A bash script that generates server and client configurations for WireGuard VPN on Linux systems.
- Automated Key Generation: Generates private keys, public keys, and preshared keys using WireGuard tools
- Server Configuration: Creates complete server configuration with NAT rules
- Multiple Client Support: Generate configurations for multiple clients in a single run
- QR Code Generation: Optionally generates QR codes for easy mobile client setup (requires
qrencode) - Interactive Mode: Supports both command-line arguments and interactive setup
- Customizable Settings: Configure network CIDR, ports, IP addresses, and more
- Linux operating system
wireguard-toolspackage installed- Root privileges (for installing configs to
/etc/wireguard) or user mode (configs saved to output directory) - Optional:
qrencodefor generating QR codes
# Debian/Ubuntu
apt install wireguard-tools qrencode
# RHEL/CentOS
yum install wireguard-tools qrencode
# Arch Linux
pacman -S wireguard-tools qrencodeRun the script without arguments to start interactive setup:
./wg-gen.sh./wg-gen.sh [OPTIONS]| Option | Description | Default |
|---|---|---|
-s, --server-ip IP |
Server VPN IP address | 10.0.0.1 |
-n, --network CIDR |
Server network CIDR | 10.0.0.0/24 |
-p, --port PORT |
Server listening port | 51820 |
-c, --clients NUMBER |
Number of clients to generate | 1 |
-i, --interface IFACE |
Network interface for NAT (required) | - |
-e, --endpoint ENDPOINT |
Server public endpoint (IP or domain, required) | - |
-o, --output DIR |
Output directory for configs | ./wg-configs |
-h, --help |
Show help message | - |
Generate server config with 3 clients:
./wg-gen.sh -e vpn.example.com -i eth0 -c 3Generate with custom network settings:
./wg-gen.sh -e 203.0.113.1 -i ens18 -s 10.10.0.1 -n 10.10.0.0/24 -c 5Generate with custom port and output directory:
./wg-gen.sh -e vpn.myserver.com -i eth0 -p 51821 -o ./my-vpn-configsThe script generates the following files in the output directory:
wg0.conf- Server configuration with all client peersclient1.conf,client2.conf, ... - Individual client configurationsclient1.png,client2.png, ... - QR codes for mobile setup (ifqrencodeis available)README.txt- Installation instructions and configuration summary
-
Copy server configuration:
sudo cp wg-configs/wg0.conf /etc/wireguard/ sudo chmod 600 /etc/wireguard/wg0.conf
-
Enable IP forwarding:
echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf sudo sysctl -p
-
Start WireGuard:
sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0 -
Check status:
sudo wg show
sudo cp client1.conf /etc/wireguard/
sudo wg-quick up client1- Install the WireGuard app from the respective app store
- Import the configuration file or scan the QR code
- Activate the tunnel
- Keep private keys secure and never share them
- The script sets permissions to
600on generated configuration files - Distribute client configurations through secure channels
- Consider using a firewall to restrict access to the WireGuard port
This script is provided as-is for generating WireGuard configurations.
Error: WireGuard tools not found
- Install
wireguard-toolspackage for your distribution
Error: Network interface is required
- Use
-iflag to specify your network interface (e.g.,eth0,ens18) - Run
ip -o link showto see available interfaces
Error: Invalid server IP address
- Ensure you're providing a valid IPv4 address format
QR codes not generated
- Install
qrencodepackage to enable QR code generation