kevin01523/softether-install-debian.sh

## softether-install-debian.sh
# Обновление системы и пакетов
apt-get update
apt-get upgrade -y
cd ~/
# Установка пакетов для сборки softether
apt-get install build-essential libreadline-dev libssl-dev libncurses-dev zlib1g-dev git

# Скачивание репозитория Stable версии
git clone https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.git

# Компилирование исполняемых файлов
cd SoftEtherVPN_Stable
./configure
cd tmp
make
cd ~/SoftEtherVPN_Stable


# Копирование файлов
cp -r bin/vpnserver /usr/local/
cp bin/vpncmd/vpncmd /usr/local/vpnserver/

# Выставление прав доступа на файлы
chmod 755 -R /usr/local/vpnserver/


# Add systemd service
cat <<EOF >/lib/systemd/system/vpnserver.service
[Unit]
Description=SoftEther VPN Server
After=network.target auditd.service
ConditionPathExists=!/opt/vpnserver/do_not_run

[Service]
Type=forking
EnvironmentFile=-/opt/vpnserver
ExecStart=/opt/vpnserver/vpnserver start
ExecStop=/opt/vpnserver/vpnserver stop
KillMode=process
Restart=on-failure

# Hardening
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/opt/vpnserver
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID

[Install]
WantedBy=multi-user.target
EOF

# Act as router
echo net.ipv4.ip_forward = 1 | sudo tee -a /etc/sysctl.conf
sysctl -p


# Установка сервера как службы
#cp systemd/softether-vpnserver.service /etc/systemd/system/
systemctl daemon-reload
enable vpnserver.service
systemctl start vpnserver.service
	# Обновление системы и пакетов
	apt-get update
	apt-get upgrade -y
	cd ~/
	# Установка пакетов для сборки softether
	apt-get install build-essential libreadline-dev libssl-dev libncurses-dev zlib1g-dev git

	# Скачивание репозитория Stable версии
	git clone https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.git

	# Компилирование исполняемых файлов
	cd SoftEtherVPN_Stable
	./configure
	cd tmp
	make
	cd ~/SoftEtherVPN_Stable


	# Копирование файлов
	cp -r bin/vpnserver /usr/local/
	cp bin/vpncmd/vpncmd /usr/local/vpnserver/

	# Выставление прав доступа на файлы
	chmod 755 -R /usr/local/vpnserver/


	# Add systemd service
	cat <<EOF >/lib/systemd/system/vpnserver.service
	[Unit]
	Description=SoftEther VPN Server
	After=network.target auditd.service
	ConditionPathExists=!/opt/vpnserver/do_not_run

	[Service]
	Type=forking
	EnvironmentFile=-/opt/vpnserver
	ExecStart=/opt/vpnserver/vpnserver start
	ExecStop=/opt/vpnserver/vpnserver stop
	KillMode=process
	Restart=on-failure

	# Hardening
	PrivateTmp=yes
	ProtectHome=yes
	ProtectSystem=full
	ReadOnlyDirectories=/
	ReadWriteDirectories=-/opt/vpnserver
	CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_ADMIN CAP_SETUID

	[Install]
	WantedBy=multi-user.target
	EOF

	# Act as router
	echo net.ipv4.ip_forward = 1 \| sudo tee -a /etc/sysctl.conf
	sysctl -p


	# Установка сервера как службы
	#cp systemd/softether-vpnserver.service /etc/systemd/system/
	systemctl daemon-reload
	enable vpnserver.service
	systemctl start vpnserver.service