Repository: yobabyshark/wireguard Branch: master Commit: ea82cc6101c0 Files: 14 Total size: 61.6 KB Directory structure: gitextract_ptzqliey/ ├── README.md ├── iptables_config.sh ├── run.sh ├── speederv2 ├── udp2raw ├── wg_game.sh ├── wg_mult.sh ├── wg_mult.sh.bak ├── wireguard_game.sh ├── wireguard_game_ubuntu.sh ├── wireguard_install.sh ├── wireguard_install_ubuntu.sh ├── wireguard_openwrt.sh └── wireguard_web.sh ================================================ FILE CONTENTS ================================================ ================================================ FILE: README.md ================================================ ### 关于 #### _install.sh > centos版wireguard一键脚本 | centos 7 #### _install_ubuntu.sh > ubuntu版wireguard一键脚本 | ubuntu >= 14.04 #### _game.sh > centos版wireguard+udpspeeder+udp2raw一键脚本 | centos 7 #### _game_ubuntu.sh > ubuntu版wireguard+udpspeeder+udp2raw一键脚本 | ubuntu >= 14.04 ================================================ FILE: iptables_config.sh ================================================ #!/bin/bash #开放ssh端口、回环、外网、默认策略 config_default(){ systemctl stop firewalld systemctl disable firewalld yum install -y iptables-services systemctl start iptables systemctl enable iptables ssh_port=$(awk '$1=="Port" {print $2}' /etc/ssh/sshd_config) if [ ! -n "$ssh_port" ]; then iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT else iptables -A INPUT -p tcp -m tcp --dport ${ssh_port} -j ACCEPT fi iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -P INPUT DROP iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT service iptables save echo "初始配置完成" } #禁止邮箱 config_mail(){ iptables -A FORWARD -p tcp -m multiport --dports 24,25,26,50,57,105,106,109,110,143 -j REJECT --reject-with tcp-reset iptables -A FORWARD -p udp -m multiport --dports 24,25,26,50,57,105,106,109,110,143 -j DROP iptables -A FORWARD -p tcp -m multiport --dports 158,209,218,220,465,587,993,995,1109,60177,60179 -j REJECT --reject-with tcp-reset iptables -A FORWARD -p udp -m multiport --dports 158,209,218,220,465,587,993,995,1109,60177,60179 -j DROP service iptables save echo "禁止邮箱完毕" } #禁止关键字 config_keyword(){ iptables -A FORWARD -m string --string "netflix.com" --algo bm -j DROP iptables -A FORWARD -m string --string "tumblr.com" --algo bm -j DROP iptables -A FORWARD -m string --string "facebook.com.com" --algo bm -j DROP iptables -A FORWARD -m string --string "instagram.com" --algo bm -j DROP iptables -A FORWARD -m string --string "pixiv.net" --algo bm -j DROP iptables -A FORWARD -m string --string "whatsapp.com" --algo bm -j DROP iptables -A FORWARD -m string --string "telegram.com" --algo bm -j DROP iptables -A FORWARD -m string --string "tunsafe.com" --algo bm -j DROP iptables -A FORWARD -m string --string "reddit.com" --algo bm -j DROP iptables -A FORWARD -m string --string "vimeo.com" --algo bm -j DROP iptables -A FORWARD -m string --string "dailymotion.com" --algo bm -j DROP iptables -A FORWARD -m string --string "hulu.com" --algo bm -j DROP iptables -A FORWARD -m string --string "liveleak.com" --algo bm -j DROP iptables -A FORWARD -m string --string "vine.co" --algo bm -j DROP iptables -A FORWARD -m string --string "ustream.tv" --algo bm -j DROP iptables -A FORWARD -m string --string "metacafe.com" --algo bm -j DROP iptables -A FORWARD -m string --string "viewstr.com" --algo bm -j DROP iptables -A FORWARD -m string --string "torrent" --algo bm -j DROP iptables -A FORWARD -m string --string ".torrent" --algo bm -j DROP iptables -A FORWARD -m string --string "peer_id=" --algo bm -j DROP iptables -A FORWARD -m string --string "announce" --algo bm -j DROP iptables -A FORWARD -m string --string "info_hash" --algo bm -j DROP iptables -A FORWARD -m string --string "get_peers" --algo bm -j DROP iptables -A FORWARD -m string --string "find_node" --algo bm -j DROP iptables -A FORWARD -m string --string "BitToorent" --algo bm -j DROP iptables -A FORWARD -m string --string "announce_peer" --algo bm -j DROP iptables -A FORWARD -m string --string "BitTorrent protocol" --algo bm -j DROP iptables -A FORWARD -m string --string "announce.php?passkey=" --algo bm -j DROP iptables -A FORWARD -m string --string "magnet:" --algo bm -j DROP iptables -A FORWARD -m string --string "xunlei" --algo bm -j DROP iptables -A FORWARD -m string --string "sandai" --algo bm -j DROP iptables -A FORWARD -m string --string "Thunder" --algo bm -j DROP iptables -A FORWARD -m string --string "XLLiveUD" --algo bm -j DROP iptables -A FORWARD -m string --string "youtube.com" --algo bm -j DROP iptables -A FORWARD -m string --string "google.com" --algo bm -j DROP iptables -A FORWARD -m string --string "youku.com" --algo bm -j DROP iptables -A FORWARD -m string --string "iqiyi.com" --algo bm -j DROP iptables -A FORWARD -m string --string "qq.com" --algo bm -j DROP iptables -A FORWARD -m string --string "huya.com" --algo bm -j DROP iptables -A FORWARD -m string --string "douyu.com" --algo bm -j DROP iptables -A FORWARD -m string --string "twitch.tv" --algo bm -j DROP iptables -A FORWARD -m string --string "panda.tv" --algo bm -j DROP iptables -A FORWARD -m string --string "porn" --algo bm -j DROP iptables -A FORWARD -m string --string "renminbao.com" --algo bm -j DROP iptables -A FORWARD -m string --string "dajiyuan.com" --algo bm -j DROP iptables -A FORWARD -m string --string "bignews.org" --algo bm -j DROP iptables -A FORWARD -m string --string "creaders.net" --algo bm -j DROP iptables -A FORWARD -m string --string "rfa.org" --algo bm -j DROP iptables -A FORWARD -m string --string "internetfreedom.org" --algo bm -j DROP iptables -A FORWARD -m string --string "voanews.com" --algo bm -j DROP iptables -A FORWARD -m string --string "minghui.org" --algo bm -j DROP iptables -A FORWARD -m string --string "kanzhongguo.com" --algo bm -j DROP iptables -A FORWARD -m string --string "peacehall.com" --algo bm -j DROP iptables -A FORWARD -m string --string "twister" --algo bm -j DROP service iptables save echo "禁止关键字完毕" } #开放自定义端口 config_port(){ echo "开放一个自定义的端口段" read -p "输入开始端口:" start_port read -p "输入结束端口:" stop_port iptables -A INPUT -p tcp -m tcp --dport ${start_port}:${stop_port} -j ACCEPT iptables -A INPUT -p udp -m udp --dport ${start_port}:${stop_port} -j ACCEPT service iptables save echo "开放端口完毕" } #连接数限制 config_conn(){ echo "限制一个端口段的连接数" read -p "输入开始端口:" start_conn read -p "输入结束端口:" stop_conn read -p "输入每个ip允许的连接数:" conn_num iptables -A INPUT -p tcp --dport ${start_conn}:${stop_conn} -m connlimit --connlimit-above ${conn_num} -j DROP iptables -A INPUT -p udp --dport ${start_conn}:${stop_conn} -m connlimit --connlimit-above ${conn_num} -j DROP service iptables save echo "限制连接数完毕" } #IP限速 config_IP(){ echo "限制IP的速度,从10.0.0.2-254,限制100/sec" for ((i=2; i<=254; i ++)) do iptables -I FORWARD -d 10.0.0.$i/32 -j DROP iptables -I FORWARD -d 10.0.0.$i/32 -m limit --limit 100/sec -j ACCEPT done service iptables save echo "限制IP速度完毕" } #清空规则 config_clear(){ iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F service iptables save echo "清除规则完毕" } #start start_menu(){ while [ 1 ] do echo "=========================" echo " 介绍:适用于CentOS7" echo " 作者:atrandys" echo " 网站:www.atrandys.com" echo " Youtube:atrandys" echo "=========================" echo "1. 开启ssh(必须)" echo "2. 禁止邮箱" echo "3. 禁止常用关键字" echo "4. 开放自定义端口" echo "5. 连接数限制" echo "6. ip限速" echo "7. 清除所有规则" echo "0. 退出" echo read -p "请输入数字:" num case "$num" in 1) config_default ;; 2) config_mail ;; 3) config_keyword ;; 4) config_port ;; 5) config_conn ;; 6) config_IP ;; 7) config_clear ;; 0) exit 1 ;; *) clear echo "请输入正确数字" sleep 5s start_menu ;; esac done } start_menu ================================================ FILE: run.sh ================================================ #!/bin/sh while true do $@ sleep 1 done ================================================ FILE: wg_game.sh ================================================ #!/bin/bash #wireguard onekey script for centos7+/ubuntu/debian function blue(){ echo -e "\033[34m\033[01m$1\033[0m" } function green(){ echo -e "\033[32m\033[01m$1\033[0m" } function red(){ echo -e "\033[31m\033[01m$1\033[0m" } function randpwd(){ mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4) echo ${mpasswd} } function rand(){ min=$1 max=$(($2-$min+1)) num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') echo $(($num%$max+$min)) } function version_lt(){ test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1"; } function check_selinux(){ CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#") if [ "$CHECK" == "SELINUX=enforcing" ]; then red "============" red "关闭SELinux" red "============" sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 fi if [ "$CHECK" == "SELINUX=permissive" ]; then red "============" red "关闭SELinux" red "============" sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config setenforce 0 fi } function check_release(){ source /etc/os-release RELEASE=$ID VERSION=$VERSION_ID } function install_tools(){ if [ "$RELEASE" == "centos" ]; then $1 install -y qrencode iptables-services systemctl enable iptables systemctl start iptables iptables -F service iptables save else $1 install -y qrencode iptables fi echo 1 > /proc/sys/net/ipv4/ip_forward echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p } function install_wg(){ check_release if [ "$RELEASE" == "centos" ] && [ "$VERSION" == "7" ]; then yum install -y yum-utils epel-release yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel yum install -y kernel-plus wireguard-tools sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub grub2-mkconfig -o /boot/grub2/grub.cfg systemctl stop firewalld systemctl disable firewalld install_tools "yum" elif [ "$RELEASE" == "centos" ] && [ "$VERSION" == "8" ]; then yum install -y yum-utils epel-release yum-config-manager --setopt=centosplus.includepkgs="kernel-plus, kernel-plus-*" --setopt=centosplus.enabled=1 --save sed -e 's/^DEFAULTKERNEL=kernel-core$/DEFAULTKERNEL=kernel-plus-core/' -i /etc/sysconfig/kernel yum install -y kernel-plus wireguard-tools sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub grub2-mkconfig -o /boot/grub2/grub.cfg systemctl stop firewalld systemctl disable firewalld install_tools "yum" elif [ "$RELEASE" == "ubuntu" ]; then if [ "$VERSION" == "12.04" ] || [ "$VERSION" == "16.04" ]; then red "==================" red "$RELEASE $VERSION系统暂未支持" red "==================" exit fi systemctl stop ufw systemctl disable ufw apt-get install -y wget wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815_5.8.15-050815.202010141131_all.deb wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-image-unsigned-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-modules-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb dpkg -i *.deb apt-get -y update #apt-get install -y software-properties-common apt-get install -y openresolv #add-apt-repository -y ppa:wireguard/wireguard apt-get install -y wireguard install_tools "apt-get" elif [ "$RELEASE" == "debian" ]; then echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list #printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable apt update apt install -y linux-image-5.8.0-0.bpo.2-cloud-amd64 apt install -y wireguard openresolv #apt update #apt install -y wireguard install_tools "apt" else red "==================" red "$RELEASE $VERSION系统暂未支持" red "==================" fi } function config_wg(){ mkdir /etc/wireguard cd /etc/wireguard wg genkey | tee sprivatekey | wg pubkey > spublickey wg genkey | tee cprivatekey | wg pubkey > cpublickey s1=$(cat sprivatekey) s2=$(cat spublickey) c1=$(cat cprivatekey) c2=$(cat cpublickey) serverip=$(curl ipv4.icanhazip.com) port=$(rand 10000 60000) eth=$(ls /sys/class/net| grep ^e | head -n1) chmod 777 -R /etc/wireguard cat > /etc/wireguard/wg0.conf <<-EOF [Interface] PrivateKey = $s1 Address = 10.77.0.1/24 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE ListenPort = $port DNS = 8.8.8.8 MTU = 1300 [Peer] PublicKey = $c2 AllowedIPs = 10.77.0.2/32 EOF #cat > /etc/wireguard/client.conf <<-EOF #[Interface] #PrivateKey = $c1 #Address = 10.77.0.2/24 #DNS = 8.8.8.8 #MTU = 1420 #[Peer] #PublicKey = $s2 #Endpoint = $serverip:$port #AllowedIPs = 0.0.0.0/0, ::0/0 #PersistentKeepalive = 25 #EOF #wg-quick up wg0 udp_install systemctl enable wg-quick@wg0 #content=$(cat /etc/wireguard/client.conf) green "配置文件位置:/etc/wireguard/client.conf" #green "${content}" | qrencode -o - -t UTF8 red "注意:本次安装必须重启一次, wireguard才能正常使用" read -p "是否现在重启 ? [Y/n] :" yn [ -z "${yn}" ] && yn="y" if [[ $yn == [Yy] ]]; then echo -e "VPS 重启中..." reboot fi } function udp_install(){ #下载udpspeeder和udp2raw (amd64版) mkdir /usr/src/udp cd /usr/src/udp wget https://github.com/atrandys/wireguard/raw/master/speederv2 wget https://github.com/atrandys/wireguard/raw/master/udp2raw wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh chmod +x speederv2 udp2raw run.sh #启动udpspeeder和udp2raw udpport=$(rand 10000 60000) password=$(randpwd) #nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & #nohup ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & echo -e "\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\033[0m" read -p "比如192.168.1.1 :" ugateway cat > /etc/wireguard/client.conf <<-EOF [Interface] PrivateKey = $c1 PostUp = mshta vbscript:CreateObject("WScript.Shell").Run("cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password",0)(window.close) PostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f Address = 10.77.0.2/24 DNS = 8.8.8.8 MTU = 1300 [Peer] PublicKey = $s2 Endpoint = 127.0.0.1:2090 AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF cat > /etc/wireguard/client_noudp.conf <<-EOF [Interface] PrivateKey = $c1 Address = 10.77.0.2/24 DNS = 8.8.8.8 MTU = 1300 [Peer] PublicKey = $s2 Endpoint = $serverip:$port AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF cat > /etc/wireguard/udp.sh <<-EOF #!/bin/bash nohup usr/src/udp/speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & nohup usr/src/udp/udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & EOF chmod +x /etc/wireguard/udp.sh #增加自启动脚本 cat > /etc/systemd/system/autoudp.service<<-EOF [Unit] Description=autoudp After=network.target [Service] Type=forking ExecStart=/etc/wireguard/udp.sh ExecReload=/bin/kill -9 \$(pidof udp2raw) && /bin/kill -9 \$(pidof udpspeeder) Restart=on-failure RestartSec=1s [Install] WantedBy=multi-user.target EOF #设置脚本权限 chmod +x /etc/systemd/system/autoudp.service systemctl enable autoudp.service systemctl start autoudp.service } function add_user(){ green "==================================" green "给新用户起个名字,不能和已有用户重复" green "==================================" read -p "请输入用户名:" newname cd /etc/wireguard/ if [ ! -f "/etc/wireguard/$newname.conf" ]; then cp client.conf $newname.conf wg genkey | tee temprikey | wg pubkey > tempubkey ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') newnum=$((10#${ipnum}+1)) sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf sed -i 's%^Address.*$%'"Address = 10.77.0.$newnum\/24"'%' $newname.conf cat >> /etc/wireguard/wg0.conf <<-EOF [Peer] PublicKey = $(cat tempubkey) AllowedIPs = 10.77.0.$newnum/32 EOF wg set wg0 peer $(cat tempubkey) allowed-ips 10.77.0.$newnum/32 green "=============================================" green "添加完成,文件:/etc/wireguard/$newname.conf" green "=============================================" rm -f temprikey tempubkey else red "======================" red "用户名已存在,请更换名称" red "======================" fi } function remove_wg(){ check_release if [ -d "/etc/wireguard" ]; then wg-quick down wg0 if [ "$RELEASE" == "centos" ]; then yum remove -y wireguard-dkms wireguard-tools rm -rf /etc/wireguard/ green "卸载完成" elif [ "$RELEASE" == "ubuntu" ]; then apt-get remove -y wireguard rm -rf /etc/wireguard/ green "卸载完成" elif [ "$RELEASE" == "debian" ]; then apt remove -y wireguard rm -rf /etc/wireguard/ green "卸载完成" else red "系统不符合要求" fi else red "未检测到wireguard" fi } function start_menu(){ clear green "===============================================" green " 介绍: 一键安装wireguard + udpspeeder + udp2raw" green " 系统: Centos7+/Ubuntu18.04+/Debian9+" green " 作者: atrandys www.atrandys.com" green " 提示: 脚本安装过程中会升级内核,请勿生产环境使用" green "===============================================" green "1. 安装wireguard + udpspeeder + udp2raw" red "2. 删除wireguard" green "3. 增加用户" red "0. 退出" echo read -p "请选择:" num case "$num" in 1) check_selinux install_wg config_wg ;; 2) remove_wg ;; 3) add_user ;; 0) exit 1 ;; *) clear red "Please enter the correct number!" sleep 1s start_menu ;; esac } start_menu ================================================ FILE: wg_mult.sh ================================================ #!/bin/bash #wireguard onekey script for centos7+/ubuntu/debian function blue(){ echo -e "\033[34m\033[01m$1\033[0m" } function green(){ echo -e "\033[32m\033[01m$1\033[0m" } function red(){ echo -e "\033[31m\033[01m$1\033[0m" } function rand(){ min=$1 max=$(($2-$min+1)) num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') echo $(($num%$max+$min)) } function version_lt(){ test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1"; } function check_selinux(){ CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#") if [ "$CHECK" == "SELINUX=enforcing" ]; then red "============" red "关闭SELinux" red "============" sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 fi if [ "$CHECK" == "SELINUX=permissive" ]; then red "============" red "关闭SELinux" red "============" sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config setenforce 0 fi } function check_release(){ source /etc/os-release RELEASE=$ID VERSION=$VERSION_ID } function install_tools(){ if [ "$RELEASE" == "centos" ]; then $1 install -y qrencode iptables-services systemctl enable iptables systemctl start iptables iptables -F service iptables save else $1 install -y qrencode iptables fi echo 1 > /proc/sys/net/ipv4/ip_forward echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p } function install_wg(){ check_release if [ "$RELEASE" == "centos" ] && [ "$VERSION" == "7" ]; then yum install -y yum-utils epel-release yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel yum install -y kernel-plus wireguard-tools sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub grub2-mkconfig -o /boot/grub2/grub.cfg systemctl stop firewalld systemctl disable firewalld install_tools "yum" elif [ "$RELEASE" == "centos" ] && [ "$VERSION" == "8" ]; then yum install -y yum-utils epel-release yum-config-manager --setopt=centosplus.includepkgs="kernel-plus, kernel-plus-*" --setopt=centosplus.enabled=1 --save sed -e 's/^DEFAULTKERNEL=kernel-core$/DEFAULTKERNEL=kernel-plus-core/' -i /etc/sysconfig/kernel yum install -y kernel-plus wireguard-tools sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub grub2-mkconfig -o /boot/grub2/grub.cfg systemctl stop firewalld systemctl disable firewalld install_tools "yum" elif [ "$RELEASE" == "ubuntu" ]; then if [ "$VERSION" == "12.04" ] || [ "$VERSION" == "16.04" ]; then red "==================" red "$RELEASE $VERSION系统暂未支持" red "==================" exit fi systemctl stop ufw systemctl disable ufw apt-get install -y wget wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-headers-5.8.15-050815_5.8.15-050815.202010141131_all.deb wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-image-unsigned-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.15/amd64/linux-modules-5.8.15-050815-generic_5.8.15-050815.202010141131_amd64.deb dpkg -i *.deb apt-get -y update #apt-get install -y software-properties-common apt-get install -y openresolv #add-apt-repository -y ppa:wireguard/wireguard apt-get install -y wireguard install_tools "apt-get" elif [ "$RELEASE" == "debian" ]; then echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list #printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable apt update apt install -y linux-image-5.8.0-0.bpo.2-cloud-amd64 apt install -y wireguard openresolv #apt update #apt install -y wireguard install_tools "apt" else red "==================" red "$RELEASE $VERSION系统暂未支持" red "==================" fi } function config_wg(){ mkdir /etc/wireguard cd /etc/wireguard wg genkey | tee sprivatekey | wg pubkey > spublickey wg genkey | tee cprivatekey | wg pubkey > cpublickey s1=$(cat sprivatekey) s2=$(cat spublickey) c1=$(cat cprivatekey) c2=$(cat cpublickey) serverip=$(curl ipv4.icanhazip.com) port=$(rand 10000 60000) eth=$(ls /sys/class/net| grep ^e | head -n1) chmod 777 -R /etc/wireguard cat > /etc/wireguard/wg0.conf <<-EOF [Interface] PrivateKey = $s1 Address = 10.77.0.1/24 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE ListenPort = $port DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $c2 AllowedIPs = 10.77.0.2/32 EOF cat > /etc/wireguard/client.conf <<-EOF [Interface] PrivateKey = $c1 Address = 10.77.0.2/24 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $s2 Endpoint = $serverip:$port AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF #wg-quick up wg0 systemctl enable wg-quick@wg0 content=$(cat /etc/wireguard/client.conf) green "电脑端请下载/etc/wireguard/client.conf文件,手机端可直接使用软件扫码" green "${content}" | qrencode -o - -t UTF8 red "注意:本次安装必须重启一次, wireguard才能正常使用" read -p "是否现在重启 ? [Y/n] :" yn [ -z "${yn}" ] && yn="y" if [[ $yn == [Yy] ]]; then echo -e "VPS 重启中..." reboot fi } function add_user(){ green "==================================" green "给新用户起个名字,不能和已有用户重复" green "==================================" read -p "请输入用户名:" newname cd /etc/wireguard/ if [ ! -f "/etc/wireguard/$newname.conf" ]; then cp client.conf $newname.conf wg genkey | tee temprikey | wg pubkey > tempubkey ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') newnum=$((10#${ipnum}+1)) sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf sed -i 's%^Address.*$%'"Address = 10.77.0.$newnum\/24"'%' $newname.conf cat >> /etc/wireguard/wg0.conf <<-EOF [Peer] PublicKey = $(cat tempubkey) AllowedIPs = 10.77.0.$newnum/32 EOF wg set wg0 peer $(cat tempubkey) allowed-ips 10.77.0.$newnum/32 green "=============================================" green "添加完成,文件:/etc/wireguard/$newname.conf" green "=============================================" rm -f temprikey tempubkey else red "======================" red "用户名已存在,请更换名称" red "======================" fi } function remove_wg(){ check_release if [ -d "/etc/wireguard" ]; then wg-quick down wg0 if [ "$RELEASE" == "centos" ]; then yum remove -y wireguard-dkms wireguard-tools rm -rf /etc/wireguard/ green "卸载完成" elif [ "$RELEASE" == "ubuntu" ]; then apt-get remove -y wireguard rm -rf /etc/wireguard/ green "卸载完成" elif [ "$RELEASE" == "debian" ]; then apt remove -y wireguard rm -rf /etc/wireguard/ green "卸载完成" else red "系统不符合要求" fi else red "未检测到wireguard" fi } function start_menu(){ clear green "===============================================" green " 介绍: 一键安装wireguard, 增加wireguard多用户" green " 系统: Centos7+/Ubuntu18.04+/Debian9+" green " 作者: atrandys www.atrandys.com" green " 提示: 脚本安装过程中会升级内核,请勿生产环境使用" green "===============================================" green "1. 安装wireguard" red "2. 删除wireguard" green "3. 显示默认用户二维码" green "4. 增加用户" red "0. 退出" echo read -p "请选择:" num case "$num" in 1) check_selinux install_wg config_wg ;; 2) remove_wg ;; 3) content=$(cat /etc/wireguard/client.conf) echo "${content}" | qrencode -o - -t UTF8 ;; 4) add_user ;; 0) exit 1 ;; *) clear red "Please enter the correct number!" sleep 1s start_menu ;; esac } start_menu ================================================ FILE: wg_mult.sh.bak ================================================ #!/bin/bash #wireguard onekey script for centos7+/ubuntu/debian function blue(){ echo -e "\033[34m\033[01m$1\033[0m" } function green(){ echo -e "\033[32m\033[01m$1\033[0m" } function red(){ echo -e "\033[31m\033[01m$1\033[0m" } function rand(){ min=$1 max=$(($2-$min+1)) num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') echo $(($num%$max+$min)) } function check_selinux(){ CHECK=$(grep SELINUX= /etc/selinux/config | grep -v "#") if [ "$CHECK" == "SELINUX=enforcing" ]; then red "=======================================================================" red "检测到SELinux为开启状态,为防止wireguard连接失败,请先重启VPS后,再执行本脚本" red "=======================================================================" read -p "是否现在重启 ?请输入 [Y/n] :" yn [ -z "${yn}" ] && yn="y" if [[ $yn == [Yy] ]]; then sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0 echo -e "VPS 重启中..." reboot fi exit fi if [ "$CHECK" == "SELINUX=permissive" ]; then red "=======================================================================" red "检测到SELinux为宽容状态,为防止wireguard连接失败,请先重启VPS后,再执行本脚本" red "=======================================================================" read -p "是否现在重启 ?请输入 [Y/n] :" yn [ -z "${yn}" ] && yn="y" if [[ $yn == [Yy] ]]; then sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config setenforce 0 echo -e "VPS 重启中..." reboot fi exit fi } function check_release(){ source /etc/os-release RELEASE=$ID VERSION=$VERSION_ID } function install_wg(){ check_release if [ "$RELEASE" == "centos" ] && [ "$VERSION" == "7" ]; then yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install -y "kernel-devel-uname-r == $(uname -r)" curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo yum install -y wireguard-dkms wireguard-tools qrencode iptables-services systemctl stop firewalld systemctl disable firewalld systemctl enable iptables systemctl start iptables iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F service iptables save service iptables restart echo 1 > /proc/sys/net/ipv4/ip_forward echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p elif [ "$RELEASE" == "centos" ] && [ "$VERSION" == "8" ]; then yum install -y epel-release yum install -y "kernel-devel-uname-r == $(uname -r)" yum config-manager --set-enabled PowerTools yum copr enable -y jdoss/wireguard yum install -y wireguard-dkms wireguard-tools qrencode iptables-services systemctl stop firewalld systemctl disable firewalld systemctl enable iptables systemctl start iptables iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F service iptables save service iptables restart echo 1 > /proc/sys/net/ipv4/ip_forward echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p elif [ "$RELEASE" == "ubuntu" ] && [ "$VERSION" == "19.04" ]; then red "===================" red "暂未支持ubuntu19.04系统" red "===================" elif [ "$RELEASE" == "ubuntu" ] && [ "$VERSION" == "19.10" ]; then red "===================" red "暂未支持ubuntu19.10系统" red "===================" elif [ "$RELEASE" == "ubuntu" ] && [ "$VERSION" == "16.04" ]; then systemctl stop ufw systemctl disable ufw apt-get -y update add-apt-repository -y ppa:wireguard/wireguard apt-get update apt-get install -y wireguard qrencode iptables systemctl enable iptables systemctl start iptables echo 1 > /proc/sys/net/ipv4/ip_forward echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p elif [ "$RELEASE" == "ubuntu" ] && [ "$VERSION" == "18.04" ]; then systemctl stop ufw systemctl disable ufw apt-get -y update apt-get install -y software-properties-common apt-get install -y openresolv add-apt-repository -y ppa:wireguard/wireguard apt-get -y update apt-get install -y wireguard qrencode iptables systemctl enable iptables systemctl start iptables echo 1 > /proc/sys/net/ipv4/ip_forward echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p elif [ "$RELEASE" == "debian" ]; then echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable apt update apt install -y wireguard qrencode iptables systemctl enable iptables systemctl start iptables echo 1 > /proc/sys/net/ipv4/ip_forward echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p else red "=================" red "您当前系统暂未支持" red "=================" fi } function config_wg(){ mkdir /etc/wireguard cd /etc/wireguard wg genkey | tee sprivatekey | wg pubkey > spublickey wg genkey | tee cprivatekey | wg pubkey > cpublickey s1=$(cat sprivatekey) s2=$(cat spublickey) c1=$(cat cprivatekey) c2=$(cat cpublickey) serverip=$(curl ipv4.icanhazip.com) port=$(rand 10000 60000) eth=$(ls /sys/class/net| awk 'NR==1&&/^e/{print $1}') chmod 777 -R /etc/wireguard cat > /etc/wireguard/wg0.conf <<-EOF [Interface] PrivateKey = $s1 Address = 10.77.0.1/24 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE ListenPort = $port DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $c2 AllowedIPs = 10.77.0.2/32 EOF cat > /etc/wireguard/client.conf <<-EOF [Interface] PrivateKey = $c1 Address = 10.77.0.2/24 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $s2 Endpoint = $serverip:$port AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF wg-quick up wg0 systemctl enable wg-quick@wg0 content=$(cat /etc/wireguard/client.conf) green "电脑端请下载/etc/wireguard/client.conf文件,手机端可直接使用软件扫码" green "${content}" | qrencode -o - -t UTF8 } function add_user(){ green "==================================" green "给新用户起个名字,不能和已有用户重复" green "==================================" read -p "请输入用户名:" newname cd /etc/wireguard/ if [ ! -f "/etc/wireguard/$newname.conf" ]; then cp client.conf $newname.conf wg genkey | tee temprikey | wg pubkey > tempubkey ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') newnum=$((10#${ipnum}+1)) sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf sed -i 's%^Address.*$%'"Address = 10.77.0.$newnum\/24"'%' $newname.conf cat >> /etc/wireguard/wg0.conf <<-EOF [Peer] PublicKey = $(cat tempubkey) AllowedIPs = 10.77.0.$newnum/32 EOF wg set wg0 peer $(cat tempubkey) allowed-ips 10.77.0.$newnum/32 green "=============================================" green "添加完成,文件:/etc/wireguard/$newname.conf" green "=============================================" rm -f temprikey tempubkey else red "======================" red "用户名已存在,请更换名称" red "======================" fi } function remove_wg(){ check_release if [ -d "/etc/wireguard" ]; then wg-quick down wg0 if [ "$RELEASE" == "centos" ]; then yum remove -y wireguard-dkms wireguard-tools rm -rf /etc/wireguard/ green "卸载完成" elif [ "$RELEASE" == "ubuntu" ]; then apt-get remove -y wireguard rm -rf /etc/wireguard/ green "卸载完成" elif [ "$RELEASE" == "debian" ]; then apt remove -y wireguard rm -rf /etc/wireguard/ green "卸载完成" else red "系统不符合要求" fi else red "未检测到wireguard" fi } function start_menu(){ clear green "==========================================" green " Info : For Centos7+/Ubuntu16+/Debian9+" green " Author : A" green "==========================================" green "1. Install wireguard" red "2. Remove wireguard" green "3. Show client QRcode" green "4. Add user" red "0. Exit" echo read -p "Please enter a number:" num case "$num" in 1) check_selinux install_wg config_wg ;; 2) remove_wg ;; 3) content=$(cat /etc/wireguard/client.conf) echo "${content}" | qrencode -o - -t UTF8 ;; 4) add_user ;; 0) exit 1 ;; *) clear red "Please enter the correct number!" sleep 1s start_menu ;; esac } start_menu ================================================ FILE: wireguard_game.sh ================================================ #!/bin/bash #wg+udpspeeder+udp2raw,fec:游戏场景 if [ ! -e '/etc/redhat-release' ]; then echo -e "\033[37;41m仅支持centos7\033[0m" exit fi if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then echo -e "\033[37;41m仅支持centos7\033[0m" exit fi #更新内核 update_kernel(){ yum -y install epel-release wget curl sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo yum remove -y kernel-devel rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm yum --disablerepo="*" --enablerepo="elrepo-kernel" list available yum -y --enablerepo=elrepo-kernel install kernel-ml sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub grub2-mkconfig -o /boot/grub2/grub.cfg wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm yum -y --enablerepo=elrepo-kernel install kernel-ml-devel read -p "需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :" yn [ -z "${yn}" ] && yn="y" if [[ $yn == [Yy] ]]; then echo -e "\033[37;41mVPS 重启中...\033[0m" reboot fi } #生成随机端口 rand(){ min=$1 max=$(($2-$min+1)) num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') echo $(($num%$max+$min)) } randpwd(){ mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4) echo ${mpasswd} } wireguard_update(){ yum update -y wireguard-dkms wireguard-tools echo -e "\033[37;41m更新完成\033[0m" } wireguard_remove(){ yum remove -y wireguard-dkms wireguard-tools rm -rf /etc/wireguard/ rm -f /etc/rc.d/init.d/autoudp echo -e "\033[37;41m卸载完成,建议重启服务器\033[0m" } udp_install(){ #下载udpspeeder和udp2raw (amd64版) mkdir /usr/src/udp cd /usr/src/udp wget https://github.com/atrandys/wireguard/raw/master/speederv2 wget https://github.com/atrandys/wireguard/raw/master/udp2raw wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh chmod +x speederv2 udp2raw run.sh #启动udpspeeder和udp2raw udpport=$(rand 10000 60000) password=$(randpwd) nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & echo -e "\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\033[0m" read -p "比如192.168.1.1 :" ugateway cat > /etc/wireguard/client/client.conf <<-EOF [Interface] PrivateKey = $c1 PostUp = mshta vbscript:CreateObject("WScript.Shell").Run("cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password",0)(window.close) PostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f Address = 10.0.0.2/24 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $s2 Endpoint = 127.0.0.1:2090 AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF cat > /etc/wireguard/client/client_noudp.conf <<-EOF [Interface] PrivateKey = $c1 Address = 10.0.0.2/24 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $s2 Endpoint = $serverip:$port AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF #增加自启动脚本 cat > /etc/rc.d/init.d/autoudp<<-EOF #!/bin/sh #chkconfig: 2345 80 90 #description:autoudp cd /usr/src/udp nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & EOF #设置脚本权限 chmod +x /etc/rc.d/init.d/autoudp chkconfig --add autoudp chkconfig autoudp on } #centos7安装wireguard wireguard_install(){ curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel yum -y install wireguard-dkms wireguard-tools mkdir /etc/wireguard mkdir /etc/wireguard/client cd /etc/wireguard wg genkey | tee sprivatekey | wg pubkey > spublickey wg genkey | tee cprivatekey | wg pubkey > cpublickey s1=$(cat sprivatekey) s2=$(cat spublickey) c1=$(cat cprivatekey) c2=$(cat cpublickey) serverip=$(curl ipv4.icanhazip.com) port=$(rand 10000 60000) eth=$(ls /sys/class/net | awk '/^e/{print}') chmod 777 -R /etc/wireguard systemctl stop firewalld systemctl disable firewalld yum install -y iptables-services systemctl enable iptables systemctl start iptables iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F service iptables save service iptables restart echo 1 > /proc/sys/net/ipv4/ip_forward echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p cat > /etc/wireguard/wg0.conf <<-EOF [Interface] PrivateKey = $s1 Address = 10.0.0.1/24 PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE ListenPort = $port DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $c2 AllowedIPs = 10.0.0.2/32 EOF udp_install wg-quick up wg0 systemctl enable wg-quick@wg0 echo -e "\033[37;41m安装完毕,客户端配置文件:/etc/wireguard/client/client.conf\033[0m" } add_user(){ echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" read -p "请输入用户名:" newname cd /etc/wireguard/client cp client.conf $newname.conf wg genkey | tee temprikey | wg pubkey > tempubkey ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') newnum=$((10#${ipnum}+1)) sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf cat >> /etc/wireguard/wg0.conf <<-EOF [Peer] PublicKey = $(cat tempubkey) AllowedIPs = 10.0.0.$newnum/32 EOF wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 echo -e "\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\033[0m" rm -f temprikey tempubkey } #开始菜单 start_menu(){ clear echo -e "\033[43;42m ====================================\033[0m" echo -e "\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \033[0m" echo -e "\033[43;42m 系统:CentOS7 \033[0m" echo -e "\033[43;42m 作者:A \033[0m" echo -e "\033[43;42m ====================================\033[0m" echo echo -e "\033[0;33m 1. 升级系统内核(必需)\033[0m" echo -e "\033[0;33m 2. 安装wireguard+udpspeeder+udp2raw\033[0m" echo " 3. 升级wireguard" echo " 4. 卸载wireguard" echo -e "\033[37;41m 5. 增加用户\033[0m" echo " 0. 退出脚本" echo read -p "请输入数字:" num case "$num" in 1) update_kernel ;; 2) wireguard_install ;; 3) wireguard_update ;; 4) wireguard_remove ;; 5) add_user ;; 0) exit 1 ;; *) clear echo -e "请输入正确数字" sleep 2s start_menu ;; esac } start_menu ================================================ FILE: wireguard_game_ubuntu.sh ================================================ #!/bin/bash rand(){ min=$1 max=$(($2-$min+1)) num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') echo $(($num%$max+$min)) } randpwd(){ mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4) echo ${mpasswd} } wireguard_install(){ version=$(cat /etc/os-release | awk -F '[".]' '$1=="VERSION="{print $2}') if [ $version == 18 ] then sudo apt-get update -y sudo apt-get install -y software-properties-common sudo apt-get install -y openresolv else sudo apt-get update -y sudo apt-get install -y software-properties-common fi sudo add-apt-repository -y ppa:wireguard/wireguard sudo apt-get update -y sudo apt-get install -y wireguard curl sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf sysctl -p echo "1"> /proc/sys/net/ipv4/ip_forward mkdir /etc/wireguard cd /etc/wireguard wg genkey | tee sprivatekey | wg pubkey > spublickey wg genkey | tee cprivatekey | wg pubkey > cpublickey s1=$(cat sprivatekey) s2=$(cat spublickey) c1=$(cat cprivatekey) c2=$(cat cpublickey) serverip=$(curl ipv4.icanhazip.com) port=$(rand 10000 60000) eth=$(ls /sys/class/net | awk '/^e/{print}') sudo cat > /etc/wireguard/wg0.conf <<-EOF [Interface] PrivateKey = $s1 Address = 10.0.0.1/24 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE ListenPort = $port DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $c2 AllowedIPs = 10.0.0.2/32 EOF sudo cat > /etc/init.d/wgstart <<-EOF #! /bin/bash ### BEGIN INIT INFO # Provides: wgstart # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: wgstart ### END INIT INFO sudo wg-quick up wg0 EOF sudo chmod 755 /etc/init.d/wgstart cd /etc/init.d if [ $version == 14 ] then sudo update-rc.d wgstart defaults 90 else sudo update-rc.d wgstart defaults fi udp_install sudo wg-quick up wg0 } udp_install(){ #下载udpspeeder和udp2raw (amd64版) mkdir /usr/src/udp mkdir /etc/wireguard/client cd /usr/src/udp wget https://github.com/atrandys/wireguard/raw/master/speederv2 wget https://github.com/atrandys/wireguard/raw/master/udp2raw wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh chmod +x speederv2 udp2raw run.sh #启动udpspeeder和udp2raw udpport=$(rand 10000 60000) password=$(randpwd) nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & echo -e "\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\033[0m" read -p "比如192.168.1.1 :" ugateway cat > /etc/wireguard/client/client.conf <<-EOF [Interface] PrivateKey = $c1 PostUp = mshta vbscript:CreateObject("WScript.Shell").Run("cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password",0)(window.close) PostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f Address = 10.0.0.2/24 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $s2 Endpoint = 127.0.0.1:2090 AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF cat > /etc/wireguard/client/client_noudp.conf <<-EOF [Interface] PrivateKey = $c1 Address = 10.0.0.2/24 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $s2 Endpoint = $serverip:$port AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF #增加自启动脚本 cat > /etc/init.d/autoudp<<-EOF #! /bin/sh ### BEGIN INIT INFO # Provides: autoudp # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: autoudp ### END INIT INFO cd /usr/src/udp nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & EOF #设置脚本权限 sudo chmod 755 /etc/init.d/autoudp cd /etc/init.d if [ $version == 14 ] then sudo update-rc.d autoudp defaults 90 else sudo update-rc.d autoudp defaults fi } wireguard_remove(){ sudo wg-quick down wg0 sudo apt-get remove -y wireguard sudo rm -rf /etc/wireguard sudo rm -f /etc/init.d/wgstart sudo rm -f /etc/init.d/autoudp echo -e "\033[37;41m卸载完成,建议重启服务器\033[0m" } add_user(){ echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" read -p "请输入用户名:" newname cd /etc/wireguard/client cp client.conf $newname.conf wg genkey | tee temprikey | wg pubkey > tempubkey ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') newnum=$((10#${ipnum}+1)) sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf cat >> /etc/wireguard/wg0.conf <<-EOF [Peer] PublicKey = $(cat tempubkey) AllowedIPs = 10.0.0.$newnum/32 EOF wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 echo -e "\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\033[0m" rm -f temprikey tempubkey } #开始菜单 start_menu(){ clear echo -e "\033[43;42m ====================================\033[0m" echo -e "\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \033[0m" echo -e "\033[43;42m 系统:Ubuntu \033[0m" echo -e "\033[43;42m 作者:A \033[0m" echo -e "\033[43;42m ====================================\033[0m" echo echo -e "\033[0;33m 1. 安装wireguard+udpspeeder+udp2raw\033[0m" echo -e "\033[0;31m 2. 删除wireguard+udpspeeder+udp2raw\033[0m" echo -e "\033[37;41m 3. 增加用户\033[0m" echo -e " 0. 退出脚本" echo read -p "请输入数字:" num case "$num" in 1) wireguard_install ;; 2) wireguard_remove ;; 3) add_user ;; 0) exit 1 ;; *) clear echo -e "请输入正确数字" sleep 2s start_menu ;; esac } start_menu ================================================ FILE: wireguard_install.sh ================================================ #!/bin/bash #判断系统 if [ ! -e '/etc/redhat-release' ]; then echo "仅支持centos7" exit fi if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then echo "仅支持centos7" exit fi #更新内核 update_kernel(){ yum -y install epel-release curl sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo yum remove -y kernel-devel rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm yum --disablerepo="*" --enablerepo="elrepo-kernel" list available yum -y --enablerepo=elrepo-kernel install kernel-ml sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub grub2-mkconfig -o /boot/grub2/grub.cfg wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm yum -y --enablerepo=elrepo-kernel install kernel-ml-devel read -p "需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :" yn [ -z "${yn}" ] && yn="y" if [[ $yn == [Yy] ]]; then echo -e "VPS 重启中..." reboot fi } #生成随机端口 rand(){ min=$1 max=$(($2-$min+1)) num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') echo $(($num%$max+$min)) } wireguard_update(){ yum update -y wireguard-dkms wireguard-tools echo "更新完成" } wireguard_remove(){ wg-quick down wg0 yum remove -y wireguard-dkms wireguard-tools rm -rf /etc/wireguard/ echo "卸载完成" } config_client(){ cat > /etc/wireguard/client.conf <<-EOF [Interface] PrivateKey = $c1 Address = 10.77.77.2/32 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $s2 Endpoint = $serverip:$port AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF } #centos7安装wireguard wireguard_install(){ curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel yum -y install wireguard-dkms wireguard-tools yum -y install qrencode mkdir /etc/wireguard cd /etc/wireguard wg genkey | tee sprivatekey | wg pubkey > spublickey wg genkey | tee cprivatekey | wg pubkey > cpublickey s1=$(cat sprivatekey) s2=$(cat spublickey) c1=$(cat cprivatekey) c2=$(cat cpublickey) serverip=$(curl ipv4.icanhazip.com) port=$(rand 10000 60000) eth=$(ls /sys/class/net | grep e | head -1) chmod 777 -R /etc/wireguard systemctl stop firewalld systemctl disable firewalld yum install -y iptables-services systemctl enable iptables systemctl start iptables iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F service iptables save service iptables restart echo 1 > /proc/sys/net/ipv4/ip_forward echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p cat > /etc/wireguard/wg0.conf <<-EOF [Interface] PrivateKey = $s1 Address = 10.77.0.1/16 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -I FORWARD -s 10.77.77.1/24 -d 10.77.77.1/24 -j DROP; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -D FORWARD -s 10.77.77.1/24 -d 10.77.77.1/24 -j DROP; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE ListenPort = $port DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $c2 AllowedIPs = 10.77.77.2/32 EOF config_client wg-quick up wg0 systemctl enable wg-quick@wg0 content=$(cat /etc/wireguard/client.conf) echo "电脑端请下载client.conf,手机端可直接使用软件扫码" echo "${content}" | qrencode -o - -t UTF8 } add_user(){ echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" read -p "请输入用户名:" newname cd /etc/wireguard/ cp client.conf $newname.conf wg genkey | tee temprikey | wg pubkey > tempubkey ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') newnum=$((10#${ipnum}+1)) sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf sed -i 's%^Address.*$%'"Address = 10.77.77.$newnum\/32"'%' $newname.conf cat >> /etc/wireguard/wg0.conf <<-EOF [Peer] PublicKey = $(cat tempubkey) AllowedIPs = 10.77.77.$newnum/32 EOF wg set wg0 peer $(cat tempubkey) allowed-ips 10.77.77.$newnum/32 echo -e "\033[37;41m添加完成,文件:/etc/wireguard/$newname.conf\033[0m" rm -f temprikey tempubkey } #开始菜单 start_menu(){ clear echo "=========================" echo " 介绍:适用于CentOS7" echo " 作者:A" echo "=========================" echo "1. 升级系统内核" echo "2. 安装wireguard" echo "3. 升级wireguard" echo "4. 卸载wireguard" echo "5. 显示客户端二维码" echo "6. 增加用户" echo "0. 退出脚本" echo read -p "请输入数字:" num case "$num" in 1) update_kernel ;; 2) wireguard_install ;; 3) wireguard_update ;; 4) wireguard_remove ;; 5) content=$(cat /etc/wireguard/client.conf) echo "${content}" | qrencode -o - -t UTF8 ;; 6) add_user ;; 0) exit 1 ;; *) clear echo "请输入正确数字" sleep 5s start_menu ;; esac } start_menu ================================================ FILE: wireguard_install_ubuntu.sh ================================================ #!/bin/bash rand(){ min=$1 max=$(($2-$min+1)) num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') echo $(($num%$max+$min)) } wireguard_install(){ version=$(cat /etc/os-release | awk -F '[".]' '$1=="VERSION="{print $2}') if [ $version == 18 ]; then sudo apt-get update -y sudo apt-get install -y software-properties-common sudo apt-get install -y openresolv #else # sudo apt-get update -y # sudo apt-get install -y software-properties-common fi sudo add-apt-repository -y ppa:wireguard/wireguard sudo apt-get update -y sudo apt-get install -y wireguard curl sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf sysctl -p echo "1"> /proc/sys/net/ipv4/ip_forward mkdir /etc/wireguard cd /etc/wireguard wg genkey | tee sprivatekey | wg pubkey > spublickey wg genkey | tee cprivatekey | wg pubkey > cpublickey s1=$(cat sprivatekey) s2=$(cat spublickey) c1=$(cat cprivatekey) c2=$(cat cpublickey) serverip=$(curl ipv4.icanhazip.com) port=$(rand 10000 60000) eth=$(ls /sys/class/net | awk '/^e/{print}') sudo cat > /etc/wireguard/wg0.conf <<-EOF [Interface] PrivateKey = $s1 Address = 10.0.0.1/24 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE ListenPort = $port DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $c2 AllowedIPs = 10.0.0.2/32 EOF sudo cat > /etc/wireguard/client.conf <<-EOF [Interface] PrivateKey = $c1 Address = 10.0.0.2/24 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $s2 Endpoint = $serverip:$port AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF sudo apt-get install -y qrencode sudo cat > /etc/init.d/wgstart <<-EOF #! /bin/bash ### BEGIN INIT INFO # Provides: wgstart # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: wgstart ### END INIT INFO sudo wg-quick up wg0 EOF sudo chmod +x /etc/init.d/wgstart cd /etc/init.d if [ $version == 14 ] then sudo update-rc.d wgstart defaults 90 else sudo update-rc.d wgstart defaults fi sudo wg-quick up wg0 content=$(cat /etc/wireguard/client.conf) echo -e "\033[43;42m电脑端请下载/etc/wireguard/client.conf,手机端可直接使用软件扫码\033[0m" echo "${content}" | qrencode -o - -t UTF8 } wireguard_remove(){ sudo wg-quick down wg0 sudo apt-get remove -y wireguard sudo rm -rf /etc/wireguard } add_user(){ echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" read -p "请输入用户名:" newname cd /etc/wireguard/ cp client.conf $newname.conf wg genkey | tee temprikey | wg pubkey > tempubkey ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') newnum=$((10#${ipnum}+1)) sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf cat >> /etc/wireguard/wg0.conf <<-EOF [Peer] PublicKey = $(cat tempubkey) AllowedIPs = 10.0.0.$newnum/32 EOF wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 echo -e "\033[37;41m添加完成,文件:/etc/wireguard/$newname.conf\033[0m" rm -f temprikey tempubkey } #开始菜单 start_menu(){ clear echo -e "\033[43;42m ====================================\033[0m" echo -e "\033[43;42m 介绍:wireguard一键脚本 \033[0m" echo -e "\033[43;42m 系统:Ubuntu \033[0m" echo -e "\033[43;42m 作者:A \033[0m" echo -e "\033[43;42m ====================================\033[0m" echo echo -e "\033[0;33m 1. 安装wireguard\033[0m" echo -e "\033[0;33m 2. 查看客户端二维码\033[0m" echo -e "\033[0;31m 3. 删除wireguard\033[0m" echo -e "\033[0;33m 4. 增加用户\033[0m" echo -e " 0. 退出脚本" echo read -p "请输入数字:" num case "$num" in 1) wireguard_install ;; 2) content=$(cat /etc/wireguard/client.conf) echo "${content}" | qrencode -o - -t UTF8 ;; 3) wireguard_remove ;; 4) add_user ;; 0) exit 1 ;; *) clear echo -e "请输入正确数字" sleep 2s start_menu ;; esac } start_menu ================================================ FILE: wireguard_openwrt.sh ================================================ #!/bin/bash #0 create file:/etc/wireguard/wg0.conf; create ipset table.txt file #1 run udpspeeder and udp2raw nohup ./speederv2 -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f20:10 --mode 0 --timeout 8 -k 249b >speeder.log 2>&1 & nohup ./run.sh ./udp2raw -c -r27.122.58.154:18949 -l127.0.0.1:2091 --raw-mode faketcp -k 249b >udp2raw.log 2>&1 & #2 run wireguard with config file(pwd:/etc/wireguard/wg0.conf) ip link add dev wg0 type wireguard ip address add dev wg0 10.0.0.2/24 wg setconf wg0 /etc/wireguard/wg0.conf ip link set up dev wg0 #3 notice: wg0.conf example #[Interface] #PrivateKey = yG/bs7lAYy3yJLGqWDXVZrpT16CmDHanpI9g9haPC28= #[Peer] #PublicKey = dddHotJ9qujdydvjNDYJVrGWCjpvudX9qcNXk7W4wCo= #Endpoint = 127.0.0.1:2090 #AllowedIPs = 0.0.0.0/0, ::0/0 #PersistentKeepalive = 5 #4 add route table for wireguard echo "200 game" >> /etc/iproute2/rt_tables #5 create ipset table #ipset create game hash:net #保存规则ipset save game -f game.txt #从文件创建 ipset restore -f game.txt #6 enable iptables rule,mark ip packages equal ipset table iptables -t mangle -A PREROUTING -m set --match-set game dst -j MARK --set-mark 8 iptables -t mangle -A OUTPUT -m set --match-set game dst -j MARK --set-mark 8 iptables -t nat -A POSTROUTING -m mark --mark 8 -j MASQUERADE iptables -I FORWARD -o wg0 -j ACCEPT #7 config route table game:default route,lan ip route add default dev wg0 table game ip route add 192.168.3.0/24 dev br-lan table game #8 enable ip rule ip rule add fwmark 8 table game ================================================ FILE: wireguard_web.sh ================================================ #!/bin/bash sudo apt-get update -y sudo apt-get install -y software-properties-common sudo add-apt-repository -y ppa:wireguard/wireguard sudo apt-get update -y sudo apt-get install -y wireguard apt-get remove -y dnsmasq echo nameserver 1.1.1.1 >/etc/resolv.conf modprobe wireguard modprobe iptable_nat modprobe ip6table_nat echo 1 > /proc/sys/net/ipv4/ip_forward echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf echo "net.ipv6.conf.all.forwarding=1" > /etc/sysctl.conf curl -fsSL get.docker.com -o get-docker.sh sudo sh get-docker.sh sudo systemctl enable docker sudo systemctl start docker sudo cat > /etc/init.d/wgwebstart <<-EOF #! /bin/bash ### BEGIN INIT INFO # Provides: wgwebstart # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: wgwebstart ### END INIT INFO modprobe wireguard modprobe iptable_nat modprobe ip6table_nat sudo docker start subspace EOF sudo chmod 755 /etc/init.d/wgwebstart sudo update-rc.d wgwebstart defaults read -p "输入域名:" domain docker create \ --name subspace \ --network host \ --cap-add NET_ADMIN \ --volume /usr/bin/wg:/usr/bin/wg \ --volume /data:/data \ --env SUBSPACE_HTTP_HOST=$domain \ subspacecloud/subspace:latest sudo docker start subspace echo "安装完毕,使用浏览器访问域名,配置初始登录账号。"