uninstall added; bugfixes; adduser dir changed

8 years ago · 7daa49f7de
parent 7dc9ab9e51
commit 7daa49f7de
18 changed files with 558 additions and 78 deletions
--- a/ipsec/adduser.sh
+++ b/ipsec/adduser.sh
@ -64,39 +64,37 @@ do

 	PSK=$(sed -n "s/^[^#]\+[[:space:]]\+PSK[[:space:]]\+\"\(.\+\)\"/\1/p" $SECRETSFILE)

-	STARTDIR=$(pwd)
-
-	mkdir -p "$STARTDIR/$LOGIN"
-	DISTFILE=$STARTDIR/$LOGIN/setup.sh
+	mkdir -p "$DIR/$LOGIN"
+	DISTFILE=$DIR/$LOGIN/setup.sh
 	cp -rf $DIR/setup.sh.dist "$DISTFILE"
 	sed -i -e "s@_PSK_@$PSK@g" "$DISTFILE"
 	sed -i -e "s@_SERVERLOCALIP_@$LOCALPREFIX.0.1@g" "$DISTFILE"

-	DISTFILE=$STARTDIR/$LOGIN/ipsec.conf
+	DISTFILE=$DIR/$LOGIN/ipsec.conf
 	cp -rf $DIR/ipsec.conf.dist "$DISTFILE"
 	sed -i -e "s@LEFTIP@%any@g" "$DISTFILE"
 	sed -i -e "s@LEFTPORT@%any@g" "$DISTFILE"
 	sed -i -e "s@RIGHTIP@$IP@g" "$DISTFILE"
 	sed -i -e "s@RIGHTPORT@1701@g" "$DISTFILE"

-	DISTFILE=$STARTDIR/$LOGIN/xl2tpd.conf
+	DISTFILE=$DIR/$LOGIN/xl2tpd.conf
 	cp -rf $DIR/client-xl2tpd.conf.dist "$DISTFILE"
 	sed -i -e "s@REMOTEIP@$IP@g" "$DISTFILE"

-	DISTFILE=$STARTDIR/$LOGIN/options.xl2tpd
+	DISTFILE=$DIR/$LOGIN/options.xl2tpd
 	cp -rf $DIR/client-options.xl2tpd.dist "$DISTFILE"
 	sed -i -e "s@_LOGIN_@$LOGIN@g" "$DISTFILE"
 	sed -i -e "s@_PASSWORD_@$PASSWORD@g" "$DISTFILE"

-	cp -rf $DIR/connect.sh.dist "$STARTDIR/$LOGIN/connect.sh"
-	cp -rf $DIR/disconnect.sh.dist "$STARTDIR/$LOGIN/disconnect.sh"
+	cp -rf $DIR/connect.sh.dist "$DIR/$LOGIN/connect.sh"
+	cp -rf $DIR/disconnect.sh.dist "$DIR/$LOGIN/disconnect.sh"

-	chmod +x "$STARTDIR/$LOGIN/setup.sh" "$STARTDIR/$LOGIN/connect.sh" "$STARTDIR/$LOGIN/disconnect.sh"
+	chmod +x "$DIR/$LOGIN/setup.sh" "$DIR/$LOGIN/connect.sh" "$DIR/$LOGIN/disconnect.sh"

 	USERNAME=${SUDO_USER:-$USER}
-	chown -R $USERNAME:$USERNAME $STARTDIR/$LOGIN/
+	chown -R $USERNAME:$USERNAME $DIR/$LOGIN/
 	echo
-	echo "Directory $STARTDIR/$LOGIN with client-side installation script has been created."
+	echo "Directory $DIR/$LOGIN with client-side installation script has been created."

