ebc32cae86
Installer now expects Debian 12 and requires base-stack repo installed first New systemd files New wg-client-zip-email.sh script Moved bash scripts into sbin dir Install & configure firewalld instead of ufw wg.sh now has configurable options - DNS nameserver settings - endpoint (FQDN or IP) - AllowedIPs (defaults to 0.0.0.0/0) Change the client network from 10.96.0.0/12 (1,048,574 max clients / IPs) to 10.96.0.0/16 (65,025 max clients / IPs) |
||
|---|---|---|
| sbin | ||
| systemd | ||
| COPYING | ||
| install.sh | ||
| README.md | ||
vpn-stack
A set of bash scripts for installing and managing a WireGuard VPN server.
Requirements
A minimal Debian 12 server install with no extra services or packages installed. It is recommended to first install base-stack which will configure a basic server set up including firewald & fail2ban to secure the server: https://git.stack-source.com/msb/base-stack
Install
cd /usr/local/src/
git clone https://git.stack-source.com/msb/vpn-stack.git
cd vpn-stack
bash install.sh
Configure Clients
Download and install client software from wireguard.com.
Add a client configuration to the server, display a qr code that can be scanned by a client, and email a zipped copy of the config.
wg-client-add.sh -c <client>
wg-client-qr-display.sh -c <client>
wg-client-zip-email.sh -c <client> -e <email>
For example, to add a client config for a user named joe, display the qr code on the console screen, and then email a zipped copy of the config run:
wg-client-add.sh -c joe
wg-client-qr-display.sh -c joe
wg-client-zip-email.sh -c joe -e joe@example.com
License
Copyright (c) 2024 Matthew Saunders Brown matthewsaundersbrown@gmail.com
GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)