-
Notifications
You must be signed in to change notification settings - Fork 70
/
ipip.sh
420 lines (403 loc) · 14 KB
/
ipip.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
#!/bin/bash
red='\033[0;31m'
green='\033[0;32m'
White='\033[37m'
blue='\033[36m'
yellow='\033[0;33m'
plain='\033[0m'
echoType='echo -e'
DATE=`date +%Y%m%d`
install_ipip(){
if [[ `lsmod|grep ipip` == "" ]]; then
modprobe ipip
fi
if [[ `which dig` == "" ]]; then
apt-get install dnsutils -y>/dev/null ||yum install dnsutils -y >/dev/null
fi
if [[ `which iptables` == "" ]]; then
apt install iptables -y>/dev/null ||yum install iptables -y>/dev/null
fi
echo -ne "请输入对段设备的ddns域名或者IP:"
read ddnsname
read -p "请输入要创建的tun网卡名称:" tunname
echo -ne "请输入tun网口的V-IP:"
read vip
echo -ne "请输入对端的V-IP:"
read remotevip
netcardname=$(ls /sys/class/net | awk '/^e/{print}')
localip=$(ip a |grep brd|grep global|grep $netcardname|awk '{print $2}'|awk -F "/" '{print $1}')
if [[ `ping4 $ddnsname -c 1| sed '1{s/[^(]*(//;s/).*//;q}'` == "${ddnsname}" ]]; then
remoteip=${ddnsname}
if [[ ! -f /etc/rc.local ]]; then
cat > /etc/rc.local <<EOF
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# bash /root/bindip.sh
ip tunnel add $tunname mode ipip remote ${remoteip} local ${localip} ttl 64
ip addr add ${vip}/30 dev $tunname
ip link set $tunname up
exit 0
EOF
else
sed -i '$d' /etc/rc.local
echo "ip tunnel add $tunname mode ipip remote ${remoteip} local ${localip} ttl 64
ip addr add ${vip}/30 dev $tunname
ip link set $tunname up
exit 0" >> /etc/rc.local
fi
else
remoteip=$(ping4 $ddnsname -c 1| sed '1{s/[^(]*(//;s/).*//;q}')
if [[ ! -f /etc/rc.local ]]; then
cat > /etc/rc.local <<EOF
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# bash /root/bindip.sh
ip tunnel add $tunname mode ipip remote ${remoteip} local ${localip} ttl 64
ip addr add ${vip}/30 dev $tunname
ip link set $tunname up
exit 0
EOF
else
sed -i '$d' /etc/rc.local
echo "ip tunnel add $tunname mode ipip remote ${remoteip} local ${localip} ttl 64
ip addr add ${vip}/30 dev $tunname
ip link set $tunname up
exit 0" >> /etc/rc.local
fi
cat >/root/change-tunnel-ip_${ddnsname}.sh <<EOF
#!/bin/bash
while true; do
remoteip=\$(ping4 $ddnsname -c 1| sed '1{s/[^(]*(//;s/).*//;q}')
if [[ \$remoteip != "" ]]; then
echo "获取对端设备的IP为: \$remoteip"
break
fi
done
oldip="\$(cat /root/.tunnel-ip.txt)"
netcardname=\$(ls /sys/class/net | awk '/^e/{print}')
localip=\$(ip a |grep brd|grep global|grep \$netcardname|awk '{print \$2}'|awk -F "/" '{print \$1}')
if [[ \$oldip != \$remoteip ]]; then
ip tunnel del $tunname
wg-quick down wg0
sed -i "/ip tunnel add $tunname mode ipip/c\ip tunnel add $tunname mode ipip remote \${remoteip} local \${localip} ttl 64" /etc/rc.local
systemctl restart rc-local
fi
EOF
echo "开始添加定时任务"
bashsrc=$(which bash)
crontab -l 2>/dev/null > /root/crontab_test
echo -e "*/2 * * * * ${bashsrc} /root/change-tunnel-ip_${ddnsname}.sh" >> /root/crontab_test
