#!

/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH

#=================================================
# System Required: Debian/Ubuntu
# Description: ocserv AnyConnect
# Version: 1.0.5
# Author: Toyo
# Blog: https://doub.io/vpnzy-7/
#=================================================
sh_ver="1.0.5"
file="/usr/local/sbin/ocserv"
conf_file="/etc/ocserv"
conf="/etc/ocserv/ocserv.conf"
passwd_file="/etc/ocserv/ocpasswd"
log_file="/tmp/ocserv.log"
ocserv_ver="0.11.8"
PID_FILE="/var/run/ocserv.pid"
CONFIG_DIR_OCSEREV="/etc/ocserv"

Green_font_prefix="\033[32m" && Red_font_prefix="\033[31m" &&

Green_background_prefix="\033[42;37m" && Red_background_prefix="\033[41;37m" &&
Font_color_suffix="\033[0m"
Info="${Green_font_prefix}[信息]${Font_color_suffix}"
Error="${Red_font_prefix}[错误]${Font_color_suffix}"
Tip="${Green_font_prefix}[注意]${Font_color_suffix}"

check_root(){
[[ $EUID != 0 ]] && echo -e "${Error} 当前非 ROOT 账号(或没有 ROOT 权限)，无法继续操作，请更换 ROOT 账号
或使用 ${Green_background_prefix}sudo su${Font_color_suffix} 命令获取临时 ROOT 权限（执行后可能会提示输入当
前账号的密码）。" && exit 1
}
#检查系统
check_sys(){
if [[ -f /etc/redhat-release ]]; then
release="centos"
elif cat /etc/issue | grep -q -E -i "debian"; then
release="debian"
elif cat /etc/issue | grep -q -E -i "ubuntu"; then
release="ubuntu"
elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat"; then
release="centos"
elif cat /proc/version | grep -q -E -i "debian"; then
release="debian"
elif cat /proc/version | grep -q -E -i "ubuntu"; then
release="ubuntu"
elif cat /proc/version | grep -q -E -i "centos|red hat|redhat"; then
release="centos"
fi
#bit=`uname -m`
}
check_installed_status(){
[[ ! -e ${file} ]] && echo -e "${Error} ocserv 没有安装，请检查 !" && exit 1
[[ ! -e ${conf} ]] && echo -e "${Error} ocserv 配置文件不存在，请检查 !" && [[ $1 !=
"un" ]] && exit 1
}
check_pid(){
if [[ ! -e ${PID_FILE} ]]; then
 PID=""
else
PID=$(cat ${PID_FILE})
fi
}
Get_ip(){
ip=$(wget -qO- -t1 -T2 ipinfo.io/ip)
if [[ -z "${ip}" ]]; then
ip=$(wget -qO- -t1 -T2 api.ip.sb/ip)
if [[ -z "${ip}" ]]; then
ip=$(wget -qO- -t1 -T2 members.3322.org/dyndns/getip)
if [[ -z "${ip}" ]]; then
ip="VPS_IP"
fi
fi
fi
}

# ---------添加代码 BEGIN----------------

install_content() {
local _install_flags="$1"
local _content="$2"
local _destination="$3"

local _tmpfile="$(mktemp)"

echo -ne "Install $_destination ... "

echo "$_content" > "$_tmpfile"
if install "$_install_flags" "$_tmpfile" "$_destination"; then
echo -e "ok"
fi

rm -f "$_tmpfile"
}

# ---------添加代码 END 版本 1----------------

# ---------添加代码 BEGIN----------------
tcp_anyconnect_ec_config(){

cat << EOF

#auth = "plain[passwd=/etc/ocserv/ocpasswd]"
# listen-host = [IP|HOSTNAME]
auth = "certificate"
cert-user-oid = 2.5.4.3
tcp-port = $PORT_OCSERV

run-as-user = nobody
run-as-group = daemon
socket-file = /var/run/ocserv-socket
# ecc certicate
# -----BEGIN CERTIFICATE-----
server-cert = /etc/ocserv/ssl/server-cert.pem
server-key = /etc/ocserv/ssl/server-key.pem
ca-cert = /etc/ocserv/ssl/ca-cert.pem
# -----END CERTIFICATE-----
isolate-workers = true
banner = "欢迎使用铂金 2 代 VPN 技术"
max-clients = 10
max-same-clients = 10
rate-limit-ms = 0
server-stats-reset-time = 604800
keepalive = 32400
dpd = 90
mobile-dpd = 1800
switch-to-tcp-timeout = 25
try-mtu-discovery = false
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
auth-timeout = 240
idle-timeout = 86400
mobile-idle-timeout = 86400
min-reauth-time = 300
max-ban-score = 80
ban-reset-time = 1200
cookie-timeout = 300
deny-roaming = false
rekey-time = 172800
rekey-method = ssl
use-occtl = true
pid-file = /var/run/ocserv.pid
net-priority = 6
device = vpns
predictable-ips = true
default-domain = example.com

ipv4-network = 192.168.1.0
ipv4-netmask = 255.255.255.0
# An alternative way of specifying the network:
#ipv4-network = 192.168.1.0/24
# The IPv6 subnet that leases will be given from.
#ipv6-network = fda9:4efe:7e3b:03ea::/48
# Specify the size of the network to provide to clients. It is
# generally recommended to provide clients with a /64 network in
# IPv6, but any subnet may be specified. To provide clients only
# with a single IP use the prefix 128.
#ipv6-subnet-prefix = 128
#ipv6-subnet-prefix = 64

# tunnel-all-dns = true
dns = 8.8.8.8
dns = 8.8.4.4
cisco-client-compat = true
dtls-legacy = true

route = 0.0.0.0/128.0.0.0
route = 128.0.0.0/128.0.0.0

EOF
}

# ---------添加代码 END 版本 1----------------

Download_ocserv(){
mkdir "ocserv" && cd "ocserv"
wget "https://www.infradead.org/ocserv/download/ocserv-1.1.6.tar.xz"
[[ ! -s "ocserv-1.1.6.tar.xz" ]] && echo -e "${Error} ocserv 源码文件下载失败 !" &&
rm -rf "ocserv/" && rm -rf "ocserv-1.1.6.tar.xz" && exit 1
tar -xJf ocserv-1.1.6.tar.xz && cd ocserv-1.1.6
./configure
make
make install
cd .. && cd ..
rm -rf ocserv/

if [[ -e ${file} ]]; then

mkdir "${conf_file}"
wget --no-check-certificate -N -P "${conf_file}"
"https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/other/
ocserv.conf"
[[ ! -s "${conf}" ]] && echo -e "${Error} ocserv 配置文件下载失败 !" && rm -rf
"${conf_file}" && exit 1
else
echo -e "${Error} ocserv 编译安装失败，请检查！" && exit 1
fi
}
Service_ocserv(){
if ! wget --no-check-certificate
https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/service/
ocserv_debian -O /etc/init.d/ocserv; then
echo -e "${Error} ocserv 服务 管理脚本下载失败 !" && over
fi
chmod +x /etc/init.d/ocserv
update-rc.d -f ocserv defaults
echo -e "${Info} ocserv 服务 管理脚本下载完成 !"
}
rand(){
min=10000
max=$((60000-$min+1))
num=$(date +%s%N)
echo $(($num%$max+$min))
}
Generate_SSL(){
# lalala=$(rand)
mkdir /tmp/ssl && cd /tmp/ssl
[[ $? = 0 ]] && echo -e "create dircetory success"
echo -e '
cn = "platinum"
organization = "platinum vpn"
serial = 1
expiration_days = 365
ca
signing_key
cert_signing_key
crl_signing_key' > ca.tmpl
[[ $? != 0 ]] && echo -e "${Error} 写入 SSL 证书签名模板失败(ca.tmpl) !" && over
certtool --generate-privkey --outfile ca-key.pem --ecc
[[ $? != 0 ]] && echo -e "${Error} 生成 SSL 证书密匙文件失败(ca-key.pem) !" && over
certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl
--outfile ca-cert.pem
[[ $? != 0 ]] && echo -e "${Error} 生成 SSL 证书文件失败(ca-cert.pem) !" && over
 Get_ip
if [[ -z "$ip" ]]; then
echo -e "${Error} 检测外网 IP 失败 !"
read -e -p "请手动输入你的服务器外网 IP:" ip
[[ -z "${ip}" ]] && echo "取消..." && over
fi

echo -e 'cn = "'${ip}'"

organization = "platinum hacker"
expiration_days = 365
signing_key
encryption_key
tls_www_server' > server.tmpl

