Enabling WireGuard VPN connection via ssh

Hi all,

I am trying to initiate a connection to a WireGuard server through ssh commands to my GLi.Net router,

Please allow me to precise that whenever I initiate the connection from the webUI, everything works fine.

I am using the following script, where I define a few variables and use them throughout the script.


WG_IF="vpn"
WG_SERV="W.G.I.P"
WG_PORT="51820"
WG_ADDR="10.66.217.8/32"
WG_DNS="1.1.1.1,1.0.0.1"
WG_KEY="My private_key" #Private Key *
WG_PUB="MY public_key" #Public Key *
WG_PSK="MY PSK" #PSK *


# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci del_list firewall.wan.network="${WG_IF}"
uci add_list firewall.wan.network="${WG_IF}"
uci commit firewall
/etc/init.d/firewall restart


# Configure network
uci delete network.${WG_IF}
uci set network.${WG_IF}="interface"
uci set network.${WG_IF}.proto="wireguard"
uci set network.${WG_IF}.private_key="${WG_KEY}"
uci add_list network.${WG_IF}.addresses="${WG_ADDR}"
 
# Add VPN peers
uci delete network.wgserver
uci set network.wgserver="wireguard_${WG_IF}"
uci set network.wgserver.public_key="${WG_PUB}"
uci set network.wgserver.preshared_key="${WG_PSK}"
uci set network.wgserver.endpoint_host="${WG_SERV}"
uci set network.wgserver.endpoint_port="${WG_PORT}"
uci set network.wgserver.dns="${WG_DNS}"
uci set network.wgserver.route_allowed_ips="1"
uci set network.wgserver.persistent_keepalive="25"
uci add_list network.wgserver.allowed_ips="0.0.0.0/0"
uci add_list network.wgserver.allowed_ips="::/0"
uci commit network
/etc/init.d/network restart

The server is working and I can hit it no problem on from the same device when I connect via GUI. However, since we are planning to deploy this solution as an unattended project, we need to be able to set it up via ssh.

Please note that keys have been omitted from the post for security reasons.

Any help or pointers are highly appreciated. Thanks.

fixed

There are ready guides tested to work by the way, no need to reinvent the wheel.