-
Notifications
You must be signed in to change notification settings - Fork 18
/
start.sh
293 lines (256 loc) · 8.96 KB
/
start.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
#!/bin/bash
config_ini=/home/root/.cyberghost/config.ini #CyberGhost Auth token
enable_dns_port () {
echo "Allowing PORT 53 - IN/OUT"
sudo ufw allow out 53 > /dev/null 2>&1 #Allow port 53 on all interface for initial VPN connection
sudo ufw allow in 53 > /dev/null 2>&1
}
disable_dns_port () {
echo "Blocking PORT 53 - IN/OUT"
sudo ufw delete allow out 53 > /dev/null 2>&1 #Remove Local DNS Port to prevent leaks
sudo ufw delete allow in 53 > /dev/null 2>&1
}
startup () {
echo "CyberGhostVPN - Docker Edition"
echo "----------------------------------------------------------"
echo " Created By: Tyler McPhee"
echo " GitHub: https://github.com/tmcphee/cyberghostvpn"
echo " DockerHub: https://hub.docker.com/r/tmcphee/cyberghostvpn"
echo " "
echo " Ubuntu:${linux_version} | CyberGhost:${cyberghost_version} | ${script_version}"
echo "----------------------------------------------------------"
echo "**************User Defined Variables**************"
if [ -n "$ACC" ]; then
echo " ACC: [PASSED - NOT SHOWN]"
fi
if [ -n "$PASS" ]; then
echo " PASS: [PASSED - NOT SHOWN]"
fi
if [ -n "$COUNTRY" ]; then
echo " COUNTRY: ${COUNTRY}"
fi
if [ -n "$NETWORK" ]; then
echo " NETWORK: ${NETWORK}"
fi
if [ -n "$WHITELISTPORTS" ]; then
echo " WHITELISTPORTS: ${WHITELISTPORTS}"
fi
if [ -n "$ARGS" ]; then
echo " ARGS: ${ARGS}"
fi
if [ -n "$NAMESERVER" ]; then
echo " NAMESERVER: ${NAMESERVER}"
fi
if [ -n "$PROTOCOL" ]; then
echo " PROTOCOL: ${PROTOCOL}"
fi
if [ -n "$PROXY" ]; then
echo " PROXY: ${PROXY}"
fi
echo "**************************************************"
}
ip_stats () {
str="$(cat /etc/resolv.conf)"
value=${str#* }
echo "***********CyberGhost Connection Info***********"
echo " IP: ""$(curl -s https://ipinfo.io/ip -H "Cache-Control: no-cache, no-store, must-revalidate")"
echo " CITY: ""$(curl -s https://ipinfo.io/city -H "Cache-Control: no-cache, no-store, must-revalidate")"
echo " REGION: ""$(curl -s https://ipinfo.io/region -H "Cache-Control: no-cache, no-store, must-revalidate")"
echo " COUNTRY: ""$(curl -s https://ipinfo.io/country -H "Cache-Control: no-cache, no-store, must-revalidate")"
echo " DNS: ${value}"
echo "************************************************"
}
#Originated from Run.sh. Migrated for speed improvements
cyberghost_start () {
#Stop Proxy service to prevent dns leaks
if [ -n "${PROXY}" ]; then
if [ "${PROXY}" == "True" ]; then
echo Stopping HTTP Proxy...
sudo systemctl disable squid
sudo systemctl stop squid
sudo systemctl status squid
fi
fi
enable_dns_port
#Check for CyberGhost Auth file
if [ -f "$config_ini" ]; then
# Check if country is set. Default to US
if ! [ -n "$COUNTRY" ]; then
echo "Country variable not set. Defaulting to US"
export COUNTRY="US"
fi
# Check if protocol is set. Default WireGuard
if ! [ -n "$PROTOCOL" ]; then
export PROTOCOL="wireguard"
fi
#Launch and connect to CyberGhost VPN
sudo cyberghostvpn --connect --country-code "$COUNTRY" --"$PROTOCOL" "$ARGS"
# Add CyberGhost nameserver to resolv for DNS
# Add Nameserver via env variable $NAMESERVER
if [ -n "$NAMESERVER" ]; then
echo 'nameserver ' "$NAMESERVER" > /etc/resolv.conf
else
# SMART DNS
# This will switch baised on country selected
# https://support.cyberghostvpn.com/hc/en-us/articles/360012002360
case "$COUNTRY" in
"NL") echo 'nameserver 75.2.43.210' > /etc/resolv.conf
;;
"GB") echo 'nameserver 75.2.79.213' > /etc/resolv.conf
;;
"JP") echo 'nameserver 76.223.64.81' > /etc/resolv.conf
;;
"DE") echo 'nameserver 13.248.182.241' > /etc/resolv.conf
;;
"US") echo 'nameserver 99.83.181.72' > /etc/resolv.conf
;;
*) echo 'nameserver 1.1.1.1' > /etc/resolv.conf
;;
esac
fi
fi
disable_dns_port
#Enable Proxy service
if [ -n "${PROXY}" ]; then
if [ "${PROXY}" == "True" ]; then
echo Starting HTTP Proxy...
sudo systemctl enable squid
sudo systemctl start squid
sudo systemctl status squid
fi
fi
ip_stats
}
#Check if the site is reachable
check_up() {
ping -c1 "1.1.1.1" > /dev/null 2>&1 #Ping CloudFlare
if [ $? -eq 0 ]; then
return 0
fi
return 1
}
if ! [ -n "$FIREWALL" ]; then
export FIREWALL="True"
fi
startup
#Check if CyberGhost CLI is installed. If not install it
FILE=/usr/local/cyberghost/uninstall.sh
if [ ! -f "$FILE" ]; then
echo "CyberGhost CLI not installed. Installing..."
bash /install.sh
echo "Installed"
fi
#Run Firewall if Enabled. Default Enabled
sysctl -w net.ipv6.conf.all.disable_ipv6=1 #Disable IPV6
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv6.conf.lo.disable_ipv6=1
sysctl -w net.ipv6.conf.eth0.disable_ipv6=1
sysctl -w net.ipv4.ip_forward=1
if [[ ${FIREWALL,,} == *"true"* ]]; then
sudo ufw enable #Start Firewall
FIREWALL_FILE=/.FIREWALL.cg
if [ ! -f "$FIREWALL_FILE" ]; then
echo "Initiating Firewall First Time Setup..."
sudo ufw disable #Stop Firewall
export CYBERGHOST_API_IP=$(getent ahostsv4 v2-api.cyberghostvpn.com | grep STREAM | head -n 1 | cut -d ' ' -f 1)
sudo ufw default deny outgoing > /dev/null 2>&1 #Deny All traffic by default on all interfaces
sudo ufw default deny incoming > /dev/null 2>&1
sudo ufw allow out on cyberghost from any to any > /dev/null 2>&1 #Allow All over cyberghost interface
sudo ufw allow in on cyberghost from any to any > /dev/null 2>&1
sudo ufw allow in 1337 > /dev/null 2>&1 #Allow port 1337 for CyberGhost Communication
sudo ufw allow out 1337 > /dev/null 2>&1
sudo ufw allow in 891 > /dev/null 2>&1 #Allow port 1194 for CyberGhost OpenVPN Communication
sudo ufw allow out 819 > /dev/null 2>&1
sudo ufw allow out from any to "$CYBERGHOST_API_IP" > /dev/null 2>&1 #Allow v2-api.cyberghostvpn.com [104.20.0.14] IP for connection
sudo ufw allow in from "$CYBERGHOST_API_IP" to any > /dev/null 2>&1
#Allow all ports in WHITELISTPORTS ENV [Seperate by ',']
if [ -n "${WHITELISTPORTS}" ]; then
echo "Setting Whitelisted Ports..."
IFS=',' read -a array <<< "$WHITELISTPORTS"
for i in "${array[@]}"
do
echo "Whitelisting Port:" "$i"
sudo ufw allow "$i" > /dev/null 2>&1
done
fi
sudo ufw enable #Start Firewall
echo "Firewall Setup Complete"
echo 'FIREWALL ACTIVE WHEN FILE EXISTS' > .FIREWALL.cg
fi
else
sudo ufw disable #Stop Firewall
fi
#Login to account if config not exist
if [ ! -f "$config_ini" ]; then
echo "Logging into CyberGhost..."
#Check for CyberGhost Credentials and Login
if [ -n "$ACC" ] && [ -n "$PASS" ]; then
enable_dns_port
expect /auth.sh
disable_dns_port
else
echo "[E1] Can't Login. User didn't provide login credentials. Set the ACC and PASS ENV variables and try again."
exit
fi
else
#Verify the config.ini has successfully created the Account and assigned a Device
echo "Verifying Login Auth..."
if ! grep -q '[Device]' $config_ini; then
echo "Failed"
rm "$config_ini"
echo "Logging into CyberGhost..."
enable_dns_port
expect /auth.sh
disable_dns_port
else
echo "Passed"
fi
fi
if [ -n "${NETWORK}" ]; then
echo "Adding network route..."
export LOCAL_GATEWAY=$(ip r | awk '/^def/{print $3}') # Get local Gateway
ip route add "$NETWORK" via "$LOCAL_GATEWAY" dev eth0 #Enable access to local lan
echo "$NETWORK" "routed to" "$LOCAL_GATEWAY" "on eth0"
fi
if [ -n "${PROXY}" ]; then
if [ "${PROXY}" == "True" ]; then
echo "Seting up HTTP proxy on port 3128..."
sudo ufw allow in 3128 > /dev/null 2>&1 #Enable Proxy Port
sudo ufw allow out 3128 > /dev/null 2>&1
else
echo "Disabling HTTP proxy..."
sudo ufw deny in 3128 > /dev/null 2>&1 #Disable Proxy Port
sudo ufw deny out 3128 > /dev/null 2>&1
fi
else
echo "Disabling HTTP proxy..."
sudo ufw deny in 3128 > /dev/null 2>&1 #Disable Proxy Port
sudo ufw deny out 3128 > /dev/null 2>&1
fi
#WIREGUARD START AND WATCH
cyberghost_start
t_hr="$(date -u --date="+30 minutes" +%H)" #Next time to check internet is reachable
t_min="$(date -u --date="+30 minutes" +%M)"
while true #Watch if Connection is lost then reconnect
do
sleep 30
if [[ $(sudo cyberghostvpn --status | grep 'No VPN connections found.' | wc -l) = "1" ]]; then
echo '[E2] VPN Connection Lost - Attempting to reconnect....'
cyberghost_start
fi
#Every 30 Minutes ping CloudFlare to check internet reachability
if [ "$(date +%H)" = "$t_hr" ] && [ "$(date +%M)" = "$t_min" ]; then
if ! check_up; then
echo '[E3] Internet not reachable - Restarting VPN...'
sudo cyberghostvpn --stop
cyberghost_start
t_hr="$(date -u --date="+30 minutes" +%H)" #Next time to check internet is reachable
t_min="$(date -u --date="+30 minutes" +%M)"
fi
fi
done
echo '[FATAL ERROR] - $?'
#ERROR CODES
#E1 Can't Login to CyberGhost - Credentials not provided
#E2 VPN Connection Lost
#E3 Internet Connection Lost