From 5f30580bfb51dc1fb6264f0f76a6d9167ded7215 Mon Sep 17 00:00:00 2001 From: yanglc Date: Tue, 29 Aug 2023 17:20:09 +0800 Subject: [PATCH] add wireguard --- selfcert.sh | 95 ++++++++++++++++++++++++++++++ wginstall.sh | 163 +++++++++++++++++++++++++++++++++++++++++++++++++++ xbbox.sh | 26 +++++++- 3 files changed, 282 insertions(+), 2 deletions(-) create mode 100644 selfcert.sh create mode 100644 wginstall.sh diff --git a/selfcert.sh b/selfcert.sh new file mode 100644 index 0000000..49184cd --- /dev/null +++ b/selfcert.sh @@ -0,0 +1,95 @@ +#!/bin/bash + +RED_COLOR="\033[0;31m" +NO_COLOR="\033[0m" +GREEN="\033[32m\033[01m" + +create_ssl(){ + mkdir -p /opt/ssl + cd /opt/ssl + servername=$(curl -4 -s https://ip.nekocat.cn) + cat > my-openssl.cnf << EOF +[ ca ] +default_ca = CA_default +[ CA_default ] +x509_extensions = usr_cert +[ req ] +default_bits = 2048 +default_md = sha256 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca +string_mask = utf8only +[ req_distinguished_name ] +[ req_attributes ] +[ usr_cert ] +basicConstraints = CA:FALSE +nsComment = "OpenSSL Generated Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = CA:true +EOF + openssl genrsa -out ca.key 2048 + openssl req -x509 -new -nodes -key ca.key -subj "/CN=${servername}" -days 5000 -out ca.crt + openssl genrsa -out server.key 2048 + openssl req -new -sha256 -key server.key \ + -subj "/C=CN/ST=yanglc/L=yanglc/O=igewu.org/CN=${servername}" \ + -reqexts SAN \ + -config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${servername},IP:${servername}")) \ + -out server.csr + openssl x509 -req -days 365 -sha256 \ + -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \ + -extfile <(printf "subjectAltName=DNS:${servername},IP:${servername}") \ + -out server.crt + cat /opt/ssl/ca.crt + + echo -e "${GREEN} 自签名证书已成功生成!${NO_COLOR}" +} +uninstall_ssl() { + rm -r /opt/ssl +} +ssl_info() { + echo "证书在/opt/ssl文件夹下" + echo "你的证书为:" + cat /opt/ssl/server.crt + echo "你的密钥为:" + cat /opt/ssl/server.key +} + +menu() { + echo -e "—————————————— 自签证书一键脚本 ——————————————""" + echo -e "\t---authored by yanglc---" + echo -e "${Green}0.${Plain} 退出 " + echo -e "${Green}1.${Plain} 生成自签证书 " + echo -e "${Green}2.${Plain} 删除自签证书 " + echo -e "${Green}3.${Plain} 查看证书信息 " + + read -rp "请输入数字:" menu_num + case $menu_num in + 0) + exit 0 + ;; + 1) + create_ssl + menu + ;; + 2) + uninstall_ssl + menu + ;; + 3) + ssl_info + menu + ;; + *) + red "请输入正确的数字" + ;; + esac + +} +menu + diff --git a/wginstall.sh b/wginstall.sh new file mode 100644 index 0000000..611bf75 --- /dev/null +++ b/wginstall.sh @@ -0,0 +1,163 @@ +#!/bin/bash + +install_wireguard() { + echo "开始安装WireGuard..." + # Check Linux distribution + if [[ -f /etc/redhat-release ]]; then + # Install WireGuard on CentOS / RHEL + yum install epel-release -y + yum install wireguard-tools -y + elif [[ -f /etc/debian_version ]]; then + # Install WireGuard on Debian / Ubuntu + apt update + apt install wireguard -y + elif [[ -f /etc/arch-release ]]; then + # Install WireGuard on Arch Linux + pacman -S wireguard-tools --noconfirm + elif [[ "$(uname)" == "Darwin" ]]; then + # Install WireGuard on macOS (using Homebrew) + brew install wireguard-tools + else + echo "不受支持的 Linux 发行版或操作系统" + exit 1 + fi + + # Start the WireGuard service + systemctl enable wg-quick@wg0 + systemctl start wg-quick@wg0 + + # Check if WireGuard was installed successfully + if ! command -v wg &>/dev/null; then + echo "WireGuard安装失败" + exit 1 + fi + + echo "WireGuard安装成功" +} + +generate_keys() { + # 生成WireGuard私钥和公钥 + echo "正在生成WireGuard私钥和公钥..." + wg genkey | tee /opt/wg/privatekey | wg pubkey > /opt/wg/publickey +} + +create_server_config() { + # 服务器端配置 + read -p "请输入服务器的公网IP地址: " server_public_ip + read -p "请输入WireGuard服务器端口号: " server_port + read -p "请输入客户端的公钥: " client_public_key + read -p "请输入客户端的内网IP地址: " client_internal_ip + + # 创建服务器端配置文件 + echo "[Interface]" > /opt/wg/wg0.conf + echo "PrivateKey = $(cat /opt/wg/privatekey)" >> /opt/wg/wg0.conf + echo "Address = $client_internal_ip/24" >> /opt/wg/wg0.conf + echo "ListenPort = $server_port" >> /opt/wg/wg0.conf + + echo "" >> /opt/wg/wg0.conf + echo "[Peer]" >> /opt/wg/wg0.conf + echo "PublicKey = $client_public_key" >> /opt/wg/wg0.conf + echo "AllowedIPs = $client_internal_ip/32" >> /opt/wg/wg0.conf + + echo "WireGuard服务器端配置文件已成功创建在 /opt/wg/wg0.conf。" +} + +create_client_config() { + # 客户端配置 + read -p "请输入服务器的公网IP地址: " server_public_ip + read -p "请输入WireGuard服务器端口号: " server_port + read -p "请输入服务器的公钥: " server_public_key + read -p "请输入客户端的内网IP地址: " client_internal_ip + + # 创建客户端配置文件 + echo "[Interface]" > /opt/wg/wg0.conf + echo "PrivateKey = $(cat /opt/wg/privatekey)" >> /opt/wg/wg0.conf + echo "Address = $client_internal_ip/24" >> /opt/wg/wg0.conf + + echo "" >> /opt/wg/wg0.conf + echo "[Peer]" >> /opt/wg/wg0.conf + echo "PublicKey = $server_public_key" >> /opt/wg/wg0.conf + echo "Endpoint = $server_public_ip:$server_port" >> /opt/wg/wg0.conf + echo "AllowedIPs = 0.0.0.0/0, ::/0" >> /opt/wg/wg0.conf + + echo "WireGuard客户端配置文件已成功创建在 /opt/wg/wg0.conf。" +} + +start_wireguard() { + echo "正在启动WireGuard..." + wg-quick up wg0 + echo "WireGuard已启动" +} + +stop_wireguard() { + echo "正在停止WireGuard..." + wg-quick down wg0 + echo "WireGuard已停止" +} + +restart_wireguard() { + echo "正在重启WireGuard..." + systemctl restart wg-quick@wg0 + echo "WireGuard已重启" +} + +main() { + # 创建 /opt/wg 目录存放配置文件 + mkdir -p /opt/wg + # 显示菜单并选择角色 + echo -e "---------------------------" + echo -e "欢迎使用WireGuard配置脚本" + echo -e "\t---authored by yanglc---" + echo -e "---------------------------" + echo "0. 退出脚本" + echo "1. 安装Wireguard" + echo "2. 配置服务器端(中转)" + echo "3. 配置客户端(落地)" + echo "4. 启动WireGuard" + echo "5. 停止WireGuard" + echo "6. 重启WireGuard(systemctl)" + echo "7. 重启Wireguard(wg-quick)" + read -p "请输入数字: " role + + case $role in + 0) + exit 0 + ;; + 1) + install_wireguard + generate_keys + main + ;; + 2) + create_server_config + main + ;; + 3) + create_client_config + main + ;; + 4) + start_wireguard + main + ;; + 5) + stop_wireguard + main + ;; + 6) + restart_wireguard + main + ;; + 7) + stop_wireguard + start_wireguard + main + ;; + *) + echo "输入无效的选项。" + main + ;; + esac +} + +main \ No newline at end of file diff --git a/xbbox.sh b/xbbox.sh index dc1baa9..c294c27 100644 --- a/xbbox.sh +++ b/xbbox.sh @@ -82,7 +82,7 @@ install_docker() { run_gost() { # 下载脚本 - curl -fsSL https://raw.githubusercontent.com/yangliuchang/xbbox/main/rungost.sh -o rungost.sh + curl -fsSL http://example.com -o rungost.sh # 添加可执行权限并运行脚本 chmod +x rungost.sh @@ -90,6 +90,20 @@ run_gost() { } +self_cert() { + # 下载脚本 + curl -fsSL http://example.com -0 selfcert.sh + + chmod +x selfsert.sh + ./selfcert.sh +} +wginstall(){ + curl -fsSL http://example.com -0 wginstall.sh + + chmod +x wginstall.sh + ./wginstall.sh +} + menu() { echo -e "—————————————— 小白工具箱一键脚本 ——————————————""" echo -e "\t---authored by yanglc---" @@ -98,6 +112,8 @@ menu() { echo -e "${Green}2.${Plain} 删除自签证书 " echo -e "${Green}3.${Plain} 安装Docker " echo -e "${Green}4.${Plain} gost控制脚本" + echo -e "${Green}5.${Plain} 自签证书脚本(备用)" + echo -e "${Green}6.${Plain} Wireguard配置脚本" # 调用is_root()函数来检查是否为root用户 is_root @@ -119,10 +135,16 @@ menu() { 4) run_gost ;; + 5) + self_cert + ;; + 6) + wginstall + ;; *) red "请输入正确的数字" ;; esac } -menu +menu \ No newline at end of file