Wireguard Scripts

Scripts for managing Wireguard users on the wireguard server.

`add_wg_user.sh`

Usage `/etc/wireguard/add_wg_user.sh <username> <last_octet>`

#!/bin/bash

set -e

WG_DIR="/etc/wireguard"
WG_CONFIG="${WG_DIR}/wg0.conf"
KEYS_DIR="${WG_DIR}/keys"
CONFIGS_DIR="${WG_DIR}/configs"
INTERFACE_ADDRESS_PREFIX="10.13.115"

# Check parameters
if [ -z "$1" ] || [ -z "$2" ]; then
  echo "Usage: $0 <username> <last_octet>"
  exit 1
fi

USERNAME="$1"
OCTET="$2"
USER_IP="${INTERFACE_ADDRESS_PREFIX}.${OCTET}"

# Check for existing IP
if grep -q "${USER_IP}/32" "$WG_CONFIG"; then
  echo "Error: IP ${USER_IP} already in use."
  exit 1
fi

# Generate keys
USER_PRIV_KEY=$(wg genkey)
USER_PUB_KEY=$(echo "$USER_PRIV_KEY" | wg pubkey)
PRESHARED_KEY=$(wg genpsk)

# Save keys
echo "$USER_PRIV_KEY" > "${KEYS_DIR}/${USERNAME}_priv"
echo "$USER_PUB_KEY" > "${KEYS_DIR}/${USERNAME}_pub"
echo "$PRESHARED_KEY" > "${KEYS_DIR}/${USERNAME}_psk"
chmod 600 "${KEYS_DIR}/${USERNAME}"_*

# Add to server config
cat >> "$WG_CONFIG" <<EOL

# ${USERNAME}
[Peer]
PublicKey = ${USER_PUB_KEY}
PresharedKey = ${PRESHARED_KEY}
AllowedIPs = ${USER_IP}/32
EOL

# Get server public key from private key in wg0.conf
SERVER_PRIV_KEY=$(grep "^PrivateKey" "$WG_CONFIG" | awk '{print $3}')
SERVER_PUB_KEY=$(echo "$SERVER_PRIV_KEY" | wg pubkey)

# Create client config
cat > "${CONFIGS_DIR}/${USERNAME}.conf" <<EOL
[Interface]
PrivateKey = ${USER_PRIV_KEY}
Address = ${USER_IP}/32
DNS = 1.1.1.1

[Peer]
PublicKey = ${SERVER_PUB_KEY}
PresharedKey = ${PRESHARED_KEY}
Endpoint = 136.243.40.234:123
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25
EOL

# Restart WireGuard
echo "Applying changes..."
wg syncconf wg0 <(wg-quick strip wg0)
systemctl restart wg-quick@wg0

echo "User ${USERNAME} added with IP ${USER_IP}"

remove_user.sh

Usage `/etc/wireguard/remove_user.sh <username>`

#!/bin/bash

set -e

WG_DIR="/etc/wireguard"
WG_CONFIG="${WG_DIR}/wg0.conf"
KEYS_DIR="${WG_DIR}/keys"
CONFIGS_DIR="${WG_DIR}/configs"

if [ -z "$1" ]; then
  echo "Usage: $0 <username>"
  exit 1
fi

USERNAME="$1"

# Check if user exists in config
if ! grep -q "# ${USERNAME}" "$WG_CONFIG"; then
  echo "User ${USERNAME} not found in wg0.conf"
  exit 1
fi

# Remove [Peer] block from wg0.conf
echo "Removing user ${USERNAME} from wg0.conf..."
sed -i "/# ${USERNAME}/,/^$/d" "$WG_CONFIG"

# Remove newline whitespace if exists
sed -i ':a; /^\s*$/{$d; N; ba}' "$WG_CONFIG"

# Remove keys and config file
echo "Deleting keys and config..."
rm -f "${KEYS_DIR}/${USERNAME}_priv"
rm -f "${KEYS_DIR}/${USERNAME}_pub"
rm -f "${KEYS_DIR}/${USERNAME}_psk"
rm -f "${CONFIGS_DIR}/${USERNAME}.conf"

# Restart WireGuard to apply changes
echo "Applying changes..."
wg syncconf wg0 <(wg-quick strip wg0)
systemctl restart wg-quick@wg0

echo "User ${USERNAME} has been removed."

add_wg_user.sh​

Usage /etc/wireguard/add_wg_user.sh <username> <last_octet>​

remove_user.sh​

Usage /etc/wireguard/remove_user.sh <username>​

`add_wg_user.sh`

Usage `/etc/wireguard/add_wg_user.sh <username> <last_octet>`

remove_user.sh

Usage `/etc/wireguard/remove_user.sh <username>`