Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
hongwenjun
/
vps_setup
zrkadlo https://github.com/hongwenjun/vps_setup
1
0
Fork 0
Súbory Issues 0 Wiki
Strom: acd44fb7c6
Branche Tagy
vps_setup
/
centos7_wireguard_install.sh

centos7_wireguard_install.sh 4.3 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170 
  1. #!/bin/bash
    2. 

  2. 

  3. https://github.com/atrandys/wireguard/edit/master/wireguard_install.sh
    4. 

  4. 

  5. #判断系统
    6. 

  6. if [ ! -e '/etc/redhat-release' ]; then
    7. 

  7. echo "仅支持centos7"
    8. 

  8. exit
    9. 

  9. fi
    10. 

  10. if  [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
    11. 

  11. echo "仅支持centos7"
    12. 

  12. exit
    13. 

  13. fi
    14. 

  14. 

  15. 

  16. 

  17. #更新内核
    18. 

  18. update_kernel(){
    19. 

  19. 

  20.     yum -y install epel-release
    21. 

  21.     sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo
    22. 

  22.     yum remove -y kernel-devel
    23. 

  23.     rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
    24. 

  24.     rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
    25. 

  25.     yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
    26. 

  26.     yum -y --enablerepo=elrepo-kernel install kernel-ml
    27. 

  27.     sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
    28. 

  28.     grub2-mkconfig -o /boot/grub2/grub.cfg
    29. 

  29.     wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
    30. 

  30.     rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
    31. 

  31.     yum -y --enablerepo=elrepo-kernel install kernel-ml-devel
    32. 

  32.     read -p "需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :" yn
    33. 

  33. 	[ -z "${yn}" ] && yn="y"
    34. 

  34. 	if [[ $yn == [Yy] ]]; then
    35. 

  35. 		echo -e "${Info} VPS 重启中..."
    36. 

  36. 		reboot
    37. 

  37. 	fi
    38. 

  38. }
    39. 

  39. 

  40. #生成随机端口
    41. 

  41. rand(){
    42. 

  42.     min=$1
    43. 

  43.     max=$(($2-$min+1))
    44. 

  44.     num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
    45. 

  45.     echo $(($num%$max+$min))  
    46. 

  46. }
    47. 

  47. 

  48. wireguard_update(){
    49. 

  49.     yum update -y wireguard-dkms wireguard-tools
    50. 

  50.     echo "更新完成"
    51. 

  51. }
    52. 

  52. 

  53. wireguard_remove(){
    54. 

  54.     yum remove -y wireguard-dkms wireguard-tools
    55. 

  55.     rm -rf /etc/wireguard/
    56. 

  56.     echo "卸载完成"
    57. 

  57. }
    58. 

  58. 

  59. config_client(){
    60. 

  60. cat > /etc/wireguard/client.conf <<-EOF
    61. 

  61. [Interface]
    62. 

  62. PrivateKey = $c1
    63. 

  63. Address = 10.0.0.2/24 
    64. 

  64. DNS = 8.8.8.8
    65. 

  65. MTU = 1420
    66. 

  66. 

  67. [Peer]
    68. 

  68. PublicKey = $s2
    69. 

  69. Endpoint = $serverip:$port
    70. 

  70. AllowedIPs = 0.0.0.0/0, ::0/0
    71. 

  71. PersistentKeepalive = 25
    72. 

  72. EOF
    73. 

  73. 

  74. }
    75. 

  75. 

  76. #centos7安装wireguard
    77. 

  77. wireguard_install(){
    78. 

  78.     curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
    79. 

  79.     yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel
    80. 

  80.     yum -y install wireguard-dkms wireguard-tools
    81. 

  81.     yum -y install qrencode
    82. 

  82.     mkdir /etc/wireguard
    83. 

  83.     cd /etc/wireguard
    84. 

  84.     wg genkey | tee sprivatekey | wg pubkey > spublickey
    85. 

