LiittleCookie/vpn-install
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

uninstall added; bugfixes; adduser dir changed

Browse Source
This commit is contained in:
bedefaced 2017-08-30 01:07:17 +03:00 committed by bedefaced
parent 7dc9ab9e51
commit 7daa49f7de
18 changed files with 558 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ipsec/adduser.sh
View File

@ -64,39 +64,37 @@ do
PSK=$(sed -n "s/^[^#]\+[[:space:]]\+PSK[[:space:]]\+\"\(.\+\)\"/\1/p" $SECRETSFILE) PSK=$(sed -n "s/^[^#]\+[[:space:]]\+PSK[[:space:]]\+\"\(.\+\)\"/\1/p" $SECRETSFILE)
STARTDIR=$(pwd) mkdir -p "$DIR/$LOGIN"
DISTFILE=$DIR/$LOGIN/setup.sh
mkdir -p "$STARTDIR/$LOGIN"
DISTFILE=$STARTDIR/$LOGIN/setup.sh
cp -rf $DIR/setup.sh.dist "$DISTFILE" cp -rf $DIR/setup.sh.dist "$DISTFILE"
sed -i -e "s@_PSK_@$PSK@g" "$DISTFILE" sed -i -e "s@_PSK_@$PSK@g" "$DISTFILE"
sed -i -e "s@_SERVERLOCALIP_@$LOCALPREFIX.0.1@g" "$DISTFILE" sed -i -e "s@_SERVERLOCALIP_@$LOCALPREFIX.0.1@g" "$DISTFILE"
DISTFILE=$STARTDIR/$LOGIN/ipsec.conf DISTFILE=$DIR/$LOGIN/ipsec.conf
cp -rf $DIR/ipsec.conf.dist "$DISTFILE" cp -rf $DIR/ipsec.conf.dist "$DISTFILE"
sed -i -e "s@LEFTIP@%any@g" "$DISTFILE" sed -i -e "s@LEFTIP@%any@g" "$DISTFILE"
sed -i -e "s@LEFTPORT@%any@g" "$DISTFILE" sed -i -e "s@LEFTPORT@%any@g" "$DISTFILE"
sed -i -e "s@RIGHTIP@$IP@g" "$DISTFILE" sed -i -e "s@RIGHTIP@$IP@g" "$DISTFILE"
sed -i -e "s@RIGHTPORT@1701@g" "$DISTFILE" sed -i -e "s@RIGHTPORT@1701@g" "$DISTFILE"
DISTFILE=$STARTDIR/$LOGIN/xl2tpd.conf DISTFILE=$DIR/$LOGIN/xl2tpd.conf
cp -rf $DIR/client-xl2tpd.conf.dist "$DISTFILE" cp -rf $DIR/client-xl2tpd.conf.dist "$DISTFILE"
sed -i -e "s@REMOTEIP@$IP@g" "$DISTFILE" sed -i -e "s@REMOTEIP@$IP@g" "$DISTFILE"
DISTFILE=$STARTDIR/$LOGIN/options.xl2tpd DISTFILE=$DIR/$LOGIN/options.xl2tpd
cp -rf $DIR/client-options.xl2tpd.dist "$DISTFILE" cp -rf $DIR/client-options.xl2tpd.dist "$DISTFILE"
sed -i -e "s@_LOGIN_@$LOGIN@g" "$DISTFILE" sed -i -e "s@_LOGIN_@$LOGIN@g" "$DISTFILE"
sed -i -e "s@_PASSWORD_@$PASSWORD@g" "$DISTFILE" sed -i -e "s@_PASSWORD_@$PASSWORD@g" "$DISTFILE"
cp -rf $DIR/connect.sh.dist "$STARTDIR/$LOGIN/connect.sh" cp -rf $DIR/connect.sh.dist "$DIR/$LOGIN/connect.sh"
cp -rf $DIR/disconnect.sh.dist "$STARTDIR/$LOGIN/disconnect.sh" cp -rf $DIR/disconnect.sh.dist "$DIR/$LOGIN/disconnect.sh"
chmod +x "$STARTDIR/$LOGIN/setup.sh" "$STARTDIR/$LOGIN/connect.sh" "$STARTDIR/$LOGIN/disconnect.sh" chmod +x "$DIR/$LOGIN/setup.sh" "$DIR/$LOGIN/connect.sh" "$DIR/$LOGIN/disconnect.sh"
USERNAME=${SUDO_USER:-$USER} USERNAME=${SUDO_USER:-$USER}
chown -R $USERNAME:$USERNAME $STARTDIR/$LOGIN/ chown -R $USERNAME:$USERNAME $DIR/$LOGIN/
echo echo
echo "Directory $STARTDIR/$LOGIN with client-side installation script has been created." echo "Directory $DIR/$LOGIN with client-side installation script has been created."
if [[ $# -eq 0 ]]; then if [[ $# -eq 0 ]]; then

167
ipsec/backup.sh Executable file
View File

@ -0,0 +1,167 @@
#!/usr/bin/env bash
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source $DIR/env.sh
if [[ "$EUID" -ne 0 ]]; then
echo "Sorry, you need to run this as root"
exit 1
fi
UNINSTALLDIR="$DIR/uninstall"
if [[ -e "$UNINSTALLDIR" ]]; then
echo "$UNINSTALLDIR exists. Skipping..."
exit 0
fi
mkdir -p "$UNINSTALLDIR"
UNINSTALL_SCRIPT="$UNINSTALLDIR/uninstall.sh"
# backuping configs
yes | cp -rf $SYSCTLCONFIG "$UNINSTALLDIR/sysctl.conf" 2>/dev/null
yes | cp -rf $PPPCONFIG "$UNINSTALLDIR/options.xl2tpd" 2>/dev/null
yes | cp -rf $XL2TPDCONFIG "$UNINSTALLDIR/xl2tpd.conf" 2>/dev/null
yes | cp -rf $IPSECCONFIG "$UNINSTALLDIR/ipsec.conf" 2>/dev/null
yes | cp -rf $CHAPSECRETS "$UNINSTALLDIR/chap-secrets" 2>/dev/null
yes | cp -rf $SECRETSFILE "$UNINSTALLDIR/ipsec.secrets" 2>/dev/null
# restore system configuration
cat <<END >>$UNINSTALL_SCRIPT
#!/usr/bin/env bash
if [[ "\$EUID" -ne 0 ]]; then
echo "Sorry, you need to run this as root"
exit 1
fi
DIR=\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )
echo "Removing cron task..."
TMPFILE=\$(mktemp crontab.XXXXX)
crontab -l > \$TMPFILE
sed -i -e "\@$IPTABLES@d" \$TMPFILE
sed -i -e "\@$CHECKSERVER@d" \$TMPFILE
crontab \$TMPFILE > /dev/null
rm \$TMPFILE
rm $CHECKSERVER
echo "Restoring sysctl parameters..."
cp -i \$DIR/sysctl.conf $SYSCTLCONFIG
sysctl -p
cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
END
# restore firewalls
cat <<END >>$UNINSTALL_SCRIPT
echo "Restoring firewall..."
iptables-save | awk '(\$0 !~ /^-A/)||!(\$0 in a) {a[\$0];print}' > $IPTABLES
sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
iptables -F
iptables-restore < $IPTABLES
rm $IPTABLES
END
if [ "$(systemctl status ufw; echo $?)" == "0" ]; then
echo "systemctl enable ufw" >>$UNINSTALL_SCRIPT
echo "systemctl start ufw" >>$UNINSTALL_SCRIPT
fi
if [ "$(systemctl status firewalld; echo $?)" == "0" ]; then
echo "systemctl enable firewalld" >>$UNINSTALL_SCRIPT
echo "systemctl start firewalld" >>$UNINSTALL_SCRIPT
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
# iptables
if [ "$(systemctl status iptables; echo $?)" != "0" ]; then
echo "systemctl stop iptables" >>$UNINSTALL_SCRIPT
echo "systemctl disable iptables" >>$UNINSTALL_SCRIPT
fi
fi
# remove packages
UNINST_PACKAGES=
if [[ ! -n "$(which pgrep)" ]]; then
UNINST_PACKAGES+="procps "
fi
if [[ ! -n "$(which ifconfig)" ]]; then
UNINST_PACKAGES+="net-tools "
fi
if [[ ! -n "$(which pppd)" ]]; then
UNINST_PACKAGES+="ppp "
fi
if [[ ! -n "$(which xl2tpd)" ]]; then
UNINST_PACKAGES+="xl2tpd "
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
if [[ ! -n "$(which strongswan)" ]]; then
UNINST_PACKAGES+="strongswan "
fi
fi
if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
if [[ ! -n "$(which ipsec)" ]]; then
UNINST_PACKAGES+="strongswan "
fi
fi
if [[ ! -n "$(which crontab)" ]]; then
UNINST_PACKAGES+="$CRON_PACKAGE "
fi
if [[ ! -n "$(which iptables)" ]]; then
UNINST_PACKAGES+="$IPTABLES_PACKAGE "
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
if [ "$(ls /etc/yum.repos.d/epel.repo 2>/dev/null; echo $?)" != "0" ]; then
UNINST_PACKAGES+="epel-release "
fi
fi
if [[ ! -z "$UNINST_PACKAGES" ]]; then
echo -e "echo \"Removing installed packages...\"" >>$UNINSTALL_SCRIPT
echo "$UNINSTALLER $UNINST_PACKAGES" >>$UNINSTALL_SCRIPT
fi
# restore files
echo -e "echo \"Restoring configs...\"" >>$UNINSTALL_SCRIPT
if [[ -n "$(which pppd)" ]]; then
echo -e "cp -i \"\$DIR/options.xl2tpd\" $PPPCONFIG" >>$UNINSTALL_SCRIPT
echo -e "cp -i \"\$DIR/chap-secrets\" $CHAPSECRETS" >>$UNINSTALL_SCRIPT
fi
if [[ -n "$(which xl2tpd)" ]]; then
echo -e "cp -i \"\$DIR/xl2tpd.conf\" $XL2TPDCONFIG" >>$UNINSTALL_SCRIPT
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
if [[ -n "$(which strongswan)" ]]; then
echo -e "cp -i \"\$DIR/ipsec.secrets\" $SECRETSFILE" >>$UNINSTALL_SCRIPT
echo -e "cp -i \"\$DIR/ipsec.conf\" $IPSECCONFIG" >>$UNINSTALL_SCRIPT
fi
fi
if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
if [[ -n "$(which ipsec)" ]]; then
echo -e "cp -i \"\$DIR/ipsec.secrets\" $SECRETSFILE" >>$UNINSTALL_SCRIPT
echo -e "cp -i \"\$DIR/ipsec.conf\" $IPSECCONFIG" >>$UNINSTALL_SCRIPT
fi
fi
# restore xl2tpd if necessary
if [ "$(systemctl status xl2tpd; echo $?)" == "0" ]; then
echo -e "echo \"Restarting xl2tpd...\"" >>$UNINSTALL_SCRIPT
echo "systemctl restart xl2tpd" >>$UNINSTALL_SCRIPT
fi
# restore strongswan if necessary
if [ "$(systemctl status strongswan; echo $?)" == "0" ]; then
echo -e "echo \"Restarting strongswan...\"" >>$UNINSTALL_SCRIPT
echo "systemctl restart strongswan" >>$UNINSTALL_SCRIPT
fi
echo "echo" >>$UNINSTALL_SCRIPT
echo -e "echo \"Uninstall script has been completed!\"" >>$UNINSTALL_SCRIPT
chmod +x "$UNINSTALL_SCRIPT"

