ocserv+锐速一键脚本附带用户管理.
使用说明没有完整的写入脚本,详情请看介绍,或自行摸索.
此脚本仅在Debian7和Debian8上进行了测试,其他请自测.
注意:支持OpenVZ,但不会自动安装锐速.

参数:

-install
#在有其他参数时,第一步进行安装.
-add 【用户名】【密码】
#密码登陆模式下添加一个用户.
-del 【用户名】
#密码登录模式下删除一个用户.
-use 【Cert/Password】
#切换登陆方式,密码或证书.
-route/-noroute
#添加路由表,两个参数不能同时使用.
#-route参数一般用于android机器(由于android平台限制).
#-noroute参数推荐使用,除android机器外都使用此参数.

#!/bin/bash
function Welcome()
{
clear
if [[ $EUID -ne 0 ]]; thenecho "Error:This script must be run as root!" 1>&2exit 1
fi
clear
echo -n "                      Local Time :   " && date "+%F [%T]       ";
echo "            ======================================================";
echo "            |         OpenConnect(ocserv) & serverSpeeder        |";
echo "            |                                                    |";
echo "            |                                         for Debian |";
echo "            |----------------------------------------------------|";
echo "            |                           -- By MoeClub.org(Vicer) |";
echo "            ======================================================";
echo;
}function pause()
{
echo;
read -n 1 -p "Press Enter to Continue..." INP
if [ "$INP" != '' ] ; then
echo -ne '\b \n'
echo;
fi
}function ETHER()
{
sysBits=x$(getconf LONG_BIT);
ifname=`cat /proc/net/dev | awk -F: 'function trim(str){sub(/^[ \t]*/,"",str); sub(/[ \t]*$/,"",str); return str } NR>2 {print trim($1)}'  | grep -Ev '^lo|^sit|^stf|^gif|^dummy|^vmnet|^vir|^gre|^ipip|^ppp|^bond|^tun|^tap|^ip6gre|^ip6tnl|^teql' | awk 'NR==1 {print $0}'`
echo -n $ifname |grep -q 'venet'
[ $? -eq '0' ] && Insatll_serverSpeeder='n' || Insatll_serverSpeeder='y'
}function OWNNET()
{
echo -ne "\nSelect a IP Address from \e[33m[\e[32m0\e[0m.\e[35m${MACIP}\e[33m/\e[33m1\e[0m.\e[35m${PublicIP}\e[33m]\e[0m. \nIt will be regard as default IP Address: "
read OWNNETIP
if [ -n "$OWNNETIP" ]; then
if [ "$OWNNETIP" == '0' ]; thenDefaultIP="${MACIP}"
elif [ "$OWNNETIP" == '1' ]; thenDefaultIP="${PublicIP}"
elseOWNNET;
fi
elseDefaultIP="${MACIP}"
fi
}function ServerIP()
{
PublicIP="$(wget -qO- checkip.amazonaws.com)"
echo -ne "Default Server IP: \e[36m${PublicIP}\e[0m .\nIf Default Server IP \e[31mcorrect\e[0m, Press Enter .\nIf Default Server IP \e[31mincorrect\e[0m, Please input Server IP :"
read iptmp
if [[ -n "$iptmp" ]]; thenPublicIP=$iptmp
fi
sysBits=x$(getconf LONG_BIT);
ifname=`cat /proc/net/dev | awk -F: 'function trim(str){sub(/^[ \t]*/,"",str); sub(/[ \t]*$/,"",str); return str } NR>2 {print trim($1)}'  | grep -Ev '^lo|^sit|^stf|^gif|^dummy|^vmnet|^vir|^gre|^ipip|^ppp|^bond|^tun|^tap|^ip6gre|^ip6tnl|^teql' | awk 'NR==1 {print $0}'`;
echo -n $ifname |grep -q 'venet';
[ $? -eq '0' ] && oVZ='y' || oVZ='n';
MACIP="$(ifconfig $ifname |awk -F ':' '/inet addr/{ print $2}' |grep -o '[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}')";
[ "${PublicIP}" != "${MACIP}" ] && OWNNET
[ "${PublicIP}" == "${MACIP}" ] && DefaultIP="${PublicIP}";
echo -ne "Server IP: \e[35m${DefaultIP}\e[0m .\n";
MyDomain="${PublicIP}"
echo -ne "\nIf you \e[31mdo not have\e[0m a domain name, \e[33mPress Enter\e[0m! \nIf you \e[31mhave\e[0m a domain name, Please \e[32mInput your domain name\e[0m :"
read DomainTMP
if [[ -n "$DomainTMP" ]]; thenMyDomain=$DomainTMPecho -ne "Domain name: \e[35m$MyDomain\e[0m .\n"
fi
DOMAIN=`echo "$MyDomain" |awk -F"[.]" '{print $(NF-1)"."$NF}'`
echo "$DOMAIN" |grep -q '[0-9]\{1,3\}.[0-9]\{1,3\}'
[ $? -eq '0' ] && DOMAIN='' || echo -ne "\nPlease put your \e[33mdomain certificate\e[0m and \e[33mprivate key\e[0m into \e[33m/etc/ocserv\e[0m when the shell script install finish! \n\e[31mrename\e[0m \e[33mcertificate\e[0m with \e[32mserver.cert.pem\e[0m\n\e[31mrename\e[0m \e[33mprivate key\e[0m with \e[32mserver.key.pem\e[0m\n"
[ $oVZ == 'y' ] && {
echo -ne "\nIt will install \e[35mocserv\e[0m and \e[35mserverSpeeder\e[0m automaticly."
}
[ $oVZ == 'n' ] && {
echo -ne "\nIt will install \e[35mocserv\e[0m automaticly."
}
pause;
}function Ask_ocserv_port()
{
echo -ne "\n\e[35mInstall OpenConnect...\e[0m\n"
SSLTCP=443;
SSLUDP=443;
echo -ne "\n\e[35mPlease enter AnyConnet port\e[33m[Default:\e[32m443\e[33m]\e[0m: "
read myPORT
if [[ -n "$myPORT" ]]; thenSSLTCP=$myPORTSSLUDP=$myPORT
fi
}function Ask_ocserv_type()
{
echo -ne "\n\e[35mPlease select a type to login AnyConnet.\e[33m[\e[32m0\e[0m.\e[35mcertificate\e[33m/\e[33m1\e[0m.\e[35mpassword\e[33m]\e[0m: "
read logintype
if [ -n "$logintype" ]; then
if [ "$logintype" == '0' ]; thenMyType='certificate'
elif [ "$logintype" == '1' ]; thenMyType='password'
elseAsk_ocserv_type;
fi
elseMyType='certificate'
fi
}function Ask_ocserv_password()
{
[ $MyType == 'certificate' ] && {
FILL1='CANAME'
FILL2='ORGANIZATION'
}
[ $MyType == 'password' ] && {
FILL1='UserName'
FILL2='PassWord'
}
[ -n "$FILL1" -a -n "$FILL2" ] && {
FILLIT1='MoeClub.org'
echo -ne "\n\e[35mPlease input AnyConnet $FILL1\e[33m[Default:\e[32mMoeClub.org\e[33m]\e[0m: "
read tmpFILL1
if [[ -n "$tmpFILL1" ]]; thenFILLIT1=$tmpFILL1
fi
FILLIT2='Vicer'
echo -ne "\n\e[35mPlease input AnyConnet $FILL2\e[33m[Default:\e[32mVicer\e[33m]\e[0m: "
read tmpFILL2
if [[ -n "$tmpFILL2" ]]; thenFILLIT2=$tmpFILL2
fi
}
}function SYSCONF()
{
sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sed -i '/net.ipv4.tcp_syncookies/d' /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf
sed -i '/soft nofile/d' /etc/security/limits.conf
echo "* soft nofile 51200" >> /etc/security/limits.conf
sed -i '/hard nofile/d' /etc/security/limits.conf
echo "* hard nofile 51200" >> /etc/security/limits.conf
[ $oVZ == 'n' ] && {
cat >/etc/sysctl.conf<<EOFSYS
#This line below add by user.
#sysctl net.ipv4.tcp_available_congestion_control
#modprobe tcp_htcp
net.ipv4.ip_forward = 1
fs.file-max = 51200
net.core.wmem_max = 8388608
net.core.rmem_max = 8388608
net.core.rmem_default = 131072
net.core.wmem_default = 131072
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_rmem = 10240 81920 8388608
net.ipv4.tcp_wmem = 10240 81920 8388608
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_congestion_control = htcp
net.ipv4.icmp_echo_ignore_all = 1
#net.ipv4.tcp_fastopen = 3
EOFSYS
[ -f "/proc/sys/net/ipv4/tcp_fastopen" ] && [ -f /etc/sysctl.conf ] && sed -i 's/#net.ipv4.tcp_fastopen/net.ipv4.tcp_fastopen/g' /etc/sysctl.conf
}
sysctl -p >/dev/null 2>&1
}function ins_ocserv()
{
BitVer='';
mkdir -p /tmp;
[ $sysBits == 'x32' ] && BitVer='i386'
[ $sysBits == 'x64' ] && BitVer='amd64'
[ -n "$BitVer" ] && {
wget --no-check-certificate -qO "/tmp/libradcli4_1.2.6-3~bpo8+1_$BitVer.deb" "https://moeclub.org/attachment/DebianPackage/ocserv/libradcli4_1.2.6-3~bpo8+1_$BitVer.deb"
wget --no-check-certificate -qO "/tmp/ocserv_0.11.6-1~bpo8+2_$BitVer.deb" "https://moeclub.org/attachment/DebianPackage/ocserv/ocserv_0.11.6-1~bpo8+2_$BitVer.deb"
} || {
echo "Error, download fail! "
exit 1
}
bash -c "$(wget --no-check-certificate -qO- 'https://moeclub.org/attachment/LinuxShell/src.sh')"
DEBIAN_FRONTEND=noninteractive apt-get install -y -t jessie dbus init-system-helpers libc6 libev4 libgnutls-deb0-28 libgssapi-krb5-2 libhttp-parser2.1 liblz4-1 libnettle4 libnl-3-200 libnl-route-3-200 liboath0 libopts25 libpcl1 libprotobuf-c1 libsystemd0 libtalloc2 gnutls-bin ssl-cert
dpkg -i /tmp/libradcli4_*.deb
dpkg -i /tmp/ocserv_*.deb
which ocserv >/dev/null 2>&1
[ $? -ne '0' ] && echo 'Error, Install ocerv.' && exit 1
sed -i '/exit .*/d' /etc/rc.local
sed -i '$a\iptables -t nat -A POSTROUTING -o '${ifname}' -j MASQUERADE' /etc/rc.local
sed -i '$a\iptables -I INPUT -p tcp --dport '${SSLTCP}' -j ACCEPT' /etc/rc.local
sed -i '$a\iptables -I INPUT -p udp --dport '${SSLUDP}' -j ACCEPT' /etc/rc.local
sed -i '$a\iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu' /etc/rc.local
sed -i '$a\exit 0' /etc/rc.local
cat >/etc/ocserv/ocserv.conf<<EOF
#Login Type
#auth = "plain[passwd=/etc/ocserv/ocpasswd]"
auth = "certificate"# TCP and UDP port number
tcp-port = $SSLTCP
#udp-port = $SSLUDPserver-cert = /etc/ocserv/server.cert.pem
server-key = /etc/ocserv/server.key.pem
