diff --git a/wireguard-install.sh b/wireguard-install.sh index 631ff63..2f95ecb 100644 --- a/wireguard-install.sh +++ b/wireguard-install.sh @@ -152,6 +152,14 @@ function installQuestions() { fi done + until [[ ${ALLOWED_IPS} =~ ^.+$ ]]; do + echo -e "\nWireGuard uses a parameter called AllowedIPs to determine what is routed over the VPN." + read -rp "Allowed IPs list for generated clients (leave default to route everything): " -e -i '0.0.0.0/0,::/0' ALLOWED_IPS + if [[ ${ALLOWED_IPS} == "" ]]; then + ALLOWED_IPS="0.0.0.0/0,::/0" + fi + done + echo "" echo "Okay, that was all I needed. We are ready to setup your WireGuard server now." echo "You will be able to generate a client at the end of the installation." @@ -216,7 +224,8 @@ SERVER_PORT=${SERVER_PORT} SERVER_PRIV_KEY=${SERVER_PRIV_KEY} SERVER_PUB_KEY=${SERVER_PUB_KEY} CLIENT_DNS_1=${CLIENT_DNS_1} -CLIENT_DNS_2=${CLIENT_DNS_2}" >/etc/wireguard/params +CLIENT_DNS_2=${CLIENT_DNS_2} +ALLOWED_IPS=${ALLOWED_IPS}" >/etc/wireguard/params # Add server interface echo "[Interface] @@ -353,7 +362,7 @@ DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2} PublicKey = ${SERVER_PUB_KEY} PresharedKey = ${CLIENT_PRE_SHARED_KEY} Endpoint = ${ENDPOINT} -AllowedIPs = 0.0.0.0/0,::/0" >"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" +AllowedIPs = ${ALLOWED_IPS}" >"${HOME_DIR}/${SERVER_WG_NIC}-client-${CLIENT_NAME}.conf" # Add the client as a peer to the server echo -e "\n### Client ${CLIENT_NAME}