11
ipsec/env.sh
View File

@ -5,10 +5,20 @@ CENTOSPLATFORM="CENTOS"
if [ -n "$(. /etc/os-release; echo $NAME | grep -i Ubuntu)" -o -n "$(. /etc/os-release; echo $NAME | grep -i Debian)" ]; then if [ -n "$(. /etc/os-release; echo $NAME | grep -i Ubuntu)" -o -n "$(. /etc/os-release; echo $NAME | grep -i Debian)" ]; then
PLATFORM=$DEBIANPLATFORM PLATFORM=$DEBIANPLATFORM
IPTABLES_PACKAGE="iptables"
CRON_PACKAGE="cron"
INSTALLER="apt-get -y install"
UNINSTALLER="apt-get purge --auto-remove"
fi fi
if [ -n "$(. /etc/os-release; echo $NAME | grep -i CentOS)" ]; then if [ -n "$(. /etc/os-release; echo $NAME | grep -i CentOS)" ]; then
PLATFORM=$CENTOSPLATFORM PLATFORM=$CENTOSPLATFORM
IPTABLES_PACKAGE="iptables-services"
CRON_PACKAGE="cronie"
INSTALLER="yum -y install"
UNINSTALLER="yum remove"
fi fi
SYSCTLCONFIG=/etc/sysctl.conf SYSCTLCONFIG=/etc/sysctl.conf
@ -19,6 +29,7 @@ CHAPSECRETS=/etc/ppp/chap-secrets
IPTABLES=/etc/iptables.rules IPTABLES=/etc/iptables.rules
SECRETSFILE=/etc/ipsec.secrets SECRETSFILE=/etc/ipsec.secrets
CHECKSERVER=/etc/xl2tpd/checkserver.sh CHECKSERVER=/etc/xl2tpd/checkserver.sh
IPTABLES_COMMENT="IPSEC"
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
SECRETSFILE=/etc/strongswan/ipsec.secrets SECRETSFILE=/etc/strongswan/ipsec.secrets

11
ipsec/install.sh
View File

@ -8,15 +8,16 @@ if [[ "$EUID" -ne 0 ]]; then
exit 1 exit 1
fi fi
echo
echo "Creating backup..."
$DIR/backup.sh
echo echo
echo "Installing strongSwan and xl2tp server..." echo "Installing strongSwan and xl2tp server..."
if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
apt-get -y install strongswan xl2tpd cron iptables procps net-tools
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
yum -y install epel-release yum -y install epel-release
yum -y install strongswan xl2tpd cronie iptables-services procps net-tools
fi fi
eval $INSTALLER strongswan xl2tpd ppp $CRON_PACKAGE $IPTABLES_PACKAGE procps net-tools
echo echo
echo "Configuring routing..." echo "Configuring routing..."
@ -60,5 +61,5 @@ service xl2tpd restart
service strongswan restart service strongswan restart
echo echo
echo "Installation script completed!" echo "Installation script has been completed!"

21
ipsec/iptables-setup.sh
View File

@ -10,7 +10,12 @@ if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
systemctl start iptables systemctl start iptables
fi fi
COMMENT=" -m comment --comment \"IPSEC\"" if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
systemctl stop ufw
systemctl disable ufw
fi
COMMENT=" -m comment --comment \"$IPTABLES_COMMENT\""
if [[ ! -e $IPTABLES ]]; then if [[ ! -e $IPTABLES ]]; then
touch $IPTABLES touch $IPTABLES
@ -21,8 +26,11 @@ if [[ ! -e $IPTABLES ]] || [[ ! -r $IPTABLES ]] || [[ ! -w $IPTABLES ]]; then
exit 1 exit 1
fi fi
# backup and remove rules with $LOCALIP # clear existing rules
iptables-save > $IPTABLES.backup iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
iptables -F
iptables-restore < $IPTABLES
IFS=$'\n' IFS=$'\n'
@ -98,9 +106,10 @@ eval iptables -A OUTPUT -p esp -j ACCEPT $COMMENT
eval iptables -A INPUT -p ah -j ACCEPT $COMMENT eval iptables -A INPUT -p ah -j ACCEPT $COMMENT
eval iptables -A OUTPUT -p ah -j ACCEPT $COMMENT eval iptables -A OUTPUT -p ah -j ACCEPT $COMMENT
# remove standart REJECT rules # remove standard REJECT rules
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited echo "Note: standard REJECT rules for INPUT and FORWARD will be removed."
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited 2>/dev/null
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited 2>/dev/null
iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
iptables -F iptables -F

8
ipsec/sysctl.sh
View File

@ -30,9 +30,5 @@ sed -i -e "/net.ipv4.icmp_ignore_bogus_error_responses/d" $SYSCTLCONFIG
echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> $SYSCTLCONFIG echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> $SYSCTLCONFIG
sysctl -p sysctl -p
if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
service procps restart cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
service network restart
fi

16
openvpn/adduser.sh
View File

@ -1,7 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
STARTDIR=$(pwd)
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source $DIR/env.sh source $DIR/env.sh
@ -32,16 +30,16 @@ do
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
# copy files and OVPN config # copy files and OVPN config
mkdir -p "$STARTDIR/$LOGIN" mkdir -p "$DIR/$LOGIN"
cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$STARTDIR/$LOGIN/" cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$DIR/$LOGIN/"
DIST="$STARTDIR/$LOGIN/openvpn-server.ovpn" DIST="$DIR/$LOGIN/openvpn-server.ovpn"
cp $DIR/openvpn-server.ovpn.dist $DIST cp $DIR/openvpn-server.ovpn.dist $DIST
sed -i -e "s@LOGIN@$LOGIN@g" $DIST sed -i -e "s@LOGIN@$LOGIN@g" $DIST
sed -i -e "s@IP@$IP@g" $DIST sed -i -e "s@IP@$IP@g" $DIST
SRC="$STARTDIR/$LOGIN" SRC="$DIR/$LOGIN"
DIST="$STARTDIR/$LOGIN/openvpn-server-embedded.ovpn" DIST="$DIR/$LOGIN/openvpn-server-embedded.ovpn"
cp $DIR/openvpn-server-embedded.ovpn.dist $DIST cp $DIR/openvpn-server-embedded.ovpn.dist $DIST
sed -i -e "s@IP@$IP@g" $DIST sed -i -e "s@IP@$IP@g" $DIST
@ -62,9 +60,9 @@ do
echo "</tls-auth>" >> $DIST echo "</tls-auth>" >> $DIST
echo echo
echo "Directory $STARTDIR/$LOGIN with necessary files has been created." echo "Directory $DIR/$LOGIN with necessary files has been created."
USERNAME=${SUDO_USER:-$USER} USERNAME=${SUDO_USER:-$USER}
chown -R $USERNAME:$USERNAME $STARTDIR/$LOGIN/ chown -R $USERNAME:$USERNAME $DIR/$LOGIN/
fi fi

