#!/bin/bash #set localtime #ln -fs /usr/share/zoneinfo/Asia/Manila /etc/localtime ##################### ### Configuration ### ##################### VPN_Owner='LightningVPN'; VPN_Name='LightningVPN'; Filename_alias='lightningvpn'; ### Added Server ports SSH_viaOHP='664'; Socks_port='665'; SSH_viaAuto='666'; ### Default Server ports, Please dont change this area OpenVPN_TCP_Port='110'; OpenVPN_UDP_Port='25222'; OpenVPN_TCP_EC='25980'; OpenVPN_UDP_EC='25985'; SSH_Extra_Port='22'; Squid_Proxy_2='8000'; Squid_Proxy_2='8080'; ### MySQL Remote Server side DatabaseHost='localhost'; DatabaseName='wagogpan_fucker'; DatabaseUser='wagogpan_fucker'; DatabasePass='wagopanel-fucker'; DatabasePort='3306'; ##################### ##################### function ip_address(){ local IP="$( ip addr | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )" [ -z "${IP}" ] && IP="$( curl -4 -s ipv4.icanhazip.com )" [ -z "${IP}" ] && IP="$( curl -4 -s ipinfo.io/ip )" [ ! -z "${IP}" ] && echo "${IP}" || echo } MYIP=$(ip_address) mkdir /etc/openvpn/script chmod -R 755 /etc/openvpn/script mkdir /var/www/html/stat chmod -R 755 /var/www/html/stat clear SBanner echo -e " To exit the script, kindly Press \e[1;32mCRTL\e[0m key together with \e[1;32mC\e[0m" echo -e "" echo -e " Choose VPN Server installation type:" echo -e " [1] Premium Server" echo -e " [2] VIP Server" echo -e " [3] Private Server" until [[ "$opts" =~ ^[1-3]$ ]]; do read -rp " Choose from [1-3]: " -e opts done #installing important files apt -y install php apt install -y php-cli net-tools curl cron php-fpm php-json php-pdo php-mysql php-zip php-gd php-mbstring php-curl php-xml php-bcmath php-json mysql-server #creating auth file cat << EOF > /etc/openvpn/script/config.sh #!/bin/bash ##Dababase Server HOST='DatabaseHost' USER='DatabaseUser' PASS='DatabasePass' DB='DatabaseName' PORT='DatabasePort' EOF sed -i "s|DatabaseHost|$DatabaseHost|g" /etc/openvpn/script/config.sh sed -i "s|DatabaseName|$DatabaseName|g" /etc/openvpn/script/config.sh sed -i "s|DatabaseUser|$DatabaseUser|g" /etc/openvpn/script/config.sh sed -i "s|DatabasePass|$DatabasePass|g" /etc/openvpn/script/config.sh sed -i "s|DatabasePort|$DatabasePort|g" /etc/openvpn/script/config.sh chmod +x /etc/openvpn/script/config.sh case $opts in 1) #Modifying TCP Config cat <<'LENZ01' >/etc/openvpn/server/server_tcp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_TCP_Port dev tun proto tcp ca /etc/openvpn/ca.crt cert /etc/openvpn/bonvscripts.crt key /etc/openvpn/bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none comp-lzo tun-mtu 1500 reneg-sec 0 client-to-client auth-user-pass-verify "/etc/openvpn/script/premium.sh" via-env client-connect /etc/openvpn/script/connectpremium.sh client-disconnect /etc/openvpn/script/disconnectpremium.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.0.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 status /var/www/html/stat/tcp.txt log /etc/openvpn/tcp.log verb 2 script-security 3 socket-flags TCP_NODELAY push "socket-flags TCP_NODELAY" push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ01 sed -i "s|OpenVPN_TCP_Port|$OpenVPN_TCP_Port|g" /etc/openvpn/server/server_tcp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/server_tcp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/server_tcp.conf #Modifying UDP Config cat <<'LENZ02' >/etc/openvpn/server/server_udp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_UDP_Port dev tun proto udp ca /etc/openvpn/ca.crt cert /etc/openvpn/bonvscripts.crt key /etc/openvpn/bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none comp-lzo tun-mtu 1500 float fast-io reneg-sec 0 auth-user-pass-verify "/etc/openvpn/script/premium.sh" via-env client-connect /etc/openvpn/script/connectpremium.sh client-disconnect /etc/openvpn/script/disconnectpremium.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.16.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 status /var/www/html/stat/udp.txt log /etc/openvpn/udp.log verb 2 script-security 3 push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ02 sed -i "s|OpenVPN_UDP_Port|$OpenVPN_UDP_Port|g" /etc/openvpn/server/server_udp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/server_udp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/server_udp.conf #Modifying TCP EC Config cat <<'LENZ03' >/etc/openvpn/server/ec_server_tcp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_TCP_EC proto tcp dev tun ca /etc/openvpn/ec_ca.crt cert /etc/openvpn/ec_bonvscripts.crt key /etc/openvpn/ec_bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none compress lz4 push "compress lz4" tun-mtu 1500 reneg-sec 0 auth-user-pass-verify "/etc/openvpn/script/premium.sh" via-env client-connect /etc/openvpn/script/connectpremium.sh client-disconnect /etc/openvpn/script/disconnectpremium.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.32.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 tls-server tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 status /var/www/html/stat/tcp.txt log /etc/openvpn/ec_tcp.log verb 2 script-security 3 socket-flags TCP_NODELAY push "socket-flags TCP_NODELAY" push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ03 sed -i "s|OpenVPN_TCP_EC|$OpenVPN_TCP_EC|g" /etc/openvpn/server/ec_server_tcp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/ec_server_tcp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/ec_server_tcp.conf #Modifying UDP EC Config cat <<'LENZ04' >/etc/openvpn/server/ec_server_udp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_UDP_EC proto udp dev tun ca /etc/openvpn/ec_ca.crt cert /etc/openvpn/ec_bonvscripts.crt key /etc/openvpn/ec_bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none compress lz4 push "compress lz4" tun-mtu 1500 float fast-io reneg-sec 0 auth-user-pass-verify "/etc/openvpn/script/premium.sh" via-env client-connect /etc/openvpn/script/connectpremium.sh client-disconnect /etc/openvpn/script/disconnectpremium.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.48.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 tls-server tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 status /var/www/html/stat/udp.txt log /etc/openvpn/ec_udp.log verb 2 script-security 3 push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ04 sed -i "s|OpenVPN_UDP_EC|$OpenVPN_UDP_EC|g" /etc/openvpn/server/ec_server_udp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/ec_server_udp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/ec_server_udp.conf #client-connect file cat <<'LENZ05' >/etc/openvpn/script/connectpremium.sh #!/bin/bash tm="$(date +%s)" dt="$(date +'%Y-%m-%d %H:%M:%S')" timestamp="$(date +'%FT%TZ')" . /etc/openvpn/script/config.sh ##set status online to user connected bandwidth_check=`mysql -u $USER -p$PASS -D $DB -h $HOST --skip-column-name -e "SELECT bandwidth_logs.username FROM bandwidth_logs WHERE bandwidth_logs.username='$common_name' AND bandwidth_logs.category='premium' AND bandwidth_logs.status='online'"` if [ "$bandwidth_check" == 1 ]; then mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE bandwith_logs SET server_ip='$local_1', server_port='$trusted_port', timestamp='$timestamp', ipaddress='$trusted_ip:$trusted_port', username='$common_name', time_in='$tm', since_connected='$time_ascii', bytes_received='$bytes_received', bytes_sent='$bytes_sent' WHERE username='$common_name' AND status='online' AND category='premium' " mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE users SET is_connected=1 WHERE user_name='$common_name' " else mysql -u $USER -p$PASS -D $DB -h $HOST -e "INSERT INTO bandwidth_logs (server_ip, server_port, timestamp, ipaddress, since_connected, username, bytes_received, bytes_sent, time_in, status, time, category) VALUES ('$local_1','$trusted_port','$timestamp','$trusted_ip:$trusted_port','$time_ascii','$common_name','$bytes_received','$bytes_sent','$dt','online','$tm','premium') " mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE users SET device_connected=1, is_connected=1 WHERE user_name='$common_name' " fi LENZ05 #TCP client-disconnect file cat <<'LENZ06' >/etc/openvpn/script/disconnectpremium.sh #!/bin/bash tm="$(date +%s)" dt="$(date +'%Y-%m-%d %H:%M:%S')" timestamp="$(date +'%FT%TZ')" . /etc/openvpn/script/config.sh mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE bandwidth_logs SET bytes_received='$bytes_received',bytes_sent='$bytes_sent',time_out='$dt', status='offline' WHERE username='$common_name' AND status='online' AND category='premium' " mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE users SET is_connected=0 WHERE user_name='$common_name' " LENZ06 #client auth file cat <<'LENZ07' >/etc/openvpn/script/premium.sh #!/bin/bash . /etc/openvpn/script/config.sh ##PREMIUM## PRE="users.user_name='$username' AND users.auth_vpn=md5('$password') AND users.is_validated=1 AND users.is_freeze=0 AND users.is_active=1 AND users.is_ban=0 AND users.duration > 0" ##VIP## VIP="users.user_name='$username' AND users.auth_vpn=md5('$password') AND users.is_validated=1 AND users.is_freeze=0 AND users.is_active=1 AND users.is_ban=0 AND users.vip_duration > 0" ##PRIVATE## PRIV="users.user_name='$username' AND users.auth_vpn=md5('$password') AND users.is_validated=1 AND users.is_freeze=0 AND users.is_active=1 AND users.is_ban=0 AND users.private_duration > 0" Query="SELECT users.user_name FROM users WHERE $PRE OR $VIP OR $PRIV" user_name=`mysql -u $USER -p$PASS -D $DB -h $HOST --skip-column-name -e "$Query"` [ "$user_name" != '' ] && [ "$user_name" = "$username" ] && echo "user : $username" && echo 'authentication ok.' && exit 0 || echo 'authentication failed.'; exit 1 LENZ07 #### Setting up SSH CRON jobs for panel cat <<'CronPanel1' > "/etc/$Filename_alias.cron.php" connect_error) { die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error); } function encrypt_key($paswd) { $mykey=getEncryptKey(); $encryptedPassword=encryptPaswd($paswd,$mykey); return $encryptedPassword; } // function to get the decrypted user password function decrypt_key($paswd) { $mykey=getEncryptKey(); $decryptedPassword=decryptPaswd($paswd,$mykey); return $decryptedPassword; } function getEncryptKey() { $secret_key = md5('eugcar'); $secret_iv = md5('sanchez'); $keys = $secret_key . $secret_iv; return encryptor('encrypt', $keys); } function encryptPaswd($string, $key) { $result = ''; for($**0; $iquery("SELECT * FROM users WHERE duration > 0 AND is_freeze = 0 OR is_freeze = 0 AND vip_duration > 0 OR is_freeze = 0 AND private_duration > 0 ORDER by user_id DESC"); if($query->num_rows > 0) { while($row = $query->fetch_assoc()) { $data .= ''; $username = $row['user_name']; $password = decrypt_key($row['user_pass']); $password = encryptor('decrypt',$password); $data .= '/usr/sbin/useradd -p $(openssl passwd -1 '.$password.') -s /bin/false -M '.$username.' &> /dev/null;'.PHP_EOL; } } $location = '/etc/openvpn/active.sh'; $fp = fopen($location, 'w'); fwrite($fp, $data) or die("Unable to open file!"); fclose($fp); #In-Active and Invalid Accounts $data2 = ''; $premium_deactived = "duration <= 0"; $vip_deactived = "vip_duration <= 0"; $private_deactived = "private_duration <= 0"; $is_validated = "is_validated=0"; $is_activate = "is_active=0"; $freeze = "is_freeze=1"; //$suspend = "suspend=1"; $query2 = $mysqli->query("SELECT * FROM users WHERE ".$freeze." OR ".$premium_deactived." AND ".$vip_deactived ." AND ".$private_deactived." OR ".$is_activate." "); if($query2->num_rows > 0) { while($row2 = $query2->fetch_assoc()) { $data2 .= ''; $toadd = $row2['user_name']; $data2 .= '/usr/sbin/userdel -r -f '.