add wireguard

main
yanglc 2023-08-29 17:20:09 +08:00
parent 79f73beb63
commit 5f30580bfb
3 changed files with 282 additions and 2 deletions

95
selfcert.sh Normal file
View File

@ -0,0 +1,95 @@
#!/bin/bash
RED_COLOR="\033[0;31m"
NO_COLOR="\033[0m"
GREEN="\033[32m\033[01m"
create_ssl(){
mkdir -p /opt/ssl
cd /opt/ssl
servername=$(curl -4 -s https://ip.nekocat.cn)
cat > my-openssl.cnf << EOF
[ ca ]
default_ca = CA_default
[ CA_default ]
x509_extensions = usr_cert
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
string_mask = utf8only
[ req_distinguished_name ]
[ req_attributes ]
[ usr_cert ]
basicConstraints = CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = CA:true
EOF
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -subj "/CN=${servername}" -days 5000 -out ca.crt
openssl genrsa -out server.key 2048
openssl req -new -sha256 -key server.key \
-subj "/C=CN/ST=yanglc/L=yanglc/O=igewu.org/CN=${servername}" \
-reqexts SAN \
-config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${servername},IP:${servername}")) \
-out server.csr
openssl x509 -req -days 365 -sha256 \
-in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
-extfile <(printf "subjectAltName=DNS:${servername},IP:${servername}") \
-out server.crt
cat /opt/ssl/ca.crt
echo -e "${GREEN} 自签名证书已成功生成!${NO_COLOR}"
}
uninstall_ssl() {
rm -r /opt/ssl
}
ssl_info() {
echo "证书在/opt/ssl文件夹下"
echo "你的证书为:"
cat /opt/ssl/server.crt
echo "你的密钥为:"
cat /opt/ssl/server.key
}
menu() {
echo -e "—————————————— 自签证书一键脚本 ——————————————"""
echo -e "\t---authored by yanglc---"
echo -e "${Green}0.${Plain} 退出 "
echo -e "${Green}1.${Plain} 生成自签证书 "
echo -e "${Green}2.${Plain} 删除自签证书 "
echo -e "${Green}3.${Plain} 查看证书信息 "
read -rp "请输入数字:" menu_num
case $menu_num in
0)
exit 0
;;
1)
create_ssl
menu
;;
2)
uninstall_ssl
menu
;;
3)
ssl_info
menu
;;
*)
red "请输入正确的数字"
;;
esac
}
menu