135
openvpn/backup.sh Executable file
View File

@ -0,0 +1,135 @@
#!/usr/bin/env bash
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source $DIR/env.sh
if [[ "$EUID" -ne 0 ]]; then
echo "Sorry, you need to run this as root"
exit 1
fi
UNINSTALLDIR="$DIR/uninstall"
if [[ -e "$UNINSTALLDIR" ]]; then
echo "$UNINSTALLDIR exists. Skipping..."
exit 0
fi
mkdir -p "$UNINSTALLDIR"
UNINSTALL_SCRIPT="$UNINSTALLDIR/uninstall.sh"
# backuping configs
yes | cp -rf $SYSCTLCONFIG "$UNINSTALLDIR/sysctl.conf" 2>/dev/null
yes | cp -rf $OPENVPNDIR "$UNINSTALLDIR" 2>/dev/null
# restore system configuration
cat <<END >>$UNINSTALL_SCRIPT
#!/usr/bin/env bash
if [[ "\$EUID" -ne 0 ]]; then
echo "Sorry, you need to run this as root"
exit 1
fi
DIR=\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )
echo "Removing cron task..."
TMPFILE=\$(mktemp crontab.XXXXX)
crontab -l > \$TMPFILE
sed -i -e "\@$IPTABLES@d" \$TMPFILE
sed -i -e "\@$CHECKSERVER@d" \$TMPFILE
crontab \$TMPFILE > /dev/null
rm \$TMPFILE
rm $CHECKSERVER
echo "Restoring sysctl parameters..."
cp -i \$DIR/sysctl.conf $SYSCTLCONFIG
sysctl -p
cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
END
# restore firewalls
cat <<END >>$UNINSTALL_SCRIPT
echo "Restoring firewall..."
iptables-save | awk '(\$0 !~ /^-A/)||!(\$0 in a) {a[\$0];print}' > $IPTABLES
sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
iptables -F
iptables-restore < $IPTABLES
rm $IPTABLES
END
if [ "$(systemctl status ufw; echo $?)" == "0" ]; then
echo "systemctl enable ufw" >>$UNINSTALL_SCRIPT
echo "systemctl start ufw" >>$UNINSTALL_SCRIPT
fi
if [ "$(systemctl status firewalld; echo $?)" == "0" ]; then
echo "systemctl enable firewalld" >>$UNINSTALL_SCRIPT
echo "systemctl start firewalld" >>$UNINSTALL_SCRIPT
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
# iptables
if [ "$(systemctl status iptables; echo $?)" != "0" ]; then
echo "systemctl stop iptables" >>$UNINSTALL_SCRIPT
echo "systemctl disable iptables" >>$UNINSTALL_SCRIPT
fi
fi
# remove packages
UNINST_PACKAGES=
if [[ ! -n "$(which pgrep)" ]]; then
UNINST_PACKAGES+="procps "
fi
if [[ ! -n "$(which ifconfig)" ]]; then
UNINST_PACKAGES+="net-tools "
fi
if [[ ! -n "$(which openvpn)" ]]; then
UNINST_PACKAGES+="openvpn "
fi
if [[ ! -n "$(which make-cadir)" ]]; then
UNINST_PACKAGES+="easy-rsa "
fi
if [[ ! -n "$(which crontab)" ]]; then
UNINST_PACKAGES+="$CRON_PACKAGE "
fi
if [[ ! -n "$(which iptables)" ]]; then
UNINST_PACKAGES+="$IPTABLES_PACKAGE "
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
if [ "$(ls /etc/yum.repos.d/epel.repo 2>/dev/null; echo $?)" != "0" ]; then
UNINST_PACKAGES+="epel-release "
fi
fi
if [[ ! -z "$UNINST_PACKAGES" ]]; then
echo -e "echo \"Removing installed packages...\"" >>$UNINSTALL_SCRIPT
echo "$UNINSTALLER $UNINST_PACKAGES" >>$UNINSTALL_SCRIPT
fi
# restore files
echo -e "echo \"Restoring configs...\"" >>$UNINSTALL_SCRIPT
if [[ -n "$(which openvpn)" ]]; then
echo -e "rm -rf $OPENVPNDIR" >>$UNINSTALL_SCRIPT
echo -e "mkdir -p $OPENVPNDIR" >>$UNINSTALL_SCRIPT
echo -e "cp -rf \"\$DIR/openvpn\" \"$OPENVPNDIR/..\" 2>/dev/null" >>$UNINSTALL_SCRIPT
fi
if [[ ! -e "$DIR/openvpn" ]]; then
# remove openvpn dir because it was empty
echo -e "rm -rf $OPENVPNDIR" >>$UNINSTALL_SCRIPT
fi
# restore openvpn if necessary
if [ "$(systemctl status openvpn@openvpn-server; echo $?)" == "0" ]; then
echo -e "echo \"Restarting OpenVPN...\"" >>$UNINSTALL_SCRIPT
echo "systemctl restart openvpn@openvpn-server" >>$UNINSTALL_SCRIPT
fi
echo "echo" >>$UNINSTALL_SCRIPT
echo -e "echo \"Uninstall script has been completed!\"" >>$UNINSTALL_SCRIPT
chmod +x "$UNINSTALL_SCRIPT"

11
openvpn/env.sh
View File

@ -5,10 +5,20 @@ CENTOSPLATFORM="CENTOS"
if [ -n "$(. /etc/os-release; echo $NAME | grep -i Ubuntu)" -o -n "$(. /etc/os-release; echo $NAME | grep -i Debian)" ]; then if [ -n "$(. /etc/os-release; echo $NAME | grep -i Ubuntu)" -o -n "$(. /etc/os-release; echo $NAME | grep -i Debian)" ]; then
PLATFORM=$DEBIANPLATFORM PLATFORM=$DEBIANPLATFORM
IPTABLES_PACKAGE="iptables"
CRON_PACKAGE="cron"
INSTALLER="apt-get -y install"
UNINSTALLER="apt-get purge --auto-remove"
fi fi
if [ -n "$(. /etc/os-release; echo $NAME | grep -i CentOS)" ]; then if [ -n "$(. /etc/os-release; echo $NAME | grep -i CentOS)" ]; then
PLATFORM=$CENTOSPLATFORM PLATFORM=$CENTOSPLATFORM
IPTABLES_PACKAGE="iptables-services"
CRON_PACKAGE="cronie"
INSTALLER="yum -y install"
UNINSTALLER="yum remove"
fi fi
SYSCTLCONFIG=/etc/sysctl.conf SYSCTLCONFIG=/etc/sysctl.conf
@ -18,6 +28,7 @@ CADIR=$OPENVPNDIR/easy-rsa
IPTABLES=/etc/iptables.rules IPTABLES=/etc/iptables.rules
NOBODYGROUP=nogroup NOBODYGROUP=nogroup
CHECKSERVER=$OPENVPNDIR/checkserver.sh CHECKSERVER=$OPENVPNDIR/checkserver.sh
IPTABLES_COMMENT="OPENVPN"
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
NOBODYGROUP=nobody NOBODYGROUP=nobody

