From dbc9bdbdf573abe341ca5915ed0b012d399b1eaf Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Wed, 7 Nov 2018 13:45:01 +0800
Subject: [PATCH 01/39] add install_debian.sh

---
 install_debian.sh | 131 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 131 insertions(+)
 create mode 100755 install_debian.sh

diff --git a/install_debian.sh b/install_debian.sh
new file mode 100755
index 0000000..bcc866c
--- /dev/null
+++ b/install_debian.sh
@@ -0,0 +1,131 @@
+#!/bin/sh
+
+
+
+SUBNET=192.168.100
+
+###############
+
+umask 077
+
+install_wireguard()
+{
+	wg && return;
+
+	echo "Install Wireguard"
+	echo "deb http://deb.debian.org/debian/ unstable main" &gt; /etc/apt/sources.list.d/unstable.list
+	printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' &gt; /etc/apt/preferences.d/limit-unstable
+	apt update
+	apt install -y  wireguard resolvconf dig
+}
+
+show_client_conf()
+{
+	echo ""
+	echo "\033[32m"
+	echo "*********************************************************"
+	echo "复制以下红色内容，在谷歌浏览器安装Offline QRcode Generator"
+	echo "插件生成二维码, 在WireGuard客户端扫描导入生成的二维码"
+	echo "*********************************************************"
+	echo "\033[0m"
+	echo "====================================================="
+	echo "====================================================="
+	echo "\033[31m"
+	cat  client.conf
+	echo  "\033[0m"
+	echo "====================================================="
+	echo "====================================================="
+}
+
+
+configure_wireguard()
+{	
+	install_wireguard
+	wg-quick down wg0 2>/dev/null
+	
+	echo "正在获取服务器公网IP地址"
+	SERVER_PUBLIC_IP=$(get_public_ip)
+	wg genkey | tee server_priv | wg pubkey > server_pub
+	wg genkey | tee client_priv | wg pubkey > client_pub
+
+	echo SUBNET > /etc/wireguard/subnet
+	echo SERVER_PUB > /etc/wireguard/server_pubkey
+	
+
+	SERVER_PUB=$(cat server_pub)
+	SERVER_PRIV=$(cat server_priv)
+	CLIENT_PUB=$(cat client_pub)
+	CLIENT_PRIV=$(cat client_priv)
+
+	PORT=$(rand 10000 60000)
+
+	mv /etc/wireguard/wg0.conf /etc/wireguard/wg0.conf.bak  2> /dev/null
+
+	cat > /etc/wireguard/wg0.conf <<-EOF
+	[Interface]
+	PrivateKey = $SERVER_PRIV
+	Address = $SUBNET.1/24
+	PostUp   = sysctl net.ipv4.ip_forward=1 ; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+	PostDown = sysctl net.ipv4.ip_forward=0 ;iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+	ListenPort = $PORT
+	#DNS = 8.8.8.8
+	MTU = 1420
+
+	[Peer]
+	PublicKey = $CLIENT_PUB
+	AllowedIPs = $SUBNET.2/32
+	EOF
+
+	cat > client.conf <<-EOF
+	[Interface]
+	PrivateKey = $CLIENT_PRIV
+	Address = $SUBNET.2/32
+	DNS = 8.8.8.8
+
+
+	[Peer]
+	AllowedIPs = 0.0.0.0/0
+	Endpoint = $SERVER_PUBLIC_IP:$PORT
+	PublicKey = $SERVER_PUB
+
+	EOF
+
+	rm -rf server_* client_*
+
+	systemctl enable wg-quick@wg0
+	wg-quick up wg0
+
+	show_client_conf
+}
+
+
+start_menu(){
+    echo "========================="
+    echo " 介绍：适用于Debian"
+    echo " 作者：基于atrandys版本修改"
+    echo " 网站：www.atrandys.com"
+    echo " Youtube：atrandys"
+    echo "========================="
+    echo "1. 重新安装配置Wireguard"
+    echo "2. 退出脚本"
+    echo
+    read -p "请输入数字:" num
+    case "$num" in
+    	1)
+		configure_wireguard
+	;;
+	2)
+		#wireguard_install
+		exit 1
+	;;
+	*)
+	clear
+	echo "请输入正确数字"
+	sleep 2s
+	start_menu
+	;;
+    esac
+}
+
+start_menu
+

From 0077f451955bea25652d83823a237850c6ca4ae9 Mon Sep 17 00:00:00 2001
From: root <root@wireguard.asia-east1-b.c.animated-cell-219908.internal>
Date: Wed, 7 Nov 2018 06:08:10 +0000
Subject: [PATCH 02/39] install_debian.sh test ok on GCP debian

---
 install_debian.sh | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/install_debian.sh b/install_debian.sh
index bcc866c..0c4fba9 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -8,15 +8,30 @@ SUBNET=192.168.100
 
 umask 077
 
+rand(){
+	min=$1
+	max=$(($2-$min+1))
+	num=$(cat /dev/urandom | head -n 10 | cksum | awk -F ' ' '{print $1}')
+	echo $(($num%$max+$min))  
+}
+
+
+get_public_ip()
+{
+	dig +short myip.opendns.com @resolver1.opendns.com
+}
+
+
+
 install_wireguard()
 {
 	wg && return;
 
 	echo "Install Wireguard"
-	echo "deb http://deb.debian.org/debian/ unstable main" &gt; /etc/apt/sources.list.d/unstable.list
-	printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' &gt; /etc/apt/preferences.d/limit-unstable
+	echo "deb http://deb.debian.org/debian/ unstable main"  > /etc/apt/sources.list.d/unstable.list
+	printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' >  /etc/apt/preferences.d/limit-unstable
 	apt update
-	apt install -y  wireguard resolvconf dig
+	apt install -y  wireguard resolvconf dnsutils
 }
 
 show_client_conf()

From aef2bce2ef6d44d9914eea764171b73e3a5c9a48 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Wed, 7 Nov 2018 14:24:28 +0800
Subject: [PATCH 03/39] typo in install_debian.sh

---
 install_debian.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/install_debian.sh b/install_debian.sh
index 0c4fba9..9f7e485 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -63,8 +63,8 @@ configure_wireguard()
 	wg genkey | tee server_priv | wg pubkey > server_pub
 	wg genkey | tee client_priv | wg pubkey > client_pub
 
-	echo SUBNET > /etc/wireguard/subnet
-	echo SERVER_PUB > /etc/wireguard/server_pubkey
+	echo $SUBNET > /etc/wireguard/subnet
+	echo $SERVER_PUB > /etc/wireguard/server_pubkey
 	
 
 	SERVER_PUB=$(cat server_pub)

From 14c3e090614eb380dbf6bba9ea4b43aff82b0e7e Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Wed, 7 Nov 2018 15:57:18 +0800
Subject: [PATCH 04/39] add peer , delete peer

---
 install_debian.sh | 87 ++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 83 insertions(+), 4 deletions(-)

diff --git a/install_debian.sh b/install_debian.sh
index 9f7e485..4fc4ab1 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -76,6 +76,7 @@ configure_wireguard()
 
 	mv /etc/wireguard/wg0.conf /etc/wireguard/wg0.conf.bak  2> /dev/null
 
+
 	cat > /etc/wireguard/wg0.conf <<-EOF
 	[Interface]
 	PrivateKey = $SERVER_PRIV
@@ -110,27 +111,105 @@ configure_wireguard()
 	systemctl enable wg-quick@wg0
 	wg-quick up wg0
 
+	mkdir -p /etc/wireguard/clients/default/
+	cp client.conf /etc/wireguard/clients/default/
+
+	show_client_conf
+
+	rm client.conf
+}
+
+add_peer() 
+{
+	read -p  "please input user name: "  peer_name
+
+	if [ -d /etc/wireguard/clients/$peer_name ]; then
+		echo "User Already exists"
+		return;
+	fi
+
+	subnet=$(cat /etc/wireguard/subnet)
+
+	ip=$subnet.$(expr $(cat /etc/wireguard/lastip | tr "." " " | awk '{print $4}') + 1)
+
+	wg genkey | tee client_priv | wg pubkey > client_pub
+
+	cat > client.conf <<-EOF
+	[Interface]
+	PrivateKey = $(cat client_priv)
+	Address = $ip/32
+	DNS = 8.8.8.8
+
+	[Peer]
+	AllowedIPs = 0.0.0.0/0
+	Endpoint = $(get_public_ip):$(cat /etc/wireguard/wg0.conf | grep ListenPort | awk '{ print $3}')
+	PublicKey = $(cat /etc/wireguard/server_pubkey)
+
+	EOF
+
+	wg set wg0 peer $(cat client_pub) allowed-ips $ip/32
+
+	echo "$peer_name $(cat client_priv) $ip" >> /etc/wireguard/peers
+	echo $ip > /etc/wireguard/lastip
+
+	wg-quick save wg0
+
+	mkdir -p /etc/wireguard/clients/$peer_name/
+	cp client.conf /etc/wireguard/clients/$peer_name/
+
 	show_client_conf
+	rm client.conf
+	rm client_*
+}
+
+
+delete_peer()
+{
+	read -p  "please input user name: "  peer_name
+
+	[ -d /etc/wireguard/clients/$peer_name ] || ( echo "user does not exists" ; return ;) 
+
+	cat /etc/wireguard/clients/$peer_name/client.conf  | grep "PrivateKey" | awk '{print $3}' > client_priv
+
+	wg set wg0 peer  $(cat /etc/wireguard/clients/$peer_name/client.conf  | grep "PrivateKey" | awk '{print $3}' | wg pubkey) remove 
+	wg-quick save wg0
+
+	rm -rf /etc/wireguard/clients/$peer_name
 }
 
