#!/bin/bash
#判断系统
if [ ! -e '/etc/redhat-release' ]; then
echo "仅支持centos7"
exit
fi
if [ -n "$(grep ' 6\.' /etc/redhat-release)" ] ;then
echo "仅支持centos7"
exit
fi
#更新内核
update_kernel(){
yum -y install epel-release
sed -i "0,/enabled=0/s//enabled=1/" /etc/yum.repos.d/epel.repo
yum remove -y kernel-devel
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
yum -y --enablerepo=elrepo-kernel install kernel-ml
sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
yum -y --enablerepo=elrepo-kernel install kernel-ml-devel
read -p "需要重启VPS,再次执行脚本选择安装wireguard,是否现在重启 ? [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
echo -e "${Info} VPS 重启中..."
reboot
fi
}
#生成随机端口
rand(){
min=$1
max=$(($2-$min+1))
num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
echo $(($num%$max+$min))
}
wireguard_update(){
yum update -y wireguard-dkms wireguard-tools
echo "更新完成"
}
wireguard_remove(){
yum remove -y wireguard-dkms wireguard-tools
rm -rf /etc/wireguard/
echo "卸载完成"
}
config_client(){
cat > /etc/wireguard/client.conf <<-EOF
[Interface]
PrivateKey = $c1
Address = 10.0.0.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $s2
Endpoint = $serverip:$port
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
}
#centos7安装wireguard
wireguard_install(){
curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel
yum -y install wireguard-dkms wireguard-tools
yum -y install qrencode
mkdir /etc/wireguard
cd /etc/wireguard
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey
s1=$(cat sprivatekey)
s2=$(cat spublickey)
c1=$(cat cprivatekey)
c2=$(cat cpublickey)
serverip=$(curl ipv4.icanhazip.com)
port=$(rand 10000 60000)
chmod 777 -R /etc/wireguard
systemctl stop firewalld
systemctl disable firewalld
yum install -y iptables-services
systemctl enable iptables
systemctl start iptables
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
service iptables save
service iptables restart
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.conf
cat > /etc/wireguard/wg0.conf <<-EOF
[Interface]
PrivateKey = $s1
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = $port
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $c2
AllowedIPs = 10.0.0.2/32
EOF
config_client
wg-quick up wg0
systemctl enable wg-quick@wg0
content=$(cat /etc/wireguard/client.conf)
echo "电脑端请下载client.conf,手机端可直接使用软件扫码"
echo "${content}" | qrencode -o - -t UTF8
}
#开始菜单
start_menu(){
clear
echo "========================="
echo " 介绍:适用于CentOS7"
echo " 作者:atrandys"
echo " 网站:www.atrandys.com"
echo " Youtube:atrandys"
echo "========================="
echo "1. 升级系统内核"
echo "2. 安装wireguard"
echo "3. 升级wireguard"
echo "4. 卸载wireguard"
echo "0. 退出脚本"
echo
read -p "请输入数字:" num
case "$num" in
1)
update_kernel
;;
2)
wireguard_install
;;
3)
wireguard_update
;;
4)
wireguard_remove
;;
0)
exit 1
;;
*)
clear
echo "请输入正确数字"
sleep 5s
start_menu
;;
esac
}
start_menu
# 一键 WireGuard 多用户配置共享脚本
wget -qO- https://raw.githubusercontent.com/zxlhhyccc/wireguard/master/wg5clients.sh | bash