Repository: yobabyshark/wireguard
Branch: master
Commit: ea82cc6101c0
Files: 14
Total size: 61.6 KB
Directory structure:
gitextract_ptzqliey/
├── README.md
├── iptables_config.sh
├── run.sh
├── speederv2
├── udp2raw
├── wg_game.sh
├── wg_mult.sh
├── wg_mult.sh.bak
├── wireguard_game.sh
├── wireguard_game_ubuntu.sh
├── wireguard_install.sh
├── wireguard_install_ubuntu.sh
├── wireguard_openwrt.sh
└── wireguard_web.sh
================================================
FILE CONTENTS
================================================
================================================
FILE: README.md
================================================
### 关于
#### _install.sh
> centos版wireguard一键脚本 | centos 7
#### _install_ubuntu.sh
> ubuntu版wireguard一键脚本 | ubuntu >= 14.04
#### _game.sh
> centos版wireguard+udpspeeder+udp2raw一键脚本 | centos 7
#### _game_ubuntu.sh
> ubuntu版wireguard+udpspeeder+udp2raw一键脚本 | ubuntu >= 14.04
================================================
FILE: iptables_config.sh
================================================
#!/bin/bash
#开放ssh端口、回环、外网、默认策略
config_default(){
systemctl stop firewalld
systemctl disable firewalld
yum install -y iptables-services
systemctl start iptables
systemctl enable iptables
ssh_port=$(awk '$1=="Port" {print $2}' /etc/ssh/sshd_config)
if [ ! -n "$ssh_port" ]; then
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
else
iptables -A INPUT -p tcp -m tcp --dport ${ssh_port} -j ACCEPT
fi
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
service iptables save
echo "初始配置完成"
}
#禁止邮箱
config_mail(){
iptables -A FORWARD -p tcp -m multiport --dports 24,25,26,50,57,105,106,109,110,143 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -p udp -m multiport --dports 24,25,26,50,57,105,106,109,110,143 -j DROP
iptables -A FORWARD -p tcp -m multiport --dports 158,209,218,220,465,587,993,995,1109,60177,60179 -j REJECT --reject-with tcp-reset
iptables -A FORWARD -p udp -m multiport --dports 158,209,218,220,465,587,993,995,1109,60177,60179 -j DROP
service iptables save
echo "禁止邮箱完毕"
}
#禁止关键字
config_keyword(){
iptables -A FORWARD -m string --string "netflix.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "tumblr.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "facebook.com.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "instagram.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "pixiv.net" --algo bm -j DROP
iptables -A FORWARD -m string --string "whatsapp.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "telegram.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "tunsafe.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "reddit.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "vimeo.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "dailymotion.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "hulu.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "liveleak.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "vine.co" --algo bm -j DROP
iptables -A FORWARD -m string --string "ustream.tv" --algo bm -j DROP
iptables -A FORWARD -m string --string "metacafe.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "viewstr.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "torrent" --algo bm -j DROP
iptables -A FORWARD -m string --string ".torrent" --algo bm -j DROP
iptables -A FORWARD -m string --string "peer_id=" --algo bm -j DROP
iptables -A FORWARD -m string --string "announce" --algo bm -j DROP
iptables -A FORWARD -m string --string "info_hash" --algo bm -j DROP
iptables -A FORWARD -m string --string "get_peers" --algo bm -j DROP
iptables -A FORWARD -m string --string "find_node" --algo bm -j DROP
iptables -A FORWARD -m string --string "BitToorent" --algo bm -j DROP
iptables -A FORWARD -m string --string "announce_peer" --algo bm -j DROP
iptables -A FORWARD -m string --string "BitTorrent protocol" --algo bm -j DROP
iptables -A FORWARD -m string --string "announce.php?passkey=" --algo bm -j DROP
iptables -A FORWARD -m string --string "magnet:" --algo bm -j DROP
iptables -A FORWARD -m string --string "xunlei" --algo bm -j DROP
iptables -A FORWARD -m string --string "sandai" --algo bm -j DROP
iptables -A FORWARD -m string --string "Thunder" --algo bm -j DROP
iptables -A FORWARD -m string --string "XLLiveUD" --algo bm -j DROP
iptables -A FORWARD -m string --string "youtube.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "google.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "youku.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "iqiyi.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "qq.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "huya.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "douyu.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "twitch.tv" --algo bm -j DROP
iptables -A FORWARD -m string --string "panda.tv" --algo bm -j DROP
iptables -A FORWARD -m string --string "porn" --algo bm -j DROP
iptables -A FORWARD -m string --string "renminbao.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "dajiyuan.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "bignews.org" --algo bm -j DROP
iptables -A FORWARD -m string --string "creaders.net" --algo bm -j DROP
iptables -A FORWARD -m string --string "rfa.org" --algo bm -j DROP
iptables -A FORWARD -m string --string "internetfreedom.org" --algo bm -j DROP
iptables -A FORWARD -m string --string "voanews.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "minghui.org" --algo bm -j DROP
iptables -A FORWARD -m string --string "kanzhongguo.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "peacehall.com" --algo bm -j DROP
iptables -A FORWARD -m string --string "twister" --algo bm -j DROP
service iptables save
echo "禁止关键字完毕"
}
#开放自定义端口
config_port(){
echo "开放一个自定义的端口段"
read -p "输入开始端口:" start_port
read -p "输入结束端口:" stop_port
iptables -A INPUT -p tcp -m tcp --dport ${start_port}:${stop_port} -j ACCEPT
iptables -A INPUT -p udp -m udp --dport ${start_port}:${stop_port} -j ACCEPT
service iptables save
echo "开放端口完毕"
}
#连接数限制
config_conn(){
