soheilsec · November 26, 2023 18:24
diff --git a/HTTPS VPN b/HTTPS VPN
 #!/bin/bash
 #Stunnel
 read -p "Enter Your IBSNG domain : " -e -i 37.152.181.148 IBSNG
 read -p "Port https Default is 443 : " -e -i 443 PORTs
 read -p "Port http Default is 443 : " -e -i 80 PORT
 read -p "preshared key default is 123456 : " -e -i 123456 Sharekey


 yum update -y
 yum groupinstall "Development Tools" -y
 yum install make gcc crypt*  libgcrypt* squid openssl stunnel lsof nano wget net-tools -y
 wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -O /root/epel-release-latest-7.noarch.rpm
 yum localinstall /root/epel-release-latest-7.noarch.rpm -y
 yum install certbot iptables-services -y


 cd
 wget http://www.squid-cache.org/contrib/squid_radius_auth/squid_radius_auth-1.10.tar.gz
 tar -zxvf squid_radius_auth-1.10.tar.gz
 cd squid_radius_auth-1.10
 make
 make install


 cat > /usr/local/squid/etc/squid_radius_auth.conf << EOF
 server $IBSNG
 secret $Sharekey
 EOF


 cat > /etc/squid/squid.conf <<EOF
 auth_param basic program /usr/lib64/squid/basic_radius_auth -f /usr/local/squid/etc/squid_radius_auth.conf
 auth_param basic children 20 startup=0 idle=1
 auth_param basic credentialsttl 10 seconds
 auth_param basic realm DarkLoveProxyAccess
 auth_param basic casesensitive on
 acl AuthUsers proxy_auth REQUIRED
 http_access allow AuthUsers
 http_port 80
 http_port 443
 http_port 444
 http_port 500
 http_port 7080
 http_port 11965
 acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
 acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
 acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
 acl localnet src fc00::/7       # RFC 4193 local private network range
 acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
 acl SSL_ports port 443
 acl Safe_ports port 80          # http
 acl Safe_ports port 21          # ftp
 acl Safe_ports port 443         # https
 acl Safe_ports port 70          # gopher
 acl Safe_ports port 210         # wais
 acl Safe_ports port 1025-65535  # unregistered ports
 acl Safe_ports port 280         # http-mgmt
 acl Safe_ports port 488         # gss-http
 acl Safe_ports port 591         # filemaker
 acl Safe_ports port 777         # multiling http
 acl CONNECT method CONNECT
 http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports
 http_access allow localhost manager
 http_access deny manager
 http_access allow localnet
 http_access allow localhost
 http_access deny all
 coredump_dir /var/spool/squid
 refresh_pattern ^ftp:           1440    20%     10080
 refresh_pattern ^gopher:        1440    0%      1440
 refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
 refresh_pattern .               0       20%     4320
 EOF

 service squid restart
 chkconfig squid on
 service squid status



 cd
 wget http://www.users.freenetname.co.uk/~ndwinton/zebedee/blowfish-0.9.5a.tar.gz
 wget http://www.users.freenetname.co.uk/~ndwinton/zebedee/zlib-1.2.3.tar.gz
 wget http://www.users.freenetname.co.uk/~ndwinton/zebedee/bzip2-1.0.3.tar.gz


 
 tar -zxvf blowfish-0.9.5a.tar.gz
 tar -zxvf zlib-1.2.3.tar.gz
 tar -zxvf bzip2-1.0.3.tar.gz
 
 cd blowfish-0.9.5a
 make
 
 cd
 cd zlib-1.2.3
 make
 
 cd
 cd bzip2-1.0.3
 make


 cd 
 wget https://fossies.org/linux/privat/old/zebedee-2.5.3.tar.gz
 tar -zxvf zebedee-2.5.3.tar.gz 
 cd /root/zebedee-2.5.3/ &&
 make OS=linux

 cd 

 cat > /root/zebedee-2.5.3/config.zbd <<EOF
 detached true
 server true
 serverport 11965
 idletimeout 120
 compression 0
 minkeylength 0
 checksumlevel 0
 EOF


