Initial Commit

2024-03-22 13:11:37 +08:00 · 2021-07-13 05:59:59 +00:00 · 2021-07-13 05:59:59 +00:00 · 1166e699e0
commit 1166e699e0
6 changed files with 232 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
+*.json
+*.conf
+start.sh
--- a/Readme.md
+++ b/Readme.md
@ -0,0 +1 @@
+# Wireguard Ops
--- a/create.sh
+++ b/create.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+
+export WG_MYPRIK=$(wg genkey)
+export WG_MYPUBK=$(echo $WG_MYPRIK | wg pubkey)
+
+python3 tool_create.py
+python3 tool_generate.py
--- a/install.sh
+++ b/install.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+set -xe
+
+apt update
+apt install -y curl wireguard python3
+
+mkdir -p bin
+cd bin
+curl -vL https://github.com/wangyu-/udp2raw-tunnel/releases/download/20200818.0/udp2raw_binaries.tar.gz -o udp2raw.tgz
+
+tar -xvzf udp2raw.tgz udp2raw_amd64
+rm udp2raw.tgz
+cd ..
+
+VERIFIED_HASH="a7ce38b2c30980be4e71c3af8a9c1db8183db349c699fa6f843e67add7e6cca2"
+TEMP_HASH=$(sha256sum udp2raw_amd64 | awk '{print $1}')
+if [ "$TEMP_HASH" == "$VERIFIED_HASH" ]
+then
+    echo "[OK] udp2raw hash match: $TEMP_HASH"
+else
+    echo "[WARN] udp2raw hash mismatch: $TEMP_HASH. Expected: $VERIFIED_HASH"
+fi
--- a/tool_create.py
+++ b/tool_create.py
@ -0,0 +1,153 @@
+# -*- coding: utf-8 -*-
+import os
+import json
+import traceback
+
+try:
+    with open("config.json") as f:
+        content = f.read()
+    config = json.loads(content)
+    print("[WARN] Found a valid config. Creation of server is skipped.")
+    exit(0)
+except Exception:
+    print(traceback.format_exc())
+
+op_mode = input("What will this node act as? (C)lient [S]erver [M]ixed: ").strip().lower()
+if not op_mode:
+    print("Default to client mode.")
+    op_mode = "c"
+
+if op_mode not in ("c", "s", "m"):
+    print("Invalid node mode. Please try again.")
+    exit(1)
+
+udp2raw_config = {
+    "server": [],
+    "client": []
+}
+
+if op_mode in ("s", "m"):
+    print("====== Configuring udp2raw server ======")
+
+    while True:
+        print("====== Adding UDP2RAW Server {} ======".format(len(udp2raw_config["server"]) + 1))
+
+        while True:
+            udp_server_port = input("Please select an Internet-Facing port for incoming udp2raw connection: ").strip()
+            if not udp_server_port:
+                print("A udp2raw listen port is required. Try again.")
+                continue
+            break
+
+        while True:
+            udp_server_password = input("Please input udp2raw tunnel password: ").strip()
+            if not udp_server_password:
+                print("A udp2raw tunnel password is required. Try again.")
+                continue
+            break
+
+        udp2raw_config["server"].append({
+            "port": udp_server_port,
+            "password": udp_server_password
+        })
+
+        if not input("Add more udp2raw server? (Keep empty to finish)").strip():
+            break
+
+
+if op_mode in ("c", "m"):
+    print("====== Configuring udp2raw client ======")
+
+    while True:
+        print("====== Adding UDP2RAW Client {} ======".format(len(udp2raw_config["client"]) + 1))
+
+        while True:
+            udp_server_address = input("Please input remote node internet-facing udp2raw ip:port : ").strip()
+            if not udp_server_address:
+                print("A udp2raw remote server information is required. Try again.")
+                continue
+            break
+
+        while True:
+            udp_server_password = input("Please input udp2raw tunnel password: ").strip()
+            if not udp_server_password:
+                print("A udp2raw tunnel password is required. Try again.")