$toadd.' &> /dev/null;'.PHP_EOL; } } $location2 = '/etc/openvpn/inactive.sh'; $fp = fopen($location2, 'w'); fwrite($fp, $data2) or die("Unable to open file!"); fclose($fp); $mysqli->close(); ?> CronPanel1 sed -i "s|DatabaseHost|$DatabaseHost|g" "/etc/$Filename_alias.cron.php" sed -i "s|DatabaseName|$DatabaseName|g" "/etc/$Filename_alias.cron.php" sed -i "s|DatabaseUser|$DatabaseUser|g" "/etc/$Filename_alias.cron.php" sed -i "s|DatabasePass|$DatabasePass|g" "/etc/$Filename_alias.cron.php" chmod +x "/etc/$Filename_alias.cron.php" #setting permissions chmod +x /etc/openvpn/script/premium.sh chmod +x /etc/openvpn/script/connectpremium.sh chmod +x /etc/openvpn/script/disconnectpremium.sh ###################################################################################### ###################################################################################### ###################################################################################### ;; 2) #Modifying TCP Config cat <<'LENZ01' >/etc/openvpn/server/server_tcp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_TCP_Port dev tun proto tcp ca /etc/openvpn/ca.crt cert /etc/openvpn/bonvscripts.crt key /etc/openvpn/bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none comp-lzo tun-mtu 1500 reneg-sec 0 client-to-client auth-user-pass-verify "/etc/openvpn/script/vip.sh" via-env client-connect /etc/openvpn/script/connectvip.sh client-disconnect /etc/openvpn/script/disconnectvip.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.0.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 status /var/www/html/stat/tcp.txt log /etc/openvpn/tcp.log verb 2 script-security 3 socket-flags TCP_NODELAY push "socket-flags TCP_NODELAY" push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ01 sed -i "s|OpenVPN_TCP_Port|$OpenVPN_TCP_Port|g" /etc/openvpn/server/server_tcp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/server_tcp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/server_tcp.conf #Modifying UDP Config cat <<'LENZ02' >/etc/openvpn/server/server_udp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_UDP_Port dev tun proto udp ca /etc/openvpn/ca.crt cert /etc/openvpn/bonvscripts.crt key /etc/openvpn/bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none comp-lzo tun-mtu 1500 float fast-io reneg-sec 0 auth-user-pass-verify "/etc/openvpn/script/vip.sh" via-env client-connect /etc/openvpn/script/connectvip.sh client-disconnect /etc/openvpn/script/disconnectvip.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.16.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 status /var/www/html/stat/udp.txt log /etc/openvpn/udp.log verb 2 script-security 3 push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ02 sed -i "s|OpenVPN_UDP_Port|$OpenVPN_UDP_Port|g" /etc/openvpn/server/server_udp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/server_udp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/server_udp.conf #Modifying TCP EC Config cat <<'LENZ03' >/etc/openvpn/server/ec_server_tcp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_TCP_EC proto tcp dev tun ca /etc/openvpn/ec_ca.crt cert /etc/openvpn/ec_bonvscripts.crt key /etc/openvpn/ec_bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none compress lz4 push "compress lz4" tun-mtu 1500 reneg-sec 0 auth-user-pass-verify "/etc/openvpn/script/vip.sh" via-env client-connect /etc/openvpn/script/connectvip.sh client-disconnect /etc/openvpn/script/disconnectvip.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.32.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 tls-server tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 status /var/www/html/stat/tcp.txt log /etc/openvpn/ec_tcp.log verb 2 script-security 3 socket-flags TCP_NODELAY push "socket-flags TCP_NODELAY" push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ03 sed -i "s|OpenVPN_TCP_EC|$OpenVPN_TCP_EC|g" /etc/openvpn/server/ec_server_tcp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/ec_server_tcp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/ec_server_tcp.conf #Modifying UDP EC Config cat <<'LENZ04' >/etc/openvpn/server/ec_server_udp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_UDP_EC proto udp dev tun ca /etc/openvpn/ec_ca.crt cert /etc/openvpn/ec_bonvscripts.crt key /etc/openvpn/ec_bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none compress lz4 push "compress lz4" tun-mtu 1500 float fast-io reneg-sec 0 auth-user-pass-verify "/etc/openvpn/script/vip.sh" via-env client-connect /etc/openvpn/script/connectvip.sh client-disconnect /etc/openvpn/script/disconnectvip.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.48.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 tls-server tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 status /var/www/html/stat/udp.txt log /etc/openvpn/ec_udp.log verb 2 script-security 3 push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ04 sed -i "s|OpenVPN_UDP_EC|$OpenVPN_UDP_EC|g" /etc/openvpn/server/ec_server_udp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/ec_server_udp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/ec_server_udp.conf #client-connect file cat <<'LENZ05' >/etc/openvpn/script/connectvip.sh #!