 cat > /etc/stunnel/stunnel.pem <<EOF
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEAu2TfW5tUaXv1nNzGK/6AK2IjDhF0D8MhNYtVNLW2zK8oLLFo
 14jLh5qWiCh1ZgDy5Q8sX2N9OD93W8Fim4nVGqEZjK1ieu59LclrkhkbOZwHqp6o
 JwWzy/wrRTFrDAxy587ZCfas4F8rdhGqh5WEEDg4jgQLYT6M4ldUTm7DNn8TjKlc
 PYfus8h+nbhD+G2l7F9LPU6BdugUCuiK+dHh6nTJpFs8ngbKzvbrc//qsHZKMnri
 AxWG1eIx5av6taKgHrukwGcXPmNlCkYpvzyJM7etbQXDe7stVTcApA1FzLIP5fI1
 kl+7OYgodnjDt4Sa8wPbv3CmavQhVrRum15sYwIDAQABAoIBABN+wQXkuPloXfr9
 tNgq1+arhP4Xrr1dDX1mi2y6YtQUfNd5dXDG2HW5DWQI4X3FJ3/Q/krGLObHI4G2
 Mq3/vt3QWLob55zmZrt2suw2FHD/3IRRkSjOHRBhoZbHN12/hcy75jR1JzMIc5sK
 53THhz+wuaF8pjptqXZ6o1itiT2H+QxFpPHNiM88Ord2alliv1oiinH82bAn9ngj
 XG5NpS0gPPNC6jJ6RJbC+P3k31ktfeRryRD12SS2k+qzOtjb0MZ1mULeRIvMiQM0
 6FMAmqtiuWY24M7rbrmYBLNw8eXjZBILOia3JbJOnijI/dKHanyBT0iO43CfAh0R
 q9RDaUECgYEA8ylcg534ASlUtPmRWIXBC2bXeawAD4Imh/6tuwTqdq3d5ZeXQGsA
 0dm1BhI73rNlOqoB9rXEP5+ppE4YkcHg1PGYOayOi9D/9zEZ64bDzRbhUMWt0UCx
 W5LHxDBKHIxB3c7jLY20MpVKSrVDeMjuypoGfUyCjDr9T1Lu6U7gj9ECgYEAxUm9
 5OJ0RRK2GUD70nLbvFtBgfJbJf81GGWstelC55DLFEelN2Wx+dIN3T0zEPFlM86y
 1j9Qv6TFjviOUgt2VirfF43RgfZ4zQD58mCwF6d8cX604Dcf1e0ixyxvYSqcuo88
 1QfZs7ESN+Q8B0oBPLaQ8HByC3yx2vK7pkSimfMCgYEA6QlCuIC0JajOnYJwYT4O
 fDbbWqgUhshc1Qimxw03BvYqKtbVBc+GwZa7fk4LQqr64PX9W8tngPIrSmPt+AKu
 zmWbVeqh0i1CokxUYvyMugirdxV8N4agcvqAqOz+mc1xcnnMDuQ3RiL9SAvf1en7
 r/9dKMgidPIzwcnhXYdSf4ECgYAyilqYSR8KFuoJfClG11/NV/9nH8QT7tYWQu3E
 yFX4ZpJvxo7fqzC11AbzN1teqsiHRhtwYVX5Ume94ZTsFb2iA2eVbCJQzehSdD6T
 xgs2dBSgKpqBmf2Q2yf+qDZ8SONPs6Qc2t79do45PUHXiDDa8dYdkmDU6oPRmD9U
 L98L2wKBgQCm0Zu2ypTMZKqjOO5w1NjEnOkNH/H8HPOVvTUkng01IXEdb/5n0r4J
 aFkH3NYhEOwYIu3T2q5nzlZMmiqE/qt3wJvrGAAb5o/ri4lx0KAxCg4N6O9AhidR
 g5WRXfRP/rNUt0sqQlND7dAABuRHVAvFCBaAi1LwpC3ZivkWLbLw3A==
 -----END RSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
 MIIDlzCCAn+gAwIBAgIJALK8ctSzqLfwMA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNV
 BAYTAjk4MQwwCgYDVQQIDANraHoxDDAKBgNVBAcMA2F3aDEMMAoGA1UECgwDNDlm
 MQswCQYDVQQLDAJmajEKMAgGA1UEAwwBYTEQMA4GCSqGSIb3DQEJARYBczAeFw0y
 MjExMTAwMDM4MjVaFw0yNTExMDkwMDM4MjVaMGIxCzAJBgNVBAYTAjk4MQwwCgYD
 VQQIDANraHoxDDAKBgNVBAcMA2F3aDEMMAoGA1UECgwDNDlmMQswCQYDVQQLDAJm
 ajEKMAgGA1UEAwwBYTEQMA4GCSqGSIb3DQEJARYBczCCASIwDQYJKoZIhvcNAQEB
 BQADggEPADCCAQoCggEBALtk31ubVGl79Zzcxiv+gCtiIw4RdA/DITWLVTS1tsyv
 KCyxaNeIy4ealogodWYA8uUPLF9jfTg/d1vBYpuJ1RqhGYytYnrufS3Ja5IZGzmc
 B6qeqCcFs8v8K0UxawwMcufO2Qn2rOBfK3YRqoeVhBA4OI4EC2E+jOJXVE5uwzZ/
 E4ypXD2H7rPIfp24Q/htpexfSz1OgXboFAroivnR4ep0yaRbPJ4Gys7263P/6rB2
 SjJ64gMVhtXiMeWr+rWioB67pMBnFz5jZQpGKb88iTO3rW0Fw3u7LVU3AKQNRcyy
 D+XyNZJfuzmIKHZ4w7eEmvMD279wpmr0IVa0bptebGMCAwEAAaNQME4wHQYDVR0O
 BBYEFLEfb7IKpD1o46qGpZhfCAw/QWd2MB8GA1UdIwQYMBaAFLEfb7IKpD1o46qG
 pZhfCAw/QWd2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJTiqShs
 ZLgTMgcn+WpYaXH2qrkHeqE9IbS0NjcpTp62WOqJsYDXtbBzNKrnavqsbT9vUjRX
 dRoUTgRyMW7Y7+Xzc8a/aLWKYzxdREO2muCCp+xDhHsjzst2BRmaotuYuGgYIdJH
 DlDYq/b6Exv/SwctxVq//fYccLtFnLM9ZcM3VScMr5gG0L2Rtcsyr/v4SfE9we71
 5UKFrSO5J5Dx2pKzAmybe/anZibCeHxSIi57IxpqjKWCIdRd3cXY5iV7rPIt3Mm/
 eRYbUcWWyncnJQ+hlAzlzlw6PQhUXOxb0pTPpli8w4pK7+puIzVUAh0pku1ITmwC
 VVEgBfzD4bXxzCc=
 -----END CERTIFICATE-----
 EOF

 cat > /etc/stunnel/stunnel.conf <<EOF
 cert = /etc/stunnel/stunnel.pem
 pid = /var/run/stunnel.pid
 setuid = root
 setgid = root
 output = /var/log/stunnel.log
 [squid]
 accept = $PORTs
 connect = 127.0.0.1:$PORT
 EOF

 cat > /etc/systemd/system/stunnel.service <<EOF
 [Unit]
 Description=SSL tunnel for network daemons
 After=network.target
 After=syslog.target

 [Install]
 WantedBy=multi-user.target
 Alias=stunnel.target

 [Service]
 Type=forking
 ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
 ExecStop=/usr/bin/killall -9 stunnel

 # Give up if ping don't get an answer
 TimeoutSec=600

 Restart=always
 PrivateTmp=false
 EOF

 systemctl enable stunnel
 systemctl start stunnel
 systemctl status stunnel 

 Ethernet=$(ip link | awk -F: '$0 !~ "lo|vir|wl|^[^0-9]"{print $2;getline}' | head -1 )
 systemctl stop firewalld
 systemctl disable firewalld
 systemctl mask firewalld
 systemctl start iptables
 systemctl enable iptables
 iptables -t nat -F
 iptables -t mangle -F
 iptables -F
 iptables -X
 iptables -A INPUT -p tcp  --match multiport --dports $PORT,$PORTs -j ACCEPT
 iptables -t nat -A POSTROUTING -o  $Ethernet -j MASQUERADE
 echo "net.ipv4.ip_forward=1" > /etc/sysctl.conf
 sysctl -p
 service iptables save
 service iptables restart



 cat > /etc/systemd/system/zebedee.service <<EOF
 [Unit]
 Description=zebedee for network daemons
 After=network.target
 After=syslog.target
 [Install]
 WantedBy=multi-user.target
 Alias=zebedee.target
 [Service]
 Type=forking
 ExecStart=/root/zebedee-2.5.3/zebedee  -f /root/zebedee-2.5.3/config.zbd
 ExecStop=/usr/bin/killall -9 zebedee
 # Give up if ping don't get an answer
 TimeoutSec=600
 Restart=always
 PrivateTmp=false
 EOF

 systemctl enable zebedee
 systemctl start zebedee
 systemctl status zebedee




 systemctl enable squid
 systemctl restart squid

 lsof -i :PORT
 lsof -i :PORTs
	#!/bin/bash
	#Stunnel
	read -p "Enter Your IBSNG domain : " -e -i 37.152.181.148 IBSNG
	read -p "Port https Default is 443 : " -e -i 443 PORTs
	read -p "Port http Default is 443 : " -e -i 80 PORT
	read -p "preshared key default is 123456 : " -e -i 123456 Sharekey


