Automated shell script to set up WireGuard on OpenWRT or generate site-to-site WireGuard config files.
This script creates 4 peers with usernames 'alpha', 'bravo', 'charlie', and 'delta' on a lan network (ref create_firewall_zone in wg-auto.sh) with WireGuard interface wg0 by default.
Use wg-auto.env.sh as a starting point to make your changes, run with sh wg-auto.sh wg-auto.local-network.env.sh.
This script will keep pre-existing peer keys when you re-run this script, if this is not what you need, just delete the peer keys in the config/${path_prefix}/peers directory.
This script only generates WireGuard config files to set up site-to-site VPN, for example, your local network with AWS VPC.
Use wg-vpc.env.sh as a starting point to make your changes, run with sh wg-vpc.sh wg-vpc.aws-vpc.env.sh.
- Update
endpointfor peers config with your DDNS domain or fixed endpoint, - Update
server_site_ipcidrwith your server/home network IP CIDR,- If you want to route all traffic with WireGuard, modify
peer_allowed_ips=0.0.0.0/0inwg-auto.env.sh, then uncomment theDNS = ${server_IP}increate_peer_configfunction.
- If you want to route all traffic with WireGuard, modify
- Modify
usernameswith more or less usernames to create any number of peers- Linux interface name should no longer than 15 characters
path_prefixis optional, this variable only affects file path for peers config, use your device prefix to meet your need- The
create_server_configandappend_peer_to_server_configfunctions are used to create equivalent standard server configurations for other purposes, these function does not affect OpenWRT setup.