安卓手机WireGuard官方APP目前支持纯IPV6连接

README.md

@@ -2,13 +2,13 @@
     bash <(curl -L -s https://git.io/vps.sh)
     wget -qO- git.io/vps.sh | bash       # wget调用是静默安装  curl调用可以使用菜单
 
-| [一键安装 WireGuard 脚本](https://github.com/hongwenjun/vps_setup/blob/master/Wireguard/README.md) |[一键安装 Shadowsocks 脚本](https://github.com/hongwenjun/vps_setup/blob/master/shadowsocks/README.md) | [V2Ray 官方一键脚本](https://github.com/hongwenjun/vps_setup/blob/master/v2ray/README.md) |
+| [一键安装 WireGuard 脚本:支持IPV6 ](https://github.com/hongwenjun/vps_setup/blob/master/Wireguard/README.md) |[一键安装 Shadowsocks 脚本](https://github.com/hongwenjun/vps_setup/blob/master/shadowsocks/README.md) | [V2Ray 官方一键脚本](https://github.com/hongwenjun/vps_setup/blob/master/v2ray/README.md) |
 | :------:| :------: | :------: |
 | wget -qO- git.io/fptwc \| bash | bash <(curl -L -s git.io/fhExJ) update | bash <(curl -L -s https://install.direct/go.sh) |
 
 ![](https://raw.githubusercontent.com/hongwenjun/vps_setup/master/img/vps.sh.png)
 
-| WireGuard 管理 | bash wgmtu | 卸载命令 | bash wgmtu remove | 
+| WireGuard 管理 | bash wgmtu | 卸载命令 | bash wgmtu remove |
 | :------:| :------: | :------:| :------: |
 
 |V2Ray 卸载命令 | bash <(curl -L -s https://install.direct/go.sh) --remove |
@@ -22,7 +22,7 @@
 ### V2Ray和Shadowsocks配置显示二维码  短网址: https://git.io/v2ray.ss
 ![](https://raw.githubusercontent.com/hongwenjun/vps_setup/master/v2ray/v2ray.ss.png)
 
-### WireGuard 管理使用命令 bash wgmtu 
+### WireGuard 管理使用命令 bash wgmtu
 [![点击图片链接视频演示](https://raw.githubusercontent.com/hongwenjun/vps_setup/master/img/wgmtu.png)](https://youtu.be/iOnAeWRvSQI)
 
 ### Shadowsocks 配置使用: 添加命令行到 /etc/rc.local
@@ -184,7 +184,7 @@ https://raw.githubusercontent.com/hongwenjun/vps_setup/master/vps.sh
 ### Git pull 强制覆盖本地文件
 ```
 git fetch --all
-git reset --hard origin/master 
+git reset --hard origin/master
 git pull
 git fetch origin master
 git merge origin/master

Wireguard/README.md

@@ -1,4 +1,4 @@
-## 一键安装wireguard 脚本 For Debian_9  Ubuntu  Centos_7
+## 一键安装wireguard 脚本(支持IPV6) For Debian_9  Ubuntu  Centos_7
 ```
 # 一键安装wireguard 脚本 Debian 9 (源:逗比网安装笔记)
 wget -qO- git.io/fptwc | bash
@@ -13,7 +13,7 @@ wget -qO- git.io/fhnhS | bash
 ### CentOS 7 测试 GCP和Vultr 都能自动升级内核，如果辣鸡要升级内核
 	yum install -y wget vim             # Cetos 安装 wget 和 vim 工具
 	wget -qO wg.sh git.io/fhnhS && bash wg.sh kernel    # Centos 升级内核命令
-	
+
 ### 增加功能  <<添加/删除 WireGuard Peer 客户端管理 >>
 [![点击图片链接视频演示](https://raw.githubusercontent.com/hongwenjun/vps_setup/master/img/wgmtu.png)](https://youtu.be/iOnAeWRvSQI)
 

Wireguard/wg5clients.sh

@@ -8,6 +8,7 @@
 port=9999
 mtu=1420
 ip_list=(2 5 8 178 186 118 158 198 168 9)
+ipv6_range="fd08:620c:4df0:65eb::"
 
 #############################################################
 help_info() {
@@ -47,7 +48,12 @@ host=$(hostname -s)
 if [ ! -f '/usr/bin/curl' ]; then
     apt update && apt install -y curl
 fi
-serverip=$(curl -4 ip.sb)
+
+
+if [ ! -e '/var/ip_addr' ]; then
+   echo -n $(curl -4 ip.sb) > /var/ip_addr
+fi
+serverip=$(cat /var/ip_addr)
 
 # 安装二维码插件
 if [ ! -f '/usr/bin/qrencode' ]; then
@@ -58,6 +64,21 @@ fi
 wget -O ~/wgmtu  https://raw.githubusercontent.com/hongwenjun/vps_setup/master/Wireguard/wgmtu.sh
 #############################################################
 
+# 打开ip4/ipv6防火墙转发功能
+sysctl_config() {
+    sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf
+    sed -i '/net.ipv6.conf.all.forwarding/d' /etc/sysctl.conf
+    sed -i '/net.ipv6.conf.default.accept_ra/d' /etc/sysctl.conf
+
+    echo 1 > /proc/sys/net/ipv4/ip_forward
+    echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+    echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.conf
+    echo "net.ipv6.conf.default.accept_ra=2" >> /etc/sysctl.conf
+    sysctl -p >/dev/null 2>&1
+}
+sysctl_config
+
+
 # wg配置文件目录 /etc/wireguard
 mkdir -p /etc/wireguard
 chmod 777 -R /etc/wireguard
@@ -71,16 +92,16 @@ wg genkey | tee cprivatekey | wg pubkey > cpublickey
 cat <<EOF >wg0.conf
 [Interface]
 PrivateKey = $(cat sprivatekey)
-Address = 10.0.0.1/24
-PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+Address = 10.0.0.1/24,  ${ipv6_range}1/64
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
 ListenPort = $port
-DNS = 8.8.8.8
+DNS = 8.8.8.8, 2001:4860:4860::8888
 MTU = $mtu
 
 [Peer]
 PublicKey = $(cat cpublickey)
-AllowedIPs = 10.0.0.188/32
+AllowedIPs = 10.0.0.188/32,  ${ipv6_range}188
 
 EOF
 
@@ -88,8 +109,8 @@ EOF
 cat <<EOF >client.conf
 [Interface]
 PrivateKey = $(cat cprivatekey)
-Address = 10.0.0.188/24
-DNS = 8.8.8.8
+Address = 10.0.0.188/24,  ${ipv6_range}188/64
+DNS = 8.8.8.8, 2001:4860:4860::8888
 #  MTU = $mtu
 #  PreUp =  start   .\route\routes-up.bat
 #  PostDown = start  .\route\routes-down.bat
@@ -106,20 +127,21 @@ EOF
 for i in {2..9}
 do
     ip=10.0.0.${ip_list[$i]}
+    ip6=${ipv6_range}${ip_list[$i]}
     wg genkey | tee cprivatekey | wg pubkey > cpublickey
 
     cat <<EOF >>wg0.conf
 [Peer]
 PublicKey = $(cat cpublickey)
-AllowedIPs = $ip/32
+AllowedIPs = $ip/32, $ip6
 
 EOF
 
     cat <<EOF >wg_${host}_$i.conf
 [Interface]
 PrivateKey = $(cat cprivatekey)
-Address = $ip/24
-DNS = 8.8.8.8
+Address = $ip/24, $ip6/64
+DNS = 8.8.8.8, 2001:4860:4860::8888
 
 [Peer]
 PublicKey = $(cat spublickey)
@@ -128,7 +150,7 @@ AllowedIPs = 0.0.0.0/0, ::0/0
 PersistentKeepalive = 25
 
 EOF
-    cat /etc/wireguard/wg_${host}_$i.conf| qrencode -o wg_${host}_$i.png
+    cat /etc/wireguard/wg_${host}_$i.conf | qrencode -o wg_${host}_$i.png
 done
 
 #  vps网卡如果不是eth0，修改成实际网卡

Wireguard/wgmtu.sh

@@ -33,9 +33,9 @@ setport(){
     fi
 }
 
-# 显示手机客户端二维码
+# 显示客户端配置和手机二维码
 conf_QRcode(){
-    echo -e "${Yellow}:: 显示手机客户端二维码(默认2号),请输入数字${Font}\c"
+    echo -e "${Yellow}:: 显示客户端配置和手机二维码 (默认2号),请输入数字${Font}\c"
     read -p "(2-9): " x
 
     if [[ ${x} -ge 2 ]] && [[ ${x} -le 9 ]]; then
@@ -45,11 +45,49 @@ conf_QRcode(){
     fi
 
     host=$(hostname -s)
+    echo -e "${SkyBlue}:: 客户端配置文件: wg_${host}_$i.conf ${Font}"
+    cat /etc/wireguard/wg_${host}_$i.conf
+    echo -e "${SkyBlue}:: 请使用组合键 Ctrl+Ins 复制文本给Windows客户端使用${Font}"
     cat /etc/wireguard/wg_${host}_$i.conf | qrencode -o - -t UTF8
     echo -e "${Green}:: 配置文件: wg_${host}_$i.conf 生成二维码，请用手机客户端扫描使用${Font}"
+
+    echo -e "${SkyBlue}:: 安卓手机WireGuard官方APP目前支持纯IPV6连接，是否显示IPV6二维码?${Font}\c"
+    read -p "(Y/N): " key
+    case $key in
+        Y)
+        ipv6_QRcode $i
+        ;;
+        y)
+        ipv6_QRcode $i
+        ;;
+    esac
+
     echo -e "${SkyBlue}:: SSH工具推荐Git-Bash 2.20; GCP_SSH(浏览器)字体Courier New 二维码正常${Font}"
 }
 