+list_peer()
+{
+	cd /etc/wireguard/clients >/dev/null 2>/dev/null && ls && cd - 2>/dev/null 1>/dev/null
+}
 
 start_menu(){
     echo "========================="
     echo " 介绍：适用于Debian"
     echo " 作者：基于atrandys版本修改"
-    echo " 网站：www.atrandys.com"
+    echo " 网站：www.atrandys.com"Add peer
     echo " Youtube：atrandys"
     echo "========================="
     echo "1. 重新安装配置Wireguard"
-    echo "2. 退出脚本"
-    echo
+    echo "2. 增加用户"
+    echo "3. 删除用户"
+    echo "4. LIST USERS"
+    echo "5. 退出脚本"
     read -p "请输入数字:" num
     case "$num" in
     	1)
 		configure_wireguard
 	;;
 	2)
-		#wireguard_install
+		add_peer
+	;;
+	
+	3)
+		delete_peer
+	;;
+	4)
+		list_peer
+	;;
+	5)
 		exit 1
 	;;
 	*)

From 63facfe7fa740698c0f3e92b90064dad84cbc683 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Wed, 7 Nov 2018 16:02:58 +0800
Subject: [PATCH 05/39] store lastip

---
 install_debian.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/install_debian.sh b/install_debian.sh
index 4fc4ab1..188df51 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -76,7 +76,7 @@ configure_wireguard()
 
 	mv /etc/wireguard/wg0.conf /etc/wireguard/wg0.conf.bak  2> /dev/null
 
-
+	ip = $SUBNET.2
 	cat > /etc/wireguard/wg0.conf <<-EOF
 	[Interface]
 	PrivateKey = $SERVER_PRIV
@@ -95,7 +95,7 @@ configure_wireguard()
 	cat > client.conf <<-EOF
 	[Interface]
 	PrivateKey = $CLIENT_PRIV
-	Address = $SUBNET.2/32
+	Address = $ip/32
 	DNS = 8.8.8.8
 
 
@@ -113,7 +113,7 @@ configure_wireguard()
 
 	mkdir -p /etc/wireguard/clients/default/
 	cp client.conf /etc/wireguard/clients/default/
-
+	echo $ip > /etc/wireguard/lastip
 	show_client_conf
 
 	rm client.conf

From 8b1b3cbb7834acad02f549c1eb2406bcc4267380 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Wed, 7 Nov 2018 16:14:33 +0800
Subject: [PATCH 06/39] typo

---
 install_debian.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install_debian.sh b/install_debian.sh
index 188df51..5489e7f 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -76,7 +76,7 @@ configure_wireguard()
 
 	mv /etc/wireguard/wg0.conf /etc/wireguard/wg0.conf.bak  2> /dev/null
 
-	ip = $SUBNET.2
+	ip=$SUBNET.2
 	cat > /etc/wireguard/wg0.conf <<-EOF
 	[Interface]
 	PrivateKey = $SERVER_PRIV

From c780e1b2d73ace855a14b875b31d73fbbb6653f1 Mon Sep 17 00:00:00 2001
From: root <root@wireguard.asia-east1-b.c.animated-cell-219908.internal>
Date: Wed, 7 Nov 2018 08:17:45 +0000
Subject: [PATCH 07/39] test ok on GCP with add /del/reconfigure

---
 install_debian.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install_debian.sh b/install_debian.sh
index 5489e7f..39413b3 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -57,7 +57,7 @@ configure_wireguard()
 {	
 	install_wireguard
 	wg-quick down wg0 2>/dev/null
-	
+	rm -rf /etc/wireguard/*
 	echo "正在获取服务器公网IP地址"
 	SERVER_PUBLIC_IP=$(get_public_ip)
 	wg genkey | tee server_priv | wg pubkey > server_pub

From 1ffcaeadb0f8e3be8f396825a488293357dc2905 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Wed, 7 Nov 2018 16:21:32 +0800
Subject: [PATCH 08/39] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=8F=90=E7=A4=BA?=
 =?UTF-8?q?=E4=BF=A1=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_debian.sh | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/install_debian.sh b/install_debian.sh
index 39413b3..7e3730f 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -121,10 +121,10 @@ configure_wireguard()
 
 add_peer() 
 {
-	read -p  "please input user name: "  peer_name
+	read -p  "请输入要增加的用户名(英文+数字): "  peer_name
 
 	if [ -d /etc/wireguard/clients/$peer_name ]; then
-		echo "User Already exists"
+		echo "用户已经存在"
 		return;
 	fi
 
@@ -165,9 +165,9 @@ add_peer()
 
 delete_peer()
 {
-	read -p  "please input user name: "  peer_name
+	read -p  "请输入要删除的用户名: "  peer_name
 
-	[ -d /etc/wireguard/clients/$peer_name ] || ( echo "user does not exists" ; return ;) 
+	[ -d /etc/wireguard/clients/$peer_name ] || ( echo "用户不存在" ; return ;) 
 
 	cat /etc/wireguard/clients/$peer_name/client.conf  | grep "PrivateKey" | awk '{print $3}' > client_priv
 
@@ -175,6 +175,7 @@ delete_peer()
 	wg-quick save wg0
 
 	rm -rf /etc/wireguard/clients/$peer_name
+	echo "用户删除成功"
 }
 
 list_peer()
@@ -192,7 +193,7 @@ start_menu(){
     echo "1. 重新安装配置Wireguard"
     echo "2. 增加用户"
     echo "3. 删除用户"
-    echo "4. LIST USERS"
+    echo "4. 用户列表"
     echo "5. 退出脚本"
     read -p "请输入数字:" num
     case "$num" in

From 6c525fbe181392b668e79a6f3bd274ff8658a513 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Wed, 7 Nov 2018 16:26:49 +0800
Subject: [PATCH 09/39] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20README?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 17cc346..8bbcc71 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,8 @@
 # wireguard一键脚本
-#### 适用于CentOS7
-#### wireguard_install.sh 单用户版，如需增加用户需要手动增加
-
 
+#### wireguard_install.sh
+##### 适用于CentOS 7, 单用户版本，如需增加用户需要手动增加
 
+#### install_debian.sh
+##### 适用于 debian 9 (只在GCP上测试过)。支持增加删除用户
+##### 如果系统上已经安装好wireguard, 也可以使用此脚本管理

From 37cbdbfae9456623a97a398bf600eb502c3bb7ec Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Wed, 7 Nov 2018 16:59:16 +0800
Subject: [PATCH 10/39] make sure dig is insalled

---
 install_debian.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/install_debian.sh b/install_debian.sh
index 7e3730f..f986e7e 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -25,6 +25,7 @@ get_public_ip()
 
 install_wireguard()
 {
+	apt install -y dnsutils resolvconf
 	wg && return;
 
 	echo "Install Wireguard"

From 6c59175669eddbb8d5dea073d8d4e39be5c5675c Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Wed, 7 Nov 2018 17:41:21 +0800
Subject: [PATCH 11/39] =?UTF-8?q?server=5Fpubkey=20=E4=BF=9D=E5=AD=98?=
 =?UTF-8?q?=E9=94=99=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_debian.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/install_debian.sh b/install_debian.sh
index f986e7e..300d308 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -65,7 +65,6 @@ configure_wireguard()
 	wg genkey | tee client_priv | wg pubkey > client_pub
 
 	echo $SUBNET > /etc/wireguard/subnet
-	echo $SERVER_PUB > /etc/wireguard/server_pubkey
 	
 
 	SERVER_PUB=$(cat server_pub)
@@ -73,6 +72,8 @@ configure_wireguard()
 	CLIENT_PUB=$(cat client_pub)
 	CLIENT_PRIV=$(cat client_priv)
 
+	echo $SERVER_PUB > /etc/wireguard/server_pubkey
+	
 	PORT=$(rand 10000 60000)
 
 	mv /etc/wireguard/wg0.conf /etc/wireguard/wg0.conf.bak  2> /dev/null

From e3dd8466ec6c8f767878df876869607849081bd1 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Wed, 7 Nov 2018 17:48:35 +0800
Subject: [PATCH 12/39] =?UTF-8?q?server=20pubkey=20=E4=BB=8E=20wg=20?=
 =?UTF-8?q?=E5=91=BD=E4=BB=A4=E8=8E=B7=E5=8F=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_debian.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install_debian.sh b/install_debian.sh
index 300d308..3ba4ecd 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -145,7 +145,7 @@ add_peer()
 	[Peer]
 	AllowedIPs = 0.0.0.0/0
 	Endpoint = $(get_public_ip):$(cat /etc/wireguard/wg0.conf | grep ListenPort | awk '{ print $3}')
-	PublicKey = $(cat /etc/wireguard/server_pubkey)
+	PublicKey = $(wg | grep 'public key:' | awk '{print $3}')
 
 	EOF
 

From f3545b87e77705b39e70495c54c9315f4cb77e57 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Thu, 8 Nov 2018 17:15:30 +0800
Subject: [PATCH 13/39] =?UTF-8?q?=E5=AE=89=E8=A3=85linux-headers,=20?=
 =?UTF-8?q?=E9=80=82=E9=85=8DBWG=20debian9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_debian.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/install_debian.sh b/install_debian.sh
index 3ba4ecd..772362d 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -25,6 +25,7 @@ get_public_ip()
 
 install_wireguard()
 {
+	apt install -y dkms linux-headers-`uname -r`
 	apt install -y dnsutils resolvconf
 	wg && return;
 

From 8641b2724b77ff62066769346b66b4c6c4f30468 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Thu, 8 Nov 2018 18:07:12 +0800
Subject: [PATCH 14/39] CentOS 7

---
 install_debian.sh | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/install_debian.sh b/install_debian.sh
index 772362d..3cd1552 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -25,15 +25,24 @@ get_public_ip()
 
 install_wireguard()
 {
-	apt install -y dkms linux-headers-`uname -r`
-	apt install -y dnsutils resolvconf
-	wg && return;
-
-	echo "Install Wireguard"
-	echo "deb http://deb.debian.org/debian/ unstable main"  > /etc/apt/sources.list.d/unstable.list
-	printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' >  /etc/apt/preferences.d/limit-unstable
-	apt update
-	apt install -y  wireguard resolvconf dnsutils
+	if grep Debian /etc/issue ; then
+		apt install -y dkms linux-headers-`uname -r`
+		apt install -y dnsutils resolvconf
+		wg && return;
+
+		echo "Install Wireguard"
+		echo "deb http://deb.debian.org/debian/ unstable main"  > /etc/apt/sources.list.d/unstable.list
+		printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' >  /etc/apt/preferences.d/limit-unstable
+		apt update
+		apt install -y  wireguard resolvconf dnsutils
+	fi
+
+	if [ -f /etc/centos-release ] ; then
+		curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
+		yum install -y epel-release
+		yum install -y wireguard-dkms wireguard-tools
+		yum install -y bind-utils
+	fi
 }
 
 show_client_conf()

From 089464d64433dcf8ff09150ee079977dc138b7a1 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Thu, 15 Nov 2018 14:00:27 +0800
Subject: [PATCH 15/39] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=20udp2raw=20=E6=94=AF?=
 =?UTF-8?q?=E6=8C=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_debian.sh | 103 ++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 90 insertions(+), 13 deletions(-)

diff --git a/install_debian.sh b/install_debian.sh
index 3cd1552..bec6766 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -22,7 +22,6 @@ get_public_ip()
 }
 
 
-
 install_wireguard()
 {
 	if grep Debian /etc/issue ; then
@@ -35,6 +34,9 @@ install_wireguard()
 		printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' >  /etc/apt/preferences.d/limit-unstable
 		apt update
 		apt install -y  wireguard resolvconf dnsutils
+		apt install -y gettext build-essential unzip gzip openssl libssl-dev \
+						autoconf automake libtool gcc g++ make zlib1g-dev \
+						libev-dev libc-ares-dev git
 	fi
 
 	if [ -f /etc/centos-release ] ; then
@@ -42,9 +44,23 @@ install_wireguard()
 		yum install -y epel-release
 		yum install -y wireguard-dkms wireguard-tools
 		yum install -y bind-utils
+		yum install -y  unzip gzip openssl openssl-devel gcc libtool libevent \
+						autoconf automake make curl curl-devel zlib-devel  cpio gettext-devel \
+						libev-devel c-ares-devel git
 	fi
 }
 
+build_udp2raw()
+{
+	rm -rf udp2raw-tunnel
+	git clone https://github.com/wangyu-/udp2raw-tunnel.git
+	cd udp2raw-tunnel
+	make
+	cp udp2raw  /usr/local/bin
+	cd -
+}
+
+
 show_client_conf()
 {
 	echo ""
@@ -67,6 +83,8 @@ show_client_conf()
 configure_wireguard()
 {	
 	install_wireguard
+	build_udp2raw
+
 	wg-quick down wg0 2>/dev/null
 	rm -rf /etc/wireguard/*
 	echo "正在获取服务器公网IP地址"
@@ -76,7 +94,6 @@ configure_wireguard()
 
 	echo $SUBNET > /etc/wireguard/subnet
 	
-
 	SERVER_PUB=$(cat server_pub)
 	SERVER_PRIV=$(cat server_priv)
 	CLIENT_PUB=$(cat client_pub)
@@ -84,7 +101,12 @@ configure_wireguard()
 
 	echo $SERVER_PUB > /etc/wireguard/server_pubkey
 	
-	PORT=$(rand 10000 60000)
+	PORT=$(rand 20000 60000)
+	UDP2RAW_PORT=$(rand 10000 20000)
+	UDP2RAW_PASSWORD=$(cat /dev/urandom | head -n 10 | md5sum | head -c 12)
+
+	echo $UDP2RAW_PORT > /etc/wireguard/udp2raw_port
+	echo $UDP2RAW_PASSWORD > /etc/wireguard/udp2raw_password
 
 	mv /etc/wireguard/wg0.conf /etc/wireguard/wg0.conf.bak  2> /dev/null
 
@@ -93,11 +115,12 @@ configure_wireguard()
 	[Interface]
 	PrivateKey = $SERVER_PRIV
 	Address = $SUBNET.1/24
+	PreUp = udp2raw -s -l0.0.0.0:$UDP2RAW_PORT -r127.0.0.1:$PORT -k $UDP2RAW_PASSWORD --raw-mode faketcp --cipher-mode xor -a > /var/log/udp2raw.log &
 	PostUp   = sysctl net.ipv4.ip_forward=1 ; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-	PostDown = sysctl net.ipv4.ip_forward=0 ;iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+	PostDown = sysctl net.ipv4.ip_forward=0 ;iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ; killall udp2raw
 	ListenPort = $PORT
 	#DNS = 8.8.8.8
-	MTU = 1420
+	MTU = 1200
 
 	[Peer]
 	PublicKey = $CLIENT_PUB
@@ -110,7 +133,6 @@ configure_wireguard()
 	Address = $ip/32
 	DNS = 8.8.8.8
 
-
 	[Peer]
 	AllowedIPs = 0.0.0.0/0
 	Endpoint = $SERVER_PUBLIC_IP:$PORT
@@ -131,6 +153,55 @@ configure_wireguard()
 	rm client.conf
 }
 
