Last active
April 17, 2024 06:23
-
-
Save heyeshuang/0054c73e3f2762f12a16165a5cfe8213 to your computer and use it in GitHub Desktop.
与NATMap配合的Wireguard脚本
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Interface] | |
PrivateKey = aD4SfpM2APKsfAR5zfLBmzblZVWnESe0GD+CEdXooXU= | |
Address = 192.168.2.2/24 | |
[Peer] | |
PublicKey = lkc17GQJmqMILdh4jnvOalN8dSNIJY2EXDjuZWFssxc= | |
AllowedIPs = 0.0.0.0/0 | |
Endpoint = wg.example.com:0 #dynamicEndpoint |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
host=wg.example.com #绑定的域名 | |
raw=$(dig +short -t aaaa $host) | |
port=$((0x$(echo ${raw} | awk -F: '{ print $3 }'))) | |
ipab=$((0x$(echo ${raw} | awk -F: '{ print $4 }'))) | |
ipcd=$((0x$(echo ${raw} | awk -F: '{ print $5 }'))) | |
ipa=$((${ipab} >> 8)) | |
ipb=$((${ipab} & 0xff)) | |
ipc=$((${ipcd} >> 8)) | |
ipd=$((${ipcd} & 0xff)) | |
echo ${ipa}.${ipb}.${ipc}.${ipd}:${port} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param ( | |
[switch]$up = $false, | |
[switch]$down = $false | |
) | |
$Hostname = "wg.example.com" # 绑定的域名,AAAA记录应为2001::bbbb:cccc:dddd | |
$configFile = "nat.conf" # 本地文件名 | |
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { | |
throw "This script must be run with administrative privileges." | |
} | |
Push-Location $PSScriptRoot | |
if ($up) { | |
if (Get-Service WireGuardTunnel*) { | |
Write-Host "Stopping previous tunnel..." | |
wireguard.exe /uninstalltunnelservice $configFile.Split(".")[0] | |
Start-Sleep -Seconds 3 | |
} | |
$dnsRecord = Resolve-DnsName -Name $Hostname | |
$ipv6Address = $dnsRecord.IPAddress | |
if ($ipv6Address -match "2001::(\w+):(\w+):(\w+)") { | |
$bbbbHex = $matches[1] | |
$ccccHex = $matches[2] | |
$ddddHex = $matches[3] | |
} | |
else { | |
throw "Wrong Address: [$($ipv6Address)] is Not a [2001::] Address" | |
} | |
# Convert bbbb to decimal | |
$port = [Convert]::ToUInt32($bbbbHex, 16) | |
$ipa = [Convert]::ToInt32($ccccHex, 16) -shr 8 | |
$ipb = [Convert]::ToInt32($ccccHex, 16) -band 0xff | |
$ipc = [Convert]::ToInt32($ddddHex, 16) -shr 8 | |
$ipd = [Convert]::ToInt32($ddddHex, 16) -band 0xff | |
$ipport = "$($ipa).$($ipb).$($ipc).$($ipd):$($port)" | |
Write-Host "Resolved IP Address: $($ipport)" | |
$content = Get-Content -Path $configFile | |
$content | ForEach-Object { | |
if (($_ -like '*dynamicEndpoint*')) { | |
$_ = "Endpoint = $($ipport) #dynamicEndpoint" | |
} | |
$_ | |
} | Set-Content -Path $configFile | |
$absolutePath = (Resolve-Path $configFile).Path | |
Write-Host "Starting tunnel..." | |
wireguard.exe /installtunnelservice $absolutePath | |
Start-Sleep -Seconds 3 | |
Write-Host "Done. Current Running Service:" | |
Write-Host $(Get-Service WireGuardTunnel*) | |
} | |
elseif ($down) { | |
Write-Host "Stopping previous tunnel..." | |
wireguard.exe /uninstalltunnelservice $configFile.Split(".")[0] | |
Start-Sleep -Seconds 3 | |
Write-Host "Done. Current Running Service:" | |
Write-Host $(Get-Service WireGuardTunnel*) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment