HalfVulpes/OneClickWireguard
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
A simple, quick, one-click installation script of WireGuard
3 commits 1 branch 1 tag 44 KiB
  • Shell 100%
Find a file
Exact
Rex 7b5344c2cd Script update, fix security and regular expression checks
2026-05-10 21:00:57 -04:00
LICENSE Initial commit 2025-12-02 01:56:19 -05:00
README.md Script update, fix security and regular expression checks 2026-05-10 21:00:57 -04:00
wg.sh Script update, fix security and regular expression checks 2026-05-10 21:00:57 -04:00

README.md

One-Click WireGuard for Ubuntu 24.04 / 26.04 LTS

This is a single Bash script that installs, configures, and manages a WireGuard server on Ubuntu 24.04 and 26.04 LTS (kernel 6.x / 7.x). It handles package installs, sane defaults (MTU clamp, forwarding, UFW rules), per-peer IP allocation, and QR output for mobile clients.

Quick start

  • via bash (fire-and-forget) 
    sudo bash <(curl -fsSL https://raw.githubusercontent.com/HalfVulpes/OneClickWireguard/master/wg.sh) install
  • via curl to download then run 
    curl -fsSLO https://raw.githubusercontent.com/HalfVulpes/OneClickWireguard/master/wg.sh && chmod +x wg.sh && sudo ./wg.sh install
  • via wget to download then run 
    wget -q https://raw.githubusercontent.com/HalfVulpes/OneClickWireguard/master/wg.sh && chmod +x wg.sh && sudo ./wg.sh install

What it does

  • Installs WireGuard, iptables, qrencode, curl, etc., and enables IPv4 forwarding.
  • Creates a server config with MTU clamp (default 1380), NAT, and optional UFW allowances.
  • Generates keys, saves settings, and starts wg-quick@<iface> via systemd.
  • Allocates unique /32s for peers inside your chosen /24.

Common commands

  • Install (first run): sudo bash wg.sh install
  • Add a user: sudo bash wg.sh add-user
  • List status: sudo bash wg.sh list
  • Show a user's QR: sudo bash wg.sh show-qr alice
  • Remove a user: sudo bash wg.sh remove-user alice
  • Wipe and reinstall: sudo bash wg.sh reinstall
  • Force an update check: sudo bash wg.sh check-update

Update check

Each invocation does a quick (cached, ≤5s) hash comparison against the upstream wg.sh and prints a notice if a newer version is available. The check is non-blocking and never auto-updates.

  • Silence it: WG_NO_UPDATE_CHECK=1 sudo bash wg.sh ...
  • Point at a fork: WG_REPO_RAW=https://raw.githubusercontent.com/<you>/<repo>/master/wg.sh sudo bash wg.sh ...
  • Cache file: /etc/wireguard/.last-update-check (TTL 6h)

Notes

  • Tested on Ubuntu 24.04 / 26.04 LTS with kernel 6.x and 7.x; it warns (but does not stop) on other releases or older kernels.
  • Run as root/sudo. The script writes to /etc/wireguard, /etc/sysctl.d/99-wireguard.conf, and systemd for wg-quick.
  • Client configs live under /etc/wireguard/peers/<username>/<username>.conf.