https://github.com/coralesoft/openwrt-wireguard-installer
Interactive WireGuard installer for OpenWrt. Generates peer configs with QR codes, applies UCI network/firewall changes, and supports rollback.
https://github.com/coralesoft/openwrt-wireguard-installer
firewall network-automation network-tools networking openwrt openwrt-configuration openwrt-installation qr-code router security shell-script uci vpn wireguard
Last synced: 3 months ago
JSON representation
Interactive WireGuard installer for OpenWrt. Generates peer configs with QR codes, applies UCI network/firewall changes, and supports rollback.
- Host: GitHub
- URL: https://github.com/coralesoft/openwrt-wireguard-installer
- Owner: Coralesoft
- License: mit
- Created: 2025-07-22T11:40:33.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2025-07-30T06:59:22.000Z (3 months ago)
- Last Synced: 2025-07-30T08:46:34.037Z (3 months ago)
- Topics: firewall, network-automation, network-tools, networking, openwrt, openwrt-configuration, openwrt-installation, qr-code, router, security, shell-script, uci, vpn, wireguard
- Language: Shell
- Homepage:
- Size: 105 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# OpenWrt WireGuard Ineractive Installer
An interactive shell script to quickly and safely configure a WireGuard VPN server on an OpenWrt router.
It guides you through generating keys, applying network and firewall settings, and creating ready-to-import `.conf` files for client devices β with optional QR code output for mobile use and built-in rollback for peace of mind.
v2025.7.5
---
## β¨ Features
- Interactive prompts for all setup variables
- Generates secure keypairs and `.conf` files for each peer
- Optional QR code output for mobile devices
- Automatically applies UCI network and firewall rules
- Creates timestamped backups and supports rollback
- Built specifically for OpenWrt
---
## 𧱠Requirements
- OpenWrt 23.05 or newer (tested on Raspberry Pi CM router and a x86 based router)
- Installed packages:
```sh
opkg update
opkg install wireguard-tools luci-app-wireguard
```
- (Optional for QR codes):
```sh
opkg install qrencode
```
---
## π₯ Installation
1. **Download the script**:
```sh
curl -O https://raw.githubusercontent.com/Coralesoft/openwrt-wireguard-installer/main/wg-openwrt-installer.sh
chmod +x wg-openwrt-installer.sh
```
2. **Run it ** on your OpenWrt router:
```sh
./wg-openwrt-installer.sh
```
---
## βοΈ Usage
The script will prompt you to:
- Name the WireGuard interface
- Set port, address, zones, and DNS
- Enter your public endpoint (`host:port`)
- Define the number of peers
- Provide each peerβs name and IP
Each peer will get:
- A secure private key
- A complete `.conf` file (for use in desktop or mobile clients)
- An optional QR code displayed in the terminal (if `qrencode` is installed)
---
## π Output
All generated files are saved under:
```
/etc/wireguard/
βββ privatekey # Server key
βββ publickey # Server key
βββ peers/
βββ phone.conf
βββ phone-privatekey
βββ phone-publickey
βββ ...
```
---
## π Rollback
At the end of the setup, youβll be prompted to roll back your changes.
If confirmed, it restores:
- `/etc/config/network.bak.`
- `/etc/config/firewall.bak.`
---
## Example
A sample generated `.conf` for a peer:
```ini
[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Address = 192.168.20.2/32
DNS = 192.168.20.1
[Peer]
PublicKey = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
Endpoint = vpn.example.com:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
```
Import this into the WireGuard app on iOS/Android, or use with `wg-quick` on desktop.
---
## π Roadmap
- [ ] Add uninstall/teardown script - in progress
- [ ] Regenerate or revoke peer keys
- [ ] Add script to regenerate peer QR codes
---
## π§Ή Uninstall
To remove all WireGuard configuration, keys, peers, and firewall rules, use the included uninstall script.
### Usage
Run normally to uninstall:
```sh
./wg-uninstall.sh
```
Run in dry-run mode to preview what will be removed:
```sh
./wg-uninstall.sh --dry-run
```
---
## π¬ Feedback
Pull requests, issues, and suggestions are welcome.
Open an issue at [github.com/Coralesoft/Openwrt-Wireguard-Installer/issues](https://github.com/Coralesoft/Openwrt-Wireguard-Installer/issues).
## Support the Project
If this project helps you streamline your OpenWrt setup and youβd like to support ongoing development, consider buying me a coffee. Your contribution keeps the creativity flowing and helps sustain future updates.
