From 1166e699e0b57c3209f86c88e9d24fa7ffd2df3f Mon Sep 17 00:00:00 2001 From: Kiritow <1362050620@qq.com> Date: Tue, 13 Jul 2021 05:59:59 +0000 Subject: [PATCH] Initial Commit --- .gitignore | 3 + Readme.md | 1 + create.sh | 8 +++ install.sh | 22 +++++++ tool_create.py | 153 +++++++++++++++++++++++++++++++++++++++++++++++ tool_generate.py | 45 ++++++++++++++ 6 files changed, 232 insertions(+) create mode 100644 .gitignore create mode 100644 Readme.md create mode 100755 create.sh create mode 100755 install.sh create mode 100755 tool_create.py create mode 100644 tool_generate.py diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..928e49f --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.json +*.conf +start.sh diff --git a/Readme.md b/Readme.md new file mode 100644 index 0000000..1f6898a --- /dev/null +++ b/Readme.md @@ -0,0 +1 @@ +# Wireguard Ops diff --git a/create.sh b/create.sh new file mode 100755 index 0000000..73de563 --- /dev/null +++ b/create.sh @@ -0,0 +1,8 @@ +#!/bin/bash +set -e + +export WG_MYPRIK=$(wg genkey) +export WG_MYPUBK=$(echo $WG_MYPRIK | wg pubkey) + +python3 tool_create.py +python3 tool_generate.py diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..2d6b63f --- /dev/null +++ b/install.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -xe + +apt update +apt install -y curl wireguard python3 + +mkdir -p bin +cd bin +curl -vL https://github.com/wangyu-/udp2raw-tunnel/releases/download/20200818.0/udp2raw_binaries.tar.gz -o udp2raw.tgz + +tar -xvzf udp2raw.tgz udp2raw_amd64 +rm udp2raw.tgz +cd .. + +VERIFIED_HASH="a7ce38b2c30980be4e71c3af8a9c1db8183db349c699fa6f843e67add7e6cca2" +TEMP_HASH=$(sha256sum udp2raw_amd64 | awk '{print $1}') +if [ "$TEMP_HASH" == "$VERIFIED_HASH" ] +then + echo "[OK] udp2raw hash match: $TEMP_HASH" +else + echo "[WARN] udp2raw hash mismatch: $TEMP_HASH. Expected: $VERIFIED_HASH" +fi diff --git a/tool_create.py b/tool_create.py new file mode 100755 index 0000000..a8f7686 --- /dev/null +++ b/tool_create.py @@ -0,0 +1,153 @@ +# -*- coding: utf-8 -*- +import os +import json +import traceback + +try: + with open("config.json") as f: + content = f.read() + config = json.loads(content) + print("[WARN] Found a valid config. Creation of server is skipped.") + exit(0) +except Exception: + print(traceback.format_exc()) + +op_mode = input("What will this node act as? (C)lient [S]erver [M]ixed: ").strip().lower() +if not op_mode: + print("Default to client mode.") + op_mode = "c" + +if op_mode not in ("c", "s", "m"): + print("Invalid node mode. Please try again.") + exit(1) + +udp2raw_config = { + "server": [], + "client": [] +} + +if op_mode in ("s", "m"): + print("====== Configuring udp2raw server ======") + + while True: + print("====== Adding UDP2RAW Server {} ======".format(len(udp2raw_config["server"]) + 1)) + + while True: + udp_server_port = input("Please select an Internet-Facing port for incoming udp2raw connection: ").strip() + if not udp_server_port: + print("A udp2raw listen port is required. Try again.") + continue + break + + while True: + udp_server_password = input("Please input udp2raw tunnel password: ").strip() + if not udp_server_password: + print("A udp2raw tunnel password is required. Try again.") + continue + break + + udp2raw_config["server"].append({ + "port": udp_server_port, + "password": udp_server_password + }) + + if not input("Add more udp2raw server? (Keep empty to finish)").strip(): + break + + +if op_mode in ("c", "m"): + print("====== Configuring udp2raw client ======") + + while True: + print("====== Adding UDP2RAW Client {} ======".format(len(udp2raw_config["client"]) + 1)) + + while True: + udp_server_address = input("Please input remote node internet-facing udp2raw ip:port : ").strip() + if not udp_server_address: + print("A udp2raw remote server information is required. Try again.") + continue + break + + while True: + udp_server_password = input("Please input udp2raw tunnel password: ").strip() + if not udp_server_password: + print("A udp2raw tunnel password is required. Try again.") + continue + break + + udp2raw_config["client"].append({ + "remote": udp_server_address, + "password": udp_server_password, + "port": 28150 + len(udp2raw_config["client"]) + }) + + if not input("Add more udp2raw client? (Keep empty to finish)").strip(): + break + + +wg_prik = os.getenv("WG_MYPRIK") +wg_pubk = os.getenv("WG_MYPUBK") +wg_mtu = "1000" +print("====== Your Wireguard Public Key ======") +print(wg_pubk) +print("=======================================") + +ifname = input("Input new wireguard interface name (wg0):").strip() or "wg0" +listen_port = input("Input new wireguard listen port (51820): ").strip() or "51820" +while True: + ifip = input("Input wireguard interface ip (Example: 10.0.0.1): ").strip() + if not ifip: + print("You MUST set a valid wireguard interface IP. Try Again.") + continue + break + +peers = [] + +while True: + print("====== Adding Peer {} ======".format(len(peers) + 1)) + while True: + peer_pubk = input("Enter Wireguard Peer Public Key: ").strip() + if not peer_pubk: + print("A public key is required. Try Again.") + continue + break + while True: + peer_allowed = input("Enter Wireguard Peer AllowedIPs (CIDR, Example: 10.0.0.0/24): ").strip() + if not peer_allowed: + print("Peer allowed ips required. Try Again.") + continue + break + + print(">>> Choose from following udp2raw clients <<<") + for index, client_info in enumerate(udp2raw_config["client"]): + print("[{}] UDP2Raw Tunnel to Remote {}".format(index + 1, client_info["remote"])) + + peer_endpoint = input("Enter Wireguard Peer Endpoint (ID from tunnel list, keep empty on server side): ").strip() + peer_keepalive = input("Enter Wireguard Peer Keep Alive seconds (Keep empty on server side): ").strip() + + peers.append({ + "pubkey": peer_pubk, + "allowed": peer_allowed, + "endpoint": peer_endpoint, + "keepalive": peer_keepalive + }) + + if not input("Add more peers? (Keep empty to finish)").strip(): + break + +print("Saving to local config...") + +config = { + "mode": op_mode, + "pubkey": wg_pubk, + "prikey": wg_prik, + "mtu": wg_mtu, + "interface": ifname, + "ip": ifip, + "listen": listen_port, + "peers": peers, + "udp2raw": udp2raw_config +} + +with open("config.json", "w") as f: + f.write(json.dumps(config, ensure_ascii=False)) diff --git a/tool_generate.py b/tool_generate.py new file mode 100644 index 0000000..e9e38ad --- /dev/null +++ b/tool_generate.py @@ -0,0 +1,45 @@ +# -*- coding: utf-8 -*- +import json +import traceback + +try: + with open("config.json") as f: + content = f.read() + config = json.loads(content) +except Exception: + print(traceback.format_exc()) + print("[ERROR] No valid config found.") + +udp_clients = config["udp2raw"]["client"] +udp_servers = config["udp2raw"]["server"] + +with open("{}.conf".format(config["interface"]), "w", encoding='utf-8') as f: + f.write('''[Interface] +Address = {} +PrivateKey = {} +ListenPort = {} +MTU = {} +'''.format(config["ip"], config["prikey"], config["listen"], config["mtu"])) + + for info in config["peers"]: + f.write('''[Peer] +PublicKey = {} +AllowedIPs = {} +'''.format(info["pubkey"], info["allowed"])) + if info["endpoint"]: + f.write("Endpoint = 127.0.0.1:{}\n".format(udp_clients[int(info["endpoint"]) - 1]["port"])) + if info["keepalive"]: + f.write("PersistentKeepalive = {}".format(info["keepalive"])) + +with open("start.sh", "w", encoding='utf-8') as f: + f.write('''#!/bin/bash +set -x +tmux new-session -s tunnel -d +''') + for info in udp_clients: + f.write('''tmux new-window -t tunnel -d './udp2raw_amd64 -c -l127.0.0.1:{} -r{} -k "{}" --raw-mode faketcp -a' \n'''.format(info["port"], info["remote"], info["password"])) + + for info in udp_servers: + f.write('''tmux new-window -t tunnel -d './udp2raw_amd64 -s -l0.0.0.0:{} -r 127.0.0.1:{} -k "{}" --raw-mode faketcp -a' \n'''.format(info["port"], config["listen"], info["password"])) + + f.write('''tmux attach-session -t tunnel\n''')