/bin/bash tm="$(date +%s)" dt="$(date +'%Y-%m-%d %H:%M:%S')" timestamp="$(date +'%FT%TZ')" . /etc/openvpn/script/config.sh ##set status online to user connected bandwidth_check=`mysql -u $USER -p$PASS -D $DB -h $HOST --skip-column-name -e "SELECT bandwidth_logs.username FROM bandwidth_logs WHERE bandwidth_logs.username='$common_name' AND bandwidth_logs.category='vip' AND bandwidth_logs.status='online'"` if [ "$bandwidth_check" == 1 ]; then mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE bandwith_logs SET server_ip='$local_1', server_port='$trusted_port', timestamp='$timestamp', ipaddress='$trusted_ip:$trusted_port', username='$common_name', time_in='$tm', since_connected='$time_ascii', bytes_received='$bytes_received', bytes_sent='$bytes_sent' WHERE username='$common_name' AND status='online' AND category='vip' " mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE users SET is_connected=1 WHERE user_name='$common_name' " else mysql -u $USER -p$PASS -D $DB -h $HOST -e "INSERT INTO bandwidth_logs (server_ip, server_port, timestamp, ipaddress, since_connected, username, bytes_received, bytes_sent, time_in, status, time, category) VALUES ('$local_1','$trusted_port','$timestamp','$trusted_ip:$trusted_port','$time_ascii','$common_name','$bytes_received','$bytes_sent','$dt','online','$tm','vip') " mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE users SET device_connected=1, is_connected=1 WHERE user_name='$common_name' " fi LENZ05 #TCP client-disconnect file cat <<'LENZ06' >/etc/openvpn/script/disconnectvip.sh #!/bin/bash tm="$(date +%s)" dt="$(date +'%Y-%m-%d %H:%M:%S')" timestamp="$(date +'%FT%TZ')" . /etc/openvpn/script/config.sh mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE bandwidth_logs SET bytes_received='$bytes_received',bytes_sent='$bytes_sent',time_out='$dt', status='offline' WHERE username='$common_name' AND status='online' AND category='vip' " mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE users SET is_connected=0 WHERE user_name='$common_name' " LENZ06 #client auth file cat <<'LENZ07' >/etc/openvpn/script/vip.sh #!/bin/bash . /etc/openvpn/script/config.sh ##PREMIUM## PRE="users.user_name='$username' AND users.auth_vpn=md5('$password') AND users.is_validated=1 AND users.is_freeze=0 AND users.is_active=1 AND users.is_ban=0 AND users.duration > 0" ##VIP## VIP="users.user_name='$username' AND users.auth_vpn=md5('$password') AND users.is_validated=1 AND users.is_freeze=0 AND users.is_active=1 AND users.is_ban=0 AND users.vip_duration > 0" ##PRIVATE## PRIV="users.user_name='$username' AND users.auth_vpn=md5('$password') AND users.is_validated=1 AND users.is_freeze=0 AND users.is_active=1 AND users.is_ban=0 AND users.private_duration > 0" Query="SELECT users.user_name FROM users WHERE $VIP OR $PRIV" user_name=`mysql -u $USER -p$PASS -D $DB -h $HOST --skip-column-name -e "$Query"` [ "$user_name" != '' ] && [ "$user_name" = "$username" ] && echo "user : $username" && echo 'authentication ok.' && exit 0 || echo 'authentication failed.'; exit 1 LENZ07 #### Setting up SSH CRON jobs for panel cat <<'CronPanel2' > "/etc/$Filename_alias.cron.php" connect_error) { die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error); } function encrypt_key($paswd) { $mykey=getEncryptKey(); $encryptedPassword=encryptPaswd($paswd,$mykey); return $encryptedPassword; } // function to get the decrypted user password function decrypt_key($paswd) { $mykey=getEncryptKey(); $decryptedPassword=decryptPaswd($paswd,$mykey); return $decryptedPassword; } function getEncryptKey() { $secret_key = md5('eugcar'); $secret_iv = md5('sanchez'); $keys = $secret_key . $secret_iv; return encryptor('encrypt', $keys); } function encryptPaswd($string, $key) { $result = ''; for($**0; $iquery("SELECT * FROM users WHERE is_freeze = 0 AND vip_duration > 0 OR is_freeze = 0 AND private_duration > 0 ORDER by user_id DESC"); if($query->num_rows > 0) { while($row = $query->fetch_assoc()) { $data .= ''; $username = $row['user_name']; $password = decrypt_key($row['user_pass']); $password = encryptor('decrypt',$password); $data .= '/usr/sbin/useradd -p $(openssl passwd -1 '.$password.') -s /bin/false -M '.$username.' &> /dev/null;'.PHP_EOL; } } $location = '/etc/openvpn/active.sh'; $fp = fopen($location, 'w'); fwrite($fp, $data) or die("Unable to open file!"); fclose($fp); #In-Active and Invalid Accounts $data2 = ''; $premium_deactived = "duration <= 0"; $vip_deactived = "vip_duration <= 0"; $private_deactived = "private_duration <= 0"; $is_validated = "is_validated=0"; $is_activate = "is_active=0"; $freeze = "is_freeze=1"; //$suspend = "suspend=1"; $query2 = $mysqli->query("SELECT * FROM users WHERE ".$freeze." OR ".$premium_deactived." AND ".$vip_deactived ." AND ".$private_deactived." OR ".$is_activate." "); if($query2->num_rows > 0) { while($row2 = $query2->fetch_assoc()) { $data2 .= ''; $toadd = $row2['user_name']; $data2 .= '/usr/sbin/userdel -r -f '.$toadd.' &> /dev/null;'.PHP_EOL; } } $location2 = '/etc/openvpn/inactive.sh'; $fp = fopen($location2, 'w'); fwrite($fp, $data2) or die("Unable to open file!"); fclose($fp); $mysqli->close(); ?> CronPanel2 sed -i "s|DatabaseHost|$DatabaseHost|g" "/etc/$Filename_alias.cron.php" sed -i "s|DatabaseName|$DatabaseName|g" "/etc/$Filename_alias.cron.php" sed -i "s|DatabaseUser|$DatabaseUser|g" "/etc/$Filename_alias.cron.php" sed -i "s|DatabasePass|$DatabasePass|g" "/etc/$Filename_alias.cron.php" chmod +x "/etc/$Filename_alias.cron.php" #setting permissions chmod +x /etc/openvpn/script/vip.sh chmod +x /etc/openvpn/script/connectvip.sh chmod +x /etc/openvpn/script/disconnectvip.sh ###################################################################################### ###################################################################################### ###################################################################################### ;; 3) #Modifying TCP Config cat <<'LENZ01' >/etc/openvpn/server/server_tcp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_TCP_Port dev tun proto tcp ca /etc/openvpn/ca.crt cert /etc/openvpn/bonvscripts.crt key /etc/openvpn/bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none comp-lzo tun-mtu 1500 reneg-sec 0 client-to-client auth-user-pass-verify "/etc/openvpn/script/private.sh" via-env client-connect /etc/openvpn/script/connectprivate.sh client-disconnect /etc/openvpn/script/disconnectprivate.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.0.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 status /var/www/html/stat/tcp.txt log /etc/openvpn/tcp.log verb 2 script-security 3 socket-flags TCP_NODELAY push "socket-flags TCP_NODELAY" push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ01 sed -i "s|OpenVPN_TCP_Port|$OpenVPN_TCP_Port|g" /etc/openvpn/server/server_tcp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/server_tcp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/server_tcp.conf #Modifying UDP Config cat <<'LENZ02' >/etc/openvpn/server/server_udp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_UDP_Port dev tun proto udp ca /etc/openvpn/ca.crt cert /etc/openvpn/bonvscripts.crt key /etc/openvpn/bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none comp-lzo tun-mtu 1500 float fast-io reneg-sec 0 auth-user-pass-verify "/etc/openvpn/script/private.sh" via-env client-connect /etc/openvpn/script/connectprivate.sh client-disconnect /etc/openvpn/script/disconnectprivate.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.16.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 status /var/www/html/stat/udp.txt log /etc/openvpn/udp.log verb 2 script-security 3 push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ02 sed -i "s|OpenVPN_UDP_Port|$OpenVPN_UDP_Port|g" /etc/openvpn/server/server_udp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/server_udp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/server_udp.conf #Modifying TCP EC Config cat <<'LENZ03' >/etc/openvpn/server/ec_server_tcp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_TCP_EC proto tcp dev tun ca /etc/openvpn/ec_ca.crt cert /etc/openvpn/ec_bonvscripts.crt key /etc/openvpn/ec_bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none compress lz4 push "compress lz4" tun-mtu 1500 reneg-sec 0 auth-user-pass-verify "/etc/openvpn/script/private.sh" via-env client-connect /etc/openvpn/script/connectprivate.sh client-disconnect /etc/openvpn/script/disconnectprivate.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.32.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 tls-server tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 status /var/www/html/stat/tcp.txt log /etc/openvpn/ec_tcp.log verb 2 script-security 3 socket-flags TCP_NODELAY push "socket-flags TCP_NODELAY" push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ03 sed -i "s|OpenVPN_TCP_EC|$OpenVPN_TCP_EC|g" /etc/openvpn/server/ec_server_tcp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/ec_server_tcp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/ec_server_tcp.conf #Modifying UDP EC Config cat <<'LENZ04' >/etc/openvpn/server/ec_server_udp.conf # VPN_Name Server # Server by VPN_Owner port OpenVPN_UDP_EC proto udp dev tun ca /etc/openvpn/ec_ca.crt cert /etc/openvpn/ec_bonvscripts.crt key /etc/openvpn/ec_bonvscripts.key dh none persist-tun persist-key persist-remote-ip duplicate-cn cipher none ncp-disable auth none compress lz4 push "compress lz4" tun-mtu 1500 float fast-io reneg-sec 0 auth-user-pass-verify "/etc/openvpn/script/private.sh" via-env client-connect /etc/openvpn/script/connectprivate.sh client-disconnect /etc/openvpn/script/disconnectprivate.sh verify-client-cert none username-as-common-name max-clients 4080 topology subnet server 172.29.48.0 255.255.240.0 push "redirect-gateway def1" keepalive 5 30 tls-server tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 status /var/www/html/stat/udp.txt log /etc/openvpn/ec_udp.log verb 2 script-security 3 push "dhcp-option DNS 1.0.0.1" push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 8.8.4.4" push "dhcp-option DNS 8.8.8.8" status-version 1 LENZ04 sed -i "s|OpenVPN_UDP_EC|$OpenVPN_UDP_EC|g" /etc/openvpn/server/ec_server_udp.conf sed -i "s|VPN_Name|$VPN_Name|g" /etc/openvpn/server/ec_server_udp.conf sed -i "s|VPN_Owner|$VPN_Owner|g" /etc/openvpn/server/ec_server_udp.conf #client-connect file cat <<'LENZ05' >/etc/openvpn/script/connectprivate.sh #!/bin/bash tm="$(date +%s)" dt="$(date +'%Y-%m-%d %H:%M:%S')" timestamp="$(date +'%FT%TZ')" . /etc/openvpn/script/config.sh ##set status online to user connected bandwidth_check=`mysql -u $USER -p$PASS -D $DB -h $HOST --skip-column-name -e "SELECT bandwidth_logs.username FROM bandwidth_logs WHERE bandwidth_logs.username='$common_name' AND bandwidth_logs.category='private' AND bandwidth_logs.status='online'"` if [ "$bandwidth_check" == 1 ]; then mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE bandwith_logs SET server_ip='$local_1', server_port='$trusted_port', timestamp='$timestamp', ipaddress='$trusted_ip:$trusted_port', username='$common_name', time_in='$tm', since_connected='$time_ascii', bytes_received='$bytes_received', bytes_sent='$bytes_sent' WHERE username='$common_name' AND status='online' AND category='private' " mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE users SET is_connected=1 WHERE user_name='$common_name' " else mysql -u $USER -p$PASS -D $DB -h $HOST -e "INSERT INTO bandwidth_logs (server_ip, server_port, timestamp, ipaddress, since_connected, username, bytes_received, bytes_sent, time_in, status, time, category) VALUES ('$local_1','$trusted_port','$timestamp','$trusted_ip:$trusted_port','$time_ascii','$common_name','$bytes_received','$bytes_sent','$dt','online','$tm','private') " mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE users SET device_connected=1, is_connected=1 WHERE user_name='$common_name' " fi LENZ05 #TCP client-disconnect file cat <<'LENZ06' >/etc/openvpn/script/disconnectprivate.sh #!/bin/bash tm="$(date +%s)" dt="$(date +'%Y-%m-%d %H:%M:%S')" timestamp="$(date +'%FT%TZ')" . /etc/openvpn/script/config.sh mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE bandwidth_logs SET bytes_received='$bytes_received',bytes_sent='$bytes_sent',time_out='$dt', status='offline' WHERE username='$common_name' AND status='online' AND category='private' " mysql -u $USER -p$PASS -D $DB -h $HOST -e "UPDATE users SET is_connected=0 WHERE user_name='$common_name' " LENZ06 #client auth file cat <<'LENZ07' >/etc/openvpn/script/private.sh #!