11
openvpn/install.sh
View File

@ -10,15 +10,16 @@ if [[ "$EUID" -ne 0 ]]; then
exit 1 exit 1
fi fi
echo
echo "Creating backup..."
$DIR/backup.sh
echo echo
echo "Installing OpenVPN..." echo "Installing OpenVPN..."
if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
apt-get -y install openvpn easy-rsa cron iptables procps net-tools
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
yum -y install epel-release yum -y install epel-release
yum -y install openvpn easy-rsa cronie iptables-services procps net-tools
fi fi
eval $INSTALLER openvpn easy-rsa $CRON_PACKAGE $IPTABLES_PACKAGE procps net-tools
echo echo
echo "Configuring routing..." echo "Configuring routing..."
@ -79,5 +80,5 @@ systemctl -f enable openvpn@openvpn-server
systemctl restart openvpn@openvpn-server systemctl restart openvpn@openvpn-server
echo echo
echo "Installation script completed!" echo "Installation script has been completed!"

21
openvpn/iptables-setup.sh
View File

@ -10,7 +10,12 @@ if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
systemctl start iptables systemctl start iptables
fi fi
COMMENT=" -m comment --comment \"OPENVPN\"" if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
systemctl stop ufw
systemctl disable ufw
fi
COMMENT=" -m comment --comment \"$IPTABLES_COMMENT\""
if [[ ! -e $IPTABLES ]]; then if [[ ! -e $IPTABLES ]]; then
touch $IPTABLES touch $IPTABLES
@ -21,8 +26,11 @@ if [[ ! -e $IPTABLES ]] || [[ ! -r $IPTABLES ]] || [[ ! -w $IPTABLES ]]; then
exit 1 exit 1
fi fi
# backup and remove rules with $LOCALIP # clear existing rules
iptables-save > $IPTABLES.backup iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
iptables -F
iptables-restore < $IPTABLES
IFS=$'\n' IFS=$'\n'
@ -85,9 +93,10 @@ eval iptables -A OUTPUT -o tun+ -j ACCEPT $COMMENT
eval iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT $COMMENT eval iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT $COMMENT
eval iptables -A OUTPUT -p udp -m udp --sport 1194 -j ACCEPT $COMMENT eval iptables -A OUTPUT -p udp -m udp --sport 1194 -j ACCEPT $COMMENT
# remove standart REJECT rules # remove standard REJECT rules
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited echo "Note: standard REJECT rules for INPUT and FORWARD will be removed."
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited 2>/dev/null
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited 2>/dev/null
iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
iptables -F iptables -F

8
openvpn/sysctl.sh
View File

@ -30,9 +30,5 @@ sed -i -e "/net.ipv4.icmp_ignore_bogus_error_responses/d" $SYSCTLCONFIG
echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> $SYSCTLCONFIG echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> $SYSCTLCONFIG
sysctl -p sysctl -p
if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
service procps restart cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
service network restart
fi

10
pptp/adduser.sh
View File

@ -62,10 +62,8 @@ do
echo "$CHAPSECRETS has been updated!" echo "$CHAPSECRETS has been updated!"
fi fi
STARTDIR=$(pwd) mkdir -p "$DIR/$LOGIN"
DISTFILE=$DIR/$LOGIN/setup.sh
mkdir -p "$STARTDIR/$LOGIN"
DISTFILE=$STARTDIR/$LOGIN/setup.sh
cp -rf $DIR/setup.sh.dist "$DISTFILE" cp -rf $DIR/setup.sh.dist "$DISTFILE"
sed -i -e "s@_LOGIN_@$LOGIN@g" "$DISTFILE" sed -i -e "s@_LOGIN_@$LOGIN@g" "$DISTFILE"
sed -i -e "s@_PASSWORD_@$PASSWORD@g" "$DISTFILE" sed -i -e "s@_PASSWORD_@$PASSWORD@g" "$DISTFILE"
@ -73,9 +71,9 @@ do
sed -i -e "s@_LOCALPREFIX_@$LOCALPREFIX@g" "$DISTFILE" sed -i -e "s@_LOCALPREFIX_@$LOCALPREFIX@g" "$DISTFILE"
chmod +x "$DISTFILE" chmod +x "$DISTFILE"
USERNAME=${SUDO_USER:-$USER} USERNAME=${SUDO_USER:-$USER}
chown -R $USERNAME:$USERNAME $STARTDIR/$LOGIN/ chown -R $USERNAME:$USERNAME $DIR/$LOGIN/
echo echo
echo "Directory $STARTDIR/$LOGIN with client-side installation script has been created." echo "Directory $DIR/$LOGIN with client-side installation script has been created."
if [[ $# -eq 0 ]]; then if [[ $# -eq 0 ]]; then
echo echo

