Thankyou @Nyr for such a great script, moving all my wireguard and openvpn scripts to yours after learning about the way unscrupulous people have ripped off your script
@sonic said: I tried to install this script on my LinuxMint 19 PC but it says unsupported
Mint is 100% untested and I don't plan on supporting it, given that it isn't a server distribution. One could edit the version check to force $os to "debian", but no guarantees.
@akhfa said:
Sorry for the bump, but anyone know how to use the generated config into linux desktop easily, with all traffic routed into wireguard?
I tried in manjaro KDE, but I couldn't find something like easy import.
Or maybe are there any nice desktop application like as in MacOS?
Thank you
Exactly i never found a way to connect to wireguard server on Linux (specially in cli )and am using openvpn instead
Should be similar when you are setup wireguard server.
⭕ A simple uptime dashboard using UptimeRobot API https://upy.duo.ovh
⭕ Currently using VPS from BuyVM, GreenCloudVPS, Gullo's, Hetzner, HostHatch, InceptionHosting, LetBox, MaxKVM, MrVM, VirMach.
Hm, what would I need to add to the config of a client, to tell it to show everything except 172.16.0.0/16 through the tunnel?
I would think the AllowedIPs = 0.0.0.0/0, ::/0 matches the everything, but how to make the exception? ...
@flips said: Hm, what would I need to add to the config of a client, to tell it to show everything except 172.16.0.0/16 through the tunnel?
I would think the AllowedIPs = 0.0.0.0/0, ::/0 matches the everything, but how to make the exception? ...
Except if you client supports anything easier, you need to use the AllowedIPs directive to allow everything except that subnet.
For your use case, this will work: AllowedIPs = 0.0.0.0/1, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.17.0.0/16, 172.18.0.0/15, 172.20.0.0/14, 172.24.0.0/13, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/2, ::/0
@flips said: Hm, what would I need to add to the config of a client, to tell it to show everything except 172.16.0.0/16 through the tunnel?
I would think the AllowedIPs = 0.0.0.0/0, ::/0 matches the everything, but how to make the exception? ...
Except if you client supports anything easier, you need to use the AllowedIPs directive to allow everything except that subnet.
For your use case, this will work: AllowedIPs = 0.0.0.0/1, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.17.0.0/16, 172.18.0.0/15, 172.20.0.0/14, 172.24.0.0/13, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/2, ::/0
Thanks! And then traffic to 172.16/16 would reach the LAN, the rest be tunneled through the Wireguard connection? Or did I get this backwards or wrong?
Supported distros:
- Ubuntu 20.04 and 18.04
- Debian 10
- Centos 8 and 7
- Fedora 32 and 31
FAQ:
Will it work in my Raspberry Pi?
Probably, I don't have one to test. Install the raspberrypi-kernel-headers package and hope for the best. But you should consider using a distribution with built-in kernel support when it becomes available.
OpenVZ support?
News on this soon. I have something in mind, but I want to do it right and it's a decent ammount of work. That's why I wanted to release the current version of wireguard-install, which is fully compatible with everything else first.
Can you add x feature?
Maybe, if it's worth it. But I'll keep the installer simple and functional, so keep that in mind. Niche features are unlikely to be implemented.
I like the project, how can I help?
Tell other people about it! wireguard-install is new and many people do not yet know about it. Some other low-quality tools based on my openvpn-install work exist, with credits and copyright notices removed. It's a sad sight to me after nearly a decade maintaining openvpn-install.
Great work Tried this and worked like a charm Thanks boss
True that both AU nodes are OVZ6.
I’ve run into some problems with how Virtualizor decided to change from serial console (like in OVZ6) to VNC on Virtuozzo OVZ7.
It has caused me to rethink the whole node deployment for OVZ7.
Currently trying to figure out the best way, moving forward.
@Nyr if you ever need a container to test with, let me know.
I have a soft spot for projects like these.
I have installed this on 2 different VPS
First with both ipv4 and ipv6 address - I can ping and access both ipv4 and ipv6 addresses
Second only has ipv6 address - I can ping and access all ipv4 websites but no ipv6 address . Not even ping to google ipv6 is working
If AllowedIPs = 0.0.0.0/0, ::/0 then i cannot access anything . Cant even ping Google ipv4 and ipv6
If AllowedIPs = 10.7.0.0/24, fddd:2c4:2c4:2c4::/64 then i can ping/access ipv4 only
If AllowedIPs = fddd:2c4:2c4:2c4::/64 then also only ipv4 connectivity
can any one help me out on this .
A suggestion for OP - Pls add an option to select ipv4 or ipv6 address for wireguard interface . It gives the option to select ipv4 or hostname . Script works fine after manually editing Endpoint to the VPS ipv6 address in client config file @Nyr
@gms said: @Nyr Amazing script, I've been rocking it for some time now. However I've got a question, can multiple devices use the same client at the same time?
No, each client can only be used by one device at a time, technically you use the same client config on multiple devices as long as only one is using it at a time.
@gms said: @Nyr Amazing script, I've been rocking it for some time now. However I've got a question, can multiple devices use the same client at the same time?
No, each client can only be used by one device at a time, technically you use the same client config on multiple devices as long as only one is using it at a time.
@kuroneko23 said: Anyone managed to make it work with GCP VM? I can ping server - client just fine but it won't let me connect to the internet or other client.
I have just worked around this issue with some GCP images in the latest commit. It should be fine now
For anyone referencing this script in documentation or anywhere else: git.io is being phased out this Friday, so if your documentation referenced the one-liner, it needs to be updated to something like this:
Comments
Thankyou @Nyr for such a great script, moving all my wireguard and openvpn scripts to yours after learning about the way unscrupulous people have ripped off your script
It works even on OpenVZ, so no problem with Xen
@Nyr I tried to install this script on my LinuxMint 19 PC but it says unsupported
Just curious, whats the kernel version on this ?
CrownCloud - Internet Services | Los Angeles, California | Frankfurt, Germany | Amsterdam, The Netherlands | Atlanta, Georgia | Miami, Florida
Mint is 100% untested and I don't plan on supporting it, given that it isn't a server distribution. One could edit the version check to force $os to "debian", but no guarantees.
OpenVPN installer | WireGuard installer
Sorry for the bump, but anyone know how to use the generated config into linux desktop easily, with all traffic routed into wireguard?
I tried in manjaro KDE, but I couldn't find something like easy import.
Or maybe are there any nice desktop application like as in MacOS?
Thank you
Exactly i never found a way to connect to wireguard server on Linux (specially in cli )and am using openvpn instead
Want free vps ? https://microlxc.net
Should be similar when you are setup wireguard server.
⭕ A simple uptime dashboard using UptimeRobot API https://upy.duo.ovh
⭕ Currently using VPS from BuyVM, GreenCloudVPS, Gullo's, Hetzner, HostHatch, InceptionHosting, LetBox, MaxKVM, MrVM, VirMach.
@akhfa @codelock
https://trailofbits.github.io/algo/client-linux-wireguard.html
Or if you want a GUI: https://github.com/corrad1nho/qomui
OpenVPN installer | WireGuard installer
Thank you for such a good installer @Nyr
From my experience with NAT Vps, Wireguard with Boring Tun is much slower than OpenVPN.
So, I Will stick with OpenVpn for now.
For OpenVpn, I'm using your installer as well.
https://microlxc.net/
Hm, what would I need to add to the config of a client, to tell it to show everything except 172.16.0.0/16 through the tunnel?
I would think the
AllowedIPs = 0.0.0.0/0, ::/0matches the everything, but how to make the exception? ...Except if you client supports anything easier, you need to use the
AllowedIPsdirective to allow everything except that subnet.For your use case, this will work:
AllowedIPs = 0.0.0.0/1, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.17.0.0/16, 172.18.0.0/15, 172.20.0.0/14, 172.24.0.0/13, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/2, ::/0OpenVPN installer | WireGuard installer
Thanks! And then traffic to 172.16/16 would reach the LAN, the rest be tunneled through the Wireguard connection? Or did I get this backwards or wrong?
 And then traffic to 172.16/16 would reach the LAN, the rest be tunneled through the Wireguard connection? Or did I get this backwards or wrong? 
Yes.
OpenVPN installer | WireGuard installer
Great work Tried this and worked like a charm
 Tried this and worked like a charm  Thanks boss
 Thanks boss
Any update on the OVZ7 upgrade @mikho ?
Nyr's tag OG=OpenVPN God
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
Thank you for sharing it.
XetHost | VPS, Dedicated servers, SMTP services from Hungary | We accept Bitcoin and altcoins!
I have installed this on 2 different VPS
First with both ipv4 and ipv6 address - I can ping and access both ipv4 and ipv6 addresses
Second only has ipv6 address - I can ping and access all ipv4 websites but no ipv6 address . Not even ping to google ipv6 is working
If AllowedIPs = 0.0.0.0/0, ::/0 then i cannot access anything . Cant even ping Google ipv4 and ipv6
If AllowedIPs = 10.7.0.0/24, fddd:2c4:2c4:2c4::/64 then i can ping/access ipv4 only
If AllowedIPs = fddd:2c4:2c4:2c4::/64 then also only ipv4 connectivity
can any one help me out on this .
A suggestion for OP - Pls add an option to select ipv4 or ipv6 address for wireguard interface . It gives the option to select ipv4 or hostname . Script works fine after manually editing Endpoint to the VPS ipv6 address in client config file
@Nyr
@Nyr The script is not working if endpoint is ipv6 address .
Tried it 2 VPSs
On a ipv4+ipv6 VPS
and
ipv6 only VPS
Can u pls check
Sorted out my issue
Script works perfect
Many thanks to @Nyr
@Nyr Amazing script, I've been rocking it for some time now. However I've got a question, can multiple devices use the same client at the same time?
No, each client can only be used by one device at a time, technically you use the same client config on multiple devices as long as only one is using it at a time.
Thanks for the explanation, much appreciated.
is it possible to make it for freebsd ☺
Anyone managed to make it work with GCP VM? I can ping server - client just fine but it won't let me connect to the internet or other client.
OnePoundEmail (aff link)
I have just worked around this issue with some GCP images in the latest commit. It should be fine now
OpenVPN installer | WireGuard installer
Nevermind
I can confirm it works on gcp ubuntu18 (just installed wg with automator yesterday).
For anyone referencing this script in documentation or anywhere else: git.io is being phased out this Friday, so if your documentation referenced the one-liner, it needs to be updated to something like this:
wget https://github.com/Nyr/wireguard-install/raw/master/wireguard-install.sh && bash wireguard-install.shThank GitHub for the generous 5-day advance notice.
OpenVPN installer | WireGuard installer