+# 显示IPV6手机客户端二维码
+ipv6_QRcode(){
+    if [[ $# > 0 ]]; then
+        i="$1"
+    fi
+    get_serverip
+    serveripv6=$(curl -6 ip.sb)
+    if [[ -z $serveripv6 ]]; then
+        echo -e "${Red}:: 获取IPV6地址不正确，你的服务器可能没有IPV6网络支持!${Font}"
+    else
+        cat /etc/wireguard/wg_${host}_$i.conf | sed "s/${serverip}/${serveripv6}/g" | qrencode -o - -t UTF8
+        echo -e "${Green}:: IPV6地址: ${serveripv6} 请确认服务器和本地网络支持IPV6!${Font}"
+    fi
+}
+
+get_serverip(){
+    if [ ! -e '/var/ip_addr' ]; then
+       echo -n $(curl -4 ip.sb) > /var/ip_addr
+    fi
+    serverip=$(cat /var/ip_addr)
+    ipv6_range="fd08:620c:4df0:65eb::"
+}
+
 # 重置 WireGuard 客户端配置和数量
 wg_clients(){
     echo -e "${Red}:: 注意原来的客户端配置都会删除，按 Ctrl+ C 可以紧急撤销  ${Font}"
@@ -69,12 +107,12 @@ wg_clients(){
 
     # 服务器 IP 和 端口
     port=$(wg show wg0 listen-port) && host=$(hostname -s)
-    serverip=$(curl -4 ip.sb)
+    get_serverip
 
     # 删除原配置，让IP和ID号对应; 保留原来服务器的端口等配置
     rm  /etc/wireguard/wg_${host}_*   >/dev/null 2>&1
-    head -n 13  conf.wg0.bak > wg0.conf
-    sed -i '13s/.//g' wg0.conf
+    line_num=$(cat -n wg0.conf | grep 'AllowedIPs'  | head -n 1 | awk '{print $1}')
+    head -n ${line_num}  conf.wg0.bak > wg0.conf
 
     # 重启wg服务器
     wg-quick down wg0  >/dev/null 2>&1
@@ -84,14 +122,15 @@ wg_clients(){
     for i in `seq 2 200`
     do
         ip=10.0.0.${i}
+        ip6=${ipv6_range}${i}
         wg genkey | tee cprivatekey | wg pubkey > cpublickey
-        wg set wg0 peer $(cat cpublickey) allowed-ips $ip/32
+        wg set wg0 peer $(cat cpublickey) allowed-ips "${ip}/32, ${ip6}"
 
         cat <<EOF >wg_${host}_$i.conf
 [Interface]
 PrivateKey = $(cat cprivatekey)
-Address = $ip/24
-DNS = 8.8.8.8
+Address = $ip/24, $ip6/64
+DNS = 8.8.8.8, 2001:4860:4860::8888
 
 [Peer]
 PublicKey = $(wg show wg0 public-key)
@@ -304,18 +343,18 @@ add_peer(){
 
     # 服务器 IP 端口 ，新客户端 序号和IP
     port=$(wg show wg0 listen-port)
-    serverip=$(curl -4 ip.sb) && host=$(hostname -s) && cd /etc/wireguard
+    get_serverip && host=$(hostname -s) && cd /etc/wireguard
     wg genkey | tee cprivatekey | wg pubkey > cpublickey
 
     ipnum=$(wg show wg0 allowed-ips  | tail -1 | awk '{print $2}' | awk -F '[./]' '{print $4}')
-    i=$((10#${ipnum}+1))  &&  ip=10.0.0.${i}
+    i=$((10#${ipnum}+1))  &&  ip=10.0.0.${i}  ip6=${ipv6_range}${i}
 
     # 生成客户端配置文件
     cat <<EOF >wg_${host}_$i.conf
 [Interface]
 PrivateKey = $(cat cprivatekey)
-Address = $ip/24
-DNS = 8.8.8.8
+Address = $ip/24, $ip6/64
+DNS = 8.8.8.8, 2001:4860:4860::8888
 
 [Peer]
 PublicKey = $(wg show wg0 public-key)
@@ -325,7 +364,7 @@ PersistentKeepalive = 25
 EOF
 
     # 在wg服务器中生效客户端peer
-    wg set wg0 peer $(cat cpublickey) allowed-ips $ip/32
+    wg set wg0 peer $(cat cpublickey) allowed-ips "${ip}/32, ${ip6}"
     wg-quick save wg0
 
     # 显示客户端
@@ -373,8 +412,8 @@ wg_clients_menu(){
 start_menu(){
     clear
     echo -e "${RedBG}   一键安装 WireGuard 脚本 For Debian_9 Ubuntu Centos_7   ${Font}"
-    echo -e "${GreenBG}     开源项目：https://github.com/hongwenjun/vps_setup    ${Font}"
-    echo -e "${Green}>  1. 显示手机客户端二维码"
+    echo -e "${GreenBG}     开源项目: https://github.com/hongwenjun/vps_setup    ${Font}"
+    echo -e "${Green}>  1. 显示客户端配置和二维码 (手机支持纯IPV6)"
     echo -e ">  2. 修改 WireGuard 服务器端 MTU 值"
     echo -e ">  3. 修改 WireGuard 端口号"
     echo -e ">  4. 安装 WireGuard+Speeder+Udp2Raw 和 SS+Kcp+Udp2RAW 一键脚本"