#!/bin/bash # WireGuard Secure Installer # Copyright (c) 2025 Muhammad Fadhila Abiyyu Faris # GitHub: [github.com/fadhila36/wireguard-secure-installer](https://github.com/fadhila36/wireguard-secure-installer) detect_public_ip() { log_info "Detecting public IP..." # Try multiple sources for redundancy PUBLIC_IP=$(curl -s https://api.ipify.org || curl -s https://ifconfig.me || curl -s https://icanhazip.com) if [[ -z "$PUBLIC_IP" ]]; then log_warn "Failed to detect public IP. Falling back to local interface IP." # Fallback to default route IP PUBLIC_IP=$(ip route get 1.1.1.1 | grep -oP 'src \K\S+') fi if [[ -z "$PUBLIC_IP" ]]; then fatal_error "Could not detect Public IP or Local IP. Network configuration failed." fi log_info "Public IP detected: $PUBLIC_IP" } detect_main_interface() { MAIN_NIC=$(ip route get 1.1.1.1 | grep -oP 'dev \K\S+') if [[ -z "$MAIN_NIC" ]]; then fatal_error "Could not detect main network interface." fi log_info "Main Interface detected: $MAIN_NIC" } configure_firewall() { log_info "Configuring Firewall..." # Enable IP Forwarding (Idempotent: Overwrites the file) cat > /etc/sysctl.d/99-wireguard.conf <> "$LOG_FILE" 2>&1 # Detect Firewall Type (UFW, Firewalld, or IPTables) if command -v ufw >/dev/null; then log_info "UFW detected. Adding rules..." ufw allow "$SERVER_PORT"/udp ufw allow OpenSSH # UFW routing rules are complex to automate safely without breaking existing config, # relying on PostUp/PostDown in wg0.conf for NAT is safer and standard for WG. elif command -v firewall-cmd >/dev/null; then log_info "Firewalld detected. Adding rules..." firewall-cmd --zone=public --add-port="$SERVER_PORT"/udp --permanent firewall-cmd --zone=public --add-masquerade --permanent firewall-cmd --reload else log_info "No specific firewall manager found. Relying on WireGuard PostUp/PostDown for iptables." fi }