forked from siomiz/SoftEtherVPN
-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathentrypoint.sh
More file actions
82 lines (58 loc) · 2 KB
/
entrypoint.sh
File metadata and controls
82 lines (58 loc) · 2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#!/bin/bash
set -e
if [ ! -f /opt/vpn_server.config ]; then
: ${PSK:='notasecret'}
: ${USERNAME:=user$(cat /dev/urandom | tr -dc '0-9' | fold -w 4 | head -n 1)}
printf '=%.0s' {1..24}
echo
echo ${USERNAME}
if [[ $PASSWORD ]]
then
echo '<use the password specified at -e PASSWORD>'
else
PASSWORD=$(cat /dev/urandom | tr -dc '0-9' | fold -w 20 | head -n 1 | sed 's/.\{4\}/&./g;s/.$//;')
echo ${PASSWORD}
fi
printf '=%.0s' {1..24}
echo
/opt/vpnserver start 2>&1 > /dev/null
# while-loop to wait until server comes up
# switch cipher
while : ; do
set +e
/opt/vpncmd localhost /SERVER /CSV /CMD ServerCipherSet DHE-RSA-AES256-SHA 2>&1 > /dev/null
[[ $? -eq 0 ]] && break
set -e
sleep 1
done
# enable L2TP_IPsec
/opt/vpncmd localhost /SERVER /CSV /CMD IPsecEnable /L2TP:yes /L2TPRAW:yes /ETHERIP:no /PSK:${PSK} /DEFAULTHUB:DEFAULT
# enable SecureNAT
/opt/vpncmd localhost /SERVER /CSV /HUB:DEFAULT /CMD SecureNatEnable
# add user
/opt/vpncmd localhost /SERVER /HUB:DEFAULT /CSV /CMD UserCreate ${USERNAME} /GROUP:none /REALNAME:none /NOTE:none
/opt/vpncmd localhost /SERVER /HUB:DEFAULT /CSV /CMD UserPasswordSet ${USERNAME} /PASSWORD:${PASSWORD}
export PASSWORD='**'
# set password for hub
HPW=$(cat /dev/urandom | tr -dc 'A-Za-z0-9' | fold -w 16 | head -n 1)
/opt/vpncmd localhost /SERVER /HUB:DEFAULT /CSV /CMD SetHubPassword ${HPW}
# set password for server
SPW=$(cat /dev/urandom | tr -dc 'A-Za-z0-9' | fold -w 20 | head -n 1)
/opt/vpncmd localhost /SERVER /CSV /CMD ServerPasswordSet ${SPW}
/opt/vpnserver stop 2>&1 > /dev/null
# while-loop to wait until server goes away
set +e
while pgrep vpnserver > /dev/null; do sleep 1; done
set -e
echo [initial setup OK]
fi
# Overwrite default redsocks default config
mv /app/redsocks.conf /etc/redsocks.conf
# Setup routes for iptables
sudo iptables-restore /app/redirect.rules
# update REDSOCKS conf
sed -i "s/PROXY_HOST/$PROXY_HOST/" /etc/redsocks.conf
sed -i "s/PROXY_PORT/$PROXY_PORT/" /etc/redsocks.conf
# start
/etc/init.d/redsocks start 2>&1 > /dev/null
exec "$@"