forked from gmoreno90/WireGuard-and-WGDashboard-Installer
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall-wireguard-wgdashboard.sh
More file actions
246 lines (209 loc) Β· 7.51 KB
/
install-wireguard-wgdashboard.sh
File metadata and controls
246 lines (209 loc) Β· 7.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
#!/bin/bash
set -e
echo "π§ Installing WireGuard and WGDashboard with Domain Support on Debian 12..."
echo "β οΈ This script has been fixed to handle IP forwarding and network interface detection"
# Detect the primary network interface automatically
echo "π Detecting primary network interface..."
PRIMARY_INTERFACE=$(ip route show default | awk '/default/ { print $5 }' | head -n1)
if [ -z "$PRIMARY_INTERFACE" ]; then
echo "β ERROR: Could not detect primary network interface. Please run 'ip route show default' and check your network configuration."
exit 1
fi
echo "β
Detected primary interface: $PRIMARY_INTERFACE"
# Step 1: Install required packages
echo "π¦ Installing required packages..."
apt update
apt install -y wireguard iptables-persistent python3 python3-pip git
# Step 2: Create WireGuard keys and configuration
WG_DIR="/etc/wireguard"
mkdir -p $WG_DIR
cd $WG_DIR
echo "π Generating WireGuard server keys..."
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
PRIVATE_KEY=$(cat privatekey)
PUBLIC_KEY=$(cat publickey)
SERVER_IP="10.99.99.1"
echo "π Creating WireGuard configuration..."
cat > wg0.conf <<EOF
[Interface]
Address = $SERVER_IP/24
ListenPort = 51820
PrivateKey = $PRIVATE_KEY
PostUp = iptables -t nat -A POSTROUTING -s 10.99.99.0/24 -o $PRIMARY_INTERFACE -j MASQUERADE
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
PostUp = iptables -A FORWARD -o wg0 -j ACCEPT
PostUp = iptables -A FORWARD -i wg0 -o $PRIMARY_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
PostUp = iptables -A FORWARD -i $PRIMARY_INTERFACE -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -s 10.99.99.0/24 -o $PRIMARY_INTERFACE -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -D FORWARD -o wg0 -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -o $PRIMARY_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
PostDown = iptables -D FORWARD -i $PRIMARY_INTERFACE -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
SaveConfig = true
EOF
echo "π Server public key: $PUBLIC_KEY"
# Step 3: Enable IP forwarding permanently (FIXED)
echo "π Enabling IP forwarding..."
# Remove any existing conflicting entries
sed -i '/^net.ipv4.ip_forward/d' /etc/sysctl.conf
sed -i '/^#net.ipv4.ip_forward/d' /etc/sysctl.conf
# Add IP forwarding setting
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
# Apply the setting immediately
sysctl -w net.ipv4.ip_forward=1
# Verify it's enabled
if [ "$(cat /proc/sys/net/ipv4/ip_forward)" = "1" ]; then
echo "β
IP forwarding is now enabled"
else
echo "β ERROR: IP forwarding could not be enabled"
exit 1
fi
# Step 4: Setup initial iptables rules
echo "π₯ Setting up firewall rules..."
# Clean any existing conflicting rules
iptables -t nat -F POSTROUTING 2>/dev/null || true
iptables -F FORWARD 2>/dev/null || true
# Add the correct rules
iptables -t nat -A POSTROUTING -s 10.99.99.0/24 -o $PRIMARY_INTERFACE -j MASQUERADE
iptables -A FORWARD -i wg0 -j ACCEPT
iptables -A FORWARD -o wg0 -j ACCEPT
iptables -A FORWARD -i wg0 -o $PRIMARY_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $PRIMARY_INTERFACE -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Save rules for persistence
echo "πΎ Saving firewall rules..."
netfilter-persistent save
# Step 5: Enable and start WireGuard
echo "π Starting WireGuard service..."