	yum update -y
	yum groupinstall "Development Tools" -y
	yum install make gcc crypt* libgcrypt* squid openssl stunnel lsof nano wget net-tools -y
	wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -O /root/epel-release-latest-7.noarch.rpm
	yum localinstall /root/epel-release-latest-7.noarch.rpm -y
	yum install certbot iptables-services -y


	cd
	wget http://www.squid-cache.org/contrib/squid_radius_auth/squid_radius_auth-1.10.tar.gz
	tar -zxvf squid_radius_auth-1.10.tar.gz
	cd squid_radius_auth-1.10
	make
	make install


	cat > /usr/local/squid/etc/squid_radius_auth.conf << EOF
	server $IBSNG
	secret $Sharekey
	EOF


	cat > /etc/squid/squid.conf <<EOF
	auth_param basic program /usr/lib64/squid/basic_radius_auth -f /usr/local/squid/etc/squid_radius_auth.conf
	auth_param basic children 20 startup=0 idle=1
	auth_param basic credentialsttl 10 seconds
	auth_param basic realm DarkLoveProxyAccess
	auth_param basic casesensitive on
	acl AuthUsers proxy_auth REQUIRED
	http_access allow AuthUsers
	http_port 80
	http_port 443
	http_port 444
	http_port 500
	http_port 7080
	http_port 11965
	acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
	acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
	acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
	acl localnet src fc00::/7 # RFC 4193 local private network range
	acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
	acl SSL_ports port 443
	acl Safe_ports port 80 # http
	acl Safe_ports port 21 # ftp
	acl Safe_ports port 443 # https
	acl Safe_ports port 70 # gopher
	acl Safe_ports port 210 # wais
	acl Safe_ports port 1025-65535 # unregistered ports
	acl Safe_ports port 280 # http-mgmt
	acl Safe_ports port 488 # gss-http
	acl Safe_ports port 591 # filemaker
	acl Safe_ports port 777 # multiling http
	acl CONNECT method CONNECT
	http_access deny !Safe_ports
	http_access deny CONNECT !SSL_ports
	http_access allow localhost manager
	http_access deny manager
	http_access allow localnet
	http_access allow localhost
	http_access deny all
	coredump_dir /var/spool/squid
	refresh_pattern ^ftp: 1440 20% 10080
	refresh_pattern ^gopher: 1440 0% 1440
	refresh_pattern -i (/cgi-bin/\|\?) 0 0% 0
	refresh_pattern . 0 20% 4320
	EOF

	service squid restart
	chkconfig squid on
	service squid status



	cd
	wget http://www.users.freenetname.co.uk/~ndwinton/zebedee/blowfish-0.9.5a.tar.gz
	wget http://www.users.freenetname.co.uk/~ndwinton/zebedee/zlib-1.2.3.tar.gz
	wget http://www.users.freenetname.co.uk/~ndwinton/zebedee/bzip2-1.0.3.tar.gz



	tar -zxvf blowfish-0.9.5a.tar.gz
	tar -zxvf zlib-1.2.3.tar.gz
	tar -zxvf bzip2-1.0.3.tar.gz

	cd blowfish-0.9.5a
	make

	cd
	cd zlib-1.2.3
	make

	cd
	cd bzip2-1.0.3
	make


	cd
	wget https://fossies.org/linux/privat/old/zebedee-2.5.3.tar.gz
	tar -zxvf zebedee-2.5.3.tar.gz
	cd /root/zebedee-2.5.3/ &&
	make OS=linux

	cd

	cat > /root/zebedee-2.5.3/config.zbd <<EOF
	detached true
	server true
	serverport 11965
	idletimeout 120
	compression 0
	minkeylength 0
	checksumlevel 0
	EOF


