mirror of
https://github.com/angristan/wireguard-install.git
synced 2024-11-22 04:35:09 +00:00
Use native WireGuard in Fedora >= 32 + support firewalld (#55)
This commit is contained in:
parent
f3fd5346c0
commit
a810f727dd
@ -24,7 +24,8 @@ if [[ -e /etc/debian_version ]]; then
|
|||||||
source /etc/os-release
|
source /etc/os-release
|
||||||
OS=$ID # debian or ubuntu
|
OS=$ID # debian or ubuntu
|
||||||
elif [[ -e /etc/fedora-release ]]; then
|
elif [[ -e /etc/fedora-release ]]; then
|
||||||
OS=fedora
|
source /etc/os-release
|
||||||
|
OS=$ID
|
||||||
elif [[ -e /etc/centos-release ]]; then
|
elif [[ -e /etc/centos-release ]]; then
|
||||||
OS=centos
|
OS=centos
|
||||||
elif [[ -e /etc/arch-release ]]; then
|
elif [[ -e /etc/arch-release ]]; then
|
||||||
@ -93,9 +94,12 @@ elif [[ "$OS" = 'debian' ]]; then
|
|||||||
apt-get install -y "linux-headers-$(uname -r)"
|
apt-get install -y "linux-headers-$(uname -r)"
|
||||||
apt-get install -y wireguard iptables resolvconf qrencode
|
apt-get install -y wireguard iptables resolvconf qrencode
|
||||||
elif [[ "$OS" = 'fedora' ]]; then
|
elif [[ "$OS" = 'fedora' ]]; then
|
||||||
dnf install -y dnf-plugins-core
|
if [[ "$VERSION_ID" -lt 32 ]]; then
|
||||||
dnf copr enable -y jdoss/wireguard
|
dnf install -y dnf-plugins-core
|
||||||
dnf install -y wireguard-dkms wireguard-tools iptables qrencode
|
dnf copr enable -y jdoss/wireguard
|
||||||
|
dnf install -y wireguard-dkms
|
||||||
|
fi
|
||||||
|
dnf install -y wireguard-tools iptables qrencode
|
||||||
elif [[ "$OS" = 'centos' ]]; then
|
elif [[ "$OS" = 'centos' ]]; then
|
||||||
curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
|
curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
|
||||||
yum -y install epel-release
|
yum -y install epel-release
|
||||||
@ -120,9 +124,17 @@ CLIENT_PUB_KEY=$(echo "$CLIENT_PRIV_KEY" | wg pubkey)
|
|||||||
echo "[Interface]
|
echo "[Interface]
|
||||||
Address = $SERVER_WG_IPV4/24,$SERVER_WG_IPV6/64
|
Address = $SERVER_WG_IPV4/24,$SERVER_WG_IPV6/64
|
||||||
ListenPort = $SERVER_PORT
|
ListenPort = $SERVER_PORT
|
||||||
PrivateKey = $SERVER_PRIV_KEY
|
PrivateKey = $SERVER_PRIV_KEY" > "/etc/wireguard/$SERVER_WG_NIC.conf"
|
||||||
PostUp = iptables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
|
|
||||||
PostDown = iptables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE" > "/etc/wireguard/$SERVER_WG_NIC.conf"
|
if [ -x "$(command -v firewall-cmd)" ]; then
|
||||||
|
FIREWALLD_IPV4_ADDRESS=$(echo $SERVER_WG_IPV4 | cut -d"." -f1-3)".0"
|
||||||
|
FIREWALLD_IPV6_ADDRESS=$(echo $SERVER_WG_IPV6 | sed 's/:[^:]*$/:0/')
|
||||||
|
echo "PostUp = firewall-cmd --add-port $SERVER_PORT/udp && firewall-cmd --add-rich-rule='rule family=ipv4 source address=$FIREWALLD_IPV4_ADDRESS/24 masquerade' && firewall-cmd --add-rich-rule='rule family=ipv6 source address=$FIREWALLD_IPV6_ADDRESS/24 masquerade'
|
||||||
|
PostDown = firewall-cmd --remove-port $SERVER_PORT/udp && firewall-cmd --remove-rich-rule='rule family=ipv4 source address=$FIREWALLD_IPV4_ADDRESS/24 masquerade' && firewall-cmd --remove-rich-rule='rule family=ipv6 source address=$FIREWALLD_IPV6_ADDRESS/24 masquerade'" >> "/etc/wireguard/$SERVER_WG_NIC.conf"
|
||||||
|
else
|
||||||
|
echo "PostUp = iptables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE
|
||||||
|
PostDown = iptables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE" >> "/etc/wireguard/$SERVER_WG_NIC.conf"
|
||||||
|
fi
|
||||||
|
|
||||||
# Add the client as a peer to the server
|
# Add the client as a peer to the server
|
||||||
echo "[Peer]
|
echo "[Peer]
|
||||||
|
Loading…
Reference in New Issue
Block a user