[ { "path": "README.md", "content": "### 关于\n\n\n#### _install.sh\n> centos版wireguard一键脚本 | centos 7\n#### _install_ubuntu.sh\n> ubuntu版wireguard一键脚本 | ubuntu >= 14.04\n#### _game.sh\n> centos版wireguard+udpspeeder+udp2raw一键脚本 | centos 7\n#### _game_ubuntu.sh\n> ubuntu版wireguard+udpspeeder+udp2raw一键脚本 | ubuntu >= 14.04\n\n\n" }, { "path": "iptables_config.sh", "content": "#!/bin/bash\n\n#开放ssh端口、回环、外网、默认策略\nconfig_default(){\n systemctl stop firewalld\n systemctl disable firewalld\n yum install -y iptables-services\n systemctl start iptables\n systemctl enable iptables\n ssh_port=$(awk '$1==\"Port\" {print $2}' /etc/ssh/sshd_config)\n if [ ! -n \"$ssh_port\" ]; then\n iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT\n else\n iptables -A INPUT -p tcp -m tcp --dport ${ssh_port} -j ACCEPT\n fi\n iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n iptables -A INPUT -i lo -j ACCEPT\n iptables -P INPUT DROP\n iptables -P FORWARD ACCEPT\n iptables -P OUTPUT ACCEPT\n service iptables save\n echo \"初始配置完成\"\n}\n\n#禁止邮箱\nconfig_mail(){\n iptables -A FORWARD -p tcp -m multiport --dports 24,25,26,50,57,105,106,109,110,143 -j REJECT --reject-with tcp-reset\n iptables -A FORWARD -p udp -m multiport --dports 24,25,26,50,57,105,106,109,110,143 -j DROP\n iptables -A FORWARD -p tcp -m multiport --dports 158,209,218,220,465,587,993,995,1109,60177,60179 -j REJECT --reject-with tcp-reset\n iptables -A FORWARD -p udp -m multiport --dports 158,209,218,220,465,587,993,995,1109,60177,60179 -j DROP\n service iptables save\n echo \"禁止邮箱完毕\"\n}\n\n#禁止关键字\nconfig_keyword(){\n iptables -A FORWARD -m string --string \"netflix.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"tumblr.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"facebook.com.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"instagram.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"pixiv.net\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"whatsapp.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"telegram.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"tunsafe.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"reddit.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"vimeo.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"dailymotion.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"hulu.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"liveleak.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"vine.co\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"ustream.tv\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"metacafe.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"viewstr.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"torrent\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \".torrent\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"peer_id=\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"announce\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"info_hash\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"get_peers\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"find_node\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"BitToorent\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"announce_peer\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"BitTorrent protocol\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"announce.php?passkey=\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"magnet:\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"xunlei\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"sandai\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"Thunder\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"XLLiveUD\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"youtube.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"google.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"youku.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"iqiyi.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"qq.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"huya.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"douyu.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"twitch.tv\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"panda.tv\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"porn\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"renminbao.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"dajiyuan.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"bignews.org\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"creaders.net\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"rfa.org\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"internetfreedom.org\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"voanews.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"minghui.org\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"kanzhongguo.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"peacehall.com\" --algo bm -j DROP\n iptables -A FORWARD -m string --string \"twister\" --algo bm -j DROP\n service iptables save\n echo \"禁止关键字完毕\"\n}\n\n#开放自定义端口\nconfig_port(){\n echo \"开放一个自定义的端口段\"\n read -p \"输入开始端口:\" start_port\n read -p \"输入结束端口:\" stop_port\n iptables -A INPUT -p tcp -m tcp --dport ${start_port}:${stop_port} -j ACCEPT\n iptables -A INPUT -p udp -m udp --dport ${start_port}:${stop_port} -j ACCEPT\n service iptables save\n echo \"开放端口完毕\"\n}\n\n#连接数限制\nconfig_conn(){\n echo \"限制一个端口段的连接数\"\n read -p \"输入开始端口:\" start_conn\n read -p \"输入结束端口:\" stop_conn\n read -p \"输入每个ip允许的连接数:\" conn_num\n iptables -A INPUT -p tcp --dport ${start_conn}:${stop_conn} -m connlimit --connlimit-above ${conn_num} -j DROP\n iptables -A INPUT -p udp --dport ${start_conn}:${stop_conn} -m connlimit --connlimit-above ${conn_num} -j DROP\n service iptables save\n echo \"限制连接数完毕\"\n}\n\n#IP限速\nconfig_IP(){\n echo \"限制IP的速度,从10.0.0.2-254,限制100/sec\"\n for ((i=2; i<=254; i ++))\n do\n\tiptables -I FORWARD -d 10.0.0.$i/32 -j DROP\n \tiptables -I FORWARD -d 10.0.0.$i/32 -m limit --limit 100/sec -j ACCEPT \n done\n service iptables save\n echo \"限制IP速度完毕\"\n}\n\n#清空规则\nconfig_clear(){\n iptables -P INPUT ACCEPT\n iptables -P FORWARD ACCEPT\n iptables -F\n service iptables save\n echo \"清除规则完毕\"\n}\n\n#start\nstart_menu(){\nwhile [ 1 ] \ndo\n echo \"=========================\"\n echo \" 介绍:适用于CentOS7\"\n echo \" 作者:atrandys\"\n echo \" 网站:www.atrandys.com\"\n echo \" Youtube:atrandys\"\n echo \"=========================\"\n echo \"1. 开启ssh(必须)\"\n echo \"2. 禁止邮箱\"\n echo \"3. 禁止常用关键字\"\n echo \"4. 开放自定义端口\"\n echo \"5. 连接数限制\"\n echo \"6. ip限速\"\n echo \"7. 清除所有规则\"\n echo \"0. 退出\"\n echo\n read -p \"请输入数字:\" num\n case \"$num\" in\n \t1)\n\tconfig_default\n\t;;\n\t2)\n\tconfig_mail\n\t;;\n 3)\n\tconfig_keyword\n\t;;\n 4)\n\tconfig_port\n\t;;\n 5)\n\tconfig_conn\n\t;;\n\t6)\n\tconfig_IP\n\t;;\n 7)\n\tconfig_clear\n\t;;\n\t0)\n\texit 1\n\t;;\n\t*)\n\tclear\n\techo \"请输入正确数字\"\n\tsleep 5s\n\tstart_menu\n\t;;\n esac\ndone\n}\n\nstart_menu\n" }, { "path": "run.sh", "content": "#!/bin/sh\nwhile true\ndo\n$@\nsleep 1\ndone\n" }, { "path": "wg_game.sh", "content": "#!/bin/bash\n#wireguard onekey script for centos7+/ubuntu/debian\nfunction blue(){\n echo -e \"\\033[34m\\033[01m$1\\033[0m\"\n}\nfunction green(){\n echo -e \"\\033[32m\\033[01m$1\\033[0m\"\n}\nfunction red(){\n echo -e \"\\033[31m\\033[01m$1\\033[0m\"\n}\n\nfunction randpwd(){\n mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4)\n echo ${mpasswd} \n}\n\nfunction rand(){\n min=$1\n max=$(($2-$min+1))\n num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')\n echo $(($num%$max+$min)) \n}\n\nfunction version_lt(){\n test \"$(echo \"$@\" | tr \" \" \"\\n\" | sort -rV | head -n 1)\" != \"$1\"; \n}\n\nfunction check_selinux(){\n\n CHECK=$(grep SELINUX= /etc/selinux/config | grep -v \"#\")\n if [ \"$CHECK\" == \"SELINUX=enforcing\" ]; then\n red \"============\"\n red \"关闭SELinux\"\n red \"============\"\n sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config\n setenforce 0\n fi\n if [ \"$CHECK\" == \"SELINUX=permissive\" ]; then\n red \"============\"\n red \"关闭SELinux\"\n red \"============\"\n sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config\n setenforce 0\n fi\n}\n\nfunction check_release(){\n\n source /etc/os-release\n RELEASE=$ID\n VERSION=$VERSION_ID\n\n}\n\nfunction install_tools(){\n if [ \"$RELEASE\" == \"centos\" ]; then\n $1 install -y qrencode iptables-services\n systemctl enable iptables \n systemctl start iptables \n iptables -F\n\tservice iptables save\n else\n $1 install -y qrencode iptables\n fi\n echo 1 > /proc/sys/net/ipv4/ip_forward\n echo \"net.ipv4.ip_forward = 1\" >> /etc/sysctl.conf\n sysctl -p\n\n}\n\nfunction install_wg(){\n check_release\n if [ \"$RELEASE\" == \"centos\" ] && [ \"$VERSION\" == \"7\" ]; then\n yum install -y yum-utils epel-release\n yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save\n sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel\n yum install -y kernel-plus wireguard-tools\n\tsed -i \"s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/\" /etc/default/grub\n grub2-mkconfig -o /boot/grub2/grub.cfg\n systemctl stop firewalld\n systemctl disable firewalld\n install_tools \"yum\"\n elif [ \"$RELEASE\" == \"centos\" ] && [ \"$VERSION\" == \"8\" ]; then\n yum install -y yum-utils epel-release\n yum-config-manager --setopt=centosplus.includepkgs=\"kernel-plus, kernel-plus-*\" --setopt=centosplus.enabled=1 --save\n sed -e 's/^DEFAULTKERNEL=kernel-core$/DEFAULTKERNEL=kernel-plus-core/' -i /etc/sysconfig/kernel\n yum install -y kernel-plus wireguard-tools\n\tsed -i \"s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/\" /etc/default/grub\n grub2-mkconfig -o /boot/grub2/grub.cfg\n systemctl stop firewalld\n systemctl disable firewalld\n install_tools \"yum\"\n elif [ \"$RELEASE\" == \"ubuntu\" ]; then\n if [ \"$VERSION\" == \"12.04\" ] || [ \"$VERSION\" == \"16.04\" ]; then\n\t red \"==================\"\n red \"$RELEASE $VERSION系统暂未支持\"\n red \"==================\"\n\t exit\n\tfi\n systemctl stop ufw\n systemctl disable ufw\n\tapt-get install -y wget\n\twget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb\n\twget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815_5.8.15-050815.202010141131_all.deb\n\twget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-image-unsigned-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb\n\twget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-modules-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb\n\tdpkg -i *.deb\n\tapt-get -y update\n #apt-get install -y software-properties-common\n apt-get install -y openresolv\n #add-apt-repository -y ppa:wireguard/wireguard\n apt-get install -y wireguard\n install_tools \"apt-get\"\n elif [ \"$RELEASE\" == \"debian\" ]; then\n echo \"deb http://deb.debian.org/debian buster-backports main\" >> /etc/apt/sources.list\n #printf 'Package: *\\nPin: release a=unstable\\nPin-Priority: 90\\n' > /etc/apt/preferences.d/limit-unstable\n apt update\n\tapt install -y linux-image-5.8.0-0.bpo.2-cloud-amd64\n\tapt install -y wireguard openresolv\n\t#apt update\n #apt install -y wireguard\n install_tools \"apt\"\n else\n red \"==================\"\n red \"$RELEASE $VERSION系统暂未支持\"\n red \"==================\"\n fi\n}\n\nfunction config_wg(){\n\n mkdir /etc/wireguard\n cd /etc/wireguard\n wg genkey | tee sprivatekey | wg pubkey > spublickey\n wg genkey | tee cprivatekey | wg pubkey > cpublickey\n s1=$(cat sprivatekey)\n s2=$(cat spublickey)\n c1=$(cat cprivatekey)\n c2=$(cat cpublickey)\n serverip=$(curl ipv4.icanhazip.com)\n port=$(rand 10000 60000)\n eth=$(ls /sys/class/net| grep ^e | head -n1)\n chmod 777 -R /etc/wireguard\n\ncat > /etc/wireguard/wg0.conf <<-EOF\n[Interface]\nPrivateKey = $s1\nAddress = 10.77.0.1/24 \nPostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE\nPostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE\nListenPort = $port\nDNS = 8.8.8.8\nMTU = 1300\n[Peer]\nPublicKey = $c2\nAllowedIPs = 10.77.0.2/32\nEOF\n\n#cat > /etc/wireguard/client.conf <<-EOF\n#[Interface]\n#PrivateKey = $c1\n#Address = 10.77.0.2/24 \n#DNS = 8.8.8.8\n#MTU = 1420\n#[Peer]\n#PublicKey = $s2\n#Endpoint = $serverip:$port\n#AllowedIPs = 0.0.0.0/0, ::0/0\n#PersistentKeepalive = 25\n#EOF\n #wg-quick up wg0\n udp_install\n systemctl enable wg-quick@wg0\n #content=$(cat /etc/wireguard/client.conf)\n green \"配置文件位置:/etc/wireguard/client.conf\"\n #green \"${content}\" | qrencode -o - -t UTF8\n red \"注意:本次安装必须重启一次, wireguard才能正常使用\"\n read -p \"是否现在重启 ? [Y/n] :\" yn\n [ -z \"${yn}\" ] && yn=\"y\"\n if [[ $yn == [Yy] ]]; then\n echo -e \"VPS 重启中...\"\n reboot\n fi\n}\n\nfunction udp_install(){\n #下载udpspeeder和udp2raw (amd64版)\n mkdir /usr/src/udp\n cd /usr/src/udp\n wget https://github.com/atrandys/wireguard/raw/master/speederv2\n wget https://github.com/atrandys/wireguard/raw/master/udp2raw\n wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh\n chmod +x speederv2 udp2raw run.sh\n \n #启动udpspeeder和udp2raw\n udpport=$(rand 10000 60000)\n password=$(randpwd)\n #nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &\n #nohup ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &\n echo -e \"\\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\\033[0m\"\n read -p \"比如192.168.1.1 :\" ugateway\n\ncat > /etc/wireguard/client.conf <<-EOF\n[Interface]\nPrivateKey = $c1\nPostUp = mshta vbscript:CreateObject(\"WScript.Shell\").Run(\"cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password\",0)(window.close)\nPostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f\nAddress = 10.77.0.2/24 \nDNS = 8.8.8.8\nMTU = 1300\n[Peer]\nPublicKey = $s2\nEndpoint = 127.0.0.1:2090\nAllowedIPs = 0.0.0.0/0, ::0/0\nPersistentKeepalive = 25\nEOF\n\ncat > /etc/wireguard/client_noudp.conf <<-EOF\n[Interface]\nPrivateKey = $c1\nAddress = 10.77.0.2/24 \nDNS = 8.8.8.8\nMTU = 1300\n[Peer]\nPublicKey = $s2\nEndpoint = $serverip:$port\nAllowedIPs = 0.0.0.0/0, ::0/0\nPersistentKeepalive = 25\nEOF\n\ncat > /etc/wireguard/udp.sh <<-EOF\n#!/bin/bash\nnohup usr/src/udp/speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &\nnohup usr/src/udp/udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &\nEOF\n\n chmod +x /etc/wireguard/udp.sh\n\n#增加自启动脚本\ncat > /etc/systemd/system/autoudp.service<<-EOF\n[Unit] \nDescription=autoudp \nAfter=network.target \n \n[Service] \nType=forking\nExecStart=/etc/wireguard/udp.sh\nExecReload=/bin/kill -9 \\$(pidof udp2raw) && /bin/kill -9 \\$(pidof udpspeeder)\nRestart=on-failure\nRestartSec=1s\n \n[Install] \nWantedBy=multi-user.target\nEOF\n\n#设置脚本权限\n chmod +x /etc/systemd/system/autoudp.service\n systemctl enable autoudp.service\n systemctl start autoudp.service\n}\n\nfunction add_user(){\n\n green \"==================================\"\n green \"给新用户起个名字,不能和已有用户重复\"\n green \"==================================\"\n read -p \"请输入用户名:\" newname\n cd /etc/wireguard/\n if [ ! -f \"/etc/wireguard/$newname.conf\" ]; then\n cp client.conf $newname.conf\n wg genkey | tee temprikey | wg pubkey > tempubkey\n ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')\n newnum=$((10#${ipnum}+1))\n sed -i 's%^PrivateKey.*$%'\"PrivateKey = $(cat temprikey)\"'%' $newname.conf\n sed -i 's%^Address.*$%'\"Address = 10.77.0.$newnum\\/24\"'%' $newname.conf\n cat >> /etc/wireguard/wg0.conf <<-EOF\n[Peer]\nPublicKey = $(cat tempubkey)\nAllowedIPs = 10.77.0.$newnum/32\nEOF\n wg set wg0 peer $(cat tempubkey) allowed-ips 10.77.0.$newnum/32\n green \"=============================================\"\n green \"添加完成,文件:/etc/wireguard/$newname.conf\"\n green \"=============================================\"\n rm -f temprikey tempubkey\n else\n red \"======================\"\n red \"用户名已存在,请更换名称\"\n red \"======================\"\n fi\n\n}\n\nfunction remove_wg(){\n check_release\n if [ -d \"/etc/wireguard\" ]; then\n wg-quick down wg0\n if [ \"$RELEASE\" == \"centos\" ]; then\n yum remove -y wireguard-dkms wireguard-tools\n rm -rf /etc/wireguard/\n green \"卸载完成\"\n elif [ \"$RELEASE\" == \"ubuntu\" ]; then\n apt-get remove -y wireguard\n rm -rf /etc/wireguard/\n green \"卸载完成\"\n elif [ \"$RELEASE\" == \"debian\" ]; then\n apt remove -y wireguard\n rm -rf /etc/wireguard/\n green \"卸载完成\"\n else\n red \"系统不符合要求\"\n fi\n else\n red \"未检测到wireguard\"\n fi\n}\n\nfunction start_menu(){\n clear\n green \"===============================================\"\n green \" 介绍: 一键安装wireguard + udpspeeder + udp2raw\"\n green \" 系统: Centos7+/Ubuntu18.04+/Debian9+\"\n green \" 作者: atrandys www.atrandys.com\"\n green \" 提示: 脚本安装过程中会升级内核,请勿生产环境使用\"\n green \"===============================================\"\n green \"1. 安装wireguard + udpspeeder + udp2raw\"\n red \"2. 删除wireguard\"\n green \"3. 增加用户\"\n red \"0. 退出\"\n echo\n read -p \"请选择:\" num\n case \"$num\" in\n 1)\n check_selinux\n install_wg\n config_wg\n ;;\n 2)\n remove_wg\n ;;\n 3)\n add_user\n ;;\n 0)\n exit 1\n ;;\n *)\n clear\n red \"Please enter the correct number!\"\n sleep 1s\n start_menu\n ;;\n esac\n}\n\nstart_menu\n" }, { "path": "wg_mult.sh", "content": "#!/bin/bash\n#wireguard onekey script for centos7+/ubuntu/debian\nfunction blue(){\n echo -e \"\\033[34m\\033[01m$1\\033[0m\"\n}\nfunction green(){\n echo -e \"\\033[32m\\033[01m$1\\033[0m\"\n}\nfunction red(){\n echo -e \"\\033[31m\\033[01m$1\\033[0m\"\n}\n\nfunction rand(){\n min=$1\n max=$(($2-$min+1))\n num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')\n echo $(($num%$max+$min)) \n}\n\nfunction version_lt(){\n test \"$(echo \"$@\" | tr \" \" \"\\n\" | sort -rV | head -n 1)\" != \"$1\"; \n}\n\nfunction check_selinux(){\n\n CHECK=$(grep SELINUX= /etc/selinux/config | grep -v \"#\")\n if [ \"$CHECK\" == \"SELINUX=enforcing\" ]; then\n red \"============\"\n red \"关闭SELinux\"\n red \"============\"\n sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config\n setenforce 0\n fi\n if [ \"$CHECK\" == \"SELINUX=permissive\" ]; then\n red \"============\"\n red \"关闭SELinux\"\n red \"============\"\n sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config\n setenforce 0\n fi\n}\n\nfunction check_release(){\n\n source /etc/os-release\n RELEASE=$ID\n VERSION=$VERSION_ID\n\n}\n\nfunction install_tools(){\n if [ \"$RELEASE\" == \"centos\" ]; then\n $1 install -y qrencode iptables-services\n systemctl enable iptables \n systemctl start iptables \n iptables -F\n\tservice iptables save\n else\n $1 install -y qrencode iptables\n fi\n echo 1 > /proc/sys/net/ipv4/ip_forward\n echo \"net.ipv4.ip_forward = 1\" >> /etc/sysctl.conf\n sysctl -p\n\n}\n\nfunction install_wg(){\n check_release\n if [ \"$RELEASE\" == \"centos\" ] && [ \"$VERSION\" == \"7\" ]; then\n yum install -y yum-utils epel-release\n yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save\n sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel\n yum install -y kernel-plus wireguard-tools\n\tsed -i \"s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/\" /etc/default/grub\n grub2-mkconfig -o /boot/grub2/grub.cfg\n systemctl stop firewalld\n systemctl disable firewalld\n install_tools \"yum\"\n elif [ \"$RELEASE\" == \"centos\" ] && [ \"$VERSION\" == \"8\" ]; then\n yum install -y yum-utils epel-release\n yum-config-manager --setopt=centosplus.includepkgs=\"kernel-plus, kernel-plus-*\" --setopt=centosplus.enabled=1 --save\n sed -e 's/^DEFAULTKERNEL=kernel-core$/DEFAULTKERNEL=kernel-plus-core/' -i /etc/sysconfig/kernel\n yum install -y kernel-plus wireguard-tools\n\tsed -i \"s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/\" /etc/default/grub\n grub2-mkconfig -o /boot/grub2/grub.cfg\n systemctl stop firewalld\n systemctl disable firewalld\n install_tools \"yum\"\n elif [ \"$RELEASE\" == \"ubuntu\" ]; then\n if [ \"$VERSION\" == \"12.04\" ] || [ \"$VERSION\" == \"16.04\" ]; then\n\t red \"==================\"\n red \"$RELEASE $VERSION系统暂未支持\"\n red \"==================\"\n\t exit\n\tfi\n systemctl stop ufw\n systemctl disable ufw\n\tapt-get install -y wget\n\twget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb\n\twget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815_5.8.15-050815.202010141131_all.deb\n\twget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-image-unsigned-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb\n\twget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-modules-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb\n\tdpkg -i *.deb\n\tapt-get -y update\n #apt-get install -y software-properties-common\n apt-get install -y openresolv\n #add-apt-repository -y ppa:wireguard/wireguard\n apt-get install -y wireguard\n install_tools \"apt-get\"\n elif [ \"$RELEASE\" == \"debian\" ]; then\n echo \"deb http://deb.debian.org/debian buster-backports main\" >> /etc/apt/sources.list\n #printf 'Package: *\\nPin: release a=unstable\\nPin-Priority: 90\\n' > /etc/apt/preferences.d/limit-unstable\n apt update\n\tapt install -y linux-image-5.8.0-0.bpo.2-cloud-amd64\n\tapt install -y wireguard openresolv\n\t#apt update\n #apt install -y wireguard\n install_tools \"apt\"\n else\n red \"==================\"\n red \"$RELEASE $VERSION系统暂未支持\"\n red \"==================\"\n fi\n}\n\nfunction config_wg(){\n\n mkdir /etc/wireguard\n cd /etc/wireguard\n wg genkey | tee sprivatekey | wg pubkey > spublickey\n wg genkey | tee cprivatekey | wg pubkey > cpublickey\n s1=$(cat sprivatekey)\n s2=$(cat spublickey)\n c1=$(cat cprivatekey)\n c2=$(cat cpublickey)\n serverip=$(curl ipv4.icanhazip.com)\n port=$(rand 10000 60000)\n eth=$(ls /sys/class/net| grep ^e | head -n1)\n chmod 777 -R /etc/wireguard\n\ncat > /etc/wireguard/wg0.conf <<-EOF\n[Interface]\nPrivateKey = $s1\nAddress = 10.77.0.1/24 \nPostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE\nPostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE\nListenPort = $port\nDNS = 8.8.8.8\nMTU = 1420\n[Peer]\nPublicKey = $c2\nAllowedIPs = 10.77.0.2/32\nEOF\n\ncat > /etc/wireguard/client.conf <<-EOF\n[Interface]\nPrivateKey = $c1\nAddress = 10.77.0.2/24 \nDNS = 8.8.8.8\nMTU = 1420\n[Peer]\nPublicKey = $s2\nEndpoint = $serverip:$port\nAllowedIPs = 0.0.0.0/0, ::0/0\nPersistentKeepalive = 25\nEOF\n #wg-quick up wg0\n systemctl enable wg-quick@wg0\n content=$(cat /etc/wireguard/client.conf)\n green \"电脑端请下载/etc/wireguard/client.conf文件,手机端可直接使用软件扫码\"\n green \"${content}\" | qrencode -o - -t UTF8\n red \"注意:本次安装必须重启一次, wireguard才能正常使用\"\n read -p \"是否现在重启 ? [Y/n] :\" yn\n [ -z \"${yn}\" ] && yn=\"y\"\n if [[ $yn == [Yy] ]]; then\n echo -e \"VPS 重启中...\"\n reboot\n fi\n}\n\nfunction add_user(){\n\n green \"==================================\"\n green \"给新用户起个名字,不能和已有用户重复\"\n green \"==================================\"\n read -p \"请输入用户名:\" newname\n cd /etc/wireguard/\n if [ ! -f \"/etc/wireguard/$newname.conf\" ]; then\n cp client.conf $newname.conf\n wg genkey | tee temprikey | wg pubkey > tempubkey\n ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')\n newnum=$((10#${ipnum}+1))\n sed -i 's%^PrivateKey.*$%'\"PrivateKey = $(cat temprikey)\"'%' $newname.conf\n sed -i 's%^Address.*$%'\"Address = 10.77.0.$newnum\\/24\"'%' $newname.conf\n cat >> /etc/wireguard/wg0.conf <<-EOF\n[Peer]\nPublicKey = $(cat tempubkey)\nAllowedIPs = 10.77.0.$newnum/32\nEOF\n wg set wg0 peer $(cat tempubkey) allowed-ips 10.77.0.$newnum/32\n green \"=============================================\"\n green \"添加完成,文件:/etc/wireguard/$newname.conf\"\n green \"=============================================\"\n rm -f temprikey tempubkey\n else\n red \"======================\"\n red \"用户名已存在,请更换名称\"\n red \"======================\"\n fi\n\n}\n\nfunction remove_wg(){\n check_release\n if [ -d \"/etc/wireguard\" ]; then\n wg-quick down wg0\n if [ \"$RELEASE\" == \"centos\" ]; then\n yum remove -y wireguard-dkms wireguard-tools\n rm -rf /etc/wireguard/\n green \"卸载完成\"\n elif [ \"$RELEASE\" == \"ubuntu\" ]; then\n apt-get remove -y wireguard\n rm -rf /etc/wireguard/\n green \"卸载完成\"\n elif [ \"$RELEASE\" == \"debian\" ]; then\n apt remove -y wireguard\n rm -rf /etc/wireguard/\n green \"卸载完成\"\n else\n red \"系统不符合要求\"\n fi\n else\n red \"未检测到wireguard\"\n fi\n}\n\nfunction start_menu(){\n clear\n green \"===============================================\"\n green \" 介绍: 一键安装wireguard, 增加wireguard多用户\"\n green \" 系统: Centos7+/Ubuntu18.04+/Debian9+\"\n green \" 作者: atrandys www.atrandys.com\"\n green \" 提示: 脚本安装过程中会升级内核,请勿生产环境使用\"\n green \"===============================================\"\n green \"1. 安装wireguard\"\n red \"2. 删除wireguard\"\n green \"3. 显示默认用户二维码\"\n green \"4. 增加用户\"\n red \"0. 退出\"\n echo\n read -p \"请选择:\" num\n case \"$num\" in\n 1)\n check_selinux\n install_wg\n config_wg\n ;;\n 2)\n remove_wg\n ;;\n 3)\n content=$(cat /etc/wireguard/client.conf)\n echo \"${content}\" | qrencode -o - -t UTF8\n ;;\n 4)\n add_user\n ;;\n 0)\n exit 1\n ;;\n *)\n clear\n red \"Please enter the correct number!\"\n sleep 1s\n start_menu\n ;;\n esac\n}\n\nstart_menu\n" }, { "path": "wg_mult.sh.bak", "content": "#!/bin/bash\n#wireguard onekey script for centos7+/ubuntu/debian\nfunction blue(){\n echo -e \"\\033[34m\\033[01m$1\\033[0m\"\n}\nfunction green(){\n echo -e \"\\033[32m\\033[01m$1\\033[0m\"\n}\nfunction red(){\n echo -e \"\\033[31m\\033[01m$1\\033[0m\"\n}\n\nfunction rand(){\n min=$1\n max=$(($2-$min+1))\n num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')\n echo $(($num%$max+$min)) \n}\n\nfunction check_selinux(){\n\n CHECK=$(grep SELINUX= /etc/selinux/config | grep -v \"#\")\n if [ \"$CHECK\" == \"SELINUX=enforcing\" ]; then\n red \"=======================================================================\"\n red \"检测到SELinux为开启状态,为防止wireguard连接失败,请先重启VPS后,再执行本脚本\"\n red \"=======================================================================\"\n read -p \"是否现在重启 ?请输入 [Y/n] :\" yn\n\t [ -z \"${yn}\" ] && yn=\"y\"\n\t if [[ $yn == [Yy] ]]; then\n \t sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config\n setenforce 0\n\t echo -e \"VPS 重启中...\"\n\t reboot\n\t fi\n exit\n fi\n if [ \"$CHECK\" == \"SELINUX=permissive\" ]; then\n red \"=======================================================================\"\n red \"检测到SELinux为宽容状态,为防止wireguard连接失败,请先重启VPS后,再执行本脚本\"\n red \"=======================================================================\"\n read -p \"是否现在重启 ?请输入 [Y/n] :\" yn\n\t [ -z \"${yn}\" ] && yn=\"y\"\n\t if [[ $yn == [Yy] ]]; then\n\t sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config\n setenforce 0\n\t echo -e \"VPS 重启中...\"\n\t reboot\n\t fi\n exit\n fi\n}\n\nfunction check_release(){\n\n source /etc/os-release\n RELEASE=$ID\n VERSION=$VERSION_ID\n\n}\n\n\nfunction install_wg(){\n check_release\n if [ \"$RELEASE\" == \"centos\" ] && [ \"$VERSION\" == \"7\" ]; then\n yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm\n\tyum install -y \"kernel-devel-uname-r == $(uname -r)\"\n curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo\n yum install -y wireguard-dkms wireguard-tools qrencode iptables-services\n\tsystemctl stop firewalld\n systemctl disable firewalld\n systemctl enable iptables \n systemctl start iptables \n\tiptables -P INPUT ACCEPT\n \tiptables -P OUTPUT ACCEPT\n iptables -P FORWARD ACCEPT\n \tiptables -F\n service iptables save\n \tservice iptables restart\n echo 1 > /proc/sys/net/ipv4/ip_forward\n echo \"net.ipv4.ip_forward = 1\" >> /etc/sysctl.conf\n sysctl -p\n elif [ \"$RELEASE\" == \"centos\" ] && [ \"$VERSION\" == \"8\" ]; then\n yum install -y epel-release\n\tyum install -y \"kernel-devel-uname-r == $(uname -r)\"\n yum config-manager --set-enabled PowerTools\n yum copr enable -y jdoss/wireguard\n yum install -y wireguard-dkms wireguard-tools qrencode iptables-services\n\tsystemctl stop firewalld\n systemctl disable firewalld\n\tsystemctl enable iptables \n systemctl start iptables\n\tiptables -P INPUT ACCEPT\n \tiptables -P OUTPUT ACCEPT\n iptables -P FORWARD ACCEPT\n \tiptables -F\n service iptables save\n \tservice iptables restart\n echo 1 > /proc/sys/net/ipv4/ip_forward\n echo \"net.ipv4.ip_forward = 1\" >> /etc/sysctl.conf\n sysctl -p\n elif [ \"$RELEASE\" == \"ubuntu\" ] && [ \"$VERSION\" == \"19.04\" ]; then\n \tred \"===================\"\n red \"暂未支持ubuntu19.04系统\"\n red \"===================\"\n elif [ \"$RELEASE\" == \"ubuntu\" ] && [ \"$VERSION\" == \"19.10\" ]; then \n \tred \"===================\"\n red \"暂未支持ubuntu19.10系统\"\n red \"===================\"\n elif [ \"$RELEASE\" == \"ubuntu\" ] && [ \"$VERSION\" == \"16.04\" ]; then\n systemctl stop ufw\n systemctl disable ufw\n apt-get -y update \n\tadd-apt-repository -y ppa:wireguard/wireguard\n apt-get update\n apt-get install -y wireguard qrencode iptables\n\tsystemctl enable iptables \n systemctl start iptables \n\techo 1 > /proc/sys/net/ipv4/ip_forward\n echo \"net.ipv4.ip_forward = 1\" >> /etc/sysctl.conf\n sysctl -p\n elif [ \"$RELEASE\" == \"ubuntu\" ] && [ \"$VERSION\" == \"18.04\" ]; then\n systemctl stop ufw\n systemctl disable ufw\n apt-get -y update \n\tapt-get install -y software-properties-common\n apt-get install -y openresolv\n\tadd-apt-repository -y ppa:wireguard/wireguard\n apt-get -y update\n