 	
 	if [[ $# -eq 0 ]]; then
--- a/ipsec/backup.sh
+++ b/ipsec/backup.sh
@ -0,0 +1,167 @@
+#!/usr/bin/env bash
+
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+source $DIR/env.sh
+
+if [[ "$EUID" -ne 0 ]]; then
+	echo "Sorry, you need to run this as root"
+	exit 1
+fi
+
+UNINSTALLDIR="$DIR/uninstall"
+
+if [[ -e "$UNINSTALLDIR" ]]; then
+	echo "$UNINSTALLDIR exists. Skipping..."
+	exit 0
+fi
+
+mkdir -p "$UNINSTALLDIR"
+
+UNINSTALL_SCRIPT="$UNINSTALLDIR/uninstall.sh"
+
+# backuping configs
+yes | cp -rf $SYSCTLCONFIG "$UNINSTALLDIR/sysctl.conf" 2>/dev/null
+yes | cp -rf $PPPCONFIG "$UNINSTALLDIR/options.xl2tpd" 2>/dev/null
+yes | cp -rf $XL2TPDCONFIG "$UNINSTALLDIR/xl2tpd.conf" 2>/dev/null
+yes | cp -rf $IPSECCONFIG "$UNINSTALLDIR/ipsec.conf" 2>/dev/null
+yes | cp -rf $CHAPSECRETS "$UNINSTALLDIR/chap-secrets" 2>/dev/null
+yes | cp -rf $SECRETSFILE "$UNINSTALLDIR/ipsec.secrets" 2>/dev/null
+
+# restore system configuration
+cat <<END >>$UNINSTALL_SCRIPT
+#!/usr/bin/env bash
+
+if [[ "\$EUID" -ne 0 ]]; then
+	echo "Sorry, you need to run this as root"
+	exit 1
+fi
+
+DIR=\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )
+
+echo "Removing cron task..."
+TMPFILE=\$(mktemp crontab.XXXXX)
+crontab -l > \$TMPFILE
+
+sed -i -e "\@$IPTABLES@d" \$TMPFILE
+sed -i -e "\@$CHECKSERVER@d" \$TMPFILE
+
+crontab \$TMPFILE > /dev/null
+rm \$TMPFILE
+
+rm $CHECKSERVER
+
+echo "Restoring sysctl parameters..."
+cp -i \$DIR/sysctl.conf $SYSCTLCONFIG
+sysctl -p
+cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
+END
+
+# restore firewalls
+cat <<END >>$UNINSTALL_SCRIPT
+
+echo "Restoring firewall..."
+iptables-save | awk '(\$0 !~ /^-A/)||!(\$0 in a) {a[\$0];print}' > $IPTABLES
+sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
+iptables -F
+iptables-restore < $IPTABLES
+rm $IPTABLES
+
+END
+
+if [ "$(systemctl status ufw; echo $?)" == "0" ]; then
+	echo "systemctl enable ufw" >>$UNINSTALL_SCRIPT
+	echo "systemctl start ufw" >>$UNINSTALL_SCRIPT
+fi
+if [ "$(systemctl status firewalld; echo $?)" == "0" ]; then
+	echo "systemctl enable firewalld" >>$UNINSTALL_SCRIPT
+	echo "systemctl start firewalld" >>$UNINSTALL_SCRIPT
+fi
+if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
+	# iptables
+	if [ "$(systemctl status iptables; echo $?)" != "0" ]; then
+		echo "systemctl stop iptables" >>$UNINSTALL_SCRIPT
+		echo "systemctl disable iptables" >>$UNINSTALL_SCRIPT
+	fi
+fi
+
+# remove packages
+UNINST_PACKAGES=
+if [[ ! -n "$(which pgrep)" ]]; then
+	UNINST_PACKAGES+="procps "
+fi
+if [[ ! -n "$(which ifconfig)" ]]; then
+	UNINST_PACKAGES+="net-tools "
+fi
+if [[ ! -n "$(which pppd)" ]]; then
+	UNINST_PACKAGES+="ppp "
+fi
+if [[ ! -n "$(which xl2tpd)" ]]; then
+	UNINST_PACKAGES+="xl2tpd "
+fi
+if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
+	if [[ ! -n "$(which strongswan)" ]]; then
+		UNINST_PACKAGES+="strongswan "
+	fi
+fi
+if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
+	if [[ ! -n "$(which ipsec)" ]]; then
+		UNINST_PACKAGES+="strongswan "
+	fi
+fi
+
+if [[ ! -n "$(which crontab)" ]]; then
+	UNINST_PACKAGES+="$CRON_PACKAGE "
+fi
+if [[ ! -n "$(which iptables)" ]]; then
+	UNINST_PACKAGES+="$IPTABLES_PACKAGE "
+fi
+if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
+	if [ "$(ls /etc/yum.repos.d/epel.repo 2>/dev/null; echo $?)" != "0" ]; then
+		UNINST_PACKAGES+="epel-release "
+	fi
+fi
+if [[ ! -z "$UNINST_PACKAGES" ]]; then	
+	echo -e "echo \"Removing installed packages...\"" >>$UNINSTALL_SCRIPT
+	echo "$UNINSTALLER $UNINST_PACKAGES" >>$UNINSTALL_SCRIPT
+fi
+
+# restore files
+echo -e "echo \"Restoring configs...\"" >>$UNINSTALL_SCRIPT
+if [[ -n "$(which pppd)" ]]; then
+	echo -e "cp -i \"\$DIR/options.xl2tpd\" $PPPCONFIG" >>$UNINSTALL_SCRIPT
+	echo -e "cp -i \"\$DIR/chap-secrets\" $CHAPSECRETS" >>$UNINSTALL_SCRIPT
+fi
+if [[ -n "$(which xl2tpd)" ]]; then
+	echo -e "cp -i \"\$DIR/xl2tpd.conf\" $XL2TPDCONFIG" >>$UNINSTALL_SCRIPT
+fi
+
+if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
+	if [[ -n "$(which strongswan)" ]]; then
+		echo -e "cp -i \"\$DIR/ipsec.secrets\" $SECRETSFILE" >>$UNINSTALL_SCRIPT
+		echo -e "cp -i \"\$DIR/ipsec.conf\" $IPSECCONFIG" >>$UNINSTALL_SCRIPT
+	fi
+fi
+
+if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
+	if [[ -n "$(which ipsec)" ]]; then
+		echo -e "cp -i \"\$DIR/ipsec.secrets\" $SECRETSFILE" >>$UNINSTALL_SCRIPT
+		echo -e "cp -i \"\$DIR/ipsec.conf\" $IPSECCONFIG" >>$UNINSTALL_SCRIPT
+	fi
+fi
+
+# restore xl2tpd if necessary
+if [ "$(systemctl status xl2tpd; echo $?)" == "0" ]; then
+	echo -e "echo \"Restarting xl2tpd...\"" >>$UNINSTALL_SCRIPT
+	echo "systemctl restart xl2tpd" >>$UNINSTALL_SCRIPT
+fi
+
+# restore strongswan if necessary
+if [ "$(systemctl status strongswan; echo $?)" == "0" ]; then
+	echo -e "echo \"Restarting strongswan...\"" >>$UNINSTALL_SCRIPT
+	echo "systemctl restart strongswan" >>$UNINSTALL_SCRIPT
+fi
+
+echo "echo" >>$UNINSTALL_SCRIPT
+echo -e "echo \"Uninstall script has been completed!\"" >>$UNINSTALL_SCRIPT
+
+chmod +x "$UNINSTALL_SCRIPT"
--- a/ipsec/env.sh
+++ b/ipsec/env.sh
@ -5,10 +5,20 @@ CENTOSPLATFORM="CENTOS"

