diff --git a/README.md b/README.md index 4e05a5c..e31312b 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,13 @@ -### 项目不存在 +### 关于 + + +#### _install.sh +> centos版wireguard一键脚本 | centos 7 +#### _install_ubuntu.sh +> ubuntu版wireguard一键脚本 | ubuntu >= 14.04 +#### _game.sh +> centos版wireguard+udpspeeder+udp2raw一键脚本 | centos 7 +#### _game_ubuntu.sh +> ubuntu版wireguard+udpspeeder+udp2raw一键脚本 | ubuntu >= 14.04 diff --git a/iptables_config.sh b/iptables_config.sh new file mode 100644 index 0000000..bf1a28b --- /dev/null +++ b/iptables_config.sh @@ -0,0 +1,194 @@ +#!/bin/bash + +#开放ssh端口、回环、外网、默认策略 +config_default(){ + systemctl stop firewalld + systemctl disable firewalld + yum install -y iptables-services + systemctl start iptables + systemctl enable iptables + ssh_port=$(awk '$1=="Port" {print $2}' /etc/ssh/sshd_config) + if [ ! -n "$ssh_port" ]; then + iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT + else + iptables -A INPUT -p tcp -m tcp --dport ${ssh_port} -j ACCEPT + fi + iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A INPUT -i lo -j ACCEPT + iptables -P INPUT DROP + iptables -P FORWARD ACCEPT + iptables -P OUTPUT ACCEPT + service iptables save + echo "初始配置完成" +} + +#禁止邮箱 +config_mail(){ + iptables -A FORWARD -p tcp -m multiport --dports 24,25,26,50,57,105,106,109,110,143 -j REJECT --reject-with tcp-reset + iptables -A FORWARD -p udp -m multiport --dports 24,25,26,50,57,105,106,109,110,143 -j DROP + iptables -A FORWARD -p tcp -m multiport --dports 158,209,218,220,465,587,993,995,1109,60177,60179 -j REJECT --reject-with tcp-reset + iptables -A FORWARD -p udp -m multiport --dports 158,209,218,220,465,587,993,995,1109,60177,60179 -j DROP + service iptables save + echo "禁止邮箱完毕" +} + +#禁止关键字 +config_keyword(){ + iptables -A FORWARD -m string --string "netflix.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "tumblr.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "facebook.com.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "instagram.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "pixiv.net" --algo bm -j DROP + iptables -A FORWARD -m string --string "whatsapp.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "telegram.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "tunsafe.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "reddit.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "vimeo.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "dailymotion.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "hulu.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "liveleak.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "vine.co" --algo bm -j DROP + iptables -A FORWARD -m string --string "ustream.tv" --algo bm -j DROP + iptables -A FORWARD -m string --string "metacafe.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "viewstr.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "torrent" --algo bm -j DROP + iptables -A FORWARD -m string --string ".torrent" --algo bm -j DROP + iptables -A FORWARD -m string --string "peer_id=" --algo bm -j DROP + iptables -A FORWARD -m string --string "announce" --algo bm -j DROP + iptables -A FORWARD -m string --string "info_hash" --algo bm -j DROP + iptables -A FORWARD -m string --string "get_peers" --algo bm -j DROP + iptables -A FORWARD -m string --string "find_node" --algo bm -j DROP + iptables -A FORWARD -m string --string "BitToorent" --algo bm -j DROP + iptables -A FORWARD -m string --string "announce_peer" --algo bm -j DROP + iptables -A FORWARD -m string --string "BitTorrent protocol" --algo bm -j DROP + iptables -A FORWARD -m string --string "announce.php?passkey=" --algo bm -j DROP + iptables -A FORWARD -m string --string "magnet:" --algo bm -j DROP + iptables -A FORWARD -m string --string "xunlei" --algo bm -j DROP + iptables -A FORWARD -m string --string "sandai" --algo bm -j DROP + iptables -A FORWARD -m string --string "Thunder" --algo bm -j DROP + iptables -A FORWARD -m string --string "XLLiveUD" --algo bm -j DROP + iptables -A FORWARD -m string --string "youtube.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "google.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "youku.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "iqiyi.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "qq.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "huya.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "douyu.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "twitch.tv" --algo bm -j DROP + iptables -A FORWARD -m string --string "panda.tv" --algo bm -j DROP + iptables -A FORWARD -m string --string "porn" --algo bm -j DROP + iptables -A FORWARD -m string --string "renminbao.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "dajiyuan.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "bignews.org" --algo bm -j DROP + iptables -A FORWARD -m string --string "creaders.net" --algo bm -j DROP + iptables -A FORWARD -m string --string "rfa.org" --algo bm -j DROP + iptables -A FORWARD -m string --string "internetfreedom.org" --algo bm -j DROP + iptables -A FORWARD -m string --string "voanews.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "minghui.org" --algo bm -j DROP + iptables -A FORWARD -m string --string "kanzhongguo.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "peacehall.com" --algo bm -j DROP + iptables -A FORWARD -m string --string "twister" --algo bm -j DROP + service iptables save + echo "禁止关键字完毕" +} + +#开放自定义端口 +config_port(){ + echo "开放一个自定义的端口段" + read -p "输入开始端口:" start_port + read -p "输入结束端口:" stop_port + iptables -A INPUT -p tcp -m tcp --dport ${start_port}:${stop_port} -j ACCEPT + iptables -A INPUT -p udp -m udp --dport ${start_port}:${stop_port} -j ACCEPT + service iptables save + echo "开放端口完毕" +} + +#连接数限制 +config_conn(){ + echo "限制一个端口段的连接数" + read -p "输入开始端口:" start_conn + read -p "输入结束端口:" stop_conn + read -p "输入每个ip允许的连接数:" conn_num + iptables -A INPUT -p tcp --dport ${start_conn}:${stop_conn} -m connlimit --connlimit-above ${conn_num} -j DROP + iptables -A INPUT -p udp --dport ${start_conn}:${stop_conn} -m connlimit --connlimit-above ${conn_num} -j DROP + service iptables save + echo "限制连接数完毕" +} + +#IP限速 +config_IP(){ + echo "限制IP的速度,从10.0.0.2-254,限制100/sec" + for ((i=2; i<=254; i ++)) + do + iptables -I FORWARD -d 10.0.0.$i/32 -j DROP + iptables -I FORWARD -d 10.0.0.$i/32 -m limit --limit 100/sec -j ACCEPT + done + service iptables save + echo "限制IP速度完毕" +} + +#清空规则 +config_clear(){ + iptables -P INPUT ACCEPT + iptables -P FORWARD ACCEPT + iptables -F + service iptables save + echo "清除规则完毕" +} + +#start +start_menu(){ +while [ 1 ] +do + echo "=========================" + echo " 介绍:适用于CentOS7" + echo " 作者:atrandys" + echo " 网站:www.atrandys.com" + echo " Youtube:atrandys" + echo "=========================" + echo "1. 开启ssh(必须)" + echo "2. 禁止邮箱" + echo "3. 禁止常用关键字" + echo "4. 开放自定义端口" + echo "5. 连接数限制" + echo "6. ip限速" + echo "7. 清除所有规则" + echo "0. 退出" + echo + read -p "请输入数字:" num + case "$num" in + 1) + config_default + ;; + 2) + config_mail + ;; + 3) + config_keyword + ;; + 4) + config_port + ;; + 5) + config_conn + ;; + 6) + config_IP + ;; + 7) + config_clear + ;; + 0) + exit 1 + ;; + *) + clear + echo "请输入正确数字" + sleep 5s + start_menu + ;; + esac +done +} + +start_menu diff --git a/run.sh b/run.sh new file mode 100644 index 0000000..7151883 --- /dev/null +++ b/run.sh @@ -0,0 +1,6 @@ +#!/bin/sh +while true +do +$@ +sleep 1 +done diff --git a/speederv2 b/speederv2 new file mode 100644 index 0000000..7538464 Binary files /dev/null and b/speederv2 differ diff --git a/udp2raw b/udp2raw new file mode 100644 index 0000000..971b26e Binary files /dev/null and b/udp2raw differ diff --git a/wireguard_game.sh b/wireguard_game.sh new file mode 100644 index 0000000..d471aba --- /dev/null +++ b/wireguard_game.sh @@ -0,0 +1,252 @@ +#!/bin/bash + +#wg+udpspeeder+udp2raw,fec:游戏场景 + +if [ ! -e '/etc/redhat-release' ]; then +echo -e "\033[37;41m仅支持centos7\033[0m" +exit +fi +if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then +echo -e "\033[37;41m仅支持centos7\033[0m" +exit +fi + + + +#更新内核 +update_kernel(){ + + yum -y install epel-release wget curl + sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo + yum remove -y kernel-devel + rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org + rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm + yum --disablerepo="*" --enablerepo="elrepo-kernel" list available + yum -y --enablerepo=elrepo-kernel install kernel-ml + sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub + grub2-mkconfig -o /boot/grub2/grub.cfg + wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm + rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm + yum -y --enablerepo=elrepo-kernel install kernel-ml-devel + read -p "需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :" yn + [ -z "${yn}" ] && yn="y" + if [[ $yn == [Yy] ]]; then + echo -e "\033[37;41mVPS 重启中...\033[0m" + reboot + fi +} + +#生成随机端口 +rand(){ + min=$1 + max=$(($2-$min+1)) + num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') + echo $(($num%$max+$min)) +} + +randpwd(){ + mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4) + echo ${mpasswd} +} + +wireguard_update(){ + yum update -y wireguard-dkms wireguard-tools + echo -e "\033[37;41m更新完成\033[0m" +} + +wireguard_remove(){ + yum remove -y wireguard-dkms wireguard-tools + rm -rf /etc/wireguard/ + rm -f /etc/rc.d/init.d/autoudp + echo -e "\033[37;41m卸载完成,建议重启服务器\033[0m" +} + +udp_install(){ + #下载udpspeeder和udp2raw (amd64版) + mkdir /usr/src/udp + cd /usr/src/udp + wget https://github.com/atrandys/wireguard/raw/master/speederv2 + wget https://github.com/atrandys/wireguard/raw/master/udp2raw + wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh + chmod +x speederv2 udp2raw run.sh + + #启动udpspeeder和udp2raw + udpport=$(rand 10000 60000) + password=$(randpwd) + nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & + nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & + echo -e "\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\033[0m" + read -p "比如192.168.1.1 :" ugateway + +cat > /etc/wireguard/client/client.conf <<-EOF +[Interface] +PrivateKey = $c1 +PostUp = mshta vbscript:CreateObject("WScript.Shell").Run("cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password",0)(window.close) +PostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f +Address = 10.0.0.2/24 +DNS = 8.8.8.8 +MTU = 1420 + +[Peer] +PublicKey = $s2 +Endpoint = 127.0.0.1:2090 +AllowedIPs = 0.0.0.0/0, ::0/0 +PersistentKeepalive = 25 +EOF + +cat > /etc/wireguard/client/client_noudp.conf <<-EOF +[Interface] +PrivateKey = $c1 +Address = 10.0.0.2/24 +DNS = 8.8.8.8 +MTU = 1420 + +[Peer] +PublicKey = $s2 +Endpoint = $serverip:$port +AllowedIPs = 0.0.0.0/0, ::0/0 +PersistentKeepalive = 25 +EOF + +#增加自启动脚本 +cat > /etc/rc.d/init.d/autoudp<<-EOF +#!/bin/sh +#chkconfig: 2345 80 90 +#description:autoudp +cd /usr/src/udp +nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & +nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & +EOF + +#设置脚本权限 + chmod +x /etc/rc.d/init.d/autoudp + chkconfig --add autoudp + chkconfig autoudp on +} + +#centos7安装wireguard +wireguard_install(){ + curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo + yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel + yum -y install wireguard-dkms wireguard-tools + mkdir /etc/wireguard + mkdir /etc/wireguard/client + cd /etc/wireguard + wg genkey | tee sprivatekey | wg pubkey > spublickey + wg genkey | tee cprivatekey | wg pubkey > cpublickey + s1=$(cat sprivatekey) + s2=$(cat spublickey) + c1=$(cat cprivatekey) + c2=$(cat cpublickey) + serverip=$(curl ipv4.icanhazip.com) + port=$(rand 10000 60000) + eth=$(ls /sys/class/net | awk '/^e/{print}') + chmod 777 -R /etc/wireguard + systemctl stop firewalld + systemctl disable firewalld + yum install -y iptables-services + systemctl enable iptables + systemctl start iptables + iptables -P INPUT ACCEPT + iptables -P OUTPUT ACCEPT + iptables -P FORWARD ACCEPT + iptables -F + service iptables save + service iptables restart + echo 1 > /proc/sys/net/ipv4/ip_forward + echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf + sysctl -p +cat > /etc/wireguard/wg0.conf <<-EOF +[Interface] +PrivateKey = $s1 +Address = 10.0.0.1/24 +PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE +PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE +ListenPort = $port +DNS = 8.8.8.8 +MTU = 1420 + +[Peer] +PublicKey = $c2 +AllowedIPs = 10.0.0.2/32 +EOF + + udp_install + wg-quick up wg0 + systemctl enable wg-quick@wg0 + echo -e "\033[37;41m安装完毕,客户端配置文件:/etc/wireguard/client/client.conf\033[0m" +} + +add_user(){ + echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" + read -p "请输入用户名:" newname + cd /etc/wireguard/client + cp client.conf $newname.conf + wg genkey | tee temprikey | wg pubkey > tempubkey + ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') + newnum=$((10#${ipnum}+1)) + sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf + sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf + +cat >> /etc/wireguard/wg0.conf <<-EOF + +[Peer] +PublicKey = $(cat tempubkey) +AllowedIPs = 10.0.0.$newnum/32 +EOF + wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 + echo -e "\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\033[0m" + rm -f temprikey tempubkey +} + +#开始菜单 +start_menu(){ + clear + echo -e "\033[43;42m ====================================\033[0m" + echo -e "\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \033[0m" + echo -e "\033[43;42m 系统:CentOS7 \033[0m" + echo -e "\033[43;42m 作者:atrandys \033[0m" + echo -e "\033[43;42m 网站:www.atrandys.com \033[0m" + echo -e "\033[43;42m Youtube:atrandys \033[0m" + echo -e "\033[43;42m ====================================\033[0m" + echo + echo -e "\033[0;33m 1. 升级系统内核(必需)\033[0m" + echo -e "\033[0;33m 2. 安装wireguard+udpspeeder+udp2raw\033[0m" + echo " 3. 升级wireguard" + echo " 4. 卸载wireguard" + echo -e "\033[37;41m 5. 增加用户\033[0m" + echo " 0. 退出脚本" + echo + read -p "请输入数字:" num + case "$num" in + 1) + update_kernel + ;; + 2) + wireguard_install + ;; + 3) + wireguard_update + ;; + 4) + wireguard_remove + ;; + 5) + add_user + ;; + 0) + exit 1 + ;; + *) + clear + echo -e "请输入正确数字" + sleep 2s + start_menu + ;; + esac +} + +start_menu + + + diff --git a/wireguard_game_koolsharelede.sh b/wireguard_game_koolsharelede.sh new file mode 100644 index 0000000..2df3b00 --- /dev/null +++ b/wireguard_game_koolsharelede.sh @@ -0,0 +1,332 @@ +#!