Home Explore Help
Sign In
hongwenjun
/
vps_setup
mirror of https://github.com/hongwenjun/vps_setup
1
0
Fork 0
Files Issues 0 Wiki
Tree: c9c8b73f51
Branches Tags
vps_setup
/
centos7_wireguard_install.sh

centos7_wireguard_install.sh 4.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178 
  1. #!/bin/bash
    2. 

  2. 

  3. #  https://github.com/atrandys/wireguard/edit/master/wireguard_install.sh
    4. 

  4. 

  5. #判断系统
    6. 

  6. if [ ! -e '/etc/redhat-release' ]; then
    7. 

  7. echo "仅支持centos7"
    8. 

  8. exit
    9. 

  9. fi
    10. 

  10. if  [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
    11. 

  11. echo "仅支持centos7"
    12. 

  12. exit
    13. 

  13. fi
    14. 

  14. 

  15. 

  16. 

  17. #更新内核
    18. 

  18. update_kernel(){
    19. 

  19. 

  20.     yum -y install epel-release curl
    21. 

  21.     sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo
    22. 

  22.     yum remove -y kernel-devel
    23. 

  23.     rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
    24. 

  24.     rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
    25. 

  25.     yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
    26. 

  26.     yum -y --enablerepo=elrepo-kernel install kernel-ml
    27. 

  27.     sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
    28. 

  28.     grub2-mkconfig -o /boot/grub2/grub.cfg
    29. 

  29.     wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
    30. 

  30.     rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
    31. 

  31.     yum -y --enablerepo=elrepo-kernel install kernel-ml-devel
    32. 

  32.     read -p "需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :" yn
    33. 

  33. 	[ -z "${yn}" ] && yn="y"
    34. 

  34. 	if [[ $yn == [Yy] ]]; then
    35. 

  35. 		echo -e "VPS 重启中..."
    36. 

  36. 		reboot
    37. 

  37. 	fi
    38. 

  38. }
    39. 

  39. 

  40. #生成随机端口
    41. 

  41. rand(){
    42. 

  42.     min=$1
    43. 

  43.     max=$(($2-$min+1))
    44. 

  44.     num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
    45. 

  45.     echo $(($num%$max+$min))  
    46. 

  46. }
    47. 

  47. 

  48. wireguard_update(){
    49. 

  49.     yum update -y wireguard-dkms wireguard-tools
    50. 

  50.     echo "更新完成"
    51. 

  51. }
    52. 

  52. 

  53. wireguard_remove(){
    54. 

  54.     wg-quick down wg0
    55. 

  55.     yum remove -y wireguard-dkms wireguard-tools
    56. 

  56.     rm -rf /etc/wireguard/
    57. 

  57.     echo "卸载完成"
    58. 

  58. }
    59. 

  59. 

  60. config_client(){
    61. 

  61. cat > /etc/wireguard/client.conf <<-EOF
    62. 

  62. [Interface]
    63. 

  63. PrivateKey = $c1
    64. 

  64. Address = 10.0.0.2/24 
    65. 

  65. DNS = 8.8.8.8
    66. 

  66. MTU = 1420
    67. 

  67. 

  68. [Peer]
    69. 

  69. PublicKey = $s2
    70. 

  70. Endpoint = $serverip:$port
    71. 

  71. AllowedIPs = 0.0.0.0/0, ::0/0
    72. 

  72. PersistentKeepalive = 25
    73. 

  73. EOF
    74. 

  74. 

  75. }
    76. 

  76. 

  77. #centos7安装wireguard
    78. 

  78. wireguard_install(){
    79. 

  79.     curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
    80. 

  80.     yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel
    81. 

  81.     yum -y install wireguard-dkms wireguard-tools
    82. 

  82.     yum -y install qrencode
    83. 

  83.     mkdir /etc/wireguard
    84. 

  84.     cd /etc/wireguard
    85. 

  85.     wg genkey | tee sprivatekey | wg pubkey > spublickey
    86. 

  86.     wg genkey | tee cprivatekey | wg pubkey > cpublickey
    87. 

  87.     s1=$(cat sprivatekey)
    88. 

  88.     s2=$(cat spublickey)
    89. 

  89.     c1=$(cat cprivatekey)
    90. 

  90.     c2=$(cat cpublickey)
    91. 

  91.     serverip=$(curl ipv4.icanhazip.com)
    92. 

  92.     port=$(rand 10000 60000)
    93. 

  93.     eth=$(ls /sys/class/net | awk '/^e/{print}')
    94. 

  94.     chmod 777 -R /etc/wireguard
    95. 

  95.     systemctl stop firewalld
    96. 

  96.     systemctl disable firewalld
    97. 

  97.     yum install -y iptables-services 
    98. 

  98.     systemctl enable iptables 
    99. 

  99.     systemctl start iptables 
    100. 

  100.     iptables -P INPUT ACCEPT
    101. 

  101.     iptables -P OUTPUT ACCEPT
    102. 

  102.     iptables -P FORWARD ACCEPT
    103. 

  103.     iptables -F
    104. 

  104.     service iptables save
    105. 

  105.     service iptables restart
    106. 

  106.     echo 1 > /proc/sys/net/ipv4/ip_forward
    107. 

  107.     echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf	
    108. 

  108. cat > /etc/wireguard/wg0.conf <<-EOF
    109. 

  109. [Interface]
    110. 

  110. PrivateKey = $s1
    111. 

  111. Address = 10.0.0.1/24 
    112. 

  112. PostUp   = echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE
    113. 

  113. PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE
    114. 

  114. ListenPort = $port
    115. 

  115. DNS = 8.8.8.8
    116. 

  116. MTU = 1420
    117. 

  117. 

  118. [Peer]
    119. 

  119. PublicKey = $c2
    120. 

  120. AllowedIPs = 10.0.0.2/32
    121. 

  121. EOF
    122. 

  122. 

  123.     config_client
    124. 

  124.     wg-quick up wg0
    125. 

  125.     systemctl enable wg-quick@wg0
    126. 

  126.     content=$(cat /etc/wireguard/client.conf)
    127. 

  127.     echo "电脑端请下载client.conf,手机端可直接使用软件扫码"
    128. 

  128.     echo "${content}" | qrencode -o - -t UTF8
    129. 

  129. }
    130. 

  130. 

  131. #开始菜单
    132. 

  132. start_menu(){
    133. 

  133.     clear
    134. 

  134.     echo "========================="
    135. 

  135.     echo " 介绍:适用于CentOS7"
    136. 

  136.     echo " 作者:atrandys"
    137. 

  137.     echo " 网站:www.atrandys.com"
    138. 

  138.     echo " Youtube:atrandys"
    139. 

  139.     echo "========================="
    140. 

  140.     echo "1. 升级系统内核"
    141. 

  141.     echo "2. 安装wireguard"
    142. 

  142.     echo "3. 升级wireguard"
    143. 

  143.     echo "4. 卸载wireguard"
    144. 

  144.     echo "5. 显示客户端二维码"
    145. 

  145.     echo "0. 退出脚本"
    146. 

  146.     echo
    147. 

  147.     read -p "请输入数字:" num
    148. 

  148.     case "$num" in
    149. 

  149.     	1)
    150. 

  150. 	update_kernel
    151. 

  151. 	;;
    152. 

  152. 	2)
    153. 

  153. 	wireguard_install
    154. 

  154. 	;;
    155. 

  155. 	3)
    156. 

  156. 	wireguard_update
    157. 

  157. 	;;
    158. 

  158. 	4)
    159. 

  159. 	wireguard_remove
    160. 

  160. 	;;
    161. 

  161. 	5)
    162. 

  162. 	content=$(cat /etc/wireguard/client.conf)
    163. 

  163.     	echo "${content}" | qrencode -o - -t UTF8
    164. 

  164. 	;;
    165. 

  165. 	0)
    166. 

  166. 	exit 1
    167. 

  167. 	;;
    168. 

  168. 	*)
    169. 

  169. 	clear
    170. 

  170. 	echo "请输入正确数字"
    171. 

  171. 	sleep 5s
    172. 

  172. 	start_menu
    173. 

  173. 	;;
    174. 

  174.     esac
    175. 

  175. }
    176. 

  176. 

  177. start_menu
    178. 

  178.