目录
下载wgcf
https://github.com/ViRb3/wgcf
wget https://github.com/ViRb3/wgcf/releases/download/v2.1.4/wgcf_2.1.4_linux_amd64
重命名
mv wgcf_2.1.4_linux_amd64 wgcf
授予执行权限
chmod +x wgcf
注册
./wgcf register
安装wireguard
apt update && apt install sudo net-tools openresolv wireguard -y
创建wireguard配置
./wgcf generate
修改配置文件
cp wgcf-profile.conf wg0.conf
vim wg0.conf
修改
Address = 192.168.100.2/32
删除AllowedIPs = 0.0.0.0/0
Endpoint = 162.159.192.1:2408
获取IPV6段
如果原有IPV6,需要将网段路由到main表,首先获取IPV6段
ip -6 route
将IPV6段加入到规则中
PostUp = ip -6 rule add from IPV6 table main
PostDown = ip -6 rule delete from IPV6 table main
移动到配置文件目录
mv wg0.conf /etc/wireguard/wg0.conf
生成wireguard KEY
wg genkey | tee private key | wg pubkey > publickey
修改systemd文件
vim /lib/systemd/system/[email protected]
插入
在“Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity ”这行的下方,插入一行
Environment=WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1
加载内核
apt-get install wireguard-dkms
modprobe wireguard
lsmod | grep wireguard
启用
wg-quick up wg0
wg-quick down wg0
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
wg
补充教程一
由于某广告公司认为该页没有内容,所以补充几个不同教程
先参考官网教程装好 Wireguard
https://www.wireguard.com/install/
生成 Wireguard 的客户端密钥
wg genkey | tee privatekey | wg pubkey > publickey
export PUBLIC_KEY=$(<publickey)
export PRIVATE_KEY=$(<privatekey)
提交 PublicKey 注册
export INSTALL_ID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 11 | head -n 1)
export FCM_TOKEN="${INSTALL_ID}:$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 140 | head -n 1)"
# 这个 Referrer 是我的,换成自己的也行。不带Referrer没有初始的1G流量,会导致连不上服务器。
export REFERRER="6e0602ac-02a0-4163-8321-e92a52c8aaf4"
curl -s -X POST \
--url https://api.cloudflareclient.com/v0a745/reg \
--header 'content-type: application/json' \
--data "{
\"key\": \"${PUBLIC_KEY}\",
\"install_id\": \"${INSTALL_ID}\",
\"fcm_token\": \"${FCM_TOKEN}\",
\"referrer\": \"${REFERRER}\",
\"warp_enabled\": true,
\"tos\": \"2019-09-26T19:58:46.963-07:00\",
\"type\": \"Android\",
\"locale\": \"en_US\"
}" | python -m json.tool
响应中的 public_key 是服务器公钥,endpoint 是连接地址。暂时是一样的。
写入配置文件
mkdir /etc/wireguard
cat <> /etc/wireguard/wg0.conf
[Interface]
Address = 172.16.0.2
# PublicKey = ${PUBLIC_KEY}
PrivateKey = ${PRIVATE_KEY}
[Peer]
Endpoint = engage.cloudflareclient.com:2408
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
# 允许通过 Tunnel 连接的IP段 / (使用 wg-quick 启动时) 要走代理的IP段
AllowedIPs = 172.16.0.0/24, 1.1.1.1/32, 172.217.0.0/16
EOF
连接
wg-quick up wg0
连上之后 1.1.1.1/32 和 172.217.0.0/16 就会自动走代理了
后面那个是Google的IP段,随便找一个IP测试下就知道有没有成功了。(例如 172.217.0.36)
wg show 命令显示的信息
另外网关上还有个HTTP代理。现在的地址是 172.16.0.1:2480,可以在注册响应里看到
拿curl测试一下,会返回出口IP。
http_proxy=http://172.16.0.1:2480 curl ip.sb
补充教程二
Usage
Run wgcf
in a terminal without any arguments to display the help screen. All commands and parameters are documented.
Register new account
Run the following command in a terminal:
wgcf register
The new account will be saved under wgcf-account.toml
Generate WireGuard profile
Run the following command in a terminal:
wgcf generate
The WireGuard profile will be saved under wgcf-profile.conf
. For more information on how to use it, please check the official WireGuard Quick Start.
