#!/bin/bash
# UNBUNTU/DEBIAN
# Version: 2023

cp /usr/share/zoneinfo/Asia/Manila /etc/localtime

install_require()
{
  clear
  echo "Updating your system."
  {
    apt-get -o Acquire::ForceIPv4=true update
  } &>/dev/null
  clear
  echo "Installing dependencies."
  {
    apt-get -o Acquire::ForceIPv4=true install mysql-client -y
    apt-get -o Acquire::ForceIPv4=true install mariadb-server stunnel4 openvpn -y
    apt-get -o Acquire::ForceIPv4=true install dos2unix easy-rsa nano curl wget unzip jq virt-what net-tools -y
    apt-get -o Acquire::ForceIPv4=true install php-cli net-tools cron php-fpm php-json php-pdo php-zip php-gd  php-mbstring php-curl php-xml php-bcmath php-json -y
    apt-get -o Acquire::ForceIPv4=true install gnutls-bin pwgen python -y
  } &>/dev/null
}

install_squid()
{
clear
echo "Installing proxy."
{
#[[ ! -e /etc/apt/sources.list.d/trusty_sources.list ]] && {
#touch /etc/apt/sources.list.d/trusty_sources.list >/dev/null 2>&1
#echo "deb http://us.archive.ubuntu.com/ubuntu/ trusty main universe" | tee --append /etc/apt/sources.list.d/trusty_sources.list >/dev/null 2>&1
#}
echo "deb http://us.archive.ubuntu.com/ubuntu/ trusty main universe" | tee --append /etc/apt/sources.list >/dev/null 2>&1
echo "deb http://us.archive.ubuntu.com/ubuntu/ trusty main universe" | tee --append /etc/apt/sources.list.d/trusty_sources.list >/dev/null 2>&1
[[ $(grep -wc 'Debian' /etc/issue.net) != '0' ]] && {
apt install dirmngr -y >/dev/null 2>&1
[[ $(apt-key list 2>/dev/null | grep -c 'Ubuntu') == '0' ]] && {
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 >/dev/null 2>&1
}
}
apt update -y
apt install lolcat -y

apt install -y squid3=3.3.8-1ubuntu6 squid=3.3.8-1ubuntu6 squid3-common=3.3.8-1ubuntu6
/bin/cat <<"EOM" >/etc/init.d/squid3
#! /bin/sh
#
# squid		Startup script for the SQUID HTTP proxy-cache.
#
# Version:	@(#)squid.rc  1.0  07-Jul-2006  luigi@debian.org
#
### BEGIN INIT INFO
# Provides:          squid
# Required-Start:    $network $remote_fs $syslog
# Required-Stop:     $network $remote_fs $syslog
# Should-Start:      $named
# Should-Stop:       $named
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Squid HTTP Proxy version 3.x
### END INIT INFO

NAME=squid3
DESC="Squid HTTP Proxy"
DAEMON=/usr/sbin/squid3
PIDFILE=/var/run/$NAME.pid
CONFIG=/etc/squid3/squid.conf
SQUID_ARGS="-YC -f $CONFIG"

[ ! -f /etc/default/squid ] || . /etc/default/squid

. /lib/lsb/init-functions

PATH=/bin:/usr/bin:/sbin:/usr/sbin

[ -x $DAEMON ] || exit 0

ulimit -n 65535

find_cache_dir () {
	w=" 	" # space tab
        res=`$DAEMON -k parse -f $CONFIG 2>&1 |
		grep "Processing:" |
		sed s/.*Processing:\ // |
		sed -ne '
			s/^['"$w"']*'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
			t end;
			d;
			:end q'`
        [ -n "$res" ] || res=$2
        echo "$res"
}

grepconf () {
	w=" 	" # space tab
        res=`$DAEMON -k parse -f $CONFIG 2>&1 |
		grep "Processing:" |
		sed s/.*Processing:\ // |
		sed -ne '
			s/^['"$w"']*'$1'['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
			t end;
			d;
			:end q'`
	[ -n "$res" ] || res=$2
	echo "$res"
}

create_run_dir () {
	run_dir=/var/run/squid3
	usr=`grepconf cache_effective_user proxy`
	grp=`grepconf cache_effective_group proxy`

	if [ "$(dpkg-statoverride --list $run_dir)" = "" ] &&
	   [ ! -e $run_dir ] ; then
		mkdir -p $run_dir
	  	chown $usr:$grp $run_dir
		[ -x /sbin/restorecon ] && restorecon $run_dir
	fi
}

start () {
	cache_dir=`find_cache_dir cache_dir`
	cache_type=`grepconf cache_dir`
	run_dir=/var/run/squid3

	#
	# Create run dir (needed for several workers on SMP)
	#
	create_run_dir

	#
	# Create spool dirs if they don't exist.
	#
	if test -d "$cache_dir" -a ! -d "$cache_dir/00"
	then
		log_warning_msg "Creating $DESC cache structure"
		$DAEMON -z -f $CONFIG
		[ -x /sbin/restorecon ] && restorecon -R $cache_dir
	fi

	umask 027
	ulimit -n 65535
	cd $run_dir
	start-stop-daemon --quiet --start \
		--pidfile $PIDFILE \
		--exec $DAEMON -- $SQUID_ARGS < /dev/null
	return $?
}

stop () {
	PID=`cat $PIDFILE 2>/dev/null`
	start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
	#
	#	Now we have to wait until squid has _really_ stopped.
	#
	sleep 2
	if test -n "$PID" && kill -0 $PID 2>/dev/null
	then
		log_action_begin_msg " Waiting"
		cnt=0
		while kill -0 $PID 2>/dev/null
		do
			cnt=`expr $cnt + 1`
			if [ $cnt -gt 24 ]
			then
				log_action_end_msg 1
				return 1
			fi
			sleep 5
			log_action_cont_msg ""
		done
		log_action_end_msg 0
		return 0
	else
		return 0
	fi
}

cfg_pidfile=`grepconf pid_filename`
if test "${cfg_pidfile:-none}" != "none" -a "$cfg_pidfile" != "$PIDFILE"
then
	log_warning_msg "squid.conf pid_filename overrides init script"
	PIDFILE="$cfg_pidfile"
fi

case "$1" in
    start)
	res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"`
	if test -n "$res";
	then
		log_failure_msg "$res"
		exit 3
	else
		log_daemon_msg "Starting $DESC" "$NAME"
		if start ; then
			log_end_msg $?
		else
			log_end_msg $?
		fi
	fi
	;;
    stop)
	log_daemon_msg "Stopping $DESC" "$NAME"
	if stop ; then
		log_end_msg $?
	else
		log_end_msg $?
	fi
	;;
    reload|force-reload)
	res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"`
	if test -n "$res";
	then
		log_failure_msg "$res"
		exit 3
	else
		log_action_msg "Reloading $DESC configuration files"
	  	start-stop-daemon --stop --signal 1 \
			--pidfile $PIDFILE --quiet --exec $DAEMON
		log_action_end_msg 0
	fi
	;;
    restart)
	res=`$DAEMON -k parse -f $CONFIG 2>&1 | grep -o "FATAL: .*"`
	if test -n "$res";
	then
		log_failure_msg "$res"
		exit 3
	else
		log_daemon_msg "Restarting $DESC" "$NAME"
		stop
		if start ; then
			log_end_msg $?
		else
			log_end_msg $?
		fi
	fi
	;;
    status)
	status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit 3
	;;
    *)
	echo "Usage: /etc/init.d/$NAME {start|stop|reload|force-reload|restart|status}"
	exit 3
	;;
esac

exit 0
EOM

chmod +x /etc/init.d/squid3
/sbin/update-rc.d squid3 defaults

cd /usr/share/squid3/errors/English/
echo "acl IP dst $(curl -s https://api.ipify.org)
http_access allow IP
http_access deny all
http_port 8080
http_port 3128
http_port 8000
error_directory /usr/share/squid3/errors/English"| tee /etc/squid3/squid.conf

echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Criz Romero</title>
</head>

<body bgcolor="#ffffff">
<center>
  <font color="#FF0000"><h1><strong>Criz Romero</strong></h1></font></center>
</body>
</html>' | tee ERR_ACCESS_DENIED ERR_FTP_FORBIDDEN ERR_PRECONDITION_FAILED ERR_ACL_TIME_QUOTA_EXCEEDED ERR_FTP_NOT_FOUND ERR_PROTOCOL_UNKNOWN ERR_AGENT_CONFIGURE ERR_FTP_PUT_CREATED ERR_READ_ERROR ERR_AGENT_WPAD ERR_FTP_PUT_ERROR ERR_READ_TIMEOUT ERR_CACHE_ACCESS_DENIED ERR_FTP_PUT_MODIFIED ERR_SECURE_CONNECT_FAIL ERR_CACHE_MGR_ACCESS_DENIED  ERR_FTP_UNAVAILABLE ERR_SHUTTING_DOWN ERR_CANNOT_FORWARD ERR_GATEWAY_FAILURE ERR_SOCKET_FAILURE ERR_CONFLICT_HOST ERR_ICAP_FAILURE ERR_TOO_BIG ERR_CONNECT_FAIL ERR_INVALID_REQ ERR_UNSUP_HTTPVERSION ERR_DIR_LISTING ERR_INVALID_RESP ERR_UNSUP_REQ ERR_DNS_FAIL ERR_INVALID_URL ERR_URN_RESOLVE ERR_ESI ERR_LIFETIME_EXP ERR_WRITE_ERROR ERR_FORWARDING_DENIED ERR_NO_RELAY ERR_ZERO_SIZE_OBJECT ERR_FTP_DISABLED ERR_ONLY_IF_CACHED_MISS ERR_FTP_FAILURE > /dev/null
update-rc.d squid3 defaults
systemctl enable squid3
systemctl restart squid3
} &>/dev/null
}

install_openvpn()
{
clear
echo "Installing openvpn."
{
mkdir -p /etc/openvpn/easy-rsa/keys
mkdir -p /etc/openvpn/login
mkdir -p /etc/openvpn/server
mkdir -p /var/www/html/stat
touch /etc/openvpn/server.conf
touch /etc/openvpn/server2.conf

echo '# Openvpn Configuration
dev tun
port 53
proto udp
topology subnet
server 10.30.0.0 255.255.252.0
ca /etc/openvpn/easy-rsa/keys/ca.crt 
cert /etc/openvpn/easy-rsa/keys/server.crt 
key /etc/openvpn/easy-rsa/keys/server.key 
dh none
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
cipher none
ncp-disable
auth none
sndbuf 0
rcvbuf 0
keepalive 10 120
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
user nobody
group nogroup
client-to-client
username-as-common-name
verify-client-cert none
script-security 3
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login
push "persist-key"
push "persist-tun"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1 bypass-dhcp"
push "sndbuf 0"
push "rcvbuf 0"
#log /etc/openvpn/server/udpserver.log
status /etc/openvpn/server/udpclient.log
status-version 2
verb 3' > /etc/openvpn/server.conf

echo '# Openvpn Configuration
dev tun
port 1194
proto tcp
topology subnet
server 10.20.0.0 255.255.252.0
ca /etc/openvpn/easy-rsa/keys/ca.crt 
cert /etc/openvpn/easy-rsa/keys/server.crt 
key /etc/openvpn/easy-rsa/keys/server.key 
dh none
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
cipher none
ncp-disable
auth none
sndbuf 0
rcvbuf 0
keepalive 10 120
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
user nobody
group nogroup
client-to-client
username-as-common-name
verify-client-cert none
script-security 3
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so login
push "persist-key"
push "persist-tun"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1 bypass-dhcp"
push "sndbuf 0"
push "rcvbuf 0"
#log /etc/openvpn/server/tcpserver.log
status /etc/openvpn/server/tcpclient.log
status-version 2
verb 3' > /etc/openvpn/server2.conf

cat << EOF > /etc/openvpn/easy-rsa/keys/ca.crt
-----BEGIN CERTIFICATE-----
MIIDRTCCAi2gAwIBAgIUQub/Z4LHhhaglvsjyJ1lVqBKMbYwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJb252YW8ubmV0MB4XDTI1MDQwNDE1Mjg0MloXDTM1MDQw
MjE1Mjg0MlowFDESMBAGA1UEAwwJb252YW8ubmV0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0XMN96C7N7ZW+9BIGUsOoIsyPviBj+5iJ/OeS6LFilwN
1sbzece9tthK9IyU7JXye329H2vs4kzavwZ7YUIy6xuuojEQG0HC+QZzRx3Envsq
A3lJ3ZDI37rwNB4KfBLPHSChPEu3w2dLqr4EHw0kQsEWs1MWbZ11oul8kHnrsxAb
fhqiJApOBBFIawVuR+7a0Eu1WMiU/SKtR1l2zOH5G9Tv5m3CWdciGisGE7kW8uPr
0QxRL/ZSniEaQgpnmUdSCCQ2NAiM9xOsTN0aOSg8Kmj4J7sHXmYXpKYhi+BAUMhD
30ouED02ZilScBjjjSRiaGWaHk83oMxhKG46FXAB4wIDAQABo4GOMIGLMB0GA1Ud
DgQWBBS4RsWXCttc24F8StHWBS1T4aIv8zBPBgNVHSMESDBGgBS4RsWXCttc24F8
StHWBS1T4aIv86EYpBYwFDESMBAGA1UEAwwJb252YW8ubmV0ghRC5v9ngseGFqCW
+yPInWVWoEoxtjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
AQsFAAOCAQEABHB1lWqGT+VdfakalNHBaprGgbxnUVlUVeD6pitrAOSq/s3QQixs
k321Vc8DvVKLXelwtMPNzT+iL0jd/xpOJ1r+2oMqGJ2OXBjqSBESlc2VT9yMUN0d
RGq1qrj2obXRPoNqBF/s1LwfbFCVy+RAZWV7ufsgcdUnUOdQ4WeVfRZSdDMbQRpZ
7bBbCWuRcBNMn9QJaxFyles2AVO5YdUx2HvkCfeJRH4xW6E5XQP6cSqHj9QLSWUe
WUHBryGUAg8ILjMKDTPP44pDw6RCWVoIZIyJMPDBJNWXJ/ZTbdF78u7YpWBYkJaI
AR5N9QYkFhL91oAc9O58Rhpjj5ZEnQseTw==
-----END CERTIFICATE-----

EOF

cat << EOF > /etc/openvpn/easy-rsa/keys/server.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            af:cf:cc:6d:1b:4c:d4:33:16:ab:f8:e9:ee:f3:c6:39
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=onvao.net
        Validity
            Not Before: Apr  4 15:33:47 2025 GMT
            Not After : Mar 19 15:33:47 2028 GMT
        Subject: CN=onvao.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:ca:bc:b2:cf:5e:9e:9f:0e:ac:42:dd:ae:da:
                    98:71:29:e3:5b:30:43:17:f6:7c:4a:4d:09:f2:67:
                    cf:c7:16:38:05:b1:31:20:3d:c8:82:8f:c2:bd:b5:
                    31:26:f3:ef:3f:a3:c8:02:3f:5e:c1:51:93:89:8f:
                    26:94:d3:1e:b5:a5:75:68:03:e9:77:66:93:59:d3:
                    c3:32:e5:1b:86:bc:14:02:1e:cf:75:32:5d:04:18:
                    4e:f5:29:26:c9:8e:10:46:59:e3:9c:88:e7:dc:4a:
                    a1:01:a3:aa:86:c1:e9:0d:78:1d:27:1e:b4:70:39:
                    fc:4f:f0:8f:50:39:98:85:33:0f:f7:ff:af:8c:ba:
                    3d:f4:dc:8b:68:99:6c:b3:38:8d:80:b9:79:22:eb:
                    33:e0:64:e7:ff:fe:84:3d:39:74:15:79:cf:b0:94:
                    a8:6c:9a:3f:92:05:12:c0:52:36:c4:df:83:57:73:
                    53:1f:ed:4f:98:b3:88:bd:2b:6b:1c:7f:80:1e:78:
                    52:cc:02:14:a5:0c:a7:a4:fd:2f:89:32:c7:76:ff:
                    11:b1:bc:ba:d8:16:17:f0:0a:24:65:dd:f6:f7:0e:
                    f9:81:ba:5e:4a:c6:c1:2b:e1:98:e8:4f:c1:ba:f2:
                    31:3a:fd:1e:84:e8:04:76:ff:34:9c:4f:c3:03:87:
                    78:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                C4:A1:D1:F4:5E:32:38:36:1B:56:28:7A:A9:4D:FB:A5:3D:F6:BD:6D
            X509v3 Authority Key Identifier: 
                keyid:B8:46:C5:97:0A:DB:5C:DB:81:7C:4A:D1:D6:05:2D:53:E1:A2:2F:F3
                DirName:/CN=onvao.net
                serial:42:E6:FF:67:82:C7:86:16:A0:96:FB:23:C8:9D:65:56:A0:4A:31:B6

            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            X509v3 Subject Alternative Name: 
                DNS:onvao.net
    Signature Algorithm: sha256WithRSAEncryption
         7c:46:be:91:fc:11:ed:ea:b3:96:ae:d4:01:56:5a:36:e5:88:
         15:48:db:8b:bc:05:fa:38:d6:19:54:56:a4:08:25:50:ca:68:
         c0:cb:3c:16:b7:93:14:9d:a6:76:c5:92:c2:6b:f6:59:72:b8:
         de:de:e1:6f:b2:ae:7c:23:75:fd:a6:36:c0:2d:25:68:c9:b4:
         44:09:f0:06:d2:19:5b:6d:c5:19:1b:d3:47:e3:21:4e:82:22:
         db:a8:72:ad:01:1a:e8:b0:ed:09:f4:76:2a:e5:ac:30:2b:3c:
         63:dd:9a:17:05:40:4c:57:2d:6d:54:66:8f:c8:40:9e:75:dc:
         32:44:80:ff:99:ed:48:ec:65:77:4f:20:86:2f:fa:2d:d9:78:
         06:96:e1:4a:59:4e:55:8d:8a:bc:85:39:72:9a:6a:eb:9b:a1:
         dc:5c:94:15:b0:6e:67:92:20:bb:2d:04:54:28:19:4c:b7:fa:
         ab:7f:28:3c:21:43:44:f8:36:ad:fb:38:f0:52:e0:2e:ed:00:
         ed:83:33:0b:4b:2c:75:f7:48:56:6c:ac:57:3c:b8:b7:5e:a9:
         1f:cb:1c:47:ab:bc:c6:17:7d:10:ac:03:81:71:6d:85:f9:7e:
         8a:d8:63:27:71:fc:23:a8:a6:bc:65:24:e8:82:b8:b3:2b:79:
         05:32:82:70
-----BEGIN CERTIFICATE-----
MIIDajCCAlKgAwIBAgIRAK/PzG0bTNQzFqv46e7zxjkwDQYJKoZIhvcNAQELBQAw
FDESMBAGA1UEAwwJb252YW8ubmV0MB4XDTI1MDQwNDE1MzM0N1oXDTI4MDMxOTE1
MzM0N1owFDESMBAGA1UEAwwJb252YW8ubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA9Mq8ss9enp8OrELdrtqYcSnjWzBDF/Z8Sk0J8mfPxxY4BbEx
ID3Igo/CvbUxJvPvP6PIAj9ewVGTiY8mlNMetaV1aAPpd2aTWdPDMuUbhrwUAh7P
dTJdBBhO9SkmyY4QRlnjnIjn3EqhAaOqhsHpDXgdJx60cDn8T/CPUDmYhTMP9/+v
jLo99NyLaJlssziNgLl5Iusz4GTn//6EPTl0FXnPsJSobJo/kgUSwFI2xN+DV3NT
H+1PmLOIvStrHH+AHnhSzAIUpQynpP0viTLHdv8Rsby62BYX8AokZd329w75gbpe
SsbBK+GY6E/BuvIxOv0ehOgEdv80nE/DA4d4AQIDAQABo4G2MIGzMAkGA1UdEwQC
MAAwHQYDVR0OBBYEFMSh0fReMjg2G1YoeqlN+6U99r1tME8GA1UdIwRIMEaAFLhG
xZcK21zbgXxK0dYFLVPhoi/zoRikFjAUMRIwEAYDVQQDDAlvbnZhby5uZXSCFELm
/2eCx4YWoJb7I8idZVagSjG2MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQE
AwIFoDAUBgNVHREEDTALgglvbnZhby5uZXQwDQYJKoZIhvcNAQELBQADggEBAHxG
vpH8Ee3qs5au1AFWWjbliBVI24u8Bfo41hlUVqQIJVDKaMDLPBa3kxSdpnbFksJr
9llyuN7e4W+yrnwjdf2mNsAtJWjJtEQJ8AbSGVttxRkb00fjIU6CItuocq0BGuiw
7Qn0dirlrDArPGPdmhcFQExXLW1UZo/IQJ513DJEgP+Z7UjsZXdPIIYv+i3ZeAaW
4UpZTlWNiryFOXKaauubodxclBWwbmeSILstBFQoGUy3+qt/KDwhQ0T4Nq37OPBS
4C7tAO2DMwtLLHX3SFZsrFc8uLdeqR/LHEervMYXfRCsA4FxbYX5forYYydx/COo
prxlJOiCuLMreQUygnA=
-----END CERTIFICATE-----
EOF

cat << EOF > /etc/openvpn/easy-rsa/keys/server.key
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD0yryyz16enw6s
Qt2u2phxKeNbMEMX9nxKTQnyZ8/HFjgFsTEgPciCj8K9tTEm8+8/o8gCP17BUZOJ
jyaU0x61pXVoA+l3ZpNZ08My5RuGvBQCHs91Ml0EGE71KSbJjhBGWeOciOfcSqEB
o6qGwekNeB0nHrRwOfxP8I9QOZiFMw/3/6+Muj303ItomWyzOI2AuXki6zPgZOf/
/oQ9OXQVec+wlKhsmj+SBRLAUjbE34NXc1Mf7U+Ys4i9K2scf4AeeFLMAhSlDKek
/S+JMsd2/xGxvLrYFhfwCiRl3fb3DvmBul5KxsEr4ZjoT8G68jE6/R6E6AR2/zSc
T8MDh3gBAgMBAAECggEBAJixneMr1ym6rbxmOUHIuS5doqRPBor8BauTQpEikEjv
YyKp1Kr33wsSAbe0PmS95I8d6rT8Mm8EI7O6x6Ytywojm4i2Z/tC0MdHgItOvkzd
JN3tuhqwv7S+NQJYGQnAxAYeLAyImZigNK6BGO3WJzlvoz+zt3oJsYlr1PmF882h
RARkBse5Yltkw+B5fGy6cda2NM09jgH2BFVW6+SgexE5Veos0/g5MxinKtQM5Jue
u+eZrv4xtqwDXjhlUHhok+G5KHnCXSci9FJEHLcQgDVbPl1m8jhU+C8d/QxR2xhq
Rk5gIFCI0IoCinPNr5JejJVv47rjP0CZrCXehLEqjcECgYEA/7o/LhfF+LhwxT0f
nqHoe6DK2oJdDSsMqHHFsGdi2rNmk8zDxlB9lBo/51aMP14gQVUVJ/yoAa3zymBv
ugf8cAtxXNee8dVaZ5vQU9uisIbS3tUG/hGcberwK/jhJR1hU7gVFINm4KQDT6fv
ikvXPAMLmdoASeVXIQZvT4M6VlsCgYEA9Q2B6eMrHVQFx4otYAOK/m31j60qSS3B
NsR1IzfaNUbk/8AhDSmOUi6QJO4vBHlDKx/9o4YPKxAoyOjI3K30ge6suIQzTKI0
7wuG8L/Q3uRgxzKlAdCMzFyInEgFsNJUlOaP2sIByV4q6Gw16a6Ke3SvIZtUx0UN
GBjdrgR20dMCgYAGF1CT73sGrpX5DLipFaAs+ap7Q+mle6YEiRk1V3ESVn2V/aWY
HqivE2T8RKJ4i+xmwfkMB8eUqqkI4/0lSDVqEcu0c2pUxkkt+JcguDWK0NtK9XYC
LTc1owfvdDEgqi98SAEwiOS1axKtHgnlmGLbChOHqZqiJ/VIUxfpo+2KywKBgCVD
rpPQlcfZ9R8I5imJoGNceVEl9h42tQENEvsODUK4yy4RG3WS8i+RIR5ckg3OGua9
8KYjRr83r9wNei4Ezf/MObu9bseiiwYm7JhDsxGSDR19mBYUjrStBaEuWp8u/Om/
vfR4OClVBpVdjz0/65MmhVNI+bVrzLfzYBKMXz09AoGAQ2xnQNHpiWaKMCDhQsY8
w2kq9QtmfoFOw58n0qRRF9VZ7F7G8xb0h/D9oUTGBw8VgtrUQuv70WaKKzWPNEnx
cs5bavYcmvGdVm+PydiqEtMKIrYgiEX1PdADySVaSgp0cLdvX8YIUEoWpsPDDaNN
H00I2sJgUobmDfIcmZwCPnE=
-----END PRIVATE KEY-----

EOF

cat << EOF > /etc/openvpn/easy-rsa/keys/dh2048.pem
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAiPiEXbOGC8EBs8HdOUco7+R1gx5INfvWEYJK9ZCDBbeHZx5jZrhs
RCiDoLuWEHUciMfpdNH39g/hq0z/5Y4PvGbUEOgg1bc1E9sW2e1YsfqIC2/tM1go
iR1tARciRxGliQPEIfwwRZzXTOw3XCigZ6AYcoNkrHFVObpw1a3UMuTcOp83RTqm
cP8lY4fnsCXel3eUBQASlRQNsjN/O4Xh2qzFTjG8s8XIvAZSTcQE/EI8ny1Tbqqa
/w4m8HAciJPWjyhLtUCwcU+DHJRlVPJ2tkVdvHKH4yKDo0Zr5YuLUPEV9m3SEXCk
txE0t/8vC9xB2yh/Q/YW4SOJlEIGMdRyswIBAg==
-----END DH PARAMETERS-----

EOF

chmod 755 /etc/openvpn/server.conf
chmod 755 /etc/openvpn/server2.conf
systemctl restart openvpn@server
systemctl restart openvpn@server2
update-rc.d openvpn defaults
systemctl enable openvpn
}&>/dev/null
}

install_stunnel() {
  {
cd /etc/stunnel/

echo "-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC+5A1nyiv007ov
uEBY7Hdb7YDk3JPcazZXdfiXJBzce58CDhaSKH3lvmq79ACy4z0VhJUWzFknSur0
jQKCEdlXergVk/WQgDKC6EqOv+x1je6WCkfuMK54CXuhJ+MmudvqXxUJHY1fG7Q/
M8uQah4M8cZHsR5yMchCEB/RcVtVyqQT+pZKcJhjq46cOFUF3CshFUEwV+KHvxRh
vNqGy2PPV6mWpLNL3aez9teZ2Atk370pptG7pTU1yS83Tw+JcyDd7nOAPP/f+5M7
vPcM+EfCXXtgsas6MxDvvnySzSEMNN8eSxlalNbWVoJ96/QLwqfm8rMYUw40jW+I
8Cdic/hPAgMBAAECggEBAJacYGdPgDb/Bpu4CC0hBVumnFf2IUN747hGAAlgGNVt
RBve+bf/8rVd8+CvuA1sdTmRDgCa4oy5839X8m6lnpIC5VNBFjMYssHOfWT70Jk/
jssa+X3ZMw7KjJyuV+6qHfVhZ7t1caFkvmZPe4FJ+MPFzuepu5fl51cYWcJqaeHZ
TQ0TrHmj6+v4+Nds1MWqkgh51c0TAHqXPDiKx+7w96ekebb5qKHRpnQHG5lA9dYe
HBJkQ1fVehwRzjeQDLrJFIAXnCnWjrgifzkW+3x2P5Qs31qMy0dXiEMz/bVMQJ32
JO22gyT2DEFpiJrmufjnizfbPuqtLGKDZQ//OSBxhgECgYEA+Y1aMvRU2QWUuudb
J7/tbAXSTFj1oU2HS7CQGI+Se+ylsH86xpzU7QRKHwjGz9F8L1vkhyea/uF1txEk
33+utR+lTWsi/VpeDqHliPr8e4Lx2MDk49ZBT9/ymf46n2V+PXlG0vXfhSfQZMs5
cfh+O2Jbt3yEoIBbnCVq7kLYhsECgYEAw9KwLv06b2vZIo/m/5gKjVhRAXEYPcsk
NEQP+xcfDKNIoaRRoKkfEPY6FI1cfZXdVa2YrPEcwiyUsNb6qGPODIWvzxQUAbJY
bTwe0Zr+2O4GmZ3RnyYkuvfuk4nFCRimLiGkmZcueI8HBuHaTxAwsvEzKM9+OpzE
pqzpKnhz0w8CgYALeBehJ+GOZ9dCD8f8t7FtuYbEw4Hme+2v6Nl2h4Kv91xWFELb
RfHzQrM1Ye3hNzuB4bNLEuLou+vxEfSj4PZilKXAPSBKjJCuE3q9JOvdsVL0J0ld
v0cZKK25rhl7oep/YMeEgpBXSlElkMF/H3CNwiN891gRGFUdhAq6EJBrAQKBgQCm
58YZVubenyrEhajbA4lC7hqlQvLpgGLMVZLVbeCeEfJPK9ITQPLkrynT6KUDuZ+c
bkkqZpwfeIYHsESXD/JIxA2UT8W5qHwsJskR2K0M0tw3RMetgYJfBgGIKS4S0bqa
qTw1WSFXynivygMbzm3jpyf2ydwKMyJ9+fUGqQH3ywKBgQC2CB0lsVtz6V/4BA0k
iRg3sWe3v2BbGiWQb6UbZQ0QsZQRzypj7J6NZ4TNVOQoPwAbAy4jN9Mc3wxzhUye
EyJQgtTZarRAmR3eFnREUCoMPh3WWxLnfSo49lvgBteQXfNXHVc1hbAf1kuzvEoU
KUP5AhYqwoPn0wUoO3ewxOWd9A==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIID9zCCAt+gAwIBAgIUTOzbmiDZ3MdVwEJj5ZamayYmyc8wDQYJKoZIhvcNAQEL
BQAwgYoxCzAJBgNVBAYTAlRSMQ4wDAYDVQQIDAVBZGFuYTEOMAwGA1UEBwwFQWRh
bmExEjAQBgNVBAoMCU9udmFvLm5ldDEMMAoGA1UECwwDdnBuMRIwEAYDVQQDDAlv
bnZhby5uZXQxJTAjBgkqhkiG9w0BCQEWFm1haWxAbXV6YWZmZXJzYW5saS5jb20w
HhcNMjUwNjIzMjAxODAyWhcNMzUwNjIxMjAxODAyWjCBijELMAkGA1UEBhMCVFIx
DjAMBgNVBAgMBUFkYW5hMQ4wDAYDVQQHDAVBZGFuYTESMBAGA1UECgwJT252YW8u
bmV0MQwwCgYDVQQLDAN2cG4xEjAQBgNVBAMMCW9udmFvLm5ldDElMCMGCSqGSIb3
DQEJARYWbWFpbEBtdXphZmZlcnNhbmxpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL7kDWfKK/TTui+4QFjsd1vtgOTck9xrNld1+JckHNx7nwIO
FpIofeW+arv0ALLjPRWElRbMWSdK6vSNAoIR2Vd6uBWT9ZCAMoLoSo6/7HWN7pYK
R+4wrngJe6En4ya52+pfFQkdjV8btD8zy5BqHgzxxkexHnIxyEIQH9FxW1XKpBP6
lkpwmGOrjpw4VQXcKyEVQTBX4oe/FGG82obLY89XqZaks0vdp7P215nYC2TfvSmm
0bulNTXJLzdPD4lzIN3uc4A8/9/7kzu89wz4R8Jde2CxqzozEO++fJLNIQw03x5L
GVqU1tZWgn3r9AvCp+bysxhTDjSNb4jwJ2Jz+E8CAwEAAaNTMFEwHQYDVR0OBBYE
FJJMj51fwx9VQip0FALB7yIKcXfEMB8GA1UdIwQYMBaAFJJMj51fwx9VQip0FALB
7yIKcXfEMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACu/R544
TyhecE1Su8e80rA+gwoWTngowc7aDPGk/xuab3D5PL3WvFUfbFuF0txHxbjM9WM3
oHRC9JQPNWD+ybomHOb7gdnqMb/SjN3iLXNIsNUpwPphr4rFySkHjYXojDbiomV/
ef7r8bGlxqfcxZGARdjVlg6MF2jnlmA8rOrEQ1kYlMe3OMsJ1R7y9j+jQuhkSAyP
So43gmpyBlWqRPnwye33r52YzI95ou3ztTraHlJSu3s6IG7K5i8oN8QL6bWcN6VL
q3IcOrPce0jKI1wWGYGVWkFkCZty8rA7RMcFqQiTU+ffIllWP+H777HQ86YG7BPv
lHMJEU5/au1vOc8=
-----END CERTIFICATE-----" >> stunnel.pem

echo "cert=/etc/stunnel/stunnel.pem
socket = a:SO_REUSEADDR=1
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = no

[openvpn]
connect = 127.0.0.1:1194
accept = 443" >> stunnel.conf

cd /etc/default && rm stunnel4

echo 'ENABLED=1
FILES="/etc/stunnel/*.conf"
OPTIONS=""
PPP_RESTART=0
RLIMITS=""' >> stunnel4 

chmod 755 stunnel4
update-rc.d stunnel4 defaults
systemctl enable stunnel4
systemctl restart stunnel4
  } &>/dev/null
}

install_iptables(){
  {
echo -e "\033[01;31m Configure Sysctl \033[0m"
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
echo '* soft nofile 512000
* hard nofile 512000' >> /etc/security/limits.conf
ulimit -n 512000

/sbin/iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o eth0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o eth0 -j SNAT --to-source "$vps_ip"
/sbin/iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o eth0 -j SNAT --to-source "$vps_ip"
/sbin/iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o venet0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o venet0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o venet0 -j SNAT --to-source "$vps_ip"
/sbin/iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o venet0 -j SNAT --to-source "$vps_ip"
/sbin/iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o ens3 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o ens3 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o ens3 -j SNAT --to-source "$vps_ip"
/sbin/iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o ens3 -j SNAT --to-source "$vps_ip"
/sbin/iptables-save > /etc/iptables_rules.v4
/sbin/ip6tables-save > /etc/iptables_rules.v6
iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o eth0 -j SNAT --to-source "$vps_ip"
iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o eth0 -j SNAT --to-source "$vps_ip"
iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o venet0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o venet0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o venet0 -j SNAT --to-source "$vps_ip"
iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o venet0 -j SNAT --to-source "$vps_ip"
iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o ens3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o ens3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.20.0.0/22 -o ens3 -j SNAT --to-source "$vps_ip"
iptables -t nat -A POSTROUTING -s 10.30.0.0/22 -o ens3 -j SNAT --to-source "$vps_ip"
iptables-save > /etc/iptables_rules.v4
iptables-save > /etc/iptables_rules.v6
/sbin/sysctl -p
sysctl -p
  }&>/dev/null
}

install_rclocal(){
  {
    wget -O /etc/ubuntu https://raw.githubusercontent.com/xD-cRiz/hiro-ovpn/main/ws-criz &> /dev/null
	dos2unix /etc/ubuntu
    chmod +x /etc/ubuntu
	screen -dmS socks python /etc/ubuntu
	wget --no-check-certificate https://raw.githubusercontent.com/xD-cRiz/hiro-ovpn/main/criz-rc -O /etc/systemd/system/rc-local.service
	chmod +x /etc/systemd/system/rc-local.service
    echo "#!/bin/sh -e
iptables-restore < /etc/iptables_rules.v4
ip6tables-restore < /etc/iptables_rules.v6
/sbin/iptables-restore < /etc/iptables_rules.v4
/sbin/ip6tables-restore < /etc/iptables_rules.v6
/sbin/sysctl -p
sysctl -p
screen -dmS socks python /etc/ubuntu
exit 0" >> /etc/rc.local
    chmod +x /etc/rc.local
    systemctl enable rc-local
    systemctl start rc-local.service
  }&>/dev/null
}
install_acount()
{
#############################
USER="onvao"
PASS="onvao"
#############################
useradd $USER
echo "$USER:$PASS" | chpasswd
}
install_menu()
{
# download script
cd /usr/bin
wget -O menu "https://raw.githubusercontent.com/xD-cRiz/hiro-ovpn/main/menu/menu.sh"
wget -O usernew "https://raw.githubusercontent.com/xD-cRiz/hiro-ovpn/main/menu/usernew.sh"
wget -O trial "https://raw.githubusercontent.com/xD-cRiz/hiro-ovpn/main/menu/trial.sh"
wget -O delete "https://raw.githubusercontent.com/xD-cRiz/hiro-ovpn/main/menu/hapus.sh"
wget -O check "https://raw.githubusercontent.com/xD-cRiz/hiro-ovpn/main/menu/user-login.sh"
wget -O member "https://raw.githubusercontent.com/xD-cRiz/hiro-ovpn/main/menu/user-list.sh"
wget -O restart "https://raw.githubusercontent.com/xD-cRiz/hiro-ovpn/main/menu/resvis.sh"
wget -O info "https://raw.githubusercontent.com/xD-cRiz/hiro-ovpn/main/menu/info.sh"
wget -O about "https://raw.githubusercontent.com/xD-cRiz/hiro-ovpn/main/menu/about.sh"

chmod +x menu
chmod +x usernew
chmod +x trial
chmod +x delete
chmod +x check
chmod +x member
chmod +x restart
chmod +x info
chmod +x about
}

install_done()
{
  clear
  echo "OPENVPN SERVER"
  echo "IP : $(curl -s https://api.ipify.org)"
  echo "OPENVPN TCP port : 1194"
  echo "OPENVPN UDP port : 53"
  echo "OPENVPN SSL port : 443"
  echo "WS port : 80"
  echo "PROXY port : 3128"
  echo "PROXY port : 8080"
  echo "PROXY port : 8000"
  echo
  echo
  history -c
  rm /root/.installer
  echo "Server will secure this server and reboot after 20 seconds"
  sleep 20
  /sbin/reboot
}

vps_ip=$(curl -s https://api.ipify.org)

install_require
install_squid
install_openvpn
install_stunnel
install_rclocal
install_iptables
install_acount
install_menu
install_done