Do you want to continue? [Y/n] y

Installing WireGuard, please wait...

• apt-get -yqq update
• apt-get -yqq install wireguard qrencode
  Error: 'apt-get install' failed.

Hello, I encountered an issue when the subnet is being filled to the limit.

Does the script only work in one subnet? Is it possible to make the script continue creating client certs in additional subnets?

任务列表

• 我已阅读 自述文件
• 我已按照说明 配置 VPN 客户端
• 我搜索了已有的 Issues
• 这个 bug 是关于 VPN 安装脚本，而不是 WireGuard VPN 本身

问题描述
使用清楚简明的语言描述这个 bug。

重现步骤
重现该 bug 的步骤：

1. ...

Error: This system is running inside a container, which is not supported by this installer.

期待的正确结果
简要地描述你期望的正确结果。

日志
添加错误日志以帮助解释该问题（如果适用）。

服务器信息（请填写以下信息）

• 操作系统: [比如 Debian 11]
• 服务提供商（如果适用）: [比如 GCP, AWS]

客户端信息（请填写以下信息）

• 设备: [比如 iPhone 12]
• 操作系统: [比如 iOS 15]

其它信息
添加关于该 bug 的其它信息。

Checklist

• I searched existing Issues, and did not find a similar enhancement request
• This enhancement request is about the VPN setup script, and not WireGuard VPN itself
• I read the README
• I followed instructions to configure VPN clients

Describe the enhancement request
Add support for openSUSE Linux system.

Is your enhancement request related to a problem? Please describe.
Currently, openSUSE is not supported by the installation script.

Additional context
None

Checklist

• I read the README
• I followed instructions to configure VPN clients
• I searched existing Issues
• This bug is about the VPN setup script, and not WireGuard VPN itself

Describe the issue
A clear and concise description of what the bug is.
After the auto successful installation amazon ec2 ubuntu server . I connected to it on android and also tried to connect to it on laptop, but to no avail. no internet connection

To Reproduce
Steps to reproduce the behavior:

1. ...
2. ...

Expected behavior
A clear and concise description of what you expected to happen.

Logs
Add error logs to help explain the problem, if applicable.

Server (please complete the following information)

• OS: [e.g. Debian 11]
• Hosting provider (if applicable): [e.g. GCP, AWS]

Client (please complete the following information)

• Device: [e.g. iPhone 12]
• OS: [e.g. iOS 15]

Additional context
Add any other context about the problem here.

Checklist

• I searched existing Issues, and did not find a similar enhancement request
• This enhancement request is about the VPN setup script, and not WireGuard VPN itself
• I read the README
• I followed instructions to configure VPN clients

Describe the enhancement request
The script should add Arch Linux support

Is your enhancement request related to a problem? Please describe.
No

Additional context
Well most of the wireguard-install script either don't support Arch Linux or barely support it. So it would be great for this script to support it.

Hi, thank you so much for this script.
Can you please give me an advice how can I config VPN to work only with special sites?

Thank you again

感觉带宽会下降一半，不知道是clash的问题，还是这边的问题

please add uninstall script, thanks

系统：轻量云centos7.6
问题：安装过程正常，但是服务器重启后，wireguard没有开机自启动。
需要怎么手动启动呢或者加入开机自启动

因为ip段固定，无法进行更改吗

任务列表

• 我搜索了已有的 Issues，没有找到类似的改进建议
• 这个改进建议是关于 VPN 安装脚本，而不是 WireGuard VPN 本身
• 我已阅读 自述文件
• 我已按照说明 配置 VPN 客户端

描述改进建议
建议在脚本安装完成后，修改/etc/sysctl.conf，新增如下：
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

你的改进建议与遇到的问题有关吗？请描述。
我按脚本安装完成后发现WiFi连接VPN，无法翻墙，流量连接VPN，可以翻墙。在sysctl.conf增加这些后WiFi也可以翻墙了。我其实不懂这配置的意思，开发者可以评估下。

作者你好，我想咨询一下分流的问题还有就是wireguard数据传输安全吗

任务列表

• 我搜索了已有的 Issues，没有找到类似的改进建议
• 这个改进建议是关于 VPN 安装脚本，而不是 WireGuard VPN 本身
• 我已阅读 自述文件
• 我已按照说明 配置 VPN 客户端

描述改进建议
使用清楚简明的语言描述你的改进建议。

你的改进建议与遇到的问题有关吗？请描述。
（如果适用）清楚，简洁地说明问题所在。

其它信息
添加关于该改进建议的其它信息。

Checklist

• I m looking to implement it with no actual logs

Describe the enhancement request
A clear and concise description of an implementation with no logs

Checklist

• [ x] I searched existing Issues, and did not find a similar enhancement request
• [x ] This enhancement request is about the VPN setup script, and not WireGuard VPN itself
• [x ] I read the README
• [ x] I followed instructions to configure VPN clients

Describe the enhancement request
When running sudo bash wireguard.sh after having setup the server and clients the following options are available:

1. Add a new client
2. List existing clients
3. Remove an existing client
4. Remove WireGuard
5. Exit

It would be quite helpful to add a 6th option, regenerate QR code for existing client. This would be most useful when people update their phones and reinstall everything and in the instances where people want to access with their PC as well as their phone (one person, 2 devices).

Is your enhancement request related to a problem? Please describe.
No everything works reliably.

Additional context

#1

Understood, at what moment there is an error described above. Everything works fine until the first reboot of the server. After a reboot, the problem recurs. That is, the handshake goes well, but there is no Internet access.

Please tell me what information to provide you so that you can possibly help me.

任务列表

• [✓ ] 我搜索了已有的 Issues，没有找到类似的改进建议
• [✓ ] 这个改进建议是关于 VPN 安装脚本，而不是 WireGuard VPN 本身
• [ ✓] 我已阅读 自述文件
• [ ✓] 我已按照说明 配置 VPN 客户端

描述改进建议
使用清楚简明的语言描述你的改进建议。
现在这个脚本不能运行在lxc里面或者docker里面，

你的改进建议与遇到的问题有关吗？请描述。
（如果适用）清楚，简洁地说明问题所在。
WireGuard本身是可以运行在docker或者lxc里面的，只要给权限就可以了，还有映射tun

其它信息
添加关于该改进建议的其它信息。

Checklist

• I read the README
• I followed instructions to configure VPN clients
• I searched existing Issues
• This bug is about the VPN setup script, and not WireGuard VPN itself

Describe the issue
Installing WireGuard, please wait...

• apt-get -yqq update
• apt-get -yqq install wireguard qrencode
  wireguard.sh: line 652: /etc/wireguard/wg0.conf: No such file or directory
  chmod: cannot access '/etc/wireguard/wg0.conf': No such file or directory
• systemctl enable --now wg-iptables.service
  grep: /etc/wireguard/wg0.conf: No such file or directory
  grep: /etc/wireguard/wg0.conf: No such file or directory
  wireguard.sh: line 401: /etc/wireguard/wg0.conf: No such file or directory
  grep: /etc/wireguard/wg0.conf: No such file or directory
  grep: /etc/wireguard/wg0.conf: No such file or directory
  wg: Key is not the correct length or format
  grep: /etc/wireguard/wg0.conf: No such file or directory
  grep: /etc/wireguard/wg0.conf: No such file or directory
• systemctl enable --now [email protected]

To Reproduce

1. Install WG
2. Deinstall WG
3. Install WG

Expected behavior
A clear and concise description of what you expected to happen.

Logs
Add error logs to help explain the problem, if applicable.

Server (please complete the following information)

• OS: [e.g. Debian 11]
• Hosting provider (if applicable): [e.g. GCP, AWS]

Client (please complete the following information)

• Device: [e.g. iPhone 12]
• OS: [e.g. iOS 15]

Additional context
Add any other context about the problem here.

Sorry this question isn't really related to the script but how can i stop wireguard from using ipv6? I want it to only use ipv4. Thank you

一开始用的hwdsl2提供的一键openvpn ，突然有一天连不上了
又改用wireguard，可以连但是ping不通

不知道怎么回事，家里是电信公网ip。不知道如何排查问题，有没有可能ip被阻断了
通过阿里云域名是可以正常访问家里设备的

Checklist

• I searched existing Issues, and did not find a similar enhancement request
• This enhancement request is about the VPN setup script, and not WireGuard VPN itself
• I read the README
• I followed instructions to configure VPN clients

Describe the enhancement request
It would be nice to see some information about clients, such as time of last connection and traffic that it spends, in the list of clients. I don't suggest implementing ability of logging, just some general information that would allow to know about traffic spending and time of use.

Is your enhancement request related to a problem? Please describe.

Additional context

任务列表

• 这个 bug 是关于 VPN 安装脚本，而不是 WireGuard VPN 本身

• 我已阅读 自述文件

• 我已按照说明 配置 VPN 客户端

• 我搜索了已有的 Issues

问题描述
使用安装脚本顺利安装 wireguard，并且通过扫码添加了 iOS 端的 wireguard 配置。
使用这个配置连接 VPN，成功。
可是我只能 ping 10.7.0.1 (也就是对端的IP），可是我却上不了网。

重现步骤

我猜测是不是我的 vps 有问题，于是在 三个不同的 VPS 平台上测试，都是一样状态。
其中，上面说的第一台 vps 是全新安装的 Ubuntu 20.04 ，其他 2 台都是已经有 v2ray 或者 类似软件在运行（这些软件可以正常连接）

期待的正确结果
我自己是猜测可能是路由有问题，可是又不知道如何排查，希望可以看看是不是安装时可以顺带做什么设置？或者也可能是 iOS 的问题？
（ 我有 M1 Macboot，也是一样的情况）

日志
没有日志，可以正常边接 VPN。

服务器信息（请填写以下信息）

• 操作系统: Ubuntu 20.04 / Debian 11
• 服务提供商（如果适用）: Oracle , Bandwagon , Vultr

客户端信息（请填写以下信息）

• 设备: iPhone 14 Pro
• 操作系统: iOS 16.1.1

其它信息
NO。

google centos9 why list faild?thanks

Checklist

• I searched existing Issues, and did not find a similar enhancement request
• This enhancement request is about the VPN setup script, and not WireGuard VPN itself
• I read the README
• I followed instructions to configure VPN clients

Describe the enhancement request
UFW is the default firewall configuration tool for Ubuntu. As such it is widely used on many Ubuntu-based servers for firewalling. Currently wireguard-install completely bypasses UFW by adding rules through the wg-iptables service.

As per the ubuntu manpages UFW supports the forwarding and filtering functionality required by the Wireguard VPN. Some of it can be accomplished through the ufw command, while the rest has to be performed through direct modification of /etc/ufw/before.rules.

On a host with UFW installed and enabled, instead of creating the wireguard-iptables service, wireguard-install should append the post-routing rules to /etc/ufw/before.rules:

*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j MASQUERADE

COMMIT

and run the following commands:

ufw allow from any to any port $port proto udp
ufw route allow from 10.7.0.0/24
ufw reload

I think that the last rule in wireguard-iptables can be ommited, as /etc/ufw/before.rules already has the following:

# quickly process packets for which we already have a connection
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

but that would require verification.

Is your enhancement request related to a problem? Please describe.
UFW clashing with wireguard-iptables.

Additional context
N/A

Because my protocol only supports tcp, he blocked udp.

im trying to setup a wireguard vpn on a ubuntu server

uname -a

Linux suricata 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/os-release

PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

i installed the vpn server using default options except for the dns i used my current dns resolvers

the wg0.conf in my server:

# Do not alter the commented lines
# They are used by wireguard-install
# ENDPOINT 163.114.159.100

[Interface]
Address = 10.7.0.1/24
PrivateKey = *****
ListenPort = 51820

# BEGIN_PEER wg0
[Peer]
PublicKey = *****
PresharedKey = *****
AllowedIPs = 10.7.0.2/32
# END_PEER wg0

• sudo iptables -nvL; sudo iptables -nvL -t nat

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:51820

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       10.7.0.0/24          0.0.0.0/0
    0     0 DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  127  7304 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0
    0     0 SNAT       all  --  *      *       10.7.0.0/24         !10.7.0.0/24          to:163.114.159.100

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0

the internet is working the interface is up when i move the client conf to the client machine, i don't have any internet access + i can't access the vpn server ip i tried to ping it back it doesn't work + nothing is working

• cat /etc/wireguard/wg0.conf

[Interface]
Address = 10.7.0.2/24
DNS = 163.114.159.11, 163.114.159.12
PrivateKey = *****

[Peer]
PublicKey = *****
PresharedKey = *****
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 163.114.159.100:51820
PersistentKeepalive = 25

root@test-VirtualBox:~# sudo iptables -nvL; sudo iptables -nvL -t nat
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination  

and even when i try to enable and start the service using systemctl it fails:

