Linux-Shell/run-wireguard.sh

#更新RHEL9.0内核
update_kernel_el9(){
    
    rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org 
    yum install -y https://www.elrepo.org/elrepo-release-9.el9.elrepo.noarch.rpm
    dnf remove -y kernel-devel
    yum --enablerepo=elrepo-kernel install -y kernel-ml
    read -p "需要重启服务器，再次执行脚本选择安装wireguard，是否现在重启 ? [Y/n] :" yn
	[ -z "${yn}" ] && yn="y"
	if [[ $yn == [Yy] ]]; then
		echo -e "服务器 重启中..."
		reboot
	fi
}
#升级Redhat Enterprise Linux 8.x操作系统内核
update_kernel_el8(){
    
    rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org 
    yum install -y https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
    yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
    sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
    sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*

    dnf remove -y kernel-devel
    yum --enablerepo=elrepo-kernel install -y kernel-ml
    read -p "需要重启服务器，再次执行脚本选择安装wireguard，是否现在重启 ? [Y/n] :" yn
	[ -z "${yn}" ] && yn="y"
	if [[ $yn == [Yy] ]]; then
		echo -e "服务器 重启中..."
		reboot
	fi
}

#生成随机端口
rand(){
    min=$1
    max=$(($2-$min+1))
    num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
    echo $(($num%$max+$min))  
}

wireguard_update(){
    dnf update -y wireguard-tools
    echo "更新完成"
}

wireguard_remove(){
    wg-quick down wg0
    dnf remove -y wireguard-dkms wireguard-tools
    rm -rf /etc/wireguard/
    echo "卸载完成"
}

config_client(){
cat > /etc/wireguard/client.conf <<-EOF
[Interface]
PrivateKey = $c1
Address = 10.192.64.2/32
DNS = 8.8.8.8
MTU = 1420

[Peer]
PublicKey = $s2
Endpoint = $serverip:$port
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF

}

#Redhat Enterprise Linux 9.2操作系统安装Wireguard
wireguard_install(){
    dnf install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel
    dnf install -y wireguard-tools
    dnf install -y wireguard-dkms
    
    systemctl enable --now systemd-resolved
    systemctl start systemd-resolved
    systemctl restart systemd-resolved

    dnf install -y qrencode
    mkdir /etc/wireguard
    cd /etc/wireguard
    wg genkey | tee sprivatekey | wg pubkey > spublickey
    wg genkey | tee cprivatekey | wg pubkey > cpublickey
    s1=$(cat sprivatekey)
    s2=$(cat spublickey)
    c1=$(cat cprivatekey)
    c2=$(cat cpublickey)
    serverip=$(curl https://ddnsip.cn)
    port=$(rand 10000 60000)
    eth=$(ls /sys/class/net | grep e | head -1)
    chmod 777 -R /etc/wireguard
    systemctl stop firewalld
    systemctl disable firewalld
    dnf install -y iptables-services 
    systemctl enable iptables 
    systemctl start iptables 
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -F
    service iptables save
    service iptables restart
    echo 1 > /proc/sys/net/ipv4/ip_forward
    echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
    sysctl -p
cat > /etc/wireguard/wg0.conf <<-EOF
[Interface]
PrivateKey = $s1
Address = 10.192.0.1/16 
PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -I FORWARD -s 10.192.0.1/24 -d 10.192.0.1/24 -j DROP; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -D FORWARD -s 10.192.0.1/24 -d 10.192.0.1/24 -j DROP; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE
ListenPort = $port
DNS = 8.8.8.8
MTU = 1420

[Peer]
PublicKey = $c2
AllowedIPs = 10.192.64.2/32
EOF

    config_client
    wg-quick up wg0
    systemctl enable wg-quick@wg0
    content=$(cat /etc/wireguard/client.conf)
    echo "电脑端请下载client.conf，手机端可直接使用软件扫码"
    echo "${content}" | qrencode -o - -t UTF8
}
#添加用户
add_user(){
    echo -e "\033[37;41m给新用户起个名字，不能和已有用户重复\033[0m"
    read -p "请输入用户名：" newname
    cd /etc/wireguard/
    cp client.conf $newname.conf
    wg genkey | tee temprikey | wg pubkey > tempubkey
    ipnum=$(grep Allowed /etc/wireguard/wg0.conf | tail -1 | awk -F '[ ./]' '{print $6}')
    newnum=$((10#${ipnum}+1))
    sed -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $newname.conf
    sed -i 's%^Address.*$%'"Address = 10.192.64.$newnum\/32"'%' $newname.conf

cat >> /etc/wireguard/wg0.conf <<-EOF
[Peer]
PublicKey = $(cat tempubkey)
AllowedIPs = 10.192.64.$newnum/32
EOF
    wg set wg0 peer $(cat tempubkey) allowed-ips 10.192.64.$newnum/32
    echo -e "\033[37;41m添加完成，文件：/etc/wireguard/$newname.conf\033[0m"
    rm -f temprikey tempubkey
}
#开始菜单
start_menu(){
    clear
    echo "========================="
    echo " Intruduction：The Shell-Script Fit Redhat Enterprise Linux 9 Operation-System"
    echo " Auther：Huibai"
    echo "========================="
    echo "1. Upgrade RHEL9 Linux System Kernel(Not Necessary)"
    echo "2. Install Wireguard VPN"
    echo "3. Upgrade Wireguard VPN"
    echo "4. Uninstall Wireguard VPN"
    echo "5. Show Code"
    echo "6. Add User"
    echo "7. Upgrade RHEL8 Linux System Kernel"

    echo "0. Exit Shell"

    echo
    read -p "Please Enter The Number:" num
#数字对应程序
    case "$num" in
    	1)
	        update_kernel_el9
	    ;;
	    2)
	        wireguard_install
	    ;;
	    3)
	        wireguard_update
	    ;;
	    4)
	        wireguard_remove
	    ;;
	    5)
	        content=$(cat /etc/wireguard/client.conf)
    	        echo "${content}" | qrencode -o - -t UTF8
	    ;;
	    6)
	        add_user
	    ;;
        7)
	        update_kernel_el8
	    ;;
	    0)
	        exit 1
	    ;;
	    *)
	clear
	    echo "请输入正确数字"
	    sleep 5s
	    start_menu
	;;
    esac
}

    start_menu