From 57ba7998167b5456a419fc13380b5aa5692206f8 Mon Sep 17 00:00:00 2001
From: Josh Yu <bosscoder@users.noreply.github.com>
Date: Mon, 24 Dec 2018 22:43:45 -0800
Subject: [PATCH 01/24] Fixed script bug

Added missing -y flag for apt-get command to make the script fully automated.
---
 kms.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kms.sh b/kms.sh
index f036ead..66f9999 100644
--- a/kms.sh
+++ b/kms.sh
@@ -147,7 +147,7 @@ install_main() {
         fi
     elif [[ x"${release}" == x"debian" || x"${release}" == x"ubuntu" ]]; then
         apt-get -y update
-        apt-get install gcc git make libnss3 curl libcurl3-nss
+        apt-get install -y gcc git make libnss3 curl libcurl3-nss
         if ! wget --no-check-certificate -O /etc/init.d/kms https://raw.githubusercontent.com/teddysun/across/master/kms-debian; then
             echo -e "[${red}Error:${plain}] Failed to download KMS Server script."
             exit 1

From f95b092c85020e0998c1c1c262195d13f5dbba31 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Sun, 13 Jan 2019 23:38:22 +0900
Subject: [PATCH 02/24] Update Dockerfile

Signed-off-by: Teddysun <i@teddysun.com>
---
 docker/l2tp/alpine/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/l2tp/alpine/Dockerfile b/docker/l2tp/alpine/Dockerfile
index db3b106..17f5395 100644
--- a/docker/l2tp/alpine/Dockerfile
+++ b/docker/l2tp/alpine/Dockerfile
@@ -1,7 +1,7 @@
 # Dockerfile for L2TP/IPSec VPN Server based alpine
-# Copyright (C) 2018 Teddysun <i@teddysun.com>
+# Copyright (C) 2019 Teddysun <i@teddysun.com>
 
-FROM alpine:latest
+FROM alpine:edge
 LABEL maintainer="Teddysun <i@teddysun.com>"
 
 RUN apk add -U openssl libreswan xl2tpd ppp-l2tp \

From 29cce42696b46b8e88df29df22df564b700ea27d Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Sun, 13 Jan 2019 23:40:05 +0900
Subject: [PATCH 03/24] Update README.md

Signed-off-by: Teddysun <i@teddysun.com>
---
 Readme.md => README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename Readme.md => README.md (97%)

diff --git a/Readme.md b/README.md
similarity index 97%
rename from Readme.md
rename to README.md
index e8817e4..0cf316b 100644
--- a/Readme.md
+++ b/README.md
@@ -87,4 +87,4 @@ pptp.sh(Deprecated, DO NOT USE)
 - Description: Auto Install PPTP for CentOS 6
 - Intro: https://teddysun.com/134.html
 
-Copyright (C) 2013-2018 Teddysun <i@teddysun.com>
+Copyright (C) 2013-2019 Teddysun <i@teddysun.com>

From f9c689512d3c56b545450cdd9ae89770d96f7eda Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Sun, 13 Jan 2019 23:49:34 +0900
Subject: [PATCH 04/24] Update README.md

Signed-off-by: Teddysun <i@teddysun.com>
---
 docker/l2tp/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/l2tp/README.md b/docker/l2tp/README.md
index 434bfcd..2ced3a2 100644
--- a/docker/l2tp/README.md
+++ b/docker/l2tp/README.md
@@ -2,9 +2,9 @@
 
 Docker image to run a L2TP/IPsec VPN Server, with both `L2TP/IPsec PSK` and `IPSec Xauth PSK`.
 
-1. Based on Debian 9 (Stretch) with [libreswan-3.27 (IPsec VPN software)](https://github.com/libreswan/libreswan) and [xl2tpd-1.3.12 (L2TP daemon)](https://github.com/xelerance/xl2tpd).
+1. Based on Debian 9 (Stretch) with [libreswan-3.27 (IPsec VPN software)](https://packages.debian.org/sid/libreswan) and [xl2tpd-1.3.12 (L2TP daemon)](https://packages.debian.org/sid/xl2tpd).
 
-2. Based on alpine with [libreswan-3.21 (IPsec VPN software)](https://pkgs.alpinelinux.org/package/v3.8/community/x86_64/libreswan) and [xl2tpd-1.3.10 (L2TP daemon)](https://pkgs.alpinelinux.org/package/v3.8/main/x86_64/xl2tpd).
+2. Based on alpine with [libreswan-3.27 (IPsec VPN software)](https://pkgs.alpinelinux.org/package/edge/community/x86_64/libreswan) and [xl2tpd-1.3.10.1 (L2TP daemon)](https://pkgs.alpinelinux.org/package/edge/main/x86_64/xl2tpd).
 
 Docker images are built for quick deployment in various computing cloud providers.
 

From 0565b08d9e66cbfbc99a8afe38837a63f1f06a95 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Sat, 26 Jan 2019 14:50:44 +0900
Subject: [PATCH 05/24] Update IPSec config

Signed-off-by: Teddysun <i@teddysun.com>
---
 docker/l2tp/alpine/l2tp.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docker/l2tp/alpine/l2tp.sh b/docker/l2tp/alpine/l2tp.sh
index 5f70359..103559b 100644
--- a/docker/l2tp/alpine/l2tp.sh
+++ b/docker/l2tp/alpine/l2tp.sh
@@ -137,8 +137,7 @@ conn xauth-psk
     auto=add
     leftsubnet=0.0.0.0/0
     rightaddresspool=${XAUTH_REMOTE}
-    modecfgdns1=${DNS1}
-    modecfgdns2=${DNS2}
+    modecfgdns=${DNS1},${DNS2}
     leftxauthserver=yes
     rightxauthclient=yes
     leftmodecfgserver=yes

From 825142d3205a5067c66e726aaac303d5f6342cfc Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Wed, 15 May 2019 08:30:08 +0900
Subject: [PATCH 06/24] Update comments

Signed-off-by: Teddysun <i@teddysun.com>
---
 bench.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bench.sh b/bench.sh
index 8c64ea3..8cfce2a 100644
--- a/bench.sh
+++ b/bench.sh
@@ -2,7 +2,7 @@
 #
 # Description: Auto test download & I/O speed script
 #
-# Copyright (C) 2015 - 2018 Teddysun <i@teddysun.com>
+# Copyright (C) 2015 - 2019 Teddysun <i@teddysun.com>
 #
 # Thanks: LookBack <admin@dwhd.org>
 #
@@ -95,7 +95,7 @@ calc_disk() {
 
 cname=$( awk -F: '/model name/ {name=$2} END {print name}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )
 cores=$( awk -F: '/model name/ {core++} END {print core}' /proc/cpuinfo )
-freq=$( awk -F: '/cpu MHz/ {freq=$2} END {print freq}' /proc/cpuinfo | sed 's/^[ \t]*//;s/[ \t]*$//' )
+freq=$( awk -F'[ :]' '/cpu MHz/ {print $4;exit}' /proc/cpuinfo )
 tram=$( free -m | awk '/Mem/ {print $2}' )
 uram=$( free -m | awk '/Mem/ {print $3}' )
 swap=$( free -m | awk '/Swap/ {print $2}' )

From 92c067541115dfe823d4d66da6d5866a0e7e83e6 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Sun, 9 Jun 2019 14:25:49 +0900
Subject: [PATCH 07/24] Update l2tpctl.sh

Signed-off-by: Teddysun <i@teddysun.com>
---
 docker/l2tp/alpine/l2tpctl.sh | 23 ++++++++++++++++-------
 docker/l2tp/l2tpctl.sh        | 21 +++++++++++++++------
 2 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/docker/l2tp/alpine/l2tpctl.sh b/docker/l2tp/alpine/l2tpctl.sh
index 103bb00..1f8e025 100644
--- a/docker/l2tp/alpine/l2tpctl.sh
+++ b/docker/l2tp/alpine/l2tpctl.sh
@@ -99,6 +99,11 @@ mod_user(){
     echo "Username ${user}'s password has been changed."
 }
 
+get_version(){
+    ipsec --version
+    xl2tpd --version
+}
+
 action=$1
 case ${action} in
     -l|--list)
@@ -113,14 +118,18 @@ case ${action} in
     -m|--mod)
         mod_user
         ;;
+    -v|--version)
+        get_version
+        ;;
     -h|--help)
-        echo "Usage: `basename $0` -l,--list   List all users"
-        echo "       `basename $0` -a,--add    Add a user"
-        echo "       `basename $0` -d,--del    Delete a user"
-        echo "       `basename $0` -m,--mod    Modify a user password"
-        echo "       `basename $0` -h,--help   Print this help information"
+        echo "Usage: `basename $0` -l,--list     List all users"
+        echo "       `basename $0` -a,--add      Add a user"
+        echo "       `basename $0` -d,--del      Delete a user"
+        echo "       `basename $0` -m,--mod      Modify a user password"
+        echo "       `basename $0` -v,--version  Print program version"
+        echo "       `basename $0` -h,--help     Print this help information"
         ;;
     *)
-        echo "Usage: `basename $0` [-l,--list|-a,--add|-d,--del|-m,--mod|-h,--help]" && exit
+        echo "Usage: `basename $0` [-l,--list|-a,--add|-d,--del|-m,--mod|-v,--version|-h,--help]" && exit
         ;;
-esac
\ No newline at end of file
+esac
diff --git a/docker/l2tp/l2tpctl.sh b/docker/l2tp/l2tpctl.sh
index 4dc121d..1f8e025 100644
--- a/docker/l2tp/l2tpctl.sh
+++ b/docker/l2tp/l2tpctl.sh
@@ -99,6 +99,11 @@ mod_user(){
     echo "Username ${user}'s password has been changed."
 }
 
