WireGuard automated installer | Ubuntu, Debian, CentOS, Fedora

124

Comments

  • Thankyou @Nyr for such a great script, moving all my wireguard and openvpn scripts to yours after learning about the way unscrupulous people have ripped off your script

    Thanked by (1)AlwaysSkint
  • @kuroneko23 said:
    @Nyr is this script usable in Xen VPS?

    It works even on OpenVZ, so no problem with Xen

    Thanked by (3)kuroneko23 Nyr Ouji
  • @Nyr I tried to install this script on my LinuxMint 19 PC but it says unsupported

  • SpeedBusSpeedBus Hosting ProviderOG

    @sonic said:
    @Nyr I tried to install this script on my LinuxMint 19 PC but it says unsupported

    Just curious, whats the kernel version on this ?

    CrownCloud - Internet Services | Los Angeles, California | Frankfurt, Germany | Amsterdam, The Netherlands | Atlanta, Georgia | Miami, Florida

  • @sonic said: I tried to install this script on my LinuxMint 19 PC but it says unsupported

    Mint is 100% untested and I don't plan on supporting it, given that it isn't a server distribution. One could edit the version check to force $os to "debian", but no guarantees.

  • Sorry for the bump, but anyone know how to use the generated config into linux desktop easily, with all traffic routed into wireguard?

    I tried in manjaro KDE, but I couldn't find something like easy import.

    Or maybe are there any nice desktop application like as in MacOS?

    Thank you

  • edited November 2020

    @akhfa said:
    Sorry for the bump, but anyone know how to use the generated config into linux desktop easily, with all traffic routed into wireguard?

    I tried in manjaro KDE, but I couldn't find something like easy import.

    Or maybe are there any nice desktop application like as in MacOS?

    Thank you

    Exactly i never found a way to connect to wireguard server on Linux (specially in cli )and am using openvpn instead

    Want free vps ? https://microlxc.net

  • @codelock said:

    @akhfa said:
    Sorry for the bump, but anyone know how to use the generated config into linux desktop easily, with all traffic routed into wireguard?

    I tried in manjaro KDE, but I couldn't find something like easy import.

    Or maybe are there any nice desktop application like as in MacOS?

    Thank you

    Exactly i never found a way to connect to wireguard server on Linux (specially in cli )and am using openvpn instead

    Should be similar when you are setup wireguard server.

    A simple uptime dashboard using UptimeRobot API https://upy.duo.ovh
    Currently using VPS from BuyVM, GreenCloudVPS, Gullo's, Hetzner, HostHatch, InceptionHosting, LetBox, MaxKVM, MrVM, VirMach.

  • edited November 2020

    Thank you for such a good installer @Nyr

    From my experience with NAT Vps, Wireguard with Boring Tun is much slower than OpenVPN.

    So, I Will stick with OpenVpn for now.

    For OpenVpn, I'm using your installer as well.

  • Hm, what would I need to add to the config of a client, to tell it to show everything except 172.16.0.0/16 through the tunnel?
    I would think the AllowedIPs = 0.0.0.0/0, ::/0 matches the everything, but how to make the exception? ... :#

  • NyrNyr OG
    edited December 2020

    @flips said: Hm, what would I need to add to the config of a client, to tell it to show everything except 172.16.0.0/16 through the tunnel?
    I would think the AllowedIPs = 0.0.0.0/0, ::/0 matches the everything, but how to make the exception? ...

    Except if you client supports anything easier, you need to use the AllowedIPs directive to allow everything except that subnet.

    For your use case, this will work:
    AllowedIPs = 0.0.0.0/1, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.17.0.0/16, 172.18.0.0/15, 172.20.0.0/14, 172.24.0.0/13, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/2, ::/0

    Thanked by (2)flips Ouji
  • @Nyr said:

    @flips said: Hm, what would I need to add to the config of a client, to tell it to show everything except 172.16.0.0/16 through the tunnel?
    I would think the AllowedIPs = 0.0.0.0/0, ::/0 matches the everything, but how to make the exception? ...

    Except if you client supports anything easier, you need to use the AllowedIPs directive to allow everything except that subnet.

    For your use case, this will work:
    AllowedIPs = 0.0.0.0/1, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.17.0.0/16, 172.18.0.0/15, 172.20.0.0/14, 172.24.0.0/13, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/2, ::/0

    Thanks! :) And then traffic to 172.16/16 would reach the LAN, the rest be tunneled through the Wireguard connection? Or did I get this backwards or wrong? :D

  • @flips said: traffic to 172.16/16 would reach the LAN, the rest be tunneled through the Wireguard connection?

    Yes.

    Thanked by (1)flips
  • @Nyr said:
    Lightweight WireGuard installer, written entirely in bash.

