27 lines
937 B
Bash
27 lines
937 B
Bash
#!/bin/sh
|
|
echo "Setting up Wireguard ..."
|
|
apk add wireguard-tools
|
|
|
|
# Generate server private and public keys
|
|
mkdir -p /etc/wireguard
|
|
wg genkey | tee /etc/wireguard/server_priv.key | wg pubkey > /etc/wireguard/server_pub.key
|
|
|
|
# Generate configuration
|
|
cat <<EOF > /etc/wireguard/wg0.conf
|
|
[Interface]
|
|
PrivateKey = $(cat /etc/wireguard/server_priv.key)
|
|
Address = 10.0.0.1/24 # Server has IP in the wg network
|
|
ListenPort = 51820
|
|
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
|
EOF
|
|
|
|
# Enable IP forwarding, persistent
|
|
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/ip_forward.conf
|
|
sysctl -p /etc/sysctl.d/ip_forward.conf
|
|
|
|
# Auto-start Wireguard on boot
|
|
apk add wireguard-tools-openrc
|
|
ln -s /etc/init.d/wg-quick /etc/init.d/wg-quick.wg0
|
|
rc-update add wg-quick.wg0
|
|
rc-service wg-quick.wg0 start |