File size: 1,132 Bytes
5fe6df2 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
#!/bin/bash
set -e
# Load WireGuard kernel module
modprobe wireguard || true
# Enable IP forwarding
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
# Generate WireGuard config and keys if not present
if [ ! -f /etc/wireguard/wg0.conf ]; then
python3 /usr/local/bin/generate_wireguard_config.py
fi
# Set up NAT for eth0
iptables -t nat -C POSTROUTING -o eth0 -j MASQUERADE 2>/dev/null || \
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Allow forwarding between wg0 and eth0
iptables -C FORWARD -i wg0 -o eth0 -j ACCEPT 2>/dev/null || \
iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
iptables -C FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || \
iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Save iptables rules
netfilter-persistent save || true
# Start WireGuard
wg-quick up wg0
# Health check loop (optional)
while true; do
sleep 60
if ! ip link show wg0 | grep -q 'state UP'; then
echo "[WARN] wg0 is down, restarting..."
wg-quick down wg0 || true
wg-quick up wg0
fi
done
|