debian一键安装wireguard
<p>#!/bin/bash</p><p>WG_PORT='51820'<br>IPAddr=`wget --no-check-certificate -qO- http://moeclub.org/address`<br>POOL='https://deb.debian.org/debian/pool/main/w/wireguard/'</p>
<p>[ `dpkg -s libc6 |grep '^Version' |grep -o '\{4\}' |head -n1 |cut -d'.' -f2` -ge "14" ] || exit 0</p>
<p>apt-get update<br>apt-get install -y libmnl-dev libelf-dev linux-headers-$(uname -r) build-essential pkg-config dkms resolvconf dnsmasq qrencode</p>
<p>arch=`dpkg --print-architecture`<br>Version=`wget --no-check-certificate -qO- "${POOL}" |grep -o 'wireguard_\{1,\}_' |head -n1 |cut -d'_' -f2`<br>[ -n "$Version" ] || exit 1</p>
<p>wget --no-check-certificate -qO "/tmp/wireguard_${Version}_all.deb" "${POOL}wireguard_${Version}_all.deb"<br>wget --no-check-certificate -qO "/tmp/wireguard-dkms_${Version}_all.deb" "${POOL}wireguard-dkms_${Version}_all.deb"<br>wget --no-check-certificate -qO "/tmp/wireguard-tools_${Version}_${arch}.deb" "${POOL}wireguard-tools_${Version}_${arch}.deb"</p>
<p>dpkg -i "/tmp/wireguard-tools_${Version}_${arch}.deb"<br>dpkg -i "/tmp/wireguard-dkms_${Version}_all.deb"<br>dpkg -i "/tmp/wireguard_${Version}_all.deb"</p>
<p>[ -d /etc/wireguard ] && {<br>command -v wg >/dev/null 2>&1<br>[ $? == 0 ] || exit 1<br>sed -i '/#\?net.ipv4.ip_forward/d' /etc/sysctl.conf<br>sed -i '$a\net.ipv4.ip_forward=1' /etc/sysctl.conf<br>sysctl -p</p>
<p>cat >/etc/dnsmasq.conf<<EOF<br>except-interface=eth0<br>dhcp-range=192.168.8.2,192.168.8.254,255.255.255.0,24h<br>dhcp-option-force=option:router,192.168.8.1<br>dhcp-option-force=option:dns-server,192.168.8.1<br>dhcp-option-force=option:netbios-ns,192.168.8.1<br>listen-address=127.0.0.1,192.168.8.1<br>no-resolv<br>bogus-priv<br>no-negcache<br>clear-on-reload<br>cache-size=81920<br>server=208.67.220.220#5353<br>EOF</p>
<p>cd /etc/wireguard<br>wg genkey |tee privatekey |wg pubkey > publickey<br>wg genpsk > presharedkey</p>
<p>wg genkey |tee privatekey.client |wg pubkey > publickey.client</p>
<p>ServerKey=`cat privatekey`<br>ServerPub=`cat publickey`<br>ServerPsk=`cat presharedkey`<br>ClientKey=`cat privatekey.client`<br>ClientPub=`cat publickey.client`</p>
<p>cat >simple.conf<<EOF<br><br>PrivateKey = $ServerKey<br>Address = 192.168.8.1/24<br>#ListenPort = $WG_PORT<br>DNS = 192.168.8.1<br>#PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;<br>#PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;</p>
<p><br>#Endpoint = ${IPAddr}:${WG_PORT}<br>PublicKey = $ClientPub<br>AllowedIPs = 192.168.8.1/24<br>PresharedKey = $ServerPsk</p>
<p>EOF</p>
<p>cp -rf /etc/wireguard/simple.conf /etc/wireguard/wg0.conf<br>cp -rf /etc/wireguard/simple.conf /etc/wireguard/wg0-client.conf</p>
<p># Server<br>sed -i 's/#ListenPort/ListenPort/' /etc/wireguard/wg0.conf<br>sed -i 's/#PostUp/PostUp/' /etc/wireguard/wg0.conf<br>sed -i 's/#PostDown/PostDown/' /etc/wireguard/wg0.conf<br>sed -i "/^#/d" /etc/wireguard/wg0.conf</p>
<p># Client<br>sed -i 's/#Endpoint/Endpoint/' /etc/wireguard/wg0-client.conf<br>sed -i "s|PrivateKey =.*|PrivateKey = $ClientKey|" /etc/wireguard/wg0-client.conf<br>sed -i "s|PublicKey =.*|PublicKey = $ServerPub|" /etc/wireguard/wg0-client.conf<br>sed -i "s|Address =.*|Address = 192.168.8.2/24|" /etc/wireguard/wg0-client.conf<br>sed -i "s|AllowedIPs =.*|AllowedIPs = 0.0.0.0/0|" /etc/wireguard/wg0-client.conf<br>sed -i "/^#/d" /etc/wireguard/wg0-client.conf</p>
<p># Print QR code for client config.<br>cat /etc/wireguard/wg0-client.conf |qrencode -o - -t UTF8</p>
<p># Add to start up<br>sed -i '/wg-quick/d' /etc/crontab<br>echo -e "@reboot root wg-quick down wg0 2>/dev/null; wg-quick up wg0\n\n" >>/etc/crontab</p>
<p># Try it!<br>wg-quick down wg0 2>/dev/null; wg-quick up wg0<br>}</p><br><br>
来源:https://www.cnblogs.com/yanzi2020/p/14533052.html
頁:
[1]