heyeshuang/nat.conf

## nat.conf
[Interface]
PrivateKey = aD4SfpM2APKsfAR5zfLBmzblZVWnESe0GD+CEdXooXU=
Address = 192.168.2.2/24

[Peer]
PublicKey = lkc17GQJmqMILdh4jnvOalN8dSNIJY2EXDjuZWFssxc=
AllowedIPs = 0.0.0.0/0
Endpoint =  wg.example.com:0 #dynamicEndpoint

## nm-echo.sh
#!/bin/sh

host=wg.example.com #绑定的域名
raw=$(dig +short -t aaaa $host)
port=$((0x$(echo ${raw} | awk -F: '{ print $3 }')))
ipab=$((0x$(echo ${raw} | awk -F: '{ print $4 }')))
ipcd=$((0x$(echo ${raw} | awk -F: '{ print $5 }')))
ipa=$((${ipab} >> 8))
ipb=$((${ipab} & 0xff))
ipc=$((${ipcd} >> 8))
ipd=$((${ipcd} & 0xff))
echo ${ipa}.${ipb}.${ipc}.${ipd}:${port}


## wg.ps1
param (
    [switch]$up = $false,
    [switch]$down = $false
)

$Hostname = "wg.example.com" # 绑定的域名，AAAA记录应为2001::bbbb:cccc:dddd
$configFile = "nat.conf" # 本地文件名

if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    throw "This script must be run with administrative privileges."
}

Push-Location $PSScriptRoot
if ($up) {
    if (Get-Service WireGuardTunnel*) {
        Write-Host "Stopping previous tunnel..."
        wireguard.exe /uninstalltunnelservice $configFile.Split(".")[0]
        Start-Sleep -Seconds 3
    }
    $dnsRecord = Resolve-DnsName -Name $Hostname
    $ipv6Address = $dnsRecord.IPAddress

    if ($ipv6Address -match "2001::(\w+):(\w+):(\w+)") {
        $bbbbHex = $matches[1]
        $ccccHex = $matches[2]
        $ddddHex = $matches[3]
    }
    else {
        throw "Wrong Address: [$($ipv6Address)] is Not a [2001::] Address"
    }

    # Convert bbbb to decimal
    $port = [Convert]::ToUInt32($bbbbHex, 16)
    $ipa = [Convert]::ToInt32($ccccHex, 16) -shr 8
    $ipb = [Convert]::ToInt32($ccccHex, 16) -band 0xff
    $ipc = [Convert]::ToInt32($ddddHex, 16) -shr 8
    $ipd = [Convert]::ToInt32($ddddHex, 16) -band 0xff
    $ipport = "$($ipa).$($ipb).$($ipc).$($ipd):$($port)"
    Write-Host "Resolved IP Address: $($ipport)"
    $content = Get-Content -Path $configFile
    $content | ForEach-Object {
        if (($_ -like '*dynamicEndpoint*')) {
            $_ = "Endpoint = $($ipport) #dynamicEndpoint"
        }
        $_
    } | Set-Content -Path $configFile
    $absolutePath = (Resolve-Path $configFile).Path
    Write-Host "Starting tunnel..."
    wireguard.exe /installtunnelservice $absolutePath
    Start-Sleep -Seconds 3
    Write-Host "Done. Current Running Service:"
    Write-Host $(Get-Service WireGuardTunnel*)
}
elseif ($down) {
    Write-Host "Stopping previous tunnel..."
    wireguard.exe /uninstalltunnelservice $configFile.Split(".")[0]
    Start-Sleep -Seconds 3
    Write-Host "Done. Current Running Service:"
    Write-Host $(Get-Service WireGuardTunnel*)
}
	[Interface]
	PrivateKey = aD4SfpM2APKsfAR5zfLBmzblZVWnESe0GD+CEdXooXU=
	Address = 192.168.2.2/24

	[Peer]
	PublicKey = lkc17GQJmqMILdh4jnvOalN8dSNIJY2EXDjuZWFssxc=
	AllowedIPs = 0.0.0.0/0
	Endpoint = wg.example.com:0 #dynamicEndpoint
	#!/bin/sh

	host=wg.example.com #绑定的域名
	raw=$(dig +short -t aaaa $host)
	port=$((0x$(echo ${raw} \| awk -F: '{ print $3 }')))
	ipab=$((0x$(echo ${raw} \| awk -F: '{ print $4 }')))
	ipcd=$((0x$(echo ${raw} \| awk -F: '{ print $5 }')))
	ipa=$((${ipab} >> 8))
	ipb=$((${ipab} & 0xff))
	ipc=$((${ipcd} >> 8))
	ipd=$((${ipcd} & 0xff))
	echo ${ipa}.${ipb}.${ipc}.${ipd}:${port}
	param (
	[switch]$up = $false,
	[switch]$down = $false
	)

	$Hostname = "wg.example.com" # 绑定的域名，AAAA记录应为2001::bbbb:cccc:dddd
	$configFile = "nat.conf" # 本地文件名

	if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
	throw "This script must be run with administrative privileges."
	}

	Push-Location $PSScriptRoot
	if ($up) {
	if (Get-Service WireGuardTunnel*) {
	Write-Host "Stopping previous tunnel..."
	wireguard.exe /uninstalltunnelservice $configFile.Split(".")[0]
	Start-Sleep -Seconds 3
	}
	$dnsRecord = Resolve-DnsName -Name $Hostname
	$ipv6Address = $dnsRecord.IPAddress

	if ($ipv6Address -match "2001::(\w+):(\w+):(\w+)") {
	$bbbbHex = $matches[1]
	$ccccHex = $matches[2]
	$ddddHex = $matches[3]
	}
	else {
	throw "Wrong Address: [$($ipv6Address)] is Not a [2001::] Address"
	}

	# Convert bbbb to decimal
	$port = [Convert]::ToUInt32($bbbbHex, 16)
	$ipa = [Convert]::ToInt32($ccccHex, 16) -shr 8
	$ipb = [Convert]::ToInt32($ccccHex, 16) -band 0xff
	$ipc = [Convert]::ToInt32($ddddHex, 16) -shr 8
	$ipd = [Convert]::ToInt32($ddddHex, 16) -band 0xff
	$ipport = "$($ipa).$($ipb).$($ipc).$($ipd):$($port)"
	Write-Host "Resolved IP Address: $($ipport)"
	$content = Get-Content -Path $configFile
	$content \| ForEach-Object {
	if (($_ -like 'dynamicEndpoint')) {
	$_ = "Endpoint = $($ipport) #dynamicEndpoint"
	}
	$_
	} \| Set-Content -Path $configFile
	$absolutePath = (Resolve-Path $configFile).Path
	Write-Host "Starting tunnel..."
	wireguard.exe /installtunnelservice $absolutePath
	Start-Sleep -Seconds 3
	Write-Host "Done. Current Running Service:"
	Write-Host $(Get-Service WireGuardTunnel*)
	}
	elseif ($down) {
	Write-Host "Stopping previous tunnel..."
	wireguard.exe /uninstalltunnelservice $configFile.Split(".")[0]
	Start-Sleep -Seconds 3
	Write-Host "Done. Current Running Service:"
	Write-Host $(Get-Service WireGuardTunnel*)
	}