Skip to content

[UBUNTU] install wireguard ubuntu 22.04

Jump to bottom
fourslickz edited this page Feb 18, 2026 · 3 revisions

generate keys

wg genkey | tee server_private.key | wg pubkey > server_public.key

/etc/wireguard/wg0.conf

[Interface]
PrivateKey = SDSVG+7KStdmy8JcT3/pZYzb9N1u1uiH9qBFlgQHcVY=
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -j MASQUERADE

/usr/local/bin/make-client.sh

#!/bin/bash

# ============ KONFIGURASI ============
SERVER_IP="143.198.196.255"    # Ganti dengan IP publik server kamu
SERVER_PORT=51820
WG_INTERFACE="wg0"
WG_DIR="/etc/wireguard"
KEY_DIR="$WG_DIR/wg-keys"
OUT_IF="eth0"  # interface internet (misalnya eth0 atau ens3)
# ======================================

# Cek argumen
if [ $# -ne 2 ]; then
  echo "❌ Usage: $0 <client_name> <client_ip>"
  echo "Contoh: $0 client1 10.0.0.2"
  exit 1
fi

CLIENT_NAME="$1"
CLIENT_IP="$2"
CLIENT_DIR="$KEY_DIR/$CLIENT_NAME"
CONF_FILE="$CLIENT_DIR/$CLIENT_NAME.conf"
SERVER_PRIV_KEY_FILE="$KEY_DIR/server_private.key"
SERVER_PUB_KEY_FILE="$KEY_DIR/server_public.key"
WG_CONF="$WG_DIR/$WG_INTERFACE.conf"

# Cek server key
if [ ! -f "$SERVER_PUB_KEY_FILE" ] || [ ! -f "$SERVER_PRIV_KEY_FILE" ]; then
  echo "❌ server_public.key / server_private.key tidak ditemukan di $KEY_DIR"
  exit 1
fi

SERVER_PUBLIC_KEY=$(cat "$SERVER_PUB_KEY_FILE")

# Buat direktori client
sudo mkdir -p "$CLIENT_DIR"
sudo chmod 700 "$CLIENT_DIR"

# Generate client keypair
CLIENT_PRIV=$(wg genkey)
CLIENT_PUB=$(echo "$CLIENT_PRIV" | wg pubkey)

echo "$CLIENT_PRIV" | sudo tee "$CLIENT_DIR/privatekey" > /dev/null
echo "$CLIENT_PUB" | sudo tee "$CLIENT_DIR/publickey" > /dev/null
sudo chmod 600 "$CLIENT_DIR/privatekey" "$CLIENT_DIR/publickey"

# Buat file config client
sudo tee "$CONF_FILE" > /dev/null <<EOF
[Interface]
PrivateKey = $CLIENT_PRIV
Address = $CLIENT_IP/24
DNS = 1.1.1.1

[Peer]
PublicKey = $SERVER_PUBLIC_KEY
Endpoint = $SERVER_IP:$SERVER_PORT
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
EOF

sudo chmod 600 "$CONF_FILE"

# Tambahkan ke wg0.conf jika belum ada
if ! grep -q "$CLIENT_PUB" "$WG_CONF" 2>/dev/null; then
  echo -e "\n# $CLIENT_NAME\n[Peer]\nPublicKey = $CLIENT_PUB\nAllowedIPs = $CLIENT_IP/32" | sudo tee -a "$WG_CONF" > /dev/null
  echo "✅ Peer '$CLIENT_NAME' ditambahkan ke $WG_CONF"
else
  echo "ℹ️ PublicKey sudah ada di $WG_CONF, dilewati"
fi

# Reload WireGuard
sudo wg-quick down "$WG_INTERFACE" 2>/dev/null
sudo wg-quick up "$WG_INTERFACE"

echo -e "\n✅ Konfigurasi selesai untuk client '$CLIENT_NAME'"
echo "📄 Config: $CONF_FILE"
echo "🔑 PublicKey: $CLIENT_PUB"

# QR Code
if command -v qrencode > /dev/null; then
  echo "📱 QR Code (scan via WireGuard Mobile):"
  sudo cat "$CONF_FILE" | qrencode -t ansiutf8
else
  echo "ℹ️ qrencode tidak ditemukan, lewati QR code"
fi

show keys

wg show

FIREWALL

iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT

alternate conf without modifiy firewall

[Interface]
Address = 10.10.0.1/24
ListenPort = 51820
PrivateKey = oK1TLYk66W9OoOlMNw7AkDmgZo/H6Vp4c6YxURqf2lY=

# Enable NAT
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Clone this wiki locally