+get_version(){
+    ipsec --version
+    xl2tpd --version
+}
+
 action=$1
 case ${action} in
     -l|--list)
@@ -113,14 +118,18 @@ case ${action} in
     -m|--mod)
         mod_user
         ;;
+    -v|--version)
+        get_version
+        ;;
     -h|--help)
-        echo "Usage: `basename $0` -l,--list   List all users"
-        echo "       `basename $0` -a,--add    Add a user"
-        echo "       `basename $0` -d,--del    Delete a user"
-        echo "       `basename $0` -m,--mod    Modify a user password"
-        echo "       `basename $0` -h,--help   Print this help information"
+        echo "Usage: `basename $0` -l,--list     List all users"
+        echo "       `basename $0` -a,--add      Add a user"
+        echo "       `basename $0` -d,--del      Delete a user"
+        echo "       `basename $0` -m,--mod      Modify a user password"
+        echo "       `basename $0` -v,--version  Print program version"
+        echo "       `basename $0` -h,--help     Print this help information"
         ;;
     *)
-        echo "Usage: `basename $0` [-l,--list|-a,--add|-d,--del|-m,--mod|-h,--help]" && exit
+        echo "Usage: `basename $0` [-l,--list|-a,--add|-d,--del|-m,--mod|-v,--version|-h,--help]" && exit
         ;;
 esac

From e9d4751e21fc6e06c29e5066aeae1a95b01629c3 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Sun, 9 Jun 2019 14:26:05 +0900
Subject: [PATCH 08/24] Update README.md

Signed-off-by: Teddysun <i@teddysun.com>
---
 docker/l2tp/README.md | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/docker/l2tp/README.md b/docker/l2tp/README.md
index 2ced3a2..cc9493e 100644
--- a/docker/l2tp/README.md
+++ b/docker/l2tp/README.md
@@ -47,22 +47,26 @@ VPN_DNS1=
 VPN_DNS2=
 ```
 
-This will create a default user account for L2TP/IPsec VPN login, which can be used by your **multiple devices**. 
+This will create a default user account for L2TP/IPsec VPN login, which can be used by your **multiple devices**.
+
 The IPSec PSK (pre-shared key) is specified by the `VPN_IPSEC_PSK` environment variable. 
+
 The username is specified in `VPN_USER` environment variable.
+
 and password is specified in `VPN_PASSWORD` environment variable.
+
 If your VPS has multiple public IP addresses, maybe public IP need to specified in `VPN_PUBLIC_IP` environment variable.
 
 There is an example to start a container:
 
 ```bash
-$ docker run -d --privileged -p 500:500/udp -p 4500:4500/udp --name l2tp --env-file /etc/l2tp.env -v /lib/modules:/lib/modules teddysun/l2tp
+$ docker run -d --privileged -p 500:500/udp -p 4500:4500/udp --name l2tp --restart=always --env-file /etc/l2tp.env -v /lib/modules:/lib/modules teddysun/l2tp
 ```
 
 or start a container with tag **alpine**
 
 ```bash
-$ docker run -d --privileged -p 500:500/udp -p 4500:4500/udp --name l2tp --env-file /etc/l2tp.env -v /lib/modules:/lib/modules teddysun/l2tp:alpine
+$ docker run -d --privileged -p 500:500/udp -p 4500:4500/udp --name l2tp --restart=always --env-file /etc/l2tp.env -v /lib/modules:/lib/modules teddysun/l2tp:alpine
 ```
 
 **Note**: The UDP port number `500` and `4500` must be opened in firewall.
@@ -132,6 +136,12 @@ $ docker exec -it l2tp l2tpctl -d
 $ docker exec -it l2tp l2tpctl -m
 ```
 
+### Print Libreswan & xl2tpd version
+
+```bash
+$ docker exec -it l2tp l2tpctl -v
+```
+
 ### Print help information
 
 ```bash

From 870fd101b06661087e0a6b260ce9895161c655ad Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Sun, 9 Jun 2019 14:29:29 +0900
Subject: [PATCH 09/24] Update Dockerfile

Signed-off-by: Teddysun <i@teddysun.com>
---
 docker/l2tp/Dockerfile        | 2 +-
 docker/l2tp/alpine/Dockerfile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/l2tp/Dockerfile b/docker/l2tp/Dockerfile
index b4b9b07..025eac3 100644
--- a/docker/l2tp/Dockerfile
+++ b/docker/l2tp/Dockerfile
@@ -1,5 +1,5 @@
 # Dockerfile for L2TP/IPSec VPN Server
-# Copyright (C) 2018 Teddysun <i@teddysun.com>
+# Copyright (C) 2018 - 2019 Teddysun <i@teddysun.com>
 
 FROM debian:stretch
 LABEL maintainer="Teddysun <i@teddysun.com>"
diff --git a/docker/l2tp/alpine/Dockerfile b/docker/l2tp/alpine/Dockerfile
index 17f5395..ce8b1fa 100644
--- a/docker/l2tp/alpine/Dockerfile
+++ b/docker/l2tp/alpine/Dockerfile
@@ -1,5 +1,5 @@
 # Dockerfile for L2TP/IPSec VPN Server based alpine
-# Copyright (C) 2019 Teddysun <i@teddysun.com>
+# Copyright (C) 2018 - 2019 Teddysun <i@teddysun.com>
 
 FROM alpine:edge
 LABEL maintainer="Teddysun <i@teddysun.com>"

From 31daa0035639d82f08cd71b93d9c1f5d1e668f18 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Sun, 9 Jun 2019 14:40:22 +0900
Subject: [PATCH 10/24] Update Dockerfile

Signed-off-by: Teddysun <i@teddysun.com>
---
 docker/kms/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/kms/Dockerfile b/docker/kms/Dockerfile
index 41aa660..e54e759 100644
--- a/docker/kms/Dockerfile
+++ b/docker/kms/Dockerfile
@@ -1,5 +1,5 @@
 # Dockerfile for KMS Server
-# Copyright (C) 2018 Teddysun <i@teddysun.com>
+# Copyright (C) 2018 - 2019 Teddysun <i@teddysun.com>
 # Reference URL:
 # https://github.com/Wind4/vlmcsd
 

From 8e739b4458ec2c19854f9ee5ca711fdd12fb104b Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Sun, 9 Jun 2019 14:40:38 +0900
Subject: [PATCH 11/24] Update README.md

Signed-off-by: Teddysun <i@teddysun.com>
---
 docker/kms/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/kms/README.md b/docker/kms/README.md
index 2968c57..27e54e3 100644
--- a/docker/kms/README.md
+++ b/docker/kms/README.md
@@ -25,7 +25,7 @@ It can be found at [Docker Hub][3].
 ## Start a container
 
