ungleich-tools/wireguard/gen-tunnels.sh

#!/bin/sh
# 2021-12-30
# Nico Schottelius

if [ $# -ne 7 ] ; then
    echo $0 "v6|v4" vpngw vpnpubkey prefix mask start end
    echo "f.i. $0 v4 vpn-....ungleich.ch:51820 6BRnQ.. 192.0.0. 32 22 43"
    echo "f.i. $0 v6 vpn-....ungleich.ch:51820 6BRnQ.. 2a0a:e5c0: 48 22 333"
    exit 1
fi

v4v6=$1; shift
vpngw=$1; shift
vpnpub=$1; shift
prefix=$1; shift
mask=$1; shift
start=$1; shift
end=$1; shift

case "$v4v6" in
    v6)
        sep=":"
        allowed_ips="::/0"
        gw_mask="/128"
        ;;
    v4)
        sep="."
        allowed_ips="0.0.0.0/0"
        gw_mask="/32"
        ;;

    *)
        echo "Unsupported, use v6 or v4" >&2
        exit 1
        ;;
esac

: > gw.conf

for ip in $(seq $start $end); do
    privkey=$(wg genkey)
    pubkey=$(echo $privkey | wg pubkey)

    addr=$prefix${sep}${ip}/${mask}
    addr_nomask=$prefix${sep}${ip}
    file="${addr_nomask}.conf"
    echo "Writing ${file} and updating gw.conf"

    cat <<EOF > $file
[Interface]
PrivateKey = ${privkey}
Address = ${addr}

[Peer]
PublicKey = ${vpnpub}
Endpoint = ${vpngw}
AllowedIPs = ${allowed_ips}

EOF
    cat <<EOF >> gw.conf

[Peer]
PublicKey = ${pubkey}
AllowedIPs = ${addr_nomask}${gw_mask}
EOF


done