Create centos7_wireguard_install.sh

centos7_wireguard_install.sh

@@ -0,0 +1,155 @@
+#!/bin/bash
+
+# wireguard For CentOS
+# https://github.com/yobabyshark/wireguard/edit/master/wireguard_install.sh
+
+#判断系统
+if [ ! -e '/etc/redhat-release' ]; then
+echo "仅支持centos7"
+exit
+fi
+if  [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
+echo "仅支持centos7"
+exit
+fi
+
+
+
+#更新内核
+update_kernel(){
+
+    yum -y install epel-release
+    sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo
+    yum remove -y kernel-devel
+    rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
+    rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
+    yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
+    yum -y --enablerepo=elrepo-kernel install kernel-ml
+    sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
+    grub2-mkconfig -o /boot/grub2/grub.cfg
+    wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
+    rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
+    yum -y --enablerepo=elrepo-kernel install kernel-ml-devel
+    read -p "需要重启VPS，再次执行脚本选择安装wireguard，是否现在重启 ? [Y/n] :" yn
+	[ -z "${yn}" ] && yn="y"
+	if [[ $yn == [Yy] ]]; then
+		echo -e "${Info} VPS 重启中..."
+		reboot
+	fi
+}
+
+#生成随机端口
+rand(){
+    min=$1
+    max=$(($2-$min+1))
+    num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
+    echo $(($num%$max+$min))  
+}
+
+config_client(){
+cat > /etc/wireguard/client.conf <<-EOF
+[Interface]
+PrivateKey = $c1
+Address = 10.0.0.2/24 
+DNS = 8.8.8.8
+MTU = 1420
+
+[Peer]
+PublicKey = $s2
+Endpoint = $serverip:$port
+AllowedIPs = 0.0.0.0/0, ::0/0
+PersistentKeepalive = 25
+EOF
+
+}
+
+#centos7安装wireguard
+wireguard_install(){
+    curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
+    yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel
+    yum -y install wireguard-dkms wireguard-tools
+    yum -y install qrencode
+    mkdir /etc/wireguard
+    cd /etc/wireguard
+    wg genkey | tee sprivatekey | wg pubkey > spublickey
+    wg genkey | tee cprivatekey | wg pubkey > cpublickey
+    s1=$(cat sprivatekey)
+    s2=$(cat spublickey)
+    c1=$(cat cprivatekey)
+    c2=$(cat cpublickey)
+    serverip=$(curl icanhazip.com)
+    port=$(rand 10000 60000)
+    chmod 777 -R /etc/wireguard
+    systemctl stop firewalld
+    systemctl disable firewalld
+    yum install -y iptables-services 
+    systemctl enable iptables 
+    systemctl start iptables 
+    iptables -P INPUT ACCEPT
+    iptables -P OUTPUT ACCEPT
+    iptables -P FORWARD ACCEPT
+    iptables -F
+    service iptables save
+    service iptables restart
+    echo 1 > /proc/sys/net/ipv4/ip_forward
+    echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf	
+cat > /etc/wireguard/wg0.conf <<-EOF
+[Interface]
+PrivateKey = $s1
+Address = 10.0.0.1/24 
+PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+ListenPort = $port
+DNS = 8.8.8.8
+MTU = 1420
+
+[Peer]
+PublicKey = $c2
+AllowedIPs = 10.0.0.2/32
+EOF
+
+    config_client
+    wg-quick up wg0
+    systemctl enable wg-quick@wg0
+    content=$(cat /etc/wireguard/client.conf)
+    echo "电脑端请下载client.conf，手机端可直接使用软件扫码"
+    echo "${content}" | qrencode -o - -t UTF8
+}
+
+#开始菜单
+start_menu(){
+    clear
+    echo "========================="
+    echo " 介绍：适用于CentOS7"
+    echo " 作者：atrandys"
+    echo " 网站：www.atrandys.com"
+    echo " Youtube：atrandys"
+    echo "========================="
+    echo "1. 升级系统内核"
+    echo "2. 安装wireguard"
+    echo "3. 退出脚本"
+    echo
+    read -p "请输入数字:" num
+    case "$num" in
+    	1)
+	update_kernel
+	;;
+	2)
+	wireguard_install
+	;;
+	3)
+	exit 1
+	;;
+	*)
+	clear
+	echo "请输入正确数字"
+	sleep 5s
+	start_menu
+	;;
+    esac
+}
+
+start_menu
+
+
+