 ```bash
-$ docker run -d -p 1688:1688 --name kms teddysun/kms
+$ docker run -d -p 1688:1688 --name kms --restart=always teddysun/kms
 ```
 
 **Note**: The TCP port number `1688` must be opened in firewall.

From 99c9fb94e251b3f2153f3e9f497461d54d16adb9 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Thu, 1 Aug 2019 11:15:55 +0900
Subject: [PATCH 12/24] Update bench.sh

---
 bench.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bench.sh b/bench.sh
index 8cfce2a..3a487b4 100644
--- a/bench.sh
+++ b/bench.sh
@@ -49,7 +49,7 @@ speed_test_v6() {
 
 speed_v4() {
     speed_test_v4 'http://cachefly.cachefly.net/100mb.test' 'CacheFly'
-    speed_test_v4 'http://speedtest.tokyo.linode.com/100MB-tokyo.bin' 'Linode, Tokyo, JP'
+    speed_test_v4 'http://speedtest.tokyo2.linode.com/100MB-tokyo2.bin' 'Linode, Tokyo2, JP'
     speed_test_v4 'http://speedtest.singapore.linode.com/100MB-singapore.bin' 'Linode, Singapore, SG'
     speed_test_v4 'http://speedtest.london.linode.com/100MB-london.bin' 'Linode, London, UK'
     speed_test_v4 'http://speedtest.frankfurt.linode.com/100MB-frankfurt.bin' 'Linode, Frankfurt, DE'
@@ -66,7 +66,7 @@ speed_v6() {
     speed_test_v6 'http://speedtest.dallas.linode.com/100MB-dallas.bin' 'Linode, Dallas, TX'
     speed_test_v6 'http://speedtest.newark.linode.com/100MB-newark.bin' 'Linode, Newark, NJ'
     speed_test_v6 'http://speedtest.singapore.linode.com/100MB-singapore.bin' 'Linode, Singapore, SG'
-    speed_test_v6 'http://speedtest.tokyo.linode.com/100MB-tokyo.bin' 'Linode, Tokyo, JP'
+    speed_test_v6 'http://speedtest.tokyo2.linode.com/100MB-tokyo2.bin' 'Linode, Tokyo2, JP'
     speed_test_v6 'http://speedtest.sjc03.softlayer.com/downloads/test100.zip' 'Softlayer, San Jose, CA'
     speed_test_v6 'http://speedtest.wdc01.softlayer.com/downloads/test100.zip' 'Softlayer, Washington, WA'
     speed_test_v6 'http://speedtest.par01.softlayer.com/downloads/test100.zip' 'Softlayer, Paris, FR'

From 4ea6fc0b461da7c0a8b5af462bf227aa006f3dfb Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Thu, 1 Aug 2019 12:09:43 +0900
Subject: [PATCH 13/24] Update bench.sh

---
 bench.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/bench.sh b/bench.sh
index 3a487b4..0a845f2 100644
--- a/bench.sh
+++ b/bench.sh
@@ -106,7 +106,7 @@ opsy=$( get_opsy )
 arch=$( uname -m )
 lbit=$( getconf LONG_BIT )
 kern=$( uname -r )
-ipv6=$( wget -qO- -t1 -T2 ipv6.icanhazip.com )
+#ipv6=$( wget -qO- -t1 -T2 ipv6.icanhazip.com )
 disk_size1=($( LANG=C df -hPl | grep -wvE '\-|none|tmpfs|devtmpfs|by-uuid|chroot|Filesystem|udev|docker' | awk '{print $2}' ))
 disk_size2=($( LANG=C df -hPl | grep -wvE '\-|none|tmpfs|devtmpfs|by-uuid|chroot|Filesystem|udev|docker' | awk '{print $3}' ))
 disk_total_size=$( calc_disk "${disk_size1[@]}" )
@@ -144,7 +144,7 @@ echo -e "Average I/O speed    : ${YELLOW}$ioavg MB/s${PLAIN}"
 next
 printf "%-32s%-24s%-14s\n" "Node Name" "IPv4 address" "Download Speed"
 speed_v4 && next
-if [[ "$ipv6" != "" ]]; then
-    printf "%-32s%-24s%-14s\n" "Node Name" "IPv6 address" "Download Speed"
-    speed_v6 && next
-fi
+#if [[ "$ipv6" != "" ]]; then
+#    printf "%-32s%-24s%-14s\n" "Node Name" "IPv6 address" "Download Speed"
+#    speed_v6 && next
+#fi

From a16c60e43b30e7a3519265e5165f970b3cec5ffe Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Wed, 14 Aug 2019 22:05:42 +0900
Subject: [PATCH 14/24] Update Dockerfile

---
 docker/l2tp/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/l2tp/Dockerfile b/docker/l2tp/Dockerfile
index 025eac3..ecaa7ca 100644
--- a/docker/l2tp/Dockerfile
+++ b/docker/l2tp/Dockerfile
@@ -1,7 +1,7 @@
 # Dockerfile for L2TP/IPSec VPN Server
 # Copyright (C) 2018 - 2019 Teddysun <i@teddysun.com>
 
-FROM debian:stretch
+FROM debian:buster
 LABEL maintainer="Teddysun <i@teddysun.com>"
 
 RUN set -ex \

From f80dff12a36087661b5c15d7c3a03d944b819845 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Wed, 14 Aug 2019 22:08:21 +0900
Subject: [PATCH 15/24] Update comments

Signed-off-by: Teddysun <i@teddysun.com>
---
 docker/l2tp/alpine/l2tp.sh | 8 ++++++--
 docker/l2tp/l2tp.sh        | 8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/docker/l2tp/alpine/l2tp.sh b/docker/l2tp/alpine/l2tp.sh
index 103559b..4007e23 100644
--- a/docker/l2tp/alpine/l2tp.sh
+++ b/docker/l2tp/alpine/l2tp.sh
@@ -185,14 +185,18 @@ cat > /etc/ipsec.secrets <<EOF
 %any  %any  : PSK "${VPN_IPSEC_PSK}"
 EOF
 
-cat > /etc/ppp/chap-secrets <<EOF
+if ! grep -qw "${VPN_USER}" /etc/ppp/chap-secrets; then
+    cat > /etc/ppp/chap-secrets <<EOF
 ${VPN_USER} l2tpd ${VPN_PASSWORD} *
 EOF
+fi
 
 VPN_PASSWORD_ENC=$(openssl passwd -1 "${VPN_PASSWORD}")
-cat > /etc/ipsec.d/passwd <<EOF
+if ! grep -qw "${VPN_USER}" /etc/ipsec.d/passwd; then
+    cat > /etc/ipsec.d/passwd <<EOF
 ${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk
 EOF
+fi
 
 chmod 600 /etc/ipsec.secrets /etc/ppp/chap-secrets /etc/ipsec.d/passwd
 
diff --git a/docker/l2tp/l2tp.sh b/docker/l2tp/l2tp.sh
index 103559b..4007e23 100644
--- a/docker/l2tp/l2tp.sh
+++ b/docker/l2tp/l2tp.sh
@@ -185,14 +185,18 @@ cat > /etc/ipsec.secrets <<EOF
 %any  %any  : PSK "${VPN_IPSEC_PSK}"
 EOF
 
-cat > /etc/ppp/chap-secrets <<EOF
+if ! grep -qw "${VPN_USER}" /etc/ppp/chap-secrets; then
+    cat > /etc/ppp/chap-secrets <<EOF
 ${VPN_USER} l2tpd ${VPN_PASSWORD} *
 EOF
+fi
 
 VPN_PASSWORD_ENC=$(openssl passwd -1 "${VPN_PASSWORD}")
-cat > /etc/ipsec.d/passwd <<EOF
+if ! grep -qw "${VPN_USER}" /etc/ipsec.d/passwd; then
+    cat > /etc/ipsec.d/passwd <<EOF
 ${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk
 EOF
+fi
 
 chmod 600 /etc/ipsec.secrets /etc/ppp/chap-secrets /etc/ipsec.d/passwd
 

From 1cd9ef402b97563e2a06b59f21ae42eb1030ae9d Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Wed, 14 Aug 2019 22:11:00 +0900
Subject: [PATCH 16/24] Update README.md

---
 docker/l2tp/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/l2tp/README.md b/docker/l2tp/README.md
index cc9493e..4884258 100644
--- a/docker/l2tp/README.md
+++ b/docker/l2tp/README.md
@@ -2,7 +2,7 @@
 
 Docker image to run a L2TP/IPsec VPN Server, with both `L2TP/IPsec PSK` and `IPSec Xauth PSK`.
 
-1. Based on Debian 9 (Stretch) with [libreswan-3.27 (IPsec VPN software)](https://packages.debian.org/sid/libreswan) and [xl2tpd-1.3.12 (L2TP daemon)](https://packages.debian.org/sid/xl2tpd).
+1. Based on Debian 10 (Buster) with [libreswan-3.27 (IPsec VPN software)](https://packages.debian.org/sid/libreswan) and [xl2tpd-1.3.12 (L2TP daemon)](https://packages.debian.org/sid/xl2tpd).
 
 2. Based on alpine with [libreswan-3.27 (IPsec VPN software)](https://pkgs.alpinelinux.org/package/edge/community/x86_64/libreswan) and [xl2tpd-1.3.10.1 (L2TP daemon)](https://pkgs.alpinelinux.org/package/edge/main/x86_64/xl2tpd).
 
@@ -69,7 +69,7 @@ or start a container with tag **alpine**
 $ docker run -d --privileged -p 500:500/udp -p 4500:4500/udp --name l2tp --restart=always --env-file /etc/l2tp.env -v /lib/modules:/lib/modules teddysun/l2tp:alpine
 ```
 
-**Note**: The UDP port number `500` and `4500` must be opened in firewall.
+**Warning**: The UDP port number `500` and `4500` must be opened in firewall.
 
 ## Check container details
 

From 2356d4a4ba02617bd11a09fa54478b3d6cf0d3ff Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Wed, 14 Aug 2019 22:28:03 +0900
Subject: [PATCH 17/24] Update comments

---
 docker/l2tp/alpine/l2tp.sh | 4 ++--
 docker/l2tp/l2tp.sh        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker/l2tp/alpine/l2tp.sh b/docker/l2tp/alpine/l2tp.sh
index 4007e23..7be0bec 100644
--- a/docker/l2tp/alpine/l2tp.sh
+++ b/docker/l2tp/alpine/l2tp.sh
@@ -185,14 +185,14 @@ cat > /etc/ipsec.secrets <<EOF
 %any  %any  : PSK "${VPN_IPSEC_PSK}"
 EOF
 
-if ! grep -qw "${VPN_USER}" /etc/ppp/chap-secrets; then
+if ! grep -qw "${VPN_USER}" /etc/ppp/chap-secrets 2>/dev/null; then
     cat > /etc/ppp/chap-secrets <<EOF
 ${VPN_USER} l2tpd ${VPN_PASSWORD} *
 EOF
 fi
 
 VPN_PASSWORD_ENC=$(openssl passwd -1 "${VPN_PASSWORD}")
-if ! grep -qw "${VPN_USER}" /etc/ipsec.d/passwd; then
+if ! grep -qw "${VPN_USER}" /etc/ipsec.d/passwd 2>/dev/null; then
     cat > /etc/ipsec.d/passwd <<EOF
 ${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk
 EOF
diff --git a/docker/l2tp/l2tp.sh b/docker/l2tp/l2tp.sh
index 4007e23..7be0bec 100644
--- a/docker/l2tp/l2tp.sh
+++ b/docker/l2tp/l2tp.sh
@@ -185,14 +185,14 @@ cat > /etc/ipsec.secrets <<EOF
 %any  %any  : PSK "${VPN_IPSEC_PSK}"
 EOF
 
-if ! grep -qw "${VPN_USER}" /etc/ppp/chap-secrets; then
+if ! grep -qw "${VPN_USER}" /etc/ppp/chap-secrets 2>/dev/null; then
     cat > /etc/ppp/chap-secrets <<EOF
 ${VPN_USER} l2tpd ${VPN_PASSWORD} *
 EOF
 fi
 
 VPN_PASSWORD_ENC=$(openssl passwd -1 "${VPN_PASSWORD}")
-if ! grep -qw "${VPN_USER}" /etc/ipsec.d/passwd; then
+if ! grep -qw "${VPN_USER}" /etc/ipsec.d/passwd 2>/dev/null; then
     cat > /etc/ipsec.d/passwd <<EOF
 ${VPN_USER}:${VPN_PASSWORD_ENC}:xauth-psk
 EOF

From 36a2ddf7be9105c23df4f770219c6d64f6a32e7a Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Thu, 15 Aug 2019 22:54:18 +0900
Subject: [PATCH 18/24] Update README.md

---
 docker/l2tp/README.md | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/docker/l2tp/README.md b/docker/l2tp/README.md
index 4884258..8da7e0a 100644
--- a/docker/l2tp/README.md
+++ b/docker/l2tp/README.md
@@ -49,13 +49,25 @@ VPN_DNS2=
 
 This will create a default user account for L2TP/IPsec VPN login, which can be used by your **multiple devices**.
 
-The IPSec PSK (pre-shared key) is specified by the `VPN_IPSEC_PSK` environment variable. 
+The IPSec PSK (pre-shared key) is specified by the `VPN_IPSEC_PSK`. 
 
-The username is specified in `VPN_USER` environment variable.
+The **default username** is specified in `VPN_USER`.
 
-and password is specified in `VPN_PASSWORD` environment variable.
+The **default password** is specified in `VPN_PASSWORD`.
 
-If your VPS has multiple public IP addresses, maybe public IP need to specified in `VPN_PUBLIC_IP` environment variable.
+If your VPS has multiple public IP addresses, maybe public IP need to specified in `VPN_PUBLIC_IP`.
+
+If you want to specify a other private network, maybe need to specified in `VPN_L2TP_NET` (default `192.168.18.0/24`).
+
+If you want to specify a other private network, maybe need to specified in `VPN_XAUTH_NET` (default `192.168.20.0/24`).
+
+If you want to specify a `local ip` for `xl2tpd.conf`, maybe need to specified in `VPN_L2TP_LOCAL` (default `192.168.18.1`).
+
+If you want to specify a `ip range` for `xl2tpd.conf`, maybe need to specified in `VPN_L2TP_REMOTE` (default `192.168.18.10-192.168.18.250`).
+
+If you want to specify a `rightaddresspool` for `ipsec.conf`, maybe need to specified in `VPN_XAUTH_REMOTE` (default `192.168.20.10-192.168.20.250`).
+
+If you want to specify a other DNS servers, maybe need to specified in `VPN_DNS1` and `VPN_DNS2` (default `8.8.8.8`, `8.8.4.4`).
 
 There is an example to start a container:
 

From 2d75a1d45a761322d5efd966a1ab66bbb4b773e1 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Mon, 2 Sep 2019 23:16:24 +0900
Subject: [PATCH 19/24] Update README.md

---
 docker/l2tp/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/l2tp/README.md b/docker/l2tp/README.md
index 8da7e0a..96a7ad1 100644
--- a/docker/l2tp/README.md
+++ b/docker/l2tp/README.md
@@ -2,9 +2,9 @@
 
 Docker image to run a L2TP/IPsec VPN Server, with both `L2TP/IPsec PSK` and `IPSec Xauth PSK`.
 
-1. Based on Debian 10 (Buster) with [libreswan-3.27 (IPsec VPN software)](https://packages.debian.org/sid/libreswan) and [xl2tpd-1.3.12 (L2TP daemon)](https://packages.debian.org/sid/xl2tpd).
+1. Based on Debian 10 (Buster) with [libreswan-3.29 (IPsec VPN software)](https://packages.debian.org/sid/libreswan) and [xl2tpd-1.3.12 (L2TP daemon)](https://packages.debian.org/sid/xl2tpd).
 
-2. Based on alpine with [libreswan-3.27 (IPsec VPN software)](https://pkgs.alpinelinux.org/package/edge/community/x86_64/libreswan) and [xl2tpd-1.3.10.1 (L2TP daemon)](https://pkgs.alpinelinux.org/package/edge/main/x86_64/xl2tpd).
+2. Based on Alpine with [libreswan-3.29 (IPsec VPN software)](https://pkgs.alpinelinux.org/package/edge/community/x86_64/libreswan) and [xl2tpd-1.3.14 (L2TP daemon)](https://pkgs.alpinelinux.org/package/edge/main/x86_64/xl2tpd).
 
 Docker images are built for quick deployment in various computing cloud providers.
 

From 2695401bc90a4024bbfed5e402c3c10a71c30108 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Mon, 23 Sep 2019 21:32:27 +0900
Subject: [PATCH 20/24] Added wireguard.sh This is a Shell script for configure
 and start WireGuard VPN server

Signed-off-by: Teddysun <i@teddysun.com>
---
 wireguard.sh | 651 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 651 insertions(+)
 create mode 100644 wireguard.sh

diff --git a/wireguard.sh b/wireguard.sh
new file mode 100644
index 0000000..a68eb54
--- /dev/null
+++ b/wireguard.sh
@@ -0,0 +1,651 @@
+#!/usr/bin/env bash
+#
+# This is a Shell script for configure and start WireGuard VPN server.
+#
+# Copyright (C) 2019 Teddysun <i@teddysun.com>
+#
+# Reference URL:
+# https://www.wireguard.com
+# https://git.zx2c4.com/WireGuard
+
+trap _exit INT QUIT TERM
+
+_red() {
+    printf '\033[1;31;31m%b\033[0m' "$1"
+}
+
+_green() {
+    printf '\033[1;31;32m%b\033[0m' "$1"
+}
+
+_yellow() {
+    printf '\033[1;31;33m%b\033[0m' "$1"
+}
+
+_printargs() {
+    printf -- "%s" "[$(date)] "
+    printf -- "%s" "$1"
+    printf "\n"
+}
+
+_info() {
+    _printargs "$@"
+}
+
+_warn() {
+    printf -- "%s" "[$(date)] "
+    _yellow "$1"
+    printf "\n"
+}
+
+_error() {
+    printf -- "%s" "[$(date)] "
+    _red "$1"
+    printf "\n"
+    exit 2
+}
+
+_exit() {
+    printf "\n"
+    _red "$0 has been terminated."
+    printf "\n"
+    exit 1
+}
+
+_exists() {
+    local cmd="$1"
+    if eval type type > /dev/null 2>&1; then
+        eval type "$cmd" > /dev/null 2>&1
+    elif command > /dev/null 2>&1; then
+        command -v "$cmd" > /dev/null 2>&1
+    else
+        which "$cmd" > /dev/null 2>&1
+    fi
+    rt="$?"
+    return ${rt}
+}
+
+_ipv4() {
+    local ipv4="$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | \
+                   egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )"
+    [ -z "${ipv4}" ] && ipv4="$( wget -qO- -t1 -T2 ipv4.icanhazip.com )"
+    [ -z "${ipv4}" ] && ipv4="$( wget -qO- -t1 -T2 ipinfo.io/ip )"
+    printf -- "%s" "${ipv4}"
+}
+
+_ipv6() {
+    local ipv6=""
+    ipv6="$(wget -qO- -t1 -T2 ipv6.icanhazip.com)"
+    printf -- "%s" "${ipv6}"
+}
+
+_nic() {
+    local nic=""
+    nic="$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)"
+    printf -- "%s" "${nic}"
+}
+
+_port() {
+    local port="$(shuf -i 1024-20480 -n 1)"
+    while true
+    do
+        if _exists "netstat" && netstat -tunlp | grep -w "${port}" > /dev/null 2>&1; then
+            port="$(shuf -i 1024-20480 -n 1)"
+        else
+            break
+        fi
+    done
+    printf -- "%s" "${port}"
+}
+
+_os() {
+    local os=""
+    [ -f "/etc/debian_version" ] && source /etc/os-release && os="${ID}" && printf -- "%s" "${os}" && return
+    [ -f "/etc/fedora-release" ] && os="fedora" && printf -- "%s" "${os}" && return
+    [ -f "/etc/redhat-release" ] && os="centos" && printf -- "%s" "${os}" && return
+}
+
+_os_full() {
+    [ -f /etc/redhat-release ] && awk '{print ($1,$3~/^[0-9]/?$3:$4)}' /etc/redhat-release && return
+    [ -f /etc/os-release ] && awk -F'[= "]' '/PRETTY_NAME/{print $3,$4,$5}' /etc/os-release && return
+    [ -f /etc/lsb-release ] && awk -F'[="]+' '/DESCRIPTION/{print $2}' /etc/lsb-release && return
+}
+
+_os_ver() {
+    local main_ver="$( echo $(_os_full) | grep -oE  "[0-9.]+")"
+    printf -- "%s" "${main_ver%%.*}"
+}
+
+_error_detect() {
+    local cmd="$1"
+    _info "${cmd}"
+    eval ${cmd} 1> /dev/null
+    if [ $? -ne 0 ]; then
+        _error "Execution command (${cmd}) failed, please check it and try again."
+    fi
+}
+
+# Check OS version
+check_os() {
+    _info "Check OS version"
+    if _exists "virt-what"; then
+        virt="$(virt-what)"
+    elif _exists "systemd-detect-virt"; then
+        virt="$(systemd-detect-virt)"
+    fi
+    if [ -n "${virt}" -a "${virt}" = "lxc" ]; then
+        _error "Virtualization method is LXC, which is not supported."
+    fi
+    if [ -n "${virt}" -a "${virt}" = "openvz" ] || [ -d "/proc/vz" ]; then
+        _error "Virtualization method is OpenVZ, which is not supported."
+    fi
+    [ -z "$(_os)" ] && _error "Not supported OS."
+    case "$(_os)" in
+        ubuntu)
+            [ -n "$(_os_ver)" -a "$(_os_ver)" -lt 16 ] && _error "Not supported OS, please change to Ubuntu 16+ and try again."
+            ;;
+        debian)
+            [ -n "$(_os_ver)" -a "$(_os_ver)" -lt 8 ] &&  _error "Not supported OS, please change to Debian 8+ and try again."
+            ;;
+        fedora)
+            [ -n "$(_os_ver)" -a "$(_os_ver)" -lt 29 ] && _error "Not supported OS, please change to Fedora 29+ and try again."
+            ;;
+        centos)
+            [ -n "$(_os_ver)" -a "$(_os_ver)" -lt 7 ] &&  _error "Not supported OS, please change to CentOS 7+ and try again."
+            ;;
+        *)
+            ;; # do nothing
+    esac
+}
+
+# Install from repository
+install_wg_1() {
+    _info "Install wireguard from repository"
+    case "$(_os)" in
+        ubuntu)
+            _error_detect "add-apt-repository ppa:wireguard/wireguard"
+            _error_detect "apt-get update"
+            _error_detect "apt-get -y install linux-headers-$(uname -r)"
+            _error_detect "apt-get -y install qrencode"
+            _error_detect "apt-get -y install iptables"
+            _error_detect "apt-get -y install wireguard"
+            ;;
+        debian)
+            echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
+            printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
+            _error_detect "apt-get update"
+            _error_detect "apt-get -y install linux-headers-$(uname -r)"
+            _error_detect "apt-get -y install qrencode"
+            _error_detect "apt-get -y install iptables"
+            _error_detect "apt-get -y install wireguard"
+            ;;
+        fedora)
+            _error_detect "dnf -y copr enable jdoss/wireguard"
+            _error_detect "dnf -y install kernel-devel"
+            _error_detect "dnf -y install kernel-headers"
+            _error_detect "dnf -y install qrencode"
+            _error_detect "dnf -y install wireguard-dkms wireguard-tools"
+            ;;
+        centos)
+            _error_detect "curl -Lso /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo"
+            _error_detect "yum -y install epel-release"
+            _error_detect "yum -y install kernel-devel"
+            _error_detect "yum -y install kernel-headers"
+            _error_detect "yum -y install qrencode"
+            _error_detect "yum -y install wireguard-dkms wireguard-tools"
+            ;;
+        *)
+            ;; # do nothing
+    esac
+}
+
+# Install from source
+install_wg_2() {
+    _info "Install wireguard from source"
+    wireguard_ver="$(wget --no-check-certificate -qO- https://api.github.com/repos/WireGuard/WireGuard/tags | grep 'name' | head -1 | cut -d\" -f4)"
+    if [ -z "${wireguard_ver}" ]; then
+        wireguard_ver="$(curl -Lso- https://api.github.com/repos/WireGuard/WireGuard/tags | grep 'name' | head -1 | cut -d\" -f4)"
+    fi
+    [ -z "${wireguard_ver}" ] && _error "Failed to get wireguard latest version from github."
+    wireguard_name="WireGuard-${wireguard_ver}"
+    wireguard_url="https://github.com/WireGuard/WireGuard/archive/${wireguard_ver}.tar.gz"
+    case "$(_os)" in
+        ubuntu|debian)
+            _error_detect "apt-get update"
+            [ ! -d "/usr/src/linux-headers-$(uname -r)" ] && _error_detect "apt-get -y install linux-headers-$(uname -r)"
+            _error_detect "apt-get -y install qrencode"
+            _error_detect "apt-get -y install iptables"
+            _error_detect "apt-get -y install bc"
+            _error_detect "apt-get -y install gcc"
+            _error_detect "apt-get -y install make"
+            _error_detect "apt-get -y install libmnl-dev"
+            ;;
+        fedora)
+            [ ! -d "/usr/src/kernels/$(uname -r)" ] && _error_detect "dnf -y install kernel-headers" && _error_detect "dnf -y install kernel-devel"
+            _error_detect "dnf -y install qrencode"
+            _error_detect "dnf -y install bc"
+            _error_detect "dnf -y install gcc"
+            _error_detect "dnf -y install make"
+            _error_detect "dnf -y install libmnl-devel"
+            ;;
+        centos)
+            _error_detect "yum -y install epel-release"
+            [ ! -d "/usr/src/kernels/$(uname -r)" ] && _error_detect "yum -y install kernel-headers" && _error_detect "yum -y install kernel-devel"
+            _error_detect "yum -y install qrencode"
+            _error_detect "yum -y install bc"
+            _error_detect "yum -y install gcc"
+            _error_detect "yum -y install make"
+            _error_detect "yum -y install libmnl-devel"
+            ;;
+        *)
+            ;; # do nothing
+    esac
+    _error_detect "wget --no-check-certificate -qO ${wireguard_name}.tar.gz ${wireguard_url}"
+    _error_detect "tar zxf ${wireguard_name}.tar.gz"
+    _error_detect "cd ${wireguard_name}/src"
+    _error_detect "make tools"
+    _error_detect "make module"
+    _error_detect "make install"
+    _error_detect "cd ${cur_dir} && rm -fr ${wireguard_name}.tar.gz ${wireguard_name}"
+}
+
+# Create server interface
+create_server_if() {
+    SERVER_PRIVATE_KEY="$(wg genkey)"
+    SERVER_PUBLIC_KEY="$(echo ${SERVER_PRIVATE_KEY} | wg pubkey)"
+    CLIENT_PRIVATE_KEY="$(wg genkey)"
+    CLIENT_PUBLIC_KEY="$(echo ${CLIENT_PRIVATE_KEY} | wg pubkey)"
+    CLIENT_PRE_SHARED_KEY="$( wg genpsk )"
+    _info "Create server interface: /etc/wireguard/${SERVER_WG_NIC}.conf"
+    [ ! -d "/etc/wireguard" ] && mkdir -p "/etc/wireguard"
+    if [ -n "${SERVER_PUB_IPV6}" ]; then
+        cat > /etc/wireguard/${SERVER_WG_NIC}.conf <<EOF
+[Interface]
+Address = ${SERVER_WG_IPV4}/24,${SERVER_WG_IPV6}/64
+ListenPort = ${SERVER_WG_PORT}
+PrivateKey = ${SERVER_PRIVATE_KEY}
+
+[Peer]
+PublicKey = ${CLIENT_PUBLIC_KEY}
+AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128
+PresharedKey = ${CLIENT_PRE_SHARED_KEY}
+EOF
+    else
+        cat > /etc/wireguard/${SERVER_WG_NIC}.conf <<EOF
+[Interface]
+Address = ${SERVER_WG_IPV4}/24
+ListenPort = ${SERVER_WG_PORT}
+PrivateKey = ${SERVER_PRIVATE_KEY}
+
+[Peer]
+PublicKey = ${CLIENT_PUBLIC_KEY}
+AllowedIPs = ${CLIENT_WG_IPV4}/32
+PresharedKey = ${CLIENT_PRE_SHARED_KEY}
+EOF
+    fi
+    chmod 600 /etc/wireguard/${SERVER_WG_NIC}.conf
+}
+
+# Create client interface
+create_client_if() {
+    _info "Create client interface: /etc/wireguard/${SERVER_WG_NIC}_client"
+    if [ -n "${SERVER_PUB_IPV6}" ]; then
+        cat > /etc/wireguard/${SERVER_WG_NIC}_client <<EOF
+[Interface]
+Address = ${CLIENT_WG_IPV4}/24,${CLIENT_WG_IPV6}/64
+PrivateKey = ${CLIENT_PRIVATE_KEY}
+DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2}
+
+[Peer]
+PublicKey = ${SERVER_PUBLIC_KEY}
+Endpoint = ${SERVER_PUB_IPV4}:${SERVER_WG_PORT}
+AllowedIPs = 0.0.0.0/0,::/0
+PresharedKey = ${CLIENT_PRE_SHARED_KEY}
+EOF
+    else
+        cat > /etc/wireguard/${SERVER_WG_NIC}_client <<EOF
+[Interface]
+Address = ${CLIENT_WG_IPV4}/24
+PrivateKey = ${CLIENT_PRIVATE_KEY}
+DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2}
+
+[Peer]
+PublicKey = ${SERVER_PUBLIC_KEY}
+Endpoint = ${SERVER_PUB_IPV4}:${SERVER_WG_PORT}
+AllowedIPs = 0.0.0.0/0
+PresharedKey = ${CLIENT_PRE_SHARED_KEY}
+EOF
+    fi
+    chmod 600 /etc/wireguard/${SERVER_WG_NIC}_client
+}
+
+# Generate a QR Code picture with default client interface
+generate_qr() {
+    _info "Generate a QR Code picture with client interface"
+    _error_detect "qrencode -s8 -o /etc/wireguard/${SERVER_WG_NIC}_client.png < /etc/wireguard/${SERVER_WG_NIC}_client"
+}
+
+# Enable IP forwarding
+enable_ip_forward() {
+    _info "Enable IP forward"
+    sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf
+    [ -n "${SERVER_PUB_IPV6}" ] && sed -i '/net.ipv6.conf.all.forwarding/d' /etc/sysctl.conf
+    echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
+    [ -n "${SERVER_PUB_IPV6}" ] && echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.conf
+    sysctl -p >/dev/null 2>&1
+}
+
+# Set firewall rules
+set_firewall() {
+    _info "Setting firewall rules"
+    if _exists "firewall-cmd"; then
+        if [ "$(firewall-cmd --state)" = "running" ]; then
+            default_zone="$(firewall-cmd --get-default-zone)"
+            if [ "$(firewall-cmd --zone=${default_zone} --query-masquerade)" = "no" ]; then
+                _error_detect "firewall-cmd --zone=${default_zone} --add-masquerade"
+            fi
+            if ! firewall-cmd --list-ports | grep -qw "${SERVER_WG_PORT}/udp"; then
+                _error_detect "firewall-cmd --permanent --zone=${default_zone} --add-port=${SERVER_WG_PORT}/udp"
+            fi
+            _error_detect "firewall-cmd --reload"
+        else
+            _warn "Firewalld looks like not running, please start it and manually set"
+        fi
+    else
+        if _exists "iptables"; then
+            iptables -A INPUT -p udp --dport ${SERVER_WG_PORT} -j ACCEPT
+            iptables -A FORWARD -i ${SERVER_WG_NIC} -j ACCEPT
+            iptables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE
+            iptables-save > /etc/iptables.rules
+            if [ -d "/etc/network/if-up.d" ]; then
+                cat > /etc/network/if-up.d/iptables <<EOF
+#!/bin/sh
+/sbin/iptables-restore < /etc/iptables.rules
+EOF
+                chmod +x /etc/network/if-up.d/iptables
+            fi
+        fi
+        if _exists "ip6tables"; then
+            ip6tables -A INPUT -p udp --dport ${SERVER_WG_PORT} -j ACCEPT
+            ip6tables -A FORWARD -i ${SERVER_WG_NIC} -j ACCEPT
+            ip6tables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE
+            ip6tables-save > /etc/ip6tables.rules
+            if [ -d "/etc/network/if-up.d" ]; then
+                cat > /etc/network/if-up.d/ip6tables <<EOF
+#!/bin/sh
+/sbin/ip6tables-restore < /etc/ip6tables.rules
+EOF
+                chmod +x /etc/network/if-up.d/ip6tables
+            fi
+        fi
+    fi
+}
+
+# WireGuard installation completed
+install_completed() {
+    _info "Starting WireGuard via wg-quick for ${SERVER_WG_NIC}"
+    _error_detect "systemctl daemon-reload"
+    _error_detect "systemctl start wg-quick@${SERVER_WG_NIC}"
+    _error_detect "systemctl enable wg-quick@${SERVER_WG_NIC}"
+    _info "WireGuard VPN Server installation completed"
+    _info "WireGuard VPN default client file is below:"
+    _info "$(_green "/etc/wireguard/${SERVER_WG_NIC}_client")"
+    _info "WireGuard VPN default client QR Code is below:"
+    _info "$(_green "/etc/wireguard/${SERVER_WG_NIC}_client.png")"
+    _info "Download and scan this QR Code with your phone, enjoy it"
+}
+
+add_client() {
+    if ! _exists "wg" || ! _exists "wg-quick"; then
+        _red "WireGuard looks like not installed, please installed it try again\n" && exit 1
+    fi
+    default_server_if="/etc/wireguard/${SERVER_WG_NIC}.conf"
+    default_client_if="/etc/wireguard/${SERVER_WG_NIC}_client"
+    [ ! -s "${default_server_if}" ] && echo "The default server interface ($(_red ${default_server_if})) does not exists" && exit 1
+    [ ! -s "${default_client_if}" ] && echo "The default client interface ($(_red ${default_client_if})) does not exists" && exit 1
+    while true
+    do
+        read -p "Please enter a client name (for example: wg1):" client
+        if [ -z "${client}" ]; then
+            _red "Client name can not be empty\n"
+        else
+            new_client_if="/etc/wireguard/${client}_client"
+            if [ "${client}" = "${SERVER_WG_NIC}" ]; then
+                echo "The default client ($(_yellow ${client})) already exists. Please re-enter it"
+            elif [ -s "${new_client_if}" ]; then
+                echo "The client ($(_yellow ${client})) already exists. Please re-enter it"
+            else
+                break
+            fi
+        fi
+    done
+    # Get information from default interface file
+    client_files=($(find /etc/wireguard -name "*_client" | sort))
+    client_ipv4=()
+    client_ipv6=()
+    for ((i=0; i<${#client_files[@]}; i++)); do
+        tmp_ipv4="$(grep -w "Address" ${client_files[$i]} | awk '{print $3}' | cut -d\/ -f1 )"
+        tmp_ipv6="$(grep -w "Address" ${client_files[$i]} | awk '{print $3}' | awk -F, '{print $2}' | cut -d\/ -f1 )"
+        client_ipv4=(${client_ipv4[@]} ${tmp_ipv4})
+        client_ipv6=(${client_ipv6[@]} ${tmp_ipv6})
+    done
+    # Sort array
+    client_ipv4_sorted=($(printf '%s\n' "${client_ipv4[@]}" | sort))
+    index=$(expr ${#client_ipv4[@]} - 1)
+    last_ip=$(echo ${client_ipv4_sorted[$index]} | cut -d. -f4)
+    issue_ip_last=$(expr ${last_ip} + 1)
+    [ ${issue_ip_last} -gt 254 ] && _red "Too many client, IP addresses might not be enough\n" && exit 1
+    ipv4_comm=$(echo ${client_ipv4[$index]} | cut -d. -f1-3)
+    ipv6_comm=$(echo ${client_ipv6[$index]} | awk -F: '{print $1":"$2":"$3":"$4}')
+    CLIENT_PRIVATE_KEY="$(wg genkey)"
+    CLIENT_PUBLIC_KEY="$(echo ${CLIENT_PRIVATE_KEY} | wg pubkey)"
+    SERVER_PUBLIC_KEY="$(grep -w "PublicKey" ${default_client_if} | awk '{print $3}')"
+    CLIENT_ENDPOINT="$(grep -w "Endpoint" ${default_client_if} | awk '{print $3}')"
+    CLIENT_PRE_SHARED_KEY="$(grep -w "PresharedKey" ${default_client_if} | awk '{print $3}')"
+    CLIENT_WG_IPV4="${ipv4_comm}.${issue_ip_last}"
+    CLIENT_WG_IPV6="${ipv6_comm}:${issue_ip_last}"
+    # Create a new client interface
+    if [ -n "${SERVER_PUB_IPV6}" ]; then
+        cat > ${new_client_if} <<EOF
+[Interface]
+Address = ${CLIENT_WG_IPV4}/24,${CLIENT_WG_IPV6}/64
+PrivateKey = ${CLIENT_PRIVATE_KEY}
+DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2}
+
+[Peer]
+PublicKey = ${SERVER_PUBLIC_KEY}
+Endpoint = ${CLIENT_ENDPOINT}
+AllowedIPs = 0.0.0.0/0,::/0
+PresharedKey = ${CLIENT_PRE_SHARED_KEY}
+EOF
+        # Add a new client to default server interface
+        cat >> ${default_server_if} <<EOF
+
+[Peer]
+PublicKey = ${CLIENT_PUBLIC_KEY}
+AllowedIPs = ${CLIENT_WG_IPV4}/32,${CLIENT_WG_IPV6}/128
+PresharedKey = ${CLIENT_PRE_SHARED_KEY}
+EOF
+    else
+        cat > ${new_client_if} <<EOF
+[Interface]
+Address = ${CLIENT_WG_IPV4}/24
+PrivateKey = ${CLIENT_PRIVATE_KEY}
+DNS = ${CLIENT_DNS_1},${CLIENT_DNS_2}
+
+[Peer]
+PublicKey = ${SERVER_PUBLIC_KEY}
+Endpoint = ${CLIENT_ENDPOINT}
+AllowedIPs = 0.0.0.0/0
+PresharedKey = ${CLIENT_PRE_SHARED_KEY}
+EOF
+        cat >> ${default_server_if} <<EOF
+
+[Peer]
+PublicKey = ${CLIENT_PUBLIC_KEY}
+AllowedIPs = ${CLIENT_WG_IPV4}/32
+PresharedKey = ${CLIENT_PRE_SHARED_KEY}
+EOF
+    fi
+    chmod 600 ${new_client_if}
+    echo "Add a WireGuard client ($(_green ${client})) completed"
+    systemctl restart wg-quick@${SERVER_WG_NIC}
+    # Generate a new QR Code picture
+    qrencode -s8 -o ${new_client_if}.png < ${new_client_if}
+    echo "Generate a QR Code picture with new client ($(_green ${client})) completed"
+    echo
+    echo "WireGuard VPN new client ($(_green ${client})) file is below:"
+    _green "/etc/wireguard/${client}_client\n"
+    echo
+    echo "WireGuard VPN new client ($(_green ${client})) QR Code is below:"
+    _green "/etc/wireguard/${client}_client.png\n"
+    echo "Download and scan this QR Code with your phone, enjoy it"
+}
+
+remove_client() {
+    default_server_if="/etc/wireguard/${SERVER_WG_NIC}.conf"
+    [ ! -s "${default_server_if}" ] && echo "The default server interface ($(_red ${default_server_if})) does not exists" && exit 1
+    while true
+    do
+        read -p "Please enter a client name you want to delete it (for example: wg1):" client
+        if [ -z "${client}" ]; then
+            _red "Client name can not be empty\n"
+        else
+            if [ "${client}" = "${SERVER_WG_NIC}" ]; then
+                echo "The default client ($(_yellow ${client})) can not be delete"
+            else
+                break
+            fi
+        fi
+    done
+    client_if="/etc/wireguard/${client}_client"
+    [ ! -s "${client_if}" ] && echo "The client file ($(_red ${client_if})) does not exists" && exit 1
+    tmp_tag="$(grep -w "Address" ${client_if} | awk '{print $3}' | cut -d\/ -f1 )"
+    [ -n "${tmp_tag}" ] && sed -i '/'"$tmp_tag"'/,+1d;:a;1,3!{P;$!N;D};N;ba' ${default_server_if}
+    # Delete client interface file
+    rm -f ${client_if}
+    [ -s "/etc/wireguard/${client}_client.png" ] && rm -f /etc/wireguard/${client}_client.png
+    systemctl restart wg-quick@${SERVER_WG_NIC}
+    echo "The client name ($(_green ${client})) has been deleted"
+}
+
+list_clients() {
+    default_server_if="/etc/wireguard/${SERVER_WG_NIC}.conf"
+    [ ! -s "${default_server_if}" ] && echo "The default server interface ($(_red ${default_server_if})) does not exists" && exit 1
+    local line="+-------------------------------------------------------------------------+\n"
+    local string=%-35s
+    printf "${line}|${string} |${string} |\n${line}" " Client Interface" " Client's IP"
+    client_files=($(find /etc/wireguard -name "*_client" | sort))
+    ips=($(grep -w "AllowedIPs" ${default_server_if} | awk '{print $3}'))
+    [ ${#client_files[@]} -ne ${#ips[@]} ] && echo "One or more client interface file is missing in /etc/wireguard" && exit 1
+    for ((i=0; i<${#ips[@]}; i++)); do
+        tmp_ipv4="$(echo ${ips[$i]} | cut -d\/ -f1)"
+        for ((j=0; j<${#client_files[@]}; j++)); do
+            if grep -qw "${tmp_ipv4}" "${client_files[$j]}"; then
+                printf "|${string} |${string} |\n" " ${client_files[$j]}" " ${ips[$i]}"
+                break
+            fi
+        done
+    done
+    printf ${line}
+}
+
+version() {
+    if _exists "wg" && _exists "wg-quick"; then
+        if [ -s "/lib/modules/$(uname -r)/extra/wireguard.ko" ] || [ -s "/lib/modules/$(uname -r)/extra/wireguard.ko.xz" ] \
+           || [ -s "/lib/modules/$(uname -r)/updates/dkms/" ]; then
+            _exists "modinfo" && installed_wg_ver="$(modinfo -F version wireguard)"
+            [ -n "${installed_wg_ver}" ] && echo "WireGuard version: $(_green ${installed_wg_ver})"
+        else
+            _red "WireGuard kernel module does not exists\n"
+        fi
+    else
+        _red "WireGuard is not installed\n"
+    fi
+}
+
+show_help() {
+    printf "
+Usage: $0 [Options]
+Options:
+-h, --help       Print this help text and exit
+-r, --repo       Install WireGuard from repository
+-s, --source     Install WireGuard from source
+-v, --version    Print WireGuard version if installed
+-a, --add        Add a WireGuard client
+-d, --del        Delete a WireGuard client
+-l, --list       List all WireGuard client's IP
+
+"
+}
+
+install_from_repo() {
+    check_os
+    install_wg_1
+    create_server_if
+    create_client_if
+    generate_qr
+    enable_ip_forward
+    set_firewall
+    install_completed
+}
+
+install_from_source() {
+    check_os
+    install_wg_2
+    create_server_if
+    create_client_if
+    generate_qr
+    enable_ip_forward
+    set_firewall
+    install_completed
+}
+
+cur_dir="$(pwd)"
+
+[ ${EUID} -ne 0 ] && _error "This script must be run as root"
+
+SERVER_PUB_IPV4="${VPN_SERVER_PUB_IPV4:-$(_ipv4)}"
+SERVER_PUB_IPV6="${VPN_SERVER_PUB_IPV6:-$(_ipv6)}"
+SERVER_PUB_NIC="${VPN_SERVER_PUB_NIC:-$(_nic)}"
+SERVER_WG_NIC="${VPN_SERVER_WG_NIC:-wg0}"
+SERVER_WG_IPV4="${VPN_SERVER_WG_IPV4:-10.88.88.1}"
+SERVER_WG_IPV6="${VPN_SERVER_WG_IPV6:-fd88:88:88::1}"
+SERVER_WG_PORT="${VPN_SERVER_WG_PORT:-$(_port)}"
+CLIENT_WG_IPV4="${VPN_CLIENT_WG_IPV4:-10.88.88.2}"
+CLIENT_WG_IPV6="${VPN_CLIENT_WG_IPV6:-fd88:88:88::2}"
+CLIENT_DNS_1="${VPN_CLIENT_DNS_1:-1.1.1.1}"
+CLIENT_DNS_2="${VPN_CLIENT_DNS_2:-8.8.8.8}"
+
+main() {
+    action="$1"
+    [ -z "${action}" ] && show_help && exit 0
+    case "${action}" in
+        -h|--help)
+            show_help
+            ;;
+        -r|--repo)
+            install_from_repo
+            ;;
+        -s|--source)
+            install_from_source
+            ;;
+        -v|--version)
+            version
+            ;;
+        -a|--add)
+            add_client
+            ;;
+        -d|--del)
+            remove_client
+            ;;
+        -l|--list)
+            list_clients
+            ;;
+        *)
+            show_help
+            ;;
+    esac
+}
+
+main "$@"
\ No newline at end of file

From d9f6fab4eab2e5d2a739894757b5b1e1c6def554 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Tue, 24 Sep 2019 15:07:21 +0900
Subject: [PATCH 21/24] Update wireguard.sh

---
 wireguard.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wireguard.sh b/wireguard.sh
index a68eb54..59add2a 100644
--- a/wireguard.sh
+++ b/wireguard.sh
@@ -339,9 +339,9 @@ enable_ip_forward() {
 set_firewall() {
     _info "Setting firewall rules"
     if _exists "firewall-cmd"; then
-        if [ "$(firewall-cmd --state)" = "running" ]; then
+        if [ "$(firewall-cmd --state | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g")" = "running" ]; then
             default_zone="$(firewall-cmd --get-default-zone)"
-            if [ "$(firewall-cmd --zone=${default_zone} --query-masquerade)" = "no" ]; then
+            if [ "$(firewall-cmd --zone=${default_zone} --query-masquerade | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g")" = "no" ]; then
                 _error_detect "firewall-cmd --zone=${default_zone} --add-masquerade"
             fi
             if ! firewall-cmd --list-ports | grep -qw "${SERVER_WG_PORT}/udp"; then
@@ -648,4 +648,4 @@ main() {
     esac
 }
 
-main "$@"
\ No newline at end of file
+main "$@"

From c90af7d498d87fedf55e55c8d0e4f36fad4ce1c0 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Tue, 24 Sep 2019 15:22:02 +0900
Subject: [PATCH 22/24] Update wireguard.sh

---
 wireguard.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wireguard.sh b/wireguard.sh
index 59add2a..92395ed 100644
--- a/wireguard.sh
+++ b/wireguard.sh
@@ -341,7 +341,7 @@ set_firewall() {
     if _exists "firewall-cmd"; then
         if [ "$(firewall-cmd --state | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g")" = "running" ]; then
             default_zone="$(firewall-cmd --get-default-zone)"
-            if [ "$(firewall-cmd --zone=${default_zone} --query-masquerade | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g")" = "no" ]; then
+            if [ "$(firewall-cmd --zone=${default_zone} --query-masquerade)" = "no" ]; then
                 _error_detect "firewall-cmd --zone=${default_zone} --add-masquerade"
             fi
             if ! firewall-cmd --list-ports | grep -qw "${SERVER_WG_PORT}/udp"; then

From 3e27b324491120a95ec1395b3e828b58d1b2da78 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Tue, 24 Sep 2019 21:36:18 +0900
Subject: [PATCH 23/24] Update wireguard.sh 1, Added update WireGuard from
 source; 2, Check result when install or update WireGuard.