+                continue
+            break
+
+        udp2raw_config["client"].append({
+            "remote": udp_server_address,
+            "password": udp_server_password,
+            "port": 28150 + len(udp2raw_config["client"])
+        })
+    
+        if not input("Add more udp2raw client? (Keep empty to finish)").strip():
+            break
+
+
+wg_prik = os.getenv("WG_MYPRIK")
+wg_pubk = os.getenv("WG_MYPUBK")
+wg_mtu = "1000"
+print("====== Your Wireguard Public Key ======")
+print(wg_pubk)
+print("=======================================")
+
+ifname = input("Input new wireguard interface name (wg0):").strip() or "wg0"
+listen_port = input("Input new wireguard listen port (51820): ").strip() or "51820"
+while True:
+    ifip = input("Input wireguard interface ip (Example: 10.0.0.1): ").strip()
+    if not ifip:
+        print("You MUST set a valid wireguard interface IP. Try Again.")
+        continue
+    break
+
+peers = []
+
+while True:
+    print("====== Adding Peer {} ======".format(len(peers) + 1))
+    while True:
+        peer_pubk = input("Enter Wireguard Peer Public Key: ").strip()
+        if not peer_pubk:
+            print("A public key is required. Try Again.")
+            continue
+        break
+    while True:
+        peer_allowed = input("Enter Wireguard Peer AllowedIPs (CIDR, Example: 10.0.0.0/24): ").strip()
+        if not peer_allowed:
+            print("Peer allowed ips required. Try Again.")
+            continue
+        break
+
+    print(">>> Choose from following udp2raw clients <<<")
+    for index, client_info in enumerate(udp2raw_config["client"]):
+        print("[{}] UDP2Raw Tunnel to Remote {}".format(index + 1, client_info["remote"]))
+
+    peer_endpoint = input("Enter Wireguard Peer Endpoint (ID from tunnel list, keep empty on server side): ").strip()
+    peer_keepalive = input("Enter Wireguard Peer Keep Alive seconds (Keep empty on server side): ").strip()
+
+    peers.append({
+        "pubkey": peer_pubk,
+        "allowed": peer_allowed,
+        "endpoint": peer_endpoint,
+        "keepalive": peer_keepalive
+    })
+
+    if not input("Add more peers? (Keep empty to finish)").strip():
+        break
+
+print("Saving to local config...")
+
+config = {
+    "mode": op_mode,
+    "pubkey": wg_pubk,
+    "prikey": wg_prik,
+    "mtu": wg_mtu,
+    "interface": ifname,
+    "ip": ifip,
+    "listen": listen_port,
+    "peers": peers,
+    "udp2raw": udp2raw_config
+}
+
+with open("config.json", "w") as f:
+    f.write(json.dumps(config, ensure_ascii=False))
--- a/tool_generate.py
+++ b/tool_generate.py
@ -0,0 +1,45 @@
+# -*- coding: utf-8 -*-
+import json
+import traceback
+
+try:
+    with open("config.json") as f:
+        content = f.read()
+    config = json.loads(content)
+except Exception:
+    print(traceback.format_exc())
+    print("[ERROR] No valid config found.")
+
+udp_clients = config["udp2raw"]["client"]
+udp_servers = config["udp2raw"]["server"]
+
+with open("{}.conf".format(config["interface"]), "w", encoding='utf-8') as f:
+    f.write('''[Interface]
+Address = {}
+PrivateKey = {}
+ListenPort = {}
+MTU = {}
+'''.format(config["ip"], config["prikey"], config["listen"], config["mtu"]))
+    
+    for info in config["peers"]:
+        f.write('''[Peer]
+PublicKey = {}
+AllowedIPs = {}
+'''.format(info["pubkey"], info["allowed"]))
+        if info["endpoint"]:
+            f.write("Endpoint = 127.0.0.1:{}\n".format(udp_clients[int(info["endpoint"]) - 1]["port"]))
+        if info["keepalive"]:
+            f.write("PersistentKeepalive = {}".format(info["keepalive"]))
+
+with open("start.sh", "w", encoding='utf-8') as f:
+    f.write('''#!/bin/bash
+set -x
+tmux new-session -s tunnel -d
+''')
+    for info in udp_clients:
+        f.write('''tmux new-window -t tunnel -d './udp2raw_amd64 -c -l127.0.0.1:{} -r{} -k "{}" --raw-mode faketcp -a' \n'''.format(info["port"], info["remote"], info["password"]))
+
+    for info in udp_servers:
+        f.write('''tmux new-window -t tunnel -d './udp2raw_amd64 -s -l0.0.0.0:{} -r 127.0.0.1:{} -k "{}" --raw-mode faketcp -a' \n'''.format(info["port"], config["listen"], info["password"]))
+
+    f.write('''tmux attach-session -t tunnel\n''')