[[ $? != 0 ]] && echo -e "${Error} 写入 SSL 证书签名模板失败(server.tmpl) !" && over

certtool --generate-privkey --outfile server-key.pem --ecc
[[ $? != 0 ]] && echo -e "${Error} 生成 SSL 证书密匙文件失败(server-key.pem) !" && over
certtool --generate-certificate --load-privkey server-key.pem --load-ca-
certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --
outfile server-cert.pem
[[ $? != 0 ]] && echo -e "${Error} 生成 SSL 证书文件失败(server-cert.pem) !" && over

# ---------添加代码 BEGIN----------------

# 生成用户模板
certtool --generate-privkey --outfile user-key.pem
echo -e 'cn = "platinum vpn test"
unit = "platinum"
expiration_days = 365
signing_key
tls_www_client ' > user.tmpl

[[ $? != 0 ]] && echo -e "${Error} 写入用户证书模板失败(server.tmpl) !" && over

# 生成用户证书 user-cert.pem
certtool --generate-certificate --load-privkey user-key.pem --load-ca-certificate
ca-cert.pem --load-ca-privkey ca-key.pem --template user.tmpl --outfile user-
cert.pem

[[ $? != 0 ]] && echo -e "${Error} 生成用户证书失败(server.tmpl) !" && over

# 生成 p12 生成比 RSA 算法更安全速度更快的 ecc 椭圆曲线

certtool --to-p12 --load-privkey user-key.pem --pkcs-cipher 3des-pkcs12 --load-
certificate user-cert.pem --outfile ecc.p12 --outder

[[ $? != 0 ]] && echo -e "${Error} 生成 p12 用户安装文件失败(server.tmpl) !" && over

# 生成 OCSERV 的 ecc 配置文件

#生成随机端口
PORT_OCSERV=$(shuf -i 5002-6000 -n 1)

install_content -Dm644 "$(tcp_anyconnect_ec_config)"

"$CONFIG_DIR_OCSEREV/ecc.conf"

# -----------添加代码 END ------------

mkdir N
mv ca-cert.pem /etc/ocserv/ssl/ca-cert.pem
 mv ca-key.pem /etc/ocserv/ssl/ca-key.pem
mv server-cert.pem /etc/ocserv/ssl/server-cert.pem
mv server-key.pem /etc/ocserv/ssl/server-key.pem
# ---------添加代码 BEGIN-------------N
mv user-key.pem /etc/ocserv/ssl/user-key.pem
mv user-cert.pem /etc/ocserv/ssl/user-cert.pemn
mv ecc.p12 /etc/ocserv/ssl/ecc.p12NN
# ----------添加代码 END---------

# cd .. && rm -rf /tmp/ssl/

}
Installation_dependency(){
[[ ! -e "/dev/net/tun" ]] && echo -e "${Error} 你的 VPS 没有开启 TUN，请联系 IDC 或通过 VPS 控制
面板打开 TUN/TAP 开关 !" && exit 1
if [[ ${release} = "centos" ]]; then
echo -e "${Error} 本脚本不支持 CentOS 系统 !" && exit 1
elif [[ ${release} = "debian" ]]; then
cat /etc/issue |grep 9\..*>/dev/null
if [[ $? = 0 ]]; then
apt-get update
apt-get install vim net-tools rand pkg-config build-essential
libgnutls28-dev libwrap0-dev liblz4-dev libseccomp-dev libreadline-dev libnl-nf-3-
dev libev-dev gnutls-bin -y
else
mv /etc/apt/sources.list /etc/apt/sources.list.bak
wget --no-check-certificate -O "/etc/apt/sources.list"
"https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/sources/
us.sources.list"
apt-get update
apt-get install vim net-tools rand pkg-config build-essential
libgnutls28-dev libwrap0-dev liblz4-dev libseccomp-dev libreadline-dev libnl-nf-3-
dev libev-dev gnutls-bin -y
rm -rf /etc/apt/sources.list
mv /etc/apt/sources.list.bak /etc/apt/sources.list
apt-get update
fi
else
apt-get update
apt-get install vim net-tools rand pkg-config build-essential
libgnutls28-dev libwrap0-dev liblz4-dev libseccomp-dev libreadline-dev libnl-nf-3-
dev libev-dev gnutls-bin -y
fi
}
Install_ocserv(){
check_root
[[ -e ${file} ]] && echo -e "${Error} ocserv 已安装，请检查 !" && exit 1
echo -e "${Info} 开始安装/配置 依赖..."
Installation_dependency
echo -e "${Info} 开始下载/安装 配置文件..."
Download_ocserv
echo -e "${Info} 开始下载/安装 服务脚本(init)..."
Service_ocserv
echo -e "${Info} 开始自签 SSL 证书..."
Generate_SSL
echo -e "${Info} 开始设置账号配置..."
Read_config
Set_Config
echo -e "${Info} 开始设置 iptables 防火墙..."
Set_iptables
 echo -e "${Info} 开始添加 iptables 防火墙规则..."
Add_iptables
echo -e "${Info} 开始保存 iptables 防火墙规则..."
Save_iptables
echo -e "${Info} 所有步骤 安装完毕，开始启动..."
Start_ocserv
}
Start_ocserv_ec()
{

ocserv -c /etc/ocserv/ecc.conf
}
Start_ocserv(){
check_installed_status
check_pid
[[ ! -z ${PID} ]] && echo -e "${Error} ocserv 正在运行，请检查 !" && exit 1
/etc/init.d/ocserv start
sleep 2s
check_pid
[[ ! -z ${PID} ]] && View_Config

# ---------添加代码 BEGIN----------------
ocserv -c /etc/ocserv/ecc.conf
[[ $? != 0 ]] && echo -e "${Error} 配置 ecc.conf 启动失败 !" && exit 1
if [[ $? = 0 ]] ; then
echo -e " 配置 ecc.conf 启动成功"
fi

# ---------添加代码 END ----------------

}
Stop_ocserv(){
check_installed_status
check_pid
[[ -z ${PID} ]] && echo -e "${Error} ocserv 没有运行，请检查 !" && exit 1
/etc/init.d/ocserv stop
}
Restart_ocserv(){
check_installed_status
check_pid
[[ ! -z ${PID} ]] && /etc/init.d/ocserv stop
sleep 2
kill $(pgrep -f ocserv)
sleep 2
/etc/init.d/ocserv start
Start_ocserv_ec
sleep 2s
check_pid
[[ ! -z ${PID} ]] && View_Config
}
Set_ocserv(){
[[ ! -e ${conf} ]] && echo -e "${Error} ocserv 配置文件不存在 !" && exit 1
tcp_port=$(cat ${conf}|grep "tcp-port ="|awk -F ' = ' '{print $NF}')
udp_port=$(cat ${conf}|grep "udp-port ="|awk -F ' = ' '{print $NF}')
nano ${conf}
set_tcp_port=$(cat ${conf}|grep "tcp-port ="|awk -F ' = ' '{print $NF}')
set_udp_port=$(cat ${conf}|grep "udp-port ="|awk -F ' = ' '{print $NF}')
Del_iptables
Add_iptables
 Save_iptables
echo "是否重启 ocserv ? (Y/n)"
read -e -p "(默认: Y):" yn
[[ -z ${yn} ]] && yn="y"
if [[ ${yn} == [Yy] ]]; then
Restart_ocserv
fi
}
Set_username(){
echo "请输入 要添加的 VPN 账号 用户名"
read -e -p "(默认: admin):" username
[[ -z "${username}" ]] && username="admin"
echo && echo -e " 用户名 : ${Red_font_prefix}${username}${Font_color_suffix}" &&
echo
}
Set_passwd(){
echo "请输入 要添加的 VPN 账号 密码"
read -e -p "(默认: doub.io):" userpass
[[ -z "${userpass}" ]] && userpass="doub.io"
echo && echo -e " 密码 : ${Red_font_prefix}${userpass}${Font_color_suffix}" &&
echo
}
Set_tcp_port(){
while true
do
echo -e "请输入 VPN 服务端的 TCP 端口"
read -e -p "(默认: 443):" set_tcp_port
[[ -z "$set_tcp_port" ]] && set_tcp_port="443"
echo $((${set_tcp_port}+0)) &>/dev/null
if [[ $? -eq 0 ]]; then
if [[ ${set_tcp_port} -ge 1 ]] && [[ ${set_tcp_port} -le 65535 ]]; then
echo && echo -e " TCP 端口 : ${Red_font_prefix}${set_tcp_port}$
{Font_color_suffix}" && echo
break
else
echo -e "${Error} 请输入正确的数字！"
fi
else
echo -e "${Error} 请输入正确的数字！"
fi
done
}
Set_udp_port(){
while true
do
echo -e "请输入 VPN 服务端的 UDP 端口"
read -e -p "(默认: ${set_tcp_port}):" set_udp_port
[[ -z "$set_udp_port" ]] && set_udp_port="${set_tcp_port}"
echo $((${set_udp_port}+0)) &>/dev/null
if [[ $? -eq 0 ]]; then
if [[ ${set_udp_port} -ge 1 ]] && [[ ${set_udp_port} -le 65535 ]]; then
echo && echo -e " TCP 端口 : ${Red_font_prefix}${set_udp_port}$
{Font_color_suffix}" && echo
break
else
echo -e "${Error} 请输入正确的数字！"
fi
else
echo -e "${Error} 请输入正确的数字！"
 fi
done
}
Set_Config(){
Set_username
Set_passwd
echo -e "${userpass}\n${userpass}"|ocpasswd -c ${passwd_file} ${username}
Set_tcp_port
Set_udp_port
sed -i 's/tcp-port = '"$(echo ${tcp_port})"'/tcp-port = '"$(echo $
{set_tcp_port})"'/g' ${conf}
sed -i 's/udp-port = '"$(echo ${udp_port})"'/udp-port = '"$(echo $
{set_udp_port})"'/g' ${conf}
insert_str=$(sed -n '/ping-leases = false/=' /etc/ocserv/ocserv.conf) && sed
-i "$insert_str i route = 0.0.0.0/128.0.0.0" /etc/ocserv/ocserv.conf
insert_str=$(sed -n '/ping-leases = false/=' /etc/ocserv/ocserv.conf) && sed
-i "$insert_str i route = 128.0.0.0/128.0.0.0" /etc/ocserv/ocserv.conf

}
Read_config(){
[[ ! -e ${conf} ]] && echo -e "${Error} ocserv 配置文件不存在 !" && exit 1
conf_text=$(cat ${conf}|grep -v '#')
tcp_port=$(echo -e "${conf_text}"|grep "tcp-port ="|awk -F ' = ' '{print
$NF}')
udp_port=$(echo -e "${conf_text}"|grep "udp-port ="|awk -F ' = ' '{print
$NF}')
max_same_clients=$(echo -e "${conf_text}"|grep "max-same-clients ="|awk -F '
= ' '{print $NF}')
max_clients=$(echo -e "${conf_text}"|grep "max-clients ="|awk -F ' = '
'{print $NF}')
}
List_User(){
[[ ! -e ${passwd_file} ]] && echo -e "${Error} ocserv 账号配置文件不存在 !" && exit 1
User_text=$(cat ${passwd_file})
if [[ ! -z ${User_text} ]]; then
User_num=$(echo -e "${User_text}"|wc -l)
user_list_all=""
for((integer = 1; integer <= ${User_num}; integer++))
do
user_name=$(echo -e "${User_text}" | awk -F ':*:' '{print $1}' |
sed -n "${integer}p")
user_status=$(echo -e "${User_text}" | awk -F ':*:' '{print $NF}'
| sed -n "${integer}p"|cut -c 1)
if [[ ${user_status} == '!' ]]; then
user_status="禁用"
else
user_status="启用"
fi
user_list_all=${user_list_all}"用户名: "${user_name}" 账号状态: "$
{user_status}"\n"
done
echo && echo -e "用户总数 ${Green_font_prefix}"${User_num}"$
{Font_color_suffix}"
echo -e ${user_list_all}
fi
}
Add_User(){
Set_username
Set_passwd
 user_status=$(cat "${passwd_file}"|grep "${username}"':*:')
[[ ! -z ${user_status} ]] && echo -e "${Error} 用户名已存在 ![ ${username} ]" &&
exit 1
echo -e "${userpass}\n${userpass}"|ocpasswd -c ${passwd_file} ${username}
user_status=$(cat "${passwd_file}"|grep "${username}"':*:')
if [[ ! -z ${user_status} ]]; then
echo -e "${Info} 账号添加成功 ![ ${username} ]"
else
echo -e "${Error} 账号添加失败 ![ ${username} ]" && exit 1
fi
}
Del_User(){
List_User
[[ ${User_num} == 1 ]] && echo -e "${Error} 当前仅剩一个账号配置，无法删除 !" && exit 1
echo -e "请输入要删除的 VPN 账号的用户名"
read -e -p "(默认取消):" Del_username
[[ -z "${Del_username}" ]] && echo "已取消..." && exit 1
user_status=$(cat "${passwd_file}"|grep "${Del_username}"':*:')
[[ -z ${user_status} ]] && echo -e "${Error} 用户名不存在 ! [${Del_username}]" &&
exit 1
ocpasswd -c ${passwd_file} -d ${Del_username}
user_status=$(cat "${passwd_file}"|grep "${Del_username}"':*:')
if [[ -z ${user_status} ]]; then
echo -e "${Info} 删除成功 ! [${Del_username}]"
else
echo -e "${Error} 删除失败 ! [${Del_username}]" && exit 1
fi
}
Modify_User_disabled(){
List_User
echo -e "请输入要启用/禁用的 VPN 账号的用户名"
read -e -p "(默认取消):" Modify_username
[[ -z "${Modify_username}" ]] && echo "已取消..." && exit 1
user_status=$(cat "${passwd_file}"|grep "${Modify_username}"':*:')
[[ -z ${user_status} ]] && echo -e "${Error} 用户名不存在 ! [${Modify_username}]"
&& exit 1
user_status=$(cat "${passwd_file}" | grep "${Modify_username}"':*:' | awk -F
':*:' '{print $NF}' |cut -c 1)
if [[ ${user_status} == '!' ]]; then
ocpasswd -c ${passwd_file} -u ${Modify_username}
user_status=$(cat "${passwd_file}" | grep "$
{Modify_username}"':*:' | awk -F ':*:' '{print $NF}' |cut -c 1)
if [[ ${user_status} != '!' ]]; then
echo -e "${Info} 启用成功 ! [${Modify_username}]"
else
echo -e "${Error} 启用失败 ! [${Modify_username}]" && exit 1
fi
else
ocpasswd -c ${passwd_file} -l ${Modify_username}
user_status=$(cat "${passwd_file}" | grep "$
{Modify_username}"':*:' | awk -F ':*:' '{print $NF}' |cut -c 1)
if [[ ${user_status} == '!' ]]; then
echo -e "${Info} 禁用成功 ! [${Modify_username}]"
else
echo -e "${Error} 禁用失败 ! [${Modify_username}]" && exit 1
fi
fi
}
Set_Pass(){
 check_installed_status
echo && echo -e " 你要做什么？

${Green_font_prefix} 0.${Font_color_suffix} 列出 账号配置

————————
${Green_font_prefix} 1.${Font_color_suffix} 添加 账号配置
${Green_font_prefix} 2.${Font_color_suffix} 删除 账号配置
————————
${Green_font_prefix} 3.${Font_color_suffix} 启用/禁用 账号配置

注意：添加/修改/删除 账号配置后，VPN 服务端会实时读取，无需重启服务端 !" && echo

read -e -p "(默认: 取消):" set_num
[[ -z "${set_num}" ]] && echo "已取消..." && exit 1
if [[ ${set_num} == "0" ]]; then
List_User
elif [[ ${set_num} == "1" ]]; then
Add_User
elif [[ ${set_num} == "2" ]]; then
Del_User
elif [[ ${set_num} == "3" ]]; then
Modify_User_disabled
else
echo -e "${Error} 请输入正确的数字[1-3]" && exit 1
fi
}
View_Config(){
Get_ip
Read_config
clear && echo "===================================================" && echo
echo -e " AnyConnect 配置信息：" && echo
echo -e " I P\t\t : ${Green_font_prefix}${ip}${Font_color_suffix}"
echo -e " TCP 端口\t : ${Green_font_prefix}${tcp_port}${Font_color_suffix}"
echo -e " UDP 端口\t : ${Green_font_prefix}${udp_port}${Font_color_suffix}"
echo -e " 单用户设备数限制 : ${Green_font_prefix}${max_same_clients}$
{Font_color_suffix}"
echo -e " 总用户设备数限制 : ${Green_font_prefix}${max_clients}${Font_color_suffix}"
echo -e "\n 客户端链接 1 请填写 : ${Green_font_prefix}${ip}:${tcp_port}$
{Font_color_suffix}"
# ---------添加代码 BEGIN ----------------
echo && echo "==================================================="
ecc_port=$(cat /etc/ocserv/ecc.conf |grep 'tcp-port' |awk '{print $3}')
echo -e "\n 客户端链接 2 请填写 : ${Green_font_prefix}${ip}:${ecc_port}$
{Font_color_suffix}"
local_p12="/etc/ocserv/ssl/ecc.p12"
echo -e " 证书位置\t : ${Green_font_prefix}${local_p12}${Font_color_suffix}"
# ---------添加代码 END ----------------
echo && echo "==================================================="

}
# ---------添加代码 BEGIN ----------------
View_conf_ecc(){

cat /etc/ocserv/ecc.conf |grep 'tcp-port' |awk '{print $3}'

}
# ---------添加代码 END ----------------

View_Log(){
[[ ! -e ${log_file} ]] && echo -e "${Error} ocserv 日志文件不存在 !" && exit 1
 echo && echo -e "${Tip} 按 ${Red_font_prefix}Ctrl+C${Font_color_suffix} 终止查看日
志" && echo -e "如果需要查看完整日志内容，请用 ${Red_font_prefix}cat ${log_file}$
{Font_color_suffix} 命令。" && echo
tail -f ${log_file}
}
Uninstall_ocserv(){
check_installed_status "un"
echo "确定要卸载 ocserv ? (y/N)"
echo
read -e -p "(默认: n):" unyn
[[ -z ${unyn} ]] && unyn="n"
if [[ ${unyn} == [Yy] ]]; then
check_pid
[[ ! -z $PID ]] && kill -9 ${PID} && rm -f ${PID_FILE}
Read_config
Del_iptables
Save_iptables
update-rc.d -f ocserv remove
rm -rf /etc/init.d/ocserv
rm -rf "${conf_file}"
rm -rf "${log_file}"
cd '/usr/local/bin' && rm -f occtl
rm -f ocpasswd
cd '/usr/local/bin' && rm -f ocserv-fw
cd '/usr/local/sbin' && rm -f ocserv
cd '/usr/local/share/man/man8' && rm -f ocserv.8
rm -f ocpasswd.8
rm -f occtl.8
echo && echo "ocserv 卸载完成 !" && echo
else
echo && echo "卸载已取消..." && echo
fi
}
over(){
update-rc.d -f ocserv remove
rm -rf /etc/init.d/ocserv
rm -rf "${conf_file}"
rm -rf "${log_file}"
cd '/usr/local/bin' && rm -f occtl
rm -f ocpasswd
cd '/usr/local/bin' && rm -f ocserv-fw
cd '/usr/local/sbin' && rm -f ocserv
cd '/usr/local/share/man/man8' && rm -f ocserv.8
rm -f ocpasswd.8
rm -f occtl.8
echo && echo "安装过程错误，ocserv 卸载完成 !" && echo
}
Add_iptables(){
#解决连接上无网络的 debug
# ---------添加代码 BEGIN----------------
iptables -A FORWARD -o vpns+ -j ACCEPT
iptables -A FORWARD -i vpns+ -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${PORT_OCSERV} -
j ACCEPT

# ---------添加代码 END----------------
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${set_tcp_port}
-j ACCEPT
 iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${set_udp_port}
-j ACCEPT
}
Del_iptables(){
iptables -D INPUT -m state --state NEW -m tcp -p tcp --dport ${tcp_port} -j
ACCEPT
iptables -D INPUT -m state --state NEW -m udp -p udp --dport ${udp_port} -j
ACCEPT
# ---------添加代码 BEGIN----------------
iptables -D INPUT -m state --state NEW -m udp -p udp --dport ${PORT_OCSERV} -
j ACCEPT
# ---------添加代码 END----------------
}
Save_iptables(){
iptables-save > /etc/iptables.up.rules
}
Set_iptables(){
echo -e "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
ifconfig_status=$(ifconfig)
if [[ -z ${ifconfig_status} ]]; then
echo -e "${Error} ifconfig 未安装 !"
read -e -p "请手动输入你的网卡名(一般情况下，网卡名为 eth0，Debian9 则为 ens3，CentOS Ubuntu 最新
版本可能为 enpXsX(X 代表数字或字母)，OpenVZ 虚拟化则为 venet0):" Network_card
[[ -z "${Network_card}" ]] && echo "取消..." && exit 1
else
Network_card=$(ifconfig|grep "eth0")
if [[ ! -z ${Network_card} ]]; then
Network_card="eth0"
else
Network_card=$(ifconfig|grep "ens3")
if [[ ! -z ${Network_card} ]]; then
Network_card="ens3"
else
Network_card=$(ifconfig|grep "venet0")
if [[ ! -z ${Network_card} ]]; then
Network_card="venet0"
else
# ---------添加代码 BEGIN----------------
Network_card=$(ip route get 8.8.8.8 | awk -- '{printf
$5}')
# ---------添加代码 END----------------
[[ -z "${Network_card}" ]] && echo "取消..." && exit 1
fi
fi
fi
fi
iptables -t nat -A POSTROUTING -o ${Network_card} -j MASQUERADE

iptables-save > /etc/iptables.up.rules

echo -e '#!/bin/bash\n/sbin/iptables-restore < /etc/iptables.up.rules' >
/etc/network/if-pre-up.d/iptables
chmod +x /etc/network/if-pre-up.d/iptables
}
Update_Shell(){
sh_new_ver=$(wget --no-check-certificate -qO- -t1 -T3
"https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/ocserv.sh"|grep
'sh_ver="'|awk -F "=" '{print $NF}'|sed 's/\"//g'|head -1) && sh_new_type="github"
[[ -z ${sh_new_ver} ]] && echo -e "${Error} 无法链接到 Github !" && exit 0
 if [[ -e "/etc/init.d/ocserv" ]]; then
rm -rf /etc/init.d/ocserv
Service_ocserv
fi
wget -N --no-check-certificate
"https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/ocserv.sh" &&
chmod +x ocserv.sh
echo -e "脚本已更新为最新版本[ ${sh_new_ver} ] !(注意：因为更新方式为直接覆盖当前运行的脚本，所以可能下面会提示一些报错，无视
即可)" && exit 0
}
check_sys
[[ ${release} != "debian" ]] && [[ ${release} != "ubuntu" ]] && echo -e "${Error} 本
脚本不支持当前系统 ${release} !" && exit 1
echo && echo -e " ocserv 一键安装管理脚本 ${Red_font_prefix}[v${sh_ver}]$
{Font_color_suffix}
-- Toyo | doub.io/vpnzy-7 --

${Green_font_prefix}0.${Font_color_suffix} 升级脚本
————————————
${Green_font_prefix}1.${Font_color_suffix} 安装 ocserv
${Green_font_prefix}2.${Font_color_suffix} 卸载 ocserv
————————————
${Green_font_prefix}3.${Font_color_suffix} 启动 ocserv
${Green_font_prefix}4.${Font_color_suffix} 停止 ocserv
${Green_font_prefix}5.${Font_color_suffix} 重启 ocserv
————————————
${Green_font_prefix}6.${Font_color_suffix} 设置 账号配置
${Green_font_prefix}7.${Font_color_suffix} 查看 配置信息
${Green_font_prefix}8.${Font_color_suffix} 修改 配置文件
${Green_font_prefix}9.${Font_color_suffix} 查看 日志信息
${Green_font_prefix}10.${Font_color_suffix} 查看 日志 ecc 信息
————————————" && echo
if [[ -e ${file} ]]; then
check_pid
if [[ ! -z "${PID}" ]]; then
echo -e " 当前状态: ${Green_font_prefix}已安装${Font_color_suffix} 并 $
{Green_font_prefix}已启动${Font_color_suffix}"
else
echo -e " 当前状态: ${Green_font_prefix}已安装${Font_color_suffix} 但 $
{Red_font_prefix}未启动${Font_color_suffix}"
fi
else
echo -e " 当前状态: ${Red_font_prefix}未安装${Font_color_suffix}"
fi
echo
read -e -p " 请输入数字 [0-10]:" num
case "$num" in
0)
Update_Shell
;;
1)
Install_ocserv
;;
2)
Uninstall_ocserv
;;
3)
Start_ocserv
;;
 4)
Stop_ocserv
;;
5)
Restart_ocserv
;;
6)
Set_Pass
;;
7)
View_Config
;;
8)
Set_ocserv
;;
9)
View_Log
;;
# ---------添加代码 BEGIN ----------------
10)
View_conf_ecc
;;
# ---------添加代码 END ----------------
*)
echo "请输入正确数字 [0-9]"
;;
esac