#!/bin/bash # WireGuard Multi-Client Key Generator # Generates unique key pairs for multiple WireGuard clients # Usage: ./generate-wg-client-keys.sh set -e NUM_CLIENTS=${1:-3} OUTPUT_DIR="/tmp/wg_keys_$(date +%Y%m%d_%H%M%S)" mkdir -p "$OUTPUT_DIR" echo "=== WireGuard Multi-Client Key Generator ===" echo "Generating $NUM_CLIENTS client key pairs..." echo "" for i in $(seq 1 $NUM_CLIENTS); do echo "Generating keys for Device $i..." # Generate private key PRIVATE_KEY=$(wg genkey) # Derive public key from private key PUBLIC_KEY=$(echo "$PRIVATE_KEY" | wg pubkey) # Save keys to separate files echo "$PRIVATE_KEY" > "$OUTPUT_DIR/device${i}_private.key" echo "$PUBLIC_KEY" > "$OUTPUT_DIR/device${i}_public.key" # Display keys echo "Device $i:" echo " Private Key: $PRIVATE_KEY" echo " Public Key: $PUBLIC_KEY" echo " IP Address: 10.0.0.$((i+1))/24" echo "" done echo "=== All keys generated successfully! ===" echo "Key files saved to: $OUTPUT_DIR" echo "" echo "Server config snippet:" for i in $(seq 1 $NUM_CLIENTS); do PUBLIC_KEY=$(cat "$OUTPUT_DIR/device${i}_public.key") echo "" echo "# Device $i" echo "[Peer]" echo "PublicKey = $PUBLIC_KEY" echo "AllowedIPs = 10.0.0.$((i+1))/32" done echo "" echo "Next steps:" echo "1. Copy server snippet to your /etc/wireguard/wg0.conf" echo "2. Restart WireGuard: sudo wg-quick down wg0 && sudo wg-quick up wg0" echo "3. Create client configs using keys from $OUTPUT_DIR" echo "4. Distribute .conf files to each device"