diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..86089b9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +DockerSetup.bat \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index cb7dab1..1074df5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,8 @@ RUN apt-get install -y lsb-core \ net-tools \ ifupdown \ iproute2 \ - ufw + ufw \ + expect RUN apt upgrade -y #Download and prepare Cyberghost for install @@ -35,4 +36,7 @@ RUN chmod +x start.sh COPY run.sh . RUN chmod +x run.sh +COPY auth.sh . +RUN chmod +x auth.sh + CMD ["bash", "/start.sh"] diff --git a/auth.sh b/auth.sh new file mode 100644 index 0000000..ad46e26 --- /dev/null +++ b/auth.sh @@ -0,0 +1,22 @@ +#!/usr/bin/expect -f + +set force_conservative 0 ;# set to 1 to force conservative mode even if + ;# script wasn't run conservatively originally +if {$force_conservative} { + set send_slow {1 .1} + proc send {ignore arg} { + sleep .1 + exp_send -s -- $arg + } +} + +set timeout -1 +spawn sudo cyberghostvpn --setup +match_max 100000 +expect -exact "Setup account ...\r +Enter CyberGhost username and press \[ENTER\]: " +send -- "$::env(ACC)\r" +expect -exact "$::env(ACC)\r +Enter CyberGhost password and press \[ENTER\]: " +send -- "$::env(PASS)\r" +expect eof \ No newline at end of file diff --git a/start.sh b/start.sh index 42ee5ac..1676fb2 100644 --- a/start.sh +++ b/start.sh @@ -1,4 +1,17 @@ #!/bin/bash + + enable_dns_port () { + echo "Allowing PORT 53 - IN/OUT" + sudo ufw allow out 53 #Allow port 53 on all interface for initial VPN connection + sudo ufw allow in 53 + } + + disable_dns_port () { + echo "Blocking PORT 53 - IN/OUT" + sudo ufw delete allow out 53 #Remove Local DNS Port to prevent leaks + sudo ufw delete allow in 53 + } + sudo ufw enable #Start Firewall FILE=/usr/local/cyberghost/uninstall.sh @@ -19,7 +32,6 @@ sysctl -w net.ipv4.ip_forward=1 sudo ufw disable #Stop Firewall - export LOCAL_GATEWAY=$(ip r | awk '/^def/{print $3}') # Get local Gateway export CYBERGHOST_API_IP=$(getent ahostsv4 v2-api.cyberghostvpn.com | grep STREAM | head -n 1 | cut -d ' ' -f 1) sudo ufw default deny outgoing #Deny All traffic by default on all interfaces sudo ufw default deny incoming @@ -41,21 +53,26 @@ done fi - #Login to account if config not exist - #config_ini=/home/root/.cyberghost/config.ini - #if [ ! -f "$config_ini" ]; then - # (echo "$USER"; echo "$PASS" ) | sudo cyberghostvpn --setup - #fi - sudo ufw enable #Start Firewall - if [ -n "${NETWORK}" ]; then - echo "$NETWORK" "routed to " "$LOCAL_GATEWAY" - ip route add $NETWORK via $LOCAL_GATEWAY dev eth0 #Enable access to local lan - fi - echo "Firewall Setup Complete" echo 'FIREWALL ACTIVE WHEN FILE EXISTS' > .FIREWALL.cg fi + + #Login to account if config not exist + config_ini=/home/root/.cyberghost/config.ini + if [ ! -f "$config_ini" ]; then + echo "Logging into CyberGhost..." + enable_dns_port + expect /auth.sh + disable_dns_port + fi + + if [ -n "${NETWORK}" ]; then + echo "Adding network route..." + export LOCAL_GATEWAY=$(ip r | awk '/^def/{print $3}') # Get local Gateway + ip route add $NETWORK via $LOCAL_GATEWAY dev eth0 #Enable access to local lan + echo "$NETWORK" "routed to " "$LOCAL_GATEWAY" " on eth0" + fi FILE_RUN=/home/root/.cyberghost/run.sh @@ -64,24 +81,20 @@ fi #WIREGUARD START AND WATCH - sudo ufw allow out 53 #Allow port 53 on all interface for initial VPN connection - sudo ufw allow in 53 + enable_dns_port bash /home/root/.cyberghost/run.sh #Start the CyberGhost run script - sudo ufw delete allow out 53 #Remove Local DNS Port to prevent leaks - sudo ufw delete allow in 53 + disable_dns_port while true #Watch if Connection is lost then reconnect do sleep 30 if [[ $(sudo cyberghostvpn --status | grep 'No VPN connections found.' | wc -l) = "1" ]]; then echo 'VPN Connection Lost - Attempting to reconnect....' - sudo ufw allow out 53 #Add Local DNS Port to find VPN Server - sudo ufw allow in 53 + enable_dns_port bash /home/root/.cyberghost/run.sh #Start the CyberGhost run script - sudo ufw delete allow out 53 #Remove Local DNS Port to prevent leaks - sudo ufw delete allow in 53 + disable_dns_port fi done