134
pptp/backup.sh Executable file
View File

@ -0,0 +1,134 @@
#!/usr/bin/env bash
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source $DIR/env.sh
if [[ "$EUID" -ne 0 ]]; then
echo "Sorry, you need to run this as root"
exit 1
fi
UNINSTALLDIR="$DIR/uninstall"
if [[ -e "$UNINSTALLDIR" ]]; then
echo "$UNINSTALLDIR exists. Skipping..."
exit 0
fi
mkdir -p "$UNINSTALLDIR"
UNINSTALL_SCRIPT="$UNINSTALLDIR/uninstall.sh"
# backuping configs
yes | cp -rf $SYSCTLCONFIG "$UNINSTALLDIR/sysctl.conf" 2>/dev/null
yes | cp -rf $PPTPDCONFIG "$UNINSTALLDIR/pptpd.conf" 2>/dev/null
yes | cp -rf $PPTPOPTIONS "$UNINSTALLDIR/options.pptp" 2>/dev/null
yes | cp -rf $CHAPSECRETS "$UNINSTALLDIR/chap-secrets" 2>/dev/null
# restore system configuration
cat <<END >>$UNINSTALL_SCRIPT
#!/usr/bin/env bash
if [[ "\$EUID" -ne 0 ]]; then
echo "Sorry, you need to run this as root"
exit 1
fi
DIR=\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )
echo "Removing cron task..."
TMPFILE=\$(mktemp crontab.XXXXX)
crontab -l > \$TMPFILE
sed -i -e "\@$IPTABLES@d" \$TMPFILE
sed -i -e "\@$CHECKSERVER@d" \$TMPFILE
crontab \$TMPFILE > /dev/null
rm \$TMPFILE
rm $CHECKSERVER
echo "Restoring sysctl parameters..."
cp -i \$DIR/sysctl.conf $SYSCTLCONFIG
sysctl -p
cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
END
# restore firewalls
cat <<END >>$UNINSTALL_SCRIPT
echo "Restoring firewall..."
iptables-save | awk '(\$0 !~ /^-A/)||!(\$0 in a) {a[\$0];print}' > $IPTABLES
sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
iptables -F
iptables-restore < $IPTABLES
rm $IPTABLES
END
if [ "$(systemctl status ufw; echo $?)" == "0" ]; then
echo "systemctl enable ufw" >>$UNINSTALL_SCRIPT
echo "systemctl start ufw" >>$UNINSTALL_SCRIPT
fi
if [ "$(systemctl status firewalld; echo $?)" == "0" ]; then
echo "systemctl enable firewalld" >>$UNINSTALL_SCRIPT
echo "systemctl start firewalld" >>$UNINSTALL_SCRIPT
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
# iptables
if [ "$(systemctl status iptables; echo $?)" != "0" ]; then
echo "systemctl stop iptables" >>$UNINSTALL_SCRIPT
echo "systemctl disable iptables" >>$UNINSTALL_SCRIPT
fi
fi
# remove packages
UNINST_PACKAGES=
if [[ ! -n "$(which pgrep)" ]]; then
UNINST_PACKAGES+="procps "
fi
if [[ ! -n "$(which ifconfig)" ]]; then
UNINST_PACKAGES+="net-tools "
fi
if [[ ! -n "$(which pppd)" ]]; then
UNINST_PACKAGES+="ppp "
fi
if [[ ! -n "$(which pptpd)" ]]; then
UNINST_PACKAGES+="pptpd "
fi
if [[ ! -n "$(which crontab)" ]]; then
UNINST_PACKAGES+="$CRON_PACKAGE "
fi
if [[ ! -n "$(which iptables)" ]]; then
UNINST_PACKAGES+="$IPTABLES_PACKAGE "
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
if [ "$(ls /etc/yum.repos.d/epel.repo 2>/dev/null; echo $?)" != "0" ]; then
UNINST_PACKAGES+="epel-release "
fi
fi
if [[ ! -z "$UNINST_PACKAGES" ]]; then
echo -e "echo \"Removing installed packages...\"" >>$UNINSTALL_SCRIPT
echo "$UNINSTALLER $UNINST_PACKAGES" >>$UNINSTALL_SCRIPT
fi
# restore files
echo -e "echo \"Restoring configs...\"" >>$UNINSTALL_SCRIPT
if [[ -n "$(which pptpd)" ]]; then
echo -e "cp -i \"\$DIR/pptpd.conf\" $PPTPDCONFIG" >>$UNINSTALL_SCRIPT
fi
if [[ -n "$(which pppd)" ]]; then
echo -e "cp -i \"\$DIR/options.pptp\" $PPTPOPTIONS" >>$UNINSTALL_SCRIPT
echo -e "cp -i \"\$DIR/chap-secrets\" $CHAPSECRETS" >>$UNINSTALL_SCRIPT
fi
# restore pptpd if necessary
if [ "$(systemctl status pptpd; echo $?)" == "0" ]; then
echo -e "echo \"Restarting pptpd...\"" >>$UNINSTALL_SCRIPT
echo "systemctl restart pptpd" >>$UNINSTALL_SCRIPT
fi
echo "echo" >>$UNINSTALL_SCRIPT
echo -e "echo \"Uninstall script has been completed!\"" >>$UNINSTALL_SCRIPT
chmod +x "$UNINSTALL_SCRIPT"

