GitHunt
JA

jawj/wireguard-setup

Bash scripts to take Ubuntu Server LTS 24.04 from clean install to fully-configured WireGuard server peer

ubuntuubuntu-serverubuntu2404vpnwireguardwireguard-vpnwireguard-vpn-setup

wireguard-setup

Bash scripts to take Ubuntu Server LTS 24.04 from clean install to fully-configured WireGuard server peer, forwarding DNS queries to Cloudflare over TLS.

  • setup.sh sets up the server (run once)
  • addclient.sh creates a peer, printing the config as text and a QR code (run for each new client)

The server is configured for unattended security upgrades and firewalled with iptables to allow only SSH, WireGuard and some ICMP types.

Clients are visible to each other, and can be found via DNS as my-client-name.wg.internal.

Usage

One-time only:

wget https://raw.githubusercontent.com/jawj/wireguard-setup/refs/heads/main/setup.sh
chmod +x setup.sh
sudo ./setup.sh

To add a client:

wget https://raw.githubusercontent.com/jawj/wireguard-setup/refs/heads/main/addclient.sh
chmod +x addclient.sh
sudo ./addclient.sh

Note that IP addresses are currently allocated simply by counting how many clients are already configured. Manually deleting users from /etc/wireguard/wg0.conf may therefore cause new users to duplicate existing users' IP addresses.

To show status:

sudo wg show

See also

https://github.com/jawj/IKEv2-setup

License

MIT

Languages

Shell100.0%

Contributors

JA
Created November 6, 2025
Updated February 6, 2026
jawj/wireguard-setup | GitHunt