Skip to content
This repository has been archived by the owner on Aug 14, 2024. It is now read-only.

Commit

Permalink
配置更方便
Browse files Browse the repository at this point in the history 
1. 对重要注释进行了中英标注
2. 支持QR二维码配置, 更加方便
3. 对安装逻辑进行了梳理, 可扩展性提高
4. 支持 bash wg.sh show 来随时方便配置
  • Loading branch information
@EchoShoot
EchoShoot authored Feb 12, 2019
1 parent b10391f commit 9166239
Showing 1 changed file with 139 additions and 74 deletions.
213 changes: 139 additions & 74 deletions wg.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,22 +9,30 @@ export PATH
# Intro: http://tools.tisrop.com #
#=================================================================#

clear

# 颜色
# Color
Color_error='\033[0;91m'
Color_info='\033[0;92m'
Color_warning='\033[0;93m'
Color_title='\033[0;96m'
Color_end='\033[0m'


help_info(){
echo
echo "#############################################################"
echo "# One click Install WireGuard Server #"
echo "# Intro: http://tools.tisrop.com #"
echo "# Author: EchoShoot #"
echo "# Github: https://github.com/Echoshoot/tools #"
echo "#############################################################"
echo -e "=============================================================="
echo -e "| \ ${Color_title}One click Install WireGuard Server${Color_end} / |"
echo -e "| Intro: ${Color_info}http://tools.tisrop.com ${Color_end} |"
echo -e "| Author: ${Color_info}EchoShoot ${Color_end} |"
echo -e "| Github: ${Color_info}https://github.com/Echoshoot/tools${Color_end} |"
echo -e "=============================================================="
echo

# Make sure only root can run our script
[[ $EUID -ne 0 ]] && echo -e "[${red}Error${plain}] This script must be run as root!" && exit 1
}


# 获得服务器ip
# Get public IP address
# 获取公网IP地址
# Get public Server IP address
get_ip(){
local IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )
[ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )
Expand All @@ -33,62 +41,81 @@ get_ip(){
}


#Config Table
# 配置表
# Config Table
Default_DNS="8.8.8.8"
Default_MTU="1420"
Server_Ip=$(get_ip)
Server_Port="443"
Install_Path="/etc/wireguard"


# 配置 WireGuard 服务端
# Config WireGuard Server
config_wireguard_server(){
cat > /etc/wireguard/wg0.conf<<-EOF
serverConf=${1}
serverIp=${2}

wg genkey | tee sprivatekey | wg pubkey > spublickey
cat > "${Install_Path}/${serverConf}"<<-EOF
[Interface]
PrivateKey = ${Server_PrivateKey}
Address = 10.0.0.1/24
PrivateKey = $(cat sprivatekey)
Address = ${serverIp}/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = ${Server_Port}
DNS = ${Default_DNS}
MTU = $mtu
MTU = ${Default_MTU}
[Peer]
PublicKey = ${Client_PublicKey}
AllowedIPs = 10.0.0.2/32
EOF
}


# 配置 WireGuard 客户端
# Config WireGuard Client
config_wireguard_client(){
cat > /etc/wireguard/client.conf<<-EOF
serverConf=${1}
clientConf=${2}
clientIp=${3}

# 生成秘钥对
wg genkey | tee cprivatekey | wg pubkey > cpublickey
cat >> "${Install_Path}/${serverConf}"<<-EOF
[Peer]
PublicKey = $(cat cpublickey)
AllowedIPs = ${clientIp}/32
EOF

# 生成新的client配置文件
cat > "${Install_Path}/${clientConf}"<<-EOF
[Interface]
PrivateKey = ${Client_PrivateKey}
Address = 10.0.0.2/24
PrivateKey = $(cat cprivatekey)
Address = ${clientIp}/24
DNS = ${Default_DNS}
# MTU = ${Default_MTU}
# PreUp = start .\route\routes-up.bat
# PostDown = start .\route\routes-down.bat
[Peer]
PublicKey = ${Server_PublicKey}
PublicKey = $(cat spublickey)
Endpoint = ${Server_Ip}:${Server_Port}
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
}


# Install cleanup
install_cleanup(){
echo
echo "$(cat /etc/wireguard/client.conf)"
echo
# 依据配置信息生成二维码
cat "${Install_Path}/${clientConf}" | qrencode -o "${Install_Path}/${clientConf}.png"
# 移除秘钥对
rm cprivatekey cpublickey
}


# install WireGuard
install(){
# 安装前的准备
# before install WireGuard
before_install(){
# 确保当前环境以root权限运行
[[ $EUID -ne 0 ]] && echo -e "${Color_error}[Error] This script must be run as root!${Color_end}" && exit 1
# 添加 unstable 软件包源,以确保安装版本是最新的
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
Expand All @@ -102,17 +129,68 @@ install(){
apt install wireguard resolvconf -y
# 验证是否安装成功
modprobe wireguard && lsmod | grep wireguard
# 安装qrencode方便生成二维码.
apt install qrencode -y
# 配置文件夹
mkdir -p ${Install_Path}
}


# 进行安装与配置
# config WireGuard
config_wireguard(){
cd ${Install_Path}
config_wireguard_server "wg0.conf" "10.0.0.1"
config_wireguard_client "wg0.conf" "client.conf" "10.0.0.2"
config_wireguard_client "wg0.conf" "qrcode.conf" "10.0.0.5"
}


# 安装后的处理
# after installed WireGuard
after_installed(){
# 开启 BBR
sed -i '/net.core.default_qdisc/d' /etc/sysctl.conf
echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf
sed -i '/net.ipv4.tcp_congestion_control/d' /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf
lsmod | grep bbr
# 打开防火墙转发功能
echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
# 设置开机启动
systemctl enable wg-quick@wg0
}


# 安装 WireGuard
# Install WireGuard
install_WireGuard(){
# 安装前的准备
before_install
# 配置
config_wireguard
# 安装后的处理
after_installed
# 显示配置方案
show_WireGuard
# 重启 WireGuard
wg-quick down wg0
wg-quick up wg0
}


# 卸载 WireGuard
# Uninstall WireGuard
uninstall_WireGuard(){
printf "Are you sure uninstall WireGuard? (y/n)"
printf "\n"
read -p "(Default: n):" answer
[ -z ${answer} ] && answer="n"
if [ "${answer}" == "y" ] || [ "${answer}" == "Y" ]; then
echo "Sorry! Not Support yet"
echo "Sorry! Not Support yet!"
echo "WireGuard uninstall failed!"
else
echo
Expand All @@ -122,56 +200,43 @@ uninstall_WireGuard(){
}


sysctl_config() {
sed -i '/net.core.default_qdisc/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_congestion_control/d' /etc/sysctl.conf
echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf
sysctl -p >/dev/null 2>&1
}


# Install WireGuard
install_WireGuard(){
install
# 配置文件夹
mkdir -p /etc/wireguard
cd /etc/wireguard
# 然后开始生成 密匙对(公匙+私匙)。
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey
Client_PublicKey=$(cat cpublickey)
Client_PrivateKey=$(cat cprivatekey)
Server_PublicKey=$(cat spublickey)
Server_PrivateKey=$(cat sprivatekey)
config_wireguard_server
config_wireguard_client
# 开启 BBR
sysctl_config
lsmod | grep bbr
# 打开防火墙转发功能
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
# 启动 WireGuard
wg-quick down wg0
wg-quick up wg0
# 设置开机启动
systemctl enable wg-quick@wg0
# 清理工作
install_cleanup
# 显示配置
# Show WireGuard
show_WireGuard(){
cd ${Install_Path}
clear
help_info

echo -e "${Color_title}> 二维码配置请访问:${Color_end}"
for conffile in $(ls ${Install_Path} | grep ".*\.conf\.png$")
do
echo -e " ${Color_info}http://${Server_Ip}:${Server_Port}/${conffile}${Color_end}"
done

echo -e "${Color_title}> 下载配置请访问:${Color_end}"
for conffile in $(ls ${Install_Path} | grep ".*\.conf$")
do
echo -e " ${Color_info}http://${Server_Ip}:${Server_Port}/${conffile}${Color_end}"
done
echo
echo -e "${Color_warning}配置完毕后请手动: ctrl+c 之后才开始生效!${Color_end}"
echo
python -m SimpleHTTPServer ${Server_Port}
clear
}


# 脚本带参数运行
# Initialization step
action=$1
[ -z $1 ] && action=install
case "$action" in
install|uninstall)
install|uninstall|show)
${action}_WireGuard
;;
*)
help_info
echo "Arguments error! [${action}]"
echo "Usage: `basename $0` [install|uninstall]"
echo -e "Usage: ${Color_warning}bash `basename $0` [install|uninstall|show]${Color_end}"
;;
esac

0 comments on commit 9166239

Please sign in to comment.