{"id":49565302,"url":"https://github.com/andrey0001/wireguard-setup","last_synced_at":"2026-05-03T11:32:12.694Z","repository":{"id":325541687,"uuid":"1020791288","full_name":"andrey0001/wireguard-setup","owner":"andrey0001","description":"WireGuard VPN Server Setup Script","archived":false,"fork":false,"pushed_at":"2025-11-22T00:05:48.000Z","size":19,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-11-22T00:18:31.973Z","etag":null,"topics":["bash","bash-script","bash-scripting","script","wireguard","wireguard-vpn","wireguard-vpn-setup"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andrey0001.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-07-16T11:57:45.000Z","updated_at":"2025-11-22T00:05:51.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/andrey0001/wireguard-setup","commit_stats":null,"previous_names":["andrey0001/wireguard-setup"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/andrey0001/wireguard-setup","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrey0001%2Fwireguard-setup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrey0001%2Fwireguard-setup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrey0001%2Fwireguard-setup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrey0001%2Fwireguard-setup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andrey0001","download_url":"https://codeload.github.com/andrey0001/wireguard-setup/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrey0001%2Fwireguard-setup/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32567205,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-03T06:36:36.687Z","status":"ssl_error","status_checked_at":"2026-05-03T06:36:09.306Z","response_time":103,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","bash-script","bash-scripting","script","wireguard","wireguard-vpn","wireguard-vpn-setup"],"created_at":"2026-05-03T11:32:12.086Z","updated_at":"2026-05-03T11:32:12.688Z","avatar_url":"https://github.com/andrey0001.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WireGuard VPN Server Setup Script\n\nA comprehensive bash script for setting up and managing a WireGuard VPN server on Debian-based Linux systems.\n\n## Features\n\n- **Easy Setup**: Quickly deploy a WireGuard VPN server with sensible defaults\n- **NAT Configuration**: Automatically configures NAT for the WireGuard interface\n- **Enhanced Security**: Uses preshared keys for additional security\n- **Client Management**: Generate and manage client configurations\n- **QR Code Generation**: Creates scannable QR codes for easy mobile setup\n- **Multiple Interfaces**: Support for multiple WireGuard interfaces (wg0, wg1, etc.)\n- **Custom DNS**: Configure custom DNS servers for clients\n- **Persistent Configuration**: Saves settings for future client additions\n\n## Requirements\n\n- Debian-based Linux system (Ubuntu, Debian, etc.)\n- Root privileges\n- Internet connection\n\n## Installation\n\n1. Download the script:\n   ```bash\n   wget https://raw.githubusercontent.com/andrey0001/wireguard-setup/refs/heads/master/wireguard-setup.sh\n   ```\n\n2. Make it executable:\n   ```bash\n   chmod +x wireguard-setup.sh\n   ```\n\n## Usage\n\n```\nUsage: ./wireguard-setup.sh [options]\nOptions:\n  -s, --subnet SUBNET     Specify subnet (default: 10.0.0.0/24)\n  -p, --port PORT         Specify port (default: 51820)\n  -c, --clients COUNT     Number of clients to create (default: 1)\n  -i, --interface NAME    WireGuard interface name (default: wg0)\n  -d, --dns DNS_SERVERS   Comma-separated list of DNS servers (default: 1.1.1.1,8.8.8.8)\n  -f, --fqdn NAME         WireGuard Endpoint (defauld: IP-ADDRESS)\n  -a, --add-client NAME   Add a new client to existing setup\n  -h, --help              Display this help message\n```\n\n## Examples\n\n### Basic Setup\n\nSet up a WireGuard server with default settings:\n\n```bash\nsudo ./wireguard-setup.sh\n```\n\nThis will:\n- Create a WireGuard interface named `wg0`\n- Use subnet `10.0.0.0/24`\n- Listen on port `51820`\n- Create 1 client configuration\n- Use Cloudflare and Google DNS servers (1.1.1.1, 8.8.8.8)\n\n### Custom Setup\n\nSet up a WireGuard server with custom settings:\n\n```bash\nsudo ./wireguard-setup.sh --subnet 192.168.5.0/24 --port 51821 --clients 3 --dns \"9.9.9.9,1.1.1.1\"\n```\n\nThis will:\n- Create a WireGuard interface named `wg0`\n- Use subnet `192.168.5.0/24`\n- Listen on port `51821`\n- Create 3 client configurations\n- Use Quad9 and Cloudflare DNS servers (9.9.9.9, 1.1.1.1)\n\n### Multiple Interfaces\n\nSet up a second WireGuard interface:\n\n```bash\nsudo ./wireguard-setup.sh --interface wg1 --subnet 10.1.0.0/24 --port 51821\n```\n\nThis will create a separate WireGuard interface with its own configuration and clients.\n\n### Adding Clients\n\nAdd a new client to an existing WireGuard server:\n\n```bash\nsudo ./wireguard-setup.sh --add-client john\n```\n\nAdd a client to a specific interface:\n\n```bash\nsudo ./wireguard-setup.sh --interface wg1 --add-client jane\n```\n\nAdd a client with custom DNS:\n\n```bash\nsudo ./wireguard-setup.sh --add-client bob --dns \"192.168.1.1,8.8.8.8\"\n```\n\n## Configuration Files\n\nThe script creates and manages the following files:\n\n- **Server Configuration**: `/etc/wireguard/wg0.conf` (or wg1.conf, etc.)\n- **Client Configurations**: `/etc/wireguard/clients/wg0/client1.conf` (and others)\n- **QR Codes**: `/etc/wireguard/clients/wg0/client1.png` (and others)\n- **Script Configuration**: `wireguard-setup.conf` (in the current directory)\n\n## Client Setup\n\n### Mobile Devices\n\n1. Install the WireGuard app from the App Store or Google Play\n2. Scan the QR code displayed in the terminal or saved as PNG\n3. Activate the VPN connection\n\n### Desktop Devices\n\n1. Install the WireGuard client for your OS\n2. Copy the client configuration file from `/etc/wireguard/clients/wg0/client1.conf`\n3. Import the configuration into the WireGuard client\n4. Activate the VPN connection\n\n## Advanced Usage\n\n### Running Multiple Instances\n\nYou can run multiple instances of the script from different directories to manage separate WireGuard setups:\n\n```bash\n# In directory A\nmkdir -p ~/vpn-office\ncd ~/vpn-office\nsudo ~/wireguard-setup.sh --interface wg0 --subnet 10.1.5.0/24 --port 12345\n\n# In directory B\nmkdir -p ~/vpn-home\ncd ~/vpn-home\nsudo ~/wireguard-setup.sh --interface wg1 --subnet 10.1.6.0/24 --port 12346\n```\n\nEach directory will have its own `wireguard-setup.conf` file, allowing you to manage different WireGuard setups independently.\n\n### Firewall Configuration\n\nThe script configures NAT and basic firewall rules, but you may need to open the WireGuard port in your firewall:\n\n```bash\nsudo ufw allow 51820/udp  # For default setup\nsudo ufw allow 51821/udp  # For additional interfaces\n```\n\n## Troubleshooting\n\n### Client Cannot Connect\n\n1. Verify the server is running:\n   ```bash\n   sudo wg show\n   ```\n\n2. Check if the port is open:\n   ```bash\n   sudo ss -lnpu | grep wg\n   ```\n\n3. Verify firewall rules:\n   ```bash\n   sudo ufw status\n   ```\n\n### Connection Issues\n\nIf clients can connect but cannot access the internet:\n\n1. Verify IP forwarding is enabled:\n   ```bash\n   cat /proc/sys/net/ipv4/ip_forward\n   ```\n   Should return `1`\n\n2. Check NAT configuration:\n   ```bash\n   sudo iptables -t nat -L -v\n   ```\n   Should show MASQUERADE rules for the WireGuard interface\n\n## Security Considerations\n\n- The script generates strong keys and uses preshared keys for additional security\n- Client configurations contain sensitive information and should be protected\n- Consider using a firewall to restrict access to the WireGuard port\n- Regularly update your system to patch security vulnerabilities\n\n## License\n\nThis script is provided under the MIT License. See the LICENSE file for details.\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrey0001%2Fwireguard-setup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandrey0001%2Fwireguard-setup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrey0001%2Fwireguard-setup/lists"}