|
|
@@ -1,6 +1,6 @@
|
|
|
#!/bin/bash
|
|
|
|
|
|
-# https://github.com/atrandys/wireguard/edit/master/wireguard_install.sh
|
|
|
+# Centos 安装脚本源 https://github.com/atrandys/wireguard
|
|
|
|
|
|
#判断系统
|
|
|
if [ ! -e '/etc/redhat-release' ]; then
|
|
|
@@ -12,8 +12,6 @@ echo "仅支持centos7"
|
|
|
exit
|
|
|
fi
|
|
|
|
|
|
-
|
|
|
-
|
|
|
#更新内核
|
|
|
update_kernel(){
|
|
|
|
|
|
@@ -37,142 +35,30 @@ update_kernel(){
|
|
|
fi
|
|
|
}
|
|
|
|
|
|
-#生成随机端口
|
|
|
-rand(){
|
|
|
- min=$1
|
|
|
- max=$(($2-$min+1))
|
|
|
- num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
|
|
|
- echo $(($num%$max+$min))
|
|
|
-}
|
|
|
-
|
|
|
-wireguard_update(){
|
|
|
- yum update -y wireguard-dkms wireguard-tools
|
|
|
- echo "更新完成"
|
|
|
-}
|
|
|
-
|
|
|
-wireguard_remove(){
|
|
|
- wg-quick down wg0
|
|
|
- yum remove -y wireguard-dkms wireguard-tools
|
|
|
- rm -rf /etc/wireguard/
|
|
|
- echo "卸载完成"
|
|
|
-}
|
|
|
-
|
|
|
-config_client(){
|
|
|
-cat > /etc/wireguard/client.conf <<-EOF
|
|
|
-[Interface]
|
|
|
-PrivateKey = $c1
|
|
|
-Address = 10.0.0.2/24
|
|
|
-DNS = 8.8.8.8
|
|
|
-MTU = 1420
|
|
|
-
|
|
|
-[Peer]
|
|
|
-PublicKey = $s2
|
|
|
-Endpoint = $serverip:$port
|
|
|
-AllowedIPs = 0.0.0.0/0, ::0/0
|
|
|
-PersistentKeepalive = 25
|
|
|
-EOF
|
|
|
-
|
|
|
-}
|
|
|
-
|
|
|
#centos7安装wireguard
|
|
|
wireguard_install(){
|
|
|
curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
|
|
|
- yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel
|
|
|
- yum -y install wireguard-dkms wireguard-tools
|
|
|
- yum -y install qrencode
|
|
|
- mkdir /etc/wireguard
|
|
|
- cd /etc/wireguard
|
|
|
- wg genkey | tee sprivatekey | wg pubkey > spublickey
|
|
|
- wg genkey | tee cprivatekey | wg pubkey > cpublickey
|
|
|
- s1=$(cat sprivatekey)
|
|
|
- s2=$(cat spublickey)
|
|
|
- c1=$(cat cprivatekey)
|
|
|
- c2=$(cat cpublickey)
|
|
|
- serverip=$(curl ipv4.icanhazip.com)
|
|
|
- port=$(rand 10000 60000)
|
|
|
- eth=$(ls /sys/class/net | awk '/^e/{print}')
|
|
|
- chmod 777 -R /etc/wireguard
|
|
|
- systemctl stop firewalld
|
|
|
- systemctl disable firewalld
|
|
|
- yum install -y iptables-services
|
|
|
- systemctl enable iptables
|
|
|
- systemctl start iptables
|
|
|
- iptables -P INPUT ACCEPT
|
|
|
- iptables -P OUTPUT ACCEPT
|
|
|
- iptables -P FORWARD ACCEPT
|
|
|
- iptables -F
|
|
|
- service iptables save
|
|
|
- service iptables restart
|
|
|
- echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
|
- echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf
|
|
|
-cat > /etc/wireguard/wg0.conf <<-EOF
|
|
|
-[Interface]
|
|
|
-PrivateKey = $s1
|
|
|
-Address = 10.0.0.1/24
|
|
|
-PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE
|
|
|
-PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE
|
|
|
-ListenPort = $port
|
|
|
-DNS = 8.8.8.8
|
|
|
-MTU = 1420
|
|
|
+ yum install -y epel-release
|
|
|
+ yum install -y wireguard-dkms wireguard-tools
|
|
|
+ yum -y install qrencode iptables-services
|
|
|
|
|
|
-[Peer]
|
|
|
-PublicKey = $c2
|
|
|
-AllowedIPs = 10.0.0.2/32
|
|
|
-EOF
|
|
|
-
|
|
|
- config_client
|
|
|
- wg-quick up wg0
|
|
|
- systemctl enable wg-quick@wg0
|
|
|
- content=$(cat /etc/wireguard/client.conf)
|
|
|
- echo "电脑端请下载client.conf,手机端可直接使用软件扫码"
|
|
|
- echo "${content}" | qrencode -o - -t UTF8
|
|
|
+ systemctl stop firewalld && systemctl disable firewalld
|
|
|
+ systemctl enable iptables && systemctl start iptables
|
|
|
+ iptables -F && service iptables save && service iptables restart
|
|
|
+ echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
|
+ echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf
|
|
|
}
|
|
|
|
|
|
-#开始菜单
|
|
|
-start_menu(){
|
|
|
- clear
|
|
|
- echo "========================="
|
|
|
- echo " 介绍:适用于CentOS7"
|
|
|
- echo " 作者:atrandys"
|
|
|
- echo " 网站:www.atrandys.com"
|
|
|
- echo " Youtube:atrandys"
|
|
|
- echo "========================="
|
|
|
- echo "1. 升级系统内核"
|
|
|
- echo "2. 安装wireguard"
|
|
|
- echo "3. 升级wireguard"
|
|
|
- echo "4. 卸载wireguard"
|
|
|
- echo "5. 显示客户端二维码"
|
|
|
- echo "0. 退出脚本"
|
|
|
- echo
|
|
|
- read -p "请输入数字:" num
|
|
|
- case "$num" in
|
|
|
- 1)
|
|
|
- update_kernel
|
|
|
- ;;
|
|
|
- 2)
|
|
|
+#Bash执行选项
|
|
|
+if [[ $# > 0 ]];then
|
|
|
+ key="$1"
|
|
|
+ case $key in
|
|
|
+ kernel)
|
|
|
+ update_kernel
|
|
|
+ ;;
|
|
|
+ esac
|
|
|
+else
|
|
|
wireguard_install
|
|
|
- ;;
|
|
|
- 3)
|
|
|
- wireguard_update
|
|
|
- ;;
|
|
|
- 4)
|
|
|
- wireguard_remove
|
|
|
- ;;
|
|
|
- 5)
|
|
|
- content=$(cat /etc/wireguard/client.conf)
|
|
|
- echo "${content}" | qrencode -o - -t UTF8
|
|
|
- ;;
|
|
|
- 0)
|
|
|
- exit 1
|
|
|
- ;;
|
|
|
- *)
|
|
|
- clear
|
|
|
- echo "请输入正确数字"
|
|
|
- sleep 5s
|
|
|
- start_menu
|
|
|
- ;;
|
|
|
- esac
|
|
|
-}
|
|
|
-
|
|
|
-start_menu
|
|
|
-
|
|
|
+ # 一键 WireGuard 多用户配置共享脚本
|
|
|
+ wget -qO- https://git.io/fpnQt | bash
|
|
|
+fi
|
