Definition
wg-config: manage wireguard interfaces with a single command
Syntax
bash wg-config.sh [options] [optional arguments]
Description
Taking advantage of the simplicity of WireGuard, this script aims to simplify the creation, management and removal of VPN interfaces with common options to suit most use cases.
It is not intended as means to replace the wg or wg-quick commands, but to complement them.
The objective is to abstract the firewall and system configuration, and it will always manage the VPN by editing a file in /etc/wireguard/[interface name].conf where interface name is the name set by the user. Most customizations such as editing peer data, modifying interfaces or altering IPs at present are out of the scope of this project, but can be easily carried out modifying the conf file. There is rich documentation available for WireGuard in their sites, in the man command for wg, or learning from the multiple sources available online to manually understand and edit this file.
Requirements
SUDO access
WireGuard
Install with: sudo apt install wireguard
UFW (recommended but optional)
Install with: sudo apt install ufw
Options
-h|--help
Get general help or command specific help
-v|--visualize
visualize commands that will be ran without modifying the existing environment
Commands and Arguments
reminder
Reminder of basic operations and how to perform them with wg or wg-quick.
show []
Similar to 'wg show' but will list all interfaces with a config file (including disabled ones).
If an interface name is provided it will show the config file for that interface.
new {} [-a
Creates a new WireGuard interface. The command manages the creation of the logical interface, the WireGuard configuration file and the server keys.
The address configures an address for the server in the VPN. Default is 10.0.0.1 The port specifies the listening port for this interface of WireGuard. Default is 51820. The forwarding-interface specifies the interface to route traffic through which is not directed to this server. If not set, forwarding will be disabled for this interface until it is manually enabled with the enable-forwarding command. enable-forwarding {} {}
Enables traffic forwarding. This enables peers to route all traffic through the encrypted tunnel interface and reach their destination. Will also allow peers to reach devices in the LAN.
disable-forwarding {}
Disables traffic forwarding. Connected clients will only have access to this server regardless of its configuration. remove {}
Removes the interface and all the configuration files for the selected interface. Requires confirmation. peer-new {} {-f | -k } {-i } [-n ]
Add a new peer to the configuration file.
It is required to provide a public key for the peer (generated by the peer) or a file where the only the key is stored. Indicate with the flag -f or -k which is being provided. The file can be deleted later on. A unique peer ip is required. The name or identifier flag exists to label the peer with in a recognizable way in the configuration file so it is easier to locate. peer-enable {} {-i | -n }
Enables a peer which was previously disabled from connecting. peer-disable {} {-i | -n }
Disables the connection for a peer without deleting its configuration. peer-remove {} {-i | -n }
Delete a peer and remove its information from the configuration file. Requires confirmation. To identify the peer use the peer-ip (unique for each peer) or a name/identifier if it was defined on creation. If multiple peers are found the process will be aborted.