	cat > /etc/stunnel/stunnel.pem <<EOF
	-----BEGIN RSA PRIVATE KEY-----
	MIIEpAIBAAKCAQEAu2TfW5tUaXv1nNzGK/6AK2IjDhF0D8MhNYtVNLW2zK8oLLFo
	14jLh5qWiCh1ZgDy5Q8sX2N9OD93W8Fim4nVGqEZjK1ieu59LclrkhkbOZwHqp6o
	JwWzy/wrRTFrDAxy587ZCfas4F8rdhGqh5WEEDg4jgQLYT6M4ldUTm7DNn8TjKlc
	PYfus8h+nbhD+G2l7F9LPU6BdugUCuiK+dHh6nTJpFs8ngbKzvbrc//qsHZKMnri
	AxWG1eIx5av6taKgHrukwGcXPmNlCkYpvzyJM7etbQXDe7stVTcApA1FzLIP5fI1
	kl+7OYgodnjDt4Sa8wPbv3CmavQhVrRum15sYwIDAQABAoIBABN+wQXkuPloXfr9
	tNgq1+arhP4Xrr1dDX1mi2y6YtQUfNd5dXDG2HW5DWQI4X3FJ3/Q/krGLObHI4G2
	Mq3/vt3QWLob55zmZrt2suw2FHD/3IRRkSjOHRBhoZbHN12/hcy75jR1JzMIc5sK
	53THhz+wuaF8pjptqXZ6o1itiT2H+QxFpPHNiM88Ord2alliv1oiinH82bAn9ngj
	XG5NpS0gPPNC6jJ6RJbC+P3k31ktfeRryRD12SS2k+qzOtjb0MZ1mULeRIvMiQM0
	6FMAmqtiuWY24M7rbrmYBLNw8eXjZBILOia3JbJOnijI/dKHanyBT0iO43CfAh0R
	q9RDaUECgYEA8ylcg534ASlUtPmRWIXBC2bXeawAD4Imh/6tuwTqdq3d5ZeXQGsA
	0dm1BhI73rNlOqoB9rXEP5+ppE4YkcHg1PGYOayOi9D/9zEZ64bDzRbhUMWt0UCx
	W5LHxDBKHIxB3c7jLY20MpVKSrVDeMjuypoGfUyCjDr9T1Lu6U7gj9ECgYEAxUm9
	5OJ0RRK2GUD70nLbvFtBgfJbJf81GGWstelC55DLFEelN2Wx+dIN3T0zEPFlM86y
	1j9Qv6TFjviOUgt2VirfF43RgfZ4zQD58mCwF6d8cX604Dcf1e0ixyxvYSqcuo88
	1QfZs7ESN+Q8B0oBPLaQ8HByC3yx2vK7pkSimfMCgYEA6QlCuIC0JajOnYJwYT4O
	fDbbWqgUhshc1Qimxw03BvYqKtbVBc+GwZa7fk4LQqr64PX9W8tngPIrSmPt+AKu
	zmWbVeqh0i1CokxUYvyMugirdxV8N4agcvqAqOz+mc1xcnnMDuQ3RiL9SAvf1en7
	r/9dKMgidPIzwcnhXYdSf4ECgYAyilqYSR8KFuoJfClG11/NV/9nH8QT7tYWQu3E
	yFX4ZpJvxo7fqzC11AbzN1teqsiHRhtwYVX5Ume94ZTsFb2iA2eVbCJQzehSdD6T
	xgs2dBSgKpqBmf2Q2yf+qDZ8SONPs6Qc2t79do45PUHXiDDa8dYdkmDU6oPRmD9U
	L98L2wKBgQCm0Zu2ypTMZKqjOO5w1NjEnOkNH/H8HPOVvTUkng01IXEdb/5n0r4J
	aFkH3NYhEOwYIu3T2q5nzlZMmiqE/qt3wJvrGAAb5o/ri4lx0KAxCg4N6O9AhidR
	g5WRXfRP/rNUt0sqQlND7dAABuRHVAvFCBaAi1LwpC3ZivkWLbLw3A==
	-----END RSA PRIVATE KEY-----
	-----BEGIN CERTIFICATE-----
	MIIDlzCCAn+gAwIBAgIJALK8ctSzqLfwMA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNV
	BAYTAjk4MQwwCgYDVQQIDANraHoxDDAKBgNVBAcMA2F3aDEMMAoGA1UECgwDNDlm
	MQswCQYDVQQLDAJmajEKMAgGA1UEAwwBYTEQMA4GCSqGSIb3DQEJARYBczAeFw0y
	MjExMTAwMDM4MjVaFw0yNTExMDkwMDM4MjVaMGIxCzAJBgNVBAYTAjk4MQwwCgYD
	VQQIDANraHoxDDAKBgNVBAcMA2F3aDEMMAoGA1UECgwDNDlmMQswCQYDVQQLDAJm
	ajEKMAgGA1UEAwwBYTEQMA4GCSqGSIb3DQEJARYBczCCASIwDQYJKoZIhvcNAQEB
	BQADggEPADCCAQoCggEBALtk31ubVGl79Zzcxiv+gCtiIw4RdA/DITWLVTS1tsyv
	KCyxaNeIy4ealogodWYA8uUPLF9jfTg/d1vBYpuJ1RqhGYytYnrufS3Ja5IZGzmc
	B6qeqCcFs8v8K0UxawwMcufO2Qn2rOBfK3YRqoeVhBA4OI4EC2E+jOJXVE5uwzZ/
	E4ypXD2H7rPIfp24Q/htpexfSz1OgXboFAroivnR4ep0yaRbPJ4Gys7263P/6rB2
	SjJ64gMVhtXiMeWr+rWioB67pMBnFz5jZQpGKb88iTO3rW0Fw3u7LVU3AKQNRcyy
	D+XyNZJfuzmIKHZ4w7eEmvMD279wpmr0IVa0bptebGMCAwEAAaNQME4wHQYDVR0O
	BBYEFLEfb7IKpD1o46qGpZhfCAw/QWd2MB8GA1UdIwQYMBaAFLEfb7IKpD1o46qG
	pZhfCAw/QWd2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJTiqShs
	ZLgTMgcn+WpYaXH2qrkHeqE9IbS0NjcpTp62WOqJsYDXtbBzNKrnavqsbT9vUjRX
	dRoUTgRyMW7Y7+Xzc8a/aLWKYzxdREO2muCCp+xDhHsjzst2BRmaotuYuGgYIdJH
	DlDYq/b6Exv/SwctxVq//fYccLtFnLM9ZcM3VScMr5gG0L2Rtcsyr/v4SfE9we71
	5UKFrSO5J5Dx2pKzAmybe/anZibCeHxSIi57IxpqjKWCIdRd3cXY5iV7rPIt3Mm/
	eRYbUcWWyncnJQ+hlAzlzlw6PQhUXOxb0pTPpli8w4pK7+puIzVUAh0pku1ITmwC
	VVEgBfzD4bXxzCc=
	-----END CERTIFICATE-----
	EOF

	cat > /etc/stunnel/stunnel.conf <<EOF
	cert = /etc/stunnel/stunnel.pem
	pid = /var/run/stunnel.pid
	setuid = root
	setgid = root
	output = /var/log/stunnel.log
	[squid]
	accept = $PORTs
	connect = 127.0.0.1:$PORT
	EOF

	cat > /etc/systemd/system/stunnel.service <<EOF
	[Unit]
	Description=SSL tunnel for network daemons
	After=network.target
	After=syslog.target

	[Install]
	WantedBy=multi-user.target
	Alias=stunnel.target

	[Service]
	Type=forking
	ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
	ExecStop=/usr/bin/killall -9 stunnel

	# Give up if ping don't get an answer
	TimeoutSec=600

	Restart=always
	PrivateTmp=false
	EOF

	systemctl enable stunnel
	systemctl start stunnel
	systemctl status stunnel

	Ethernet=$(ip link \| awk -F: '$0 !~ "lo\|vir\|wl\|^[^0-9]"{print $2;getline}' \| head -1 )
	systemctl stop firewalld
	systemctl disable firewalld
	systemctl mask firewalld
	systemctl start iptables
	systemctl enable iptables
	iptables -t nat -F
	iptables -t mangle -F
	iptables -F
	iptables -X
	iptables -A INPUT -p tcp --match multiport --dports $PORT,$PORTs -j ACCEPT
	iptables -t nat -A POSTROUTING -o $Ethernet -j MASQUERADE
	echo "net.ipv4.ip_forward=1" > /etc/sysctl.conf
	sysctl -p
	service iptables save
	service iptables restart



	cat > /etc/systemd/system/zebedee.service <<EOF
	[Unit]
	Description=zebedee for network daemons
	After=network.target
	After=syslog.target
	[Install]
	WantedBy=multi-user.target
	Alias=zebedee.target
	[Service]
	Type=forking
	ExecStart=/root/zebedee-2.5.3/zebedee -f /root/zebedee-2.5.3/config.zbd
	ExecStop=/usr/bin/killall -9 zebedee
	# Give up if ping don't get an answer
	TimeoutSec=600
	Restart=always
	PrivateTmp=false
	EOF

	systemctl enable zebedee
	systemctl start zebedee
	systemctl status zebedee




	systemctl enable squid
	systemctl restart squid

	lsof -i :PORT
	lsof -i :PORTs