add wireguard

2023-08-29 17:20:09 +08:00 · 2023-08-29 17:20:09 +08:00 · 5f30580bfb
parent 79f73beb63
commit 5f30580bfb
3 changed files with 282 additions and 2 deletions
--- a/selfcert.sh
+++ b/selfcert.sh
@ -0,0 +1,95 @@
+#!/bin/bash
+
+RED_COLOR="\033[0;31m"
+NO_COLOR="\033[0m"
+GREEN="\033[32m\033[01m"
+
+create_ssl(){
+    mkdir -p /opt/ssl
+    cd /opt/ssl
+    servername=$(curl -4 -s https://ip.nekocat.cn)
+    cat > my-openssl.cnf << EOF
+[ ca ]
+default_ca = CA_default
+[ CA_default ]
+x509_extensions = usr_cert
+[ req ]
+default_bits        = 2048
+default_md          = sha256
+default_keyfile     = privkey.pem
+distinguished_name  = req_distinguished_name
+attributes          = req_attributes
+x509_extensions     = v3_ca
+string_mask         = utf8only
+[ req_distinguished_name ]
+[ req_attributes ]
+[ usr_cert ]
+basicConstraints       = CA:FALSE
+nsComment              = "OpenSSL Generated Certificate"
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid,issuer
+[ v3_ca ]
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints       = CA:true
+EOF
+    openssl genrsa -out ca.key 2048
+    openssl req -x509 -new -nodes -key ca.key -subj "/CN=${servername}" -days 5000 -out ca.crt
+    openssl genrsa -out server.key 2048
+    openssl req -new -sha256 -key server.key \
+        -subj "/C=CN/ST=yanglc/L=yanglc/O=igewu.org/CN=${servername}" \
+        -reqexts SAN \
+        -config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${servername},IP:${servername}")) \
+        -out server.csr
+    openssl x509 -req -days 365 -sha256 \
+        -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
+        -extfile <(printf "subjectAltName=DNS:${servername},IP:${servername}") \
+        -out server.crt
+    cat /opt/ssl/ca.crt
+
+    echo -e "${GREEN} 自签名证书已成功生成！${NO_COLOR}"
+}
+uninstall_ssl() {
+    rm -r /opt/ssl
+}
+ssl_info() {
+    echo "证书在/opt/ssl文件夹下"
+    echo "你的证书为："
+    cat /opt/ssl/server.crt
+    echo "你的密钥为："
+    cat /opt/ssl/server.key
+}
+
+menu() {
+    echo -e "—————————————— 自签证书一键脚本 ——————————————"""
+    echo -e "\t---authored by yanglc---"
+    echo -e "${Green}0.${Plain} 退出 "
+    echo -e "${Green}1.${Plain}  生成自签证书 "
+    echo -e "${Green}2.${Plain}  删除自签证书 "
+    echo -e "${Green}3.${Plain}  查看证书信息 "
+
+    read -rp "请输入数字：" menu_num
+    case $menu_num in
+    0)
+        exit 0
+        ;;
+    1)
+        create_ssl
+        menu
+        ;;
+    2)
+        uninstall_ssl
+        menu
+        ;;
+    3)
+        ssl_info
+        menu
+        ;;
+    *)
+        red "请输入正确的数字"
+        ;;
+    esac
+
+}
+menu
+
--- a/wginstall.sh
+++ b/wginstall.sh
@ -0,0 +1,163 @@
+#!/bin/bash
+
+install_wireguard() {
+    echo "开始安装WireGuard..."
+    # Check Linux distribution
+    if [[ -f /etc/redhat-release ]]; then
+        # Install WireGuard on CentOS / RHEL
+        yum install epel-release -y
+        yum install wireguard-tools -y
+    elif [[ -f /etc/debian_version ]]; then
+        # Install WireGuard on Debian / Ubuntu
+        apt update
+        apt install wireguard -y
+    elif [[ -f /etc/arch-release ]]; then
+        # Install WireGuard on Arch Linux
+        pacman -S wireguard-tools --noconfirm
+    elif [[ "$(uname)" == "Darwin" ]]; then
+        # Install WireGuard on macOS (using Homebrew)
+        brew install wireguard-tools
+    else
+        echo "不受支持的 Linux 发行版或操作系统"
+        exit 1
+    fi
+
+    # Start the WireGuard service
+    systemctl enable wg-quick@wg0
+    systemctl start wg-quick@wg0
+
+    # Check if WireGuard was installed successfully
+    if ! command -v wg &>/dev/null; then
+        echo "WireGuard安装失败"
+        exit 1
+    fi
+
+    echo "WireGuard安装成功"
+}
+
+generate_keys() {
+    # 生成WireGuard私钥和公钥
+    echo "正在生成WireGuard私钥和公钥..."
+    wg genkey | tee /opt/wg/privatekey | wg pubkey > /opt/wg/publickey
+}
+
+create_server_config() {
+    # 服务器端配置
+    read -p "请输入服务器的公网IP地址： " server_public_ip
+    read -p "请输入WireGuard服务器端口号： " server_port
+    read -p "请输入客户端的公钥： " client_public_key
+    read -p "请输入客户端的内网IP地址： " client_internal_ip
+
+    # 创建服务器端配置文件
+    echo "[Interface]" > /opt/wg/wg0.conf
+    echo "PrivateKey = $(cat /opt/wg/privatekey)" >> /opt/wg/wg0.conf
+    echo "Address = $client_internal_ip/24" >> /opt/wg/wg0.conf
+    echo "ListenPort = $server_port" >> /opt/wg/wg0.conf
+
+    echo "" >> /opt/wg/wg0.conf
+    echo "[Peer]" >> /opt/wg/wg0.conf
+    echo "PublicKey = $client_public_key" >> /opt/wg/wg0.conf
+    echo "AllowedIPs = $client_internal_ip/32" >> /opt/wg/wg0.conf
+
+    echo "WireGuard服务器端配置文件已成功创建在 /opt/wg/wg0.conf。"
+}
+
+create_client_config() {
+    # 客户端配置
+    read -p "请输入服务器的公网IP地址： " server_public_ip
+    read -p "请输入WireGuard服务器端口号： " server_port
+    read -p "请输入服务器的公钥： " server_public_key
+    read -p "请输入客户端的内网IP地址： " client_internal_ip
+
+    # 创建客户端配置文件
+    echo "[Interface]" > /opt/wg/wg0.conf
+    echo "PrivateKey = $(cat /opt/wg/privatekey)" >> /opt/wg/wg0.conf
+    echo "Address = $client_internal_ip/24" >> /opt/wg/wg0.conf
+
+    echo "" >> /opt/wg/wg0.conf
+    echo "[Peer]" >> /opt/wg/wg0.conf
+    echo "PublicKey = $server_public_key" >> /opt/wg/wg0.conf
+    echo "Endpoint = $server_public_ip:$server_port" >> /opt/wg/wg0.conf
+    echo "AllowedIPs = 0.0.0.0/0, ::/0" >> /opt/wg/wg0.conf
+
+    echo "WireGuard客户端配置文件已成功创建在 /opt/wg/wg0.conf。"
+}
+
+start_wireguard() {
+    echo "正在启动WireGuard..."
+    wg-quick up wg0
+    echo "WireGuard已启动"
+}
+
+stop_wireguard() {
+    echo "正在停止WireGuard..."
+    wg-quick down wg0
+    echo "WireGuard已停止"
+}
+
+restart_wireguard() {
+    echo "正在重启WireGuard..."
+    systemctl restart wg-quick@wg0
+    echo "WireGuard已重启"
+}
+
+main() {
+    # 创建 /opt/wg 目录存放配置文件
+    mkdir -p /opt/wg
+    # 显示菜单并选择角色
+    echo -e "---------------------------"
+    echo -e "欢迎使用WireGuard配置脚本"
+    echo -e "\t---authored by yanglc---"
+    echo -e "---------------------------"
+    echo "0. 退出脚本"
+    echo "1. 安装Wireguard"
+    echo "2. 配置服务器端（中转）"
+    echo "3. 配置客户端（落地）"
+    echo "4. 启动WireGuard"
+    echo "5. 停止WireGuard"
+    echo "6. 重启WireGuard（systemctl）"
+    echo "7. 重启Wireguard（wg-quick）"
+    read -p "请输入数字: " role
+
+    case $role in
+        0)
+            exit 0
+            ;;
+        1)
+            install_wireguard
+            generate_keys
+            main
+            ;;
+        2)
+            create_server_config
+            main
+            ;;
+        3)
+            create_client_config
+            main
+            ;;
+        4)
+            start_wireguard
+            main
+            ;;
+        5)
+            stop_wireguard
+            main
+            ;;
+        6)
+            restart_wireguard
+            main
+            ;;
+        7)
+            stop_wireguard
+            start_wireguard
+            main
+            ;;
+        *)
+            echo "输入无效的选项。"
+            main
+            ;;
+    esac
+}
+
+main
--- a/xbbox.sh
+++ b/xbbox.sh
@ -82,7 +82,7 @@ install_docker() {

 run_gost() {
    # 下载脚本
-    curl -fsSL https://raw.githubusercontent.com/yangliuchang/xbbox/main/rungost.sh -o rungost.sh
+    curl -fsSL http://example.com -o rungost.sh

    # 添加可执行权限并运行脚本
    chmod +x rungost.sh
@ -90,6 +90,20 @@ run_gost() {

 }

+self_cert() {
+    # 下载脚本
+    curl -fsSL http://example.com -0 selfcert.sh
+
+    chmod +x selfsert.sh
+    ./selfcert.sh
+}
+wginstall(){
+    curl -fsSL http://example.com -0 wginstall.sh
+
+    chmod +x wginstall.sh
+    ./wginstall.sh
+}
+
 menu() {
    echo -e "—————————————— 小白工具箱一键脚本 ——————————————"""
    echo -e "\t---authored by yanglc---"
@ -98,6 +112,8 @@ menu() {
    echo -e "${Green}2.${Plain}  删除自签证书 "
    echo -e "${Green}3.${Plain}  安装Docker "
    echo -e "${Green}4.${Plain}  gost控制脚本"
+    echo -e "${Green}5.${Plain}  自签证书脚本（备用）"
+    echo -e "${Green}6.${Plain}  Wireguard配置脚本"

    # 调用is_root()函数来检查是否为root用户
    is_root
@ -119,6 +135,12 @@ menu() {
    4)
        run_gost
        ;;
+    5)
+        self_cert
+        ;;
+    6)
+        wginstall
+        ;;
    *)
        red "请输入正确的数字"
        ;;