下载wgcf

https://github.com/ViRb3/wgcf

wget https://github.com/ViRb3/wgcf/releases/download/v2.1.4/wgcf_2.1.4_linux_amd64

重命名

mv wgcf_2.1.4_linux_amd64 wgcf

授予执行权限

chmod +x wgcf

注册

./wgcf register

安装wireguard

apt update && apt install sudo net-tools openresolv wireguard -y

创建wireguard配置

./wgcf generate

修改配置文件

cp wgcf-profile.conf wg0.conf
vim wg0.conf

修改

Address = 192.168.100.2/32

删除AllowedIPs = 0.0.0.0/0

Endpoint = 162.159.192.1:2408

获取IPV6段

如果原有IPV6,需要将网段路由到main表,首先获取IPV6段

ip -6 route

将IPV6段加入到规则中

PostUp = ip -6 rule add from IPV6 table main
PostDown = ip -6 rule delete from IPV6 table main

移动到配置文件目录

mv wg0.conf /etc/wireguard/wg0.conf

生成wireguard KEY

wg genkey | tee private key | wg pubkey > publickey

修改systemd文件

vim /lib/systemd/system/[email protected]

插入

在“Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity ”这行的下方,插入一行

Environment=WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1

加载内核

apt-get install wireguard-dkms
modprobe wireguard
lsmod | grep wireguard

启用

wg-quick up wg0
wg-quick down wg0
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
wg

补充教程一

由于某广告公司认为该页没有内容,所以补充几个不同教程

先参考官网教程装好 Wireguard
https://www.wireguard.com/install/

生成 Wireguard 的客户端密钥

wg genkey | tee privatekey | wg pubkey > publickey
export PUBLIC_KEY=$(<publickey)
export PRIVATE_KEY=$(<privatekey)

提交 PublicKey 注册

export INSTALL_ID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 11 | head -n 1)
export FCM_TOKEN="${INSTALL_ID}:$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 140 | head -n 1)"
# 这个 Referrer 是我的,换成自己的也行。不带Referrer没有初始的1G流量,会导致连不上服务器。
export REFERRER="6e0602ac-02a0-4163-8321-e92a52c8aaf4"

curl -s -X POST \
  --url https://api.cloudflareclient.com/v0a745/reg \
  --header 'content-type: application/json' \
  --data "{
        \"key\": \"${PUBLIC_KEY}\",
        \"install_id\": \"${INSTALL_ID}\",
        \"fcm_token\": \"${FCM_TOKEN}\",
        \"referrer\": \"${REFERRER}\",
        \"warp_enabled\": true,
        \"tos\": \"2019-09-26T19:58:46.963-07:00\",
        \"type\": \"Android\",
        \"locale\": \"en_US\"
}" | python -m json.tool

响应中的 public_key 是服务器公钥,endpoint 是连接地址。暂时是一样的。

写入配置文件

mkdir /etc/wireguard
cat <> /etc/wireguard/wg0.conf
[Interface]
Address = 172.16.0.2
# PublicKey = ${PUBLIC_KEY}
PrivateKey = ${PRIVATE_KEY}

[Peer]
Endpoint = engage.cloudflareclient.com:2408
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
# 允许通过 Tunnel 连接的IP段 / (使用 wg-quick 启动时) 要走代理的IP段
AllowedIPs = 172.16.0.0/24, 1.1.1.1/32, 172.217.0.0/16
EOF

连接

wg-quick up wg0

 

连上之后 1.1.1.1/32 和 172.217.0.0/16 就会自动走代理了
后面那个是Google的IP段,随便找一个IP测试下就知道有没有成功了。(例如 172.217.0.36)

wg show 命令显示的信息

另外网关上还有个HTTP代理。现在的地址是 172.16.0.1:2480,可以在注册响应里看到

拿curl测试一下,会返回出口IP。

http_proxy=http://172.16.0.1:2480 curl ip.sb

补充教程二

https://github.com/ViRb3/wgcf

Usage

Run wgcf in a terminal without any arguments to display the help screen. All commands and parameters are documented.

Register new account

Run the following command in a terminal:

wgcf register

The new account will be saved under wgcf-account.toml

Generate WireGuard profile

Run the following command in a terminal:

wgcf generate

The WireGuard profile will be saved under wgcf-profile.conf. For more information on how to use it, please check the official WireGuard Quick Start.

Maximum transmission unit (MTU)

To ensure maximum compatibility, the generated profile will have a MTU of 1280, just like the official Android app. If you are experiencing performance issues, you may be able to improve your speed by increasing this value. For more information, please check #40.

Change license key

If you have an existing Warp+ subscription, for an example on your phone, you can bind the account generated by this tool to your phone's account, sharing its Warp+ status. Please note that there is a current limit of maximum 5 linked devices active at a time.

⚠️ This device's private key will be changed!

First, get your Warp+ account license key. To view it on Android:

  1. Open the 1.1.1.1 app
  2. Click on the hamburger menu button on the top-right corner
  3. Navigate to: Account > Key

Edit wgcf-account.toml directly with the new license key and run:

wgcf update

or, using an environment variable:

WGCF_LICENSE_KEY="123412341234" wgcf update

The license will be applied, and a new private key will be created for your account. Regenerate your WireGuard configuration and use the new private key.

Check device status

Run the following command in a terminal:

wgcf status

Verify Warp/Warp+ works

Connect to the WireGuard profile generated by this tool, then run:

wgcf trace

If you look at the last line, it should say warp=on or warp=plus, depending on whether you have Warp or Warp+ respectively.

补充教程三

node脚本生成CF Warp对应的WireGuard配置文件

脚本地址:

https://github.com/yyuueexxiinngg/some-scripts/blob/master/cloudflare/warp2wireguard.js

使用方法:
在WireGuard中选择手动添加来生成一对密钥, 获取方法: https://i.loli.net/2019/09/28/8QTJzYjlpbg4noF.jpg
把Public Key和Private Key分别填入脚本中运行
然后把生成的配置文件导入WireGuard就行, Allow ip可以自行根据需要修改

warp-conf.json中保存了口令供之后重新获取配置和查询流量使用

怎样获取剩余流量? 运行

node warp2wireguard.js q

或者直接再次运行脚本

这里贴出中文版代码:

node warp2wireguard.js
const publicKey = "Public Key复制到这里";
const privateKey = "Private Key复制到这里";
const referrer = "Referrer ID复制到这里获取1G流量直接启用Warp+";

if (!publicKey.endsWith("=") || !privateKey.endsWith("=")) {
  console.error("请正确填写密钥.");
  process.exit(1);
}

const https = require("https");
const zlib = require("zlib");
const fs = require("fs");
const util = require("util");

let warpConf = null;

async function run() {
  let userData = {};

  if (fs.existsSync("./warp-conf.json")) {
    warpConf = JSON.parse(fs.readFileSync("./warp-conf.json").toString());
  } else {
    warpConf = {
      id: null,
      publicKey: publicKey, // WireGuard pubic key
      token: null, // Cloudflare access token
      isWarpPlusEnabled: null
    };
  }

  if (!warpConf.id) {
    console.log("未读取到保存信息, 正在注册新帐号中...");
    userData = await reg();
    console.log("注册成功:");
    console.log(util.inspect(userData, false, null, true));
  } else {
    console.log("正在获取用户信息...");
    const res = await getInfo(warpConf.id, warpConf.token);
    userData = res.result;
    if (
      !warpConf.isWarpPlusEnablsed && // If saved record indicate using free version of Cloudflare Warp
      userData.account &&
      (userData.account.premium_data || data.account.warp_plus)
    ) {
      warpConf.isWarpPlusEnabled = true;
      fs.writeFileSync("./warp-conf.json", JSON.stringify(warpConf));
    }
    console.log("成功获取用户信息:");
    if (process.argv[2] && process.argv[2] === "q") {
      if (warpConf.isWarpPlusEnabled) {
        console.log(
          "\x1b[36m%s\x1b[0m",
          "WARP PLUS剩余流量:",
          userData.account.quota / 1000000000,
          "GB"
        );
      } else {
        console.log(
          "\x1b[36m%s\x1b[0m",
          "您正在使用Cloudflare免费版Warp, 没有流量限制, 您可用自己的ID分享1.1.1.1来获取流量以升级到Warp Plus."
        );
      }
      process.exit(0);
    }
    console.log(util.inspect(userData, false, null, true));
  }

  const wireGuardConf = `
[Interface]
PrivateKey = ${privateKey}
# PublicKey = ${publicKey}
Address = ${userData.config.interface.addresses.v4}
# Address = ${userData.config.interface.addresses.v6}
DNS = 1.1.1.1

[Peer]
PublicKey = ${userData.config.peers[0].public_key}
Endpoint = ${userData.config.peers[0].endpoint.v4}
# Endpoint = ${userData.config.peers[0].endpoint.v6}
# Endpoint = ${userData.config.peers[0].endpoint.host}
AllowedIPs = 0.0.0.0/0
`;

  console.log("Config: ");
  console.log(wireGuardConf);
  fs.writeFileSync("./wireguard-cloudflare-warp.conf", wireGuardConf);
  console.log(
    "Config saved, check wireguard-cloudflare-warp.conf in current dir."
  );

  if (warpConf.isWarpPlusEnabled) {
    console.log(
      "\x1b[36m%s\x1b[0m",
      "WARP PLUS剩余流量:",
      userData.account.quota / 1000000000,
      "GB"
    );
  } else {
    console.log(
      "\x1b[36m%s\x1b[0m",
      "您正在使用Cloudflare免费版Warp, 没有流量限制, 您可用自己的ID分享1.1.1.1来获取流量以升级到Warp Plus."
    );
  }
}

async function getInfo(id, token) {
  return new Promise(async resolve => {
    const result = await httpRequest({
      hostname: "api.cloudflareclient.com",
      port: 443,
      path: `/v0i1909221500/reg/${id}`,
      method: "GET",
      headers: {
        Accept: "*/*",
        Authorization: `Bearer ${token}`,
        Host: "api.cloudflareclient.com",
        "Accept-Encoding": "gzip",
        "Accept-Language": "Language",
        "User-Agent": "1.1.1.1/1909221500.1 CFNetwork/978.0.7 Darwin/18.7.0"
      }
    });

    if (result.success) {
      const data = result.payload;
      resolve(data);
    } else {
      console.error("获取用户信息失败.");
      process.exit(1);
    }
  });
}

async function reg() {
  return new Promise(async resolve => {
    const install_id = genString(11);
    const postData = {
      key: publicKey,
      install_id: install_id,
      fcm_token: `${install_id}:APA91b${genString(134)}`,
      referrer: /^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/.test(
        referrer
      )
        ? referrer
        : "",
      warp_enabled: true,
      tos: new Date().toISOString().replace("Z", "+08:00"),
      type: "Android",
      locale: "en_US"
    };

    const result = await httpRequest(
      {
        hostname: "api.cloudflareclient.com",
        port: 443,
        path: "/v0a745/reg",
        method: "POST",
        headers: {
          "Content-Type": "application/json",
          Host: "api.cloudflareclient.com",
          Connection: "Keep-Alive",
          "Accept-Encoding": "gzip",
          "User-Agent": "okhttp/3.12.1"
        }
      },
      postData
    );

    if (result.success) {
      const data = result.payload;
      warpConf.id = data.id;
      warpConf.token = data.token;

      if (data.account && (data.account.premium_data || data.account.warp_plus))
        warpConf.isWarpPlusEnabled = true;

      fs.writeFileSync("./warp-conf.json", JSON.stringify(warpConf));

      resolve(data);
    } else {
      console.error("注册帐号失败.");
      process.exit(1);
    }
  });
}

function httpRequest(options, data = undefined) {
  return new Promise(resolve => {
    const bodyString = data ? JSON.stringify(data) : data;
    const req = https.request(options, res => {
      const gzip = zlib.createGunzip();
      const buffer = [];
      res.pipe(gzip);
      gzip
        .on("data", function(data) {
          buffer.push(data.toString());
        })
        .on("end", function() {
          const res = JSON.parse(buffer.join(""));
          resolve({ success: true, payload: res });
        })
        .on("error", function(e) {
          resolve({ success: false, payload: e });
        });
    });

    req.on("error", e => {
      resolve({ success: false, payload: e });
    });

    if (bodyString) req.write(bodyString);
    req.end();
  });
}

function genString(length) {
  // https://gist.github.com/6174/6062387#gistcomment-2651745
  return [...Array(length)]
    .map(i => (~~(Math.random() * 36)).toString(36))
    .join("");
}

run();
// Original link: https://github.com/yyuueexxiinngg/some-scripts/blob/master/cloudflare/warp2wireguard.js

补充教程四

Cloudflare WARP+ 快速获取流量与生成WireGuard配置

https://lib.im/share/cloudflare-warp