 if [ -n "$(. /etc/os-release; echo $NAME | grep -i Ubuntu)" -o -n "$(. /etc/os-release; echo $NAME | grep -i Debian)" ]; then
 	PLATFORM=$DEBIANPLATFORM
+
+	IPTABLES_PACKAGE="iptables"
+	CRON_PACKAGE="cron"
+	INSTALLER="apt-get -y install"
+	UNINSTALLER="apt-get purge --auto-remove"
 fi

 if [ -n "$(. /etc/os-release; echo $NAME | grep -i CentOS)" ]; then
 	PLATFORM=$CENTOSPLATFORM
+
+	IPTABLES_PACKAGE="iptables-services"
+	CRON_PACKAGE="cronie"
+	INSTALLER="yum -y install"
+	UNINSTALLER="yum remove"
 fi

 SYSCTLCONFIG=/etc/sysctl.conf
@ -19,6 +29,7 @@ CHAPSECRETS=/etc/ppp/chap-secrets
 IPTABLES=/etc/iptables.rules
 SECRETSFILE=/etc/ipsec.secrets
 CHECKSERVER=/etc/xl2tpd/checkserver.sh
+IPTABLES_COMMENT="IPSEC"

 if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
 	SECRETSFILE=/etc/strongswan/ipsec.secrets
--- a/ipsec/install.sh
+++ b/ipsec/install.sh
@ -8,15 +8,16 @@ if [[ "$EUID" -ne 0 ]]; then
 	exit 1
 fi

+echo
+echo "Creating backup..."
+$DIR/backup.sh
+
 echo
 echo "Installing strongSwan and xl2tp server..."
-if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
-	apt-get -y install strongswan xl2tpd cron iptables procps net-tools
-fi
 if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
 	yum -y install epel-release
-	yum -y install strongswan xl2tpd cronie iptables-services procps net-tools
 fi
+eval $INSTALLER strongswan xl2tpd ppp $CRON_PACKAGE $IPTABLES_PACKAGE procps net-tools

 echo
 echo "Configuring routing..."
@ -60,5 +61,5 @@ service xl2tpd restart
 service strongswan restart

 echo
-echo "Installation script completed!"
+echo "Installation script has been completed!"

--- a/ipsec/iptables-setup.sh
+++ b/ipsec/iptables-setup.sh
@ -10,7 +10,12 @@ if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
 	systemctl start iptables
 fi

-COMMENT=" -m comment --comment \"IPSEC\""
+if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
+	systemctl stop ufw
+	systemctl disable ufw
+fi
+
+COMMENT=" -m comment --comment \"$IPTABLES_COMMENT\""

 if [[ ! -e $IPTABLES ]]; then
 	touch $IPTABLES
@ -21,8 +26,11 @@ if [[ ! -e $IPTABLES ]] || [[ ! -r $IPTABLES ]] || [[ ! -w $IPTABLES ]]; then
    exit 1
 fi

-# backup and remove rules with $LOCALIP
-iptables-save > $IPTABLES.backup
+# clear existing rules
+iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
+sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
+iptables -F
+iptables-restore < $IPTABLES

 IFS=$'\n'

@ -98,9 +106,10 @@ eval iptables -A OUTPUT -p esp -j ACCEPT $COMMENT
 eval iptables -A INPUT -p ah -j ACCEPT $COMMENT
 eval iptables -A OUTPUT -p ah -j ACCEPT $COMMENT

