#!/bin/bash # Install-NeoRouter © Copyright 2012-2013, Ward Mundy & Associates LLC. All Right Reserved # # Install-NeoRouter 1.2 is licensed under the GPL2 license # # For a copy of license, visit http://www.gnu.org/licenses/old-licenses/gpl-2.0.html # # For additional information, contact us: http://pbxinaflash.com/about/comment.php clear if [ -e "/usr/bin/gvoice" ] ; then echo "Install-NeoRouter (c) Copyright 2012-2013, Ward Mundy & Associates, LLC" echo "The Install-NeoRouter installer is for PBX in a Flash 2 systems ONLY!" echo "This installer is free software provided AS IS subject to GPL2 license." echo "NEVER RUN THIS INSTALLER ON THE SAME SYSTEM MORE THAN ONCE!" else echo "WARNING: install-neorouter installer only works with PBX in a Flash 2." echo "You appear to be running an incompatible version. DO NOT PROCEED." exit fi echo " " echo "BY USING THE Install-NeoRouter SCRIPT, YOU AGREE TO ASSUME ALL RISKS." echo "NO WARRANTY, EXPRESS OR IMPLIED, OF ANY KIND IS PROVIDED INCLUDING" echo "ANY IMPLIED WARRANTIES OF FITNESS FOR USE OR MERCHANTABILITY. SOFTWARE" echo "IS DISTRIBUTED AS IS. YOU ALONE MUST DECIDE ITS SUITABILITY FOR USE." echo " " read -p "To proceed at your own risk, press Enter. Otherwise, Ctrl-C to abort." clear cd /root echo "Before we begin, here's what we show" echo "for your PUBLIC and PRIVATE IP addresses:" externip=`curl -s -S --user-agent "Mozilla/4.0" http://myip.pbxinaflash.com | \ awk 'NR==2'` echo "PUBLIC: $externip" internip=`ifconfig | grep -m 2 ^ | cut -f 2 -d ":" | cut -f 1 -d " " | tail -1` echo "PRIVATE: $internip" echo " " echo "First, pause here for a moment and configure" echo "your hardware-based firewall. You need to map" echo "TCP port 32976 to your server's LAN IP: $internip" read -p "Once you've done that, press Enter. Or, press Ctrl-C to abort." echo " " echo "Next, we need an admin username to log into your NeoRouter VPN." echo "What username would you like to use?" read username echo " " echo "You have chosen to use the following username: $username" echo " " echo "Finally, we need a VERY SECURE password to use with this username." echo "Here are some examples: 78Fy346Q, 993DcHH4, Li88GGhr." echo "We strongly recommend using 8 or more alphanumeric characters!" echo "If this code is broken, the hacker gains access to your entire VPN!" echo "What user password would you like to use:" read userpass echo " " clear echo "OK. We are ready to begin. Here is where I think we are." echo "1 - You mapped TCP 32976 on your firewall to $internip." echo "2 - You will use $externip to access your NeoRouter VPN." echo "3 - You assigned $username as admin user for access to VPN." echo "4 - You assigned $userpass as password for admin access." echo " " echo "We show your server's existing PRIVATE IP address is $internip." echo "Make certain your private network is NOT in 10.0.0.x address range!" echo " " read -p "If everything above is correct, press Enter. Or Ctrl-C to abort." echo " " echo "NeoRouter installation is beginning..." echo "Updating OpenSSL..." yum -y update openssl echo "Installing appropriate NeoRouter software..." test=`uname -a | grep x86_64` if [ -z "$test" ] then echo "This is 32-bit CentOS system." wget http://download.neorouter.com/Downloads/NRFree/Update_1.9.0.3800/Linux/CentOS/nrserver-1.9.0.3800-free-centos-i386.rpm wget http://download.neorouter.com/Downloads/NRFree/Update_1.9.0.3800/Linux/CentOS/nrclient-1.9.0.3800-free-centos-i386.rpm rpm -Uvh nrserver* rpm -Uvh nrclient* else echo "This is 64-bit CentOS system." wget http://download.neorouter.com/Downloads/NRFree/Update_1.9.0.3800/Linux/CentOS/nrserver-1.9.0.3800-free-centos-x86_64.rpm wget http://download.neorouter.com/Downloads/NRFree/Update_1.9.0.3800/Linux/CentOS/nrclient-1.9.0.3800-free-centos-x86_64.rpm rpm -Uvh nrserver* rpm -Uvh nrclient* fi echo "Poking holes in IPtables firewall..." sed -i ' /\-A INPUT \-p udp \-m udp \-\-dport 123 \-j ACCEPT/ { a\ # NeoRouter Server requires TCP 32976 port opening\ -A INPUT -p tcp -m tcp --dport 32976 -j ACCEPT\ # NeoRouter Client uses 10.x private network\ -A INPUT -s 10.0.0.0/8 -j ACCEPT }' /etc/sysconfig/iptables service iptables restart sed -i ' /\-A INPUT \-p udp \-m udp \-\-dport 123 \-j ACCEPT/ { a\ # NeoRouter Server requires TCP 32976 port opening\ -A INPUT -p tcp -m tcp --dport 32976 -j ACCEPT\ # NeoRouter Client uses 10.x private network\ -A INPUT -s 10.0.0.0/8 -j ACCEPT }' /etc/sysconfig/iptables.orig sed -i ' /\-A INPUT \-p udp \-m udp \-\-dport 123 \-j ACCEPT/ { a\ # NeoRouter Server requires TCP 32976 port opening\ -A INPUT -p tcp -m tcp --dport 32976 -j ACCEPT\ # NeoRouter Client uses 10.x private network\ -A INPUT -s 10.0.0.0/8 -j ACCEPT }' /root/iptables.orig clear echo "Restarting firewall..." service iptables restart echo "Restarting NeoRouter Server..." /etc/rc.d/init.d/nrserver.sh restart cd /root echo "Setting up crontab restarts for nrserver..." echo "#!/bin/bash" > nrtest.sh echo " " >> nrtest.sh echo "if [[ $variable == */usr/bin/nrserver* ]]" >> nrtest.sh echo "then" >> nrtest.sh echo " test=1" >> nrtest.sh echo "else" >> nrtest.sh echo " /etc/rc.d/init.d/nrserver.sh start" >> nrtest.sh echo "fi" >> nrtest.sh chmod +x nrtest.sh echo "10 * * * * root /root/nrtest.sh > /dev/null" >> /etc/crontab echo "Adding $username admin account..." nrserver -adduser $username $userpass admin nrserver -showusers nrserver -showsettings echo " " echo "NeoRouter installation completed." echo "Using NeoRouter client on Windows, Mac (NOT Lion!), or Smartphone," echo "you now can log in to your server with the following:" echo "Server: $externip (or matching FQDN)" echo "User: $username" echo "Passwd: $userpass" echo "Try it here: nrclientcmd -d $externip -u $username -p $userpass" echo " " echo "Once the connection is established, you will be" echo "assigned the next available PRIVATE IP address on" echo "in your NeoRouter VPN's 10.0.0.x private LAN." echo " " echo "You then can access any device on the NeoRouter LAN" echo "using whatever is appropriate, e.g. SSH, HTTP, SIP..." echo " "