#!/bin/bash # WireGuard server setup script # This script helps set up the VPN server that football systems connect to set -e echo "=============================================" echo "WireGuard VPN Server Setup for Football" echo "=============================================" echo "" # Check if running as root if [ "$EUID" -ne 0 ]; then echo "Please run as root" exit 1 fi # Install WireGuard echo "Installing WireGuard..." apt-get update apt-get install -y wireguard wireguard-tools iptables-persistent # Generate server keys echo "" echo "Generating server keys..." SERVER_PRIVATE=$(wg genkey) SERVER_PUBLIC=$(echo "$SERVER_PRIVATE" | wg pubkey) echo "Server Public Key: $SERVER_PUBLIC" echo "Server Private Key: $SERVER_PRIVATE" # Create config directory mkdir -p /etc/wireguard # Create server configuration cat > /etc/wireguard/wg0.conf << EOF [Interface] PrivateKey = $SERVER_PRIVATE Address = 10.100.0.1/24 ListenPort = 51820 SaveConfig = true # Enable IP forwarding EOF # Enable IP forwarding echo "Enabling IP forwarding..." sysctl -w net.ipv4.ip_forward=1 echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf # Configure NAT echo "Configuring NAT rules..." iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o $(ip route | grep default | awk '{print $5}') -j MASQUERADE iptables-save > /etc/iptables/rules.v4 # Allow WireGuard port iptables -A INPUT -p udp --dport 51820 -j ACCEPT iptables-save > /etc/iptables/rules.v4 echo "" echo "=============================================" echo "Server setup complete!" echo "=============================================" echo "" echo "Server Public Key: $SERVER_PUBLIC" echo "" echo "Next steps:" echo "1. Add clients to /etc/wireguard/wg0.conf with their public keys" echo "2. Enable the interface: systemctl enable wg-quick@wg0" echo "3. Start the interface: systemctl start wg-quick@wg0" echo "4. Configure firewall to allow UDP 51820" echo "" echo "Example client configuration:" echo "" echo "[Peer]" echo "# Football Client 1" echo "PublicKey = " echo "AllowedIPs = 10.100.0.2/32" echo ""