/bin/bash + +function blue(){ + echo -e "\033[34m\033[01m $1 \033[0m" +} +function green(){ + echo -e "\033[32m\033[01m $1 \033[0m" +} +function red(){ + echo -e "\033[31m\033[01m $1 \033[0m" +} +function yellow(){ + echo -e "\033[33m\033[01m $1 \033[0m" +} + +rand(){ + min=$1 + max=$(($2-$min+1)) + num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') + echo $(($num%$max+$min)) +} + +randpwd(){ + mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4) + echo ${mpasswd} +} + +wireguard_install(){ + version=$(cat /etc/os-release | awk -F '[".]' '$1=="VERSION="{print $2}') + if [ $version == 18 ] + then + sudo apt-get update -y + sudo apt-get install -y software-properties-common + sudo apt-get install -y openresolv + else + sudo apt-get update -y + sudo apt-get install -y software-properties-common + fi + sudo add-apt-repository -y ppa:wireguard/wireguard + sudo apt-get update -y + sudo apt-get install -y wireguard curl + + sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf + sysctl -p + echo "1"> /proc/sys/net/ipv4/ip_forward + + mkdir /etc/wireguard + cd /etc/wireguard + wg genkey | tee sprivatekey | wg pubkey > spublickey + wg genkey | tee cprivatekey | wg pubkey > cpublickey + s1=$(cat sprivatekey) + s2=$(cat spublickey) + c1=$(cat cprivatekey) + c2=$(cat cpublickey) + serverip=$(curl ipv4.icanhazip.com) + port=$(rand 10000 60000) + eth=$(ls /sys/class/net | awk '/^e/{print $1}') + +sudo cat > /etc/wireguard/wg0.conf <<-EOF +[Interface] +PrivateKey = $s1 +Address = 10.0.0.1/24 +PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE +PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE +ListenPort = $port +DNS = 8.8.8.8 +MTU = 1420 + +[Peer] +PublicKey = $c2 +AllowedIPs = 10.0.0.2/32 +EOF + +sudo cat > /etc/init.d/wgstart <<-EOF +#! /bin/bash +### BEGIN INIT INFO +# Provides: wgstart +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: wgstart +### END INIT INFO + +sudo wg-quick up wg0 +EOF + + + + sudo chmod 755 /etc/init.d/wgstart + cd /etc/init.d + if [ $version == 14 ] + then + sudo update-rc.d wgstart defaults 90 + else + sudo update-rc.d wgstart defaults + fi + + udp_install + sudo wg-quick up wg0 + + green "下面是wireguard配置文件" + green "=================================================" + cat /etc/wireguard/client/client.conf + green "=================================================" +} + +udp_install(){ + #下载udpspeeder和udp2raw (amd64版) + mkdir /usr/src/udp + mkdir /etc/wireguard/client + cd /usr/src/udp + wget https://github.com/atrandys/wireguard/raw/master/speederv2 + wget https://github.com/atrandys/wireguard/raw/master/udp2raw + wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh + chmod +x speederv2 udp2raw run.sh + green "udp模式选择:" + green "1. wireguard+udpspeeder" + green "2. wireguard+udp2raw" + green "3. wireguard+udpspeeder+udp2raw" + read udptype + + #启动udpspeeder和udp2raw + udpport=$(rand 10000 60000) + speederport=$(rand 10000 60000) + password=$(randpwd) +if [ "$udptype" == "1" ]; then +nohup ./speederv2 -s -l0.0.0.0:$speederport -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 -k $password>speeder.log 2>&1 & +#增加自启动脚本 +cat > /etc/init.d/autoudp<<-EOF +#! /bin/sh +### BEGIN INIT INFO +# Provides: autoudp +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: autoudp +### END INIT INFO + +cd /usr/src/udp +nohup ./speederv2 -s -l0.0.0.0:$speederport -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 -k $password >speeder.log 2>&1 & + +EOF + + green "下面是udpspeeder配置参数" + green "=================================================" + blue "服务器IP:$serverip" + blue "服务器端口:$speederport" + blue "-fec:2:4" + blue "--mode:0" + blue "--timeout:0" + blue "-k $password" + green "=================================================" + +fi + +if [ "$udptype" == "2" ]; then +nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:$port --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & +#增加自启动脚本 +cat > /etc/init.d/autoudp<<-EOF +#! /bin/sh +### BEGIN INIT INFO +# Provides: autoudp +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: autoudp +### END INIT INFO + +cd /usr/src/udp +nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:$port --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & + +EOF + + green "下面是udp2raw配置参数" + green "=================================================" + blue "服务器IP:$serverip" + blue "服务器端口:$udpport" + blue "--raw-mode:faketcp" + blue "-k $password" + green "=================================================" + +fi + +if [ "$udptype" == "3" ]; then +nohup ./speederv2 -s -l127.0.0.1:$speederport -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 -k $password>speeder.log 2>&1 & +nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:$speederport --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & +#增加自启动脚本 +cat > /etc/init.d/autoudp<<-EOF +#! /bin/sh +### BEGIN INIT INFO +# Provides: autoudp +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: autoudp +### END INIT INFO + +cd /usr/src/udp +nohup ./speederv2 -s -l127.0.0.1:$speederport -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 -k $password >speeder.log 2>&1 & +nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:$speederport --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & + +EOF + + green "下面是udpspeeder+udp2raw配置参数" + green "=================================================" + blue "服务器IP:$serverip" + blue "udp2raw端口:$udpport" + blue "udp2raw --raw-mode:faketcp" + blue "udp2raw -k $password" + blue "speeder -fec:2:4" + blue "speeder --mode:0" + blue "speeder --timeout:0" + blue "speeder -k $password" + green "=================================================" + +fi + + +cat > /etc/wireguard/client/client.conf <<-EOF +[Interface] +PrivateKey = $c1 +Address = 10.0.0.2/24 +DNS = 8.8.8.8 +MTU = 1420 + +[Peer] +PublicKey = $s2 +Endpoint = 127.0.0.1:2090 +AllowedIPs = 0.0.0.0/0 +PersistentKeepalive = 25 +EOF + + + + + + + +#设置脚本权限 + sudo chmod 755 /etc/init.d/autoudp + cd /etc/init.d + if [ $version == 14 ] + then + sudo update-rc.d autoudp defaults 90 + else + sudo update-rc.d autoudp defaults + fi +} + +wireguard_remove(){ + + sudo wg-quick down wg0 + sudo apt-get remove -y wireguard + sudo rm -rf /etc/wireguard + sudo rm -f /etc/init.d/wgstart + sudo rm -f /etc/init.d/autoudp + echo -e "\033[37;41m卸载完成,建议重启服务器\033[0m" + +} + +add_user(){ + echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" + read -p "请输入用户名:" newname + cd /etc/wireguard/client + cp client.conf $newname.conf + wg genkey | tee temprikey | wg pubkey > tempubkey + ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') + newnum=$((10#${ipnum}+1)) + sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf + sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf + +cat >> /etc/wireguard/wg0.conf <<-EOF + +[Peer] +PublicKey = $(cat tempubkey) +AllowedIPs = 10.0.0.$newnum/32 +EOF + wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 + echo -e "\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\033[0m" + rm -f temprikey tempubkey +} + +#开始菜单 +start_menu(){ + clear + echo -e "\033[43;42m ====================================\033[0m" + echo -e "\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \033[0m" + echo -e "\033[43;42m 系统:Ubuntu,用于koolshare lede \033[0m" + echo -e "\033[43;42m 作者:atrandys \033[0m" + echo -e "\033[43;42m 网站:www.atrandys.com \033[0m" + echo -e "\033[43;42m Youtube:atrandys \033[0m" + echo -e "\033[43;42m ====================================\033[0m" + echo + echo -e "\033[0;33m 1. 安装wireguard+udpspeeder+udp2raw\033[0m" + echo -e "\033[0;31m 2. 删除wireguard+udpspeeder+udp2raw\033[0m" + echo -e "\033[37;41m 3. 增加用户\033[0m" + echo -e " 0. 退出脚本" + echo + read -p "请输入数字:" num + case "$num" in + 1) + wireguard_install + ;; + 2) + wireguard_remove + ;; + 3) + add_user + ;; + 0) + exit 1 + ;; + *) + clear + echo -e "请输入正确数字" + sleep 2s + start_menu + ;; + esac +} + +start_menu + + + + + + diff --git a/wireguard_game_ubuntu.sh b/wireguard_game_ubuntu.sh new file mode 100644 index 0000000..aadfe17 --- /dev/null +++ b/wireguard_game_ubuntu.sh @@ -0,0 +1,246 @@ +#!/bin/bash + +rand(){ + min=$1 + max=$(($2-$min+1)) + num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') + echo $(($num%$max+$min)) +} + +randpwd(){ + mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4) + echo ${mpasswd} +} + +wireguard_install(){ + version=$(cat /etc/os-release | awk -F '[".]' '$1=="VERSION="{print $2}') + if [ $version == 18 ] + then + sudo apt-get update -y + sudo apt-get install -y software-properties-common + sudo apt-get install -y openresolv + else + sudo apt-get update -y + sudo apt-get install -y software-properties-common + fi + sudo add-apt-repository -y ppa:wireguard/wireguard + sudo apt-get update -y + sudo apt-get install -y wireguard curl + + sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf + sysctl -p + echo "1"> /proc/sys/net/ipv4/ip_forward + + mkdir /etc/wireguard + cd /etc/wireguard + wg genkey | tee sprivatekey | wg pubkey > spublickey + wg genkey | tee cprivatekey | wg pubkey > cpublickey + s1=$(cat sprivatekey) + s2=$(cat spublickey) + c1=$(cat cprivatekey) + c2=$(cat cpublickey) + serverip=$(curl ipv4.icanhazip.com) + port=$(rand 10000 60000) + eth=$(ls /sys/class/net | awk '/^e/{print}') + +sudo cat > /etc/wireguard/wg0.conf <<-EOF +[Interface] +PrivateKey = $s1 +Address = 10.0.0.1/24 +PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE +PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE +ListenPort = $port +DNS = 8.8.8.8 +MTU = 1420 + +[Peer] +PublicKey = $c2 +AllowedIPs = 10.0.0.2/32 +EOF + +sudo cat > /etc/init.d/wgstart <<-EOF +#! /bin/bash +### BEGIN INIT INFO +# Provides: wgstart +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: wgstart +### END INIT INFO + +sudo wg-quick up wg0 +EOF + + + + sudo chmod 755 /etc/init.d/wgstart + cd /etc/init.d + if [ $version == 14 ] + then + sudo update-rc.d wgstart defaults 90 + else + sudo update-rc.d wgstart defaults + fi + + udp_install + sudo wg-quick up wg0 +} + +udp_install(){ + #下载udpspeeder和udp2raw (amd64版) + mkdir /usr/src/udp + mkdir /etc/wireguard/client + cd /usr/src/udp + wget https://github.com/atrandys/wireguard/raw/master/speederv2 + wget https://github.com/atrandys/wireguard/raw/master/udp2raw + wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh + chmod +x speederv2 udp2raw run.sh + + #启动udpspeeder和udp2raw + udpport=$(rand 10000 60000) + password=$(randpwd) + nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & + nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & + echo -e "\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\033[0m" + read -p "比如192.168.1.1 :" ugateway + +cat > /etc/wireguard/client/client.conf <<-EOF +[Interface] +PrivateKey = $c1 +PostUp = mshta vbscript:CreateObject("WScript.Shell").Run("cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password",0)(window.close) +PostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f +Address = 10.0.0.2/24 +DNS = 8.8.8.8 +MTU = 1420 + +[Peer] +PublicKey = $s2 +Endpoint = 127.0.0.1:2090 +AllowedIPs = 0.0.0.0/0, ::0/0 +PersistentKeepalive = 25 +EOF + +cat > /etc/wireguard/client/client_noudp.conf <<-EOF +[Interface] +PrivateKey = $c1 +Address = 10.0.0.2/24 +DNS = 8.8.8.8 +MTU = 1420 +[Peer] +PublicKey = $s2 +Endpoint = $serverip:$port +AllowedIPs = 0.0.0.0/0, ::0/0 +PersistentKeepalive = 25 +EOF + + +#增加自启动脚本 +cat > /etc/init.d/autoudp<<-EOF +#! /bin/sh +### BEGIN INIT INFO +# Provides: autoudp +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: autoudp +### END INIT INFO + +cd /usr/src/udp +nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & +nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & +EOF + + + +#设置脚本权限 + sudo chmod 755 /etc/init.d/autoudp + cd /etc/init.d + if [ $version == 14 ] + then + sudo update-rc.d autoudp defaults 90 + else + sudo update-rc.d autoudp defaults + fi +} + +wireguard_remove(){ + + sudo wg-quick down wg0 + sudo apt-get remove -y wireguard + sudo rm -rf /etc/wireguard + sudo rm -f /etc/init.d/wgstart + sudo rm -f /etc/init.d/autoudp + echo -e "\033[37;41m卸载完成,建议重启服务器\033[0m" + +} + +add_user(){ + echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" + read -p "请输入用户名:" newname + cd /etc/wireguard/client + cp client.conf $newname.conf + wg genkey | tee temprikey | wg pubkey > tempubkey + ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') + newnum=$((10#${ipnum}+1)) + sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf + sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf + +cat >> /etc/wireguard/wg0.conf <<-EOF + +[Peer] +PublicKey = $(cat tempubkey) +AllowedIPs = 10.0.0.$newnum/32 +EOF + wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 + echo -e "\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\033[0m" + rm -f temprikey tempubkey +} + +#开始菜单 +start_menu(){ + clear + echo -e "\033[43;42m ====================================\033[0m" + echo -e "\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \033[0m" + echo -e "\033[43;42m 系统:Ubuntu \033[0m" + echo -e "\033[43;42m 作者:atrandys \033[0m" + echo -e "\033[43;42m 网站:www.atrandys.com \033[0m" + echo -e "\033[43;42m Youtube:atrandys \033[0m" + echo -e "\033[43;42m ====================================\033[0m" + echo + echo -e "\033[0;33m 1. 安装wireguard+udpspeeder+udp2raw\033[0m" + echo -e "\033[0;31m 2. 删除wireguard+udpspeeder+udp2raw\033[0m" + echo -e "\033[37;41m 3. 增加用户\033[0m" + echo -e " 0. 退出脚本" + echo + read -p "请输入数字:" num + case "$num" in + 1) + wireguard_install + ;; + 2) + wireguard_remove + ;; + 3) + add_user + ;; + 0) + exit 1 + ;; + *) + clear + echo -e "请输入正确数字" + sleep 2s + start_menu + ;; + esac +} + +start_menu + + + + + + diff --git a/wireguard_install.sh b/wireguard_install.sh new file mode 100644 index 0000000..029a794 --- /dev/null +++ b/wireguard_install.sh @@ -0,0 +1,202 @@ +#!/bin/bash + +#判断系统 +if [ ! -e '/etc/redhat-release' ]; then +echo "仅支持centos7" +exit +fi +if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then +echo "仅支持centos7" +exit +fi + + + +#更新内核 +update_kernel(){ + + yum -y install epel-release curl + sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo + yum remove -y kernel-devel + rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org + rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm + yum --disablerepo="*" --enablerepo="elrepo-kernel" list available + yum -y --enablerepo=elrepo-kernel install kernel-ml + sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub + grub2-mkconfig -o /boot/grub2/grub.cfg + wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm + rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm + yum -y --enablerepo=elrepo-kernel install kernel-ml-devel + read -p "需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :" yn + [ -z "${yn}" ] && yn="y" + if [[ $yn == [Yy] ]]; then + echo -e "VPS 重启中..." + reboot + fi +} + +#生成随机端口 +rand(){ + min=$1 + max=$(($2-$min+1)) + num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') + echo $(($num%$max+$min)) +} + +wireguard_update(){ + yum update -y wireguard-dkms wireguard-tools + echo "更新完成" +} + +wireguard_remove(){ + wg-quick down wg0 + yum remove -y wireguard-dkms wireguard-tools + rm -rf /etc/wireguard/ + echo "卸载完成" +} + +config_client(){ +cat > /etc/wireguard/client.conf <<-EOF +[Interface] +PrivateKey = $c1 +Address = 10.0.0.2/24 +DNS = 8.8.8.8 +MTU = 1420 + +[Peer] +PublicKey = $s2 +Endpoint = $serverip:$port +AllowedIPs = 0.0.0.0/0, ::0/0 +PersistentKeepalive = 25 +EOF + +} + +#centos7安装wireguard +wireguard_install(){ + curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo + yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel + yum -y install wireguard-dkms wireguard-tools + yum -y install qrencode + mkdir /etc/wireguard + cd /etc/wireguard + wg genkey | tee sprivatekey | wg pubkey > spublickey + wg genkey | tee cprivatekey | wg pubkey > cpublickey + s1=$(cat sprivatekey) + s2=$(cat spublickey) + c1=$(cat cprivatekey) + c2=$(cat cpublickey) + serverip=$(curl ipv4.icanhazip.com) + port=$(rand 10000 60000) + eth=$(ls /sys/class/net | awk '/^e/{print}') + chmod 777 -R /etc/wireguard + systemctl stop firewalld + systemctl disable firewalld + yum install -y iptables-services + systemctl enable iptables + systemctl start iptables + iptables -P INPUT ACCEPT + iptables -P OUTPUT ACCEPT + iptables -P FORWARD ACCEPT + iptables -F + service iptables save + service iptables restart + echo 1 > /proc/sys/net/ipv4/ip_forward + echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf + sysctl -p +cat > /etc/wireguard/wg0.conf <<-EOF +[Interface] +PrivateKey = $s1 +Address = 10.0.0.1/24 +PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE +PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE +ListenPort = $port +DNS = 8.8.8.8 +MTU = 1420 + +[Peer] +PublicKey = $c2 +AllowedIPs = 10.0.0.2/32 +EOF + + config_client + wg-quick up wg0 + systemctl enable wg-quick@wg0 + content=$(cat /etc/wireguard/client.conf) + echo "电脑端请下载client.conf,手机端可直接使用软件扫码" + echo "${content}" | qrencode -o - -t UTF8 +} +add_user(){ + echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" + read -p "请输入用户名:" newname + cd /etc/wireguard/ + cp client.conf $newname.conf + wg genkey | tee temprikey | wg pubkey > tempubkey + ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') + newnum=$((10#${ipnum}+1)) + sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf + sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf + +cat >> /etc/wireguard/wg0.conf <<-EOF +[Peer] +PublicKey = $(cat tempubkey) +AllowedIPs = 10.0.0.$newnum/32 +EOF + wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 + echo -e "\033[37;41m添加完成,文件:/etc/wireguard/$newname.conf\033[0m" + rm -f temprikey tempubkey +} +#开始菜单 +start_menu(){ + clear + echo "=========================" + echo " 介绍:适用于CentOS7" + echo " 作者:atrandys" + echo " 网站:www.atrandys.com" + echo " Youtube:atrandys" + echo "=========================" + echo "1. 升级系统内核" + echo "2. 安装wireguard" + echo "3. 升级wireguard" + echo "4. 卸载wireguard" + echo "5. 显示客户端二维码" + echo "6. 增加用户" + echo "0. 退出脚本" + echo + read -p "请输入数字:" num + case "$num" in + 1) + update_kernel + ;; + 2) + wireguard_install + ;; + 3) + wireguard_update + ;; + 4) + wireguard_remove + ;; + 5) + content=$(cat /etc/wireguard/client.conf) + echo "${content}" | qrencode -o - -t UTF8 + ;; + 6) + add_user + ;; + 0) + exit 1 + ;; + *) + clear + echo "请输入正确数字" + sleep 5s + start_menu + ;; + esac +} + +start_menu + + + diff --git a/wireguard_install_ubuntu.sh b/wireguard_install_ubuntu.sh new file mode 100644 index 0000000..bb78982 --- /dev/null +++ b/wireguard_install_ubuntu.sh @@ -0,0 +1,181 @@ +#!/bin/bash + +rand(){ + min=$1 + max=$(($2-$min+1)) + num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') + echo $(($num%$max+$min)) +} + +wireguard_install(){ + version=$(cat /etc/os-release | awk -F '[".]' '$1=="VERSION="{print $2}') + if [ $version == 18 ] + then + sudo apt-get update -y + sudo apt-get install -y software-properties-common + sudo apt-get install -y openresolv + else + sudo apt-get update -y + sudo apt-get install -y software-properties-common + fi + sudo add-apt-repository -y ppa:wireguard/wireguard + sudo apt-get update -y + sudo apt-get install -y wireguard curl + + sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf + sysctl -p + echo "1"> /proc/sys/net/ipv4/ip_forward + + mkdir /etc/wireguard + cd /etc/wireguard + wg genkey | tee sprivatekey | wg pubkey > spublickey + wg genkey | tee cprivatekey | wg pubkey > cpublickey + s1=$(cat sprivatekey) + s2=$(cat spublickey) + c1=$(cat cprivatekey) + c2=$(cat cpublickey) + serverip=$(curl ipv4.icanhazip.com) + port=$(rand 10000 60000) + eth=$(ls /sys/class/net | awk '/^e/{print}') + +sudo cat > /etc/wireguard/wg0.conf <<-EOF +[Interface] +PrivateKey = $s1 +Address = 10.0.0.1/24 +PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE +PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE +ListenPort = $port +DNS = 8.8.8.8 +MTU = 1420 + +[Peer] +PublicKey = $c2 +AllowedIPs = 10.0.0.2/32 +EOF + + +sudo cat > /etc/wireguard/client.conf <<-EOF +[Interface] +PrivateKey = $c1 +Address = 10.0.0.2/24 +DNS = 8.8.8.8 +MTU = 1420 + +[Peer] +PublicKey = $s2 +Endpoint = $serverip:$port +AllowedIPs = 0.0.0.0/0, ::0/0 +PersistentKeepalive = 25 +EOF + + sudo apt-get install -y qrencode + +sudo cat > /etc/init.d/wgstart <<-EOF +#! /bin/bash +### BEGIN INIT INFO +# Provides: wgstart +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: wgstart +### END INIT INFO +sudo wg-quick up wg0 +EOF + + sudo chmod +x /etc/init.d/wgstart + cd /etc/init.d + if [ $version == 14 ] + then + sudo update-rc.d wgstart defaults 90 + else + sudo update-rc.d wgstart defaults + fi + + sudo wg-quick up wg0 + + content=$(cat /etc/wireguard/client.conf) + echo -e "\033[43;42m电脑端请下载/etc/wireguard/client.conf,手机端可直接使用软件扫码\033[0m" + echo "${content}" | qrencode -o - -t UTF8 +} + +wireguard_remove(){ + + sudo wg-quick down wg0 + sudo apt-get remove -y wireguard + sudo rm -rf /etc/wireguard + +} + +add_user(){ + echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" + read -p "请输入用户名:" newname + cd /etc/wireguard/ + cp client.conf $newname.conf + wg genkey | tee temprikey | wg pubkey > tempubkey + ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') + newnum=$((10#${ipnum}+1)) + sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf + sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf + +cat >> /etc/wireguard/wg0.conf <<-EOF +[Peer] +PublicKey = $(cat tempubkey) +AllowedIPs = 10.0.0.