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0 || {
echo "β WireGuard service failed to start. Checking logs..."
journalctl -u wg-quick@wg0 --no-pager -l
exit 1
}
# Step 6: Install WGDashboard
echo "π₯οΈ Installing WGDashboard..."
cd /opt
rm -rf WGDashboard
git clone https://github.com/donaldzou/WGDashboard.git
cd WGDashboard
# Step 7: Install Python requirements
REQUIREMENTS_PATH="/opt/WGDashboard/src/requirements.txt"
if [ ! -f "$REQUIREMENTS_PATH" ]; then
echo "β ERROR: requirements.txt not found at $REQUIREMENTS_PATH. Repo may have changed. Aborting."
exit 1
fi
pip3 install --break-system-packages -r "$REQUIREMENTS_PATH"
# Step 8: Create config.json for WGDashboard
mkdir -p /opt/WGDashboard/src
cat > /opt/WGDashboard/src/config.json <<EOF
{
"wg_conf_path": "/etc/wireguard/wg0.conf",
"interface": "wg0",
"listen_port": 10086,
"username": "admin",
"password": "admin"
}
EOF
# Step 9: Create systemd service for WGDashboard
cat > /etc/systemd/system/wgdashboard.service <<EOF
[Unit]
Description=WGDashboard Web UI
After=network.target
[Service]
WorkingDirectory=/opt/WGDashboard/src
ExecStart=/usr/bin/python3 /opt/WGDashboard/src/dashboard.py
Restart=always
User=root
[Install]
WantedBy=multi-user.target
EOF
# Step 10: Enable and start the dashboard
systemctl daemon-reload
systemctl enable wgdashboard
systemctl start wgdashboard
# Step 11: Create verification script
cat > /root/check-vpn.sh <<'EOF'
#!/bin/bash
echo "=== WireGuard Status ==="
systemctl status wg-quick@wg0 --no-pager -l
echo -e "\n=== WireGuard Peers ==="
wg show
echo -e "\n=== IP Forwarding Status ==="
echo "Current value: $(cat /proc/sys/net/ipv4/ip_forward)"
echo "Should be: 1"
echo -e "\n=== NAT Rules ==="
iptables -t nat -L -n -v | grep -E "(MASQUERADE|Chain)"
echo -e "\n=== Forward Rules ==="
iptables -L FORWARD -n -v
echo -e "\n=== Network Interface ==="
ip route show default
echo -e "\n=== Sysctl Configuration ==="
grep "net.ipv4.ip_forward" /etc/sysctl.conf
EOF
chmod +x /root/check-vpn.sh
# Step 12: Final verification
echo "π Verifying installation..."
sleep 2
if systemctl is-active --quiet wg-quick@wg0; then
echo "β
WireGuard is running"
else
echo "β WireGuard is not running"
exit 1
fi
if systemctl is-active --quiet wgdashboard; then
echo "β
WGDashboard is running"
else
echo "β WGDashboard is not running"
exit 1
fi
# Verify IP forwarding one more time
if [ "$(cat /proc/sys/net/ipv4/ip_forward)" = "1" ]; then
echo "β
IP forwarding is active"
else
echo "β IP forwarding verification failed"
exit 1
fi
# Get server IP
IPADDR=$(curl -s http://checkip.amazonaws.com 2>/dev/null || hostname -I | awk '{print $1}')
# Step 13: Output results
echo ""
echo "π WireGuard and WGDashboard have been successfully installed!"
echo ""
echo "π Dashboard Access:"
echo " URL: http://$IPADDR:10086"
echo " Login: admin / admin"
echo ""
echo "π§ Server Details:"
echo " Interface: $PRIMARY_INTERFACE"
echo " Server IP: $IPADDR"
echo " WireGuard Port: 51820"
echo " Server VPN IP: 10.99.99.1/24"
echo " Server Public Key: $PUBLIC_KEY"
echo ""
echo "π Useful Commands:"
echo " Check VPN status: /root/check-vpn.sh"
echo " View active peers: wg show"
echo " Add new client: Use the WGDashboard web interface"
echo " Save config: wg-quick save wg0"
echo ""
echo "β οΈ IMPORTANT NOTES:"
echo " 1. Change the dashboard password after first login"
echo " 2. Server is ready to accept client connections"
echo " 3. Use the WGDashboard web interface to add clients"
echo " 4. For domain setup, create an A record pointing to $IPADDR (disable Cloudflare proxy)"
echo " 5. IP forwarding is now properly enabled and persistent"
echo " 6. Firewall rules are automatically saved and will persist after reboot"
echo ""
echo "π± Client Configuration Template (for manual setup if needed):"
echo " [Interface]"
echo " PrivateKey = CLIENT_PRIVATE_KEY"
echo " Address = 10.99.99.X/32"
echo " DNS = 8.8.8.8, 1.1.1.1"
echo " "
echo " [Peer]"
echo " PublicKey = $PUBLIC_KEY"
echo " Endpoint = $IPADDR:51820"
echo " AllowedIPs = 0.0.0.0/0"
echo " PersistentKeepalive = 25"
echo ""