echo "限制一个端口段的连接数"
read -p "输入开始端口:" start_conn
read -p "输入结束端口:" stop_conn
read -p "输入每个ip允许的连接数:" conn_num
iptables -A INPUT -p tcp --dport ${start_conn}:${stop_conn} -m connlimit --connlimit-above ${conn_num} -j DROP
iptables -A INPUT -p udp --dport ${start_conn}:${stop_conn} -m connlimit --connlimit-above ${conn_num} -j DROP
service iptables save
echo "限制连接数完毕"
}
#IP限速
config_IP(){
echo "限制IP的速度,从10.0.0.2-254,限制100/sec"
for ((i=2; i<=254; i ++))
do
iptables -I FORWARD -d 10.0.0.$i/32 -j DROP
iptables -I FORWARD -d 10.0.0.$i/32 -m limit --limit 100/sec -j ACCEPT
done
service iptables save
echo "限制IP速度完毕"
}
#清空规则
config_clear(){
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
service iptables save
echo "清除规则完毕"
}
#start
start_menu(){
while [ 1 ]
do
echo "========================="
echo " 介绍:适用于CentOS7"
echo " 作者:atrandys"
echo " 网站:www.atrandys.com"
echo " Youtube:atrandys"
echo "========================="
echo "1. 开启ssh(必须)"
echo "2. 禁止邮箱"
echo "3. 禁止常用关键字"
echo "4. 开放自定义端口"
echo "5. 连接数限制"
echo "6. ip限速"
echo "7. 清除所有规则"
echo "0. 退出"
echo
read -p "请输入数字:" num
case "$num" in
1)
config_default
;;
2)
config_mail
;;
3)
config_keyword
;;
4)
config_port
;;
5)
config_conn
;;
6)
config_IP
;;
7)
config_clear
;;
0)
exit 1
;;
*)
clear
echo "请输入正确数字"
sleep 5s
start_menu
;;
esac
done
}
start_menu
================================================
FILE: run.sh
================================================
#!/bin/sh
while true
do
$@
sleep 1
done
================================================
FILE: wg_game.sh
================================================
#!/bin/bash
#wireguard onekey script for centos7+/ubuntu/debian
function blue(){
echo -e "\033[34m\033[01m$1\033[0m"
}
function green(){
echo -e "\033[32m\033[01m$1\033[0m"
}
function red(){
echo -e "\033[31m\033[01m$1\033[0m"
}
function randpwd(){
mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4)
echo ${mpasswd}
}
function rand(){
min=$1
max=$(($2-$min+1))
num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
echo $(($num%$max+$min))
}
function version_lt(){
test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1";
}
function check_selinux(){
CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#")
if [ "$CHECK" == "SELINUX=enforcing" ]; then
red "============"
red "关闭SELinux"
red "============"
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
if [ "$CHECK" == "SELINUX=permissive" ]; then
red "============"
red "关闭SELinux"
red "============"
sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
}
function check_release(){
source /etc/os-release
RELEASE=$ID
VERSION=$VERSION_ID
}
function install_tools(){
if [ "$RELEASE" == "centos" ]; then
$1 install -y qrencode iptables-services
systemctl enable iptables
systemctl start iptables
iptables -F
service iptables save
else
$1 install -y qrencode iptables
fi
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
}
function install_wg(){
check_release
if [ "$RELEASE" == "centos" ] && [ "$VERSION" == "7" ]; then
yum install -y yum-utils epel-release
yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel
yum install -y kernel-plus wireguard-tools
sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
systemctl stop firewalld
systemctl disable firewalld
install_tools "yum"
elif [ "$RELEASE" == "centos" ] && [ "$VERSION" == "8" ]; then
yum install -y yum-utils epel-release
yum-config-manager --setopt=centosplus.includepkgs="kernel-plus, kernel-plus-*" --setopt=centosplus.enabled=1 --save
sed -e 's/^DEFAULTKERNEL=kernel-core$/DEFAULTKERNEL=kernel-plus-core/' -i /etc/sysconfig/kernel
yum install -y kernel-plus wireguard-tools
sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
systemctl stop firewalld
systemctl disable firewalld
install_tools "yum"
elif [ "$RELEASE" == "ubuntu" ]; then
if [ "$VERSION" == "12.04" ] || [ "$VERSION" == "16.04" ]; then
red "=================="
red "$RELEASE $VERSION系统暂未支持"
red "=================="
exit
fi
systemctl stop ufw
systemctl disable ufw
apt-get install -y wget
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815_5.8.15-050815.202010141131_all.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-image-unsigned-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-modules-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb
dpkg -i *.deb
apt-get -y update
#apt-get install -y software-properties-common
apt-get install -y openresolv
#add-apt-repository -y ppa:wireguard/wireguard
apt-get install -y wireguard
install_tools "apt-get"
elif [ "$RELEASE" == "debian" ]; then
echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
#printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
apt update
apt install -y linux-image-5.8.0-0.bpo.2-cloud-amd64
apt install -y wireguard openresolv
#apt update
#apt install -y wireguard
install_tools "apt"
else
red "=================="
red "$RELEASE $VERSION系统暂未支持"
red "=================="
fi
}
function config_wg(){
mkdir /etc/wireguard
cd /etc/wireguard
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey
s1=$(cat sprivatekey)
s2=$(cat spublickey)
c1=$(cat cprivatekey)
c2=$(cat cpublickey)
serverip=$(curl ipv4.icanhazip.com)
port=$(rand 10000 60000)
eth=$(ls /sys/class/net| grep ^e | head -n1)
chmod 777 -R /etc/wireguard
cat > /etc/wireguard/wg0.conf <<-EOF
[Interface]
PrivateKey = $s1
Address = 10.77.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE
ListenPort = $port
DNS = 8.8.8.8
MTU = 1300
[Peer]
PublicKey = $c2
AllowedIPs = 10.77.0.2/32
EOF
#cat > /etc/wireguard/client.conf <<-EOF
#[Interface]
#PrivateKey = $c1
#Address = 10.77.0.2/24
#DNS = 8.8.8.8
#MTU = 1420
#[Peer]
#PublicKey = $s2
#Endpoint = $serverip:$port
#AllowedIPs = 0.0.0.0/0, ::0/0
#PersistentKeepalive = 25
#EOF
#wg-quick up wg0
udp_install
systemctl enable wg-quick@wg0
#content=$(cat /etc/wireguard/client.conf)
green "配置文件位置:/etc/wireguard/client.conf"
#green "${content}" | qrencode -o - -t UTF8
red "注意:本次安装必须重启一次, wireguard才能正常使用"
read -p "是否现在重启 ? [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
echo -e "VPS 重启中..."
reboot
fi
}
function udp_install(){
#下载udpspeeder和udp2raw (amd64版)
mkdir /usr/src/udp
cd /usr/src/udp
wget https://github.com/atrandys/wireguard/raw/master/speederv2
wget https://github.com/atrandys/wireguard/raw/master/udp2raw
wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh
chmod +x speederv2 udp2raw run.sh
#启动udpspeeder和udp2raw
udpport=$(rand 10000 60000)
password=$(randpwd)
#nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &
#nohup ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &
echo -e "\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\033[0m"
read -p "比如192.168.1.1 :" ugateway
cat > /etc/wireguard/client.conf <<-EOF
[Interface]
PrivateKey = $c1
PostUp = mshta vbscript:CreateObject("WScript.Shell").Run("cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password",0)(window.close)
PostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f
Address = 10.77.0.2/24
DNS = 8.8.8.8
MTU = 1300
[Peer]
PublicKey = $s2
Endpoint = 127.0.0.1:2090
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
cat > /etc/wireguard/client_noudp.conf <<-EOF
[Interface]
PrivateKey = $c1
Address = 10.77.0.2/24
DNS = 8.8.8.8
MTU = 1300
[Peer]
PublicKey = $s2
Endpoint = $serverip:$port
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
cat > /etc/wireguard/udp.sh <<-EOF
#!/bin/bash
nohup usr/src/udp/speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &
nohup usr/src/udp/udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &
EOF
chmod +x /etc/wireguard/udp.sh
#增加自启动脚本
cat > /etc/systemd/system/autoudp.service<<-EOF
[Unit]
Description=autoudp
After=network.target
[Service]
Type=forking
ExecStart=/etc/wireguard/udp.sh
ExecReload=/bin/kill -9 \$(pidof udp2raw) && /bin/kill -9 \$(pidof udpspeeder)
Restart=on-failure
RestartSec=1s
[Install]
WantedBy=multi-user.target
EOF
#设置脚本权限
chmod +x /etc/systemd/system/autoudp.service
systemctl enable autoudp.service
systemctl start autoudp.service
}
function add_user(){
green "=================================="
green "给新用户起个名字,不能和已有用户重复"
green "=================================="
read -p "请输入用户名:" newname
cd /etc/wireguard/
if [ ! -f "/etc/wireguard/$newname.conf" ]; then
cp client.conf $newname.conf
wg genkey | tee temprikey | wg pubkey > tempubkey
ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')
newnum=$((10#${ipnum}+1))
sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf
sed -i 's%^Address.*$%'"Address = 10.77.0.$newnum\/24"'%' $newname.conf
cat >> /etc/wireguard/wg0.conf <<-EOF
[Peer]
PublicKey = $(cat tempubkey)
AllowedIPs = 10.77.0.$newnum/32
EOF
wg set wg0 peer $(cat tempubkey) allowed-ips 10.77.0.$newnum/32
green "============================================="
green "添加完成,文件:/etc/wireguard/$newname.conf"
green "============================================="
rm -f temprikey tempubkey
else
red "======================"
red "用户名已存在,请更换名称"
red "======================"
fi
}
function remove_wg(){
check_release
if [ -d "/etc/wireguard" ]; then
wg-quick down wg0
if [ "$RELEASE" == "centos" ]; then
yum remove -y wireguard-dkms wireguard-tools
rm -rf /etc/wireguard/
green "卸载完成"
elif [ "$RELEASE" == "ubuntu" ]; then
apt-get remove -y wireguard
rm -rf /etc/wireguard/
green "卸载完成"
elif [ "$RELEASE" == "debian" ]; then
apt remove -y wireguard
rm -rf /etc/wireguard/
green "卸载完成"
else
red "系统不符合要求"
fi
else
red "未检测到wireguard"
fi
}
function start_menu(){
clear
green "==============================================="
green " 介绍: 一键安装wireguard + udpspeeder + udp2raw"
green " 系统: Centos7+/Ubuntu18.04+/Debian9+"
green " 作者: atrandys www.atrandys.com"
green " 提示: 脚本安装过程中会升级内核,请勿生产环境使用"
green "==============================================="
green "1. 安装wireguard + udpspeeder + udp2raw"
red "2. 删除wireguard"
green "3. 增加用户"
red "0. 退出"
echo
read -p "请选择:" num
case "$num" in
1)
check_selinux
install_wg
config_wg
;;
2)
remove_wg
;;
3)
add_user
;;
0)
exit 1
;;
*)
clear
red "Please enter the correct number!"
sleep 1s
start_menu
;;
esac
}
start_menu
================================================
FILE: wg_mult.sh
================================================
#!/bin/bash
#wireguard onekey script for centos7+/ubuntu/debian
function blue(){
echo -e "\033[34m\033[01m$1\033[0m"
}
function green(){
echo -e "\033[32m\033[01m$1\033[0m"
}
function red(){
echo -e "\033[31m\033[01m$1\033[0m"
}
function rand(){
min=$1
max=$(($2-$min+1))
num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
echo $(($num%$max+$min))
}
function version_lt(){
test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1";
}
function check_selinux(){
CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#")
if [ "$CHECK" == "SELINUX=enforcing" ]; then
red "============"
red "关闭SELinux"
red "============"
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
if [ "$CHECK" == "SELINUX=permissive" ]; then
red "============"
red "关闭SELinux"
red "============"
sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
fi
}
function check_release(){
source /etc/os-release
RELEASE=$ID
VERSION=$VERSION_ID
}
function install_tools(){
if [ "$RELEASE" == "centos" ]; then
$1 install -y qrencode iptables-services
systemctl enable iptables
systemctl start iptables
iptables -F
service iptables save
else
$1 install -y qrencode iptables
fi
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
}
function install_wg(){
check_release
if [ "$RELEASE" == "centos" ] && [ "$VERSION" == "7" ]; then
yum install -y yum-utils epel-release
yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel
yum install -y kernel-plus wireguard-tools
sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
systemctl stop firewalld
systemctl disable firewalld
install_tools "yum"
elif [ "$RELEASE" == "centos" ] && [ "$VERSION" == "8" ]; then
yum install -y yum-utils epel-release
yum-config-manager --setopt=centosplus.includepkgs="kernel-plus, kernel-plus-*" --setopt=centosplus.enabled=1 --save
sed -e 's/^DEFAULTKERNEL=kernel-core$/DEFAULTKERNEL=kernel-plus-core/' -i /etc/sysconfig/kernel
yum install -y kernel-plus wireguard-tools
sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
systemctl stop firewalld
systemctl disable firewalld
install_tools "yum"
elif [ "$RELEASE" == "ubuntu" ]; then
if [ "$VERSION" == "12.04" ] || [ "$VERSION" == "16.04" ]; then
red "=================="
red "$RELEASE $VERSION系统暂未支持"
red "=================="
exit
fi
systemctl stop ufw
systemctl disable ufw
apt-get install -y wget
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815_5.8.15-050815.202010141131_all.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-image-unsigned-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-modules-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb
dpkg -i *.deb
apt-get -y update
#apt-get install -y software-properties-common
apt-get install -y openresolv
#add-apt-repository -y ppa:wireguard/wireguard
apt-get install -y wireguard
install_tools "apt-get"
elif [ "$RELEASE" == "debian" ]; then
echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
#printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
apt update
apt install -y linux-image-5.8.0-0.bpo.2-cloud-amd64
apt install -y wireguard openresolv
#apt update
#apt install -y wireguard
install_tools "apt"
else
red "=================="
red "$RELEASE $VERSION系统暂未支持"
red "=================="
fi
}
function config_wg(){
mkdir /etc/wireguard
cd /etc/wireguard
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey
s1=$(cat sprivatekey)
s2=$(cat spublickey)
c1=$(cat cprivatekey)
c2=$(cat cpublickey)
serverip=$(curl ipv4.icanhazip.com)
port=$(rand 10000 60000)
eth=$(ls /sys/class/net| grep ^e | head -n1)
chmod 777 -R /etc/wireguard
cat > /etc/wireguard/wg0.conf <<-EOF
[Interface]
PrivateKey = $s1
Address = 10.77.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE
ListenPort = $port
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $c2
AllowedIPs = 10.77.0.2/32
EOF
cat > /etc/wireguard/client.conf <<-EOF
[Interface]
PrivateKey = $c1
Address = 10.77.0.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $s2
Endpoint = $serverip:$port
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
#wg-quick up wg0
systemctl enable wg-quick@wg0
content=$(cat /etc/wireguard/client.conf)
green "电脑端请下载/etc/wireguard/client.conf文件,手机端可直接使用软件扫码"
green "${content}" | qrencode -o - -t UTF8
red "注意:本次安装必须重启一次, wireguard才能正常使用"
read -p "是否现在重启 ? [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
echo -e "VPS 重启中..."
