey = ${pub_key}
AllowedIPs = 10.0.0.${nxt_ip}/32
EOL
# Restart wg0 interface to finalize changes.
systemctl restart wg-quick@wg0
# Output QR-code to the terminal
# (YAGNI, also output to PNG file for later use...maybe could send to ntfy).
cat /etc/wireguard/clients/${device_name}.conf | qrencode -t ansiutf8