-# remove standart REJECT rules
-iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
-iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
+# remove standard REJECT rules
+echo "Note: standard REJECT rules for INPUT and FORWARD will be removed."
+iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited 2>/dev/null
+iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited 2>/dev/null

 iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
 iptables -F
--- a/ipsec/sysctl.sh
+++ b/ipsec/sysctl.sh
@ -30,9 +30,5 @@ sed -i -e "/net.ipv4.icmp_ignore_bogus_error_responses/d" $SYSCTLCONFIG
 echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> $SYSCTLCONFIG

 sysctl -p
-if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
-	service procps restart
-fi
-if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
-	service network restart
-fi
+
+cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
--- a/openvpn/adduser.sh
+++ b/openvpn/adduser.sh
@ -1,7 +1,5 @@
 #!/usr/bin/env bash

-STARTDIR=$(pwd)
-
 DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
 source $DIR/env.sh

@ -32,16 +30,16 @@ do
 	if [ $? -eq 0 ]; then

 		# copy files and OVPN config
-		mkdir -p "$STARTDIR/$LOGIN"
-		cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$STARTDIR/$LOGIN/"
+		mkdir -p "$DIR/$LOGIN"
+		cp $CADIR/keys/ca.crt $CADIR/keys/$LOGIN.key $CADIR/keys/$LOGIN.crt ta.key "$DIR/$LOGIN/"

-		DIST="$STARTDIR/$LOGIN/openvpn-server.ovpn"
+		DIST="$DIR/$LOGIN/openvpn-server.ovpn"
 		cp $DIR/openvpn-server.ovpn.dist $DIST
 		sed -i -e "s@LOGIN@$LOGIN@g" $DIST
 		sed -i -e "s@IP@$IP@g" $DIST

-		SRC="$STARTDIR/$LOGIN"
-		DIST="$STARTDIR/$LOGIN/openvpn-server-embedded.ovpn"
+		SRC="$DIR/$LOGIN"
+		DIST="$DIR/$LOGIN/openvpn-server-embedded.ovpn"
 		cp $DIR/openvpn-server-embedded.ovpn.dist $DIST
 		sed -i -e "s@IP@$IP@g" $DIST

@ -62,9 +60,9 @@ do
 		echo "</tls-auth>" >> $DIST

 		echo
-		echo "Directory $STARTDIR/$LOGIN with necessary files has been created."
+		echo "Directory $DIR/$LOGIN with necessary files has been created."
 		USERNAME=${SUDO_USER:-$USER}
-		chown -R $USERNAME:$USERNAME $STARTDIR/$LOGIN/
+		chown -R $USERNAME:$USERNAME $DIR/$LOGIN/

