-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall-ubuntu-arms.bash
256 lines (233 loc) · 8.01 KB
/
install-ubuntu-arms.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
#!/usr/bin/env bash
(( EUID != 0 )) && exec sudo -- "$0" "$@"
red='\033[0;31m'
green='\033[0;32m'
yellow='\033[0;33m'
plain='\033[0m'
clear
# User confirmation
read -rep $'!!! IMPORTANT !!!\n\nSoftEther VPN(v4.43-9799-rtm-2023.08.31) will be downloaded and compiled on your server.Do you want to continue? [[y/N]] ' response
case "$response" in
[yY][eE][sS]|[yY])
#remove needrestart for less interruption
sudo sed -i "s/#\$nrconf{restart} = 'i';/\$nrconf{restart} = 'a';/" /etc/needrestart/needrestart.conf
# REMOVE PREVIOUS INSTALL
# Check for the original version
if [ -d "/opt/vpnserver" ]; then
echo -e "${yellow}Softether is already installed. The script is attempting to create a backup.${plain}"
echo -e "${red}USE 'Ctrl + C' to cancel it.${plain}"
sudo systemctl stop softether-vpnserver.service
sleep 2
sudo mkdir /opt/backup
sleep 2
sudo cp -f /opt/vpnserver/vpn_server.config /opt/backup/vpn_server.config.bak
sleep 2
sudo cp -rf /opt/vpnserver/backup.vpn_server.config /opt/backup/backup.vpn_server.config
sleep 2
sudo rm -rf /opt/vpnserver
sudo systemctl disable vpnserver
fi
# Check for Update script
if [ -d "/opt/softether" ]; then
echo -e "${yellow}Softether is already installed. The script is attempting to create a backup.${plain}"
echo -e "${red}USE 'Ctrl + C' to cancel it.${plain}"
sudo systemctl stop softether-vpnserver
sleep 2
sudo mkdir /opt/backup
sleep 2
sudo cp -f /opt/softether/vpn_server.config /opt/backup/vpn_server.config.bak
sleep 2
sudo cp -rf /opt/softether/backup.vpn_server.config /opt/backup/backup.vpn_server.config
sleep 2
sudo rm -rf /opt/softether
sudo systemctl disable softether-vpnserver
fi
# Start from here
# Perform apt update & install necessary software
clear
echo -e "${green}Updating Linux server.${plain}"
sudo apt-get update -y && sudo apt-get -o Dpkg::Options::="--force-confold" -y full-upgrade -y && sudo apt-get autoremove -y
sleep 2
# Install some useful tools
clear
echo -e "${green}Install some useful tools.${plain}"
sudo apt-get install -y certbot && sudo apt-get install -y ncat && sudo apt-get install -y net-tools
sleep 2
# Install dependency
clear
echo -e "${green}Install dependency.${plain}"
sudo apt install -y gcc binutils gzip libreadline-dev libssl-dev libncurses5-dev libncursesw5-dev libpthread-stubs0-dev || exit
sleep 2
#SET certificate
clear
read -rp "Do you want to set a certificate on your server? 'y' or 'n'" -n 1 REPLY
printf '\n' # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
then
printf 'enter your domain name?\n'
read -r ser # This reads input from the user and stores it in the variable name
printf 'enter your email address?\n'
read -r email # This reads input from the user and stores it in the variable name
if sudo certbot certonly --standalone --preferred-challenges http --agree-tos --email "$email" -d "$ser"
then
echo "Certificate successfully installed and VPN server restarted.\n"
else
echo "Certificate installation failed.\n"
fi
else
echo "Certificate installation skipped.\n"
fi
# Download SoftEther | Version 4.43 | Build 9799
echo -e "${green}Download & Install SoftEther | Version 4.43 | Build 9799.${plain}.\n"
wget https://www.softether-download.com/files/softether/v4.43-9799-beta-2023.08.31-tree/Linux/SoftEther_VPN_Server/64bit_-_ARM_64bit/softether-vpnserver-v4.43-9799-beta-2023.08.31-linux-arm64-64bit.tar.gz || exit
sleep 2
tar xvf softether-vpnserver-v4.43-9799-beta-2023.08.31-linux-arm64-64bit.tar.gz || exit
sleep 2
cd vpnserver || exit
sleep 2
apt install make -y || exit
sleep 5
make || exit
sleep 2
cd .. || exit
sleep 2
sudo mv vpnserver /opt/softether || exit
sleep 2
sudo /opt/softether/vpnserver start || exit
sleep 5
sudo /opt/softether/vpnserver stop || exit
sleep 5
# Create the service file with the desired content
echo -e "${green}Create the service file.${plain}.\n"
sudo tee /etc/systemd/system/softether-vpnserver.service > /dev/null << 'EOF'
