One-click Installation Script for WireGuard

This script is applicable to the environment

System support: CentOS 7+, Debian 8+, Raspbian 10, Ubuntu 16+, Fedora 29+
Memory requirements: ≥256M
Date: April 2, 2020

About this script

1. Supports two installation methods: compiling and installing from code, and installing directly from repository;
2. The script will create the default wg0 device, the client configuration of wg0, and generate the QR code png image corresponding to the client configuration;
3. The script will modify the local firewall settings. If the firewall is not enabled, a warning will appear and you need to set it manually;
4. The script will randomly generate listening ports from 1024 to 20480;
5. The script supports adding, deleting, and listing client functions;
6. The script supports checking the version number of the installed WireGuard;
7. The script supports upgrading WireGuard to the latest version from code compilation and installation;

Client Downloads

Windows, macOS, Android, iOS clients
https://www.wireguard.com/install/

How to use the script

Log in to the system as the root user, run the following command to download the script, and grant execution permissions:

wget --no-check-certificate -O /opt/wireguard.sh https://raw.githubusercontent.com/teddysun/across/master/wireguard.sh
chmod 755 /opt/wireguard.sh

write in front

The installation and use conditions for WireGuard arerather harshof.Therefore I do not recommendproduction systemInstall and use WireGuard unless you know what you are doing.
It depends on the kernel, that is, kernel. In different systems,Kernel, kernel source package, kernel header fileMust exist and the three versions must be consistent.
The names of rpm systems such as RedHat, CentOS, Fedora, Oracle Linux, Amazon Linux, etc. are kernel, kernel-devel, and kernel-headers.
The names of deb systems such as Debian and Ubuntu are kernel and linux-headers.
If any of these three conditions are not met, no matter whether it is compiled and installed from the code or installed directly from the repository, only wireguard-tools is installed.
The real working part of WireGuard is wireguard-dkms, which is dynamic kernel module support (DKMS), which compiles WireGuard into the system kernel.
Therefore, in some VPS merchants, you need to change the system kernel yourself first and install these three in advance, so that there may be no compilation or installation failure.

When I was testing, I experienced installation failures caused by various kernel problems. If you also encounter the same problem, it is recommended to replace the kernel first.
As far as my personal experience is concerned, it is easiest to replace the kernel with elrepo under CentOS 7. There is a script here that can change to the latest version of the kernel and automatically enable the BBR network transmission algorithm.
Install the latest kernel and open the BBR script with one click
After this script is run, you will be prompted to restart the system. At this time, you can enter n to not restart the system yet. To install kernel-headers manually, run the following command:

yum -y install kernel-ml-headers

Then restart it. Run the following command:

reboot

After restarting, enter the system and run the following code to compile and install WireGuard. Basically, there will be no problem of installation failure.
Note: After changing the kernel independently, I recommend installing WireGuard using Compile from Code.

Change log

April 2, 2020:
Linux kernel 5.6 has been officially released, with built-in wireguard module.
This update adds the detection system kernel version. If it is greater than or equal to 5.6, the wireguard module will not be installed, only the wireguard tools will be installed, and then the default configuration will be generated.
When the system kernel is less than 5.6, the wireguard module and tools are still installed and the default configuration is generated.

January 6, 2020:
The good news is that WireGuard is about to be merged into kernel 5.6.
So the author recently changed the name of the repo, causing the script to be unable to obtain the correct version number.
And the original repo was split into two and changed to wireguard-linux-compat and wireguard-tools respectively. The former is a kernel module and the latter is a command line tool.
This update fixes the above issues.

November 16, 2019:
1. Correct the order of parameters when creating the client configuration file to be consistent with the display order of the Windows client.
2. Added Windows client configuration example instructions.

October 27, 2019:
1. Added new uninstall function, please refer to the following for how to use itUninstall method
2. Supports installation from repository under CentOS8, or compilation and installation from code.

Install WireGuard from code compilation

/opt/wireguard.sh -s

Install WireGuard directly from the repository

/opt/wireguard.sh -r

After the installation is complete, the script prompts as follows

WireGuard VPN Server installation completed
WireGuard VPN default client file is below:
/etc/wireguard/wg0_client
WireGuard VPN default client QR Code is below:
/etc/wireguard/wg0_client.png
Download and scan this QR Code with your phone
Welcome to visit: https://teddysun.com/554.html
Enjoy it

Uninstall method

/opt/wireguard.sh -n

Other usage options

Check the installed WireGuard version number

/opt/wireguard.sh -v

Compile and upgrade WireGuard to the latest version

/opt/wireguard.sh -u

Added WireGuard client configuration

/opt/wireguard.sh -a

Delete WireGuard client configuration
Note: The default client wg0 does not allow deletion

/opt/wireguard.sh -d

List WireGuard client configuration

/opt/wireguard.sh -l

Advanced usage

If you need to customize the port you want during installation, you can export the value of the variable VPN_SERVER_WG_PORT, so that the script will read the variable value to define the listening port instead of randomly generating it by itself.
For example, if you want to customize the port to 1234, the specific method is to run the following command before compiling and installing WireGuard from code or installing WireGuard directly from the repository:

export VPN_SERVER_WG_PORT=1234

Below is a list of variable names used in the script (11 in total), and an explanation of what they mean.
VPN_SERVER_PUB_IPV4 defines the server public IPv4. If there are multiple available public IPv4s on your server, specify the value of this variable.
VPN_SERVER_PUB_IPV6 defines the server public IPv6. If there are multiple available public IPv6s on your server, specify the value of this variable.
VPN_SERVER_PUB_NIC, defines the default network card name of the server. If your server has multiple available network cards, specify the value of this variable.
VPN_SERVER_WG_NIC, defines the WireGuard network card name, the default is wg0, it is generally not recommended to specify the value of this variable here.
VPN_SERVER_WG_IPV4 defines the internal IPv4 of the WireGuard server. The default is 10.88.88.1. It is generally not recommended to specify the value of this variable here.
VPN_SERVER_WG_IPV6 defines the intranet IPv6 of the WireGuard server. The default is fd88:88:88::1. It is generally not recommended to specify the value of this variable here.
VPN_SERVER_WG_PORT, the listening port of the definer WireGuard server, is randomly generated from 1024 to 20480 by default. If you want to customize the port, specify the value of this variable.
VPN_CLIENT_WG_IPV4 defines WireGuard's default client's intranet IPv4, which defaults to 10.88.88.2. It is generally not recommended to specify the value of this variable here.
VPN_CLIENT_WG_IPV6 defines WireGuard's default client's intranet IPv6, which defaults to fd88:88:88::2. It is generally not recommended to specify the value of this variable here.
VPN_CLIENT_DNS_1, defines the DNS of WireGuard's default client, which defaults to 1.1.1.1. If you want to customize it to another DNS, specify the value of this variable.
VPN_CLIENT_DNS_2, defines the DNS of WireGuard's default client, which defaults to 8.8.8.8. If you want to customize it to another DNS, specify the value of this variable.

Windows client configuration

Download, install, open the client software, click Add Tunnel -> Add empty tunnel…

An editable interface will appear. Copy, paste and save the contents of the client configuration /etc/wireguard/wg0_client generated by the script.

Click Activate to connect to VPN.

Reference link

https://www.wireguard.com
https://github.com/WireGuard/WireGuard
https://git.zx2c4.com/WireGuard
https://golb.hplar.ch/2019/07/wireguard-windows.html

Leave a Reply

Your email address will not be published. Required fields are marked *

© Copyright 2024, All Rights Reserved  |  hoxnian
Back to top button