 	fi
 	
--- a/openvpn/backup.sh
+++ b/openvpn/backup.sh
@ -0,0 +1,135 @@
+#!/usr/bin/env bash
+
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+source $DIR/env.sh
+
+if [[ "$EUID" -ne 0 ]]; then
+	echo "Sorry, you need to run this as root"
+	exit 1
+fi
+
+UNINSTALLDIR="$DIR/uninstall"
+
+if [[ -e "$UNINSTALLDIR" ]]; then
+	echo "$UNINSTALLDIR exists. Skipping..."
+	exit 0
+fi
+
+mkdir -p "$UNINSTALLDIR"
+
+UNINSTALL_SCRIPT="$UNINSTALLDIR/uninstall.sh"
+
+# backuping configs
+yes | cp -rf $SYSCTLCONFIG "$UNINSTALLDIR/sysctl.conf" 2>/dev/null
+yes | cp -rf $OPENVPNDIR "$UNINSTALLDIR" 2>/dev/null
+
+# restore system configuration
+cat <<END >>$UNINSTALL_SCRIPT
+#!/usr/bin/env bash
+
+if [[ "\$EUID" -ne 0 ]]; then
+	echo "Sorry, you need to run this as root"
+	exit 1
+fi
+
+DIR=\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )
+
+echo "Removing cron task..."
+TMPFILE=\$(mktemp crontab.XXXXX)
+crontab -l > \$TMPFILE
+
+sed -i -e "\@$IPTABLES@d" \$TMPFILE
+sed -i -e "\@$CHECKSERVER@d" \$TMPFILE
+
+crontab \$TMPFILE > /dev/null
+rm \$TMPFILE
+
+rm $CHECKSERVER
+
+echo "Restoring sysctl parameters..."
+cp -i \$DIR/sysctl.conf $SYSCTLCONFIG
+sysctl -p
+cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
+END
+
+# restore firewalls
+cat <<END >>$UNINSTALL_SCRIPT
+
+echo "Restoring firewall..."
+iptables-save | awk '(\$0 !~ /^-A/)||!(\$0 in a) {a[\$0];print}' > $IPTABLES
+sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
+iptables -F
+iptables-restore < $IPTABLES
+rm $IPTABLES
+
+END
+
+if [ "$(systemctl status ufw; echo $?)" == "0" ]; then
+	echo "systemctl enable ufw" >>$UNINSTALL_SCRIPT
+	echo "systemctl start ufw" >>$UNINSTALL_SCRIPT
+fi
+if [ "$(systemctl status firewalld; echo $?)" == "0" ]; then
+	echo "systemctl enable firewalld" >>$UNINSTALL_SCRIPT
+	echo "systemctl start firewalld" >>$UNINSTALL_SCRIPT
+fi
+if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
+	# iptables
+	if [ "$(systemctl status iptables; echo $?)" != "0" ]; then
+		echo "systemctl stop iptables" >>$UNINSTALL_SCRIPT
+		echo "systemctl disable iptables" >>$UNINSTALL_SCRIPT
+	fi
+fi
+
+# remove packages
+UNINST_PACKAGES=
+if [[ ! -n "$(which pgrep)" ]]; then
+	UNINST_PACKAGES+="procps "
+fi
+if [[ ! -n "$(which ifconfig)" ]]; then
+	UNINST_PACKAGES+="net-tools "
+fi
+if [[ ! -n "$(which openvpn)" ]]; then
+	UNINST_PACKAGES+="openvpn "
+fi
+if [[ ! -n "$(which make-cadir)" ]]; then
+	UNINST_PACKAGES+="easy-rsa "
+fi
+if [[ ! -n "$(which crontab)" ]]; then
+	UNINST_PACKAGES+="$CRON_PACKAGE "
+fi
+if [[ ! -n "$(which iptables)" ]]; then
+	UNINST_PACKAGES+="$IPTABLES_PACKAGE "
+fi
+if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
+	if [ "$(ls /etc/yum.repos.d/epel.repo 2>/dev/null; echo $?)" != "0" ]; then
+		UNINST_PACKAGES+="epel-release "
+	fi
+fi
+if [[ ! -z "$UNINST_PACKAGES" ]]; then	
+	echo -e "echo \"Removing installed packages...\"" >>$UNINSTALL_SCRIPT
+	echo "$UNINSTALLER $UNINST_PACKAGES" >>$UNINSTALL_SCRIPT
+fi
+
+# restore files
+echo -e "echo \"Restoring configs...\"" >>$UNINSTALL_SCRIPT
+if [[ -n "$(which openvpn)" ]]; then
+	echo -e "rm -rf $OPENVPNDIR" >>$UNINSTALL_SCRIPT
+	echo -e "mkdir -p $OPENVPNDIR" >>$UNINSTALL_SCRIPT
+	echo -e "cp -rf \"\$DIR/openvpn\" \"$OPENVPNDIR/..\" 2>/dev/null" >>$UNINSTALL_SCRIPT
+fi
+
+if [[ ! -e "$DIR/openvpn" ]]; then
+	# remove openvpn dir because it was empty
+	echo -e "rm -rf $OPENVPNDIR" >>$UNINSTALL_SCRIPT
+fi
+
+# restore openvpn if necessary
+if [ "$(systemctl status openvpn@openvpn-server; echo $?)" == "0" ]; then
+	echo -e "echo \"Restarting OpenVPN...\"" >>$UNINSTALL_SCRIPT
+	echo "systemctl restart openvpn@openvpn-server" >>$UNINSTALL_SCRIPT
+fi
+
+echo "echo" >>$UNINSTALL_SCRIPT
+echo -e "echo \"Uninstall script has been completed!\"" >>$UNINSTALL_SCRIPT
+
+chmod +x "$UNINSTALL_SCRIPT"
--- a/openvpn/env.sh
+++ b/openvpn/env.sh
@ -5,10 +5,20 @@ CENTOSPLATFORM="CENTOS"

 if [ -n "$(. /etc/os-release; echo $NAME | grep -i Ubuntu)" -o -n "$(. /etc/os-release; echo $NAME | grep -i Debian)" ]; then
 	PLATFORM=$DEBIANPLATFORM
+
+	IPTABLES_PACKAGE="iptables"
+	CRON_PACKAGE="cron"
+	INSTALLER="apt-get -y install"
+	UNINSTALLER="apt-get purge --auto-remove"
 fi

 if [ -n "$(. /etc/os-release; echo $NAME | grep -i CentOS)" ]; then
 	PLATFORM=$CENTOSPLATFORM
+
+	IPTABLES_PACKAGE="iptables-services"
+	CRON_PACKAGE="cronie"
+	INSTALLER="yum -y install"
+	UNINSTALLER="yum remove"
 fi

 SYSCTLCONFIG=/etc/sysctl.conf
@ -18,6 +28,7 @@ CADIR=$OPENVPNDIR/easy-rsa
 IPTABLES=/etc/iptables.rules
 NOBODYGROUP=nogroup
 CHECKSERVER=$OPENVPNDIR/checkserver.sh
+IPTABLES_COMMENT="OPENVPN"

 if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
 	NOBODYGROUP=nobody
--- a/openvpn/install.sh
+++ b/openvpn/install.sh
@ -10,15 +10,16 @@ if [[ "$EUID" -ne 0 ]]; then
 	exit 1
 fi