ca-cert = /etc/ocserv/ca.cert.pem
dh-params = /etc/ocserv/dh.pemsocket-file = /var/run/ocserv.socket
occtl-socket-file = /var/run/occtl.socket
pid-file = /var/run/ocserv.pid
user-profile = /etc/ocserv/profile.xml
run-as-user = nobody
cert-user-oid = 2.5.4.3
isolate-workers = false
max-clients = 192
max-same-clients = 192
keepalive = 32400
dpd = 300
mobile-dpd = 1800
#output-buffer = 1000
try-mtu-discovery = true
compression = true
no-compress-limit = 256
auth-timeout = 40
idle-timeout = 1200
mobile-idle-timeout = 1200
cookie-timeout = 43200
persistent-cookies = true
deny-roaming = false
rekey-time = 43200
rekey-method = ssl
use-utmp = true
use-occtl = true
device = ocserv
predictable-ips = false
ping-leases = false
cisco-client-compat = true
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128"
ipv4-network = 192.168.8.0
ipv4-netmask = 255.255.255.0
dns = 192.168.8.1EOF
cat >/etc/ocserv/profile.xml<<EOF
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd"><ClientInitialization><UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon><StrictCertificateTrust>false</StrictCertificateTrust><RestrictPreferenceCaching>false</RestrictPreferenceCaching><RestrictTunnelProtocols>false</RestrictTunnelProtocols><BypassDownloader>true</BypassDownloader><WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment><CertEnrollmentPin>pinAllowed</CertEnrollmentPin><CertificateMatch><KeyUsage><MatchKey>Digital_Signature</MatchKey></KeyUsage><ExtendedKeyUsage><ExtendedMatchKey>ClientAuth</ExtendedMatchKey></ExtendedKeyUsage></CertificateMatch><BackupServerList><HostAddress>$MyDomain</HostAddress></BackupServerList></ClientInitialization>
</AnyConnectProfile>
EOFmkdir -p /etc/ocserv/template
cat >/etc/ocserv/template/ca.tmp<<EOF
cn = "$FILLIT1"
organization = "$FILLIT2"
serial = 1
expiration_days = 1825
ca
signing_key
cert_signing_key
crl_signing_key
EOF
openssl genrsa -out /etc/ocserv/template/ca.key.pem 2048
certtool --generate-self-signed --hash SHA256 --load-privkey /etc/ocserv/template/ca.key.pem --template /etc/ocserv/template/ca.tmp --outfile /etc/ocserv/ca.cert.pem
certtool --generate-dh-params --outfile /etc/ocserv/dh.pemcat >/etc/ocserv/template/server.tmp<<EOF
cn = "$MyDomain"
organization = "MoeClub.org"
serial = 2
expiration_days = 1825
signing_key
encryption_key
tls_www_server
EOF
openssl genrsa -out /etc/ocserv/server.key.pem 2048
certtool --generate-certificate --hash SHA256 --load-privkey /etc/ocserv/server.key.pem --load-ca-certificate /etc/ocserv/ca.cert.pem --load-ca-privkey /etc/ocserv/template/ca.key.pem --template /etc/ocserv/template/server.tmp --outfile /etc/ocserv/server.cert.pem
cat /etc/ocserv/ca.cert.pem >>/etc/ocserv/server.cert.pem
}function login_ocserv()
{
[ $MyType == 'certificate' ] && {
cat >/etc/ocserv/template/user.tmp<<EOF
cn = "$FILLIT1"
unit = "$FILLIT2"
expiration_days = 1825
signing_key
tls_www_client
EOF
openssl genrsa -out /etc/ocserv/template/user.key.pem 2048
certtool --generate-certificate --hash SHA256 --load-privkey /etc/ocserv/template/user.key.pem --load-ca-certificate /etc/ocserv/template/ca.cert.pem --load-ca-privkey /etc/ocserv/template/ca.key.pem --template /etc/ocserv/template/user.tmp --outfile /etc/ocserv/template/user.cert.pem
cat /etc/ocserv/ca.cert.pem >>/etc/ocserv/template/user.cert.pem
openssl pkcs12 -export -inkey /etc/ocserv/template/user.key.pem -in /etc/ocserv/template/user.cert.pem -name "Vicer" -certfile /etc/ocserv/ca.cert.pem -caname "$FILLIT1" -out /etc/ocserv/AnyConnect.p12 -passout pass:
[ -f /etc/ocserv/ocserv.conf ] && sed -i 's/^auth =/#auth =/g;s/^#auth = "certificate".*/auth = "certificate"/g' /etc/ocserv/ocserv.conf
}
[ $MyType == 'password' ] && {
[ -f /etc/ocserv/ocpasswd ] && sed -i '/'${FILLIT1}':/d' /etc/ocserv/ocpasswd
echo -n "$FILLIT1:*:" >>/etc/ocserv/ocpasswd
openssl passwd "$FILLIT2" >>/etc/ocserv/ocpasswd
[ -f /etc/ocserv/ocserv.conf ] && sed -i 's/^auth =/#auth =/g;s/^#auth = "plain.*/auth = "plain\[passwd=\/etc\/ocserv\/ocpasswd\]"/g' /etc/ocserv/ocserv.conf
}
}function ask_ocserv()
{
Welcome
Ask_ocserv_port
Ask_ocserv_type
Ask_ocserv_password
pause
clear
}function ins_dnsmasq()
{
apt-get install -y dnsmasq
cat >/etc/dnsmasq.conf<<EOF
except-interface=$ifname
dhcp-range=192.168.8.2,192.168.8.254,255.255.255.0,24h
dhcp-option-force=option:router,192.168.8.1
dhcp-option-force=option:dns-server,192.168.8.1
dhcp-option-force=option:netbios-ns,192.168.8.1
listen-address=127.0.0.1,192.168.8.1
no-resolv
bogus-priv
no-negcache
clear-on-reload
cache-size=81920
server=208.67.220.220#5353
EOF
bash /etc/init.d/dnsmasq restart
}function ins_serverSpeeder()
{
[ $oVZ == 'n' ] && {
wget --no-check-certificate -qO /tmp/appex.sh "https://raw.githubusercontent.com/0oVicero0/serverSpeeder_Install/master/appex.sh"
[ $? -eq '0' ] && {
insNum="$(awk '/^SelectKernel;/{print NR}' /tmp/appex.sh)"
echo "sed -i '/^# Set acc inf/,\$d' /tmp/appex/install.sh" >/tmp/ins.tmp
echo "echo -e 'boot=y && addStartUpLink' >>/tmp/appex/install.sh" >>/tmp/ins.tmp
[ -f /tmp/ins.tmp ] && {
sed -i ''${insNum}'r /tmp/ins.tmp' /tmp/appex.sh
sed -i '/^pause;$/d' /tmp/appex.sh
sed -i '/serverSpeeder.sh status$/d' /tmp/appex.sh
}
bash /tmp/appex.sh install
}
}
}function add_user()
{
[ "$(grep -c '^auth =' /etc/ocserv/ocserv.conf)" != '1' ] && sed -i 's/^auth =/#auth =/g;s/^#auth = "plain.*/auth = "plain\[passwd=\/etc\/ocserv\/ocpasswd\]"/g' /etc/ocserv/ocserv.conf
MyType='password'
FILLIT1="$tmpUser"
FILLIT2="$tmpPass"
[ -n "$FILLIT1" ] && [ -n "$FILLIT2" ] && login_ocserv
}function del_user()
{
[ -f /etc/ocserv/ocpasswd ] && sed -i '/'${delUser}':/d' /etc/ocserv/ocpasswd
}function ChangeType()
{
TheType="$(echo -n "$tmpType"|sed -r 's/(.*)/\L\1/')"
echo -n "$TheType" |grep -q '^cert'
[ $? -eq '0' ] && [ -f /etc/ocserv/ocserv.conf ] && sed -i 's/^auth =/#auth =/g;s/^#auth = "certificate".*/auth = "certificate"/g' /etc/ocserv/ocserv.conf
echo -n "$TheType" |grep -q '^pass'
[ $? -eq '0' ] && [ -f /etc/ocserv/ocserv.conf ] && sed -i 's/^auth =/#auth =/g;s/^#auth = "plain.*/auth = "plain\[passwd=\/etc\/ocserv\/ocpasswd\]"/g' /etc/ocserv/ocserv.conf
[ -e /etc/init.d/ocserv ] && bash /etc/init.d/ocserv restart
}function add_route()
{
sed -i '/^route/d' /etc/ocserv/ocserv.conf
sed -i '/^no-route/d' /etc/ocserv/ocserv.conf
cat >>/etc/ocserv/ocserv.conf<<EOF
## Route List
route = 0.0.0.0/248.0.0.0
route = 8.0.0.0/254.0.0.0
route = 11.0.0.0/255.0.0.0
route = 12.0.0.0/252.0.0.0
route = 16.0.0.0/248.0.0.0
route = 24.0.0.0/254.0.0.0
route = 26.0.0.0/255.0.0.0
route = 27.0.0.0/255.128.0.0
route = 27.128.0.0/255.192.0.0
route = 27.224.0.0/255.224.0.0
route = 28.0.0.0/252.0.0.0
route = 32.0.0.0/252.0.0.0
route = 36.0.0.0/255.192.0.0
route = 36.64.0.0/255.224.0.0
route = 36.224.0.0/255.224.0.0
route = 37.0.0.0/255.0.0.0
route = 38.0.0.0/255.0.0.0
route = 39.0.0.0/255.192.0.0
route = 39.96.0.0/255.224.0.0
route = 39.192.0.0/255.192.0.0
route = 40.0.0.0/252.0.0.0
route = 44.0.0.0/254.0.0.0
route = 46.0.0.0/255.0.0.0
route = 47.0.0.0/255.192.0.0
route = 47.64.0.0/255.224.0.0
route = 47.128.0.0/255.128.0.0
route = 48.0.0.0/255.0.0.0
route = 49.0.0.0/255.192.0.0
route = 49.96.0.0/255.224.0.0
route = 49.128.0.0/255.128.0.0
route = 50.0.0.0/254.0.0.0
route = 52.0.0.0/252.0.0.0
route = 56.0.0.0/254.0.0.0
route = 58.0.0.0/255.224.0.0
route = 58.64.0.0/255.192.0.0
route = 58.128.0.0/255.192.0.0
route = 58.224.0.0/255.224.0.0
route = 59.0.0.0/255.224.0.0
route = 59.64.0.0/255.192.0.0
route = 59.128.0.0/255.192.0.0
route = 60.32.0.0/255.224.0.0
route = 60.64.0.0/255.192.0.0
route = 60.128.0.0/255.224.0.0
route = 60.192.0.0/255.192.0.0
route = 61.0.0.0/255.128.0.0
route = 61.192.0.0/255.192.0.0
route = 62.0.0.0/254.0.0.0
route = 64.0.0.0/224.0.0.0
route = 96.0.0.0/248.0.0.0
route = 104.0.0.0/252.0.0.0
route = 108.0.0.0/254.0.0.0
route = 110.0.0.0/255.192.0.0
route = 110.64.0.0/255.224.0.0
route = 110.128.0.0/255.192.0.0
route = 110.224.0.0/255.224.0.0
route = 111.64.0.0/255.192.0.0
route = 111.160.0.0/255.224.0.0
route = 111.192.0.0/255.192.0.0
route = 112.64.0.0/255.192.0.0
route = 112.128.0.0/255.192.0.0
route = 112.192.0.0/255.224.0.0
route = 113.0.0.0/255.192.0.0
route = 113.128.0.0/255.128.0.0
route = 114.0.0.0/255.128.0.0
route = 114.128.0.0/255.192.0.0
route = 114.192.0.0/255.224.0.0
route = 115.0.0.0/255.128.0.0
route = 115.128.0.0/255.192.0.0
route = 115.224.0.0/255.224.0.0
route = 116.0.0.0/255.128.0.0
route = 116.192.0.0/255.192.0.0
route = 117.0.0.0/255.128.0.0
route = 117.192.0.0/255.192.0.0
route = 118.0.0.0/254.0.0.0
route = 120.0.0.0/255.128.0.0
route = 120.128.0.0/255.192.0.0
route = 121.0.0.0/255.240.0.0
route = 121.16.0.0/255.240.0.0
route = 121.32.0.0/255.240.0.0
route = 121.48.0.0/255.254.0.0
route = 121.50.0.0/255.255.0.0
route = 121.52.0.0/255.252.0.0
route = 121.56.0.0/255.248.0.0
route = 121.64.0.0/255.192.0.0
route = 121.128.0.0/255.128.0.0
route = 122.0.0.0/255.192.0.0
route = 122.96.0.0/255.224.0.0
route = 122.128.0.0/255.128.0.0
route = 123.0.0.0/255.192.0.0
route = 123.96.0.0/255.224.0.0
route = 123.128.0.0/255.128.0.0
route = 124.0.0.0/255.0.0.0
route = 125.0.0.0/255.192.0.0
route = 125.96.0.0/255.224.0.0
route = 125.128.0.0/255.128.0.0
route = 126.0.0.0/254.0.0.0
route = 128.0.0.0/248.0.0.0
route = 136.0.0.0/252.0.0.0
route = 140.0.0.0/255.128.0.0
route = 140.128.0.0/255.192.0.0
route = 140.192.0.0/255.248.0.0
route = 140.200.0.0/255.252.0.0
route = 140.204.0.0/255.255.0.0
route = 140.208.0.0/255.240.0.0
route = 140.224.0.0/255.224.0.0
route = 141.0.0.0/255.0.0.0
route = 142.0.0.0/254.0.0.0
route = 144.0.0.0/240.0.0.0
route = 160.0.0.0/248.0.0.0
route = 168.0.0.0/255.128.0.0
route = 168.128.0.0/255.192.0.0
route = 168.192.0.0/255.224.0.0
route = 168.224.0.0/255.240.0.0
route = 168.240.0.0/255.248.0.0
route = 168.248.0.0/255.252.0.0
route = 168.252.0.0/255.254.0.0
route = 168.255.0.0/255.255.0.0
route = 169.0.0.0/255.0.0.0
route = 170.0.0.0/254.0.0.0
route = 172.0.0.0/255.240.0.0
route = 172.32.0.0/255.224.0.0
route = 172.64.0.0/255.192.0.0
route = 172.128.0.0/255.128.0.0
route = 173.0.0.0/255.0.0.0
route = 174.0.0.0/255.0.0.0
route = 175.0.0.0/255.192.0.0
route = 175.96.0.0/255.224.0.0
route = 175.128.0.0/255.128.0.0
route = 176.0.0.0/252.0.0.0
route = 180.0.0.0/255.192.0.0
route = 180.64.0.0/255.224.0.0
route = 180.128.0.0/255.128.0.0
route = 181.0.0.0/255.0.0.0
route = 182.0.0.0/255.192.0.0
route = 182.64.0.0/255.224.0.0
route = 182.128.0.0/255.128.0.0
route = 183.64.0.0/255.192.0.0
route = 183.160.0.0/255.224.0.0
route = 184.0.0.0/248.0.0.0
route = 192.0.0.0/255.128.0.0
route = 192.128.0.0/255.224.0.0
route = 192.160.0.0/255.248.0.0
route = 192.169.0.0/255.255.0.0
route = 192.170.0.0/255.254.0.0
route = 192.172.0.0/255.252.0.0
route = 192.176.0.0/255.240.0.0
route = 192.192.0.0/255.192.0.0
route = 193.0.0.0/255.0.0.0
route = 194.0.0.0/254.0.0.0
route = 196.0.0.0/252.0.0.0
route = 200.0.0.0/248.0.0.0
route = 208.0.0.0/248.0.0.0
route = 216.0.0.0/254.0.0.0
route = 218.32.0.0/255.224.0.0
route = 218.96.0.0/255.224.0.0
route = 218.128.0.0/255.128.0.0
route = 219.0.0.0/255.128.0.0
route = 219.160.0.0/255.224.0.0
route = 219.192.0.0/255.192.0.0
route = 220.0.0.0/255.128.0.0
route = 220.128.0.0/255.224.0.0
route = 220.192.0.0/255.192.0.0
route = 221.0.0.0/255.0.0.0
route = 222.0.0.0/255.224.0.0
route = 222.96.0.0/255.224.0.0
route = 222.128.0.0/255.192.0.0
route = 222.224.0.0/255.224.0.0
route = 223.0.0.0/255.192.0.0
route = 223.96.0.0/255.224.0.0
route = 223.128.0.0/255.128.0.0
route = 224.0.0.0/224.0.0.0
EOF
[ -e /etc/init.d/ocserv ] && bash /etc/init.d/ocserv restart
}function add_noroute()
{
sed -i '/^route/d' /etc/ocserv/ocserv.conf
sed -i '/^no-route/d' /etc/ocserv/ocserv.conf
PublicIP="$(wget -qO- checkip.amazonaws.com)"
cat >>/etc/ocserv/ocserv.conf<<EOF
## No Route List
no-route = $PublicIP/255.255.255.255
no-route = 192.168.0.0/255.255.0.0no-route = 1.0.0.0/255.192.0.0
no-route = 1.64.0.0/255.224.0.0
no-route = 1.112.0.0/255.248.0.0
no-route = 1.176.0.0/255.240.0.0
no-route = 1.192.0.0/255.240.0.0
no-route = 14.0.0.0/255.224.0.0
no-route = 14.96.0.0/255.224.0.0
no-route = 14.128.0.0/255.224.0.0
no-route = 14.192.0.0/255.224.0.0
no-route = 27.0.0.0/255.192.0.0
no-route = 27.96.0.0/255.224.0.0
no-route = 27.128.0.0/255.224.0.0
no-route = 27.176.0.0/255.240.0.0
no-route = 27.192.0.0/255.224.0.0
no-route = 27.224.0.0/255.252.0.0
no-route = 36.0.0.0/255.192.0.0
no-route = 36.96.0.0/255.224.0.0
no-route = 36.128.0.0/255.192.0.0
no-route = 36.192.0.0/255.224.0.0
no-route = 36.240.0.0/255.240.0.0
no-route = 39.0.0.0/255.255.0.0
no-route = 39.64.0.0/255.224.0.0
no-route = 39.96.0.0/255.240.0.0
no-route = 39.128.0.0/255.192.0.0
no-route = 40.72.0.0/255.254.0.0
no-route = 40.124.0.0/255.252.0.0
no-route = 42.0.0.0/255.248.0.0
no-route = 42.48.0.0/255.240.0.0
no-route = 42.80.0.0/255.240.0.0
no-route = 42.96.0.0/255.224.0.0
no-route = 42.128.0.0/255.128.0.0
no-route = 43.224.0.0/255.224.0.0
no-route = 45.65.16.0/255.255.240.0
no-route = 45.112.0.0/255.240.0.0
no-route = 45.248.0.0/255.248.0.0
no-route = 47.92.0.0/255.252.0.0
no-route = 47.96.0.0/255.224.0.0
no-route = 49.0.0.0/255.128.0.0
no-route = 49.128.0.0/255.224.0.0
no-route = 49.192.0.0/255.192.0.0
no-route = 52.80.0.0/255.252.0.0
no-route = 54.222.0.0/255.254.0.0
no-route = 58.0.0.0/255.128.0.0
no-route = 58.128.0.0/255.224.0.0
no-route = 58.192.0.0/255.224.0.0
no-route = 58.240.0.0/255.240.0.0
no-route = 59.32.0.0/255.224.0.0
no-route = 59.64.0.0/255.224.0.0
no-route = 59.96.0.0/255.240.0.0
no-route = 59.144.0.0/255.240.0.0
no-route = 59.160.0.0/255.224.0.0
no-route = 59.192.0.0/255.192.0.0
no-route = 60.0.0.0/255.224.0.0
no-route = 60.48.0.0/255.240.0.0
no-route = 60.160.0.0/255.224.0.0
no-route = 60.192.0.0/255.192.0.0
no-route = 61.0.0.0/255.192.0.0
no-route = 61.80.0.0/255.248.0.0
no-route = 61.128.0.0/255.192.0.0
no-route = 61.224.0.0/255.224.0.0
no-route = 91.234.36.0/255.255.255.0
no-route = 101.0.0.0/255.128.0.0
no-route = 101.128.0.0/255.224.0.0
no-route = 101.192.0.0/255.240.0.0
no-route = 101.224.0.0/255.224.0.0
no-route = 103.0.0.0/255.0.0.0
no-route = 106.0.0.0/255.128.0.0
no-route = 106.224.0.0/255.240.0.0
no-route = 110.0.0.0/255.128.0.0
no-route = 110.144.0.0/255.240.0.0
no-route = 110.160.0.0/255.224.0.0
no-route = 110.192.0.0/255.192.0.0
no-route = 111.0.0.0/255.192.0.0
no-route = 111.64.0.0/255.224.0.0
no-route = 111.112.0.0/255.240.0.0
no-route = 111.128.0.0/255.192.0.0
no-route = 111.192.0.0/255.224.0.0
no-route = 111.224.0.0/255.240.0.0
no-route = 112.0.0.0/255.128.0.0
no-route = 112.128.0.0/255.240.0.0
no-route = 112.192.0.0/255.252.0.0
no-route = 112.224.0.0/255.224.0.0
no-route = 113.0.0.0/255.128.0.0
no-route = 113.128.0.0/255.240.0.0
no-route = 113.192.0.0/255.192.0.0
no-route = 114.16.0.0/255.240.0.0
no-route = 114.48.0.0/255.240.0.0
no-route = 114.64.0.0/255.192.0.0
no-route = 114.128.0.0/255.240.0.0
no-route = 114.192.0.0/255.192.0.0
no-route = 115.0.0.0/255.0.0.0
no-route = 116.0.0.0/255.0.0.0
no-route = 117.0.0.0/255.128.0.0
no-route = 117.128.0.0/255.192.0.0
no-route = 118.16.0.0/255.240.0.0
no-route = 118.64.0.0/255.192.0.0
no-route = 118.128.0.0/255.128.0.0
no-route = 119.0.0.0/255.128.0.0
no-route = 119.128.0.0/255.192.0.0
no-route = 119.224.0.0/255.224.0.0
no-route = 120.0.0.0/255.192.0.0
no-route = 120.64.0.0/255.224.0.0
no-route = 120.128.0.0/255.240.0.0
no-route = 120.192.0.0/255.192.0.0
no-route = 121.0.0.0/255.128.0.0
no-route = 121.192.0.0/255.192.0.0
no-route = 122.0.0.0/254.0.0.0
no-route = 124.0.0.0/255.0.0.0
no-route = 125.0.0.0/255.128.0.0
no-route = 125.160.0.0/255.224.0.0
no-route = 125.192.0.0/255.192.0.0
no-route = 137.59.59.0/255.255.255.0
no-route = 137.59.88.0/255.255.252.0
no-route = 139.0.0.0/255.224.0.0
no-route = 139.128.0.0/255.128.0.0
no-route = 140.64.0.0/255.240.0.0
no-route = 140.128.0.0/255.240.0.0
no-route = 140.192.0.0/255.192.0.0
no-route = 144.0.0.0/255.248.0.0
no-route = 144.12.0.0/255.255.0.0
no-route = 144.48.0.0/255.248.0.0
no-route = 144.123.0.0/255.255.0.0
no-route = 144.255.0.0/255.255.0.0
no-route = 146.196.0.0/255.255.128.0
no-route = 150.0.0.0/255.255.0.0
no-route = 150.96.0.0/255.224.0.0
no-route = 150.128.0.0/255.240.0.0
no-route = 150.192.0.0/255.192.0.0
no-route = 152.104.128.0/255.255.128.0
no-route = 153.0.0.0/255.192.0.0
no-route = 153.96.0.0/255.224.0.0
no-route = 157.0.0.0/255.255.0.0
no-route = 157.18.0.0/255.255.0.0
no-route = 157.61.0.0/255.255.0.0
no-route = 157.112.0.0/255.240.0.0
no-route = 157.144.0.0/255.240.0.0
no-route = 157.255.0.0/255.255.0.0
no-route = 159.226.0.0/255.255.0.0
no-route = 160.19.0.0/255.255.0.0
no-route = 160.20.48.0/255.255.252.0
no-route = 160.202.0.0/255.255.0.0
no-route = 160.238.64.0/255.255.252.0
no-route = 161.207.0.0/255.255.0.0
no-route = 162.105.0.0/255.255.0.0
no-route = 163.0.0.0/255.192.0.0
no-route = 163.96.0.0/255.224.0.0
no-route = 163.128.0.0/255.192.0.0
no-route = 163.192.0.0/255.224.0.0
no-route = 164.52.0.0/255.255.128.0
no-route = 166.111.0.0/255.255.0.0
no-route = 167.139.0.0/255.255.0.0
no-route = 167.189.0.0/255.255.0.0
no-route = 167.220.244.0/255.255.252.0
no-route = 168.160.0.0/255.255.0.0
no-route = 170.179.0.0/255.255.0.0
no-route = 171.0.0.0/255.128.0.0
no-route = 171.192.0.0/255.224.0.0
no-route = 175.0.0.0/255.128.0.0
no-route = 175.128.0.0/255.192.0.0
no-route = 180.64.0.0/255.192.0.0
no-route = 180.128.0.0/255.128.0.0
no-route = 182.0.0.0/255.0.0.0
no-route = 183.0.0.0/255.192.0.0
no-route = 183.64.0.0/255.224.0.0
no-route = 183.128.0.0/255.128.0.0
no-route = 192.124.154.0/255.255.255.0
no-route = 192.140.128.0/255.255.128.0
no-route = 202.0.0.0/255.128.0.0
no-route = 202.128.0.0/255.192.0.0
no-route = 202.192.0.0/255.224.0.0
no-route = 203.0.0.0/255.0.0.0
no-route = 210.0.0.0/255.192.0.0
no-route = 210.64.0.0/255.224.0.0
no-route = 210.160.0.0/255.224.0.0
no-route = 210.192.0.0/255.224.0.0
no-route = 211.64.0.0/255.248.0.0
no-route = 211.80.0.0/255.240.0.0
no-route = 211.96.0.0/255.248.0.0
no-route = 211.136.0.0/255.248.0.0
no-route = 211.144.0.0/255.240.0.0
no-route = 211.160.0.0/255.248.0.0
no-route = 216.250.108.0/255.255.252.0
no-route = 218.0.0.0/255.128.0.0
no-route = 218.160.0.0/255.224.0.0
no-route = 218.192.0.0/255.192.0.0
no-route = 219.64.0.0/255.224.0.0
no-route = 219.128.0.0/255.224.0.0
no-route = 219.192.0.0/255.192.0.0
no-route = 220.96.0.0/255.224.0.0
no-route = 220.128.0.0/255.128.0.0
no-route = 221.0.0.0/255.224.0.0
no-route = 221.96.0.0/255.224.0.0
no-route = 221.128.0.0/255.128.0.0
no-route = 222.0.0.0/255.0.0.0
no-route = 223.0.0.0/255.224.0.0
no-route = 223.64.0.0/255.192.0.0
no-route = 223.128.0.0/255.128.0.0
EOF
[ -e /etc/init.d/ocserv ] && bash /etc/init.d/ocserv restart
}function ins_all()
{
Welcome
ServerIP
ask_ocserv
ins_ocserv
login_ocserv
ins_dnsmasq
ins_serverSpeeder
SYSCONF
ins_Finish
}function ins_Finish()
{
grep '^iptables' /etc/rc.local >/tmp/iptables.tmp
[ -f /tmp/iptables.tmp ] && bash /tmp/iptables.tmp
[ -e /etc/init.d/dnsmasq ] && bash /etc/init.d/dnsmasq restart
[ -e /etc/init.d/ocserv ] && bash /etc/init.d/ocserv restart
[ -e /etc/init.d/serverSpeeder ] && bash /etc/init.d/serverSpeeder restart
rm -rf /tmp/*.tmp
}[ $# -eq '0' ] && ins_all
ins_it='0';
addroute='0';
addnoroute='0';
adduser='0';
delUser='0';
UseType='0';
tmpUser="";
tmpPass="";
tmpType="";
while [[ $# -ge 1 ]]; docase $1 in-i|ins|-ins|install|-install)shiftins_it='1';;-u|u|use|-use)shiftUseType='1'tmpType="$1"shift;;-a|a|-add|add)shiftadduser='1'tmpUser="$1"shifttmpPass="$1"shift;;-d|d|-del|del)shiftdelUser='1'tmpUser="$1"shift;;-route|route)shiftaddroute="1";;-noroute|noroute)shiftaddnoroute="1";;*)echo -ne " Usage:\n\tbash $0\t\n"exit 1;;;esacdone[ "$ins_it" == '1' ] && ins_all;
[ "$addroute" == '1' ] && add_route;
[ "$addnoroute" == '1' ] && add_noroute;
[ "$UseType" == '1' ] && [ -n "$tmpType" ] && ChangeType;
[ "$delUser" == '1' ] && [ -n "$tmpUser" ] && del_user;
[ "$adduser" == '1' ] && [ -n "$tmpUser" ] && [ -n "$tmpPass" ] && add_user;

ocserv+锐速一键脚本/用户管理相关推荐

  1. aria2 linux一键安装,Aria2一键安装及管理脚本,搭建AriaNg前端

    说明:Aria2作为一款linux下的下载神器,可以下载http资源.种子文件.磁力链接等,功能强大,就不过多介绍了,此前提到过Aria2安装方法,这里再说个逗比大佬的一键脚本,很方便,推荐使用. 一 ...

  2. Aria2一键安装及管理脚本,搭建AriaNg前端

    说明:Aria2作为一款linux下的下载神器,可以下载http资源.种子文件.磁力链接等,功能强大,就不过多介绍了,此前提到过Aria2安装方法,这里再说个逗比大佬的一键脚本,很方便,推荐使用. 一 ...

  3. php管理ssr,基于宝塔面板开发ssrpanel一键脚本 | 刺客博客 - 刺客博客

    问:"为啥我要写这么一个半自动的一键脚本呢?" 答:因为宝塔面板是用起来Bug最少,也是最简单的一个面板. 由于宝塔的特性,我们可以无限搭建站点,这样也不用出现一个服务器用一键脚本 ...

  4. lnmp里面php测试脚本,军哥LNMP V1.4测试版一键脚本安装以及功能上的升级体验

    LNMP 1.4测试版,主要新增加PHP7.1支持.LNMP模式下多PHP版本安装.lnmp管理脚本增加SSL支持可以选择Let'sencrypt自动生成证书或自定义证书.多种自定义安装.Nginx使 ...

  5. dva + antd + mockjs 实现用户管理

    1.安装dva-cli npm install dva-cli -g 2.创建应用 dva new dvadashboard [dvadashboard为项目名] 3.安装mockjs npm ins ...

  6. 用户管理 之 用户(User)和用户组(Group)配置文件详解

    作者:北南南北 来自:LinuxSir.Org 摘要:本文详解用户(User)和用户组(Group)的配置文件,本文是<Linux 用户(User)和用户组(Group)管理概述>文档的关 ...

  7. 服务器用户设置备份,用户管理的备份

    用户管理的备份 准备: 查询视图获取数据库文件信息 V$DATAFILE V$CONTROLFILE V$LOGFILE DBA_DATA_FILES SQL> select name ,sta ...

  8. Community Server系列之九:CS2中的用户管理1(MemberRole)

            近期由于身心不适,一直没更新,现又拿起笔,继续这个系列--            CS中的用户及权限管理是比较复杂的,了解其中的用户及权限有关的机制对掌握CS的核心是至关重要的,现就对 ...

  9. linux上的用户管理

    作为一个专业的服务器发行版,CentOS上存在着n多个用户,作为一个专业的运维工程师,linux的用户管理和用户组的管理是做为一个SA必不可少的工作. 下面我们就先来谈谈linux中的用户管理: us ...

最新文章

  1. CSS sprites
  2. [转]不定义JQuery插件,不要说会JQuery
  3. 自定义的命民空间在其他程序集里无法调用
  4. python电影名称词云_python-词云
  5. 【结论】【dfs】费解的开关(joyoi-tyvj 1266)
  6. IOC操作Bean管理注解方式(完全注解开发)
  7. android xml黑体字_为 Android 换上任意喜欢的字体,你可以试试这个 Magisk 模块
  8. ionic 组件之二维码扫描
  9. c语言硬件信息监控,zabbix通过ipmi传感器监控浪潮服务器的硬件信息
  10. 搬水果 - 九度教程第31题(哈夫曼树)
  11. Docker Toolbox下配置国内镜像源-阿里云加速器
  12. 大型企业通用ERP进销存源码 ASP.Net开发系统源码
  13. 【APP 测试】绕过华为手机打开 USB 调试需要先登录华为账号问题
  14. 蓝牙模式-Inquiry and Page详细解析含参数
  15. SolidWork 制作KUKAKR6R700机器人URDF模型
  16. JAVA中如何解决超卖,Redis解决库存超卖问题实例讲解
  17. 不能是underfined.xxx
  18. Contradiction Detection with Contradiction-Specific Word Embedding
  19. 超详细的MySQL基本操作
  20. 蝴蝶网络 Butterfly network

热门文章

  1. Microsoft Graph 的 .NET 6 之旅
  2. 两千字计算机论文翻译,计算机专业外文文献论文翻译.doc
  3. abbyy finereader2023泰比文字识别PDF编辑软件
  4. Post 请求成功,却报错404
  5. 四级英语图表作文真题计算机,[英语学习]四级英语图表作文.ppt
  6. 服务器bios固件和麒麟系统,BIOS和固件有什么区别? | MOS86
  7. 史上最简单的SpringCloud教程 | 第七篇: 高可用的分布式配置中心(Spring Cloud Config)(Finchley版本)
  8. EP4: 无偏博弈和数学游戏
  9. STM32 DMA串口方式获取GPS经纬度和时间数据
  10. 20190722-deeplearning-note