$newnum/32 +EOF + wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 + echo -e "\033[37;41m添加完成,文件:/etc/wireguard/$newname.conf\033[0m" + rm -f temprikey tempubkey +} + +#开始菜单 +start_menu(){ + clear + echo -e "\033[43;42m ====================================\033[0m" + echo -e "\033[43;42m 介绍:wireguard一键脚本 \033[0m" + echo -e "\033[43;42m 系统:Ubuntu \033[0m" + echo -e "\033[43;42m 作者:atrandys \033[0m" + echo -e "\033[43;42m 网站:www.atrandys.com \033[0m" + echo -e "\033[43;42m Youtube:atrandys \033[0m" + echo -e "\033[43;42m ====================================\033[0m" + echo + echo -e "\033[0;33m 1. 安装wireguard\033[0m" + echo -e "\033[0;33m 2. 查看客户端二维码\033[0m" + echo -e "\033[0;31m 3. 删除wireguard\033[0m" + echo -e "\033[0;33m 4. 增加用户\033[0m" + echo -e " 0. 退出脚本" + echo + read -p "请输入数字:" num + case "$num" in + 1) + wireguard_install + ;; + 2) + content=$(cat /etc/wireguard/client.conf) + echo "${content}" | qrencode -o - -t UTF8 + ;; + 3) + wireguard_remove + ;; + 4) + add_user + ;; + 0) + exit 1 + ;; + *) + clear + echo -e "请输入正确数字" + sleep 2s + start_menu + ;; + esac +} + +start_menu + + + + + + diff --git a/wireguard_openwrt.sh b/wireguard_openwrt.sh new file mode 100644 index 0000000..dc1ea18 --- /dev/null +++ b/wireguard_openwrt.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +#0 create file:/etc/wireguard/wg0.conf; create ipset table.txt file + +#1 run udpspeeder and udp2raw + +nohup ./speederv2 -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f20:10 --mode 0 --timeout 8 -k 249b >speeder.log 2>&1 & +nohup ./run.sh ./udp2raw -c -r27.122.58.154:18949 -l127.0.0.1:2091 --raw-mode faketcp -k 249b >udp2raw.log 2>&1 & + +#2 run wireguard with config file(pwd:/etc/wireguard/wg0.conf) + +ip link add dev wg0 type wireguard +ip address add dev wg0 10.0.0.2/24 +wg setconf wg0 /etc/wireguard/wg0.conf +ip link set up dev wg0 + +#3 notice: wg0.conf example + +#[Interface] +#PrivateKey = yG/bs7lAYy3yJLGqWDXVZrpT16CmDHanpI9g9haPC28= + +#[Peer] +#PublicKey = dddHotJ9qujdydvjNDYJVrGWCjpvudX9qcNXk7W4wCo= +#Endpoint = 127.0.0.1:2090 +#AllowedIPs = 0.0.0.0/0, ::0/0 +#PersistentKeepalive = 5 + +#4 add route table for wireguard + +echo "200 game" >> /etc/iproute2/rt_tables + +#5 create ipset table + +#ipset create game hash:net +#保存规则ipset save game -f game.txt +#从文件创建 +ipset restore -f game.txt + +#6 enable iptables rule,mark ip packages equal ipset table + +iptables -t mangle -A PREROUTING -m set --match-set game dst -j MARK --set-mark 8 +iptables -t mangle -A OUTPUT -m set --match-set game dst -j MARK --set-mark 8 +iptables -t nat -A POSTROUTING -m mark --mark 8 -j MASQUERADE +iptables -I FORWARD -o wg0 -j ACCEPT + +#7 config route table game:default route,lan +ip route add default dev wg0 table game +ip route add 192.168.3.0/24 dev br-lan table game + +#8 enable ip rule + +ip rule add fwmark 8 table game + + diff --git a/wireguard_web.sh b/wireguard_web.sh new file mode 100644 index 0000000..e83dc3f --- /dev/null +++ b/wireguard_web.sh @@ -0,0 +1,65 @@ +#!/bin/bash + + +sudo apt-get update -y +sudo apt-get install -y software-properties-common +sudo add-apt-repository -y ppa:wireguard/wireguard +sudo apt-get update -y +sudo apt-get install -y wireguard + + +apt-get remove -y dnsmasq + + +echo nameserver 1.1.1.1 >/etc/resolv.conf + + +modprobe wireguard +modprobe iptable_nat +modprobe ip6table_nat + +echo 1 > /proc/sys/net/ipv4/ip_forward +echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf +echo "net.ipv6.conf.all.forwarding=1" > /etc/sysctl.conf + +curl -fsSL get.docker.com -o get-docker.sh +sudo sh get-docker.sh + + +sudo systemctl enable docker +sudo systemctl start docker + +sudo cat > /etc/init.d/wgwebstart <<-EOF +#! /bin/bash +### BEGIN INIT INFO +# Provides: wgwebstart +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: wgwebstart +### END INIT INFO +modprobe wireguard +modprobe iptable_nat +modprobe ip6table_nat +sudo docker start subspace +EOF + +sudo chmod 755 /etc/init.d/wgwebstart +sudo update-rc.d wgwebstart defaults + +read -p "输入域名:" domain + +docker create \ +--name subspace \ +--network host \ +--cap-add NET_ADMIN \ +--volume /usr/bin/wg:/usr/bin/wg \ +--volume /data:/data \ +--env SUBSPACE_HTTP_HOST=$domain \ +subspacecloud/subspace:latest + + +sudo docker start subspace + +echo "安装完毕,使用浏览器访问域名,配置初始登录账号。"