Home Explore Help
Register Sign In
Apq
/
MoeClub-Note
mirror of https://github.com/MoeClub/Note.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 7916233cc6
Branches Tags
MoeClub-Note
/
AnyConnect
/
ocserv.sh

ocserv.sh 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. #!/bin/bash
    2. 

  2. # Script by MoeClub.org
    3. 

  3. 

  4. [ $EUID -ne 0 ] && echo "Error:This script must be run as root!" && exit 1
    5. 

  5. EthName=`cat /proc/net/dev |grep ':' |cut -d':' -f1 |sed 's/\s//g' |grep -iv '^lo\|^sit\|^stf\|^gif\|^dummy\|^vmnet\|^vir\|^gre\|^ipip\|^ppp\|^bond\|^tun\|^tap\|^ip6gre\|^ip6tnl\|^teql\|^ocserv\|^vpn' |sed -n '1p'`
    6. 

  6. [ -n "$EthName" ] || exit 1
    7. 

  7. 

  8. command -v yum >>/dev/null 2>&1
    9. 

  9. if [ $? -eq 0 ]; then
    10. 

  10.   yum install -y curl wget nc xz openssl gnutls-utils
    11. 

  11. else
    12. 

  12.   apt-get install -y curl wget netcat openssl gnutls-bin xz-utils
    13. 

  13. fi
    14. 

  14. 

  15. XCMDS=("wget" "tar" "xz" "nc" "openssl" "certtool")
    16. 

  16. for XCMD in "${XCMDS[@]}"; do command -v "$XCMD" >>/dev/null 2>&1; [ $? -ne 0 ] && echo "Not Found $XCMD."; done
    17. 

  17. 

  18. osVer="$(dpkg --print-architecture 2>/dev/null)"
    19. 

  19. if [ -n "$osVer" -a "$osVer" == "amd64" ]; then
    20. 

  20.   debVer="$(cat /etc/issue |grep -io 'Debian.*' |sed -r 's/(.*)/\L\1/' |grep -o '[0-9.]*')"
    21. 

  21.   if [ "$debVer" == "9" ]; then
    22. 

  22.     bash <(wget --no-check-certificate -4 -qO- 'https://raw.githubusercontent.com/MoeClub/apt/master/bbr/bbr.sh') 0 0
    23. 

  23.   fi
    24. 

  24. fi
    25. 

  25. 

  26. 

  27. mkdir -p /tmp
    28. 

  28. PublicIP="$(wget --no-check-certificate -4 -qO- http://checkip.amazonaws.com)"
    29. 

  29. 

  30. # vlmcs
    31. 

  31. rm -rf /etc/vlmcs
    32. 

  32. wget --no-check-certificate -4 -qO /tmp/vlmcs.tar 'https://raw.githubusercontent.com/MoeClub/Note/master/AnyConnect/vlmcsd/vlmcsd.tar'
    33. 

  33. tar --overwrite -xvf /tmp/vlmcs.tar -C /
    34. 

  34. [ -f /etc/vlmcs/vlmcs.d ] && bash /etc/vlmcs/vlmcs.d init
    35. 

  35. 

  36. # dnsmasq
    37. 

  37. rm -rf /etc/dnsmasq.d
    38. 

  38. wget --no-check-certificate -4 -qO /tmp/dnsmasq.tar 'https://raw.githubusercontent.com/MoeClub/Note/master/AnyConnect/build/dnsmasq_v2.82.tar'
    39. 

  39. tar --overwrite -xvf /tmp/dnsmasq.tar -C /
    40. 

  40. sed -i "s/#\?except-interface=.*/except-interface=${EthName}/" /etc/dnsmasq.conf
    41. 

  41. 

  42. if [ -f /etc/crontab ]; then
    43. 

  43.   sed -i '/dnsmasq/d' /etc/crontab
    44. 

  44.   while [ -z "$(sed -n '$p' /etc/crontab)" ]; do sed -i '$d' /etc/crontab; done
    45. 

  45.   sed -i "\$a\@reboot root /usr/sbin/dnsmasq >>/dev/null 2>&1 &\n\n\n" /etc/crontab
    46. 

  46. fi
    47. 

  47. 

  48. # ocserv
    49. 

  49. rm -rf /etc/ocserv
    50. 

  50. wget --no-check-certificate -4 -qO /tmp/ocserv.tar 'https://raw.githubusercontent.com/MoeClub/Note/master/AnyConnect/build/ocserv_v0.12.3.tar'
    51. 