apt-get install -y wireguard qrencode iptables\n\tsystemctl enable iptables \n systemctl start iptables \n\techo 1 > /proc/sys/net/ipv4/ip_forward\n echo \"net.ipv4.ip_forward = 1\" >> /etc/sysctl.conf\n sysctl -p\n elif [ \"$RELEASE\" == \"debian\" ]; then\n echo \"deb http://deb.debian.org/debian/ unstable main\" > /etc/apt/sources.list.d/unstable.list\n printf 'Package: *\\nPin: release a=unstable\\nPin-Priority: 90\\n' > /etc/apt/preferences.d/limit-unstable\n apt update\n apt install -y wireguard qrencode iptables\n\tsystemctl enable iptables \n systemctl start iptables\n\techo 1 > /proc/sys/net/ipv4/ip_forward\n echo \"net.ipv4.ip_forward = 1\" >> /etc/sysctl.conf\n sysctl -p\n else\n \tred \"=================\"\n red \"您当前系统暂未支持\"\n\tred \"=================\"\n fi\n}\n\nfunction config_wg(){\n\n mkdir /etc/wireguard\n cd /etc/wireguard\n wg genkey | tee sprivatekey | wg pubkey > spublickey\n wg genkey | tee cprivatekey | wg pubkey > cpublickey\n s1=$(cat sprivatekey)\n s2=$(cat spublickey)\n c1=$(cat cprivatekey)\n c2=$(cat cpublickey)\n serverip=$(curl ipv4.icanhazip.com)\n port=$(rand 10000 60000)\n eth=$(ls /sys/class/net| awk 'NR==1&&/^e/{print $1}')\n chmod 777 -R /etc/wireguard\n\ncat > /etc/wireguard/wg0.conf <<-EOF\n[Interface]\nPrivateKey = $s1\nAddress = 10.77.0.1/24 \nPostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE\nPostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE\nListenPort = $port\nDNS = 8.8.8.8\nMTU = 1420\n[Peer]\nPublicKey = $c2\nAllowedIPs = 10.77.0.2/32\nEOF\n\ncat > /etc/wireguard/client.conf <<-EOF\n[Interface]\nPrivateKey = $c1\nAddress = 10.77.0.2/24 \nDNS = 8.8.8.8\nMTU = 1420\n[Peer]\nPublicKey = $s2\nEndpoint = $serverip:$port\nAllowedIPs = 0.0.0.0/0, ::0/0\nPersistentKeepalive = 25\nEOF\n wg-quick up wg0\n systemctl enable wg-quick@wg0\n content=$(cat /etc/wireguard/client.conf)\n green \"电脑端请下载/etc/wireguard/client.conf文件,手机端可直接使用软件扫码\"\n green \"${content}\" | qrencode -o - -t UTF8\n\n}\n\nfunction add_user(){\n\n green \"==================================\"\n green \"给新用户起个名字,不能和已有用户重复\"\n green \"==================================\"\n read -p \"请输入用户名:\" newname\n cd /etc/wireguard/\n if [ ! -f \"/etc/wireguard/$newname.conf\" ]; then\n cp client.conf $newname.conf\n \twg genkey | tee temprikey | wg pubkey > tempubkey\n \tipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')\n \tnewnum=$((10#${ipnum}+1))\n \tsed -i 's%^PrivateKey.*$%'\"PrivateKey = $(cat temprikey)\"'%' $newname.conf\n \tsed -i 's%^Address.*$%'\"Address = 10.77.0.$newnum\\/24\"'%' $newname.conf\n\tcat >> /etc/wireguard/wg0.conf <<-EOF\n[Peer]\nPublicKey = $(cat tempubkey)\nAllowedIPs = 10.77.0.$newnum/32\nEOF\n \twg set wg0 peer $(cat tempubkey) allowed-ips 10.77.0.$newnum/32\n \tgreen \"=============================================\"\n \tgreen \"添加完成,文件:/etc/wireguard/$newname.conf\"\n \tgreen \"=============================================\"\n \trm -f temprikey tempubkey\n else\n \tred \"======================\"\n\tred \"用户名已存在,请更换名称\"\n\tred \"======================\"\n fi\n\n}\n\nfunction remove_wg(){\n check_release\n if [ -d \"/etc/wireguard\" ]; then\n \twg-quick down wg0\n \tif [ \"$RELEASE\" == \"centos\" ]; then\n yum remove -y wireguard-dkms wireguard-tools\n rm -rf /etc/wireguard/\n green \"卸载完成\"\n elif [ \"$RELEASE\" == \"ubuntu\" ]; then\n \t apt-get remove -y wireguard\n\t rm -rf /etc/wireguard/\n green \"卸载完成\"\n elif [ \"$RELEASE\" == \"debian\" ]; then\n \t apt remove -y wireguard\n\t rm -rf /etc/wireguard/\n green \"卸载完成\"\n else\n \t red \"系统不符合要求\"\n fi\n else\n \tred \"未检测到wireguard\"\n fi\n}\n\nfunction start_menu(){\n clear\n green \"==========================================\"\n green \" Info : For Centos7+/Ubuntu16+/Debian9+\"\n green \" Author : A\"\n green \"==========================================\"\n green \"1. Install wireguard\"\n red \"2. Remove wireguard\"\n green \"3. Show client QRcode\"\n green \"4. Add user\"\n red \"0. Exit\"\n echo\n read -p \"Please enter a number:\" num\n case \"$num\" in\n \t1)\n\tcheck_selinux\n\tinstall_wg\n\tconfig_wg\n\t;;\n\t2)\n\tremove_wg\n\t;;\n\t3)\n\tcontent=$(cat /etc/wireguard/client.conf)\n \techo \"${content}\" | qrencode -o - -t UTF8\n\t;;\n\t4)\n\tadd_user\n\t;;\n\t0)\n\texit 1\n\t;;\n\t*)\n\tclear\n\tred \"Please enter the correct number!\"\n\tsleep 1s\n\tstart_menu\n\t;;\n esac\n}\n\nstart_menu\n" }, { "path": "wireguard_game.sh", "content": "#!/bin/bash\n\n#wg+udpspeeder+udp2raw,fec:游戏场景\n\nif [ ! -e '/etc/redhat-release' ]; then\necho -e \"\\033[37;41m仅支持centos7\\033[0m\"\nexit\nfi\nif [ -n \"$(grep ' 6\\.' /etc/redhat-release)\" ] ;then\necho -e \"\\033[37;41m仅支持centos7\\033[0m\"\nexit\nfi\n\n\n\n#更新内核\nupdate_kernel(){\n\n yum -y install epel-release wget curl\n sed -i \"0,/enabled=0/s//enabled=1/\" /etc/yum.repos.d/epel.repo\n yum remove -y kernel-devel\n rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org\n rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm\n yum --disablerepo=\"*\" --enablerepo=\"elrepo-kernel\" list available\n yum -y --enablerepo=elrepo-kernel install kernel-ml\n sed -i \"s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/\" /etc/default/grub\n grub2-mkconfig -o /boot/grub2/grub.cfg\n wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm\n rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm\n yum -y --enablerepo=elrepo-kernel install kernel-ml-devel\n read -p \"需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :\" yn\n\t[ -z \"${yn}\" ] && yn=\"y\"\n\tif [[ $yn == [Yy] ]]; then\n\t\techo -e \"\\033[37;41mVPS 重启中...\\033[0m\"\n\t\treboot\n\tfi\n}\n\n#生成随机端口\nrand(){\n min=$1\n max=$(($2-$min+1))\n num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')\n echo $(($num%$max+$min)) \n}\n\nrandpwd(){\n mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4)\n echo ${mpasswd} \n}\n\nwireguard_update(){\n yum update -y wireguard-dkms wireguard-tools\n echo -e \"\\033[37;41m更新完成\\033[0m\"\n}\n\nwireguard_remove(){\n yum remove -y wireguard-dkms wireguard-tools\n rm -rf /etc/wireguard/\n rm -f /etc/rc.d/init.d/autoudp\n echo -e \"\\033[37;41m卸载完成,建议重启服务器\\033[0m\"\n}\n\nudp_install(){\n #下载udpspeeder和udp2raw (amd64版)\n mkdir /usr/src/udp\n cd /usr/src/udp\n wget https://github.com/atrandys/wireguard/raw/master/speederv2\n wget https://github.com/atrandys/wireguard/raw/master/udp2raw\n wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh\n chmod +x speederv2 udp2raw run.sh\n \n #启动udpspeeder和udp2raw\n udpport=$(rand 10000 60000)\n password=$(randpwd)\n nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &\n nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &\n echo -e \"\\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\\033[0m\"\n read -p \"比如192.168.1.1 :\" ugateway\n\ncat > /etc/wireguard/client/client.conf <<-EOF\n[Interface]\nPrivateKey = $c1\nPostUp = mshta vbscript:CreateObject(\"WScript.Shell\").Run(\"cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password\",0)(window.close)\nPostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f\nAddress = 10.0.0.2/24 \nDNS = 8.8.8.8\nMTU = 1420\n\n[Peer]\nPublicKey = $s2\nEndpoint = 127.0.0.1:2090\nAllowedIPs = 0.0.0.0/0, ::0/0\nPersistentKeepalive = 25\nEOF\n\ncat > /etc/wireguard/client/client_noudp.conf <<-EOF\n[Interface]\nPrivateKey = $c1\nAddress = 10.0.0.2/24 \nDNS = 8.8.8.8\nMTU = 1420\n\n[Peer]\nPublicKey = $s2\nEndpoint = $serverip:$port\nAllowedIPs = 0.0.0.0/0, ::0/0\nPersistentKeepalive = 25\nEOF\n\n#增加自启动脚本\ncat > /etc/rc.d/init.d/autoudp<<-EOF\n#!/bin/sh\n#chkconfig: 2345 80 90\n#description:autoudp\ncd /usr/src/udp\nnohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &\nnohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &\nEOF\n\n#设置脚本权限\n chmod +x /etc/rc.d/init.d/autoudp\n chkconfig --add autoudp\n chkconfig autoudp on\n}\n\n#centos7安装wireguard\nwireguard_install(){\n curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo\n yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel\n yum -y install wireguard-dkms wireguard-tools\n mkdir /etc/wireguard\n mkdir /etc/wireguard/client\n cd /etc/wireguard\n wg genkey | tee sprivatekey | wg pubkey > spublickey\n wg genkey | tee cprivatekey | wg pubkey > cpublickey\n s1=$(cat sprivatekey)\n s2=$(cat spublickey)\n c1=$(cat cprivatekey)\n c2=$(cat cpublickey)\n serverip=$(curl ipv4.icanhazip.com)\n port=$(rand 10000 60000)\n eth=$(ls /sys/class/net | awk '/^e/{print}')\n chmod 777 -R /etc/wireguard\n systemctl stop firewalld\n systemctl disable firewalld\n yum install -y iptables-services \n systemctl enable iptables \n systemctl start iptables \n iptables -P INPUT ACCEPT\n iptables -P OUTPUT ACCEPT\n iptables -P FORWARD ACCEPT\n iptables -F\n service iptables save\n service iptables restart\n echo 1 > /proc/sys/net/ipv4/ip_forward\n echo \"net.ipv4.ip_forward = 1\" >> /etc/sysctl.conf\n sysctl -p\t\ncat > /etc/wireguard/wg0.conf <<-EOF\n[Interface]\nPrivateKey = $s1\nAddress = 10.0.0.1/24 \nPostUp = echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE\nPostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE\nListenPort = $port\nDNS = 8.8.8.8\nMTU = 1420\n\n[Peer]\nPublicKey = $c2\nAllowedIPs = 10.0.0.2/32\nEOF\n\n udp_install\n wg-quick up wg0\n systemctl enable wg-quick@wg0\n echo -e \"\\033[37;41m安装完毕,客户端配置文件:/etc/wireguard/client/client.conf\\033[0m\"\n}\n\nadd_user(){\n echo -e \"\\033[37;41m给新用户起个名字,不能和已有用户重复\\033[0m\"\n read -p \"请输入用户名:\" newname\n cd /etc/wireguard/client\n cp client.conf $newname.conf\n wg genkey | tee temprikey | wg pubkey > tempubkey\n ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')\n newnum=$((10#${ipnum}+1))\n sed -i 's%^PrivateKey.*$%'\"PrivateKey = $(cat temprikey)\"'%' $newname.conf\n sed -i 's%^Address.*$%'\"Address = 10.0.0.$newnum\\/24\"'%' $newname.conf\n\ncat >> /etc/wireguard/wg0.conf <<-EOF\n\n[Peer]\nPublicKey = $(cat tempubkey)\nAllowedIPs = 10.0.0.$newnum/32\nEOF\n wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32\n echo -e \"\\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\\033[0m\"\n rm -f temprikey tempubkey\n}\n\n#开始菜单\nstart_menu(){\n clear\n echo -e \"\\033[43;42m ====================================\\033[0m\"\n echo -e \"\\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \\033[0m\"\n echo -e \"\\033[43;42m 系统:CentOS7 \\033[0m\"\n echo -e \"\\033[43;42m 作者:A \\033[0m\"\n echo -e \"\\033[43;42m ====================================\\033[0m\"\n echo\n echo -e \"\\033[0;33m 1. 升级系统内核(必需)\\033[0m\"\n echo -e \"\\033[0;33m 2. 安装wireguard+udpspeeder+udp2raw\\033[0m\"\n echo \" 3. 升级wireguard\"\n echo \" 4. 卸载wireguard\"\n echo -e \"\\033[37;41m 5. 增加用户\\033[0m\"\n echo \" 0. 退出脚本\"\n echo\n read -p \"请输入数字:\" num\n case \"$num\" in\n 1)\n update_kernel\n ;;\n 2)\n wireguard_install\n ;;\n 3)\n wireguard_update\n ;;\n 4)\n wireguard_remove\n ;;\n 5)\n add_user\n ;;\n 0)\n exit 1\n ;;\n *)\n clear\n echo -e \"请输入正确数字\"\n sleep 2s\n start_menu\n ;;\n esac\n}\n\nstart_menu\n\n\n\n" }, { "path": "wireguard_game_ubuntu.sh", "content": "#!/bin/bash\n\nrand(){\n min=$1\n max=$(($2-$min+1))\n num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')\n echo $(($num%$max+$min)) \n}\n\nrandpwd(){\n mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4)\n echo ${mpasswd} \n}\n\nwireguard_install(){\n version=$(cat /etc/os-release | awk -F '[\".]' '$1==\"VERSION=\"{print $2}')\n if [ $version == 18 ]\n then\n sudo apt-get update -y\n sudo apt-get install -y software-properties-common\n sudo apt-get install -y openresolv\n else\n sudo apt-get update -y\n sudo apt-get install -y software-properties-common\n fi\n sudo add-apt-repository -y ppa:wireguard/wireguard\n sudo apt-get update -y\n sudo apt-get install -y wireguard curl\n\n sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf\n sysctl -p\n echo \"1\"> /proc/sys/net/ipv4/ip_forward\n \n mkdir /etc/wireguard\n cd /etc/wireguard\n wg genkey | tee sprivatekey | wg pubkey > spublickey\n wg genkey | tee cprivatekey | wg pubkey > cpublickey\n s1=$(cat sprivatekey)\n s2=$(cat spublickey)\n c1=$(cat cprivatekey)\n c2=$(cat cpublickey)\n serverip=$(curl ipv4.icanhazip.com)\n port=$(rand 10000 60000)\n eth=$(ls /sys/class/net | awk '/^e/{print}')\n\nsudo cat > /etc/wireguard/wg0.conf <<-EOF\n[Interface]\nPrivateKey = $s1\nAddress = 10.0.0.1/24 \nPostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE\nPostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE\nListenPort = $port\nDNS = 8.8.8.8\nMTU = 1420\n\n[Peer]\nPublicKey = $c2\nAllowedIPs = 10.0.0.2/32\nEOF\n\nsudo cat > /etc/init.d/wgstart <<-EOF\n#! /bin/bash\n### BEGIN INIT INFO\n# Provides:\t\twgstart\n# Required-Start:\t$remote_fs $syslog\n# Required-Stop: $remote_fs $syslog\n# Default-Start:\t2 3 4 5\n# Default-Stop:\t\t0 1 6\n# Short-Description:\twgstart\n### END INIT INFO\n\nsudo wg-quick up wg0\nEOF\n\n\n\n sudo chmod 755 /etc/init.d/wgstart\n cd /etc/init.d\n if [ $version == 14 ]\n then\n sudo update-rc.d wgstart defaults 90\n else\n sudo update-rc.d wgstart defaults\n fi\n \n udp_install\n sudo wg-quick up wg0\n}\n\nudp_install(){\n #下载udpspeeder和udp2raw (amd64版)\n mkdir /usr/src/udp\n mkdir /etc/wireguard/client\n cd /usr/src/udp\n wget https://github.com/atrandys/wireguard/raw/master/speederv2\n wget https://github.com/atrandys/wireguard/raw/master/udp2raw\n wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh\n chmod +x speederv2 udp2raw run.sh\n \n #启动udpspeeder和udp2raw\n udpport=$(rand 10000 60000)\n password=$(randpwd)\n nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &\n nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &\n echo -e \"\\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\\033[0m\"\n read -p \"比如192.168.1.1 :\" ugateway\n\ncat > /etc/wireguard/client/client.conf <<-EOF\n[Interface]\nPrivateKey = $c1\nPostUp = mshta vbscript:CreateObject(\"WScript.Shell\").Run(\"cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password\",0)(window.close)\nPostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f\nAddress = 10.0.0.2/24 \nDNS = 8.8.8.8\nMTU = 1420\n\n[Peer]\nPublicKey = $s2\nEndpoint = 127.0.0.1:2090\nAllowedIPs = 0.0.0.0/0, ::0/0\nPersistentKeepalive = 25\nEOF\n\ncat > /etc/wireguard/client/client_noudp.conf <<-EOF\n[Interface]\nPrivateKey = $c1\nAddress = 10.0.0.2/24 \nDNS = 8.8.8.8\nMTU = 1420\n[Peer]\nPublicKey = $s2\nEndpoint = $serverip:$port\nAllowedIPs = 0.0.0.0/0, ::0/0\nPersistentKeepalive = 25\nEOF\n\n\n#增加自启动脚本\ncat > /etc/init.d/autoudp<<-EOF\n#! /bin/sh\n### BEGIN INIT INFO\n# Provides:\t\tautoudp\n# Required-Start: $remote_fs $syslog\n# Required-Stop: $remote_fs $syslog\n# Default-Start:\t2 3 4 5\n# Default-Stop:\t\t0 1 6\n# Short-Description:\tautoudp\n### END INIT INFO\n\ncd /usr/src/udp\nnohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 &\nnohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 &\nEOF\n\n\n\n#设置脚本权限\n sudo chmod 755 /etc/init.d/autoudp\n cd /etc/init.d\n if [ $version == 14 ]\n then\n sudo update-rc.d autoudp defaults 90\n else\n sudo update-rc.d autoudp defaults\n fi\n}\n\nwireguard_remove(){\n\n sudo wg-quick down wg0\n sudo apt-get remove -y wireguard\n sudo rm -rf /etc/wireguard\n sudo rm -f /etc/init.d/wgstart\n sudo rm -f /etc/init.d/autoudp\n echo -e \"\\033[37;41m卸载完成,建议重启服务器\\033[0m\"\n\n}\n\nadd_user(){\n echo -e \"\\033[37;41m给新用户起个名字,不能和已有用户重复\\033[0m\"\n read -p \"请输入用户名:\" newname\n cd /etc/wireguard/client\n cp client.conf $newname.conf\n wg genkey | tee temprikey | wg pubkey > tempubkey\n ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')\n newnum=$((10#${ipnum}+1))\n sed -i 's%^PrivateKey.*$%'\"PrivateKey = $(cat temprikey)\"'%' $newname.conf\n sed -i 's%^Address.*$%'\"Address = 10.0.0.$newnum\\/24\"'%' $newname.conf\n\ncat >> /etc/wireguard/wg0.conf <<-EOF\n\n[Peer]\nPublicKey = $(cat tempubkey)\nAllowedIPs = 10.0.0.$newnum/32\nEOF\n wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32\n echo -e \"\\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\\033[0m\"\n rm -f temprikey tempubkey\n}\n\n#开始菜单\nstart_menu(){\n clear\n echo -e \"\\033[43;42m ====================================\\033[0m\"\n echo -e \"\\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \\033[0m\"\n echo -e \"\\033[43;42m 系统:Ubuntu \\033[0m\"\n echo -e \"\\033[43;42m 作者:A \\033[0m\"\n echo -e \"\\033[43;42m ====================================\\033[0m\"\n echo\n echo -e \"\\033[0;33m 1. 安装wireguard+udpspeeder+udp2raw\\033[0m\"\n echo -e \"\\033[0;31m 2. 删除wireguard+udpspeeder+udp2raw\\033[0m\"\n echo -e \"\\033[37;41m 3. 增加用户\\033[0m\"\n echo -e \" 0. 退出脚本\"\n echo\n read -p \"请输入数字:\" num\n case \"$num\" in\n 1)\n wireguard_install\n ;;\n 2)\n wireguard_remove\n ;;\n 3)\n add_user\n ;;\n 0)\n exit 1\n ;;\n *)\n clear\n echo -e \"请输入正确数字\"\n sleep 2s\n start_menu\n ;;\n esac\n}\n\nstart_menu\n\n\n\n\n\n\n" }, { "path": "wireguard_install.sh", "content": "#!/bin/bash\n\n#判断系统\nif [ ! -e '/etc/redhat-release' ]; then\necho \"仅支持centos7\"\nexit\nfi\nif [ -n \"$(grep ' 6\\.' /etc/redhat-release)\" ] ;then\necho \"仅支持centos7\"\nexit\nfi\n\n\n\n#更新内核\nupdate_kernel(){\n\n yum -y install epel-release curl\n sed -i \"0,/enabled=0/s//enabled=1/\" /etc/yum.repos.d/epel.repo\n yum remove -y kernel-devel\n rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org\n rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm\n yum --disablerepo=\"*\" --enablerepo=\"elrepo-kernel\" list available\n yum -y --enablerepo=elrepo-kernel install kernel-ml\n sed -i \"s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/\" /etc/default/grub\n grub2-mkconfig -o /boot/grub2/grub.cfg\n wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm\n rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm\n yum -y --enablerepo=elrepo-kernel install kernel-ml-devel\n read -p \"需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :\" yn\n\t[ -z \"${yn}\" ] && yn=\"y\"\n\tif [[ $yn == [Yy] ]]; then\n\t\techo -e \"VPS 重启中...\"\n\t\treboot\n\tfi\n}\n\n#生成随机端口\nrand(){\n min=$1\n max=$(($2-$min+1))\n num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')\n echo $(($num%$max+$min)) \n}\n\nwireguard_update(){\n yum update -y wireguard-dkms wireguard-tools\n echo \"更新完成\"\n}\n\nwireguard_remove(){\n wg-quick down wg0\n yum remove -y wireguard-dkms wireguard-tools\n rm -rf /etc/wireguard/\n echo \"卸载完成\"\n}\n\nconfig_client(){\ncat > /etc/wireguard/client.conf <<-EOF\n[Interface]\nPrivateKey = $c1\nAddress = 10.77.77.2/32\nDNS = 8.8.8.8\nMTU = 1420\n\n[Peer]\nPublicKey = $s2\nEndpoint = $serverip:$port\nAllowedIPs = 0.0.0.0/0, ::0/0\nPersistentKeepalive = 25\nEOF\n\n}\n\n#centos7安装wireguard\nwireguard_install(){\n curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo\n yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel\n yum -y install wireguard-dkms wireguard-tools\n yum -y install qrencode\n mkdir /etc/wireguard\n cd /etc/wireguard\n wg genkey | tee sprivatekey | wg pubkey > spublickey\n wg genkey | tee cprivatekey | wg pubkey > cpublickey\n s1=$(cat sprivatekey)\n s2=$(cat spublickey)\n c1=$(cat cprivatekey)\n c2=$(cat cpublickey)\n serverip=$(curl ipv4.icanhazip.com)\n port=$(rand 10000 60000)\n eth=$(ls /sys/class/net | grep e | head -1)\n chmod 777 -R /etc/wireguard\n systemctl stop firewalld\n systemctl disable firewalld\n yum install -y iptables-services \n systemctl enable iptables \n systemctl start iptables \n iptables -P INPUT ACCEPT\n iptables -P OUTPUT ACCEPT\n iptables -P FORWARD ACCEPT\n iptables -F\n service iptables save\n service iptables restart\n echo 1 > /proc/sys/net/ipv4/ip_forward\n echo \"net.ipv4.ip_forward = 1\" >> /etc/sysctl.conf\n sysctl -p\ncat > /etc/wireguard/wg0.conf <<-EOF\n[Interface]\nPrivateKey = $s1\nAddress = 10.77.0.1/16 \nPostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -I FORWARD -s 10.77.77.1/24 -d 10.77.77.1/24 -j DROP; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE\nPostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -D FORWARD -s 10.77.77.1/24 -d 10.77.77.1/24 -j DROP; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE\nListenPort = $port\nDNS = 8.8.8.8\nMTU = 1420\n\n[Peer]\nPublicKey = $c2\nAllowedIPs = 10.77.77.2/32\nEOF\n\n config_client\n wg-quick up wg0\n systemctl enable wg-quick@wg0\n content=$(cat /etc/wireguard/client.conf)\n echo \"电脑端请下载client.conf,手机端可直接使用软件扫码\"\n echo \"${content}\" | qrencode -o - -t UTF8\n}\nadd_user(){\n echo -e \"\\033[37;41m给新用户起个名字,不能和已有用户重复\\033[0m\"\n read -p \"请输入用户名:\" newname\n cd /etc/wireguard/\n cp client.conf $newname.conf\n wg genkey | tee temprikey | wg pubkey > tempubkey\n ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')\n newnum=$((10#${ipnum}+1))\n sed -i 's%^PrivateKey.*$%'\"PrivateKey = $(cat temprikey)\"'%' $newname.conf\n sed -i 's%^Address.*$%'\"Address = 10.77.77.$newnum\\/32\"'%' $newname.conf\n\ncat >> /etc/wireguard/wg0.conf <<-EOF\n[Peer]\nPublicKey = $(cat tempubkey)\nAllowedIPs = 10.77.77.$newnum/32\nEOF\n wg set wg0 peer $(cat tempubkey) allowed-ips 10.77.77.$newnum/32\n echo -e \"\\033[37;41m添加完成,文件:/etc/wireguard/$newname.conf\\033[0m\"\n rm -f temprikey tempubkey\n}\n#开始菜单\nstart_menu(){\n clear\n echo \"=========================\"\n echo \" 介绍:适用于CentOS7\"\n echo \" 作者:A\"\n echo \"=========================\"\n echo \"1. 升级系统内核\"\n echo \"2. 安装wireguard\"\n echo \"3. 升级wireguard\"\n echo \"4. 卸载wireguard\"\n echo \"5. 显示客户端二维码\"\n echo \"6. 增加用户\"\n echo \"0. 退出脚本\"\n echo\n read -p \"请输入数字:\" num\n case \"$num\" in\n \t1)\n\tupdate_kernel\n\t;;\n\t2)\n\twireguard_install\n\t;;\n\t3)\n\twireguard_update\n\t;;\n\t4)\n\twireguard_remove\n\t;;\n\t5)\n\tcontent=$(cat /etc/wireguard/client.conf)\n \techo \"${content}\" | qrencode -o - -t UTF8\n\t;;\n\t6)\n\tadd_user\n\t;;\n\t0)\n\texit 1\n\t;;\n\t*)\n\tclear\n\techo \"请输入正确数字\"\n\tsleep 5s\n\tstart_menu\n\t;;\n esac\n}\n\nstart_menu\n\n\n\n" }, { "path": "wireguard_install_ubuntu.sh", "content": "#!/bin/bash\n\nrand(){\n min=$1\n max=$(($2-$min+1))\n num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')\n echo $(($num%$max+$min)) \n}\n\nwireguard_install(){\n version=$(cat /etc/os-release | awk -F '[\".]' '$1==\"VERSION=\"{print $2}')\n if [ $version == 18 ]; then\n sudo apt-get update -y\n sudo apt-get install -y software-properties-common\n sudo apt-get install -y openresolv\n #else\n # sudo apt-get update -y\n # sudo apt-get install -y software-properties-common\n fi\n sudo add-apt-repository -y ppa:wireguard/wireguard\n sudo apt-get update -y\n sudo apt-get install -y wireguard curl\n\n sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf\n sysctl -p\n echo \"1\"> /proc/sys/net/ipv4/ip_forward\n \n mkdir /etc/wireguard\n cd /etc/wireguard\n wg genkey | tee sprivatekey | wg pubkey > spublickey\n wg genkey | tee cprivatekey | wg pubkey > cpublickey\n s1=$(cat sprivatekey)\n s2=$(cat spublickey)\n c1=$(cat cprivatekey)\n c2=$(cat cpublickey)\n serverip=$(curl ipv4.icanhazip.com)\n port=$(rand 10000 60000)\n eth=$(ls /sys/class/net | awk '/^e/{print}')\n\nsudo cat > /etc/wireguard/wg0.conf <<-EOF\n[Interface]\nPrivateKey = $s1\nAddress = 10.0.0.1/24 \nPostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE\nPostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE\nListenPort = $port\nDNS = 8.8.8.8\nMTU = 1420\n\n[Peer]\nPublicKey = $c2\nAllowedIPs = 10.0.0.2/32\nEOF\n\n\nsudo cat > /etc/wireguard/client.conf <<-EOF\n[Interface]\nPrivateKey = $c1\nAddress = 10.0.0.2/24 \nDNS = 8.8.8.8\nMTU = 1420\n\n[Peer]\nPublicKey = $s2\nEndpoint = $serverip:$port\nAllowedIPs = 0.0.0.0/0, ::0/0\nPersistentKeepalive = 25\nEOF\n\n sudo apt-get install -y qrencode\n\nsudo cat > /etc/init.d/wgstart <<-EOF\n#! /bin/bash\n### BEGIN INIT INFO\n# Provides:\t\twgstart\n# Required-Start:\t$remote_fs $syslog\n# Required-Stop: $remote_fs $syslog\n# Default-Start:\t2 3 4 5\n# Default-Stop:\t\t0 1 6\n# Short-Description:\twgstart\n### END INIT INFO\nsudo wg-quick up wg0\nEOF\n\n sudo chmod +x /etc/init.d/wgstart\n cd /etc/init.d\n if [ $version == 14 ]\n then\n sudo update-rc.d wgstart defaults 90\n else\n sudo update-rc.d wgstart defaults\n fi\n \n sudo wg-quick up wg0\n \n content=$(cat /etc/wireguard/client.conf)\n echo -e \"\\033[43;42m电脑端请下载/etc/wireguard/client.conf,手机端可直接使用软件扫码\\033[0m\"\n echo \"${content}\" | qrencode -o - -t UTF8\n}\n\nwireguard_remove(){\n\n sudo wg-quick down wg0\n sudo apt-get remove -y wireguard\n sudo rm -rf /etc/wireguard\n\n}\n\nadd_user(){\n echo -e \"\\033[37;41m给新用户起个名字,不能和已有用户重复\\033[0m\"\n read -p \"请输入用户名:\" newname\n cd /etc/wireguard/\n cp client.conf $newname.conf\n wg genkey | tee temprikey | wg pubkey > tempubkey\n ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')\n newnum=$((10#${ipnum}+1))\n sed -i 's%^PrivateKey.*$%'\"PrivateKey = $(cat temprikey)\"'%' $newname.conf\n sed -i 's%^Address.*$%'\"Address = 10.0.0.$newnum\\/24\"'%' $newname.conf\n\ncat >> /etc/wireguard/wg0.conf <<-EOF\n[Peer]\nPublicKey = $(cat tempubkey)\nAllowedIPs = 10.0.0.$newnum/32\nEOF\n wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32\n echo -e \"\\033[37;41m添加完成,文件:/etc/wireguard/$newname.conf\\033[0m\"\n rm -f temprikey tempubkey\n}\n\n#开始菜单\nstart_menu(){\n clear\n echo -e \"\\033[43;42m ====================================\\033[0m\"\n echo -e \"\\033[43;42m 介绍:wireguard一键脚本 \\033[0m\"\n echo -e \"\\033[43;42m 系统:Ubuntu \\033[0m\"\n echo -e \"\\033[43;42m 作者:A \\033[0m\"\n echo -e \"\\033[43;42m ====================================\\033[0m\"\n echo\n echo -e \"\\033[0;33m 1. 安装wireguard\\033[0m\"\n echo -e \"\\033[0;33m 2. 查看客户端二维码\\033[0m\"\n echo -e \"\\033[0;31m 3. 删除wireguard\\033[0m\"\n echo -e \"\\033[0;33m 4. 增加用户\\033[0m\"\n echo -e \" 0. 退出脚本\"\n echo\n read -p \"请输入数字:\" num\n case \"$num\" in\n 1)\n wireguard_install\n ;;\n 2)\n content=$(cat /etc/wireguard/client.conf)\n echo \"${content}\" | qrencode -o - -t UTF8\n ;;\n 3)\n wireguard_remove\n ;;\n 4)\n add_user\n ;;\n 0)\n exit 1\n ;;\n *)\n clear\n echo -e \"请输入正确数字\"\n sleep 2s\n start_menu\n ;;\n esac\n}\n\nstart_menu\n\n\n\n\n\n\n" }, { "path": "wireguard_openwrt.sh", "content": "#!/bin/bash\n\n#0 create file:/etc/wireguard/wg0.conf; create ipset table.txt file\n\n#1 run udpspeeder and udp2raw\n\nnohup ./speederv2 -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f20:10 --mode 0 --timeout 8 -k 249b >speeder.log 2>&1 &\nnohup ./run.sh ./udp2raw -c -r27.122.58.154:18949 -l127.0.0.1:2091 --raw-mode faketcp -k 249b >udp2raw.log 2>&1 &\n\n#2 run wireguard with config file(pwd:/etc/wireguard/wg0.conf) \n\nip link add dev wg0 type wireguard\nip address add dev wg0 10.0.0.2/24\nwg setconf wg0 /etc/wireguard/wg0.conf\nip link set up dev wg0\n\n#3 notice: wg0.conf example\n\n#[Interface]\n#PrivateKey = yG/bs7lAYy3yJLGqWDXVZrpT16CmDHanpI9g9haPC28=\n\n#[Peer]\n#PublicKey = dddHotJ9qujdydvjNDYJVrGWCjpvudX9qcNXk7W4wCo=\n#Endpoint = 127.0.0.1:2090\n#AllowedIPs = 0.0.0.0/0, ::0/0\n#PersistentKeepalive = 5\n\n#4 add route table for wireguard\n\necho \"200 game\" >> /etc/iproute2/rt_tables\n\n#5 create ipset table\n\n#ipset create game hash:net\n#保存规则ipset save game -f game.txt\n#从文件创建\nipset restore -f game.txt\n\n#6 enable iptables rule,mark ip packages equal ipset table\n\niptables -t mangle -A PREROUTING -m set --match-set game dst -j MARK --set-mark 8 \niptables -t mangle -A OUTPUT -m set --match-set game dst -j MARK --set-mark 8 \niptables -t nat -A POSTROUTING -m mark --mark 8 -j MASQUERADE\niptables -I FORWARD -o wg0 -j ACCEPT\n\n#7 config route table game:default route,lan \nip route add default dev wg0 table game\nip route add 192.168.3.0/24 dev br-lan table game\n\n#8 enable ip rule \n\nip rule add fwmark 8 table game\n\n\n" }, { "path": "wireguard_web.sh", "content": "#!/bin/bash\n\n\nsudo apt-get update -y\nsudo apt-get install -y software-properties-common\nsudo add-apt-repository -y ppa:wireguard/wireguard\nsudo apt-get update -y\nsudo apt-get install -y wireguard\n\n\napt-get remove -y dnsmasq\n\n\necho nameserver 1.1.1.1 >/etc/resolv.conf\n\n\nmodprobe wireguard\nmodprobe iptable_nat\nmodprobe ip6table_nat\n\necho 1 > /proc/sys/net/ipv4/ip_forward\necho \"net.ipv4.ip_forward = 1\" > /etc/sysctl.conf\t\necho \"net.ipv6.conf.all.forwarding=1\" > /etc/sysctl.conf\t\n\ncurl -fsSL get.docker.com -o get-docker.sh\nsudo sh get-docker.sh\n\n\nsudo systemctl enable docker\nsudo systemctl start docker\n\nsudo cat > /etc/init.d/wgwebstart <<-EOF\n#! /bin/bash\n### BEGIN INIT INFO\n# Provides:\t\twgwebstart\n# Required-Start:\t$remote_fs $syslog\n# Required-Stop: $remote_fs $syslog\n# Default-Start:\t2 3 4 5\n# Default-Stop:\t\t0 1 6\n# Short-Description:\twgwebstart\n### END INIT INFO\nmodprobe wireguard\nmodprobe iptable_nat\nmodprobe ip6table_nat\nsudo docker start subspace\nEOF\n\nsudo chmod 755 /etc/init.d/wgwebstart\nsudo update-rc.d wgwebstart defaults\n\nread -p \"输入域名:\" domain\n\ndocker create \\\n--name subspace \\\n--network host \\\n--cap-add NET_ADMIN \\\n--volume /usr/bin/wg:/usr/bin/wg \\\n--volume /data:/data \\\n--env SUBSPACE_HTTP_HOST=$domain \\\nsubspacecloud/subspace:latest\n\n\nsudo docker start subspace\n\necho \"安装完毕,使用浏览器访问域名,配置初始登录账号。\"\n" } ]