× [email protected] - WireGuard via wg-quick(8) for wg0
     Loaded: loaded (/lib/systemd/system/[email protected]; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2023-06-05 03:33:07 CEST; 42s ago
       Docs: man:wg-quick(8)
             man:wg(8)
             https://www.wireguard.com/
             https://www.wireguard.com/quickstart/
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
    Process: 14796 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=1/FAILURE)
   Main PID: 14796 (code=exited, status=1/FAILURE)
        CPU: 15ms

juin 05 03:33:07 test-VirtualBox systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
juin 05 03:33:07 test-VirtualBox wg-quick[14796]: wg-quick: `wg0' already exists
juin 05 03:33:07 test-VirtualBox systemd[1]: [email protected]: Main process exited, code=exited, status=1/>
juin 05 03:33:07 test-VirtualBox systemd[1]: [email protected]: Failed with result 'exit-code'.
juin 05 03:33:07 test-VirtualBox systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.

from the server i try to ping my client:

ubuntu@suricata:~/wireguard-install$ ping 10.7.0.2
PING 10.7.0.2 (10.7.0.2) 56(84) bytes of data.
From 10.7.0.1 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Destination address required
From 10.7.0.1 icmp_seq=2 Destination Host Unreachable
ping: sendmsg: Destination address required
From 10.7.0.1 icmp_seq=3 Destination Host Unreachable
ping: sendmsg: Destination address required
From 10.7.0.1 icmp_seq=4 Destination Host Unreachable
ping: sendmsg: Destination address required
^C
--- 10.7.0.2 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3072ms

and from the client, it timeouts and it fails

wireguard is not working. The handshake goes well, the server is pinged. But there is no internet access. Tried on Windows, phone, router, the result is the same.

任务列表

• [x ] 我已阅读 自述文件
• 我已按照说明 配置 VPN 客户端
• [x ] 我搜索了已有的 Issues
• [x ] 这个 bug 是关于 VPN 安装脚本，而不是 WireGuard VPN 本身

问题描述

重现步骤
重现该 bug 的步骤：

sudo bash wireguard.sh

Welcome to this WireGuard server installer!
GitHub: https://github.com/hwdsl2/wireguard-install

I need to ask you a few questions before starting setup.
You can use the default options and just press enter if you are OK with them.

Which IPv6 address should be used?
     1) 111xxx
     2) 222xxx
IPv6 address [1]: 1

What port should WireGuard listen to?
Port [51820]:

Enter a name for the first client:
Name [client]:

Select a DNS server for the client:
   1) Current system resolvers
   2) Google Public DNS
   3) Cloudflare DNS
   4) OpenDNS
   5) Quad9
   6) AdGuard DNS
   7) Custom
DNS server [2]: 3

WireGuard installation is ready to begin.
Do you want to continue? [Y/n]

Installing WireGuard, please wait...
+ apt-get -yqq update
+ apt-get -yqq install wireguard qrencode
Error: 'apt-get install' failed.

期待的正确结果
正常安装

Describe the issue
I followed the instructions and used the qr code to setup the peer on my android which displays 2 public keys:
SzZkNHW... and
bC4Dsw8...

My wg0.conf file on the server:
`[Interface]
Address = 10.7.0.1/24, fddd:2c4:2c4:2c4::1/64
PrivateKey = 8D...
ListenPort = 51820

BEGIN_PEER client

[Peer]
PublicKey = SzZkNHWC...
PresharedKey = vE...
AllowedIPs = 10.7.0.2/32, fddd:2c4:2c4:2c4::2/128

END_PEER client`

So far seems to be OK until I run wg show on the server:
interface: wg0 public key: 7TyDV3k/7I5pR4ARYaPhtfoRRWvcWvAMNLcmcwoLiiI= private key: (hidden) listening port: 51820

Running wg syncconf or wg setconf both return this error:
scott@scottlounge:~$ sudo wg setconf wg0 /etc/wireguard/wg0.conf Line unrecognized: Address=10.7.0.1/24,fddd:2c4:2c4:2c4::1/64 Configuration parsing error

I believe the public key, 7TyDV3k/7I5pR4ARYaPhtfoRRWvcWvAMNLcmcwoLiiI= was a key created by an earlier key generation attempt by me.

Expected behavior
That the wg0.conf file that did not exist prior to running the install script contains the server key that the script generated.

Logs
Add error logs to help explain the problem, if applicable.

Server (please complete the following information)

• OS: Kubuntu 23.04
• Hosting provider: N/A

Client (please complete the following information)

• Device: Redmi Note 12 pro plus
• OS: MIUI 14.0.6.0 / Android 12 SP1A.210812.016

请问怎么修改IP地址段呢，因为我有两台服务器对接一个设备，都是使用你的脚本就冲突了