1
1
mirror of https://github.com/angristan/wireguard-install.git synced 2024-11-25 06:07:34 +00:00

Generate unique pre-shared key for each client (#69)

This commit is contained in:
Jelle Dekker 2020-04-22 21:50:49 +02:00 committed by GitHub
parent 6e60d59ee4
commit 071466eccd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -31,6 +31,7 @@ function addClient () {
# Generate key pair for the client # Generate key pair for the client
CLIENT_PRIV_KEY=$(wg genkey) CLIENT_PRIV_KEY=$(wg genkey)
CLIENT_PUB_KEY=$(echo "$CLIENT_PRIV_KEY" | wg pubkey) CLIENT_PUB_KEY=$(echo "$CLIENT_PRIV_KEY" | wg pubkey)
CLIENT_PRE_SHARED_KEY=$(wg genpsk)
# Create client file and add the server as a peer # Create client file and add the server as a peer
echo "[Interface] echo "[Interface]
@ -40,14 +41,14 @@ DNS = $CLIENT_DNS_1,$CLIENT_DNS_2
[Peer] [Peer]
PublicKey = $SERVER_PUB_KEY PublicKey = $SERVER_PUB_KEY
PresharedKey = $SYMM_PRE_KEY PresharedKey = $CLIENT_PRE_SHARED_KEY
Endpoint = $ENDPOINT Endpoint = $ENDPOINT
AllowedIPs = 0.0.0.0/0,::/0" >> "$HOME/$SERVER_WG_NIC-client-$CLIENT_NAME.conf" AllowedIPs = 0.0.0.0/0,::/0" >> "$HOME/$SERVER_WG_NIC-client-$CLIENT_NAME.conf"
# Add the client as a peer to the server # Add the client as a peer to the server
echo -e "\n[Peer] echo -e "\n[Peer]
PublicKey = $CLIENT_PUB_KEY PublicKey = $CLIENT_PUB_KEY
PresharedKey = $SYMM_PRE_KEY PresharedKey = $CLIENT_PRE_SHARED_KEY
AllowedIPs = $CLIENT_WG_IPV4/32,$CLIENT_WG_IPV6/128" >> "/etc/wireguard/$SERVER_WG_NIC.conf" AllowedIPs = $CLIENT_WG_IPV4/32,$CLIENT_WG_IPV6/128" >> "/etc/wireguard/$SERVER_WG_NIC.conf"
systemctl restart "wg-quick@$SERVER_WG_NIC" systemctl restart "wg-quick@$SERVER_WG_NIC"
@ -173,8 +174,7 @@ SERVER_WG_IPV4=$SERVER_WG_IPV4
SERVER_WG_IPV6=$SERVER_WG_IPV6 SERVER_WG_IPV6=$SERVER_WG_IPV6
SERVER_PORT=$SERVER_PORT SERVER_PORT=$SERVER_PORT
SERVER_PRIV_KEY=$SERVER_PRIV_KEY SERVER_PRIV_KEY=$SERVER_PRIV_KEY
SERVER_PUB_KEY=$SERVER_PUB_KEY SERVER_PUB_KEY=$SERVER_PUB_KEY" > /etc/wireguard/params
SYMM_PRE_KEY=$( wg genpsk )" > /etc/wireguard/params
source /etc/wireguard/params source /etc/wireguard/params