crontab /root/crontab_test
rm /root/crontab_test
crontask=$(crontab -l)
echo -------------------------------------------------------
echo -e "设置定时任务成功,当前系统所有定时任务清单如下:\n${crontask}"
echo -------------------------------------------------------
echo "程序全部执行完毕,脚本退出。。"
fi
echo "${remoteip}" >/root/.tunnel-ip.txt
ip tunnel add $tunname mode ipip remote ${remoteip} local $localip ttl 64 # 创建IP隧道
ip addr add ${vip}/30 dev $tunname # 添加本机VIP
ip link set $tunname up # 启用隧道虚拟网卡
ip route add ${remotevip}/32 dev $tunname scope link src ${vip}
if [[ `iptables -t nat -L|grep "${remotevip}"` == "" ]]; then
iptables -t nat -A POSTROUTING -s ${remotevip} -j MASQUERADE
fi
if [[ `sysctl -p|grep "net.ipv4.ip_forward = 1"` == "" ]]; then
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
fi
chmod +x /etc/rc.local
cat > /etc/systemd/system/rc-local.service <<EOF
[Unit]
Description=/etc/rc.local
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
EOF
systemctl enable rc-local
exit 0
}
install_ipipv6(){
if [[ `lsmod |grep tunnel6` == "" ]]; then
modprobe ip6_tunnel
fi
if [[ `which iptables` == "" ]]; then
apt install iptables -y>/dev/null ||yum install iptables -y>/dev/null
fi
echo -ne "请输入对段设备的ddns域名或者IP:"
read ddnsname
read -p "请输入要创建的tun网卡名称:" tunname
echo -ne "请输入tun网口的V-IP:"
read vip
echo -ne "请输入对端的V-IP:"
read remotevip
netcardname=$(ls /sys/class/net | awk '/^e/{print}')
routerule=$(ip -6 route list|grep default|awk '{print $1" "$2" "$3" "$4" "$5}')
localip6=$(ip a |grep inet6|grep 'scope global' |awk '{print $2}'|awk -F "/" '{print $1}')
if [[ `ping6 $ddnsname -c 1 | sed '1{s/[^(]*(//;s/).*//;q}'` == "$ddnsname" ]]; then
remoteip=$ddnsname
else
remoteip=$(ping6 $ddnsname -c 1 | sed '1{s/[^(]*(//;s/).*//;q}')
cat >/root/change-tunnel-ip_${ddnsname}.sh <<EOF
#!/bin/bash
while true; do
remoteip=\$(ping6 $ddnsname -c 1 | sed '1{s/[^(]*(//;s/).*//;q}')
if [[ \$remoteip != "" ]]; then
echo "获取对端设备的IP为: \$remoteip"
break
fi
done
oldip="\$(cat /root/.tunnel-ip.txt)"
localip6=\$(ip a |grep inet6|grep 'scope global' |awk '{print \$2}'|awk -F "/" '{print \$1}')
if [[ \$oldip != \$remoteip ]]; then
ip tunnel del $tunname
wg-quick down wg0
sed -i "/ip link add name/c\ip link add name $tunname type ip6tnl local ${localip6} remote \${remoteip} mode any" /etc/rc.local
systemctl restart rc-local
fi
EOF
echo "开始添加定时任务"
bashsrc=$(which bash)
crontab -l 2>/dev/null > /root/crontab_test
echo -e "*/2 * * * * ${bashsrc} /root/change-tunnel-ip_${ddnsname}.sh" >> /root/crontab_test
crontab /root/crontab_test
rm /root/crontab_test
crontask=$(crontab -l)
echo -------------------------------------------------------
echo -e "设置定时任务成功,当前系统所有定时任务清单如下:\n${crontask}"
echo -------------------------------------------------------
fi
echo "${remoteip}" >/root/.tunnel-ip.txt
read -p "当前机器是甲骨文吗?[Y/n]:" yn
