⾃⼰搭建远程办公⽹络及强制离线安装wireguard记录
有时候⼈不在公司,临时有事需要远程公司电脑处理事情。我们知道公司电脑是在内⽹中的的,在家⾥是不能直接访问到的。我们⼀般使⽤QQ等⽀持远程协助的⼯具,但这样需要有⼈帮你发起请求,也有免费的软件⽀持⽆⼈值守远程操作,但⼀般会限速,⾼峰期经常卡顿。公司正好有台阿⾥云服务器流量空闲的⽐较多正好可以⽤来装个wireguard服务,然后在把公司内⽹电脑和家⾥的电脑做为客户端连接上就可以互通 了。
公司使⽤的centos 7系统.kernel版本:
# uname -r
3.10.0-1160.15.2.el7.x86_64
可以使⽤下⾯的脚步安装:
#!/bin/bash
#判断系统
if [ ! -e '/etc/redhat-relea' ]; then
echo "仅⽀持centos7"
exit
fi
if [ -n "$(grep ' 6\.' /etc/redhat-relea)" ] ;then
echo "仅⽀持centos7"
exit
fi
#更新内核
update_kernel(){
yum -y install epel-relea curl
d -i "0,/enabled=0/s//enabled=1/" /pos.po
yum remove -y kernel-devel
rpm --import www.elrepo/RPM-GPG-KEY-elrepo
rpm -Uvh www.elrepo/elrepo-relea-7.0-2.arch.rpm
yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
yum -y --enablerepo=elrepo-kernel install kernel-ml
d -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
wget elrepo/linux/kernel/el7/x86_64/RPMS/kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
rpm -ivh kernel-ml-devel-4.19.1-1.el7.elrepo.x86_64.rpm
火腿炒蛋
yum -y --enablerepo=elrepo-kernel install kernel-ml-devel
read -p "须要重启VPS,再次执⾏脚本选择安装wireguard,是否如今重启 ? [Y/n] :" yn
[ -z "${yn}" ] && yn="y"
if [[ $yn == [Yy] ]]; then
echo -e "VPS 重启中..."
reboot
fi
}春天的约会
#⽣成随机端⼝
rand(){
min=$1
max=$(($2-$min+1))
num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
echo $(($num%$max+$min))
}
wireguard_update(){
yum update -y wireguard-dkms wireguard-tools
echo "更新完成"
}
wireguard_remove(){
wg-quick down wg0
yum remove -y wireguard-dkms wireguard-tools
rm -rf /etc/wireguard/脸上的伤疤修复
echo "卸载完成"
}
config_client(){
cat > /etc/f <<-EOF
[Interface]
PrivateKey = $c1
Address = 10.0.0.2/24
DNS = 114.114.114.114
MTU = 1420
[Peer]
PublicKey = $s2
Endpoint = $rverip:$port
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
EOF
}
#centos7安装wireguard
wireguard_install(){
curl -Lo /pos.po copr.fedorainfracloud/coprs/jdoss/wireguard/repo/po
yum install -y dkms gcc-c++ gcc-gfortran glibc-headers glibc-devel libquadmath-devel libtool systemtap systemtap-devel
yum -y install wireguard-dkms wireguard-tools
yum -y install qrencode
mkdir /etc/wireguard
cd /etc/wireguard
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey
s1=$(cat sprivatekey)
s2=$(cat spublickey)
c1=$(cat cprivatekey)
c2=$(cat cpublickey)
rverip=$(curl )
port=$(rand 10000 60000)
eth=$(ls /sys/class/net | awk '/^e/{print}')
chmod 777 -R /etc/wireguard
systemctl stop firewalld
systemctl disable firewalld
yum install -y iptables-rvices
systemctl enable iptables
systemctl start iptables
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
诗英文iptables -F
rvice iptables save
rvice iptables restart
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /f
sysctl -p
cat > /etc/f <<-EOF
[Interface]
PrivateKey = $s1
Address = 10.0.0.1/24
PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTRO PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE ListenPort = $port
DNS = 114.114.114
MTU = 1420
[Peer]
PublicKey = $c2
AllowedIPs = 10.0.0.2/24
EOF
config_client
wg-quick up wg0
systemctl enable wg-quick@wg0
content=$(cat /etc/f)
echo "电脑端请下载f,⼿机端可直接使⽤软件扫码"
echo "${content}" | qrencode -o - -t UTF8
}
add_ur(){
echo -e "\033[37;41m给新⽤户起个名字,不能和已有⽤户重复\033[0m"
read -p "请输⼊⽤户名:" newname
cd /etc/wireguard/
f $f
wg genkey | tee temprikey | wg pubkey > tempubkey
ipnum=$(grep Allowed /etc/f | tail -1 | awk -F '[ ./]' '{print $6}') newnum=$((10#${ipnum}+1))
d -i 's%^PrivateKey.*$%'"PrivateKey = $(cat temprikey)"'%' $f d -i 's%^Address.*$%'"Address = 10.0.0.$newnum\/24"'%' $f
cat >> /etc/f <<-EOF
[Peer]
PublicKey = $(cat tempubkey)
AllowedIPs = 10.0.0.$newnum/24
EOF
wg t wg0 peer $(cat tempubkey) allowed-ips 10.0.0.$newnum/32
echo -e "\033[37;41m添加完成,⽂件:/etc/wireguard/$f\033[0m" rm -f temprikey tempubkey
}
#开始菜单
start_menu(){
clear
echo "========================="
echo " 介绍:适⽤于CentOS7"
echo " 做者:atrandys"
echo " ⽹站:"
echo " Youtube:atrandys"
echo "========================="
echo "1. 升级系统内核"
echo "2. 安装wireguard"
echo "3. 升级wireguard"
echo "4. 卸载wireguard"
echo "5. 显⽰客户端⼆维码"
echo "6. 增长⽤户"
echo "0. 退出脚本"
echo
read -p "请输⼊数字:" num
ca "$num" in
1)
留学摄影update_kernel
;;
2)
wireguard_install
;;
3)
wireguard_update
;;
4)
wireguard_remove
;;
5)
content=$(cat /etc/f)
echo "${content}" | qrencode -o - -t UTF8
;;
6)
add_ur
;;
0)
exit 1
;;
*)
clear
A啥意思
echo "请输⼊正确数字"
sleep 5s
start_menu
;;
esac
}
start_menu
把上⾯的代码复制到脚步⽂件如install_wireguard.sh并为⽂件添加可执⾏权限。使⽤root⽤户或sudo执⾏脚本⽂件:
# ./install_wireguard.sh
=========================
介绍:适⽤于CentOS7
做者:atrandys
⽹站:
Youtube:atrandys
=========================
1. 升级系统内核
2. 安装wireguard
3. 升级wireguard
4. 卸载wireguard
5. 显⽰客户端⼆维码
6. 增长⽤户
0. 退出脚本
请输⼊数字:2
看到菜单2是安装wireguard的,输⼊2,就开始安装wireguard了。
脚本执⾏完成后,执⾏ systemctl status wg-quick@wg0检查是否安装成功:
看到active就代表安装成功了.
通信工程专业排名
接下来就可以⽣成客户端配置⽂件了.
还是执⾏install_wireguard.sh,看到⽬录输⼊6,也就是增长⽤户选项:
=========================
介绍:适⽤于CentOS7
做者:atrandys
⽹站:
Youtube:atrandys
=========================
1. 升级系统内核
2. 安装wireguard
3. 升级wireguard
4. 卸载wireguard
5. 显⽰客户端⼆维码
6. 增长⽤户
0. 退出脚本
请输⼊数字:6
70后经典老歌500首
给新⽤户起个名字,不能和已有⽤户重复
请输⼊⽤户名:home
⽤户名可以⾃⼰取,不重复好分辩就好。输⼊⽤户名后记得敲回车。
执⾏成功后就可以在/etc/wirguard/ ⽬录下找到对应的客户端配置⽂件了,如f。
再执⾏⼀次,⽣成f⽂件。
分别把f⽂件和f⽂件复制到家⾥和公司的办公电脑。家⾥和公司的电脑是windo
ws系统,直接下载对应的安装包安装就可以了,跟安装普通的软件⼀样.安装好后打开,导⼊客户端配置⽂件再点Activate就可以了:
可以在办公电脑上执⾏:
ping 10.0.0.1
如果能ping通就代表组⽹成功了.