+echo
+echo "Creating backup..."
+$DIR/backup.sh
+
 echo
 echo "Installing OpenVPN..."
-if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
-	apt-get -y install openvpn easy-rsa cron iptables procps net-tools
-fi
 if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
 	yum -y install epel-release
-	yum -y install openvpn easy-rsa cronie iptables-services procps net-tools
 fi
+eval $INSTALLER openvpn easy-rsa $CRON_PACKAGE $IPTABLES_PACKAGE procps net-tools

 echo
 echo "Configuring routing..."
@ -79,5 +80,5 @@ systemctl -f enable openvpn@openvpn-server
 systemctl restart openvpn@openvpn-server

 echo
-echo "Installation script completed!"
+echo "Installation script has been completed!"

--- a/openvpn/iptables-setup.sh
+++ b/openvpn/iptables-setup.sh
@ -10,7 +10,12 @@ if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
 	systemctl start iptables
 fi

-COMMENT=" -m comment --comment \"OPENVPN\""
+if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
+	systemctl stop ufw
+	systemctl disable ufw
+fi
+
+COMMENT=" -m comment --comment \"$IPTABLES_COMMENT\""

 if [[ ! -e $IPTABLES ]]; then
 	touch $IPTABLES
@ -21,8 +26,11 @@ if [[ ! -e $IPTABLES ]] || [[ ! -r $IPTABLES ]] || [[ ! -w $IPTABLES ]]; then
    exit 1
 fi

-# backup and remove rules with $LOCALIP
-iptables-save > $IPTABLES.backup
+# clear existing rules
+iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
+sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
+iptables -F
+iptables-restore < $IPTABLES

 IFS=$'\n'

@ -85,9 +93,10 @@ eval iptables -A OUTPUT -o tun+ -j ACCEPT $COMMENT
 eval iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT $COMMENT
 eval iptables -A OUTPUT -p udp -m udp --sport 1194 -j ACCEPT $COMMENT

-# remove standart REJECT rules
-iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
-iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
+# remove standard REJECT rules
+echo "Note: standard REJECT rules for INPUT and FORWARD will be removed."
+iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited 2>/dev/null
+iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited 2>/dev/null

 iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
 iptables -F
--- a/openvpn/sysctl.sh
+++ b/openvpn/sysctl.sh
@ -30,9 +30,5 @@ sed -i -e "/net.ipv4.icmp_ignore_bogus_error_responses/d" $SYSCTLCONFIG
 echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> $SYSCTLCONFIG

 sysctl -p
-if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
-	service procps restart
-fi
-if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
-	service network restart
-fi
+
+cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
--- a/pptp/adduser.sh
+++ b/pptp/adduser.sh
@ -62,10 +62,8 @@ do
 		echo "$CHAPSECRETS has been updated!"
 	fi

-	STARTDIR=$(pwd)
-
-	mkdir -p "$STARTDIR/$LOGIN"
-	DISTFILE=$STARTDIR/$LOGIN/setup.sh
+	mkdir -p "$DIR/$LOGIN"
+	DISTFILE=$DIR/$LOGIN/setup.sh
 	cp -rf $DIR/setup.sh.dist "$DISTFILE"
 	sed -i -e "s@_LOGIN_@$LOGIN@g" "$DISTFILE"
 	sed -i -e "s@_PASSWORD_@$PASSWORD@g" "$DISTFILE"
@ -73,9 +71,9 @@ do
 	sed -i -e "s@_LOCALPREFIX_@$LOCALPREFIX@g" "$DISTFILE"
 	chmod +x "$DISTFILE"
 	USERNAME=${SUDO_USER:-$USER}
-	chown -R $USERNAME:$USERNAME $STARTDIR/$LOGIN/
+	chown -R $USERNAME:$USERNAME $DIR/$LOGIN/
 	echo
-	echo "Directory $STARTDIR/$LOGIN with client-side installation script has been created."
+	echo "Directory $DIR/$LOGIN with client-side installation script has been created."