if [[ $yn == "Y" ]]||[[ $yn == "y" ]]; then
addtxt="dhclient -6 $netcardname"
addtxt1="sleep 20s"
fi
# 将隧道相关配置写入自启动调用的rc.local文件夹
if [[ ! -f /etc/rc.local ]]; then
cat > /etc/rc.local <<EOF
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# bash /root/bindip.sh
$addtxt1
$addtxt
ip link add name $tunname type ip6tnl local ${localip6} remote ${remoteip} mode any
# ip -6 tunnel add $tunname mode ipip6 remote ${remoteip} local ${localip6} dev $netcardname encaplimit none
ip addr add ${vip}/30 dev $tunname
ip link set $tunname up
ip -6 route add $routerule
exit 0
EOF
else
sed -i '$d' /etc/rc.local
echo "$addtxt1
$addtxt
ip link add name $tunname type ip6tnl local ${localip6} remote ${remoteip} mode any
ip addr add ${vip}/30 dev $tunname
ip link set $tunname up
ip -6 route add $routerule
exit 0" >> /etc/rc.local
fi
# 执行创建隧道规则操作
ip link add name $tunname type ip6tnl local ${localip6} remote ${remoteip} mode any
ip addr add ${vip}/30 dev $tunname
ip link set $tunname up
ip -6 route add $routerule
# 通过systemd实现开机rc.local自启动
chmod +x /etc/rc.local
cat > /etc/systemd/system/rc-local.service <<EOF
[Unit]
Description=/etc/rc.local
After=network.target
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
EOF
systemctl enable rc-local
# 开始添加MASQUERADE伪装
if [[ `iptables -t nat -L|grep "${remotevip}"` == "" ]]; then
iptables -t nat -A POSTROUTING -s ${remotevip} -j MASQUERADE
fi
# 启用IPv6转发
if [[ `sysctl -p|grep "net.ipv6.conf.all.forwarding=1"` == "" ]]; then
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
fi
if [[ $yn == "Y" ]]||[[ $yn == "y" ]]; then
echo -e "${red}提示:${plain}${yellow}你的机器是甲骨文,IPIPv6隧道生效,需要重启一次!${plain}"
fi
exit 0
}
install_wg(){
apt-get update
apt-get install wireguard -y
if [[ ! -f /etc/wireguard/privatekey ]]; then
wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
fi
localprivatekey=$(cat /etc/wireguard/privatekey)
netcardname=$(ls /sys/class/net | awk '/^e/{print}')
read -p "请输入对端wg使用的V-ip地址:" revip
read -p "请输入本机wg使用的v-ip地址:" localip1
read -p "请输入ros端wg的公钥内容:" rospublickey
read -p "请输入ros端wg调用的端口号:" wgport
allowedip1=$(echo $revip|awk -F "." '{print $1"."$2"."$3}')
if [[ -f /etc/wireguard/wg0.conf ]]; then
read -p "请给本机wg配置文件取个名(英文):" filename
if [[ -f /etc/wireguard/${filename}.conf ]]; then
echo "⚠️ 已存在同样名称的配置文件,程序退出,请重新执行程序。"
exit 1
fi
read -p "请输入对端ipip隧道IP段(例如 192.168.2.1 只填写 192.168.2 即可):" ipduan
read -p "请输入对端ipip隧道的IP地址:" ipaddrremote
echo "[Interface]
ListenPort = $wgport
Address = $localip1/24
PostUp = iptables -t nat -A POSTROUTING -o $netcardname -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o $netcardname -j MASQUERADE
PrivateKey = $localprivatekey
[Peer]
PublicKey = $rospublickey
AllowedIPs = $ipduan.0/24,$allowedip1.0/24
Endpoint = ${ipaddrremote}:$wgport
PersistentKeepalive = 25" > /etc/wireguard/$filename.conf
chmod 600 /etc/wireguard/$filename.conf
sed -i '$d' /etc/rc.local
echo -e "wg-quick up $filename\nexit 0" >> /etc/rc.local
wg-quick up $filename
vpspublickey=$(cat /etc/wireguard/publickey)
linstenport=$(cat /etc/wireguard/$filename.conf|grep "ListenPort"|awk '{print $3}')
echo " "
echo -e "${green}------------------------------------------------------------${plain}"
echo -e "${green}请在ros的wireguard选项卡里边的Peers里添加配置,具体填写如下信息:${plain}\nPublic key 填写:${yellow}${vpspublickey}${plain}\nEndpoint port 填写:${yellow}${linstenport}${plain}\nAllowed Address填写:${green}0.0.0.0/0\n祝使用愉快。${plain}"
else
read -p "请输入对端ipip隧道IP段(例如 192.168.2.1 只填写 192.168.2 即可):" ipduan
read -p "请输入对端ipip隧道的IP地址:" ipaddrremote
echo "[Interface]
ListenPort = $wgport
Address = $localip1/24
PostUp = iptables -t nat -A POSTROUTING -o $netcardname -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o $netcardname -j MASQUERADE
PrivateKey = $localprivatekey
[Peer]
PublicKey = $rospublickey
AllowedIPs = $ipduan.0/24,$allowedip1.0/24
Endpoint = ${ipaddrremote}:$wgport
PersistentKeepalive = 25" > /etc/wireguard/wg0.conf
sed -i '$d' /etc/rc.local
echo -e "wg-quick up wg0\nexit 0" >> /etc/rc.local
chmod 600 /etc/wireguard/wg0.conf
wg-quick up wg0
vpspublickey=$(cat /etc/wireguard/publickey)
vip=$(ip a|grep "scope global"|grep "/30"|awk '{print $2}'|awk -F "/" '{print $1}')
linstenport=$(cat /etc/wireguard/wg0.conf|grep "ListenPort"|awk '{print $3}')
echo " "
echo -e "${green}------------------------------------------------------------${plain}"
echo -e "${green}请在ros的wireguard选项卡里边的Peers里添加配置,具体填写如下信息:${plain}\nPublic key 填写:${yellow}${vpspublickey}${plain}\nEndpoint 填写:${yellow}${vip}${plain}\nEndpoint port 填写:${yellow}${linstenport}${plain}\nAllowed Address填写:${green}0.0.0.0/0\n祝使用愉快。${plain}"
fi
}
keep_alive(){
read -p "请输入对端ipip隧道IP:" remoteip_1
echo "#!/bin/bash
while true; do
ping ${remoteip_1} -c 1
sleep 2s
done
" > /root/keepalive.sh
sed -i '$d' /etc/rc.local
echo -e "nohup bash /root/keepalive.sh>/dev/null 2>&1 &\nexit 0" >> /etc/rc.local
nohup bash /root/keepalive.sh>/dev/null 2>&1 &
echo -e "${yellow}IPIP隧道保活配置完成${plain}"
}
copyright(){
clear
echo -e "
${green}###########################################################${plain}
${green}# #${plain}
${green}# IPIP tunnel隧道、Wireguard一键部署脚本 #${plain}
${green}# Power By:翔翎 #${plain}
${green}# #${plain}
${green}###########################################################${plain}"
}
main(){
copyright
echo -e "
${red}0.${plain} 退出脚本
${green}———————————————————————————————————————————————————————————${plain}
${green}1.${plain} 一键部署IPIP隧道
${green}2.${plain} 一键部署${red}IPIPv6${plain}隧道
${green}3.${plain} 一键部署wireguard
${green}4.${plain} IPIP隧道保活
"
echo -e "${yellow}请选择你要使用的功能${plain}"
read -p "请输入数字 :" num
case "$num" in
0)
exit 0
;;
1)
install_ipip
;;
2)
install_ipipv6
;;
3)
install_wg
;;
4)
keep_alive
;;
*)
clear
echo -e "${red}出现错误:请输入正确数字 ${plain}"
sleep 2s
copyright
main
;;
esac
}
main