+add_peer_udp2raw()
+{
+	read -p  "请输入要增加的用户名(英文+数字): "  peer_name
+
+	if [ -d /etc/wireguard/clients/$peer_name ]; then
+		echo "用户已经存在"
+		return;
+	fi
+
+	SERVER_PUBLIC_IP=$(get_public_ip)
+	subnet=$(cat /etc/wireguard/subnet)
+
+	ip=$subnet.$(expr $(cat /etc/wireguard/lastip | tr "." " " | awk '{print $4}') + 1)
+
+
+	wg genkey | tee client_priv | wg pubkey > client_pub
+
+	cat > client.conf <<-EOF
+	[Interface]
+	PrivateKey = $(cat client_priv)
+	Address = $ip/32
+	DNS = 8.8.8.8
+	PreUp = udp2raw -c -l0.0.0.0:$(cat /etc/wireguard/udp2raw_port) -r$SERVER_PUBLIC_IP:$(cat /etc/wireguard/udp2raw_port) -k $(cat /etc/wireguard/udp2raw_password) --raw-mode faketcp --cipher-mode xor -a > /var/log/udp2raw.log &
+	PostUp = ip rule add to $SERVER_PUBLIC_IP table main
+	PostDown = ip rule del to $SERVER_PUBLIC_IP table main; killall udp2raw
+
+	[Peer]
+	AllowedIPs = 0.0.0.0/0
+	Endpoint = 127.0.0.1:$(cat /etc/wireguard/udp2raw_port)
+	PublicKey = $(wg | grep 'public key:' | awk '{print $3}')
+
+	EOF
+
+	wg set wg0 peer $(cat client_pub) allowed-ips $ip/32
+
+	echo "$peer_name $(cat client_priv) $ip" >> /etc/wireguard/peers
+	echo $ip > /etc/wireguard/lastip
+
+	wg-quick save wg0
+
+	mkdir -p /etc/wireguard/clients/$peer_name/
+	cp client.conf /etc/wireguard/clients/$peer_name/
+
+	show_client_conf
+	rm client.conf
+	rm client_*
+}
+
+
 add_peer() 
 {
 	read -p  "请输入要增加的用户名(英文+数字): "  peer_name
@@ -204,9 +275,12 @@ start_menu(){
     echo "========================="
     echo "1. 重新安装配置Wireguard"
     echo "2. 增加用户"
-    echo "3. 删除用户"
-    echo "4. 用户列表"
-    echo "5. 退出脚本"
+    echo "3. 增加用户(udp2raw配置)"
+    echo "4. 删除用户"
+    
+    echo "5. 用户列表"
+
+    echo "6. 退出脚本"
     read -p "请输入数字:" num
     case "$num" in
     	1)
@@ -215,14 +289,18 @@ start_menu(){
 	2)
 		add_peer
 	;;
-	
+
 	3)
-		delete_peer
+		add_peer_udp2raw
 	;;
+
 	4)
-		list_peer
+		delete_peer
 	;;
 	5)
+		list_peer
+	;;
+	6)
 		exit 1
 	;;
 	*)
@@ -235,4 +313,3 @@ start_menu(){
 }
 
 start_menu
-

From cab7b4f717cf33957c09089ecbaf8c893b082bbf Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Thu, 15 Nov 2018 19:34:04 +0800
Subject: [PATCH 16/39] =?UTF-8?q?udp2raw=E5=8A=A0=E5=85=A5=E5=90=8E?=
 =?UTF-8?q?=EF=BC=8CMTU=E6=94=B9=E4=B8=BA1200?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_debian.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/install_debian.sh b/install_debian.sh
index bec6766..12b7405 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -131,8 +131,10 @@ configure_wireguard()
 	[Interface]
 	PrivateKey = $CLIENT_PRIV
 	Address = $ip/32
+	MTU = 1200
 	DNS = 8.8.8.8
 
+
 	[Peer]
 	AllowedIPs = 0.0.0.0/0
 	Endpoint = $SERVER_PUBLIC_IP:$PORT
@@ -174,6 +176,7 @@ add_peer_udp2raw()
 	[Interface]
 	PrivateKey = $(cat client_priv)
 	Address = $ip/32
+	MTU = 1200
 	DNS = 8.8.8.8
 	PreUp = udp2raw -c -l0.0.0.0:$(cat /etc/wireguard/udp2raw_port) -r$SERVER_PUBLIC_IP:$(cat /etc/wireguard/udp2raw_port) -k $(cat /etc/wireguard/udp2raw_password) --raw-mode faketcp --cipher-mode xor -a > /var/log/udp2raw.log &
 	PostUp = ip rule add to $SERVER_PUBLIC_IP table main
@@ -221,6 +224,7 @@ add_peer()
 	[Interface]
 	PrivateKey = $(cat client_priv)
 	Address = $ip/32
+	MTU = 1200
 	DNS = 8.8.8.8
 
 	[Peer]

From 3e8b093cef583c012c28c2d14a5fb407f8af382c Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Thu, 15 Nov 2018 19:55:26 +0800
Subject: [PATCH 17/39] =?UTF-8?q?udp2raw=E9=85=8D=E7=BD=AE=E9=BB=98?=
 =?UTF-8?q?=E8=AE=A4=E5=A2=9E=E5=8A=A0=E8=B7=AF=E7=94=B1=E8=A7=84=E5=88=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

TCPMSS 和开启路由
---
 install_debian.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/install_debian.sh b/install_debian.sh
index 12b7405..c281857 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -179,8 +179,8 @@ add_peer_udp2raw()
 	MTU = 1200
 	DNS = 8.8.8.8
 	PreUp = udp2raw -c -l0.0.0.0:$(cat /etc/wireguard/udp2raw_port) -r$SERVER_PUBLIC_IP:$(cat /etc/wireguard/udp2raw_port) -k $(cat /etc/wireguard/udp2raw_password) --raw-mode faketcp --cipher-mode xor -a > /var/log/udp2raw.log &
-	PostUp = ip rule add to $SERVER_PUBLIC_IP table main
-	PostDown = ip rule del to $SERVER_PUBLIC_IP table main; killall udp2raw
+	PostUp = ip rule add to $SERVER_PUBLIC_IP table main; iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu ; sysctl  net.ipv4.ip_forward=1
+	PostDown = ip rule del to $SERVER_PUBLIC_IP table main; killall udp2raw ; iptables -D FORWARD -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu ; sysctl  net.ipv4.ip_forward=0
 
 	[Peer]
 	AllowedIPs = 0.0.0.0/0

From ed17cdcef3214dc481abe85f4c9bd2aada42ef16 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Thu, 15 Nov 2018 19:59:30 +0800
Subject: [PATCH 18/39] =?UTF-8?q?=E5=A2=9E=E5=8A=A0udp2raw=E6=8E=A5?=
 =?UTF-8?q?=E5=8F=A3=E6=97=B6=EF=BC=8C=E6=8F=90=E7=A4=BA=E8=BE=93=E5=85=A5?=
 =?UTF-8?q?=E5=B1=80=E5=9F=9F=E7=BD=91=E7=BD=91=E6=AE=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_debian.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/install_debian.sh b/install_debian.sh
index c281857..3ca4a7e 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -164,6 +164,9 @@ add_peer_udp2raw()
 		return;
 	fi
 
+	read -p "请输入局域网网段(例如192.168.0.0): "  lan_ip
+
+
 	SERVER_PUBLIC_IP=$(get_public_ip)
 	subnet=$(cat /etc/wireguard/subnet)
 
@@ -183,7 +186,7 @@ add_peer_udp2raw()
 	PostDown = ip rule del to $SERVER_PUBLIC_IP table main; killall udp2raw ; iptables -D FORWARD -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu ; sysctl  net.ipv4.ip_forward=0
 
 	[Peer]
-	AllowedIPs = 0.0.0.0/0
+	AllowedIPs = 0.0.0.0/0,$lan_ip/24
 	Endpoint = 127.0.0.1:$(cat /etc/wireguard/udp2raw_port)
 	PublicKey = $(wg | grep 'public key:' | awk '{print $3}')
 

From a8932b7f5b3a419ef872069057814a0712bb02df Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Thu, 15 Nov 2018 20:06:47 +0800
Subject: [PATCH 19/39] =?UTF-8?q?=E5=B1=80=E5=9F=9F=E7=BD=91IP?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_debian.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install_debian.sh b/install_debian.sh
index 3ca4a7e..022ca8c 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -192,7 +192,7 @@ add_peer_udp2raw()
 
 	EOF
 
-	wg set wg0 peer $(cat client_pub) allowed-ips $ip/32
+	wg set wg0 peer $(cat client_pub) allowed-ips $ip/32,$lan_ip/24
 
 	echo "$peer_name $(cat client_priv) $ip" >> /etc/wireguard/peers
 	echo $ip > /etc/wireguard/lastip

From 786321fd211bb4954c24baa687fc9fbc68f81c00 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Thu, 15 Nov 2018 20:11:01 +0800
Subject: [PATCH 20/39] =?UTF-8?q?=E5=B1=80=E5=9F=9F=E7=BD=91IP2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_debian.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install_debian.sh b/install_debian.sh
index 022ca8c..218bf29 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -186,7 +186,7 @@ add_peer_udp2raw()
 	PostDown = ip rule del to $SERVER_PUBLIC_IP table main; killall udp2raw ; iptables -D FORWARD -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu ; sysctl  net.ipv4.ip_forward=0
 
 	[Peer]
-	AllowedIPs = 0.0.0.0/0,$lan_ip/24
+	AllowedIPs = 0.0.0.0/0
 	Endpoint = 127.0.0.1:$(cat /etc/wireguard/udp2raw_port)
 	PublicKey = $(wg | grep 'public key:' | awk '{print $3}')
 

From 2266bc1036cd485da030f2002fcb850a956ff074 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Fri, 16 Nov 2018 13:11:27 +0800
Subject: [PATCH 21/39] =?UTF-8?q?PreUp,PostDown=20=E7=AD=89=E5=88=86?=
 =?UTF-8?q?=E8=A1=8C=E5=86=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_debian.sh | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/install_debian.sh b/install_debian.sh
index 218bf29..811c4d3 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -116,8 +116,11 @@ configure_wireguard()
 	PrivateKey = $SERVER_PRIV
 	Address = $SUBNET.1/24
 	PreUp = udp2raw -s -l0.0.0.0:$UDP2RAW_PORT -r127.0.0.1:$PORT -k $UDP2RAW_PASSWORD --raw-mode faketcp --cipher-mode xor -a > /var/log/udp2raw.log &
-	PostUp   = sysctl net.ipv4.ip_forward=1 ; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-	PostDown = sysctl net.ipv4.ip_forward=0 ;iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ; killall udp2raw
+	PostUp   = sysctl net.ipv4.ip_forward=1
+	PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+	PostDown = sysctl net.ipv4.ip_forward=0 ;
+	PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+	PostDown = killall udp2raw
 	ListenPort = $PORT
 	#DNS = 8.8.8.8
 	MTU = 1200
@@ -182,8 +185,13 @@ add_peer_udp2raw()
 	MTU = 1200
 	DNS = 8.8.8.8
 	PreUp = udp2raw -c -l0.0.0.0:$(cat /etc/wireguard/udp2raw_port) -r$SERVER_PUBLIC_IP:$(cat /etc/wireguard/udp2raw_port) -k $(cat /etc/wireguard/udp2raw_password) --raw-mode faketcp --cipher-mode xor -a > /var/log/udp2raw.log &
-	PostUp = ip rule add to $SERVER_PUBLIC_IP table main; iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu ; sysctl  net.ipv4.ip_forward=1
-	PostDown = ip rule del to $SERVER_PUBLIC_IP table main; killall udp2raw ; iptables -D FORWARD -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu ; sysctl  net.ipv4.ip_forward=0
+	PostUp = ip rule add to $SERVER_PUBLIC_IP table main
+	PostUp = iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu
+	PostUp =  sysctl net.ipv4.ip_forward=1
+	PostDown = killall udp2raw
+	PostDown = iptables -D FORWARD -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu
+	PostDown = sysctl net.ipv4.ip_forward=0
+	PostDown = ip rule del to $SERVER_PUBLIC_IP table main
 
 	[Peer]
 	AllowedIPs = 0.0.0.0/0

From 69ef44aec8080113a5a7ed5727edef46808a9ec4 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Tue, 20 Nov 2018 18:31:55 +0800
Subject: [PATCH 22/39] =?UTF-8?q?=E9=80=8F=E6=98=8E=E4=BB=A3=E7=90=86:=20w?=
 =?UTF-8?q?ireguard=20+=20udp2raw=20+=20dnsmasq-gfwlsit?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_debian.sh | 20 +++++++---
 install_tproxy.sh | 93 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 108 insertions(+), 5 deletions(-)
 create mode 100755 install_tproxy.sh

diff --git a/install_debian.sh b/install_debian.sh
index 811c4d3..ca17db4 100755
--- a/install_debian.sh
+++ b/install_debian.sh
@@ -184,14 +184,24 @@ add_peer_udp2raw()
 	Address = $ip/32
 	MTU = 1200
 	DNS = 8.8.8.8
+
 	PreUp = udp2raw -c -l0.0.0.0:$(cat /etc/wireguard/udp2raw_port) -r$SERVER_PUBLIC_IP:$(cat /etc/wireguard/udp2raw_port) -k $(cat /etc/wireguard/udp2raw_password) --raw-mode faketcp --cipher-mode xor -a > /var/log/udp2raw.log &
+	PostUp = iptables -A POSTROUTING -t mangle -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu
+	PostUp = iptables -t mangle -A OUTPUT -m set --match-set gfwlist dst -j  MARK  --set-mark 2222
+	PostUp = iptables -t mangle -A PREROUTING -m set --match-set gfwlist dst -j  MARK  --set-mark 2222
+	PostUp = ip rule add fwmark 51820 lookup main
+	PostUp = ip rule add fwmark 2222 lookup 51820
+	PostUp = ip rule add to 8.8.8.8 lookup 51820
 	PostUp = ip rule add to $SERVER_PUBLIC_IP table main
-	PostUp = iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu
-	PostUp =  sysctl net.ipv4.ip_forward=1
-	PostDown = killall udp2raw
-	PostDown = iptables -D FORWARD -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu
+	PostUp = ip rule add to $SUBNET.0/24 lookup 51820
+	PostUp = ip rule del not fwmark 51820 lookup 51820
+	PostUp = sysctl net.ipv4.ip_forward=1
+
+	PostDown = killall udp2raw || echo "no udp2raw"
+	PostDown = iptables -D POSTROUTING -t mangle -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu
+	PostDown = iptables -t mangle -D OUTPUT -m set --match-set gfwlist dst -j  MARK  --set-mark 2222
+	PostDown = iptables -t mangle -D PREROUTING -m set --match-set gfwlist dst -j  MARK  --set-mark 2222
 	PostDown = sysctl net.ipv4.ip_forward=0
-	PostDown = ip rule del to $SERVER_PUBLIC_IP table main
 
 	[Peer]
 	AllowedIPs = 0.0.0.0/0
diff --git a/install_tproxy.sh b/install_tproxy.sh
new file mode 100755
index 0000000..03ac619
--- /dev/null
+++ b/install_tproxy.sh
@@ -0,0 +1,93 @@
+#!/bin/bash 
+# 配置透明代理路由器
+
+# 需要与Wireguard一键脚本所生成的UDP2RAW客户端配置文件相配合
+# 适合Debian/Ubuntu 桌面/服务器系统，用于做软路由透明代理
+# 需要使用root权限运行
+GFWLIST_IPSET=gfwlist
+GFWLIST_TIMEOUT=3600
+
+install_udp2raw()
+{
+	[ -e /usr/local/bin/udp2raw ] && return ; 
+
+        rm -rf udp2raw-tunnel
+        git clone https://github.com/wangyu-/udp2raw-tunnel.git
+        cd udp2raw-tunnel
+        make
+        cp udp2raw  /usr/local/bin
+        cd -
+}
+
+install_packages()
+{
+        if grep -q Debian /etc/issue || grep -q Ubuntu /etc/issue ;  then
+		apt purge -y dnsmasq
+		rm -rf /etc/dnsmasq.conf
+		rm -rf /etc/dnsmasq.d
+                apt install -y dnsmasq dnsutils resolvconf wget curl ipset sed
+                apt install -y gettext build-essential unzip gzip openssl libssl-dev \
+                                                autoconf automake libtool gcc g++ make zlib1g-dev \
+                                                libev-dev libc-ares-dev git
+ 
+		if ! wg > /dev/null ; then 
+                	echo "Install Wireguard"
+                	echo "deb http://deb.debian.org/debian/ unstable main"  > /etc/apt/sources.list.d/unstable.list
+                	printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' >  /etc/apt/preferences.d/limit-unstable
+                	apt update
+               		apt install -y dkms linux-headers-`uname -r`
+                	apt install -y  wireguard
+		fi
+        fi
+
+        if [ -f /etc/centos-release ] ; then
+                curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
+                yum install -y epel-release
+                yum install -y wireguard-dkms wireguard-tools
+                yum install -y bind-utils
+                yum install -y  unzip gzip openssl openssl-devel gcc libtool libevent \
+                                                autoconf automake make curl curl-devel zlib-devel  cpio gettext-devel \
+                                                libev-devel c-ares-devel git
+        fi
+
+	if ! [ -e /usr/local/bin/gfwlist2dnsmasq.sh ];  then
+                wget https://raw.githubusercontent.com/cokebar/gfwlist2dnsmasq/master/gfwlist2dnsmasq.sh
+                chmod +x gfwlist2dnsmasq.sh
+		mv gfwlist2dnsmasq.sh /usr/local/bin/
+        fi
+	
+	install_udp2raw
+}
+
+
+config_dnsmasq()
+{
+	if (cat /etc/issue | grep -q 'Ubuntu' | grep -q  '18.' ) ; then
+        	if  !(grep -q "DNSStubListener=no" /etc/systemd/resolved.conf) ; then
+			echo "disable systemd-resolved server"
+        		sudo echo "DNSStubListener=no" >> /etc/systemd/resolved.conf
+        		service systemd-resolved restart
+		fi 
+	fi
+	
+	grep -q  "server=223.5.5.5"  /etc/dnsmasq.conf ||  echo "server=223.5.5.5" >> /etc/dnsmasq.conf
+	
+	ipset destroy $GFWLIST_IPSET
+        ipset create $GFWLIST_IPSET  hash:ip family inet timeout $GFWLIST_TIMEOUT
+	/usr/local/bin/gfwlist2dnsmasq.sh -d 8.8.8.8 -p 53 -s $GFWLIST_IPSET -o /etc/dnsmasq.d/gfwlist.conf
+	
+	echo "0 0 * * 0  cd /tmp && /usr/local/bin/gfwlist2dnsmasq.sh -s ss_rules_dst_forward_gfwlist -o /etc/dnsmasq.d/gfwlist.conf && /etc/init.d/dnsmasq restart> /dev/null"  > /tmp/crontab.root	
+
+	crontab /tmp/crontab.root
+	service dnsmasq restart
+	
+}
+
+
+main()
+{
+	install_packages
+	config_dnsmasq
+}
+
+main

From ff1a5a39b757182d6f049be39cbbcd7a6b489903 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Tue, 20 Nov 2018 18:33:46 +0800
Subject: [PATCH 23/39] =?UTF-8?q?install=5Fdebian.sh=20=E6=9B=B4=E5=90=8D?=
 =?UTF-8?q?=E4=B8=BAwg.sh?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

修改说明文字
---
 install_debian.sh => wg.sh | 3 ---
 1 file changed, 3 deletions(-)
 rename install_debian.sh => wg.sh (98%)

diff --git a/install_debian.sh b/wg.sh
similarity index 98%
rename from install_debian.sh
rename to wg.sh
index ca17db4..6815580 100755
--- a/install_debian.sh
+++ b/wg.sh
@@ -293,10 +293,7 @@ list_peer()
 
 start_menu(){
     echo "========================="
-    echo " 介绍：适用于Debian"
     echo " 作者：基于atrandys版本修改"
-    echo " 网站：www.atrandys.com"Add peer
-    echo " Youtube：atrandys"
     echo "========================="
     echo "1. 重新安装配置Wireguard"
     echo "2. 增加用户"

From 51507f0f25dcdf212ef4e0aa31eeec407dd8475f Mon Sep 17 00:00:00 2001
From: YUANSUYI <nbysy@qq.com>
Date: Tue, 20 Nov 2018 19:12:34 +0800
Subject: [PATCH 24/39] Update README.md

---
 README.md | 37 +++++++++++++++++++++++++++++++------
 1 file changed, 31 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 8bbcc71..c5a9572 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,33 @@
-# wireguard一键脚本
+# wireguard一键配置脚本 (含服务器端与客户端)
+
+## 初次安装
+wget wget --no-check-certificate  https://raw.githubusercontent.com/ysy/wireguard/master/wg.sh && chmod +x wg.sh && ./wg.sh
+
+选择 1.重新安装配置Wireguard
+配置完成后，会以红字显示第一个客户端配置文件的内容，拷贝到客户端或生成二维码即可使用。
+
+
+## 增加用户
+选择 2.增加用户 <br>
+输入用户名，即会生成客户端配置文件 <br>
+
+## 删除用户
+选择 4.删除用户 <br>
+输入用户名，即可删除 <br>
+
+## 配置透明代理软路由
+目前透明代理软路由只在Ubuntu系统上测试过 <br>
+### 客户端配置
+wget wget --no-check-certificate  https://raw.githubusercontent.com/ysy/wireguard/master/install_tproxy.sh && chmod +x install_tproxy.sh && ./install_tproxy.sh <br>
+
+### 服务器端配置
+选择 3. 增加用户(udp2raw配置) <br>
+输入用户名，再输入软路由下设的局域网地址段 (如: 192.168.0.0) <br>
+脚本会自动生成客户端的wg配置文件，将其文件拷贝至软路由(Ubuntu系统）的 /etc/wireguard/wg0.conf <br>
+在软路由上运行  wg-quick up wg0  <br>
+需要将终端机的网关和DNS设为软路由的地个址（如: 192.168.0.1 或 192.168.0.2 等) <br>
+这个配置会根据域名是否在GfwList中来做分流，所以必须将终端机的DNS为软路由的地址。 <br>
+另外，在软路由的wg0口上没有做NAT，整个局域网的地址段跟服务器是相通的，可以在服务器上PING通局域网上的主机。如果配置多个客户端时，注意局域网地址段不能一样，否则无法路由。如果有多个局域网接入，这些局域网也是相通的，如果认为有安全风险，请自行增加iptables规则。<br>
+
 
-#### wireguard_install.sh
-##### 适用于CentOS 7, 单用户版本，如需增加用户需要手动增加
 
-#### install_debian.sh
-##### 适用于 debian 9 (只在GCP上测试过)。支持增加删除用户
-##### 如果系统上已经安装好wireguard, 也可以使用此脚本管理

From 58fce62e434259442f0048c9e8ee26d010a2feb2 Mon Sep 17 00:00:00 2001
From: YUANSUYI <nbysy@qq.com>
Date: Tue, 20 Nov 2018 19:14:36 +0800
Subject: [PATCH 25/39] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c5a9572..f2a03ba 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,7 @@ wget wget --no-check-certificate  https://raw.githubusercontent.com/ysy/wireguar
 输入用户名，再输入软路由下设的局域网地址段 (如: 192.168.0.0) <br>
 脚本会自动生成客户端的wg配置文件，将其文件拷贝至软路由(Ubuntu系统）的 /etc/wireguard/wg0.conf <br>
 在软路由上运行  wg-quick up wg0  <br>
-需要将终端机的网关和DNS设为软路由的地个址（如: 192.168.0.1 或 192.168.0.2 等) <br>
+需要将终端机的网关和DNS设为软路由的地址（如: 192.168.0.1 或 192.168.0.2 等) <br>
 这个配置会根据域名是否在GfwList中来做分流，所以必须将终端机的DNS为软路由的地址。 <br>
 另外，在软路由的wg0口上没有做NAT，整个局域网的地址段跟服务器是相通的，可以在服务器上PING通局域网上的主机。如果配置多个客户端时，注意局域网地址段不能一样，否则无法路由。如果有多个局域网接入，这些局域网也是相通的，如果认为有安全风险，请自行增加iptables规则。<br>
 

From 8ab95ec1bff4f2f6acaaa8752d48a4e6aee0d58a Mon Sep 17 00:00:00 2001
From: YUANSUYI <nbysy@qq.com>
Date: Tue, 20 Nov 2018 19:15:20 +0800
Subject: [PATCH 26/39] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f2a03ba..a5255fb 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
 ## 初次安装
 wget wget --no-check-certificate  https://raw.githubusercontent.com/ysy/wireguard/master/wg.sh && chmod +x wg.sh && ./wg.sh
 
-选择 1.重新安装配置Wireguard
+选择 1.重新安装配置Wireguard <br>
 配置完成后，会以红字显示第一个客户端配置文件的内容，拷贝到客户端或生成二维码即可使用。
 
 

From 1150b87d85921879f97c7c906564f834b18e5c18 Mon Sep 17 00:00:00 2001
From: YUANSUYI <nbysy@qq.com>
Date: Wed, 21 Nov 2018 13:24:13 +0800
Subject: [PATCH 27/39] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a5255fb..1769c66 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ wget wget --no-check-certificate  https://raw.githubusercontent.com/ysy/wireguar
 ## 配置透明代理软路由
 目前透明代理软路由只在Ubuntu系统上测试过 <br>
 ### 客户端配置
-wget wget --no-check-certificate  https://raw.githubusercontent.com/ysy/wireguard/master/install_tproxy.sh && chmod +x install_tproxy.sh && ./install_tproxy.sh <br>
+wget --no-check-certificate  https://raw.githubusercontent.com/ysy/wireguard/master/install_tproxy.sh && chmod +x install_tproxy.sh && ./install_tproxy.sh <br>
 