 	if [[ $# -eq 0 ]]; then
 		echo
--- a/pptp/backup.sh
+++ b/pptp/backup.sh
@ -0,0 +1,134 @@
+#!/usr/bin/env bash
+
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+source $DIR/env.sh
+
+if [[ "$EUID" -ne 0 ]]; then
+	echo "Sorry, you need to run this as root"
+	exit 1
+fi
+
+UNINSTALLDIR="$DIR/uninstall"
+
+if [[ -e "$UNINSTALLDIR" ]]; then
+	echo "$UNINSTALLDIR exists. Skipping..."
+	exit 0
+fi
+
+mkdir -p "$UNINSTALLDIR"
+
+UNINSTALL_SCRIPT="$UNINSTALLDIR/uninstall.sh"
+
+# backuping configs
+yes | cp -rf $SYSCTLCONFIG "$UNINSTALLDIR/sysctl.conf" 2>/dev/null
+yes | cp -rf $PPTPDCONFIG "$UNINSTALLDIR/pptpd.conf" 2>/dev/null
+yes | cp -rf $PPTPOPTIONS "$UNINSTALLDIR/options.pptp" 2>/dev/null
+yes | cp -rf $CHAPSECRETS "$UNINSTALLDIR/chap-secrets" 2>/dev/null
+
+# restore system configuration
+cat <<END >>$UNINSTALL_SCRIPT
+#!/usr/bin/env bash
+
+if [[ "\$EUID" -ne 0 ]]; then
+	echo "Sorry, you need to run this as root"
+	exit 1
+fi
+
+DIR=\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )
+
+echo "Removing cron task..."
+TMPFILE=\$(mktemp crontab.XXXXX)
+crontab -l > \$TMPFILE
+
+sed -i -e "\@$IPTABLES@d" \$TMPFILE
+sed -i -e "\@$CHECKSERVER@d" \$TMPFILE
+
+crontab \$TMPFILE > /dev/null
+rm \$TMPFILE
+
+rm $CHECKSERVER
+
+echo "Restoring sysctl parameters..."
+cp -i \$DIR/sysctl.conf $SYSCTLCONFIG
+sysctl -p
+cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
+END
+
+# restore firewalls
+cat <<END >>$UNINSTALL_SCRIPT
+
+echo "Restoring firewall..."
+iptables-save | awk '(\$0 !~ /^-A/)||!(\$0 in a) {a[\$0];print}' > $IPTABLES
+sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
+iptables -F
+iptables-restore < $IPTABLES
+rm $IPTABLES
+
+END
+
+if [ "$(systemctl status ufw; echo $?)" == "0" ]; then
+	echo "systemctl enable ufw" >>$UNINSTALL_SCRIPT
+	echo "systemctl start ufw" >>$UNINSTALL_SCRIPT
+fi
+if [ "$(systemctl status firewalld; echo $?)" == "0" ]; then
+	echo "systemctl enable firewalld" >>$UNINSTALL_SCRIPT
+	echo "systemctl start firewalld" >>$UNINSTALL_SCRIPT
+fi
+if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
+	# iptables
+	if [ "$(systemctl status iptables; echo $?)" != "0" ]; then
+		echo "systemctl stop iptables" >>$UNINSTALL_SCRIPT
+		echo "systemctl disable iptables" >>$UNINSTALL_SCRIPT
+	fi
+fi
+
+# remove packages
+UNINST_PACKAGES=
+if [[ ! -n "$(which pgrep)" ]]; then
+	UNINST_PACKAGES+="procps "
+fi
+if [[ ! -n "$(which ifconfig)" ]]; then
+	UNINST_PACKAGES+="net-tools "
+fi
+if [[ ! -n "$(which pppd)" ]]; then
+	UNINST_PACKAGES+="ppp "
+fi
+if [[ ! -n "$(which pptpd)" ]]; then
+	UNINST_PACKAGES+="pptpd "
+fi
+if [[ ! -n "$(which crontab)" ]]; then
+	UNINST_PACKAGES+="$CRON_PACKAGE "
+fi
+if [[ ! -n "$(which iptables)" ]]; then
+	UNINST_PACKAGES+="$IPTABLES_PACKAGE "
+fi
+if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
+	if [ "$(ls /etc/yum.repos.d/epel.repo 2>/dev/null; echo $?)" != "0" ]; then
+		UNINST_PACKAGES+="epel-release "
+	fi
+fi
+if [[ ! -z "$UNINST_PACKAGES" ]]; then	
+	echo -e "echo \"Removing installed packages...\"" >>$UNINSTALL_SCRIPT
+	echo "$UNINSTALLER $UNINST_PACKAGES" >>$UNINSTALL_SCRIPT
+fi
+
+# restore files
+echo -e "echo \"Restoring configs...\"" >>$UNINSTALL_SCRIPT
+if [[ -n "$(which pptpd)" ]]; then
+	echo -e "cp -i \"\$DIR/pptpd.conf\" $PPTPDCONFIG" >>$UNINSTALL_SCRIPT
+fi
+if [[ -n "$(which pppd)" ]]; then
+	echo -e "cp -i \"\$DIR/options.pptp\" $PPTPOPTIONS" >>$UNINSTALL_SCRIPT
+	echo -e "cp -i \"\$DIR/chap-secrets\" $CHAPSECRETS" >>$UNINSTALL_SCRIPT
+fi
+
+# restore pptpd if necessary
+if [ "$(systemctl status pptpd; echo $?)" == "0" ]; then
+	echo -e "echo \"Restarting pptpd...\"" >>$UNINSTALL_SCRIPT
+	echo "systemctl restart pptpd" >>$UNINSTALL_SCRIPT
+fi
+
+echo "echo" >>$UNINSTALL_SCRIPT
+echo -e "echo \"Uninstall script has been completed!\"" >>$UNINSTALL_SCRIPT
+
+chmod +x "$UNINSTALL_SCRIPT"
--- a/pptp/env.sh
+++ b/pptp/env.sh
@ -5,10 +5,20 @@ CENTOSPLATFORM="CENTOS"

 if [ -n "$(. /etc/os-release; echo $NAME | grep -i Ubuntu)" -o -n "$(. /etc/os-release; echo $NAME | grep -i Debian)" ]; then
 	PLATFORM=$DEBIANPLATFORM
+
+	IPTABLES_PACKAGE="iptables"
+	CRON_PACKAGE="cron"
+	INSTALLER="apt-get -y install"
+	UNINSTALLER="apt-get purge --auto-remove"
 fi

 if [ -n "$(. /etc/os-release; echo $NAME | grep -i CentOS)" ]; then
 	PLATFORM=$CENTOSPLATFORM
+
+	IPTABLES_PACKAGE="iptables-services"
+	CRON_PACKAGE="cronie"
+	INSTALLER="yum -y install"
+	UNINSTALLER="yum remove"
 fi

 SYSCTLCONFIG=/etc/sysctl.conf
@ -17,6 +27,7 @@ PPTPOPTIONS=/etc/ppp/options.pptp
 CHAPSECRETS=/etc/ppp/chap-secrets
 IPTABLES=/etc/iptables.rules
 CHECKSERVER=/etc/ppp/checkserver.sh
+IPTABLES_COMMENT="PPTP"

 LOCALPREFIX="172.16"
 LOCALIP="$LOCALPREFIX.0.0"
--- a/pptp/install.sh
+++ b/pptp/install.sh
@ -8,15 +8,16 @@ if [[ "$EUID" -ne 0 ]]; then
 	exit 1
 fi

+echo
+echo "Creating backup..."
+$DIR/backup.sh
+
 echo
 echo "Installing PPTP server..."
-if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
-	apt-get -y install pptpd cron iptables procps net-tools
-fi
 if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
 	yum -y install epel-release
-	yum -y install ppp pptpd cronie iptables-services procps net-tools
 fi
+eval $INSTALLER ppp pptpd $CRON_PACKAGE $IPTABLES_PACKAGE procps net-tools

 ADDUSER="no"
 ANSUSER="yes"
@ -55,5 +56,5 @@ echo "Starting pptpd..."
 service pptpd restart

 echo
-echo "Installation script completed!"
+echo "Installation script has been completed!"

--- a/pptp/iptables-setup.sh
+++ b/pptp/iptables-setup.sh
@ -10,7 +10,12 @@ if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
 	systemctl start iptables
 fi

-COMMENT=" -m comment --comment \"PPTP\""
+if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
+	systemctl stop ufw
+	systemctl disable ufw
+fi
+
+COMMENT=" -m comment --comment \"$IPTABLES_COMMENT\""

 if [[ ! -e $IPTABLES ]]; then
 	touch $IPTABLES
@ -21,8 +26,11 @@ if [[ ! -e $IPTABLES ]] || [[ ! -r $IPTABLES ]] || [[ ! -w $IPTABLES ]]; then
    exit 1
 fi

-# backup and remove rules with $LOCALIP
-iptables-save > $IPTABLES.backup
+# clear existing rules
+iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
+sed -i -e "/--comment $IPTABLES_COMMENT/d" $IPTABLES
+iptables -F
+iptables-restore < $IPTABLES

 IFS=$'\n'

@ -82,9 +90,10 @@ eval iptables -A OUTPUT -p tcp -m tcp --sport 1723 -j ACCEPT $COMMENT
 eval iptables -A INPUT -p gre -j ACCEPT $COMMENT
 eval iptables -A OUTPUT -p gre -j ACCEPT $COMMENT

-# remove standart REJECT rules
-iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
-iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
+# remove standard REJECT rules
+echo "Note: standard REJECT rules for INPUT and FORWARD will be removed."
+iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited 2>/dev/null
+iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited 2>/dev/null

 iptables-save | awk '($0 !~ /^-A/)||!($0 in a) {a[$0];print}' > $IPTABLES
 iptables -F
--- a/pptp/sysctl.sh
+++ b/pptp/sysctl.sh
@ -30,10 +30,5 @@ sed -i -e "/net.ipv4.icmp_ignore_bogus_error_responses/d" $SYSCTLCONFIG
 echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> $SYSCTLCONFIG

 sysctl -p
-if [ "$PLATFORM" == "$DEBIANPLATFORM" ]; then
-	service procps restart
-fi
-if [ "$PLATFORM" == "$CENTOSPLATFORM" ]; then
-	service network restart
-fi

+cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -