If the FORWARD chain policy defaults to DENY, it must explicitly allow traffic from the external to the wg interface.
To solve this, the patch just adds
iptables -A FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT;
Added `clientRevoke()` based on openvpn-install repo, fixes #4
Some other changes were required for this to work:
- client names aren't random anymore
- client names are saved above the `[Peer]` block of the server configuration file to keep track of them
- checks added for existing IPv4, IPv6 and client name. I used `until` to ask the user again if this is the case to not make him loose its work if, for example, the client name and IPv4 inserted are unique but not the IPv6.
- using `until` instead of `exit` isn't idempotent but it's more user friendly. This will be a future goal.
- default options should be safe to use so the suggestion for the client IP is automatically incremented. The subnet of `SERVER_WG_IPV` is hard-coded inside `CLIENT_WG_IPV` for obvious reasons
- cleaned some minor code
- use IPv6 if IPv4 isn't available
- add input validations, fixes #86 .
- assign secondary DNS to primary DNS value if it's empty. Fixes #68
- use `$SERVER_WG_IPV4` and `$SERVER_WG_IPV6` when suggesting the client IP
- save user DNS to `params` file and apply it to all clients, removing support for customizing DNS for individual clients. If this is a problem we can add again the code to allow customization but maybe use the sourced DNS as a suggestion for clients that need a different one
- add shellcheck ignores, needed for IDE that have shellcheck support
- escaped variables to `"${var}"` style
- updated README to reflect changes
- fixed the kernel mismatch issue on CentOS by updating the kernel https://github.com/angristan/wireguard-install/issues/95#issuecomment-653696198. Fedora might need this change too
- Use `firewall-cmd` only if `firewalld` is running. Fixes #95
- Fix the client's subnet mask. Fixes #87
- Save the client configuration in the correct `$HOME`. Fixes #96
Co-authored-by: Chris Lewicki <chris@lewicki.dev>
Co-authored-by: Stanislas <angristan@pm.me>
This commit puts the client creation logic into a function.
By running the script followed by `add_client`, the user will be asked a
few questions and a new peer will be added.
Removing client is **not** supported.
The client files have random names.
Fix for https://github.com/angristan/wireguard-install/issues/3
Stanislas
Stefan A
Farzin Monsef
pyramidenkoenig
xiagw
Aleksander
randomshell
Navratan Gupta
dependabot[bot]
Ian
robiiinos
Deface
Stanislas Lange
Jelle Dekker
randomshell
Andrew Prokhorenkov