├── README.md ├── iptables_config.sh ├── run.sh ├── speederv2 ├── udp2raw ├── wireguard_game.sh ├── wireguard_game_koolsharelede.sh ├── wireguard_game_ubuntu.sh ├── wireguard_install.sh ├── wireguard_install_ubuntu.sh ├── wireguard_openwrt.sh └── wireguard_web.sh /README.md: -------------------------------------------------------------------------------- 1 | ### 关于 2 | 3 | 4 | #### _install.sh 5 | > centos版wireguard一键脚本 | centos 7 6 | #### _install_ubuntu.sh 7 | > ubuntu版wireguard一键脚本 | ubuntu >= 14.04 8 | #### _game.sh 9 | > centos版wireguard+udpspeeder+udp2raw一键脚本 | centos 7 10 | #### _game_ubuntu.sh 11 | > ubuntu版wireguard+udpspeeder+udp2raw一键脚本 | ubuntu >= 14.04 12 | 13 | 14 | -------------------------------------------------------------------------------- /iptables_config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #开放ssh端口、回环、外网、默认策略 4 | config_default(){ 5 | systemctl stop firewalld 6 | systemctl disable firewalld 7 | yum install -y iptables-services 8 | systemctl start iptables 9 | systemctl enable iptables 10 | ssh_port=$(awk '$1=="Port" {print $2}' /etc/ssh/sshd_config) 11 | if [ ! -n "$ssh_port" ]; then 12 | iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 13 | else 14 | iptables -A INPUT -p tcp -m tcp --dport ${ssh_port} -j ACCEPT 15 | fi 16 | iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 17 | iptables -A INPUT -i lo -j ACCEPT 18 | iptables -P INPUT DROP 19 | iptables -P FORWARD ACCEPT 20 | iptables -P OUTPUT ACCEPT 21 | service iptables save 22 | echo "初始配置完成" 23 | } 24 | 25 | #禁止邮箱 26 | config_mail(){ 27 | iptables -A FORWARD -p tcp -m multiport --dports 24,25,26,50,57,105,106,109,110,143 -j REJECT --reject-with tcp-reset 28 | iptables -A FORWARD -p udp -m multiport --dports 24,25,26,50,57,105,106,109,110,143 -j DROP 29 | iptables -A FORWARD -p tcp -m multiport --dports 158,209,218,220,465,587,993,995,1109,60177,60179 -j REJECT --reject-with tcp-reset 30 | iptables -A FORWARD -p udp -m multiport --dports 158,209,218,220,465,587,993,995,1109,60177,60179 -j DROP 31 | service iptables save 32 | echo "禁止邮箱完毕" 33 | } 34 | 35 | #禁止关键字 36 | config_keyword(){ 37 | iptables -A FORWARD -m string --string "netflix.com" --algo bm -j DROP 38 | iptables -A FORWARD -m string --string "tumblr.com" --algo bm -j DROP 39 | iptables -A FORWARD -m string --string "facebook.com.com" --algo bm -j DROP 40 | iptables -A FORWARD -m string --string "instagram.com" --algo bm -j DROP 41 | iptables -A FORWARD -m string --string "pixiv.net" --algo bm -j DROP 42 | iptables -A FORWARD -m string --string "whatsapp.com" --algo bm -j DROP 43 | iptables -A FORWARD -m string --string "telegram.com" --algo bm -j DROP 44 | iptables -A FORWARD -m string --string "tunsafe.com" --algo bm -j DROP 45 | iptables -A FORWARD -m string --string "reddit.com" --algo bm -j DROP 46 | iptables -A FORWARD -m string --string "vimeo.com" --algo bm -j DROP 47 | iptables -A FORWARD -m string --string "dailymotion.com" --algo bm -j DROP 48 | iptables -A FORWARD -m string --string "hulu.com" --algo bm -j DROP 49 | iptables -A FORWARD -m string --string "liveleak.com" --algo bm -j DROP 50 | iptables -A FORWARD -m string --string "vine.co" --algo bm -j DROP 51 | iptables -A FORWARD -m string --string "ustream.tv" --algo bm -j DROP 52 | iptables -A FORWARD -m string --string "metacafe.com" --algo bm -j DROP 53 | iptables -A FORWARD -m string --string "viewstr.com" --algo bm -j DROP 54 | iptables -A FORWARD -m string --string "torrent" --algo bm -j DROP 55 | iptables -A FORWARD -m string --string ".torrent" --algo bm -j DROP 56 | iptables -A FORWARD -m string --string "peer_id=" --algo bm -j DROP 57 | iptables -A FORWARD -m string --string "announce" --algo bm -j DROP 58 | iptables -A FORWARD -m string --string "info_hash" --algo bm -j DROP 59 | iptables -A FORWARD -m string --string "get_peers" --algo bm -j DROP 60 | iptables -A FORWARD -m string --string "find_node" --algo bm -j DROP 61 | iptables -A FORWARD -m string --string "BitToorent" --algo bm -j DROP 62 | iptables -A FORWARD -m string --string "announce_peer" --algo bm -j DROP 63 | iptables -A FORWARD -m string --string "BitTorrent protocol" --algo bm -j DROP 64 | iptables -A FORWARD -m string --string "announce.php?passkey=" --algo bm -j DROP 65 | iptables -A FORWARD -m string --string "magnet:" --algo bm -j DROP 66 | iptables -A FORWARD -m string --string "xunlei" --algo bm -j DROP 67 | iptables -A FORWARD -m string --string "sandai" --algo bm -j DROP 68 | iptables -A FORWARD -m string --string "Thunder" --algo bm -j DROP 69 | iptables -A FORWARD -m string --string "XLLiveUD" --algo bm -j DROP 70 | iptables -A FORWARD -m string --string "youtube.com" --algo bm -j DROP 71 | iptables -A FORWARD -m string --string "google.com" --algo bm -j DROP 72 | iptables -A FORWARD -m string --string "youku.com" --algo bm -j DROP 73 | iptables -A FORWARD -m string --string "iqiyi.com" --algo bm -j DROP 74 | iptables -A FORWARD -m string --string "qq.com" --algo bm -j DROP 75 | iptables -A FORWARD -m string --string "huya.com" --algo bm -j DROP 76 | iptables -A FORWARD -m string --string "douyu.com" --algo bm -j DROP 77 | iptables -A FORWARD -m string --string "twitch.tv" --algo bm -j DROP 78 | iptables -A FORWARD -m string --string "panda.tv" --algo bm -j DROP 79 | iptables -A FORWARD -m string --string "porn" --algo bm -j DROP 80 | iptables -A FORWARD -m string --string "renminbao.com" --algo bm -j DROP 81 | iptables -A FORWARD -m string --string "dajiyuan.com" --algo bm -j DROP 82 | iptables -A FORWARD -m string --string "bignews.org" --algo bm -j DROP 83 | iptables -A FORWARD -m string --string "creaders.net" --algo bm -j DROP 84 | iptables -A FORWARD -m string --string "rfa.org" --algo bm -j DROP 85 | iptables -A FORWARD -m string --string "internetfreedom.org" --algo bm -j DROP 86 | iptables -A FORWARD -m string --string "voanews.com" --algo bm -j DROP 87 | iptables -A FORWARD -m string --string "minghui.org" --algo