From 91662390f2c986ccc7818c572db066c6a8045d2a Mon Sep 17 00:00:00 2001 From: Biar Fordlander <852822425@qq.com> Date: Tue, 12 Feb 2019 16:35:55 +0800 Subject: [PATCH] =?UTF-8?q?=E9=85=8D=E7=BD=AE=E6=9B=B4=E6=96=B9=E4=BE=BF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. 对重要注释进行了中英标注 2. 支持QR二维码配置, 更加方便 3. 对安装逻辑进行了梳理, 可扩展性提高 4. 支持 bash wg.sh show 来随时方便配置 --- wg.sh | 213 ++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 139 insertions(+), 74 deletions(-) diff --git a/wg.sh b/wg.sh index c70ba88..98619de 100644 --- a/wg.sh +++ b/wg.sh @@ -9,22 +9,30 @@ export PATH # Intro: http://tools.tisrop.com # #=================================================================# -clear + +# 颜色 +# Color +Color_error='\033[0;91m' +Color_info='\033[0;92m' +Color_warning='\033[0;93m' +Color_title='\033[0;96m' +Color_end='\033[0m' + + +help_info(){ echo -echo "#############################################################" -echo "# One click Install WireGuard Server #" -echo "# Intro: http://tools.tisrop.com #" -echo "# Author: EchoShoot #" -echo "# Github: https://github.com/Echoshoot/tools #" -echo "#############################################################" +echo -e "==============================================================" +echo -e "| \ ${Color_title}One click Install WireGuard Server${Color_end} / |" +echo -e "| Intro: ${Color_info}http://tools.tisrop.com ${Color_end} |" +echo -e "| Author: ${Color_info}EchoShoot ${Color_end} |" +echo -e "| Github: ${Color_info}https://github.com/Echoshoot/tools${Color_end} |" +echo -e "==============================================================" echo - -# Make sure only root can run our script -[[ $EUID -ne 0 ]] && echo -e "[${red}Error${plain}] This script must be run as root!" && exit 1 +} -# 获得服务器ip -# Get public IP address +# 获取公网IP地址 +# Get public Server IP address get_ip(){ local IP=$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 ) [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com ) @@ -33,62 +41,81 @@ get_ip(){ } -#Config Table +# 配置表 +# Config Table Default_DNS="8.8.8.8" Default_MTU="1420" Server_Ip=$(get_ip) Server_Port="443" +Install_Path="/etc/wireguard" +# 配置 WireGuard 服务端 # Config WireGuard Server config_wireguard_server(){ - cat > /etc/wireguard/wg0.conf<<-EOF +serverConf=${1} +serverIp=${2} + +wg genkey | tee sprivatekey | wg pubkey > spublickey + cat > "${Install_Path}/${serverConf}"<<-EOF [Interface] -PrivateKey = ${Server_PrivateKey} -Address = 10.0.0.1/24 +PrivateKey = $(cat sprivatekey) +Address = ${serverIp}/24 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = ${Server_Port} DNS = ${Default_DNS} -MTU = $mtu +MTU = ${Default_MTU} -[Peer] -PublicKey = ${Client_PublicKey} -AllowedIPs = 10.0.0.2/32 EOF } +# 配置 WireGuard 客户端 # Config WireGuard Client config_wireguard_client(){ - cat > /etc/wireguard/client.conf<<-EOF +serverConf=${1} +clientConf=${2} +clientIp=${3} + +# 生成秘钥对 +wg genkey | tee cprivatekey | wg pubkey > cpublickey + cat >> "${Install_Path}/${serverConf}"<<-EOF + +[Peer] +PublicKey = $(cat cpublickey) +AllowedIPs = ${clientIp}/32 +EOF + +# 生成新的client配置文件 + cat > "${Install_Path}/${clientConf}"<<-EOF [Interface] -PrivateKey = ${Client_PrivateKey} -Address = 10.0.0.2/24 +PrivateKey = $(cat cprivatekey) +Address = ${clientIp}/24 DNS = ${Default_DNS} # MTU = ${Default_MTU} # PreUp = start .\route\routes-up.bat # PostDown = start .\route\routes-down.bat [Peer] -PublicKey = ${Server_PublicKey} +PublicKey = $(cat spublickey) Endpoint = ${Server_Ip}:${Server_Port} AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF -} - -# Install cleanup -install_cleanup(){ - echo - echo "$(cat /etc/wireguard/client.conf)" - echo +# 依据配置信息生成二维码 +cat "${Install_Path}/${clientConf}" | qrencode -o "${Install_Path}/${clientConf}.png" +# 移除秘钥对 +rm cprivatekey cpublickey } -# install WireGuard -install(){ +# 安装前的准备 +# before install WireGuard +before_install(){ + # 确保当前环境以root权限运行 + [[ $EUID -ne 0 ]] && echo -e "${Color_error}[Error] This script must be run as root!${Color_end}" && exit 1 # 添加 unstable 软件包源,以确保安装版本是最新的 echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable @@ -102,9 +129,60 @@ install(){ apt install wireguard resolvconf -y # 验证是否安装成功 modprobe wireguard && lsmod | grep wireguard + # 安装qrencode方便生成二维码. + apt install qrencode -y + # 配置文件夹 + mkdir -p ${Install_Path} +} + + +# 进行安装与配置 +# config WireGuard +config_wireguard(){ + cd ${Install_Path} + config_wireguard_server "wg0.conf" "10.0.0.1" + config_wireguard_client "wg0.conf" "client.conf" "10.0.0.2" + config_wireguard_client "wg0.conf" "qrcode.conf" "10.0.0.5" +} + + +# 安装后的处理 +# after installed WireGuard +after_installed(){ + # 开启 BBR + sed -i '/net.core.default_qdisc/d' /etc/sysctl.conf + echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf + sed -i '/net.ipv4.tcp_congestion_control/d' /etc/sysctl.conf + echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf + lsmod | grep bbr + # 打开防火墙转发功能 + echo 1 > /proc/sys/net/ipv4/ip_forward + sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf + echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf + sysctl -p + # 设置开机启动 + systemctl enable wg-quick@wg0 +} + + +# 安装 WireGuard +# Install WireGuard +install_WireGuard(){ + # 安装前的准备 + before_install + # 配置 + config_wireguard + # 安装后的处理 + after_installed + # 显示配置方案 + show_WireGuard + # 重启 WireGuard + wg-quick down wg0 + wg-quick up wg0 } +# 卸载 WireGuard # Uninstall WireGuard uninstall_WireGuard(){ printf "Are you sure uninstall WireGuard? (y/n)" @@ -112,7 +190,7 @@ uninstall_WireGuard(){ read -p "(Default: n):" answer [ -z ${answer} ] && answer="n" if [ "${answer}" == "y" ] || [ "${answer}" == "Y" ]; then - echo "Sorry! Not Support yet" + echo "Sorry! Not Support yet!" echo "WireGuard uninstall failed!" else echo @@ -122,56 +200,43 @@ uninstall_WireGuard(){ } -sysctl_config() { - sed -i '/net.core.default_qdisc/d' /etc/sysctl.conf - sed -i '/net.ipv4.tcp_congestion_control/d' /etc/sysctl.conf - echo "net.core.default_qdisc = fq" >> /etc/sysctl.conf - echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf - sysctl -p >/dev/null 2>&1 -} - - -# Install WireGuard -install_WireGuard(){ - install - # 配置文件夹 - mkdir -p /etc/wireguard - cd /etc/wireguard - # 然后开始生成 密匙对(公匙+私匙)。 - wg genkey | tee sprivatekey | wg pubkey > spublickey - wg genkey | tee cprivatekey | wg pubkey > cpublickey - Client_PublicKey=$(cat cpublickey) - Client_PrivateKey=$(cat cprivatekey) - Server_PublicKey=$(cat spublickey) - Server_PrivateKey=$(cat sprivatekey) - config_wireguard_server - config_wireguard_client - # 开启 BBR - sysctl_config - lsmod | grep bbr - # 打开防火墙转发功能 - echo 1 > /proc/sys/net/ipv4/ip_forward - echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf - sysctl -p - # 启动 WireGuard - wg-quick down wg0 - wg-quick up wg0 - # 设置开机启动 - systemctl enable wg-quick@wg0 - # 清理工作 - install_cleanup +# 显示配置 +# Show WireGuard +show_WireGuard(){ + cd ${Install_Path} + clear + help_info + + echo -e "${Color_title}> 二维码配置请访问:${Color_end}" + for conffile in $(ls ${Install_Path} | grep ".*\.conf\.png$") + do + echo -e " ${Color_info}http://${Server_Ip}:${Server_Port}/${conffile}${Color_end}" + done + + echo -e "${Color_title}> 下载配置请访问:${Color_end}" + for conffile in $(ls ${Install_Path} | grep ".*\.conf$") + do + echo -e " ${Color_info}http://${Server_Ip}:${Server_Port}/${conffile}${Color_end}" + done + echo + echo -e "${Color_warning}配置完毕后请手动: ctrl+c 之后才开始生效!${Color_end}" + echo + python -m SimpleHTTPServer ${Server_Port} + clear } +# 脚本带参数运行 # Initialization step action=$1 [ -z $1 ] && action=install case "$action" in - install|uninstall) + install|uninstall|show) ${action}_WireGuard ;; *) + help_info echo "Arguments error! [${action}]" - echo "Usage: `basename $0` [install|uninstall]" + echo -e "Usage: ${Color_warning}bash `basename $0` [install|uninstall|show]${Color_end}" ;; esac