├── .gitignore
├── LICENSE
├── README.md
├── requirements.txt
└── wireguard-config-generator.py


/.gitignore:
--------------------------------------------------------------------------------
1 | *.png 
2 | *.conf
3 | .vscode
4 | 
5 | 
6 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2021 pbengert
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # wireguard config generator for python
2 | Generate config files and qr codes for wireguard vpn
3 | 
4 | You will need to install qrcode and pillow in python
5 | and you need to install wireguard, so that you can call wg from your terminal
6 | 
7 | Edit your settings in the python file
8 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | qrcode
2 | pillow


--------------------------------------------------------------------------------
/wireguard-config-generator.py:
--------------------------------------------------------------------------------
  1 | import qrcode
  2 | import subprocess
  3 | 
  4 | # This program will generate configs for wireguard.
  5 | # you will need to install qrcode and pillow in python
  6 | # and you need to install wireguard, so that you can call wg from your terminal
  7 | 
  8 | ################### Modify your settings here ##################
  9 | 
 10 | # Set the listen port
 11 | 
 12 | listen_port = "51820"
 13 | 
 14 | # Set the endpoint
 15 | endpoint = f"example.myip.com:{listen_port}"
 16 | 
 17 | # Number of needed clients
 18 | clients = 3
 19 | 
 20 | # Set preshared_key to True to create preshared keys or False if not needed
 21 | preshared_key = True
 22 | 
 23 | # Set your DNS Server like "1.1.1.1" or empty string "" if not needed
 24 | # maybe you want to use a dns server on your server e.g. 192.168.1.1
 25 | dns = "1.1.1.1"
 26 | 
 27 | # Set your vpn tunnel network (example is for 10.99.99.0/24)
 28 | ipnet_tunnel_1 = 10
 29 | ipnet_tunnel_2 = 99
 30 | ipnet_tunnel_3 = 99
 31 | ipnet_tunnel_4 = 0
 32 | ipnet_tunnel_cidr = 24
 33 | 
 34 | # Set allowed IPs (this should be the network of the server you want to access)
 35 | # If you want to route all traffic over the VPN then set tunnel_0_0_0_0 = True, the network in allowed ips will then be ignored
 36 | allowed_ips = "192.168.1.0/24"
 37 | tunnel_0_0_0_0 = False
 38 | 
 39 | # If you need iptables rules then set iptables= "eth0" (replace eth0 with the name of your network card) or iptables = "" if no rules needed
 40 | iptables = ""
 41 | 
 42 | ################### Do not edit below this line ##################
 43 | 
 44 | wg_priv_keys = []
 45 | wg_pub_keys = []
 46 | wg_psk = []
 47 | 
 48 | 
 49 | def main():
 50 |     # Gen-Keys
 51 |     for _ in range(clients+1):
 52 |         (privkey, pubkey, psk) = generate_wireguard_keys()
 53 |         #psk = generate_wireguard_psk()
 54 |         wg_priv_keys.append(privkey)
 55 |         wg_pub_keys.append(pubkey)
 56 |         wg_psk.append(psk)
 57 | 
 58 |     ################# Server-Config ##################
 59 |     server_config = "[Interface]\n" \
 60 |         f"Address = {ipnet_tunnel_1}.{ipnet_tunnel_2}.{ipnet_tunnel_3}.{ipnet_tunnel_4+1}/{ipnet_tunnel_cidr}\n" \
 61 |         f"ListenPort = {listen_port}\n" \
 62 |         f"PrivateKey = {wg_priv_keys[0]}\n"
 63 |     if iptables:
 64 |         server_config += f"PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {iptables} -j MASQUERADE\n" \
 65 |             f"PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {iptables} -j MASQUERADE\n"
 66 | 
 67 |     for i in range(1, clients+1):
 68 |         server_config += f"[Peer {i}]\n" \
 69 |             f"PublicKey = {wg_pub_keys[i]}\n" \
 70 |             f"PresharedKey = {wg_psk[i]}\n" \
 71 |             f"AllowedIPs = {ipnet_tunnel_1}.{ipnet_tunnel_2}.{ipnet_tunnel_3}.{ipnet_tunnel_4+1+i}/32\n"
 72 | 
 73 |     print("*"*10 + " Server-Conf " + "*"*10)
 74 |     print(server_config)
 75 |     make_qr_code_png(server_config, f"server.png")
 76 |     with open(f"server.conf", "wt") as f:
 77 |         f.write(server_config)
 78 | 
 79 |     ################# Client-Configs ##################
 80 |     client_configs = []
 81 |     for i in range(1, clients+1):
 82 |         client_config = f"[Interface]\n" \
 83 |             f"Address = {ipnet_tunnel_1}.{ipnet_tunnel_2}.{ipnet_tunnel_3}.{ipnet_tunnel_4+1+i}/24\n" \
 84 |             f"ListenPort = {listen_port}\n" \
 85 |             f"PrivateKey = {wg_priv_keys[i]}\n"
 86 | 
 87 |         if dns:
 88 |             client_config += f"DNS = {dns}\n"
 89 | 
 90 |         client_config += f"[Peer]\n" \
 91 |             f"PublicKey = {wg_pub_keys[0]}\n" \
 92 |             f"PresharedKey = {wg_psk[i]}\n"
 93 | 
 94 |         if tunnel_0_0_0_0 == False:
 95 |             client_config += f"AllowedIPs = {allowed_ips}, {ipnet_tunnel_1}.{ipnet_tunnel_2}.{ipnet_tunnel_3}.{ipnet_tunnel_4+1}/32\n"
 96 |         else:
 97 |             client_config += f"DNS = 0.0.0.0/0\n"
 98 | 
 99 |         client_config += f"Endpoint = {endpoint}\n"
100 |         client_configs.append(client_config)
101 | 
102 |         print("*"*10 + f" Client-Conf {i} " + "*"*10)
103 |         print(client_config)
104 |         make_qr_code_png(client_config, f"client_{i}.png")
105 |         with open(f"client_{i}.conf", "wt") as f:
106 |             f.write(client_config)
107 | 
108 |     #print("*"*10 + " Debugging " + "*"*10 )
109 |     #print("*"*10 + " Priv-Keys " + "*"*10 )
110 |     # print(wg_priv_keys)
111 |     #print("*"*10 + " Pub-Keys " + "*"*10 )
112 |     # print(wg_pub_keys)
113 | 
114 | 
115 | def generate_wireguard_keys():
116 |     privkey = subprocess.check_output(
117 |         "wg genkey", shell=True).decode("utf-8").strip()
118 |     pubkey = subprocess.check_output(
119 |         f"echo '{privkey}' | wg pubkey", shell=True).decode("utf-8").strip()
120 |     psk = subprocess.check_output(
121 |         "wg genkey", shell=True).decode("utf-8").strip()
122 |     return (privkey, pubkey, psk)
123 | 
124 | 
125 | def make_qr_code_png(text, filename):
126 |     img = qrcode.make(text)
127 |     img.save(f"{filename}")
128 | 
129 | 
130 | if __name__ == "__main__":
131 |     main()
132 | 


--------------------------------------------------------------------------------