bm -j DROP 88 | iptables -A FORWARD -m string --string "kanzhongguo.com" --algo bm -j DROP 89 | iptables -A FORWARD -m string --string "peacehall.com" --algo bm -j DROP 90 | iptables -A FORWARD -m string --string "twister" --algo bm -j DROP 91 | service iptables save 92 | echo "禁止关键字完毕" 93 | } 94 | 95 | #开放自定义端口 96 | config_port(){ 97 | echo "开放一个自定义的端口段" 98 | read -p "输入开始端口:" start_port 99 | read -p "输入结束端口:" stop_port 100 | iptables -A INPUT -p tcp -m tcp --dport ${start_port}:${stop_port} -j ACCEPT 101 | iptables -A INPUT -p udp -m udp --dport ${start_port}:${stop_port} -j ACCEPT 102 | service iptables save 103 | echo "开放端口完毕" 104 | } 105 | 106 | #连接数限制 107 | config_conn(){ 108 | echo "限制一个端口段的连接数" 109 | read -p "输入开始端口:" start_conn 110 | read -p "输入结束端口:" stop_conn 111 | read -p "输入每个ip允许的连接数:" conn_num 112 | iptables -A INPUT -p tcp --dport ${start_conn}:${stop_conn} -m connlimit --connlimit-above ${conn_num} -j DROP 113 | iptables -A INPUT -p udp --dport ${start_conn}:${stop_conn} -m connlimit --connlimit-above ${conn_num} -j DROP 114 | service iptables save 115 | echo "限制连接数完毕" 116 | } 117 | 118 | #IP限速 119 | config_IP(){ 120 | echo "限制IP的速度,从10.0.0.2-254,限制100/sec" 121 | for ((i=2; i<=254; i ++)) 122 | do 123 | iptables -I FORWARD -d 10.0.0.$i/32 -j DROP 124 | iptables -I FORWARD -d 10.0.0.$i/32 -m limit --limit 100/sec -j ACCEPT 125 | done 126 | service iptables save 127 | echo "限制IP速度完毕" 128 | } 129 | 130 | #清空规则 131 | config_clear(){ 132 | iptables -P INPUT ACCEPT 133 | iptables -P FORWARD ACCEPT 134 | iptables -F 135 | service iptables save 136 | echo "清除规则完毕" 137 | } 138 | 139 | #start 140 | start_menu(){ 141 | while [ 1 ] 142 | do 143 | echo "=========================" 144 | echo " 介绍:适用于CentOS7" 145 | echo " 作者:atrandys" 146 | echo " 网站:www.atrandys.com" 147 | echo " Youtube:atrandys" 148 | echo "=========================" 149 | echo "1. 开启ssh(必须)" 150 | echo "2. 禁止邮箱" 151 | echo "3. 禁止常用关键字" 152 | echo "4. 开放自定义端口" 153 | echo "5. 连接数限制" 154 | echo "6. ip限速" 155 | echo "7. 清除所有规则" 156 | echo "0. 退出" 157 | echo 158 | read -p "请输入数字:" num 159 | case "$num" in 160 | 1) 161 | config_default 162 | ;; 163 | 2) 164 | config_mail 165 | ;; 166 | 3) 167 | config_keyword 168 | ;; 169 | 4) 170 | config_port 171 | ;; 172 | 5) 173 | config_conn 174 | ;; 175 | 6) 176 | config_IP 177 | ;; 178 | 7) 179 | config_clear 180 | ;; 181 | 0) 182 | exit 1 183 | ;; 184 | *) 185 | clear 186 | echo "请输入正确数字" 187 | sleep 5s 188 | start_menu 189 | ;; 190 | esac 191 | done 192 | } 193 | 194 | start_menu 195 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | while true 3 | do 4 | $@ 5 | sleep 1 6 | done 7 | -------------------------------------------------------------------------------- /speederv2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aihoom/wireguard/4458ad236c527e28c017971085f4894dc4aa3ea7/speederv2 -------------------------------------------------------------------------------- /udp2raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aihoom/wireguard/4458ad236c527e28c017971085f4894dc4aa3ea7/udp2raw -------------------------------------------------------------------------------- /wireguard_game.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #wg+udpspeeder+udp2raw,fec:游戏场景 4 | 5 | if [ ! -e '/etc/redhat-release' ]; then 6 | echo -e "\033[37;41m仅支持centos7\033[0m" 7 | exit 8 | fi 9 | if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then 10 | echo -e "\033[37;41m仅支持centos7\033[0m" 11 | exit 12 | fi 13 | 14 | 15 | 16 | #更新内核 17 | update_kernel(){ 18 | 19 | yum -y install epel-release wget curl 20 | sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo 21 | yum remove -y kernel-devel 22 | rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org 23 | rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm 24 | yum --disablerepo="*" --enablerepo="elrepo-kernel" list available 25 | yum -y --enablerepo=elrepo-kernel install kernel-ml 26 | sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub 27 | grub2-mkconfig -o /boot/grub2/grub.cfg 28 | wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm 29 | rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm 30 | yum -y --enablerepo=elrepo-kernel install kernel-ml-devel 31 | read -p "需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :" yn 32 | [ -z "${yn}" ] && yn="y" 33 | if [[ $yn == [Yy] ]]; then 34 | echo -e "\033[37;41mVPS 重启中...\033[0m" 35 | reboot 36 | fi 37 | } 38 | 39 | #生成随机端口 40 | rand(){ 41 | min=$1 42 | max=$(($2-$min+1)) 43 | num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') 44 | echo $(($num%$max+$min)) 45 | } 46 | 47 | randpwd(){ 48 | mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4) 49 | echo ${mpasswd} 50 | } 51 | 52 | wireguard_update(){ 53 | yum update -y wireguard-dkms wireguard-tools 54 | echo -e "\033[37;41m更新完成\033[0m" 55 | } 56 | 57 | wireguard_remove(){ 58 | yum remove -y wireguard-dkms wireguard-tools 59 | rm -rf /etc/wireguard/ 60 | rm -f /etc/rc.d/init.d/autoudp 61 | echo -e "\033[37;41m卸载完成,建议重启服务器\033[0m" 62 | } 63 | 64 | udp_install(){ 65 | #下载udpspeeder和udp2raw (amd64版) 66 | mkdir /usr/src/udp 67 | cd /usr/src/udp 68 | wget https://github.com/atrandys/wireguard/raw/master/speederv2 69 | wget https://github.com/atrandys/wireguard/raw/master/udp2raw 70 | wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh 71 | chmod +x speederv2 udp2raw run.sh 72 | 73 | #启动udpspeeder和udp2raw 74 | udpport=$(rand 10000 60000) 75 | password=$(randpwd) 76 | nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & 77 | nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & 78 | echo -e "\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\033[0m" 79 | read -p "比如192.168.1.1 :" ugateway 80 | 81 | cat > /etc/wireguard/client/client.conf <<-EOF 82 | [Interface] 83 | PrivateKey = $c1 84 | PostUp = mshta vbscript:CreateObject("WScript.Shell").Run("cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password",0)(window.close) 85 | PostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f 86 | Address = 10.0.0.2/24 87 | DNS = 8.8.8.8 88 | MTU = 1420 89 | 90 | [Peer] 91 | PublicKey = $s2 92 | Endpoint = 127.0.0.1:2090 93 | AllowedIPs = 0.0.0.0/0, ::0/0 94 | PersistentKeepalive = 25 95 | EOF 96 | 97 | cat > /etc/wireguard/client/client_noudp.conf <<-EOF 98 | [Interface] 99 | PrivateKey = $c1 100 | Address = 10.0.0.2/24 101 | DNS = 8.8.8.8 102 | MTU = 1420 103 | 104 | [Peer] 105 | PublicKey = $s2 106 | Endpoint = $serverip:$port 107 | AllowedIPs = 0.0.0.0/0, ::0/0 108 | PersistentKeepalive = 25 109 | EOF 110 | 111 | #增加自启动脚本 112 | cat > /etc/rc.d/init.d/autoudp<<-EOF 113 | #!