Signed-off-by: Teddysun <i@teddysun.com>
---
 wireguard.sh | 89 +++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 70 insertions(+), 19 deletions(-)

diff --git a/wireguard.sh b/wireguard.sh
index 92395ed..931df20 100644
--- a/wireguard.sh
+++ b/wireguard.sh
@@ -125,6 +125,31 @@ _error_detect() {
     fi
 }
 
+_version_gt(){
+    test "$(echo "$@" | tr " " "\n" | sort -V | head -n 1)" != "$1"
+}
+
+_is_installed() {
+    if _exists "wg" && _exists "wg-quick"; then
+        if [ -s "/lib/modules/$(uname -r)/extra/wireguard.ko" ] || [ -s "/lib/modules/$(uname -r)/extra/wireguard.ko.xz" ] \
+           || [ -s "/lib/modules/$(uname -r)/updates/dkms/wireguard.ko" ]; then
+            return 0
+        else
+            return 1
+        fi
+    else
+        return 2
+    fi
+}
+
+_get_latest_ver() {
+    wireguard_ver="$(wget --no-check-certificate -qO- https://api.github.com/repos/WireGuard/WireGuard/tags | grep 'name' | head -1 | cut -d\" -f4)"
+    if [ -z "${wireguard_ver}" ]; then
+        wireguard_ver="$(curl -Lso- https://api.github.com/repos/WireGuard/WireGuard/tags | grep 'name' | head -1 | cut -d\" -f4)"
+    fi
+    [ -z "${wireguard_ver}" ] && _error "Failed to get wireguard latest version from github"
+}
+
 # Check OS version
 check_os() {
     _info "Check OS version"
@@ -197,18 +222,14 @@ install_wg_1() {
         *)
             ;; # do nothing
     esac
+    if ! _is_installed; then
+        _error "Failed to install wireguard, the kernel is most likely not configured correctly"
+    fi
 }
 
 # Install from source
 install_wg_2() {
     _info "Install wireguard from source"
-    wireguard_ver="$(wget --no-check-certificate -qO- https://api.github.com/repos/WireGuard/WireGuard/tags | grep 'name' | head -1 | cut -d\" -f4)"
-    if [ -z "${wireguard_ver}" ]; then
-        wireguard_ver="$(curl -Lso- https://api.github.com/repos/WireGuard/WireGuard/tags | grep 'name' | head -1 | cut -d\" -f4)"
-    fi
-    [ -z "${wireguard_ver}" ] && _error "Failed to get wireguard latest version from github."
-    wireguard_name="WireGuard-${wireguard_ver}"
-    wireguard_url="https://github.com/WireGuard/WireGuard/archive/${wireguard_ver}.tar.gz"
     case "$(_os)" in
         ubuntu|debian)
             _error_detect "apt-get update"
@@ -240,6 +261,9 @@ install_wg_2() {
         *)
             ;; # do nothing
     esac
+    _get_latest_ver
+    wireguard_name="WireGuard-${wireguard_ver}"
+    wireguard_url="https://github.com/WireGuard/WireGuard/archive/${wireguard_ver}.tar.gz"
     _error_detect "wget --no-check-certificate -qO ${wireguard_name}.tar.gz ${wireguard_url}"
     _error_detect "tar zxf ${wireguard_name}.tar.gz"
     _error_detect "cd ${wireguard_name}/src"
@@ -247,6 +271,9 @@ install_wg_2() {
     _error_detect "make module"
     _error_detect "make install"
     _error_detect "cd ${cur_dir} && rm -fr ${wireguard_name}.tar.gz ${wireguard_name}"
+    if ! _is_installed; then
+        _error "Failed to install wireguard, the kernel is most likely not configured correctly"
+    fi
 }
 
 # Create server interface
@@ -550,17 +577,16 @@ list_clients() {
     printf ${line}
 }
 
-version() {
-    if _exists "wg" && _exists "wg-quick"; then
-        if [ -s "/lib/modules/$(uname -r)/extra/wireguard.ko" ] || [ -s "/lib/modules/$(uname -r)/extra/wireguard.ko.xz" ] \
-           || [ -s "/lib/modules/$(uname -r)/updates/dkms/" ]; then
-            _exists "modinfo" && installed_wg_ver="$(modinfo -F version wireguard)"
-            [ -n "${installed_wg_ver}" ] && echo "WireGuard version: $(_green ${installed_wg_ver})"
-        else
-            _red "WireGuard kernel module does not exists\n"
-        fi
-    else
-        _red "WireGuard is not installed\n"
+check_version() {
+    _is_installed
+    rt=$?
+    if [ ${rt} -eq 0 ]; then
+        _exists "modinfo" && installed_wg_ver="$(modinfo -F version wireguard)"
+        [ -n "${installed_wg_ver}" ] && echo "WireGuard version: $(_green ${installed_wg_ver})" && return 0
+    elif [ ${rt} -eq 1 ]; then
+        _red "WireGuard kernel module does not exists\n" && return 1
+    elif [ ${rt} -eq 2 ]; then
+        _red "WireGuard is not installed\n" && return 2
     fi
 }
 
@@ -571,6 +597,7 @@ Options:
 -h, --help       Print this help text and exit
 -r, --repo       Install WireGuard from repository
 -s, --source     Install WireGuard from source
+-u, --update     Upgrade WireGuard from source
 -v, --version    Print WireGuard version if installed
 -a, --add        Add a WireGuard client
 -d, --del        Delete a WireGuard client
@@ -601,6 +628,27 @@ install_from_source() {
     install_completed
 }
 
+update_from_source() {
+    if check_version; then
+        _get_latest_ver
+        echo "WireGuard latest version: $(_green ${wireguard_ver})"
+        if _version_gt "${wireguard_ver}" "${installed_wg_ver}"; then
+            echo "Do you want to upgrade WireGuard? (y/n)"
+            read -p "(Default: n):" update_wg
+            [ -z "${update_wg}" ] && update_wg="n"
+            if [ "${update_wg}" = "y" -o "${update_wg}" = "Y" ]; then
+                install_wg_2
+                systemctl restart wg-quick@${SERVER_WG_NIC}
+                echo "Update WireGuard completed"
+            else
+                echo "Update WireGuard canceled"
+            fi
+        else
+            echo "No updates needed to update WireGuard"
+        fi
+    fi
+}
+
 cur_dir="$(pwd)"
 
 [ ${EUID} -ne 0 ] && _error "This script must be run as root"
@@ -630,8 +678,11 @@ main() {
         -s|--source)
             install_from_source
             ;;
+        -u|--update)
+            update_from_source
+            ;;
         -v|--version)
-            version
+            check_version
             ;;
         -a|--add)
             add_client

From c09c313278bae8633675513f580c328be84be789 Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Tue, 24 Sep 2019 21:45:10 +0900
Subject: [PATCH 24/24] Update wireguard.sh

---
 wireguard.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/wireguard.sh b/wireguard.sh
index 931df20..9b18e06 100644
--- a/wireguard.sh
+++ b/wireguard.sh
@@ -423,7 +423,7 @@ install_completed() {
 }
 
 add_client() {
-    if ! _exists "wg" || ! _exists "wg-quick"; then
+    if ! _is_installed; then
         _red "WireGuard looks like not installed, please installed it try again\n" && exit 1
     fi
     default_server_if="/etc/wireguard/${SERVER_WG_NIC}.conf"
@@ -530,6 +530,9 @@ EOF
 }
 
 remove_client() {
+    if ! _is_installed; then
+        _red "WireGuard looks like not installed, please installed it try again\n" && exit 1
+    fi
     default_server_if="/etc/wireguard/${SERVER_WG_NIC}.conf"
     [ ! -s "${default_server_if}" ] && echo "The default server interface ($(_red ${default_server_if})) does not exists" && exit 1
     while true
@@ -557,6 +560,9 @@ remove_client() {
 }
 
 list_clients() {
+    if ! _is_installed; then
+        _red "WireGuard looks like not installed, please installed it try again\n" && exit 1
+    fi
     default_server_if="/etc/wireguard/${SERVER_WG_NIC}.conf"
     [ ! -s "${default_server_if}" ] && echo "The default server interface ($(_red ${default_server_if})) does not exists" && exit 1
     local line="+-------------------------------------------------------------------------+\n"