    GitHub:
    https://github.com/Nyr/wireguard-install

    One-liner:
    wget https://git.io/wireguard -O wireguard-install.sh && bash wireguard-install.sh

    Supported distros:
    - Ubuntu 20.04 and 18.04
    - Debian 10
    - Centos 8 and 7
    - Fedora 32 and 31

    FAQ:

    Will it work in my Raspberry Pi?
    Probably, I don't have one to test. Install the raspberrypi-kernel-headers package and hope for the best. But you should consider using a distribution with built-in kernel support when it becomes available.

    OpenVZ support?
    News on this soon. I have something in mind, but I want to do it right and it's a decent ammount of work. That's why I wanted to release the current version of wireguard-install, which is fully compatible with everything else first.

    Can you add x feature?
    Maybe, if it's worth it. But I'll keep the installer simple and functional, so keep that in mind. Niche features are unlikely to be implemented.

    I like the project, how can I help?
    Tell other people about it! wireguard-install is new and many people do not yet know about it. Some other low-quality tools based on my openvpn-install work exist, with credits and copyright notices removed. It's a sad sight to me after nearly a decade maintaining openvpn-install.

    Great work :) Tried this and worked like a charm :) Thanks boss

  • @mikho said:
    @kuroneko23 @Nyr

    True that both AU nodes are OVZ6.
    I’ve run into some problems with how Virtualizor decided to change from serial console (like in OVZ6) to VNC on Virtuozzo OVZ7.

    It has caused me to rethink the whole node deployment for OVZ7.

    Currently trying to figure out the best way, moving forward.

    @Nyr if you ever need a container to test with, let me know.
    I have a soft spot for projects like these. ;)

    Any update on the OVZ7 upgrade @mikho ?

  • Nyr's tag OG=OpenVPN God ;)

    Thanked by (1)Naix

    It wisnae me! A big boy done it and ran away.
    NVMe2G for life! until death (the end is nigh)

  • XetHostXetHost Hosting Provider

    Thank you for sharing it.

    XetHost | VPS, Dedicated servers, SMTP services from Hungary | We accept Bitcoin and altcoins!

  • edited December 2020

    I have installed this on 2 different VPS
    First with both ipv4 and ipv6 address - I can ping and access both ipv4 and ipv6 addresses
    Second only has ipv6 address - I can ping and access all ipv4 websites but no ipv6 address . Not even ping to google ipv6 is working
    If AllowedIPs = 0.0.0.0/0, ::/0 then i cannot access anything . Cant even ping Google ipv4 and ipv6
    If AllowedIPs = 10.7.0.0/24, fddd:2c4:2c4:2c4::/64 then i can ping/access ipv4 only
    If AllowedIPs = fddd:2c4:2c4:2c4::/64 then also only ipv4 connectivity

    can any one help me out on this .

    A suggestion for OP - Pls add an option to select ipv4 or ipv6 address for wireguard interface . It gives the option to select ipv4 or hostname . Script works fine after manually editing Endpoint to the VPS ipv6 address in client config file
    @Nyr

  • @Nyr The script is not working if endpoint is ipv6 address .
    Tried it 2 VPSs
    On a ipv4+ipv6 VPS
    and
    ipv6 only VPS
    Can u pls check

  • @kuduku said:
    @Nyr The script is not working if endpoint is ipv6 address .
    Tried it 2 VPSs
    On a ipv4+ipv6 VPS
    and
    ipv6 only VPS
    Can u pls check

    Sorted out my issue
    Script works perfect
    Many thanks to @Nyr

  • @Nyr Amazing script, I've been rocking it for some time now. However I've got a question, can multiple devices use the same client at the same time?

  • @gms said:
    @Nyr Amazing script, I've been rocking it for some time now. However I've got a question, can multiple devices use the same client at the same time?

    No, each client can only be used by one device at a time, technically you use the same client config on multiple devices as long as only one is using it at a time.

    Thanked by (3)Freek gms Ouji
  • @Razza said:

    @gms said:
    @Nyr Amazing script, I've been rocking it for some time now. However I've got a question, can multiple devices use the same client at the same time?

    No, each client can only be used by one device at a time, technically you use the same client config on multiple devices as long as only one is using it at a time.

    Thanks for the explanation, much appreciated.

  • is it possible to make it for freebsd ☺

  • Anyone managed to make it work with GCP VM? I can ping server - client just fine but it won't let me connect to the internet or other client.

  • @kuroneko23 said: Anyone managed to make it work with GCP VM? I can ping server - client just fine but it won't let me connect to the internet or other client.

    I have just worked around this issue with some GCP images in the latest commit. It should be fine now :)

  • havochavoc OG
    edited June 2021

    Nevermind

  • I can confirm it works on gcp ubuntu18 (just installed wg with automator yesterday).

    Thanked by (1)vimalware
  • For anyone referencing this script in documentation or anywhere else: git.io is being phased out this Friday, so if your documentation referenced the one-liner, it needs to be updated to something like this:

    wget https://github.com/Nyr/wireguard-install/raw/master/wireguard-install.sh && bash wireguard-install.sh

    Thank GitHub for the generous 5-day advance notice.

Sign In or Register to comment.