first time posting, would really appreciate some help with an issue I don't understand. I am getting into information security as a hobby and mostly think about it in the context of my home setup, where I am trying some small projects in order to learn.
I've successfully set up my own self-hosted Wireguard VPN that I can access from outside the house, and recently I decided I wanted to try to write some scripts to rotate keys instead of relying on an outside tool (I'm aware there's not a huge need to do this too often, mostly interested in learning). On the server side, the script looks like this:
#!/bin/bash
PRIV_KEY=$(wg genkey)
PUB_KEY=$(echo $PRIV_KEY | wg pubkey)
edit current configuration file with new private key and create backup
perl -i.bak -pe "s@PrivateKey = [A-Za-z0-9+/]+={0,2}@PrivateKey = $PRIV_KEY@g" /etc/wireguard/wg0.conf
store public key in a file for the peer
echo $PUB_KEY > /home/eb/configs/pub_for_peer
with the idea that later, while on my home network and not connected through the VPN, the peer can run this:
#!/bin/bash
scp eb@192.168.0.xxx:~/configs/pub_for_peer ~/SOME_DIRECTORY/server_files/pub_for_peer
SERVER_PUB_KEY=$(cat ~/SOME_DIRECTORY/server_files/pub_for_peer)
echo $SERVER_PUB_KEY
edit current configuration file with new private key and create backup
sudo perl -i.bak -pe "s@PublicKey = [A-Za-z0-9+/]+={0,2}@PublicKey = $SERVER_PUB_KEY@g" /etc/wireguard/$1
where the "xxx" has been replaced with the rest of the IP address in the real script. When I run the first one on the server and the second on my laptop, they work as intended and the keys seem to be correctly switched. But when I bring the interface up on my laptop, I can't do anything through the tunnel (pings never reach, etc). If I roll everything back to the backups, it all works without a problem. Is there something silly I'm missing here? I got the key rotation commands from a Pro Custodibus tutorial, and the only difference between that and my scripts seems to be that I'm doing the copying and pasting into configs programatically instead of, y'know, copying and pasting. Anything you see would be super helpful!
