honahuku/public_setup.sh

## public_setup.sh
#!/usr/bin/bash
yum update -y
yum install -y vim gcc make which net-tools firewalld wget tar cronie-noanacron selinux-policy-targeted setools bind-utils
echo "export PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /etc/profile.d/prompt.sh
echo "export PS1='\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\\$ '" >> /root/.bashrc
systemctl start firewalld
systemctl enable firewalld
systemctl is-enabled firewalld
wget https://www.softether-download.com/files/softether/v4.34-9745-rtm-2020.04.05-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gz
tar zxvf softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gz
cd vpnserver
make i_read_and_agree_the_license_agreement
cd
\cp -r -f ./vpnserver/ /usr/local/
\rm -rf ./vpnserver
ls -lra /usr/local/vpnserver
rm -rf softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gz
firewall-cmd --permanent --add-port=443/tcp
cat /etc/firewalld/zones/public.xml|grep 443
firewall-cmd --reload
firewall-cmd --list-ports
restorecon -RF /usr/local/vpnserver
echo '[Unit]' >>  /etc/systemd/system/softethervpn.service;
echo 'Description=SoftEther VPN Server' >>  /etc/systemd/system/softethervpn.service;
echo 'After=network.target' >>  /etc/systemd/system/softethervpn.service;
echo '' >>  /etc/systemd/system/softethervpn.service;
echo '[Service]' >>  /etc/systemd/system/softethervpn.service;
echo 'Type=forking' >>  /etc/systemd/system/softethervpn.service;
echo 'ExecStart=/usr/local/vpnserver/vpnserver start' >>  /etc/systemd/system/softethervpn.service;
echo 'ExecStop=/usr/local/vpnserver/vpnserver stop' >>  /etc/systemd/system/softethervpn.service;
echo '' >>  /etc/systemd/system/softethervpn.service;
echo '[Install]' >>  /etc/systemd/system/softethervpn.service;
echo 'WantedBy=multi-user.target' >>  /etc/systemd/system/softethervpn.service;
systemctl daemon-reload
systemctl enable softethervpn
systemctl start softethervpn
echo 'IPsecEnable /L2TP:no /L2TPRAW:no /ETHERIP:no /PSK:vvL6VFqAHonPL9Fz /DEFAULTHUB:vpnhub1' >>  /usr/local/vpnserver/batch.txt;
echo 'VpnAzureSetEnable no' >>  /usr/local/vpnserver/batch.txt;
echo 'VpnAzureSetEnable no' >>  /usr/local/vpnserver/batch.txt;
echo 'HubCreate vpnhub1 /PASSWORD:hogehoge' >>  /usr/local/vpnserver/batch.txt;
echo 'HubDelete DEFAULT' >>  /usr/local/vpnserver/batch.txt;
echo 'ServerPasswordSet hogehoge' >>  /usr/local/vpnserver/batch.txt;
echo 'Hub vpnhub1' >>  /usr/local/vpnserver/batch.txt;
echo 'SecureNatEnable' >>  /usr/local/vpnserver/batch.txt;
echo 'DhcpEnable' >>  /usr/local/vpnserver/batch.txt;
echo 'AdminOptionSet deny_change_user_password /VALUE:1' >>  /usr/local/vpnserver/batch.txt;
echo 'AdminOptionSet deny_empty_password /VALUE:1' >>  /usr/local/vpnserver/batch.txt;
echo 'ExtOptionSet DisableHttpParsing /VALUE:1' >>  /usr/local/vpnserver/batch.txt;
echo 'ExtOptionSet DisableUserModeSecureNAT /VALUE:1' >>  /usr/local/vpnserver/batch.txt;
echo 'ExtOptionSet DisableKernelModeSecureNAT /VALUE:1' >>  /usr/local/vpnserver/batch.txt;
echo 'ExtOptionSet DisableIpRawModeSecureNAT /VALUE:0' >>  /usr/local/vpnserver/batch.txt;
#RawIpモードおよびユーザーモードNATの動作を禁止するとNATの動作はカーネルモード SecureNATに固定されるがこれはセキュリティーの関係からMAC スプーフィングを禁止されている環境では設定するとVPN接続ができない、NATは正常に動作しない
printf "SecureNatHostSet /MAC:""00:AC:%X:%X:%X:%X"" /IP:none /MASK:none\n" $(($RANDOM % 255 )) $(($RANDOM % 255 )) $(($RANDOM % 255 )) $(($RANDOM % 255 )) >>  /usr/local/vpnserver/batch.txt;
echo 'GroupCreate Admin /REALNAME:none /NOTE:none' >>  /usr/local/vpnserver/batch.txt;
echo 'GroupCreate General /REALNAME:none /NOTE:none' >>  /usr/local/vpnserver/batch.txt;
echo 'UserCreate admin_user /GROUP:Admin /NOTE:none /REALNAME:none' >>  /usr/local/vpnserver/batch.txt;
echo 'UserCreate nomal_user /GROUP:General /NOTE:none /REALNAME:none' >>  /usr/local/vpnserver/batch.txt;
echo 'UserPasswordSet admin_user /password:hogehoge' >>  /usr/local/vpnserver/batch.txt;
echo 'UserPasswordSet nomal_user /password:hogehoge' >>  /usr/local/vpnserver/batch.txt;
sleep 10
/usr/local/vpnserver/vpncmd /server localhost /in:/usr/local/vpnserver/batch.txt
#echo 'your ipv4 addres is' & curl https://v4.ident.me/
#echo ' '
#sleep 5
#dig t5p.c3s.pgw.jp
echo 'Script execution is complete.'
	#!/usr/bin/bash
	yum update -y
	yum install -y vim gcc make which net-tools firewalld wget tar cronie-noanacron selinux-policy-targeted setools bind-utils
	echo "export PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /etc/profile.d/prompt.sh
	echo "export PS1='\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\\$ '" >> /root/.bashrc
	systemctl start firewalld
	systemctl enable firewalld
	systemctl is-enabled firewalld
	wget https://www.softether-download.com/files/softether/v4.34-9745-rtm-2020.04.05-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gz
	tar zxvf softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gz
	cd vpnserver
	make i_read_and_agree_the_license_agreement
	cd
	\cp -r -f ./vpnserver/ /usr/local/
	\rm -rf ./vpnserver
	ls -lra /usr/local/vpnserver
	rm -rf softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gz
	firewall-cmd --permanent --add-port=443/tcp
	cat /etc/firewalld/zones/public.xml\|grep 443
	firewall-cmd --reload
	firewall-cmd --list-ports
	restorecon -RF /usr/local/vpnserver
	echo '[Unit]' >> /etc/systemd/system/softethervpn.service;
	echo 'Description=SoftEther VPN Server' >> /etc/systemd/system/softethervpn.service;
	echo 'After=network.target' >> /etc/systemd/system/softethervpn.service;
	echo '' >> /etc/systemd/system/softethervpn.service;
	echo '[Service]' >> /etc/systemd/system/softethervpn.service;
	echo 'Type=forking' >> /etc/systemd/system/softethervpn.service;
	echo 'ExecStart=/usr/local/vpnserver/vpnserver start' >> /etc/systemd/system/softethervpn.service;
	echo 'ExecStop=/usr/local/vpnserver/vpnserver stop' >> /etc/systemd/system/softethervpn.service;
	echo '' >> /etc/systemd/system/softethervpn.service;
	echo '[Install]' >> /etc/systemd/system/softethervpn.service;
	echo 'WantedBy=multi-user.target' >> /etc/systemd/system/softethervpn.service;
	systemctl daemon-reload
	systemctl enable softethervpn
	systemctl start softethervpn
	echo 'IPsecEnable /L2TP:no /L2TPRAW:no /ETHERIP:no /PSK:vvL6VFqAHonPL9Fz /DEFAULTHUB:vpnhub1' >> /usr/local/vpnserver/batch.txt;
	echo 'VpnAzureSetEnable no' >> /usr/local/vpnserver/batch.txt;
	echo 'VpnAzureSetEnable no' >> /usr/local/vpnserver/batch.txt;
	echo 'HubCreate vpnhub1 /PASSWORD:hogehoge' >> /usr/local/vpnserver/batch.txt;
	echo 'HubDelete DEFAULT' >> /usr/local/vpnserver/batch.txt;
	echo 'ServerPasswordSet hogehoge' >> /usr/local/vpnserver/batch.txt;
	echo 'Hub vpnhub1' >> /usr/local/vpnserver/batch.txt;
	echo 'SecureNatEnable' >> /usr/local/vpnserver/batch.txt;
	echo 'DhcpEnable' >> /usr/local/vpnserver/batch.txt;
	echo 'AdminOptionSet deny_change_user_password /VALUE:1' >> /usr/local/vpnserver/batch.txt;
	echo 'AdminOptionSet deny_empty_password /VALUE:1' >> /usr/local/vpnserver/batch.txt;
	echo 'ExtOptionSet DisableHttpParsing /VALUE:1' >> /usr/local/vpnserver/batch.txt;
	echo 'ExtOptionSet DisableUserModeSecureNAT /VALUE:1' >> /usr/local/vpnserver/batch.txt;
	echo 'ExtOptionSet DisableKernelModeSecureNAT /VALUE:1' >> /usr/local/vpnserver/batch.txt;
	echo 'ExtOptionSet DisableIpRawModeSecureNAT /VALUE:0' >> /usr/local/vpnserver/batch.txt;
	#RawIpモードおよびユーザーモードNATの動作を禁止するとNATの動作はカーネルモード SecureNATに固定されるがこれはセキュリティーの関係からMAC スプーフィングを禁止されている環境では設定するとVPN接続ができない、NATは正常に動作しない
	printf "SecureNatHostSet /MAC:""00:AC:%X:%X:%X:%X"" /IP:none /MASK:none\n" $(($RANDOM % 255 )) $(($RANDOM % 255 )) $(($RANDOM % 255 )) $(($RANDOM % 255 )) >> /usr/local/vpnserver/batch.txt;
	echo 'GroupCreate Admin /REALNAME:none /NOTE:none' >> /usr/local/vpnserver/batch.txt;
	echo 'GroupCreate General /REALNAME:none /NOTE:none' >> /usr/local/vpnserver/batch.txt;
	echo 'UserCreate admin_user /GROUP:Admin /NOTE:none /REALNAME:none' >> /usr/local/vpnserver/batch.txt;
	echo 'UserCreate nomal_user /GROUP:General /NOTE:none /REALNAME:none' >> /usr/local/vpnserver/batch.txt;
	echo 'UserPasswordSet admin_user /password:hogehoge' >> /usr/local/vpnserver/batch.txt;
	echo 'UserPasswordSet nomal_user /password:hogehoge' >> /usr/local/vpnserver/batch.txt;
	sleep 10
	/usr/local/vpnserver/vpncmd /server localhost /in:/usr/local/vpnserver/batch.txt
	#echo 'your ipv4 addres is' & curl https://v4.ident.me/
	#echo ' '
	#sleep 5
	#dig t5p.c3s.pgw.jp
	echo 'Script execution is complete.'