/bin/bash . /etc/openvpn/script/config.sh ##PREMIUM## PRE="users.user_name='$username' AND users.auth_vpn=md5('$password') AND users.is_validated=1 AND users.is_freeze=0 AND users.is_active=1 AND users.is_ban=0 AND users.duration > 0" ##VIP## VIP="users.user_name='$username' AND users.auth_vpn=md5('$password') AND users.is_validated=1 AND users.is_freeze=0 AND users.is_active=1 AND users.is_ban=0 AND users.vip_duration > 0" ##PRIVATE## PRIV="users.user_name='$username' AND users.auth_vpn=md5('$password') AND users.is_validated=1 AND users.is_freeze=0 AND users.is_active=1 AND users.is_ban=0 AND users.private_duration > 0" Query="SELECT users.user_name FROM users WHERE $PRIV" user_name=`mysql -u $USER -p$PASS -D $DB -h $HOST --skip-column-name -e "$Query"` [ "$user_name" != '' ] && [ "$user_name" = "$username" ] && echo "user : $username" && echo 'authentication ok.' && exit 0 || echo 'authentication failed.'; exit 1 LENZ07 #### Setting up SSH CRON jobs for panel cat <<'CronPanel1' > "/etc/$Filename_alias.cron.php" connect_error) { die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error); } function encrypt_key($paswd) { $mykey=getEncryptKey(); $encryptedPassword=encryptPaswd($paswd,$mykey); return $encryptedPassword; } // function to get the decrypted user password function decrypt_key($paswd) { $mykey=getEncryptKey(); $decryptedPassword=decryptPaswd($paswd,$mykey); return $decryptedPassword; } function getEncryptKey() { $secret_key = md5('eugcar'); $secret_iv = md5('sanchez'); $keys = $secret_key . $secret_iv; return encryptor('encrypt', $keys); } function encryptPaswd($string, $key) { $result = ''; for($**0; $iquery("SELECT * FROM users WHERE is_freeze = 0 AND private_duration > 0 ORDER by user_id DESC"); if($query->num_rows > 0) { while($row = $query->fetch_assoc()) { $data .= ''; $username = $row['user_name']; $password = decrypt_key($row['user_pass']); $password = encryptor('decrypt',$password); $data .= '/usr/sbin/useradd -p $(openssl passwd -1 '.$password.') -s /bin/false -M '.$username.' &> /dev/null;'.PHP_EOL; } } $location = '/etc/openvpn/active.sh'; $fp = fopen($location, 'w'); fwrite($fp, $data) or die("Unable to open file!"); fclose($fp); #In-Active and Invalid Accounts $data2 = ''; $premium_deactived = "duration <= 0"; $vip_deactived = "vip_duration <= 0"; $private_deactived = "private_duration <= 0"; $is_validated = "is_validated=0"; $is_activate = "is_active=0"; $freeze = "is_freeze=1"; //$suspend = "suspend=1"; $query2 = $mysqli->query("SELECT * FROM users WHERE ".$freeze." OR ".$premium_deactived." AND ".$vip_deactived ." AND ".$private_deactived." OR ".$is_activate." "); if($query2->num_rows > 0) { while($row2 = $query2->fetch_assoc()) { $data2 .= ''; $toadd = $row2['user_name']; $data2 .= '/usr/sbin/userdel -r -f '.$toadd.' &> /dev/null;'.PHP_EOL; } } $location2 = '/etc/openvpn/inactive.sh'; $fp = fopen($location2, 'w'); fwrite($fp, $data2) or die("Unable to open file!"); fclose($fp); $mysqli->close(); ?> CronPanel1 sed -i "s|DatabaseHost|$DatabaseHost|g" "/etc/$Filename_alias.cron.php" sed -i "s|DatabaseName|$DatabaseName|g" "/etc/$Filename_alias.cron.php" sed -i "s|DatabaseUser|$DatabaseUser|g" "/etc/$Filename_alias.cron.php" sed -i "s|DatabasePass|$DatabasePass|g" "/etc/$Filename_alias.cron.php" chmod +x "/etc/$Filename_alias.cron.php" #setting permissions chmod +x /etc/openvpn/script/private.sh chmod +x /etc/openvpn/script/connectprivate.sh chmod +x /etc/openvpn/script/disconnectprivate.sh ;; esac echo -e "* *\t* * *\troot\tsudo php -q /etc/$Filename_alias.cron.php" > "/etc/cron.d/$Filename_alias" echo -e "* *\t* * *\troot\tsudo bash /etc/openvpn/active.sh" >> "/etc/cron.d/$Filename_alias" echo -e "* *\t* * *\troot\tsudo bash /etc/openvpn/inactive.sh" >> "/etc/cron.d/$Filename_alias" #installing ohp wget https://github.com/lfasmpao/open-http-puncher/releases/download/0.1/ohpserver-linux32.zip unzip ohpserver-linux32.zip chmod 755 ohpserver sudo mv ohpserver /usr/local/bin/ cat <<'ohpssh' > /etc/systemd/system/ohpserver.service [Unit] Description=Daemonize OpenHTTP Puncher Server Wants=network.target After=network.target [Service] ExecStart=/usr/local/bin/ohpserver -port SSH_viaOHP -proxy 127.0.0.1:Squid_Proxy_2 -tunnel IP-ADDRESS:SSH_Extra_Port Restart=always RestartSec=3 [Install] WantedBy=multi-user.target ohpssh sed -i "s|SSH_viaOHP|$SSH_viaOHP|g" "/etc/systemd/system/ohpserver.service" sed -i "s|Squid_Proxy_2|$Squid_Proxy_2|g" "/etc/systemd/system/ohpserver.service" sed -i "s|IP-ADDRESS|$MYIP|g" "/etc/systemd/system/ohpserver.service" sed -i "s|SSH_Extra_Port|$SSH_Extra_Port|g" "/etc/systemd/system/ohpserver.service" #Adding Socks cat <<'Socks1' > "/home/proxydirect.py" import socket, threading, thread, select, signal, sys, time, getopt # Listen LISTENING_ADDR = '0.0.0.0' if sys.argv[1:]: LISTENING_PORT = sys.argv[1] else: LISTENING_PORT = Socks_port #Pass PASS = '' # CONST BUFLEN = 4096 * 4 TIMEOUT = 60 DEFAULT_HOST = '127.0.0.1:22' RESPONSE = 'HTTP/1.1 200 VPN_Name\r\n\r\n' #RESPONSE = 'HTTP/1.1 200 SERVIDOR-NETWORK[RS]\r\nContent-length: 0\r\n\r\nHTTP/1.1 200 Connection established\r\n\r\n' # lint:ok class Server(threading.Thread): def __init__(self, host, port): threading.Thread.__init__(self) self.running = False self.host = host self.port = port self.threads = [] self.threadsLock = threading.Lock() self.logLock = threading.Lock() def run(self): self.soc = socket.socket(socket.AF_INET) self.soc.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self.soc.settimeout(2) intport = int(self.port) self.soc.bind((self.host, intport)) self.soc.listen(0) self.running = True try: while self.running: try: c, addr = self.soc.accept() c.setblocking(1) except socket.timeout: continue conn = ConnectionHandler(c, self, addr) conn.start() self.addConn(conn) finally: self.running = False self.soc.close() def printLog(self, log): self.logLock.acquire() print log self.logLock.release() def addConn(self, conn): try: self.threadsLock.acquire() if self.running: self.threads.append(conn) finally: self.threadsLock.release() def removeConn(self, conn): try: self.threadsLock.acquire() self.threads.remove(conn) finally: self.threadsLock.release() def close(self): try: self.running = False self.threadsLock.acquire() threads = list(self.threads) for c in threads: c.close() finally: self.threadsLock.release() class ConnectionHandler(threading.Thread): def __init__(self, socClient, server, addr): threading.Thread.__init__(self) self.clientClosed = False self.targetClosed = True self.client = socClient self.client_buffer = '' self.server = server self.log = 'Connection: ' + str(addr) def close(self): try: if not self.clientClosed: self.client.shutdown(socket.SHUT_RDWR) self.client.close() except: pass finally: self.clientClosed = True try: if not self.targetClosed: self.target.shutdown(socket.SHUT_RDWR) self.target.close() except: pass finally: self.targetClosed = True def run(self): try: self.client_buffer = self.client.recv(BUFLEN) hostPort = self.findHeader(self.client_buffer, 'X-Real-Host') if hostPort == '': hostPort = DEFAULT_HOST split = self.findHeader(self.client_buffer, 'X-Split') if split != '': self.client.recv(BUFLEN) if hostPort != '': passwd = self.findHeader(self.client_buffer, 'X-Pass') if len(PASS) != 0 and passwd == PASS: self.method_CONNECT(hostPort) elif len(PASS) != 0 and passwd != PASS: self.client.send('HTTP/1.1 400 WrongPass!\r\n\r\n') elif hostPort.startswith('127.0.0.1') or hostPort.startswith('localhost'): self.method_CONNECT(hostPort) else: self.client.send('HTTP/1.1 403 Forbidden!\r\n\r\n') else: print '- No X-Real-Host!' self.client.send('HTTP/1.1 400 NoXRealHost!\r\n\r\n') except Exception as e: self.log += ' - error: ' + e.strerror self.server.printLog(self.log) pass finally: self.close() self.server.removeConn(self) def findHeader(self, head, header): aux = head.find(header + ': ') if aux == -1: return '' aux = head.find(':', aux) head = head[aux+2:] aux = head.find('\r\n') if aux == -1: return '' return head[:aux]; def connect_target(self, host): i = host.find(':') if i != -1: port = int(host[i+1:]) host = host[:i] else: if self.method=='CONNECT': port = 22 else: port = sys.argv[1] (soc_family, soc_type, proto, _, address) = socket.getaddrinfo(host, port)[0] self.target = socket.socket(soc_family, soc_type, proto) self.targetClosed = False self.target.connect(address) def method_CONNECT(self, path): self.log += ' - CONNECT ' + path self.connect_target(path) self.client.sendall(RESPONSE) self.client_buffer = '' self.server.printLog(self.log) self.doCONNECT() def doCONNECT(self): socs = [self.client, self.target] count = 0 error = False while True: count += 1 (recv, _, err) = select.select(socs, [], socs, 3) if err: error = True if recv: for in_ in recv: try: data = in_.recv(BUFLEN) if data: if in_ is self.target: self.client.send(data) else: while data: byte = self.target.send(data) data = data[byte:] count = 0 else: break except: error = True break if count == TIMEOUT: error = True if error: break def print_usage(): print 'Usage: proxy.py -p ' print ' proxy.py -b -p ' print ' proxy.py -b 0.0.0.0 -p Socks_port' def parse_args(argv): global LISTENING_ADDR global LISTENING_PORT try: opts, args = getopt.getopt(argv,"hb:p:",["bind=","port="]) except getopt.GetoptError: print_usage() sys.exit(2) for opt, arg in opts: if opt == '-h': print_usage() sys.exit() elif opt in ("-b", "--bind"): LISTENING_ADDR = arg elif opt in ("-p", "--port"): LISTENING_PORT = int(arg) def main(host=LISTENING_ADDR, port=LISTENING_PORT): print "\n:-------CondomSocks-------:\n" print "Listening addr: " + LISTENING_ADDR print "Listening port: " + str(LISTENING_PORT) + "\n" print ":-------------------------:\n" server = Server(LISTENING_ADDR, LISTENING_PORT) server.start() while True: try: time.sleep(2) except KeyboardInterrupt: print 'Stopping...' server.close() break ####### parse_args(sys.argv[1:]) if __name__ == '__main__': main() Socks1 sed -i "s|Socks_port|$Socks_port|g" "/home/proxydirect.py" sed -i "s|VPN_Name|$VPN_Name|g" "/home/proxydirect.py" cat <<'socks' > /etc/systemd/system/socks.service [Unit] Description=Daemonize socks [Service] Type=simple ExecStart=/usr/bin/python /home/proxydirect.py [Install] WantedBy=multi-user.target socks #adding autorecon cat <<'ohpssh2' > /etc/systemd/system/ohplenz.service [Unit] Description=Daemonize OpenHTTP Puncher Autorecon Wants=network.target After=network.target [Service] ExecStart=/usr/local/bin/ohpserver -port SSH_viaAuto -proxy 127.0.0.1:Squid_Proxy_2 -tunnel IP-ADDRESS:SSH_Extra_Port Restart=always RestartSec=3 [Install] WantedBy=multi-user.target ohpssh2 sed -i "s|SSH_viaAuto|$SSH_viaAuto|g" "/etc/systemd/system/ohplenz.service" sed -i "s|Squid_Proxy_2|$Squid_Proxy_2|g" "/etc/systemd/system/ohplenz.service" sed -i "s|IP-ADDRESS|$MYIP|g" "/etc/systemd/system/ohplenz.service" sed -i "s|SSH_Extra_Port|$SSH_Extra_Port|g" "/etc/systemd/system/ohplenz.service" sudo systemctl daemon-reload sudo systemctl start ohpserver sudo systemctl enable ohpserver sudo systemctl start socks sudo systemctl enable socks sudo systemctl start ohplenz sudo systemctl enable ohplenz #creating autorecon script cat <<'autorecon' > /home/lenz sudo systemctl restart ohplenz sleep 60 sudo systemctl restart ohplenz autorecon #adding autorecon cron cat <<'autorecon2' > /etc/cron.d/autorecon */2 * * * * root bash /home/lenz autorecon2 #Banner, MOTD, issue cat <<'BANNER' >/etc/banner
==========================
WARNING
==========================
- NO SPAMMING !!!
- NO DDOS !!!
- NO HACKING !!!
- NO CARDING !!!
- NO TORRENT !!!
==========================
VPN_Owner
==========================
BANNER cat <<'MOTD' >/etc/motd
==========================
WARNING
==========================
- NO SPAMMING !!!
- NO DDOS !!!
- NO HACKING !!!
- NO CARDING !!!
- NO TORRENT !!!
==========================
VPN_Owner
==========================
MOTD cat <<'ISSUE' >/etc/issue.net
==========================
WARNING
==========================
- NO SPAMMING !!!
- NO DDOS !!!
- NO HACKING !!!
- NO CARDING !!!
- NO TORRENT !!!
==========================
VPN_Owner
==========================
ISSUE sed -i "s|VPN_Owner|$VPN_Owner|g" "/etc/banner" sed -i "s|VPN_Owner|$VPN_Owner|g" "/etc/motd" sed -i "s|VPN_Owner|$VPN_Owner|g" "/etc/issue.net" #Fixing Multilogin Script cat <<'Multilogin' >/usr/local/sbin//set_multilogin_autokill_lib #!/bin/bash clear MAX=1 if [ -e "/var/log/auth.log" ]; then OS=1; LOG="/var/log/auth.log"; fi if [ -e "/var/log/secure" ]; then OS=2; LOG="/var/log/secure"; fi if [ $OS -eq 1 ]; then service ssh restart > /dev/null 2>&1; fi if [ $OS -eq 2 ]; then service sshd restart > /dev/null 2>&1; fi service dropbear restart > /dev/null 2>&1; if [[ ${1+x} ]]; then MAX=$1; fi cat /etc/passwd | grep "/home/" | cut -d":" -f1 > /root/user.txt username1=( `cat "/root/user.txt" `); i="0"; for user in "${username1[@]}" do username[$i]=`echo $user | sed 's/'\''//g'`; jumlah[$i]=0; i=$i+1; done cat $LOG | grep -i dropbear | grep -i "Password auth succeeded" > /tmp/log-db.txt proc=( `ps aux | grep -i dropbear | awk '{print $2}'`); for PID in "${proc[@]}" do cat /tmp/log-db.txt | grep "dropbear\[$PID\]" > /tmp/log-db-pid.txt NUM=`cat /tmp/log-db-pid.txt | wc -l`; USER=`cat /tmp/log-db-pid.txt | awk '{print $10}' | sed 's/'\''//g'`; IP=`cat /tmp/log-db-pid.txt | awk '{print $12}'`; if [ $NUM -eq 1 ]; then **0; for user1 in "${username[@]}" do if [ "$USER" == "$user1" ]; then jumlah[$i]=`expr ${jumlah[$i]} + 1`; pid[$i]="${pid[$i]} $PID" fi i=$i+1; done fi done cat $LOG | grep -i sshd | grep -i "Accepted password for" > /tmp/log-db.txt data=( `ps aux | grep "\[priv\]" | sort -k 72 | awk '{print $2}'`); for PID in "${data[@]}" do cat /tmp/log-db.txt | grep "sshd\[$PID\]" > /tmp/log-db-pid.txt; NUM=`cat /tmp/log-db-pid.txt | wc -l`; USER=`cat /tmp/log-db-pid.txt | awk '{print $9}'`; IP=`cat /tmp/log-db-pid.txt | awk '{print $11}'`; if [ $NUM -eq 1 ]; then **0; for user1 in "${username[@]}" do if [ "$USER" == "$user1" ]; then jumlah[$i]=`expr ${jumlah[$i]} + 1`; pid[$i]="${pid[$i]} $PID" fi i=$i+1; done fi done j="0"; for i in ${!username[*]} do if [ ${jumlah[$i]} -gt $MAX ]; then date=`date +"%Y-%m-%d %X"`; echo "$date - ${username[$i]} - ${jumlah[$i]}"; echo "$date - ${username[$i]} - ${jumlah[$i]}" >> /root/log-limit.txt; kill ${pid[$i]}; pid[$i]=""; j=`expr $j + 1`; fi done if [ $j -gt 0 ]; then if [ $OS -eq 1 ]; then service ssh restart > /dev/null 2>&1; fi if [ $OS -eq 2 ]; then service sshd restart > /dev/null 2>&1; fi service dropbear restart > /dev/null 2>&1; j=0; fi Multilogin echo -e "* * * * * root /usr/local/sbin/set_multilogin_autokill_lib 1" >> "/etc/cron.d/set_multilogin_autokill_lib" #Restarting Services service openvpn-server@ec_server_tcp restart service openvpn-server@ec_server_udp restart service openvpn-server@server_tcp restart service openvpn-server@server_udp restart echo -e "\n SSH Server: $SSH_Extra_Port\n SSH via OHP: $SSH_viaOHP\n Socks Port: $Socks_port\n SSH via OHP(Autorecon): $SSH_viaAuto\n SSL Server: $SSL_viaOpenSSH1, $SSL_viaOpenSSH2\n OpenVPN Server (TCP): $OpenVPN_TCP_Port\n OpenVPN Server (UDP): $OpenVPN_UDP_Port\n OpenVPN Server (TCP EC): $OpenVPN_TCP_EC\n OpenVPN Server (UDP EC): $OpenVPN_UDP_EC\n Squid Proxy Server: $Squid_Proxy_1, $Squid_Proxy_2\n Sample OpenVPN TCP Config: http://$(curl -4s http://ipinfo.io/ip):86/Configs.zip\n Script by: $VPN_Owner\n" > "/var/www/html/$Filename_alias.log" #Deleting patch file cd rm -rf wago_patch.sh echo 'Done setup you can now close the terminal window and exit the app!'; echo '############################################# # DEBIAN 9 Patch Script with SSL/SSH # # Authentication file system # # Setup by: FIRENET PHILIPPINES # # Modified by: Lenz Scott Kennedy # # Do Not Change This To Avoid Error # #############################################';