Maximum transmission unit (MTU)
To ensure maximum compatibility, the generated profile will have a MTU of 1280, just like the official Android app. If you are experiencing performance issues, you may be able to improve your speed by increasing this value. For more information, please check #40.
Change license key
If you have an existing Warp+ subscription, for an example on your phone, you can bind the account generated by this tool to your phone's account, sharing its Warp+ status. Please note that there is a current limit of maximum 5 linked devices active at a time.
⚠️ This device's private key will be changed!
First, get your Warp+ account license key. To view it on Android:
- Open the
1.1.1.1
app - Click on the hamburger menu button on the top-right corner
- Navigate to:
Account
>Key
Edit wgcf-account.toml
directly with the new license key and run:
wgcf update
or, using an environment variable:
WGCF_LICENSE_KEY="123412341234" wgcf update
The license will be applied, and a new private key will be created for your account. Regenerate your WireGuard configuration and use the new private key.
Check device status
Run the following command in a terminal:
wgcf status
Verify Warp/Warp+ works
Connect to the WireGuard profile generated by this tool, then run:
wgcf trace
If you look at the last line, it should say warp=on
or warp=plus
, depending on whether you have Warp or Warp+ respectively.
补充教程三
node脚本生成CF Warp对应的WireGuard配置文件
脚本地址:
https://github.com/yyuueexxiinngg/some-scripts/blob/master/cloudflare/warp2wireguard.js
使用方法:
在WireGuard中选择手动添加来生成一对密钥, 获取方法: https://i.loli.net/2019/09/28/8QTJzYjlpbg4noF.jpg
把Public Key和Private Key分别填入脚本中运行
然后把生成的配置文件导入WireGuard就行, Allow ip可以自行根据需要修改
warp-conf.json中保存了口令供之后重新获取配置和查询流量使用
怎样获取剩余流量? 运行
node warp2wireguard.js q
或者直接再次运行脚本
这里贴出中文版代码:
node warp2wireguard.js |
const publicKey = "Public Key复制到这里";
const privateKey = "Private Key复制到这里";
const referrer = "Referrer ID复制到这里获取1G流量直接启用Warp+";
if (!publicKey.endsWith("=") || !privateKey.endsWith("=")) {
console.error("请正确填写密钥.");
process.exit(1);
}
const https = require("https");
const zlib = require("zlib");
const fs = require("fs");
const util = require("util");
let warpConf = null;
async function run() {
let userData = {};
if (fs.existsSync("./warp-conf.json")) {
warpConf = JSON.parse(fs.readFileSync("./warp-conf.json").toString());
} else {
warpConf = {
id: null,
publicKey: publicKey, // WireGuard pubic key
token: null, // Cloudflare access token
isWarpPlusEnabled: null
};
}
if (!warpConf.id) {
console.log("未读取到保存信息, 正在注册新帐号中...");
userData = await reg();
console.log("注册成功:");
console.log(util.inspect(userData, false, null, true));
} else {
console.log("正在获取用户信息...");
const res = await getInfo(warpConf.id, warpConf.token);
userData = res.result;
if (
!warpConf.isWarpPlusEnablsed && // If saved record indicate using free version of Cloudflare Warp
userData.account &&
(userData.account.premium_data || data.account.warp_plus)
) {
warpConf.isWarpPlusEnabled = true;
fs.writeFileSync("./warp-conf.json", JSON.stringify(warpConf));
}
console.log("成功获取用户信息:");
if (process.argv[2] && process.argv[2] === "q") {
if (warpConf.isWarpPlusEnabled) {
console.log(
"\x1b[36m%s\x1b[0m",
"WARP PLUS剩余流量:",
userData.account.quota / 1000000000,
"GB"
);
} else {
console.log(
"\x1b[36m%s\x1b[0m",
"您正在使用Cloudflare免费版Warp, 没有流量限制, 您可用自己的ID分享1.1.1.1来获取流量以升级到Warp Plus."
);
}
process.exit(0);
}
console.log(util.inspect(userData, false, null, true));
}
const wireGuardConf = `
[Interface]
PrivateKey = ${privateKey}
# PublicKey = ${publicKey}
Address = ${userData.config.interface.addresses.v4}
# Address = ${userData.config.interface.addresses.v6}
DNS = 1.1.1.1
[Peer]
PublicKey = ${userData.config.peers[0].public_key}
Endpoint = ${userData.config.peers[0].endpoint.v4}
# Endpoint = ${userData.config.peers[0].endpoint.v6}
# Endpoint = ${userData.config.peers[0].endpoint.host}
AllowedIPs = 0.0.0.0/0
`;
console.log("Config: ");
console.log(wireGuardConf);
fs.writeFileSync("./wireguard-cloudflare-warp.conf", wireGuardConf);
console.log(
"Config saved, check wireguard-cloudflare-warp.conf in current dir."
);
if (warpConf.isWarpPlusEnabled) {
console.log(
"\x1b[36m%s\x1b[0m",
"WARP PLUS剩余流量:",
userData.account.quota / 1000000000,
"GB"
);
} else {
console.log(
"\x1b[36m%s\x1b[0m",
"您正在使用Cloudflare免费版Warp, 没有流量限制, 您可用自己的ID分享1.1.1.1来获取流量以升级到Warp Plus."
);
}
}
async function getInfo(id, token) {
return new Promise(async resolve => {
const result = await httpRequest({
hostname: "api.cloudflareclient.com",
port: 443,
path: `/v0i1909221500/reg/${id}`,
method: "GET",
headers: {
Accept: "*/*",
Authorization: `Bearer ${token}`,
Host: "api.cloudflareclient.com",
"Accept-Encoding": "gzip",
"Accept-Language": "Language",
"User-Agent": "1.1.1.1/1909221500.1 CFNetwork/978.0.7 Darwin/18.7.0"
}
});
if (result.success) {
const data = result.payload;
resolve(data);
} else {
console.error("获取用户信息失败.");
process.exit(1);
}
});
}
async function reg() {
return new Promise(async resolve => {
const install_id = genString(11);
const postData = {
key: publicKey,
install_id: install_id,
fcm_token: `${install_id}:APA91b${genString(134)}`,
referrer: /^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/.test(
referrer
)
? referrer
: "",
warp_enabled: true,
tos: new Date().toISOString().replace("Z", "+08:00"),
type: "Android",
locale: "en_US"
};
const result = await httpRequest(
{
hostname: "api.cloudflareclient.com",
port: 443,
path: "/v0a745/reg",
method: "POST",
headers: {
"Content-Type": "application/json",
Host: "api.cloudflareclient.com",
Connection: "Keep-Alive",
"Accept-Encoding": "gzip",
"User-Agent": "okhttp/3.12.1"
}
},
postData
);
if (result.success) {
const data = result.payload;
warpConf.id = data.id;
warpConf.token = data.token;
if (data.account && (data.account.premium_data || data.account.warp_plus))
warpConf.isWarpPlusEnabled = true;
fs.writeFileSync("./warp-conf.json", JSON.stringify(warpConf));
resolve(data);
} else {
console.error("注册帐号失败.");
process.exit(1);
}
});
}
function httpRequest(options, data = undefined) {
return new Promise(resolve => {
const bodyString = data ? JSON.stringify(data) : data;
const req = https.request(options, res => {
const gzip = zlib.createGunzip();
const buffer = [];
res.pipe(gzip);
gzip
.on("data", function(data) {
buffer.push(data.toString());
})
.on("end", function() {
const res = JSON.parse(buffer.join(""));
resolve({ success: true, payload: res });
})
.on("error", function(e) {
resolve({ success: false, payload: e });
});
});
req.on("error", e => {
resolve({ success: false, payload: e });
});
if (bodyString) req.write(bodyString);
req.end();
});
}
function genString(length) {
// https://gist.github.com/6174/6062387#gistcomment-2651745
return [...Array(length)]
.map(i => (~~(Math.random() * 36)).toString(36))
.join("");
}
run();
// Original link: https://github.com/yyuueexxiinngg/some-scripts/blob/master/cloudflare/warp2wireguard.js
补充教程四
Cloudflare WARP+ 快速获取流量与生成WireGuard配置
https://lib.im/share/cloudflare-warp