 ### 服务器端配置
 选择 3. 增加用户(udp2raw配置) <br>

From 06fb92ac7d680ea35426458c4fd7a21a47533d2d Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Mon, 3 Dec 2018 10:10:59 +0800
Subject: [PATCH 28/39] =?UTF-8?q?=E4=BF=AE=E6=94=B9crontab=20=E9=94=99?=
 =?UTF-8?q?=E8=AF=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install_tproxy.sh | 2 +-
 wg.sh             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/install_tproxy.sh b/install_tproxy.sh
index 03ac619..eae6d9f 100755
--- a/install_tproxy.sh
+++ b/install_tproxy.sh
@@ -76,7 +76,7 @@ config_dnsmasq()
         ipset create $GFWLIST_IPSET  hash:ip family inet timeout $GFWLIST_TIMEOUT
 	/usr/local/bin/gfwlist2dnsmasq.sh -d 8.8.8.8 -p 53 -s $GFWLIST_IPSET -o /etc/dnsmasq.d/gfwlist.conf
 	
-	echo "0 0 * * 0  cd /tmp && /usr/local/bin/gfwlist2dnsmasq.sh -s ss_rules_dst_forward_gfwlist -o /etc/dnsmasq.d/gfwlist.conf && /etc/init.d/dnsmasq restart> /dev/null"  > /tmp/crontab.root	
+	echo "0 0 * * 0  cd /tmp && /usr/local/bin/gfwlist2dnsmasq.sh -d 8.8.8.8 -p 53 -s $GFWLIST_IPSET -o /etc/dnsmasq.d/gfwlist.conf && /etc/init.d/dnsmasq restart> /dev/null"  > /tmp/crontab.root	
 
 	crontab /tmp/crontab.root
 	service dnsmasq restart
diff --git a/wg.sh b/wg.sh
index 6815580..280824b 100755
--- a/wg.sh
+++ b/wg.sh
@@ -196,7 +196,7 @@ add_peer_udp2raw()
 	PostUp = ip rule add to $SUBNET.0/24 lookup 51820
 	PostUp = ip rule del not fwmark 51820 lookup 51820
 	PostUp = sysctl net.ipv4.ip_forward=1
-
+	PostUp = systemctl restart dnsmasq
 	PostDown = killall udp2raw || echo "no udp2raw"
 	PostDown = iptables -D POSTROUTING -t mangle -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu
 	PostDown = iptables -t mangle -D OUTPUT -m set --match-set gfwlist dst -j  MARK  --set-mark 2222

From 0e08b3c81a8fa1df3eed707e6e046f30d3a4179d Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Tue, 4 Dec 2018 13:29:12 +0800
Subject: [PATCH 29/39] create gfwlist ipset

---
 wg.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/wg.sh b/wg.sh
index 280824b..5f48051 100755
--- a/wg.sh
+++ b/wg.sh
@@ -186,6 +186,7 @@ add_peer_udp2raw()
 	DNS = 8.8.8.8
 
 	PreUp = udp2raw -c -l0.0.0.0:$(cat /etc/wireguard/udp2raw_port) -r$SERVER_PUBLIC_IP:$(cat /etc/wireguard/udp2raw_port) -k $(cat /etc/wireguard/udp2raw_password) --raw-mode faketcp --cipher-mode xor -a > /var/log/udp2raw.log &
+	PreUp = ipset create gfwlist hash:ip family inet timeout 3600 || echo "gfwlist create" > /dev/null
 	PostUp = iptables -A POSTROUTING -t mangle -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu
 	PostUp = iptables -t mangle -A OUTPUT -m set --match-set gfwlist dst -j  MARK  --set-mark 2222
 	PostUp = iptables -t mangle -A PREROUTING -m set --match-set gfwlist dst -j  MARK  --set-mark 2222

From bae07482e8538f8f87acad7e413d5410fd6ca468 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Mon, 21 Jan 2019 13:23:17 +0800
Subject: [PATCH 30/39] fix: dig ipv4

---
 wg.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wg.sh b/wg.sh
index 5f48051..27a1129 100755
--- a/wg.sh
+++ b/wg.sh
@@ -18,7 +18,7 @@ rand(){
 
 get_public_ip()
 {
-	dig +short myip.opendns.com @resolver1.opendns.com
+	dig -4 +short myip.opendns.com @resolver1.opendns.com
 }
 
 

From 4f8bc497b28310834143aba6376031a10ad28e0a Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Mon, 21 Jan 2019 13:56:00 +0800
Subject: [PATCH 31/39] fix: udp2raw client config: wg0 replaced with %i

---
 wg.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wg.sh b/wg.sh
index 27a1129..2ca38b5 100755
--- a/wg.sh
+++ b/wg.sh
@@ -187,7 +187,7 @@ add_peer_udp2raw()
 
 	PreUp = udp2raw -c -l0.0.0.0:$(cat /etc/wireguard/udp2raw_port) -r$SERVER_PUBLIC_IP:$(cat /etc/wireguard/udp2raw_port) -k $(cat /etc/wireguard/udp2raw_password) --raw-mode faketcp --cipher-mode xor -a > /var/log/udp2raw.log &
 	PreUp = ipset create gfwlist hash:ip family inet timeout 3600 || echo "gfwlist create" > /dev/null
-	PostUp = iptables -A POSTROUTING -t mangle -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu
+	PostUp = iptables -A POSTROUTING -t mangle -p tcp --tcp-flags SYN,RST SYN -o %i -j TCPMSS  --clamp-mss-to-pmtu
 	PostUp = iptables -t mangle -A OUTPUT -m set --match-set gfwlist dst -j  MARK  --set-mark 2222
 	PostUp = iptables -t mangle -A PREROUTING -m set --match-set gfwlist dst -j  MARK  --set-mark 2222
 	PostUp = ip rule add fwmark 51820 lookup main
@@ -199,7 +199,7 @@ add_peer_udp2raw()
 	PostUp = sysctl net.ipv4.ip_forward=1
 	PostUp = systemctl restart dnsmasq
 	PostDown = killall udp2raw || echo "no udp2raw"
-	PostDown = iptables -D POSTROUTING -t mangle -p tcp --tcp-flags SYN,RST SYN -o wg0 -j TCPMSS  --clamp-mss-to-pmtu
+	PostDown = iptables -D POSTROUTING -t mangle -p tcp --tcp-flags SYN,RST SYN -o %i -j TCPMSS  --clamp-mss-to-pmtu
 	PostDown = iptables -t mangle -D OUTPUT -m set --match-set gfwlist dst -j  MARK  --set-mark 2222
 	PostDown = iptables -t mangle -D PREROUTING -m set --match-set gfwlist dst -j  MARK  --set-mark 2222
 	PostDown = sysctl net.ipv4.ip_forward=0

From 9a716c958cbd74adf38f8bba7fccb9e217a2513e Mon Sep 17 00:00:00 2001
From: YUANSUYI <nbysy@qq.com>
Date: Mon, 21 Jan 2019 13:58:16 +0800
Subject: [PATCH 32/39] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1769c66..d3000c9 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # wireguard一键配置脚本 (含服务器端与客户端)
 
 ## 初次安装
-wget wget --no-check-certificate  https://raw.githubusercontent.com/ysy/wireguard/master/wg.sh && chmod +x wg.sh && ./wg.sh
+wget --no-check-certificate  https://raw.githubusercontent.com/ysy/wireguard/master/wg.sh && chmod +x wg.sh && ./wg.sh
 
 选择 1.重新安装配置Wireguard <br>
 配置完成后，会以红字显示第一个客户端配置文件的内容，拷贝到客户端或生成二维码即可使用。

From 9df49f254f3ee0db4d3f255c442ac6736826bfb3 Mon Sep 17 00:00:00 2001
From: YUANSUYI <nbysy@qq.com>
Date: Tue, 22 Jan 2019 13:18:12 +0800
Subject: [PATCH 33/39] Update README.md

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d3000c9..a301e96 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,8 @@ wget --no-check-certificate  https://raw.githubusercontent.com/ysy/wireguard/mas
 
 ### 服务器端配置
 选择 3. 增加用户(udp2raw配置) <br>
-输入用户名，再输入软路由下设的局域网地址段 (如: 192.168.0.0) <br>
+输入用户名，再输入软路由下设的局域网地址段 (如: 192.168.0.0) <br> 
+完成后，重启下wg0接口(wg-quick down wg0 && wg-quick up wg0)<br>
 脚本会自动生成客户端的wg配置文件，将其文件拷贝至软路由(Ubuntu系统）的 /etc/wireguard/wg0.conf <br>
 在软路由上运行  wg-quick up wg0  <br>
 需要将终端机的网关和DNS设为软路由的地址（如: 192.168.0.1 或 192.168.0.2 等) <br>

From ccc1281b3c9b8c3314d77b1d55ba24c92b10012c Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Tue, 22 Jan 2019 13:20:28 +0800
Subject: [PATCH 34/39] =?UTF-8?q?fix:=20=E5=8A=A0=E5=85=A5udp2raw=E6=8E=A5?=
 =?UTF-8?q?=E5=8F=A3=E5=90=8E=E9=87=8D=E5=90=AF=20wg0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wg.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wg.sh b/wg.sh
index 2ca38b5..59f2d29 100755
--- a/wg.sh
+++ b/wg.sh
@@ -224,6 +224,8 @@ add_peer_udp2raw()
 	show_client_conf
 	rm client.conf
 	rm client_*
+	wg-quick down wg0
+	wg-quick up wg0
 }
 
 

From 379f198cc3d636feb18512a4f56855d4a2933184 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Tue, 22 Jan 2019 13:24:20 +0800
Subject: [PATCH 35/39] fix: add psmisc for killall command

---
 wg.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wg.sh b/wg.sh
index 59f2d29..d80a87f 100755
--- a/wg.sh
+++ b/wg.sh
@@ -33,7 +33,7 @@ install_wireguard()
 		echo "deb http://deb.debian.org/debian/ unstable main"  > /etc/apt/sources.list.d/unstable.list
 		printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' >  /etc/apt/preferences.d/limit-unstable
 		apt update
-		apt install -y  wireguard resolvconf dnsutils
+		apt install -y  wireguard resolvconf dnsutils psmisc
 		apt install -y gettext build-essential unzip gzip openssl libssl-dev \
 						autoconf automake libtool gcc g++ make zlib1g-dev \
 						libev-dev libc-ares-dev git

From d4bf4e9733ef1ddc5ee139b09666bf83334adcb5 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Tue, 22 Jan 2019 13:36:40 +0800
Subject: [PATCH 36/39] =?UTF-8?q?fix:=20=E9=BB=98=E8=AE=A4=E6=8E=A5?=
 =?UTF-8?q?=E5=8F=A3=E4=B8=8D=E4=B8=80=E5=AE=9A=E6=98=AFeth0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wg.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/wg.sh b/wg.sh
index d80a87f..8b94db4 100755
--- a/wg.sh
+++ b/wg.sh
@@ -99,6 +99,7 @@ configure_wireguard()
 	CLIENT_PUB=$(cat client_pub)
 	CLIENT_PRIV=$(cat client_priv)
 
+	DEF_IFACE=`route | grep default | awk '{ print $8}'`
 	echo $SERVER_PUB > /etc/wireguard/server_pubkey
 	
 	PORT=$(rand 20000 60000)
@@ -117,9 +118,9 @@ configure_wireguard()
 	Address = $SUBNET.1/24
 	PreUp = udp2raw -s -l0.0.0.0:$UDP2RAW_PORT -r127.0.0.1:$PORT -k $UDP2RAW_PASSWORD --raw-mode faketcp --cipher-mode xor -a > /var/log/udp2raw.log &
 	PostUp   = sysctl net.ipv4.ip_forward=1
-	PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+	PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ${DEF_IFACE}  -j MASQUERADE
 	PostDown = sysctl net.ipv4.ip_forward=0 ;
-	PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+	PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ${DEF_IFACE}  -j MASQUERADE
 	PostDown = killall udp2raw
 	ListenPort = $PORT
 	#DNS = 8.8.8.8

From 1d780ea9b91bed1585a467df5eeac63a401662b3 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Thu, 9 May 2019 18:03:19 +0800
Subject: [PATCH 37/39] fix: ubuntu

---
 wg.sh | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/wg.sh b/wg.sh
index 8b94db4..7c12a49 100755
--- a/wg.sh
+++ b/wg.sh
@@ -33,12 +33,24 @@ install_wireguard()
 		echo "deb http://deb.debian.org/debian/ unstable main"  > /etc/apt/sources.list.d/unstable.list
 		printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' >  /etc/apt/preferences.d/limit-unstable
 		apt update
-		apt install -y  wireguard resolvconf dnsutils psmisc
+		apt install -y  wireguard resolvconf dnsutils psmisc gcc make g++ 
 		apt install -y gettext build-essential unzip gzip openssl libssl-dev \
 						autoconf automake libtool gcc g++ make zlib1g-dev \
 						libev-dev libc-ares-dev git
 	fi
 
+	if grep Ubuntu /etc/issue ; then
+		echo "Install Wireguard"
+		add-apt-repository ppa:wireguard/wireguard
+		apt update
+                apt install -y  wireguard resolvconf dnsutils psmisc gcc make g++
+                apt install -y gettext build-essential unzip gzip openssl libssl-dev \
+                                                autoconf automake libtool gcc g++ make zlib1g-dev \
+                                                libev-dev libc-ares-dev git
+
+	fi
+
+
 	if [ -f /etc/centos-release ] ; then
 		curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
 		yum install -y epel-release

From 10b8721969988b336b5e042fbdab4cdd6dd6c26f Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Thu, 9 May 2019 18:11:02 +0800
Subject: [PATCH 38/39] fix missing linux-headers

---
 wg.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wg.sh b/wg.sh
index 7c12a49..8530a41 100755
--- a/wg.sh
+++ b/wg.sh
@@ -33,6 +33,7 @@ install_wireguard()
 		echo "deb http://deb.debian.org/debian/ unstable main"  > /etc/apt/sources.list.d/unstable.list
 		printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' >  /etc/apt/preferences.d/limit-unstable
 		apt update
+		apt install linux-headers-`uname -r`
 		apt install -y  wireguard resolvconf dnsutils psmisc gcc make g++ 
 		apt install -y gettext build-essential unzip gzip openssl libssl-dev \
 						autoconf automake libtool gcc g++ make zlib1g-dev \
@@ -43,7 +44,8 @@ install_wireguard()
 		echo "Install Wireguard"
 		add-apt-repository ppa:wireguard/wireguard
 		apt update
-                apt install -y  wireguard resolvconf dnsutils psmisc gcc make g++
+                apt install linux-headers-`uname -r`
+		apt install -y  wireguard resolvconf dnsutils psmisc gcc make g++
                 apt install -y gettext build-essential unzip gzip openssl libssl-dev \
                                                 autoconf automake libtool gcc g++ make zlib1g-dev \
                                                 libev-dev libc-ares-dev git

From 3b924eafdab85c6caf30843727ac607a7dd72d79 Mon Sep 17 00:00:00 2001
From: YuanSuyi <yuansuyi@hzdusun.com>
Date: Mon, 13 May 2019 18:32:17 +0800
Subject: [PATCH 39/39] to fit snoylogy

---
 wg.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wg.sh b/wg.sh
index 8530a41..fcb862b 100755
--- a/wg.sh
+++ b/wg.sh
@@ -198,9 +198,9 @@ add_peer_udp2raw()
 	PrivateKey = $(cat client_priv)
 	Address = $ip/32
 	MTU = 1200
-	DNS = 8.8.8.8
+	#DNS = 8.8.8.8
 
-	PreUp = udp2raw -c -l0.0.0.0:$(cat /etc/wireguard/udp2raw_port) -r$SERVER_PUBLIC_IP:$(cat /etc/wireguard/udp2raw_port) -k $(cat /etc/wireguard/udp2raw_password) --raw-mode faketcp --cipher-mode xor -a > /var/log/udp2raw.log &
+	PreUp = udp2raw -c -l0.0.0.0:$(cat /etc/wireguard/udp2raw_port) -r$SERVER_PUBLIC_IP:$(cat /etc/wireguard/udp2raw_port) -k $(cat /etc/wireguard/udp2raw_password) --raw-mode faketcp --cipher-mode xor -a > /dev/null &
 	PreUp = ipset create gfwlist hash:ip family inet timeout 3600 || echo "gfwlist create" > /dev/null
 	PostUp = iptables -A POSTROUTING -t mangle -p tcp --tcp-flags SYN,RST SYN -o %i -j TCPMSS  --clamp-mss-to-pmtu
 	PostUp = iptables -t mangle -A OUTPUT -m set --match-set gfwlist dst -j  MARK  --set-mark 2222
@@ -212,7 +212,7 @@ add_peer_udp2raw()
 	PostUp = ip rule add to $SUBNET.0/24 lookup 51820
 	PostUp = ip rule del not fwmark 51820 lookup 51820
 	PostUp = sysctl net.ipv4.ip_forward=1
-	PostUp = systemctl restart dnsmasq
+	#PostUp = systemctl restart dnsmasq
 	PostDown = killall udp2raw || echo "no udp2raw"
 	PostDown = iptables -D POSTROUTING -t mangle -p tcp --tcp-flags SYN,RST SYN -o %i -j TCPMSS  --clamp-mss-to-pmtu
 	PostDown = iptables -t mangle -D OUTPUT -m set --match-set gfwlist dst -j  MARK  --set-mark 2222