#!/bin/bash
clear
echo "============================================="
echo " 全系Linux通用 PPTP VPN 一键脚本（小邹专用） "
echo "                                             "
echo "    建议 Ubuntu22.04系统 其他版本自行测试    "
echo "============================================="

#================= 自定义账号密码 =================
VPN_USER="135492"
VPN_PASS="qq135492"
#==================================================

# 解决Ubuntu22.04识别网卡兼容问题
NIC=$(ip route | grep default | awk '{print $5}' | head -1)
[ -z "$NIC" ] && NIC="eth0"

echo -e "\n自动识别网卡：$NIC"
echo -e "VPN 账号：$VPN_USER"
echo -e "VPN 密码：$VPN_PASS\n"

echo "[1] 安装依赖（含iptables持久化工具）..."
if [ -f /etc/redhat-release ]; then
  yum install -y ppp pptpd iptables-services >/dev/null 2>&1
else
  # Ubuntu22.04安装iptables-persistent持久化规则，自动确认配置
  apt update >/dev/null 2>&1
  DEBIAN_FRONTEND=noninteractive apt install -y ppp pptpd iptables iptables-persistent netfilter-persistent >/dev/null 2>&1
  # 切换回传统iptables（解决nftables兼容问题）
  update-alternatives --set iptables /usr/sbin/iptables-legacy >/dev/null 2>&1
  update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy >/dev/null 2>&1
fi

echo "[2] 配置 pptpd.conf..."
cat >/etc/pptpd.conf <<EOF
option /etc/ppp/options.pptpd
localip 192.168.22.1
remoteip 192.168.22.10-254
EOF

echo "[3] 配置 PPP 参数..."
cat >/etc/ppp/options.pptpd <<EOF
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 1.1.1.1
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
EOF

echo "[4] 写入账号密码..."
cat >/etc/ppp/chap-secrets <<EOF
$VPN_USER pptpd $VPN_PASS *
EOF

echo "[5] 开启IP转发（持久化）..."
# 确保ip_forward永久生效
sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p >/dev/null 2>&1
# 临时生效（避免重启前失效）
echo 1 > /proc/sys/net/ipv4/ip_forward

echo "[6] 配置防火墙转发（持久化）..."
# 清空旧规则
iptables -t nat -F
iptables -F
# 配置转发规则
iptables -t nat -A POSTROUTING -o $NIC -j MASQUERADE
iptables -A FORWARD -p tcp --syn -s 192.168.22.0/24 -j TCPMSS --set-mss 1356
# 允许PPTP相关端口（1723/TCP和GRE协议）
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -A FORWARD -p gre -j ACCEPT

# 持久化iptables规则（Ubuntu专用）
if [ ! -f /etc/redhat-release ]; then
  netfilter-persistent save >/dev/null 2>&1
  systemctl enable netfilter-persistent >/dev/null 2>&1
else
  service iptables save >/dev/null 2>&1
  systemctl enable iptables >/dev/null 2>&1
fi

# 关闭冲突防火墙
systemctl stop firewalld >/dev/null 2>&1
systemctl disable firewalld >/dev/null 2>&1
ufw disable >/dev/null 2>&1

echo "[7] 修复PPTPD自启依赖（Ubuntu22.04）..."
# 创建pptpd.service的依赖配置，确保网络就绪后启动
mkdir -p /etc/systemd/system/pptpd.service.d
cat >/etc/systemd/system/pptpd.service.d/override.conf <<EOF
[Unit]
After=network-online.target netfilter-persistent.service
Wants=network-online.target
[Service]
Restart=always
RestartSec=5
ExecStartPost=/bin/bash -c 'iptables -t nat -A POSTROUTING -o $NIC -j MASQUERADE; iptables -A FORWARD -p tcp --syn -s 192.168.22.0/24 -j TCPMSS --set-mss 1356'
EOF

# 重新加载systemd配置
systemctl daemon-reload

echo "[8] 启动并强制启用自启..."
systemctl enable --now pptpd
# 验证自启状态
systemctl is-enabled pptpd >/dev/null 2>&1 && echo "PPTPD自启已启用" || echo "PPTPD自启配置失败"

# 获取公网IP
WANIP=$(curl -s --connect-timeout 2 ipv4.icanhazip.com || curl -s --connect-timeout 2 ip.sb)
[ -z "$WANIP" ] && WANIP="【服务器公网IP】"

echo ""
echo "============================================="
echo "安装完成！"
echo ""
echo "服务器IP：$WANIP"
echo "VPN 账号：$VPN_USER"
echo "VPN 密码：$VPN_PASS"
echo "协议：PPTP"
echo "MPPE：128位"
echo "============================================="
echo "关键优化："
echo "1. 解决Ubuntu22.04 nftables兼容问题"
echo "2. iptables规则持久化（重启不丢失）"
echo "3. PPTPD服务依赖网络就绪后启动"
echo "4. 自动修复PPTPD重启策略"
echo "============================================="