reboot
fi
}
function add_user(){
green "=================================="
green "给新用户起个名字,不能和已有用户重复"
green "=================================="
read -p "请输入用户名:" newname
cd /etc/wireguard/
if [ ! -f "/etc/wireguard/$newname.conf" ]; then
cp client.conf $newname.conf
wg genkey | tee temprikey | wg pubkey > tempubkey
ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')
newnum=$((10#${ipnum}+1))
sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf
sed -i 's%^Address.*$%'"Address = 10.77.0.$newnum\/24"'%' $newname.conf
cat >> /etc/wireguard/wg0.conf <<-EOF
[Peer]
PublicKey = $(cat tempubkey)
AllowedIPs = 10.77.0.$newnum/32
EOF
wg set wg0 peer $(cat tempubkey) allowed-ips 10.77.0.$newnum/32
green "============================================="
green "添加完成,文件:/etc/wireguard/$newname.conf"
green "============================================="
rm -f temprikey tempubkey
else
red "======================"
red "用户名已存在,请更换名称"
red "======================"
fi
}
function remove_wg(){
check_release
if [ -d "/etc/wireguard" ]; then
wg-quick down wg0
if [ "$RELEASE" == "centos" ]; then
yum remove -y wireguard-dkms wireguard-tools
rm -rf /etc/wireguard/
green "卸载完成"
elif [ "$RELEASE" == "ubuntu" ]; then
apt-get remove -y wireguard
rm -rf /etc/wireguard/
green "卸载完成"
elif [ "$RELEASE" == "debian" ]; then
apt remove -y wireguard
rm -rf /etc/wireguard/
green "卸载完成"
else
red "系统不符合要求"
fi
else
red "未检测到wireguard"
fi
}
function start_menu(){
clear
green "==============================================="
green " 介绍: 一键安装wireguard, 增加wireguard多用户"
green " 系统: Centos7+/Ubuntu18.04+/Debian9+"
green " 作者: atrandys www.atrandys.com"
green " 提示: 脚本安装过程中会升级内核,请勿生产环境使用"
green "==============================================="
green "1. 安装wireguard"
red "2. 删除wireguard"
green "3. 显示默认用户二维码"
green "4. 增加用户"
red "0. 退出"
echo
read -p "请选择:" num
case "$num" in
1)
check_selinux
install_wg
config_wg
;;
2)
remove_wg
;;
3)
content=$(cat /etc/wireguard/client.conf)
echo "${content}" | qrencode -o - -t UTF8
;;
4)
add_user
;;
0)
exit 1
;;
*)
clear
red "Please enter the correct number!"
sleep 1s
start_menu
;;
esac
}
start_menu
================================================
FILE: wg_mult.sh.bak
================================================
#!/bin/bash
#wireguard onekey script for centos7+/ubuntu/debian
function blue(){
echo -e "\033[34m\033[01m$1\033[0m"
}
function green(){
echo -e "\033[32m\033[01m$1\033[0m"
}
function red(){
echo -e "\033[31m\033[01m$1\033[0m"
}
function rand(){
min=$1
max=$(($2-$min+1))
num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
echo $(($num%$max+$min))
}
function check_selinux(){
CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#")
if [ "$CHECK" == "SELINUX=enforcing" ]; then
red "======================================================================="
red "检测到SELinux为开启状态,为防止wireguard连接失败,请先重启VPS后,再执行本脚本"
red "======================================================================="
read -p "是否现在重启 ?请输入 [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
echo -e "VPS 重启中..."
reboot
fi
exit
fi
if [ "$CHECK" == "SELINUX=permissive" ]; then
red "======================================================================="
red "检测到SELinux为宽容状态,为防止wireguard连接失败,请先重启VPS后,再执行本脚本"
red "======================================================================="
read -p "是否现在重启 ?请输入 [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
echo -e "VPS 重启中..."
reboot
fi
exit
fi
}
function check_release(){
source /etc/os-release
RELEASE=$ID
VERSION=$VERSION_ID
}
function install_wg(){
check_release
if [ "$RELEASE" == "centos" ] && [ "$VERSION" == "7" ]; then
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y "kernel-devel-uname-r == $(uname -r)"
curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
yum install -y wireguard-dkms wireguard-tools qrencode iptables-services
systemctl stop firewalld
systemctl disable firewalld
systemctl enable iptables
systemctl start iptables
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
service iptables save
service iptables restart
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
elif [ "$RELEASE" == "centos" ] && [ "$VERSION" == "8" ]; then
yum install -y epel-release
yum install -y "kernel-devel-uname-r == $(uname -r)"
yum config-manager --set-enabled PowerTools
yum copr enable -y jdoss/wireguard
yum install -y wireguard-dkms wireguard-tools qrencode iptables-services
systemctl stop firewalld
systemctl disable firewalld
systemctl enable iptables
systemctl start iptables
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
service iptables save
service iptables restart
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
elif [ "$RELEASE" == "ubuntu" ] && [ "$VERSION" == "19.04" ]; then
red "==================="
red "暂未支持ubuntu19.04系统"
red "==================="
elif [ "$RELEASE" == "ubuntu" ] && [ "$VERSION" == "19.10" ]; then
red "==================="
red "暂未支持ubuntu19.10系统"
red "==================="
elif [ "$RELEASE" == "ubuntu" ] && [ "$VERSION" == "16.04" ]; then
systemctl stop ufw
systemctl disable ufw
apt-get -y update
add-apt-repository -y ppa:wireguard/wireguard
apt-get update
apt-get install -y wireguard qrencode iptables
systemctl enable iptables
systemctl start iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
elif [ "$RELEASE" == "ubuntu" ] && [ "$VERSION" == "18.04" ]; then
systemctl stop ufw
systemctl disable ufw
apt-get -y update
apt-get install -y software-properties-common
apt-get install -y openresolv
add-apt-repository -y ppa:wireguard/wireguard
apt-get -y update
apt-get install -y wireguard qrencode iptables
systemctl enable iptables
systemctl start iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
elif [ "$RELEASE" == "debian" ]; then
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
apt update
apt install -y wireguard qrencode iptables
systemctl enable iptables
systemctl start iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
else
red "================="
red "您当前系统暂未支持"
red "================="
fi
}
function config_wg(){
mkdir /etc/wireguard
cd /etc/wireguard
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey
s1=$(cat sprivatekey)
s2=$(cat spublickey)
c1=$(cat cprivatekey)
c2=$(cat cpublickey)
serverip=$(curl ipv4.icanhazip.com)
port=$(rand 10000 60000)
eth=$(ls /sys/class/net| awk 'NR==1&&/^e/{print $1}')
chmod 777 -R /etc/wireguard
cat > /etc/wireguard/wg0.conf <<-EOF
[Interface]
PrivateKey = $s1
Address = 10.77.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE
ListenPort = $port
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $c2
AllowedIPs = 10.77.0.2/32
EOF
cat > /etc/wireguard/client.conf <<-EOF
[Interface]
PrivateKey = $c1
Address = 10.77.0.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $s2
Endpoint = $serverip:$port
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
wg-quick up wg0
systemctl enable wg-quick@wg0
content=$(cat /etc/wireguard/client.conf)
green "电脑端请下载/etc/wireguard/client.conf文件,手机端可直接使用软件扫码"
green "${content}" | qrencode -o - -t UTF8
}
function add_user(){
green "=================================="
green "给新用户起个名字,不能和已有用户重复"
green "=================================="
read -p "请输入用户名:" newname
cd /etc/wireguard/
if [ ! -f "/etc/wireguard/$newname.conf" ]; then
cp client.conf $newname.conf
wg genkey | tee temprikey | wg pubkey > tempubkey
ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')
newnum=$((10#${ipnum}+1))
sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf
sed -i 's%^Address.*$%'"Address = 10.77.0.$newnum\/24"'%' $newname.conf
cat >> /etc/wireguard/wg0.conf <<-EOF
[Peer]
PublicKey = $(cat tempubkey)
AllowedIPs = 10.77.0.$newnum/32
EOF
wg set wg0 peer $(cat tempubkey) allowed-ips 10.77.0.$newnum/32
green "============================================="
green "添加完成,文件:/etc/wireguard/$newname.conf"
green "============================================="
rm -f temprikey tempubkey
else
red "======================"
red "用户名已存在,请更换名称"
red "======================"
fi
}
function remove_wg(){
check_release
if [ -d "/etc/wireguard" ]; then
wg-quick down wg0
if [ "$RELEASE" == "centos" ]; then
yum remove -y wireguard-dkms wireguard-tools
rm -rf /etc/wireguard/
green "卸载完成"
elif [ "$RELEASE" == "ubuntu" ]; then
apt-get remove -y wireguard
rm -rf /etc/wireguard/
green "卸载完成"
elif [ "$RELEASE" == "debian" ]; then
apt remove -y wireguard
rm -rf /etc/wireguard/
green "卸载完成"
else
red "系统不符合要求"
fi
else
red "未检测到wireguard"
fi
}
function start_menu(){
clear
green "=========================================="
green " Info : For Centos7+/Ubuntu16+/Debian9+"
green " Author : A"
green "=========================================="
green "1. Install wireguard"
red "2. Remove wireguard"
green "3. Show client QRcode"
green "4. Add user"
red "0. Exit"
echo
read -p "Please enter a number:" num
case "$num" in
1)
check_selinux
install_wg
config_wg
;;
2)
remove_wg
;;
3)
content=$(cat /etc/wireguard/client.conf)
echo "${content}" | qrencode -o - -t UTF8
;;
4)
add_user
;;
0)
exit 1
;;
*)
clear
red "Please enter the correct number!"
sleep 1s
start_menu
;;
esac
}
start_menu
================================================
FILE: wireguard_game.sh
================================================
#!/bin/bash
#wg+udpspeeder+udp2raw,fec:游戏场景
if [ ! -e '/etc/redhat-release' ]; then
echo -e "\033[37;41m仅支持centos7\033[0m"
exit
fi
if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
echo -e "\033[37;41m仅支持centos7\033[0m"
exit
fi
#更新内核
update_kernel(){
yum -y install epel-release wget curl
sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo
yum remove -y kernel-devel
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
yum -y --enablerepo=elrepo-kernel install kernel-ml
sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
yum -y --enablerepo=elrepo-kernel install kernel-ml-devel
read -p "需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
echo -e "\033[37;41mVPS 重启中...\033[0m"
reboot
fi
}
#生成随机端口
rand(){
min=$1
max=$(($2-$min+1))
num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
echo $(($num%$max+$min))
}
randpwd(){
mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4)
echo ${mpasswd}
}
wireguard_update(){
yum update -y wireguard-dkms wireguard-tools
echo -e "\033[37;41m更新完成\033[0m"
}
wireguard_remove(){
yum remove -y wireguard-dkms wireguard-tools
rm -rf /etc/wireguard/
rm -f /etc/rc.d/init.d/autoudp
echo -e "\033[37;41m卸载完成,建议重启服务器\033[0m"
}
udp_install(){
#下载udpspeeder和udp2raw (amd64版)
mkdir /usr/src/udp
cd /usr/src/udp
wget https://github.com/atrandys/wireguard/raw/master/speederv2
wget https://github.com/atrandys/wireguard/raw/master/udp2raw
wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh
chmod +x speederv2 udp2raw run.sh
#启动udpspeeder和udp2raw
udpport=$(rand 10000 60000)
password=$(randpwd)
nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &
nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &
echo -e "\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\033[0m"
read -p "比如192.168.1.1 :" ugateway
cat > /etc/wireguard/client/client.conf <<-EOF
[Interface]
PrivateKey = $c1
PostUp = mshta vbscript:CreateObject("WScript.Shell").Run("cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password",0)(window.close)
PostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f
Address = 10.0.0.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $s2
Endpoint = 127.0.0.1:2090
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
cat > /etc/wireguard/client/client_noudp.conf <<-EOF
[Interface]
PrivateKey = $c1
Address = 10.0.0.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $s2
Endpoint = $serverip:$port
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
#增加自启动脚本
cat > /etc/rc.d/init.d/autoudp<<-EOF
#!/bin/sh
#chkconfig: 2345 80 90
#description:autoudp
cd /usr/src/udp
nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &
nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &
EOF
#设置脚本权限
chmod +x /etc/rc.d/init.d/autoudp
chkconfig --add autoudp
chkconfig autoudp on
}
#centos7安装wireguard
wireguard_install(){
curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel
yum -y install wireguard-dkms wireguard-tools
mkdir /etc/wireguard
mkdir /etc/wireguard/client
cd /etc/wireguard
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey
s1=$(cat sprivatekey)
s2=$(cat spublickey)
c1=$(cat cprivatekey)
c2=$(cat cpublickey)
serverip=$(curl ipv4.icanhazip.com)
port=$(rand 10000 60000)
eth=$(ls /sys/class/net | awk '/^e/{print}')
chmod 777 -R /etc/wireguard
systemctl stop firewalld
systemctl disable firewalld
yum install -y iptables-services
systemctl enable iptables
systemctl start iptables
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
service iptables save
service iptables restart
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
cat > /etc/wireguard/wg0.conf <<-EOF
[Interface]
PrivateKey = $s1
Address = 10.0.0.1/24
PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE
ListenPort = $port
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $c2
AllowedIPs = 10.0.0.2/32
EOF
udp_install
wg-quick up wg0
systemctl enable wg-quick@wg0
echo -e "\033[37;41m安装完毕,客户端配置文件:/etc/wireguard/client/client.conf\033[0m"
}
add_user(){
echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m"
read -p "请输入用户名:" newname
cd /etc/wireguard/client
cp client.conf $newname.conf
wg genkey | tee temprikey | wg pubkey > tempubkey
ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')
newnum=$((10#${ipnum}+1))
sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf
sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf
cat >> /etc/wireguard/wg0.conf <<-EOF
[Peer]
PublicKey = $(cat tempubkey)
AllowedIPs = 10.0.0.$newnum/32
EOF
wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32
echo -e "\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\033[0m"
rm -f temprikey tempubkey
}
#开始菜单
start_menu(){
clear
echo -e "\033[43;42m ====================================\033[0m"
echo -e "\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \033[0m"
echo -e "\033[43;42m 系统:CentOS7 \033[0m"
echo -e "\033[43;42m 作者:A \033[0m"
echo -e "\033[43;42m ====================================\033[0m"
echo
echo -e "\033[0;33m 1. 升级系统内核(必需)\033[0m"
echo -e "\033[0;33m 2. 安装wireguard+udpspeeder+udp2raw\033[0m"
echo " 3. 升级wireguard"
echo " 4. 卸载wireguard"
echo -e "\033[37;41m 5. 增加用户\033[0m"
echo " 0. 退出脚本"
echo
read -p "请输入数字:" num
case "$num" in
1)
update_kernel
;;
2)
wireguard_install
;;
3)
wireguard_update
;;
4)
wireguard_remove
;;
5)
add_user
;;
0)
exit 1
;;
*)
clear
echo -e "请输入正确数字"
sleep 2s
start_menu
;;
esac
}
start_menu
================================================
FILE: wireguard_game_ubuntu.sh
================================================
#!/bin/bash
rand(){
min=$1
max=$(($2-$min+1))
num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
echo $(($num%$max+$min))
}
randpwd(){
mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4)
echo ${mpasswd}
}
wireguard_install(){
version=$(cat /etc/os-release | awk -F '[".]' '$1=="VERSION="{print $2}')
if [ $version == 18 ]
then
sudo apt-get update -y
sudo apt-get install -y software-properties-common
sudo apt-get install -y openresolv
else
sudo apt-get update -y
sudo apt-get install -y software-properties-common
fi
sudo add-apt-repository -y ppa:wireguard/wireguard
sudo apt-get update -y
sudo apt-get install -y wireguard curl
sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
sysctl -p
echo "1"> /proc/sys/net/ipv4/ip_forward
mkdir /etc/wireguard
cd /etc/wireguard
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey
s1=$(cat sprivatekey)
s2=$(cat spublickey)
c1=$(cat cprivatekey)
c2=$(cat cpublickey)
serverip=$(curl ipv4.icanhazip.com)
port=$(rand 10000 60000)
eth=$(ls /sys/class/net | awk '/^e/{print}')
sudo cat > /etc/wireguard/wg0.conf <<-EOF
[Interface]
PrivateKey = $s1
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE
ListenPort = $port
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $c2
AllowedIPs = 10.0.0.2/32
EOF
sudo cat > /etc/init.d/wgstart <<-EOF
#! /bin/bash
### BEGIN INIT INFO
# Provides: wgstart
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: wgstart
### END INIT INFO
sudo wg-quick up wg0
EOF
sudo chmod 755 /etc/init.d/wgstart
cd /etc/init.d
if [ $version == 14 ]
then
sudo update-rc.d wgstart defaults 90
else
sudo update-rc.d wgstart defaults
fi
udp_install
sudo wg-quick up wg0
}
udp_install(){
#下载udpspeeder和udp2raw (amd64版)
mkdir /usr/src/udp
mkdir /etc/wireguard/client
cd /usr/src/udp
wget https://github.com/atrandys/wireguard/raw/master/speederv2
wget https://github.com/atrandys/wireguard/raw/master/udp2raw
wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh
chmod +x speederv2 udp2raw run.sh
#启动udpspeeder和udp2raw
udpport=$(rand 10000 60000)
password=$(randpwd)
nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &
nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &
echo -e "\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\033[0m"
read -p "比如192.168.1.1 :" ugateway
cat > /etc/wireguard/client/client.conf <<-EOF
[Interface]
PrivateKey = $c1
PostUp = mshta vbscript:CreateObject("WScript.Shell").Run("cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password",0)(window.close)
PostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f
Address = 10.0.0.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $s2
Endpoint = 127.0.0.1:2090
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
cat > /etc/wireguard/client/client_noudp.conf <<-EOF
[Interface]
PrivateKey = $c1
Address = 10.0.0.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $s2
Endpoint = $serverip:$port
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
#增加自启动脚本
cat > /etc/init.d/autoudp<<-EOF
#! /bin/sh
### BEGIN INIT INFO
# Provides: autoudp
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: autoudp
### END INIT INFO
cd /usr/src/udp
nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &
nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &
EOF
#设置脚本权限
sudo chmod 755 /etc/init.d/autoudp
cd /etc/init.d
if [ $version == 14 ]
then
sudo update-rc.d autoudp defaults 90
else
sudo update-rc.d autoudp defaults
fi
}
wireguard_remove(){
sudo wg-quick down wg0
sudo apt-get remove -y wireguard
sudo rm -rf /etc/wireguard
sudo rm -f /etc/init.d/wgstart
sudo rm -f /etc/init.d/autoudp
echo -e "\033[37;41m卸载完成,建议重启服务器\033[0m"
}
add_user(){
echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m"
read -p "请输入用户名:" newname
cd /etc/wireguard/client
cp client.conf $newname.conf
wg genkey | tee temprikey | wg pubkey > tempubkey
ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')
newnum=$((10#${ipnum}+1))
sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf
sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf
cat >> /etc/wireguard/wg0.conf <<-EOF
[Peer]
PublicKey = $(cat tempubkey)
AllowedIPs = 10.0.0.$newnum/32
EOF
wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32
echo -e "\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\033[0m"
rm -f temprikey tempubkey
}
#开始菜单
start_menu(){
clear
echo -e "\033[43;42m ====================================\033[0m"
echo -e "\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \033[0m"
echo -e "\033[43;42m 系统:Ubuntu \033[0m"
echo -e "\033[43;42m 作者:A \033[0m"
echo -e "\033[43;42m ====================================\033[0m"
echo
echo -e "\033[0;33m 1. 安装wireguard+udpspeeder+udp2raw\033[0m"
echo -e "\033[0;31m 2. 删除wireguard+udpspeeder+udp2raw\033[0m"
echo -e "\033[37;41m 3. 增加用户\033[0m"
echo -e " 0. 退出脚本"
echo
read -p "请输入数字:" num
case "$num" in
1)
wireguard_install
;;
2)
wireguard_remove
;;
3)
add_user
;;
0)
exit 1
;;
*)
clear
echo -e "请输入正确数字"
sleep 2s
start_menu
;;
esac
}
start_menu
================================================
FILE: wireguard_install.sh
================================================
#!/bin/bash
#判断系统
if [ ! -e '/etc/redhat-release' ]; then
echo "仅支持centos7"
exit
fi
if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
echo "仅支持centos7"
exit
fi
#更新内核
update_kernel(){
yum -y install epel-release curl
sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo
yum remove -y kernel-devel
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
yum -y --enablerepo=elrepo-kernel install kernel-ml
sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
yum -y --enablerepo=elrepo-kernel install kernel-ml-devel
read -p "需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
echo -e "VPS 重启中..."
reboot
fi
}
#生成随机端口
rand(){
min=$1
max=$(($2-$min+1))
num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
echo $(($num%$max+$min))
}
wireguard_update(){
yum update -y wireguard-dkms wireguard-tools
echo "更新完成"
}
wireguard_remove(){
wg-quick down wg0
yum remove -y wireguard-dkms wireguard-tools
rm -rf /etc/wireguard/
echo "卸载完成"
}
config_client(){
cat > /etc/wireguard/client.conf <<-EOF
[Interface]
PrivateKey = $c1
Address = 10.77.77.2/32
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $s2
Endpoint = $serverip:$port
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
}
#centos7安装wireguard
wireguard_install(){
curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel
yum -y install wireguard-dkms wireguard-tools
yum -y install qrencode
mkdir /etc/wireguard
cd /etc/wireguard
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey
s1=$(cat sprivatekey)
s2=$(cat spublickey)
c1=$(cat cprivatekey)
c2=$(cat cpublickey)
serverip=$(curl ipv4.icanhazip.com)
port=$(rand 10000 60000)
eth=$(ls /sys/class/net | grep e | head -1)
chmod 777 -R /etc/wireguard
systemctl stop firewalld
systemctl disable firewalld
yum install -y iptables-services
systemctl enable iptables
systemctl start iptables
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
service iptables save
service iptables restart
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
cat > /etc/wireguard/wg0.conf <<-EOF
[Interface]
PrivateKey = $s1
Address = 10.77.0.1/16
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -I FORWARD -s 10.77.77.1/24 -d 10.77.77.1/24 -j DROP; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -D FORWARD -s 10.77.77.1/24 -d 10.77.77.1/24 -j DROP; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE
ListenPort = $port
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $c2
AllowedIPs = 10.77.77.2/32
EOF
config_client
wg-quick up wg0
systemctl enable wg-quick@wg0
content=$(cat /etc/wireguard/client.conf)
echo "电脑端请下载client.conf,手机端可直接使用软件扫码"
echo "${content}" | qrencode -o - -t UTF8
}
add_user(){
echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m"
read -p "请输入用户名:" newname
cd /etc/wireguard/
cp client.conf $newname.conf
wg genkey | tee temprikey | wg pubkey > tempubkey
ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')
newnum=$((10#${ipnum}+1))
sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf
sed -i 's%^Address.*$%'"Address = 10.77.77.$newnum\/32"'%' $newname.conf
cat >> /etc/wireguard/wg0.conf <<-EOF
[Peer]
PublicKey = $(cat tempubkey)
AllowedIPs = 10.77.77.$newnum/32
EOF
wg set wg0 peer $(cat tempubkey) allowed-ips 10.77.77.$newnum/32
echo -e "\033[37;41m添加完成,文件:/etc/wireguard/$newname.conf\033[0m"
rm -f temprikey tempubkey
}
#开始菜单
start_menu(){
clear
echo "========================="
echo " 介绍:适用于CentOS7"
echo " 作者:A"
echo "========================="
echo "1. 升级系统内核"
echo "2. 安装wireguard"
echo "3. 升级wireguard"
echo "4. 卸载wireguard"
echo "5. 显示客户端二维码"
echo "6. 增加用户"
echo "0. 退出脚本"
echo
read -p "请输入数字:" num
case "$num" in
1)
update_kernel
;;
2)
wireguard_install
;;
3)
wireguard_update
;;
4)
wireguard_remove
;;
5)
content=$(cat /etc/wireguard/client.conf)
echo "${content}" | qrencode -o - -t UTF8
;;
6)
add_user
;;
0)
exit 1
;;
*)
clear
echo "请输入正确数字"
sleep 5s
start_menu
;;
esac
}
start_menu
================================================
FILE: wireguard_install_ubuntu.sh
================================================
#!/bin/bash
rand(){
min=$1
max=$(($2-$min+1))
num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
echo $(($num%$max+$min))
}
wireguard_install(){
version=$(cat /etc/os-release | awk -F '[".]' '$1=="VERSION="{print $2}')
if [ $version == 18 ]; then
sudo apt-get update -y
sudo apt-get install -y software-properties-common
sudo apt-get install -y openresolv
#else
# sudo apt-get update -y
# sudo apt-get install -y software-properties-common
fi
sudo add-apt-repository -y ppa:wireguard/wireguard
sudo apt-get update -y
sudo apt-get install -y wireguard curl
sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
sysctl -p
echo "1"> /proc/sys/net/ipv4/ip_forward
mkdir /etc/wireguard
cd /etc/wireguard
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey
s1=$(cat sprivatekey)
s2=$(cat spublickey)
c1=$(cat cprivatekey)
c2=$(cat cpublickey)
serverip=$(curl ipv4.icanhazip.com)
port=$(rand 10000 60000)
eth=$(ls /sys/class/net | awk '/^e/{print}')
sudo cat > /etc/wireguard/wg0.conf <<-EOF
[Interface]
PrivateKey = $s1
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE
ListenPort = $port
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $c2
AllowedIPs = 10.0.0.2/32
EOF
sudo cat > /etc/wireguard/client.conf <<-EOF
[Interface]
PrivateKey = $c1
Address = 10.0.0.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $s2
Endpoint = $serverip:$port
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
sudo apt-get install -y qrencode
sudo cat > /etc/init.d/wgstart <<-EOF
#! /bin/bash
### BEGIN INIT INFO
# Provides: wgstart
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: wgstart
### END INIT INFO
sudo wg-quick up wg0
EOF
sudo chmod +x /etc/init.d/wgstart
cd /etc/init.d
if [ $version == 14 ]
then
sudo update-rc.d wgstart defaults 90
else
sudo update-rc.d wgstart defaults
fi
sudo wg-quick up wg0
content=$(cat /etc/wireguard/client.conf)
echo -e "\033[43;42m电脑端请下载/etc/wireguard/client.conf,手机端可直接使用软件扫码\033[0m"
echo "${content}" | qrencode -o - -t UTF8
}
wireguard_remove(){
sudo wg-quick down wg0
sudo apt-get remove -y wireguard
sudo rm -rf /etc/wireguard
}
add_user(){
echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m"
read -p "请输入用户名:" newname
cd /etc/wireguard/
cp client.conf $newname.conf
wg genkey | tee temprikey | wg pubkey > tempubkey
ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')
newnum=$((10#${ipnum}+1))
sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf
sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf
cat >> /etc/wireguard/wg0.conf <<-EOF
[Peer]
PublicKey = $(cat tempubkey)
AllowedIPs = 10.0.0.$newnum/32
EOF
wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32
echo -e "\033[37;41m添加完成,文件:/etc/wireguard/$newname.conf\033[0m"
rm -f temprikey tempubkey
}
#开始菜单
start_menu(){
clear
echo -e "\033[43;42m ====================================\033[0m"
echo -e "\033[43;42m 介绍:wireguard一键脚本 \033[0m"
echo -e "\033[43;42m 系统:Ubuntu \033[0m"
echo -e "\033[43;42m 作者:A \033[0m"
echo -e "\033[43;42m ====================================\033[0m"
echo
echo -e "\033[0;33m 1. 安装wireguard\033[0m"
echo -e "\033[0;33m 2. 查看客户端二维码\033[0m"
echo -e "\033[0;31m 3. 删除wireguard\033[0m"
echo -e "\033[0;33m 4. 增加用户\033[0m"
echo -e " 0. 退出脚本"
echo
read -p "请输入数字:" num
case "$num" in
1)
wireguard_install
;;
2)
content=$(cat /etc/wireguard/client.conf)
echo "${content}" | qrencode -o - -t UTF8
;;
3)
wireguard_remove
;;
4)
add_user
;;
0)
exit 1
;;
*)
clear
echo -e "请输入正确数字"
sleep 2s
start_menu
;;
esac
}
start_menu
================================================
FILE: wireguard_openwrt.sh
================================================
#!/bin/bash
#0 create file:/etc/wireguard/wg0.conf; create ipset table.txt file
#1 run udpspeeder and udp2raw
nohup ./speederv2 -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f20:10 --mode 0 --timeout 8 -k 249b >speeder.log 2>&1 &
nohup ./run.sh ./udp2raw -c -r27.122.58.154:18949 -l127.0.0.1:2091 --raw-mode faketcp -k 249b >udp2raw.log 2>&1 &
#2 run wireguard with config file(pwd:/etc/wireguard/wg0.conf)
ip link add dev wg0 type wireguard
ip address add dev wg0 10.0.0.2/24
wg setconf wg0 /etc/wireguard/wg0.conf
ip link set up dev wg0
#3 notice: wg0.conf example
#[Interface]
#PrivateKey = yG/bs7lAYy3yJLGqWDXVZrpT16CmDHanpI9g9haPC28=
#[Peer]
#PublicKey = dddHotJ9qujdydvjNDYJVrGWCjpvudX9qcNXk7W4wCo=
#Endpoint = 127.0.0.1:2090
#AllowedIPs = 0.0.0.0/0, ::0/0
#PersistentKeepalive = 5
#4 add route table for wireguard
echo "200 game" >> /etc/iproute2/rt_tables
#5 create ipset table
#ipset create game hash:net
#保存规则ipset save game -f game.txt
#从文件创建
ipset restore -f game.txt
#6 enable iptables rule,mark ip packages equal ipset table
iptables -t mangle -A PREROUTING -m set --match-set game dst -j MARK --set-mark 8
iptables -t mangle -A OUTPUT -m set --match-set game dst -j MARK --set-mark 8
iptables -t nat -A POSTROUTING -m mark --mark 8 -j MASQUERADE
iptables -I FORWARD -o wg0 -j ACCEPT
#7 config route table game:default route,lan
ip route add default dev wg0 table game
ip route add 192.168.3.0/24 dev br-lan table game
#8 enable ip rule
ip rule add fwmark 8 table game
================================================
FILE: wireguard_web.sh
================================================
#!/bin/bash
sudo apt-get update -y
sudo apt-get install -y software-properties-common
sudo add-apt-repository -y ppa:wireguard/wireguard
sudo apt-get update -y
sudo apt-get install -y wireguard
apt-get remove -y dnsmasq
echo nameserver 1.1.1.1 >/etc/resolv.conf
modprobe wireguard
modprobe iptable_nat
modprobe ip6table_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" > /etc/sysctl.conf
curl -fsSL get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo systemctl enable docker
sudo systemctl start docker
sudo cat > /etc/init.d/wgwebstart <<-EOF
#! /bin/bash
### BEGIN INIT INFO
# Provides: wgwebstart
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: wgwebstart
### END INIT INFO
modprobe wireguard
modprobe iptable_nat
modprobe ip6table_nat
sudo docker start subspace
EOF
sudo chmod 755 /etc/init.d/wgwebstart
sudo update-rc.d wgwebstart defaults
read -p "输入域名:" domain
docker create \
--name subspace \
--network host \
--cap-add NET_ADMIN \
--volume /usr/bin/wg:/usr/bin/wg \
--volume /data:/data \
--env SUBSPACE_HTTP_HOST=$domain \
subspacecloud/subspace:latest
sudo docker start subspace
echo "安装完毕,使用浏览器访问域名,配置初始登录账号。"
gitextract_ptzqliey/ ├── README.md ├── iptables_config.sh ├── run.sh ├── speederv2 ├── udp2raw ├── wg_game.sh ├── wg_mult.sh ├── wg_mult.sh.bak ├── wireguard_game.sh ├── wireguard_game_ubuntu.sh ├── wireguard_install.sh ├── wireguard_install_ubuntu.sh ├── wireguard_openwrt.sh └── wireguard_web.sh
Condensed preview — 14 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (70K chars).
[
{
"path": "README.md",
"chars": 275,
"preview": "### 关于\n\n\n#### _install.sh\n> centos版wireguard一键脚本 | centos 7\n#### _install_ubuntu.sh\n> ubuntu版wireguard一键脚本 | ubuntu >= 1"
},
{
"path": "iptables_config.sh",
"chars": 7204,
"preview": "#!/bin/bash\n\n#开放ssh端口、回环、外网、默认策略\nconfig_default(){\n systemctl stop firewalld\n systemctl disable firewalld\n yum "
},
{
"path": "run.sh",
"chars": 40,
"preview": "#!/bin/sh\nwhile true\ndo\n$@\nsleep 1\ndone\n"
},
{
"path": "wg_game.sh",
"chars": 11213,
"preview": "#!/bin/bash\n#wireguard onekey script for centos7+/ubuntu/debian\nfunction blue(){\n echo -e \"\\033[34m\\033[01m$1\\033[0m\""
},
{
"path": "wg_mult.sh",
"chars": 8741,
"preview": "#!/bin/bash\n#wireguard onekey script for centos7+/ubuntu/debian\nfunction blue(){\n echo -e \"\\033[34m\\033[01m$1\\033[0m\""
},
{
"path": "wg_mult.sh.bak",
"chars": 9132,
"preview": "#!/bin/bash\n#wireguard onekey script for centos7+/ubuntu/debian\nfunction blue(){\n echo -e \"\\033[34m\\033[01m$1\\033[0m\""
},
{
"path": "wireguard_game.sh",
"chars": 7505,
"preview": "#!/bin/bash\n\n#wg+udpspeeder+udp2raw,fec:游戏场景\n\nif [ ! -e '/etc/redhat-release' ]; then\necho -e \"\\033[37;41m仅支持centos7\\033"
},
{
"path": "wireguard_game_ubuntu.sh",
"chars": 6567,
"preview": "#!/bin/bash\n\nrand(){\n min=$1\n max=$(($2-$min+1))\n num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{pr"
},
{
"path": "wireguard_install.sh",
"chars": 5189,
"preview": "#!/bin/bash\n\n#判断系统\nif [ ! -e '/etc/redhat-release' ]; then\necho \"仅支持centos7\"\nexit\nfi\nif [ -n \"$(grep ' 6\\.' /etc/redhat"
},
{
"path": "wireguard_install_ubuntu.sh",
"chars": 4432,
"preview": "#!/bin/bash\n\nrand(){\n min=$1\n max=$(($2-$min+1))\n num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{pr"
},
{
"path": "wireguard_openwrt.sh",
"chars": 1499,
"preview": "#!/bin/bash\n\n#0 create file:/etc/wireguard/wg0.conf; create ipset table.txt file\n\n#1 run udpspeeder and udp2raw\n\nnohup ."
},
{
"path": "wireguard_web.sh",
"chars": 1331,
"preview": "#!/bin/bash\n\n\nsudo apt-get update -y\nsudo apt-get install -y software-properties-common\nsudo add-apt-repository -y ppa:w"
}
]
// ... and 2 more files (download for full content)
About this extraction
This page contains the full source code of the yobabyshark/wireguard GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 14 files (61.6 KB), approximately 22.2k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.