  85.     wg genkey | tee cprivatekey | wg pubkey > cpublickey
    86. 

  86.     s1=$(cat sprivatekey)
    87. 

  87.     s2=$(cat spublickey)
    88. 

  88.     c1=$(cat cprivatekey)
    89. 

  89.     c2=$(cat cpublickey)
    90. 

  90.     serverip=$(curl ipv4.icanhazip.com)
    91. 

  91.     port=$(rand 10000 60000)
    92. 

  92.     chmod 777 -R /etc/wireguard
    93. 

  93.     systemctl stop firewalld
    94. 

  94.     systemctl disable firewalld
    95. 

  95.     yum install -y iptables-services 
    96. 

  96.     systemctl enable iptables 
    97. 

  97.     systemctl start iptables 
    98. 

  98.     iptables -P INPUT ACCEPT
    99. 

  99.     iptables -P OUTPUT ACCEPT
    100. 

  100.     iptables -P FORWARD ACCEPT
    101. 

  101.     iptables -F
    102. 

  102.     service iptables save
    103. 

  103.     service iptables restart
    104. 

  104.     echo 1 > /proc/sys/net/ipv4/ip_forward
    105. 

  105.     echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf	
    106. 

  106. cat > /etc/wireguard/wg0.conf <<-EOF
    107. 

  107. [Interface]
    108. 

  108. PrivateKey = $s1
    109. 

  109. Address = 10.0.0.1/24 
    110. 

  110. PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    111. 

  111. PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
    112. 

  112. ListenPort = $port
    113. 

  113. DNS = 8.8.8.8
    114. 

  114. MTU = 1420
    115. 

  115. 

  116. [Peer]
    117. 

  117. PublicKey = $c2
    118. 

  118. AllowedIPs = 10.0.0.2/32
    119. 

  119. EOF
    120. 

  120. 

  121.     config_client
    122. 

  122.     wg-quick up wg0
    123. 

  123.     systemctl enable wg-quick@wg0
    124. 

  124.     content=$(cat /etc/wireguard/client.conf)
    125. 

  125.     echo "电脑端请下载client.conf,手机端可直接使用软件扫码"
    126. 

  126.     echo "${content}" | qrencode -o - -t UTF8
    127. 

  127. }
    128. 

  128. 

  129. #开始菜单
    130. 

  130. start_menu(){
    131. 

  131.     clear
    132. 

  132.     echo "========================="
    133. 

  133.     echo " 介绍:适用于CentOS7"
    134. 

  134.     echo " 作者:atrandys"
    135. 

  135.     echo " 网站:www.atrandys.com"
    136. 

  136.     echo " Youtube:atrandys"
    137. 

  137.     echo "========================="
    138. 

  138.     echo "1. 升级系统内核"
    139. 

  139.     echo "2. 安装wireguard"
    140. 

  140.     echo "3. 升级wireguard"
    141. 

  141.     echo "4. 卸载wireguard"
    142. 

  142.     echo "0. 退出脚本"
    143. 

  143.     echo
    144. 

  144.     read -p "请输入数字:" num
    145. 

  145.     case "$num" in
    146. 

  146.     	1)
    147. 

  147. 	update_kernel
    148. 

  148. 	;;
    149. 

  149. 	2)
    150. 

  150. 	wireguard_install
    151. 

  151. 	;;
    152. 

  152. 	3)
    153. 

  153. 	wireguard_update
    154. 

  154. 	;;
    155. 

  155. 	4)
    156. 

  156. 	wireguard_remove
    157. 

  157. 	;;
    158. 

  158. 	0)
    159. 

  159. 	exit 1
    160. 

  160. 	;;
    161. 

  161. 	*)
    162. 

  162. 	clear
    163. 

  163. 	echo "请输入正确数字"
    164. 

  164. 	sleep 5s
    165. 

  165. 	start_menu
    166. 

  166. 	;;
    167. 

  167.     esac
    168. 

  168. }
    169. 

  169. 

  170. start_menu
    171.