/bin/sh 114 | #chkconfig: 2345 80 90 115 | #description:autoudp 116 | cd /usr/src/udp 117 | nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & 118 | nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & 119 | EOF 120 | 121 | #设置脚本权限 122 | chmod +x /etc/rc.d/init.d/autoudp 123 | chkconfig --add autoudp 124 | chkconfig autoudp on 125 | } 126 | 127 | #centos7安装wireguard 128 | wireguard_install(){ 129 | curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo 130 | yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel 131 | yum -y install wireguard-dkms wireguard-tools 132 | mkdir /etc/wireguard 133 | mkdir /etc/wireguard/client 134 | cd /etc/wireguard 135 | wg genkey | tee sprivatekey | wg pubkey > spublickey 136 | wg genkey | tee cprivatekey | wg pubkey > cpublickey 137 | s1=$(cat sprivatekey) 138 | s2=$(cat spublickey) 139 | c1=$(cat cprivatekey) 140 | c2=$(cat cpublickey) 141 | serverip=$(curl ipv4.icanhazip.com) 142 | port=$(rand 10000 60000) 143 | eth=$(ls /sys/class/net | awk '/^e/{print}') 144 | chmod 777 -R /etc/wireguard 145 | systemctl stop firewalld 146 | systemctl disable firewalld 147 | yum install -y iptables-services 148 | systemctl enable iptables 149 | systemctl start iptables 150 | iptables -P INPUT ACCEPT 151 | iptables -P OUTPUT ACCEPT 152 | iptables -P FORWARD ACCEPT 153 | iptables -F 154 | service iptables save 155 | service iptables restart 156 | echo 1 > /proc/sys/net/ipv4/ip_forward 157 | echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf 158 | cat > /etc/wireguard/wg0.conf <<-EOF 159 | [Interface] 160 | PrivateKey = $s1 161 | Address = 10.0.0.1/24 162 | PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE 163 | PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE 164 | ListenPort = $port 165 | DNS = 8.8.8.8 166 | MTU = 1420 167 | 168 | [Peer] 169 | PublicKey = $c2 170 | AllowedIPs = 10.0.0.2/32 171 | EOF 172 | 173 | udp_install 174 | wg-quick up wg0 175 | systemctl enable wg-quick@wg0 176 | echo -e "\033[37;41m安装完毕,客户端配置文件:/etc/wireguard/client/client.conf\033[0m" 177 | } 178 | 179 | add_user(){ 180 | echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" 181 | read -p "请输入用户名:" newname 182 | cd /etc/wireguard/client 183 | cp client.conf $newname.conf 184 | wg genkey | tee temprikey | wg pubkey > tempubkey 185 | ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') 186 | newnum=$((10#${ipnum}+1)) 187 | sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf 188 | sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf 189 | 190 | cat >> /etc/wireguard/wg0.conf <<-EOF 191 | 192 | [Peer] 193 | PublicKey = $(cat tempubkey) 194 | AllowedIPs = 10.0.0.$newnum/32 195 | EOF 196 | wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 197 | echo -e "\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\033[0m" 198 | rm -f temprikey tempubkey 199 | } 200 | 201 | #开始菜单 202 | start_menu(){ 203 | clear 204 | echo -e "\033[43;42m ====================================\033[0m" 205 | echo -e "\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \033[0m" 206 | echo -e "\033[43;42m 系统:CentOS7 \033[0m" 207 | echo -e "\033[43;42m 作者:atrandys \033[0m" 208 | echo -e "\033[43;42m 网站:www.atrandys.com \033[0m" 209 | echo -e "\033[43;42m Youtube:atrandys \033[0m" 210 | echo -e "\033[43;42m ====================================\033[0m" 211 | echo 212 | echo -e "\033[0;33m 1. 升级系统内核(必需)\033[0m" 213 | echo -e "\033[0;33m 2. 安装wireguard+udpspeeder+udp2raw\033[0m" 214 | echo " 3. 升级wireguard" 215 | echo " 4. 卸载wireguard" 216 | echo -e "\033[37;41m 5. 增加用户\033[0m" 217 | echo " 0. 退出脚本" 218 | echo 219 | read -p "请输入数字:" num 220 | case "$num" in 221 | 1) 222 | update_kernel 223 | ;; 224 | 2) 225 | wireguard_install 226 | ;; 227 | 3) 228 | wireguard_update 229 | ;; 230 | 4) 231 | wireguard_remove 232 | ;; 233 | 5) 234 | add_user 235 | ;; 236 | 0) 237 | exit 1 238 | ;; 239 | *) 240 | clear 241 | echo -e "请输入正确数字" 242 | sleep 2s 243 | start_menu 244 | ;; 245 | esac 246 | } 247 | 248 | start_menu 249 | 250 | 251 | 252 | -------------------------------------------------------------------------------- /wireguard_game_koolsharelede.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function blue(){ 4 | echo -e "\033[34m\033[01m $1 \033[0m" 5 | } 6 | function green(){ 7 | echo -e "\033[32m\033[01m $1 \033[0m" 8 | } 9 | function red(){ 10 | echo -e "\033[31m\033[01m $1 \033[0m" 11 | } 12 | function yellow(){ 13 | echo -e "\033[33m\033[01m $1 \033[0m" 14 | } 15 | 16 | rand(){ 17 | min=$1 18 | max=$(($2-$min+1)) 19 | num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') 20 | echo $(($num%$max+$min)) 21 | } 22 | 23 | randpwd(){ 24 | mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4) 25 | echo ${mpasswd} 26 | } 27 | 28 | wireguard_install(){ 29 | version=$(cat /etc/os-release | awk -F '[".]' '$1=="VERSION="{print $2}') 30 | if [ $version == 18 ] 31 | then 32 | sudo apt-get update -y 33 | sudo apt-get install -y software-properties-common 34 | sudo apt-get install -y openresolv 35 | else 36 | sudo apt-get update -y 37 | sudo apt-get install -y software-properties-common 38 | fi 39 | sudo add-apt-repository -y ppa:wireguard/wireguard 40 | sudo apt-get update -y 41 | sudo apt-get install -y wireguard curl 42 | 43 | sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf 44 | sysctl -p 45 | echo "1"> /proc/sys/net/ipv4/ip_forward 46 | 47 | mkdir /etc/wireguard 48 | cd /etc/wireguard 49 | wg genkey | tee sprivatekey | wg pubkey > spublickey 50 | wg genkey | tee cprivatekey | wg pubkey > cpublickey 51 | s1=$(cat sprivatekey) 52 | s2=$(cat spublickey) 53 | c1=$(cat cprivatekey) 54 | c2=$(cat cpublickey) 55 | serverip=$(curl ipv4.icanhazip.com) 56 | port=$(rand 10000 60000) 57 | eth=$(ls /sys/class/net | awk '/^e/{print $1}') 58 | 59 | sudo cat > /etc/wireguard/wg0.conf <<-EOF 60 | [Interface] 61 | PrivateKey = $s1 62 | Address = 10.0.0.1/24 63 | PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE 64 | PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE 65 | ListenPort = $port 66 | DNS = 8.8.8.8 67 | MTU = 1420 68 | 69 | [Peer] 70 | PublicKey = $c2 71 | AllowedIPs = 10.0.0.2/32 72 | EOF 73 | 74 | sudo cat > /etc/init.d/wgstart <<-EOF 75 | #! /bin/bash 76 | ### BEGIN INIT INFO 77 | # Provides: wgstart 78 | # Required-Start: $remote_fs $syslog 79 | # Required-Stop: $remote_fs $syslog 80 | # Default-Start: 2 3 4 5 81 | # Default-Stop: 0 1 6 82 | # Short-Description: wgstart 83 | ### END INIT INFO 84 | 85 | sudo wg-quick up wg0 86 | EOF 87 | 88 | 89 | 90 | sudo chmod 755 /etc/init.d/wgstart 91 | cd /etc/init.d 92 | if [ $version == 14 ] 93 | then 94 | sudo update-rc.d wgstart defaults 90 95 | else 96 | sudo update-rc.d wgstart defaults 97 | fi 98 | 99 | udp_install 100 | sudo wg-quick up wg0 101 | 102 | green "下面是wireguard配置文件" 103 | green "=================================================" 104 | cat /etc/wireguard/client/client.conf 105 | green "=================================================" 106 | } 107 | 108 | udp_install(){ 109 | #下载udpspeeder和udp2raw (amd64版) 110 | mkdir /usr/src/udp 111 | mkdir /etc/wireguard/client 112 | cd /usr/src/udp 113 | wget https://github.com/atrandys/wireguard/raw/master/speederv2 114 | wget https://github.com/atrandys/wireguard/raw/master/udp2raw 115 | wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh 116 | chmod +x speederv2 udp2raw run.sh 117 | green "udp模式选择:" 118 | green "1. wireguard+udpspeeder" 119 | green "2. wireguard+udp2raw" 120 | green "3. wireguard+udpspeeder+udp2raw" 121 | read udptype 122 | 123 | #启动udpspeeder和udp2raw 124 | udpport=$(rand 10000 60000) 125 | speederport=$(rand 10000 60000) 126 | password=$(randpwd) 127 | if [ "$udptype" == "1" ]; then 128 | nohup ./speederv2 -s -l0.0.0.0:$speederport -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 -k $password>speeder.log 2>&1 & 129 | #增加自启动脚本 130 | cat > /etc/init.d/autoudp<<-EOF 131 | #! /bin/sh 132 | ### BEGIN INIT INFO 133 | # Provides: autoudp 134 | # Required-Start: $remote_fs $syslog 135 | # Required-Stop: $remote_fs $syslog 136 | # Default-Start: 2 3 4 5 137 | # Default-Stop: 0 1 6 138 | # Short-Description: autoudp 139 | ### END INIT INFO 140 | 141 | cd /usr/src/udp 142 | nohup ./speederv2 -s -l0.0.0.0:$speederport -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 -k $password >speeder.log 2>&1 & 143 | 144 | EOF 145 | 146 | green "下面是udpspeeder配置参数" 147 | green "=================================================" 148 | blue "服务器IP:$serverip" 149 | blue "服务器端口:$speederport" 150 | blue "-fec:2:4" 151 | blue "--mode:0" 152 | blue "--timeout:0" 153 | blue "-k $password" 154 | green "=================================================" 155 | 156 | fi 157 | 158 | if [ "$udptype" == "2" ]; then 159 | nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:$port --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & 160 | #增加自启动脚本 161 | cat > /etc/init.d/autoudp<<-EOF 162 | #! /bin/sh 163 | ### BEGIN INIT INFO 164 | # Provides: autoudp 165 | # Required-Start: $remote_fs $syslog 166 | # Required-Stop: $remote_fs $syslog 167 | # Default-Start: 2 3 4 5 168 | # Default-Stop: 0 1 6 169 | # Short-Description: autoudp 170 | ### END INIT INFO 171 | 172 | cd /usr/src/udp 173 | nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:$port --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & 174 | 175 | EOF 176 | 177 | green "下面是udp2raw配置参数" 178 | green "=================================================" 179 | blue "服务器IP:$serverip" 180 | blue "服务器端口:$udpport" 181 | blue "--raw-mode:faketcp" 182 | blue "-k $password" 183 | green "=================================================" 184 | 185 | fi 186 | 187 | if [ "$udptype" == "3" ]; then 188 | nohup ./speederv2 -s -l127.0.0.1:$speederport -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 -k $password>speeder.log 2>&1 & 189 | nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:$speederport --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & 190 | #增加自启动脚本 191 | cat > /etc/init.d/autoudp<<-EOF 192 | #! /bin/sh 193 | ### BEGIN INIT INFO 194 | # Provides: autoudp 195 | # Required-Start: $remote_fs $syslog 196 | # Required-Stop: $remote_fs $syslog 197 | # Default-Start: 2 3 4 5 198 | # Default-Stop: 0 1 6 199 | # Short-Description: autoudp 200 | ### END INIT INFO 201 | 202 | cd /usr/src/udp 203 | nohup ./speederv2 -s -l127.0.0.1:$speederport -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 -k $password >speeder.log 2>&1 & 204 | nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:$speederport --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & 205 | 206 | EOF 207 | 208 | green "下面是udpspeeder+udp2raw配置参数" 209 | green "=================================================" 210 | blue "服务器IP:$serverip" 211 | blue "udp2raw端口:$udpport" 212 | blue "udp2raw --raw-mode:faketcp" 213 | blue "udp2raw -k $password" 214 | blue "speeder -fec:2:4" 215 | blue "speeder --mode:0" 216 | blue "speeder --timeout:0" 217 | blue "speeder -k $password" 218 | green "=================================================" 219 | 220 | fi 221 | 222 | 223 | cat > /etc/wireguard/client/client.conf <<-EOF 224 | [Interface] 225 | PrivateKey = $c1 226 | Address = 10.0.0.2/24 227 | DNS = 8.8.8.8 228 | MTU = 1420 229 | 230 | [Peer] 231 | PublicKey = $s2 232 | Endpoint = 127.0.0.1:2090 233 | AllowedIPs = 0.0.0.0/0 234 | PersistentKeepalive = 25 235 | EOF 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | #设置脚本权限 244 | sudo chmod 755 /etc/init.d/autoudp 245 | cd /etc/init.d 246 | if [ $version == 14 ] 247 | then 248 | sudo update-rc.d autoudp defaults 90 249 | else 250 | sudo update-rc.d autoudp defaults 251 | fi 252 | } 253 | 254 | wireguard_remove(){ 255 | 256 | sudo wg-quick down wg0 257 | sudo apt-get remove -y wireguard 258 | sudo rm -rf /etc/wireguard 259 | sudo rm -f /etc/init.d/wgstart 260 | sudo rm -f /etc/init.d/autoudp 261 | echo -e "\033[37;41m卸载完成,建议重启服务器\033[0m" 262 | 263 | } 264 | 265 | add_user(){ 266 | echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" 267 | read -p "请输入用户名:" newname 268 | cd /etc/wireguard/client 269 | cp client.conf $newname.conf 270 | wg genkey | tee temprikey | wg pubkey > tempubkey 271 | ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') 272 | newnum=$((10#${ipnum}+1)) 273 | sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf 274 | sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf 275 | 276 | cat >> /etc/wireguard/wg0.conf <<-EOF 277 | 278 | [Peer] 279 | PublicKey = $(cat tempubkey) 280 | AllowedIPs = 10.0.0.$newnum/32 281 | EOF 282 | wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 283 | echo -e "\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\033[0m" 284 | rm -f temprikey tempubkey 285 | } 286 | 287 | #开始菜单 288 | start_menu(){ 289 | clear 290 | echo -e "\033[43;42m ====================================\033[0m" 291 | echo -e "\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \033[0m" 292 | echo -e "\033[43;42m 系统:Ubuntu,用于koolshare lede \033[0m" 293 | echo -e "\033[43;42m 作者:atrandys \033[0m" 294 | echo -e "\033[43;42m 网站:www.atrandys.com \033[0m" 295 | echo -e "\033[43;42m Youtube:atrandys \033[0m" 296 | echo -e "\033[43;42m ====================================\033[0m" 297 | echo 298 | echo -e "\033[0;33m 1. 安装wireguard+udpspeeder+udp2raw\033[0m" 299 | echo -e "\033[0;31m 2. 删除wireguard+udpspeeder+udp2raw\033[0m" 300 | echo -e "\033[37;41m 3. 增加用户\033[0m" 301 | echo -e " 0. 退出脚本" 302 | echo 303 | read -p "请输入数字:" num 304 | case "$num" in 305 | 1) 306 | wireguard_install 307 | ;; 308 | 2) 309 | wireguard_remove 310 | ;; 311 | 3) 312 | add_user 313 | ;; 314 | 0) 315 | exit 1 316 | ;; 317 | *) 318 | clear 319 | echo -e "请输入正确数字" 320 | sleep 2s 321 | start_menu 322 | ;; 323 | esac 324 | } 325 | 326 | start_menu 327 | 328 | 329 | 330 | 331 | 332 | 333 | -------------------------------------------------------------------------------- /wireguard_game_ubuntu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rand(){ 4 | min=$1 5 | max=$(($2-$min+1)) 6 | num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') 7 | echo $(($num%$max+$min)) 8 | } 9 | 10 | randpwd(){ 11 | mpasswd=$(cat /dev/urandom | head -1 | md5sum | head -c 4) 12 | echo ${mpasswd} 13 | } 14 | 15 | wireguard_install(){ 16 | version=$(cat /etc/os-release | awk -F '[".]' '$1=="VERSION="{print $2}') 17 | if [ $version == 18 ] 18 | then 19 | sudo apt-get update -y 20 | sudo apt-get install -y software-properties-common 21 | sudo apt-get install -y openresolv 22 | else 23 | sudo apt-get update -y 24 | sudo apt-get install -y software-properties-common 25 | fi 26 | sudo add-apt-repository -y ppa:wireguard/wireguard 27 | sudo apt-get update -y 28 | sudo apt-get install -y wireguard curl 29 | 30 | sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf 31 | sysctl -p 32 | echo "1"> /proc/sys/net/ipv4/ip_forward 33 | 34 | mkdir /etc/wireguard 35 | cd /etc/wireguard 36 | wg genkey | tee sprivatekey | wg pubkey > spublickey 37 | wg genkey | tee cprivatekey | wg pubkey > cpublickey 38 | s1=$(cat sprivatekey) 39 | s2=$(cat spublickey) 40 | c1=$(cat cprivatekey) 41 | c2=$(cat cpublickey) 42 | serverip=$(curl ipv4.icanhazip.com) 43 | port=$(rand 10000 60000) 44 | eth=$(ls /sys/class/net | awk '/^e/{print}') 45 | 46 | sudo cat > /etc/wireguard/wg0.conf <<-EOF 47 | [Interface] 48 | PrivateKey = $s1 49 | Address = 10.0.0.1/24 50 | PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE 51 | PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE 52 | ListenPort = $port 53 | DNS = 8.8.8.8 54 | MTU = 1420 55 | 56 | [Peer] 57 | PublicKey = $c2 58 | AllowedIPs = 10.0.0.2/32 59 | EOF 60 | 61 | sudo cat > /etc/init.d/wgstart <<-EOF 62 | #! /bin/bash 63 | ### BEGIN INIT INFO 64 | # Provides: wgstart 65 | # Required-Start: $remote_fs $syslog 66 | # Required-Stop: $remote_fs $syslog 67 | # Default-Start: 2 3 4 5 68 | # Default-Stop: 0 1 6 69 | # Short-Description: wgstart 70 | ### END INIT INFO 71 | 72 | sudo wg-quick up wg0 73 | EOF 74 | 75 | 76 | 77 | sudo chmod 755 /etc/init.d/wgstart 78 | cd /etc/init.d 79 | if [ $version == 14 ] 80 | then 81 | sudo update-rc.d wgstart defaults 90 82 | else 83 | sudo update-rc.d wgstart defaults 84 | fi 85 | 86 | udp_install 87 | sudo wg-quick up wg0 88 | } 89 | 90 | udp_install(){ 91 | #下载udpspeeder和udp2raw (amd64版) 92 | mkdir /usr/src/udp 93 | mkdir /etc/wireguard/client 94 | cd /usr/src/udp 95 | wget https://github.com/atrandys/wireguard/raw/master/speederv2 96 | wget https://github.com/atrandys/wireguard/raw/master/udp2raw 97 | wget https://raw.githubusercontent.com/atrandys/wireguard/master/run.sh 98 | chmod +x speederv2 udp2raw run.sh 99 | 100 | #启动udpspeeder和udp2raw 101 | udpport=$(rand 10000 60000) 102 | password=$(randpwd) 103 | nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & 104 | nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & 105 | echo -e "\033[37;41m输入你客户端电脑的默认网关,打开cmd,使用ipconfig命令查看\033[0m" 106 | read -p "比如192.168.1.1 :" ugateway 107 | 108 | cat > /etc/wireguard/client/client.conf <<-EOF 109 | [Interface] 110 | PrivateKey = $c1 111 | PostUp = mshta vbscript:CreateObject("WScript.Shell").Run("cmd /c route add $serverip mask 255.255.255.255 $ugateway METRIC 20 & start /b c:/udp/speederv2.exe -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f2:4 --mode 0 --timeout 0 & start /b c:/udp/udp2raw.exe -c -r$serverip:$udpport -l127.0.0.1:2091 --raw-mode faketcp -k $password",0)(window.close) 112 | PostDown = route delete $serverip && taskkill /im udp2raw.exe /f && taskkill /im speederv2.exe /f 113 | Address = 10.0.0.2/24 114 | DNS = 8.8.8.8 115 | MTU = 1420 116 | 117 | [Peer] 118 | PublicKey = $s2 119 | Endpoint = 127.0.0.1:2090 120 | AllowedIPs = 0.0.0.0/0, ::0/0 121 | PersistentKeepalive = 25 122 | EOF 123 | 124 | cat > /etc/wireguard/client/client_noudp.conf <<-EOF 125 | [Interface] 126 | PrivateKey = $c1 127 | Address = 10.0.0.2/24 128 | DNS = 8.8.8.8 129 | MTU = 1420 130 | [Peer] 131 | PublicKey = $s2 132 | Endpoint = $serverip:$port 133 | AllowedIPs = 0.0.0.0/0, ::0/0 134 | PersistentKeepalive = 25 135 | EOF 136 | 137 | 138 | #增加自启动脚本 139 | cat > /etc/init.d/autoudp<<-EOF 140 | #! /bin/sh 141 | ### BEGIN INIT INFO 142 | # Provides: autoudp 143 | # Required-Start: $remote_fs $syslog 144 | # Required-Stop: $remote_fs $syslog 145 | # Default-Start: 2 3 4 5 146 | # Default-Stop: 0 1 6 147 | # Short-Description: autoudp 148 | ### END INIT INFO 149 | 150 | cd /usr/src/udp 151 | nohup ./speederv2 -s -l127.0.0.1:23333 -r127.0.0.1:$port -f2:4 --mode 0 --timeout 0 >speeder.log 2>&1 & 152 | nohup ./run.sh ./udp2raw -s -l0.0.0.0:$udpport -r 127.0.0.1:23333 --raw-mode faketcp -a -k $password >udp2raw.log 2>&1 & 153 | EOF 154 | 155 | 156 | 157 | #设置脚本权限 158 | sudo chmod 755 /etc/init.d/autoudp 159 | cd /etc/init.d 160 | if [ $version == 14 ] 161 | then 162 | sudo update-rc.d autoudp defaults 90 163 | else 164 | sudo update-rc.d autoudp defaults 165 | fi 166 | } 167 | 168 | wireguard_remove(){ 169 | 170 | sudo wg-quick down wg0 171 | sudo apt-get remove -y wireguard 172 | sudo rm -rf /etc/wireguard 173 | sudo rm -f /etc/init.d/wgstart 174 | sudo rm -f /etc/init.d/autoudp 175 | echo -e "\033[37;41m卸载完成,建议重启服务器\033[0m" 176 | 177 | } 178 | 179 | add_user(){ 180 | echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" 181 | read -p "请输入用户名:" newname 182 | cd /etc/wireguard/client 183 | cp client.conf $newname.conf 184 | wg genkey | tee temprikey | wg pubkey > tempubkey 185 | ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') 186 | newnum=$((10#${ipnum}+1)) 187 | sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf 188 | sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf 189 | 190 | cat >> /etc/wireguard/wg0.conf <<-EOF 191 | 192 | [Peer] 193 | PublicKey = $(cat tempubkey) 194 | AllowedIPs = 10.0.0.$newnum/32 195 | EOF 196 | wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 197 | echo -e "\033[37;41m添加完成,文件:/etc/wireguard/client/$newname.conf\033[0m" 198 | rm -f temprikey tempubkey 199 | } 200 | 201 | #开始菜单 202 | start_menu(){ 203 | clear 204 | echo -e "\033[43;42m ====================================\033[0m" 205 | echo -e "\033[43;42m 介绍:wireguard+udpspeeder+udp2raw \033[0m" 206 | echo -e "\033[43;42m 系统:Ubuntu \033[0m" 207 | echo -e "\033[43;42m 作者:atrandys \033[0m" 208 | echo -e "\033[43;42m 网站:www.atrandys.com \033[0m" 209 | echo -e "\033[43;42m Youtube:atrandys \033[0m" 210 | echo -e "\033[43;42m ====================================\033[0m" 211 | echo 212 | echo -e "\033[0;33m 1. 安装wireguard+udpspeeder+udp2raw\033[0m" 213 | echo -e "\033[0;31m 2. 删除wireguard+udpspeeder+udp2raw\033[0m" 214 | echo -e "\033[37;41m 3. 增加用户\033[0m" 215 | echo -e " 0. 退出脚本" 216 | echo 217 | read -p "请输入数字:" num 218 | case "$num" in 219 | 1) 220 | wireguard_install 221 | ;; 222 | 2) 223 | wireguard_remove 224 | ;; 225 | 3) 226 | add_user 227 | ;; 228 | 0) 229 | exit 1 230 | ;; 231 | *) 232 | clear 233 | echo -e "请输入正确数字" 234 | sleep 2s 235 | start_menu 236 | ;; 237 | esac 238 | } 239 | 240 | start_menu 241 | 242 | 243 | 244 | 245 | 246 | 247 | -------------------------------------------------------------------------------- /wireguard_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #判断系统 4 | if [ ! -e '/etc/redhat-release' ]; then 5 | echo "仅支持centos7" 6 | exit 7 | fi 8 | if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then 9 | echo "仅支持centos7" 10 | exit 11 | fi 12 | 13 | 14 | 15 | #更新内核 16 | update_kernel(){ 17 | 18 | yum -y install epel-release curl 19 | sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo 20 | yum remove -y kernel-devel 21 | rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org 22 | rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm 23 | yum --disablerepo="*" --enablerepo="elrepo-kernel" list available 24 | yum -y --enablerepo=elrepo-kernel install kernel-ml 25 | sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub 26 | grub2-mkconfig -o /boot/grub2/grub.cfg 27 | wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm 28 | rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm 29 | yum -y --enablerepo=elrepo-kernel install kernel-ml-devel 30 | read -p "需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :" yn 31 | [ -z "${yn}" ] && yn="y" 32 | if [[ $yn == [Yy] ]]; then 33 | echo -e "VPS 重启中..." 34 | reboot 35 | fi 36 | } 37 | 38 | #生成随机端口 39 | rand(){ 40 | min=$1 41 | max=$(($2-$min+1)) 42 | num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') 43 | echo $(($num%$max+$min)) 44 | } 45 | 46 | wireguard_update(){ 47 | yum update -y wireguard-dkms wireguard-tools 48 | echo "更新完成" 49 | } 50 | 51 | wireguard_remove(){ 52 | wg-quick down wg0 53 | yum remove -y wireguard-dkms wireguard-tools 54 | rm -rf /etc/wireguard/ 55 | echo "卸载完成" 56 | } 57 | 58 | config_client(){ 59 | cat > /etc/wireguard/client.conf <<-EOF 60 | [Interface] 61 | PrivateKey = $c1 62 | Address = 10.0.0.2/24 63 | DNS = 8.8.8.8 64 | MTU = 1420 65 | 66 | [Peer] 67 | PublicKey = $s2 68 | Endpoint = $serverip:$port 69 | AllowedIPs = 0.0.0.0/0, ::0/0 70 | PersistentKeepalive = 25 71 | EOF 72 | 73 | } 74 | 75 | #centos7安装wireguard 76 | wireguard_install(){ 77 | curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo 78 | yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel 79 | yum -y install wireguard-dkms wireguard-tools 80 | yum -y install qrencode 81 | mkdir /etc/wireguard 82 | cd /etc/wireguard 83 | wg genkey | tee sprivatekey | wg pubkey > spublickey 84 | wg genkey | tee cprivatekey | wg pubkey > cpublickey 85 | s1=$(cat sprivatekey) 86 | s2=$(cat spublickey) 87 | c1=$(cat cprivatekey) 88 | c2=$(cat cpublickey) 89 | serverip=$(curl ipv4.icanhazip.com) 90 | port=$(rand 10000 60000) 91 | eth=$(ls /sys/class/net | awk '/^e/{print}') 92 | chmod 777 -R /etc/wireguard 93 | systemctl stop firewalld 94 | systemctl disable firewalld 95 | yum install -y iptables-services 96 | systemctl enable iptables 97 | systemctl start iptables 98 | iptables -P INPUT ACCEPT 99 | iptables -P OUTPUT ACCEPT 100 | iptables -P FORWARD ACCEPT 101 | iptables -F 102 | service iptables save 103 | service iptables restart 104 | echo 1 > /proc/sys/net/ipv4/ip_forward 105 | echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf 106 | cat > /etc/wireguard/wg0.conf <<-EOF 107 | [Interface] 108 | PrivateKey = $s1 109 | Address = 10.0.0.1/24 110 | PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE 111 | PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE 112 | ListenPort = $port 113 | DNS = 8.8.8.8 114 | MTU = 1420 115 | 116 | [Peer] 117 | PublicKey = $c2 118 | AllowedIPs = 10.0.0.2/32 119 | EOF 120 | 121 | config_client 122 | wg-quick up wg0 123 | systemctl enable wg-quick@wg0 124 | content=$(cat /etc/wireguard/client.conf) 125 | echo "电脑端请下载client.conf,手机端可直接使用软件扫码" 126 | echo "${content}" | qrencode -o - -t UTF8 127 | } 128 | add_user(){ 129 | echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" 130 | read -p "请输入用户名:" newname 131 | cd /etc/wireguard/ 132 | cp client.conf $newname.conf 133 | wg genkey | tee temprikey | wg pubkey > tempubkey 134 | ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') 135 | newnum=$((10#${ipnum}+1)) 136 | sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf 137 | sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf 138 | 139 | cat >> /etc/wireguard/wg0.conf <<-EOF 140 | [Peer] 141 | PublicKey = $(cat tempubkey) 142 | AllowedIPs = 10.0.0.$newnum/32 143 | EOF 144 | wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 145 | echo -e "\033[37;41m添加完成,文件:/etc/wireguard/$newname.conf\033[0m" 146 | rm -f temprikey tempubkey 147 | } 148 | #开始菜单 149 | start_menu(){ 150 | clear 151 | echo "=========================" 152 | echo " 介绍:适用于CentOS7" 153 | echo " 作者:atrandys" 154 | echo " 网站:www.atrandys.com" 155 | echo " Youtube:atrandys" 156 | echo "=========================" 157 | echo "1. 升级系统内核" 158 | echo "2. 安装wireguard" 159 | echo "3. 升级wireguard" 160 | echo "4. 卸载wireguard" 161 | echo "5. 显示客户端二维码" 162 | echo "6. 增加用户" 163 | echo "0. 退出脚本" 164 | echo 165 | read -p "请输入数字:" num 166 | case "$num" in 167 | 1) 168 | update_kernel 169 | ;; 170 | 2) 171 | wireguard_install 172 | ;; 173 | 3) 174 | wireguard_update 175 | ;; 176 | 4) 177 | wireguard_remove 178 | ;; 179 | 5) 180 | content=$(cat /etc/wireguard/client.conf) 181 | echo "${content}" | qrencode -o - -t UTF8 182 | ;; 183 | 6) 184 | add_user 185 | ;; 186 | 0) 187 | exit 1 188 | ;; 189 | *) 190 | clear 191 | echo "请输入正确数字" 192 | sleep 5s 193 | start_menu 194 | ;; 195 | esac 196 | } 197 | 198 | start_menu 199 | 200 | 201 | 202 | -------------------------------------------------------------------------------- /wireguard_install_ubuntu.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rand(){ 4 | min=$1 5 | max=$(($2-$min+1)) 6 | num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}') 7 | echo $(($num%$max+$min)) 8 | } 9 | 10 | wireguard_install(){ 11 | version=$(cat /etc/os-release | awk -F '[".]' '$1=="VERSION="{print $2}') 12 | if [ $version == 18 ] 13 | then 14 | sudo apt-get update -y 15 | sudo apt-get install -y software-properties-common 16 | sudo apt-get install -y openresolv 17 | else 18 | sudo apt-get update -y 19 | sudo apt-get install -y software-properties-common 20 | fi 21 | sudo add-apt-repository -y ppa:wireguard/wireguard 22 | sudo apt-get update -y 23 | sudo apt-get install -y wireguard curl 24 | 25 | sudo echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf 26 | sysctl -p 27 | echo "1"> /proc/sys/net/ipv4/ip_forward 28 | 29 | mkdir /etc/wireguard 30 | cd /etc/wireguard 31 | wg genkey | tee sprivatekey | wg pubkey > spublickey 32 | wg genkey | tee cprivatekey | wg pubkey > cpublickey 33 | s1=$(cat sprivatekey) 34 | s2=$(cat spublickey) 35 | c1=$(cat cprivatekey) 36 | c2=$(cat cpublickey) 37 | serverip=$(curl ipv4.icanhazip.com) 38 | port=$(rand 10000 60000) 39 | eth=$(ls /sys/class/net | awk '/^e/{print}') 40 | 41 | sudo cat > /etc/wireguard/wg0.conf <<-EOF 42 | [Interface] 43 | PrivateKey = $s1 44 | Address = 10.0.0.1/24 45 | PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE 46 | PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE 47 | ListenPort = $port 48 | DNS = 8.8.8.8 49 | MTU = 1420 50 | 51 | [Peer] 52 | PublicKey = $c2 53 | AllowedIPs = 10.0.0.2/32 54 | EOF 55 | 56 | 57 | sudo cat > /etc/wireguard/client.conf <<-EOF 58 | [Interface] 59 | PrivateKey = $c1 60 | Address = 10.0.0.2/24 61 | DNS = 8.8.8.8 62 | MTU = 1420 63 | 64 | [Peer] 65 | PublicKey = $s2 66 | Endpoint = $serverip:$port 67 | AllowedIPs = 0.0.0.0/0, ::0/0 68 | PersistentKeepalive = 25 69 | EOF 70 | 71 | sudo apt-get install -y qrencode 72 | 73 | sudo cat > /etc/init.d/wgstart <<-EOF 74 | #! /bin/bash 75 | ### BEGIN INIT INFO 76 | # Provides: wgstart 77 | # Required-Start: $remote_fs $syslog 78 | # Required-Stop: $remote_fs $syslog 79 | # Default-Start: 2 3 4 5 80 | # Default-Stop: 0 1 6 81 | # Short-Description: wgstart 82 | ### END INIT INFO 83 | sudo wg-quick up wg0 84 | EOF 85 | 86 | sudo chmod +x /etc/init.d/wgstart 87 | cd /etc/init.d 88 | if [ $version == 14 ] 89 | then 90 | sudo update-rc.d wgstart defaults 90 91 | else 92 | sudo update-rc.d wgstart defaults 93 | fi 94 | 95 | sudo wg-quick up wg0 96 | 97 | content=$(cat /etc/wireguard/client.conf) 98 | echo -e "\033[43;42m电脑端请下载/etc/wireguard/client.conf,手机端可直接使用软件扫码\033[0m" 99 | echo "${content}" | qrencode -o - -t UTF8 100 | } 101 | 102 | wireguard_remove(){ 103 | 104 | sudo wg-quick down wg0 105 | sudo apt-get remove -y wireguard 106 | sudo rm -rf /etc/wireguard 107 | 108 | } 109 | 110 | add_user(){ 111 | echo -e "\033[37;41m给新用户起个名字,不能和已有用户重复\033[0m" 112 | read -p "请输入用户名:" newname 113 | cd /etc/wireguard/ 114 | cp client.conf $newname.conf 115 | wg genkey | tee temprikey | wg pubkey > tempubkey 116 | ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}') 117 | newnum=$((10#${ipnum}+1)) 118 | sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf 119 | sed -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $newname.conf 120 | 121 | cat >> /etc/wireguard/wg0.conf <<-EOF 122 | [Peer] 123 | PublicKey = $(cat tempubkey) 124 | AllowedIPs = 10.0.0.$newnum/32 125 | EOF 126 | wg set wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32 127 | echo -e "\033[37;41m添加完成,文件:/etc/wireguard/$newname.conf\033[0m" 128 | rm -f temprikey tempubkey 129 | } 130 | 131 | #开始菜单 132 | start_menu(){ 133 | clear 134 | echo -e "\033[43;42m ====================================\033[0m" 135 | echo -e "\033[43;42m 介绍:wireguard一键脚本 \033[0m" 136 | echo -e "\033[43;42m 系统:Ubuntu \033[0m" 137 | echo -e "\033[43;42m 作者:atrandys \033[0m" 138 | echo -e "\033[43;42m 网站:www.atrandys.com \033[0m" 139 | echo -e "\033[43;42m Youtube:atrandys \033[0m" 140 | echo -e "\033[43;42m ====================================\033[0m" 141 | echo 142 | echo -e "\033[0;33m 1. 安装wireguard\033[0m" 143 | echo -e "\033[0;33m 2. 查看客户端二维码\033[0m" 144 | echo -e "\033[0;31m 3. 删除wireguard\033[0m" 145 | echo -e "\033[0;33m 4. 增加用户\033[0m" 146 | echo -e " 0. 退出脚本" 147 | echo 148 | read -p "请输入数字:" num 149 | case "$num" in 150 | 1) 151 | wireguard_install 152 | ;; 153 | 2) 154 | content=$(cat /etc/wireguard/client.conf) 155 | echo "${content}" | qrencode -o - -t UTF8 156 | ;; 157 | 3) 158 | wireguard_remove 159 | ;; 160 | 4) 161 | add_user 162 | ;; 163 | 0) 164 | exit 1 165 | ;; 166 | *) 167 | clear 168 | echo -e "请输入正确数字" 169 | sleep 2s 170 | start_menu 171 | ;; 172 | esac 173 | } 174 | 175 | start_menu 176 | 177 | 178 | 179 | 180 | 181 | 182 | -------------------------------------------------------------------------------- /wireguard_openwrt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #0 create file:/etc/wireguard/wg0.conf; create ipset table.txt file 4 | 5 | #1 run udpspeeder and udp2raw 6 | 7 | nohup ./speederv2 -c -l127.0.0.1:2090 -r127.0.0.1:2091 -f20:10 --mode 0 --timeout 8 -k 249b >speeder.log 2>&1 & 8 | nohup ./run.sh ./udp2raw -c -r27.122.58.154:18949 -l127.0.0.1:2091 --raw-mode faketcp -k 249b >udp2raw.log 2>&1 & 9 | 10 | #2 run wireguard with config file(pwd:/etc/wireguard/wg0.conf) 11 | 12 | ip link add dev wg0 type wireguard 13 | ip address add dev wg0 10.0.0.2/24 14 | wg setconf wg0 /etc/wireguard/wg0.conf 15 | ip link set up dev wg0 16 | 17 | #3 notice: wg0.conf example 18 | 19 | #[Interface] 20 | #PrivateKey = yG/bs7lAYy3yJLGqWDXVZrpT16CmDHanpI9g9haPC28= 21 | 22 | #[Peer] 23 | #PublicKey = dddHotJ9qujdydvjNDYJVrGWCjpvudX9qcNXk7W4wCo= 24 | #Endpoint = 127.0.0.1:2090 25 | #AllowedIPs = 0.0.0.0/0, ::0/0 26 | #PersistentKeepalive = 5 27 | 28 | #4 add route table for wireguard 29 | 30 | echo "200 game" >> /etc/iproute2/rt_tables 31 | 32 | #5 create ipset table 33 | 34 | #ipset create game hash:net 35 | #保存规则ipset save game -f game.txt 36 | #从文件创建 37 | ipset restore -f game.txt 38 | 39 | #6 enable iptables rule,mark ip packages equal ipset table 40 | 41 | iptables -t mangle -A PREROUTING -m set --match-set game dst -j MARK --set-mark 8 42 | iptables -t mangle -A OUTPUT -m set --match-set game dst -j MARK --set-mark 8 43 | iptables -t nat -A POSTROUTING -m mark --mark 8 -j MASQUERADE 44 | iptables -I FORWARD -o wg0 -j ACCEPT 45 | 46 | #7 config route table game:default route,lan 47 | ip route add default dev wg0 table game 48 | ip route add 192.168.3.0/24 dev br-lan table game 49 | 50 | #8 enable ip rule 51 | 52 | ip rule add fwmark 8 table game 53 | 54 | 55 | -------------------------------------------------------------------------------- /wireguard_web.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | sudo apt-get update -y 5 | sudo apt-get install -y software-properties-common 6 | sudo add-apt-repository -y ppa:wireguard/wireguard 7 | sudo apt-get update -y 8 | sudo apt-get install -y wireguard 9 | 10 | 11 | apt-get remove -y dnsmasq 12 | 13 | 14 | echo nameserver 1.1.1.1 >/etc/resolv.conf 15 | 16 | 17 | modprobe wireguard 18 | modprobe iptable_nat 19 | modprobe ip6table_nat 20 | 21 | echo 1 > /proc/sys/net/ipv4/ip_forward 22 | echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf 23 | echo "net.ipv6.conf.all.forwarding=1" > /etc/sysctl.conf 24 | 25 | curl -fsSL get.docker.com -o get-docker.sh 26 | sudo sh get-docker.sh 27 | 28 | 29 | sudo systemctl enable docker 30 | sudo systemctl start docker 31 | 32 | sudo cat > /etc/init.d/wgwebstart <<-EOF 33 | #! /bin/bash 34 | ### BEGIN INIT INFO 35 | # Provides: wgwebstart 36 | # Required-Start: $remote_fs $syslog 37 | # Required-Stop: $remote_fs $syslog 38 | # Default-Start: 2 3 4 5 39 | # Default-Stop: 0 1 6 40 | # Short-Description: wgwebstart 41 | ### END INIT INFO 42 | modprobe wireguard 43 | modprobe iptable_nat 44 | modprobe ip6table_nat 45 | sudo docker start subspace 46 | EOF 47 | 48 | sudo chmod 755 /etc/init.d/wgwebstart 49 | sudo update-rc.d wgwebstart defaults 50 | 51 | read -p "输入域名:" domain 52 | 53 | docker create \ 54 | --name subspace \ 55 | --network host \ 56 | --cap-add NET_ADMIN \ 57 | --volume /usr/bin/wg:/usr/bin/wg \ 58 | --volume /data:/data \ 59 | --env SUBSPACE_HTTP_HOST=$domain \ 60 | subspacecloud/subspace:latest 61 | 62 | 63 | sudo docker start subspace 64 | 65 | echo "安装完毕,使用浏览器访问域名,配置初始登录账号。" 66 | --------------------------------------------------------------------------------