163
wginstall.sh Normal file
View File

@ -0,0 +1,163 @@
#!/bin/bash
install_wireguard() {
echo "开始安装WireGuard..."
# Check Linux distribution
if [[ -f /etc/redhat-release ]]; then
# Install WireGuard on CentOS / RHEL
yum install epel-release -y
yum install wireguard-tools -y
elif [[ -f /etc/debian_version ]]; then
# Install WireGuard on Debian / Ubuntu
apt update
apt install wireguard -y
elif [[ -f /etc/arch-release ]]; then
# Install WireGuard on Arch Linux
pacman -S wireguard-tools --noconfirm
elif [[ "$(uname)" == "Darwin" ]]; then
# Install WireGuard on macOS (using Homebrew)
brew install wireguard-tools
else
echo "不受支持的 Linux 发行版或操作系统"
exit 1
fi
# Start the WireGuard service
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
# Check if WireGuard was installed successfully
if ! command -v wg &>/dev/null; then
echo "WireGuard安装失败"
exit 1
fi
echo "WireGuard安装成功"
}
generate_keys() {
# 生成WireGuard私钥和公钥
echo "正在生成WireGuard私钥和公钥..."
wg genkey | tee /opt/wg/privatekey | wg pubkey > /opt/wg/publickey
}
create_server_config() {
# 服务器端配置
read -p "请输入服务器的公网IP地址 " server_public_ip
read -p "请输入WireGuard服务器端口号 " server_port
read -p "请输入客户端的公钥: " client_public_key
read -p "请输入客户端的内网IP地址 " client_internal_ip
# 创建服务器端配置文件
echo "[Interface]" > /opt/wg/wg0.conf
echo "PrivateKey = $(cat /opt/wg/privatekey)" >> /opt/wg/wg0.conf
echo "Address = $client_internal_ip/24" >> /opt/wg/wg0.conf
echo "ListenPort = $server_port" >> /opt/wg/wg0.conf
echo "" >> /opt/wg/wg0.conf
echo "[Peer]" >> /opt/wg/wg0.conf
echo "PublicKey = $client_public_key" >> /opt/wg/wg0.conf
echo "AllowedIPs = $client_internal_ip/32" >> /opt/wg/wg0.conf
echo "WireGuard服务器端配置文件已成功创建在 /opt/wg/wg0.conf。"
}
create_client_config() {
# 客户端配置
read -p "请输入服务器的公网IP地址 " server_public_ip
read -p "请输入WireGuard服务器端口号 " server_port
read -p "请输入服务器的公钥: " server_public_key
read -p "请输入客户端的内网IP地址 " client_internal_ip
# 创建客户端配置文件
echo "[Interface]" > /opt/wg/wg0.conf
echo "PrivateKey = $(cat /opt/wg/privatekey)" >> /opt/wg/wg0.conf
echo "Address = $client_internal_ip/24" >> /opt/wg/wg0.conf
echo "" >> /opt/wg/wg0.conf
echo "[Peer]" >> /opt/wg/wg0.conf
echo "PublicKey = $server_public_key" >> /opt/wg/wg0.conf
echo "Endpoint = $server_public_ip:$server_port" >> /opt/wg/wg0.conf
echo "AllowedIPs = 0.0.0.0/0, ::/0" >> /opt/wg/wg0.conf
echo "WireGuard客户端配置文件已成功创建在 /opt/wg/wg0.conf。"
}
start_wireguard() {
echo "正在启动WireGuard..."
wg-quick up wg0
echo "WireGuard已启动"
}
stop_wireguard() {
echo "正在停止WireGuard..."
wg-quick down wg0
echo "WireGuard已停止"
}
restart_wireguard() {
echo "正在重启WireGuard..."
systemctl restart wg-quick@wg0
echo "WireGuard已重启"
}
main() {
# 创建 /opt/wg 目录存放配置文件
mkdir -p /opt/wg
# 显示菜单并选择角色
echo -e "---------------------------"
echo -e "欢迎使用WireGuard配置脚本"
echo -e "\t---authored by yanglc---"
echo -e "---------------------------"
echo "0. 退出脚本"
echo "1. 安装Wireguard"
echo "2. 配置服务器端(中转)"
echo "3. 配置客户端(落地)"
echo "4. 启动WireGuard"
echo "5. 停止WireGuard"
echo "6. 重启WireGuardsystemctl"
echo "7. 重启Wireguardwg-quick"
read -p "请输入数字: " role
case $role in
0)
exit 0
;;
1)
install_wireguard
generate_keys
main
;;
2)
create_server_config
main
;;
3)
create_client_config
main
;;
4)
start_wireguard
main
;;
5)
stop_wireguard
main
;;
6)
restart_wireguard
main
;;
7)
stop_wireguard
start_wireguard
main
;;
*)
echo "输入无效的选项。"
main
;;
esac
}
main

View File

@ -82,7 +82,7 @@ install_docker() {
run_gost() {
# 下载脚本
curl -fsSL https://raw.githubusercontent.com/yangliuchang/xbbox/main/rungost.sh -o rungost.sh
curl -fsSL http://example.com -o rungost.sh
# 添加可执行权限并运行脚本
chmod +x rungost.sh
@ -90,6 +90,20 @@ run_gost() {
}
self_cert() {
# 下载脚本
curl -fsSL http://example.com -0 selfcert.sh
chmod +x selfsert.sh
./selfcert.sh
}
wginstall(){
curl -fsSL http://example.com -0 wginstall.sh
chmod +x wginstall.sh
./wginstall.sh
}
menu() {
echo -e "—————————————— 小白工具箱一键脚本 ——————————————"""
echo -e "\t---authored by yanglc---"
@ -98,6 +112,8 @@ menu() {
echo -e "${Green}2.${Plain} 删除自签证书 "
echo -e "${Green}3.${Plain} 安装Docker "
echo -e "${Green}4.${Plain} gost控制脚本"
echo -e "${Green}5.${Plain} 自签证书脚本(备用)"
echo -e "${Green}6.${Plain} Wireguard配置脚本"
# 调用is_root()函数来检查是否为root用户
is_root
@ -119,6 +135,12 @@ menu() {
4)
run_gost
;;
5)
self_cert
;;
6)
wginstall
;;
*)
red "请输入正确的数字"
;;