[Unit]
Description=SoftEther VPN server
After=network-online.target
After=dbus.service
[Service]
Type=forking
ExecStart=/opt/softether/vpnserver start
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
# Reload the systemd daemon to recognize the new service
sudo systemctl daemon-reload || exit
sleep 2
# Enable the service to start on boot
sudo systemctl enable softether-vpnserver.service || exit
sleep 3
# Start the service
sudo systemctl start softether-vpnserver.service || exit
sleep 5
# enable IPv4 forwadring
echo 1 > /proc/sys/net/ipv4/ip_forward || exit
sleep 2
cat /proc/sys/net/ipv4/ip_forward || exit
# Openig port
echo -e "${green}Openig port.${plain}.\n"
sudo ufw allow 22
sudo ufw allow 53
sudo ufw allow 2280
sudo ufw allow 2380
sudo ufw allow 443 || exit
sudo ufw allow 80
sudo ufw allow 992
sudo ufw allow 1194
sudo ufw allow 2080
sudo ufw allow 5555
sudo ufw allow 4500
sudo ufw allow 1701
sudo ufw allow 500
sudo ufw allow 8280
sudo ufw allow 500,4500,8280,53/udp
sleep 5
# Restore backup
if [ -d "/opt/backup" ]; then
clear
echo -e "${green}Restoring backup.${plain}.\n"
sudo systemctl stop softether-vpnserver
sudo cp -f /opt/backup/vpn_server.config.bak /opt/softether/vpn_server.config
sudo cp -rf /opt/backup/backup.vpn_server.config /opt/softether/
sudo systemctl restart softether-vpnserver
fi
clear
#security Close the extra ports
read -rp "Do you want to Close the extra ports? 'y' or 'n'" -n 1 REPLY
printf '\n' # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
then
sudo ufw deny 2280
sudo ufw deny 2380
sudo ufw deny 1194
sudo ufw deny 2080
sudo ufw deny 4500
sudo ufw deny 1701
sudo ufw deny 500
sudo ufw deny 8280
echo -e "${green}Close the extra ports Successfully ${plain}.\n"
else
echo -e "${red}Close the extra ports skipped ${plain}.\n"
fi
#Security Dynamic DNS
read -rp "Do you want to Disable Dynamic DNS? (You need Domain)(IMPORTANT) 'y' or 'n'" -n 1 REPLY
printf '\n' # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
then
sudo systemctl stop softether-vpnserver
sed -i 's/bool Disabled false/bool Disabled true/g' /opt/softether/vpn_server.config
sed -i 's/bool DisableNatTraversal false/bool DisableNatTraversal true/g' /opt/softether/vpn_server.config
sudo systemctl restart softether-vpnserver
echo -e "${green}Dynamic DNS Disable Successfully ${plain}.\n"
else
echo -e "${red}Dynamic DNS Disable skipped ${plain}.\n"
fi
# Reset client traffic
echo -e "${red}Skip it if is fresh install${plain}.\n"
read -rp "Do you want to Reset client traffic 'y' or 'n'" -n 1 REPLY
printf '\n' # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
then
sudo systemctl stop softether-vpnserver
sed -i 's/\(uint64 BroadcastBytes\) [0-9]*/\1 0/g' /opt/softether/vpn_server.config
sleep 2
sed -i 's/\(uint64 BroadcastCount\) [0-9]*/\1 0/g' /opt/softether/vpn_server.config
sleep 2
sed -i 's/\(uint64 UnicastBytes\) [0-9]*/\1 0/g' /opt/softether/vpn_server.config
sleep 2
sed -i 's/\(uint64 UnicastCount\) [0-9]*/\1 0/g' /opt/softether/vpn_server.config
sleep 2
sudo systemctl restart softether-vpnserver
echo -e "${green}Reset client traffic Successfully ${plain}.\n"
else
echo -e "${red}Reset client traffic skipped ${plain}.\n"
fi
sleep 3
# Add need-restart back again
sudo sed -i "s/#\$nrconf{restart} = 'a';/\$nrconf{restart} = 'i';/" /etc/needrestart/needrestart.conf
#Adding shortcut for Softether setting
alias vpncmd='sudo /opt/softether/vpncmd 127.0.0.1:5555'
echo "alias vpncmd='sudo /opt/softether/vpncmd 127.0.0.1:5555'" >> ~/.bashrc
clear
# Ask the user to install BBR
echo -e "${red}BBR is optimize for TCP connection. ${plain}.\n"
read -p "Do you want to install BBR? [y/N] " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
# installing
echo "net.core.default_qdisc=fq" | tee -a /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" | tee -a /etc/sysctl.conf
# Apply changes
sysctl -p
clear
echo -e "${red} USE 'vpncmd' FOR Softether Setting ${plain}"
echo "Have FUN ;)."
else
# Exit the script
clear
echo -e "${red} USE 'vpncmd' FOR Softether Setting ${plain}"
echo "Have FUN ;)."
exit 0
fi
esac