Created
September 20, 2021 02:06
-
-
Save honahuku/e5fbe197af64dcd5bc29b9e746107c7d to your computer and use it in GitHub Desktop.
public_setup.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/bash | |
yum update -y | |
yum install -y vim gcc make which net-tools firewalld wget tar cronie-noanacron selinux-policy-targeted setools bind-utils | |
echo "export PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '" >> /etc/profile.d/prompt.sh | |
echo "export PS1='\[\033[01;31m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\\$ '" >> /root/.bashrc | |
systemctl start firewalld | |
systemctl enable firewalld | |
systemctl is-enabled firewalld | |
wget https://www.softether-download.com/files/softether/v4.34-9745-rtm-2020.04.05-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gz | |
tar zxvf softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gz | |
cd vpnserver | |
make i_read_and_agree_the_license_agreement | |
cd | |
\cp -r -f ./vpnserver/ /usr/local/ | |
\rm -rf ./vpnserver | |
ls -lra /usr/local/vpnserver | |
rm -rf softether-vpnserver-v4.34-9745-rtm-2020.04.05-linux-x64-64bit.tar.gz | |
firewall-cmd --permanent --add-port=443/tcp | |
cat /etc/firewalld/zones/public.xml|grep 443 | |
firewall-cmd --reload | |
firewall-cmd --list-ports | |
restorecon -RF /usr/local/vpnserver | |
echo '[Unit]' >> /etc/systemd/system/softethervpn.service; | |
echo 'Description=SoftEther VPN Server' >> /etc/systemd/system/softethervpn.service; | |
echo 'After=network.target' >> /etc/systemd/system/softethervpn.service; | |
echo '' >> /etc/systemd/system/softethervpn.service; | |
echo '[Service]' >> /etc/systemd/system/softethervpn.service; | |
echo 'Type=forking' >> /etc/systemd/system/softethervpn.service; | |
echo 'ExecStart=/usr/local/vpnserver/vpnserver start' >> /etc/systemd/system/softethervpn.service; | |
echo 'ExecStop=/usr/local/vpnserver/vpnserver stop' >> /etc/systemd/system/softethervpn.service; | |
echo '' >> /etc/systemd/system/softethervpn.service; | |
echo '[Install]' >> /etc/systemd/system/softethervpn.service; | |
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/softethervpn.service; | |
systemctl daemon-reload | |
systemctl enable softethervpn | |
systemctl start softethervpn | |
echo 'IPsecEnable /L2TP:no /L2TPRAW:no /ETHERIP:no /PSK:vvL6VFqAHonPL9Fz /DEFAULTHUB:vpnhub1' >> /usr/local/vpnserver/batch.txt; | |
echo 'VpnAzureSetEnable no' >> /usr/local/vpnserver/batch.txt; | |
echo 'VpnAzureSetEnable no' >> /usr/local/vpnserver/batch.txt; | |
echo 'HubCreate vpnhub1 /PASSWORD:hogehoge' >> /usr/local/vpnserver/batch.txt; | |
echo 'HubDelete DEFAULT' >> /usr/local/vpnserver/batch.txt; | |
echo 'ServerPasswordSet hogehoge' >> /usr/local/vpnserver/batch.txt; | |
echo 'Hub vpnhub1' >> /usr/local/vpnserver/batch.txt; | |
echo 'SecureNatEnable' >> /usr/local/vpnserver/batch.txt; | |
echo 'DhcpEnable' >> /usr/local/vpnserver/batch.txt; | |
echo 'AdminOptionSet deny_change_user_password /VALUE:1' >> /usr/local/vpnserver/batch.txt; | |
echo 'AdminOptionSet deny_empty_password /VALUE:1' >> /usr/local/vpnserver/batch.txt; | |
echo 'ExtOptionSet DisableHttpParsing /VALUE:1' >> /usr/local/vpnserver/batch.txt; | |
echo 'ExtOptionSet DisableUserModeSecureNAT /VALUE:1' >> /usr/local/vpnserver/batch.txt; | |
echo 'ExtOptionSet DisableKernelModeSecureNAT /VALUE:1' >> /usr/local/vpnserver/batch.txt; | |
echo 'ExtOptionSet DisableIpRawModeSecureNAT /VALUE:0' >> /usr/local/vpnserver/batch.txt; | |
#RawIpモードおよびユーザーモードNATの動作を禁止するとNATの動作はカーネルモード SecureNATに固定されるがこれはセキュリティーの関係からMAC スプーフィングを禁止されている環境では設定するとVPN接続ができない、NATは正常に動作しない | |
printf "SecureNatHostSet /MAC:""00:AC:%X:%X:%X:%X"" /IP:none /MASK:none\n" $(($RANDOM % 255 )) $(($RANDOM % 255 )) $(($RANDOM % 255 )) $(($RANDOM % 255 )) >> /usr/local/vpnserver/batch.txt; | |
echo 'GroupCreate Admin /REALNAME:none /NOTE:none' >> /usr/local/vpnserver/batch.txt; | |
echo 'GroupCreate General /REALNAME:none /NOTE:none' >> /usr/local/vpnserver/batch.txt; | |
echo 'UserCreate admin_user /GROUP:Admin /NOTE:none /REALNAME:none' >> /usr/local/vpnserver/batch.txt; | |
echo 'UserCreate nomal_user /GROUP:General /NOTE:none /REALNAME:none' >> /usr/local/vpnserver/batch.txt; | |
echo 'UserPasswordSet admin_user /password:hogehoge' >> /usr/local/vpnserver/batch.txt; | |
echo 'UserPasswordSet nomal_user /password:hogehoge' >> /usr/local/vpnserver/batch.txt; | |
sleep 10 | |
/usr/local/vpnserver/vpncmd /server localhost /in:/usr/local/vpnserver/batch.txt | |
#echo 'your ipv4 addres is' & curl https://v4.ident.me/ | |
#echo ' ' | |
#sleep 5 | |
#dig t5p.c3s.pgw.jp | |
echo 'Script execution is complete.' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment