#!/bin/bash
LOG_FILE=/home/WGlog/202606
TIMESTAMP=$(date "+%Y-%m-%d %H:%M:%S")
echo "=== Log entry at $TIMESTAMP ===" >> $LOG_FILE
# 抓取介面、Peer ID、端點 IP 以及最後交握時間
wg show all dump | awk 'NF>1 {print TIMESTAMP, $1, $2, $4, $5}' TIMESTAMP="$TIMESTAMP" >>$LOG_FILE
echo "" >> $LOG_FILE
編輯 leaf.cfg加入
wireguard
編輯 /etc/modules 加入
wireguard
編輯 /etc/shorewall/interfaces 加入
wg0 wg0 tcpflags,nosmurfs,routefilter,routeback
編輯 /etc/shorewall/zones 加入
wg0 ipv4
編輯 /etc/shorewall/rules 加入
ACCEPT net fw UDP 51820
ACCEPT wg0:192.168.226.1 wg0 TCP 22
ACCEPT wg0 wg0:192.168.226.1 TCP 4119,4120,4122,22
DROP wg0 wg0 all
Ping(ACCEPT) wg0 fw
產生 設定檔
#!/bin/sh
nodenum=20
spri=$(wg genkey); spub=$(echo $spri|wg pubkey)
# wireguard server
Endpoint=192.168.228.2:51820
# configure file
wg0conf=wg0.conf-
client=client.conf-
:>${client}
cat <<EOF0 >$wg0conf
#pri=${spri}
#pub=${spub}
[Interface]
Address = 192.168.226.253/24
ListenPort = 51820
PrivateKey = ${spri}
EOF0
for i in `seq 1 $nodenum`;do
pri=$(wg genkey); pub=$(echo $pri|wg pubkey)
cat <<EOF >>$client
## node $i ##############################################
[Interface]
PrivateKey = ${pri}
Address = 192.168.226.${i}/24
[Peer]
PublicKey = $spub
AllowedIPs = 192.168.226.0/24
Endpoint = ${Endpoint}
PersistentKeepalive = 25
EOF
cat <<EOF0 >>$wg0conf
## node $i ##############################################
[Peer]
PublicKey = ${pub}
AllowedIPs = 192.168.226.$i/32
EOF0
done