11
pptp/env.sh
View File

@ -5,10 +5,20 @@ CENTOSPLATFORM="CENTOS"
if [ -n "$(. /etc/os-release; echo $NAME | grep -i Ubuntu)" -o -n "$(. /etc/os-release; echo $NAME | grep -i Debian)" ]; then if [ -n "$(. /etc/os-release; echo $NAME | grep -i Ubuntu)" -o -n "$(. /etc/os-release; echo $NAME | grep -i Debian)" ]; then
PLATFORM=$DEBIANPLATFORM PLATFORM=$DEBIANPLATFORM
IPTABLES_PACKAGE="iptables"
CRON_PACKAGE="cron"
INSTALLER="apt-get -y install"
UNINSTALLER="apt-get purge --auto-remove"
fi fi
if [ -n "$(. /etc/os-release; echo $NAME | grep -i CentOS)" ]; then if [ -n "$(. /etc/os-release; echo $NAME | grep -i CentOS)" ]; then
PLATFORM=$CENTOSPLATFORM PLATFORM=$CENTOSPLATFORM
IPTABLES_PACKAGE="iptables-services"
CRON_PACKAGE="cronie"
INSTALLER="yum -y install"
UNINSTALLER="yum remove"
fi fi
SYSCTLCONFIG=/etc/sysctl.conf SYSCTLCONFIG=/etc/sysctl.conf
@ -17,6 +27,7 @@ PPTPOPTIONS=/etc/ppp/options.pptp
CHAPSECRETS=/etc/ppp/chap-secrets CHAPSECRETS=/etc/ppp/chap-secrets
IPTABLES=/etc/iptables.rules IPTABLES=/etc/iptables.rules
CHECKSERVER=/etc/ppp/checkserver.sh CHECKSERVER=/etc/ppp/checkserver.sh
IPTABLES_COMMENT="PPTP"
LOCALPREFIX="172.16" LOCALPREFIX="172.16"
LOCALIP="$LOCALPREFIX.0.0" LOCALIP="$LOCALPREFIX.0.0"

11
pptp/install.sh
View File

@ -8,15 +8,16 @@ if [[ "$EUID" -ne 0 ]]; then
exit 1 exit 1
fi fi
echo
echo "Creating backup..."
$DIR/backup.sh
echo echo
echo "Installing PPTP server..." echo "Installing PPTP server..."
if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
apt-get -y install pptpd cron iptables procps net-tools
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
yum -y install epel-release yum -y install epel-release
yum -y install ppp pptpd cronie iptables-services procps net-tools
fi fi
eval $INSTALLER ppp pptpd $CRON_PACKAGE $IPTABLES_PACKAGE procps net-tools
ADDUSER="no" ADDUSER="no"
ANSUSER="yes" ANSUSER="yes"
@ -55,5 +56,5 @@ echo "Starting pptpd..."
service pptpd restart service pptpd restart
echo echo
echo "Installation script completed!" echo "Installation script has been completed!"

21
pptp/iptables-setup.sh
View File

@ -10,7 +10,12 @@ if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
systemctl start iptables systemctl start iptables
fi fi
COMMENT=" -m comment --comment \"PPTP\"" if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
systemctl stop ufw
systemctl disable ufw
fi
COMMENT=" -m comment --comment \"$IPTABLES_COMMENT\""
if [[ ! -e $IPTABLES ]]; then if [[ ! -e $IPTABLES ]]; then
touch $IPTABLES touch $IPTABLES
@ -21,8 +26,11 @@ if [[ ! -e $IPTABLES ]] || [[ ! -r $IPTABLES ]] || [[ ! -w $IPTABLES ]]; then
exit 1 exit 1
fi fi
# backup and remove rules with $LOCALIP # clear existing rules
iptables-save > $IPTABLES.backup iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
iptables -F
iptables-restore < $IPTABLES
IFS=$'\n' IFS=$'\n'
@ -82,9 +90,10 @@ eval iptables -A OUTPUT -p tcp -m tcp --sport 1723 -j ACCEPT $COMMENT
eval iptables -A INPUT -p gre -j ACCEPT $COMMENT eval iptables -A INPUT -p gre -j ACCEPT $COMMENT
eval iptables -A OUTPUT -p gre -j ACCEPT $COMMENT eval iptables -A OUTPUT -p gre -j ACCEPT $COMMENT
# remove standart REJECT rules # remove standard REJECT rules
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited echo "Note: standard REJECT rules for INPUT and FORWARD will be removed."
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited 2>/dev/null
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited 2>/dev/null
iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
iptables -F iptables -F

7
pptp/sysctl.sh
View File

@ -30,10 +30,5 @@ sed -i -e "/net.ipv4.icmp_ignore_bogus_error_responses/d" $SYSCTLCONFIG
echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> $SYSCTLCONFIG echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> $SYSCTLCONFIG
sysctl -p sysctl -p
if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
service procps restart
fi
if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
service network restart
fi
cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -