forked from tmcphee/cyberghostvpn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
start.sh
191 lines (162 loc) · 5.56 KB
/
start.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
#!/bin/bash
config_ini=/home/root/.cyberghost/config.ini #CyberGhost Auth token
enable_dns_port () {
echo "Allowing PORT 53 - IN/OUT"
sudo ufw allow out 53 #Allow port 53 on all interface for initial VPN connection
sudo ufw allow in 53
}
disable_dns_port () {
echo "Blocking PORT 53 - IN/OUT"
sudo ufw delete allow out 53 #Remove Local DNS Port to prevent leaks
sudo ufw delete allow in 53
}
startup () {
echo "CyberGhostVPN - Docker Edition"
echo "----------------------------------------------------------"
echo " Created By: Tyler McPhee"
echo " GitHub: https://github.com/tmcphee/cyberghostvpn"
echo " DockerHub: https://hub.docker.com/r/tmcphee/cyberghostvpn"
echo " "
echo " Ubuntu:${linux_version} | CyberGhost:${cyberghost_version} "
echo "----------------------------------------------------------"
echo "**************User Defined Vaiables**************"
if [ -n "$ACC" ]; then
echo " ACC: [PASSED - NOT SHOWN]"
fi
if [ -n "$PASS" ]; then
echo " PASS: [PASSED - NOT SHOWN]"
fi
if [ -n "$COUNTRY" ]; then
echo " COUNTRY: ${COUNTRY}"
fi
if [ -n "$NETWORK" ]; then
echo " NETWORK: ${NETWORK}"
fi
if [ -n "$WHITELISTPORTS" ]; then
echo " WHITELISTPORTS: ${WHITELISTPORTS}"
fi
if [ -n "$ARGS" ]; then
echo " ARGS: ${ARGS}"
fi
if [ -n "$NAMESERVER" ]; then
echo " NAMESERVER: ${NAMESERVER}"
fi
echo "*************************************************"
}
ip_stats () {
str="$(cat /etc/resolv.conf)"
value=${str#* }
echo "***********CyberGhost Connection Info***********"
echo " IP: ""$(curl -s https://ipinfo.io/ip)"
echo " CITY: ""$(curl -s https://ipinfo.io/city)"
echo " REGION: ""$(curl -s https://ipinfo.io/region)"
echo " COUNTRY: ""$(curl -s https://ipinfo.io/country)"
echo " DNS: ${value}"
echo "************************************************"
}
#Originated from Run.sh. Migrated for speed improvements
cyberghost_start () {
#Check for CyberGhost Auth file
if [ -f "$config_ini" ]; then
# Check if country is set. Default to US
if ! [ -n "$COUNTRY" ]; then
echo "Country variable not set. Defaulting to US"
export COUNTRY="US"
fi
#Launch and connect to CyberGhost VPN
sudo cyberghostvpn --connect --country-code $COUNTRY --wireguard $ARGS
# Add CyberGhost nameserver to resolv for DNS
# Add Nameserver via env variable $NAMESERVER
if [ -n "$NAMESERVER" ]; then
echo 'nameserver ' $NAMESERVER > /etc/resolv.conf
else
# SMART DNS
# This will switch baised on country selected
# https://support.cyberghostvpn.com/hc/en-us/articles/360012002360
case "$COUNTRY" in
"NL") echo 'nameserver 75.2.43.210' > /etc/resolv.conf
;;
"GB") echo 'nameserver 75.2.79.213' > /etc/resolv.conf
;;
"JP") echo 'nameserver 76.223.64.81' > /etc/resolv.conf
;;
"DE") echo 'nameserver 13.248.182.241' > /etc/resolv.conf
;;
"US") echo 'nameserver 99.83.181.72' > /etc/resolv.conf
;;
*) echo 'nameserver 99.83.181.72' > /etc/resolv.conf
;;
esac
fi
fi
}
startup
sudo ufw enable #Start Firewall
#Check if CyberGhost CLI is installed. If not install it
FILE=/usr/local/cyberghost/uninstall.sh
if [ ! -f "$FILE" ]; then
echo "CyberGhost CLI not installed. Installing..."
bash /install.sh
echo "Installed"
fi
FIREWALL_FILE=/.FIREWALL.cg
if [ ! -f "$FIREWALL_FILE" ]; then
echo "Initiating Firewall First Time Setup..."
sysctl -w net.ipv6.conf.all.disable_ipv6=1 #Disable IPV6
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv6.conf.lo.disable_ipv6=1
sysctl -w net.ipv6.conf.eth0.disable_ipv6=1
sysctl -w net.ipv4.ip_forward=1
sudo ufw disable #Stop Firewall
export CYBERGHOST_API_IP=$(getent ahostsv4 v2-api.cyberghostvpn.com | grep STREAM | head -n 1 | cut -d ' ' -f 1)
sudo ufw default deny outgoing #Deny All traffic by default on all interfaces
sudo ufw default deny incoming
sudo ufw allow out on cyberghost from any to any #Allow All over cyberghost interface
sudo ufw allow in on cyberghost from any to any
sudo ufw allow in 1337 #Allow port 1337 for CyberGhost Communication
sudo ufw allow out 1337
sudo ufw allow out from any to "$CYBERGHOST_API_IP" #Allow v2-api.cyberghostvpn.com [104.20.0.14] IP for connection
sudo ufw allow in from "$CYBERGHOST_API_IP" to any
#Allow all ports in WHITELISTPORTS ENV [Seperate by ',']
if [ -n "${WHITELISTPORTS}" ]; then
echo "Setting Whitelisted Ports..."
IFS=',' read -a array <<< "$WHITELISTPORTS"
for i in "${array[@]}"
do
echo "Whitelisting Port:" "$i"
sudo ufw allow "$i"
done
fi
sudo ufw enable #Start Firewall
echo "Firewall Setup Complete"
echo 'FIREWALL ACTIVE WHEN FILE EXISTS' > .FIREWALL.cg
fi
#Login to account if config not exist
if [ ! -f "$config_ini" ]; then
echo "Logging into CyberGhost..."
enable_dns_port
expect /auth.sh
disable_dns_port
fi
if [ -n "${NETWORK}" ]; then
echo "Adding network route..."
export LOCAL_GATEWAY=$(ip r | awk '/^def/{print $3}') # Get local Gateway
ip route add $NETWORK via $LOCAL_GATEWAY dev eth0 #Enable access to local lan
echo "$NETWORK" "routed to" "$LOCAL_GATEWAY" "on eth0"
fi
#WIREGUARD START AND WATCH
enable_dns_port
cyberghost_start
disable_dns_port
ip_stats
while true #Watch if Connection is lost then reconnect
do
sleep 30
if [[ $(sudo cyberghostvpn --status | grep 'No VPN connections found.' | wc -l) = "1" ]]; then
echo 'VPN Connection Lost - Attempting to reconnect....'
enable_dns_port
cyberghost_start
disable_dns_port
ip_stats
fi
done