  51. tar --overwrite -xvf /tmp/ocserv.tar -C /
    52. 

  52. 

  53. # server cert key file: /etc/ocserv/server.key.pem
    54. 

  54. openssl genrsa -out /etc/ocserv/server.key.pem 2048
    55. 

  55. # server cert file: /etc/ocserv/server.cert.pem
    56. 

  56. openssl req -new -x509 -days 3650 -key /etc/ocserv/server.key.pem -out /etc/ocserv/server.cert.pem -subj "/C=/ST=/L=/O=/OU=/CN=${PublicIP}"
    57. 

  57. 

  58. # Default User
    59. 

  59. echo "MoeClub:Default:$(openssl passwd MoeClub)" >/etc/ocserv/ocpasswd
    60. 

  60. 

  61. bash /etc/ocserv/template/client.sh
    62. 

  62. 

  63. chown -R root:root /etc/ocserv
    64. 

  64. chmod -R 755 /etc/ocserv
    65. 

  65. 

  66. [ -d /lib/systemd/system ] && find /lib/systemd/system -name 'ocserv*' -delete
    67. 

  67. 

  68. if [ -f /etc/crontab ]; then
    69. 

  69.   sed -i '/\/etc\/ocserv/d' /etc/crontab
    70. 

  70.   while [ -z "$(sed -n '$p' /etc/crontab)" ]; do sed -i '$d' /etc/crontab; done
    71. 

  71.   sed -i "\$a\@reboot root bash /etc/ocserv/ocserv.d >>/dev/null 2>&1 &\n\n\n" /etc/crontab
    72. 

  72. fi
    73. 

  73. 

  74. # Sysctl
    75. 

  75. if [ -f /etc/sysctl.conf ]; then
    76. 

  76.   sed -i '/^net\.ipv4\.ip_forward/d' /etc/sysctl.conf
    77. 

  77.   while [ -z "$(sed -n '$p' /etc/sysctl.conf)" ]; do sed -i '$d' /etc/sysctl.conf; done
    78. 

  78.   sed -i '$a\net.ipv4.ip_forward = 1\n\n' /etc/sysctl.conf
    79. 

  79. fi
    80. 

  80. 

  81. # Limit
    82. 

  82. if [[ -f /etc/security/limits.conf ]]; then
    83. 

  83.   LIMIT='262144'
    84. 

  84.   sed -i '/^\(\*\|root\).*\(hard\|soft\).*\(memlock\|nofile\)/d' /etc/security/limits.conf
    85. 

  85.   while [ -z "$(sed -n '$p' /etc/security/limits.conf)" ]; do sed -i '$d' /etc/security/limits.conf; done
    86. 

  86.   echo -ne "*\thard\tnofile\t${LIMIT}\n*\tsoft\tnofile\t${LIMIT}\nroot\thard\tnofile\t${LIMIT}\nroot\tsoft\tnofile\t${LIMIT}\n" >>/etc/security/limits.conf
    87. 

  87.   echo -ne "*\thard\tmemlock\t${LIMIT}\n*\tsoft\tmemlock\t${LIMIT}\nroot\thard\tmemlock\t${LIMIT}\nroot\tsoft\tmemlock\t${LIMIT}\n\n\n" >>/etc/security/limits.conf
    88. 

  88. fi
    89. 

  89. 

  90. # SSH
    91. 

  91. #[ -f /etc/ssh/sshd_config ] && sed -i "s/^#\?Port .*/Port 9527/g" /etc/ssh/sshd_config;
    92. 

  92. [ -f /etc/ssh/sshd_config ] && sed -i "s/^#\?PermitRootLogin.*/PermitRootLogin yes/g" /etc/ssh/sshd_config;
    93. 

  93. [ -f /etc/ssh/sshd_config ] && sed -i "s/^#\?PasswordAuthentication.*/PasswordAuthentication yes/g" /etc/ssh/sshd_config;
    94. 

  94. 

  95. # Timezone
    96. 

  96. cp -f /usr/share/zoneinfo/PRC /etc/localtime
    97. 

  97. echo "Asia/Shanghai" >/etc/timezone
    98. 

  98. 

  99. read -n 1 -p "Press <ENTER> to reboot..."
    100. 

  100. ## Rebot Now
    101. 

  101. reboot
    102.