thuanpham582002 · July 3, 2025 01:21
diff --git a/SoftEther VPN Server Auto Installation Script b/SoftEther VPN Server Auto Installation Script
 #!/bin/bash

 # SoftEther VPN Server Auto Installation Script - NO SYSTEM UPGRADE
 # Headless 100% - No Interaction Required - FASTER VERSION
 # Author: AI Assistant
 # Version: 1.1 - Skip System Upgrade

 set -e  # Exit on any error

 # Configuration variables
 VPN_USER="vpn"
 VPN_PASS="vpn"
 ADMIN_PASS="admin123"
 # Better SERVER_IP detection with fallbacks
 get_server_ip() {
    local ip=""
    
    # Try multiple methods to get external IP
    for url in "ifconfig.me" "ipinfo.io/ip" "icanhazip.com" "ident.me"; do
        ip=$(curl -s --connect-timeout 5 --max-time 10 "$url" 2>/dev/null | grep -oE '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$')
        if [[ -n "$ip" ]]; then
            echo "$ip"  # Only IP goes to stdout
            return 0
        fi
    done
    
    # Fallback to local IP
    ip=$(hostname -I 2>/dev/null | awk '{print $1}' | grep -oE '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$')
    if [[ -n "$ip" ]]; then
        echo "$ip"  # Only IP goes to stdout
        return 0
    fi
    
    # Last resort
    echo "127.0.0.1"  # Only IP goes to stdout
 }

 SERVER_IP=$(get_server_ip)
 VPN_PORT="1194"

 # Colors for output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color

 # Logging function
 log() {
    echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
 }

 error() {
    echo -e "${RED}[ERROR]${NC} $1" >&2
 }

 warning() {
    echo -e "${YELLOW}[WARNING]${NC} $1"
 }

 info() {
    echo -e "${BLUE}[INFO]${NC} $1"
 }

 # Check if running as root
 check_root() {
    if [[ $EUID -ne 0 ]]; then
        error "This script must be run as root"
        exit 1
    fi
 }

 # Detect OS
 detect_os() {
    if [[ -f /etc/os-release ]]; then
        . /etc/os-release
        OS=$NAME
        VER=$VERSION_ID
    else
        error "Cannot detect OS version"
        exit 1
    fi
    
    log "Detected OS: $OS $VER"
 }

 # Update package list only (không upgrade packages)
 update_package_list() {
    log "Updating package list only (không upgrade system)..."
    if [[ "$OS" == *"Ubuntu"* ]] || [[ "$OS" == *"Debian"* ]]; then
        export DEBIAN_FRONTEND=noninteractive
        apt-get update -y
        warning "⚠️  System packages NOT upgraded - using existing versions"
    elif [[ "$OS" == *"CentOS"* ]] || [[ "$OS" == *"Red Hat"* ]]; then
        yum makecache
        warning "⚠️  System packages NOT upgraded - using existing versions"
    else
        warning "Unsupported OS, continuing anyway..."
    fi
 }

 # Install dependencies (với existing packages)
 install_dependencies() {
    log "Installing required dependencies..."
    if [[ "$OS" == *"Ubuntu"* ]] || [[ "$OS" == *"Debian"* ]]; then
        # Try to install, but don't fail if versions are incompatible
        apt-get install -y --no-upgrade \
            build-essential \
            cmake \
            libiconv-hook-dev \
            libssl-dev \
            zlib1g-dev \
            libreadline-dev \
            libncurses5-dev \
            wget \
            unzip \
            curl \
            net-tools \
            expect 2>/dev/null || {
            warning "Some packages may be outdated, but continuing..."
        }
    elif [[ "$OS" == *"CentOS"* ]] || [[ "$OS" == *"Red Hat"* ]]; then
        yum install -y \
            gcc \
            gcc-c++ \
            make \
            cmake \
            openssl-devel \
            zlib-devel \
            readline-devel \
            ncurses-devel \
            wget \
            unzip \
            curl \
            net-tools \
            expect 2>/dev/null || {
            warning "Some packages may be outdated, but continuing..."
        }
    fi
 }

 # Download and compile SoftEther VPN
 download_compile_softether() {
    log "Downloading SoftEther VPN Server..."
    cd /opt
    
    # Download latest stable version
    DOWNLOAD_URL="https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.34-9745-beta/softether-vpnserver-v4.34-9745-beta-2020.04.05-linux-x64-64bit.tar.gz"
    
    wget -O softether-vpnserver.tar.gz "$DOWNLOAD_URL"
    
    log "Extracting SoftEther VPN Server..."
    tar -xzf softether-vpnserver.tar.gz
    
    cd vpnserver
    
    log "Compiling SoftEther VPN Server với existing tools..."
    
    # Check if we have minimum required tools
    if ! command -v gcc &> /dev/null; then
        error "GCC compiler not found. Please install build-essential first."
        exit 1
    fi
    
    if ! command -v make &> /dev/null; then
        error "Make not found. Please install make first."
        exit 1
    fi
    
    # Create expect script to handle license agreement
    cat > /tmp/license_accept.exp << 'EOF'
 #!/usr/bin/expect -f
 spawn make
 expect "Please choose one of above number:" { send "1\r" }
 expect "Please choose one of above number:" { send "1\r" }
 expect "Please choose one of above number:" { send "1\r" }
 expect eof
 EOF
    
    chmod +x /tmp/license_accept.exp
    
    # Try compilation with error handling
    if ! /tmp/license_accept.exp; then
        error "Compilation failed. This might be due to outdated system packages."
        error "Consider running the full version with system upgrade."
        exit 1
    fi
    
    # Set permissions
    chmod 600 *
    chmod 700 vpnserver
    chmod 700 vpncmd
    
    log "SoftEther VPN Server compiled successfully với existing system!"
 }

 # Start VPN Server
 start_vpn_server() {
    log "Starting SoftEther VPN Server..."
    cd /opt/vpnserver
    ./vpnserver start
    sleep 3
 }

 # Configure VPN Server
 configure_vpn_server() {
    log "Configuring VPN Server..."
    cd /opt/vpnserver
    
    # Stop the server first to reset it
    ./vpnserver stop
    sleep 2
    
    # Start the server fresh
    ./vpnserver start
    sleep 3
    
    # Create configuration script for initial setup (try without password first)
    cat > /tmp/vpn_setup_initial.txt << EOF
 ServerPasswordSet $ADMIN_PASS
 exit
 EOF

    # Try to connect without password first (fresh install)
    log "Setting admin password..."
    if ! (echo "" | timeout 10 ./vpncmd localhost:443 /SERVER /IN:/tmp/vpn_setup_initial.txt); then
        log "Initial connection failed, trying alternative method..."
        # If that fails, try connecting to management interface
        echo "" | timeout 10 ./vpncmd localhost /SERVER /IN:/tmp/vpn_setup_initial.txt
    fi
    
    sleep 2
    
    # Create configuration script for main setup
    cat > /tmp/vpn_setup_main.txt << EOF
 HubCreate DEFAULT /PASSWORD:
 Hub DEFAULT
 UserCreate $VPN_USER /GROUP: /REALNAME:"VPN User" /NOTE:"Auto-created VPN user"
 UserPasswordSet $VPN_USER /PASSWORD:$VPN_PASS
 SecureNatEnable
 OpenVpnEnable yes /PORTS:$VPN_PORT
 OpenVpnMakeConfig openvpn_config.zip
 exit
 EOF

    # Apply main configuration with admin password
    log "Configuring VPN settings..."
    echo "$ADMIN_PASS" | timeout 15 ./vpncmd localhost:443 /SERVER /IN:/tmp/vpn_setup_main.txt
    
    log "VPN Server configured successfully"
 }

 # Generate OpenVPN config
 generate_ovpn_config() {
    log "Generating OpenVPN configuration file..."
    cd /opt/vpnserver
    
    # Extract config files
    unzip -o openvpn_config.zip
    
    # Find the remote access config file
    OVPN_FILE=$(ls *_openvpn_remote_access_l3.ovpn | head -1)
    
    if [[ -z "$OVPN_FILE" ]]; then
        error "OpenVPN config file not found"
        exit 1
    fi
    
    # Create final config file
    cp "$OVPN_FILE" vpn_config.ovpn
    
    # Debug: show what we're working with
    log "DEBUG: SERVER_IP='$SERVER_IP'"
    log "DEBUG: VPN_PORT='$VPN_PORT'"
    log "DEBUG: OVPN_FILE='$OVPN_FILE'"
    
    # Validate SERVER_IP format
    if [[ ! "$SERVER_IP" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
        warning "SERVER_IP không hợp lệ: '$SERVER_IP', đang detect lại..."
        SERVER_IP=$(get_server_ip)
        log "SERVER_IP mới: '$SERVER_IP'"
    fi
    
    # Replace server address with actual IP using a more robust approach
    # First, backup original file
    cp vpn_config.ovpn vpn_config.ovpn.backup
    
    # Use awk instead of sed for more reliable replacement
    awk -v server_ip="$SERVER_IP" -v vpn_port="$VPN_PORT" '
    /^remote / {
        print "remote " server_ip " " vpn_port
        next
    }
    { print }
    ' vpn_config.ovpn.backup > vpn_config.ovpn
    
    # Copy to easily accessible location
    cp vpn_config.ovpn /root/vpn_config.ovpn
    cp vpn_config.ovpn /tmp/vpn_config.ovpn
    
    log "OpenVPN config file created at: /root/vpn_config.ovpn"
 }

 # Create systemd service
 create_systemd_service() {
    log "Creating systemd service..."
    
    cat > /etc/systemd/system/softether-vpnserver.service << EOF
 [Unit]
 Description=SoftEther VPN Server
 After=network.target

 [Service]
 Type=forking
 ExecStart=/opt/vpnserver/vpnserver start
 ExecStop=/opt/vpnserver/vpnserver stop
 ExecReload=/bin/kill -HUP \$MAINPID
 KillMode=process
 Restart=on-failure

 [Install]
 WantedBy=multi-user.target
 EOF

    systemctl daemon-reload
    systemctl enable softether-vpnserver
    
    log "Systemd service created and enabled"
 }

 # Configure firewall (basic)
 configure_firewall() {
    log "Configuring firewall (basic rules)..."
    
    # UFW (Ubuntu/Debian)
    if command -v ufw &> /dev/null; then
        ufw allow $VPN_PORT/udp 2>/dev/null || true
        ufw allow 443/tcp 2>/dev/null || true
        ufw allow 5555/tcp 2>/dev/null || true
        # Don't force enable UFW if not already enabled
    fi
    
    # Firewall-cmd (CentOS/RHEL)
    if command -v firewall-cmd &> /dev/null; then
        firewall-cmd --permanent --add-port=$VPN_PORT/udp 2>/dev/null || true
        firewall-cmd --permanent --add-port=443/tcp 2>/dev/null || true
        firewall-cmd --permanent --add-port=5555/tcp 2>/dev/null || true
        firewall-cmd --reload 2>/dev/null || true
    fi
    
    # IPTables fallback (basic rules)
    if command -v iptables &> /dev/null; then
        iptables -I INPUT -p udp --dport $VPN_PORT -j ACCEPT 2>/dev/null || true
        iptables -I INPUT -p tcp --dport 443 -j ACCEPT 2>/dev/null || true
        iptables -I INPUT -p tcp --dport 5555 -j ACCEPT 2>/dev/null || true
    fi
    
    warning "⚠️  Basic firewall rules applied. You may need to configure manually."
 }

 # Check installation
 check_installation() {
    log "Verifying installation..."
    
    # Check if VPN server is running
    if pgrep -f vpnserver > /dev/null; then
        info "✓ VPN Server is running"
    else
        error "✗ VPN Server is not running"
        return 1
    fi
    
    # Check if port is listening
    if netstat -tulpn | grep ":$VPN_PORT " > /dev/null; then
        info "✓ Port $VPN_PORT is listening"
    else
        error "✗ Port $VPN_PORT is not listening"
        return 1
    fi
    
    # Check config file
    if [[ -f /root/vpn_config.ovpn ]]; then
        info "✓ OpenVPN config file created"
    else
        error "✗ OpenVPN config file not found"
        return 1
    fi
 }

 # Display final information
 show_final_info() {
    echo ""
    echo "=================================================================="
    echo -e "${GREEN}🚀 SoftEther VPN Server Installation Complete! (NO UPGRADE)${NC}"
    echo "=================================================================="
    echo ""
    echo -e "${YELLOW}⚠️  THÔNG BÁO QUAN TRỌNG:${NC}"
    echo -e "${YELLOW}   System KHÔNG được upgrade để cài nhanh hơn${NC}"
    echo -e "${YELLOW}   Khuyến nghị chạy system update sau khi test VPN OK${NC}"
    echo ""
    echo -e "${BLUE}Server Information:${NC}"
    echo "  Server IP: $SERVER_IP"
    echo "  OpenVPN Port: $VPN_PORT (UDP)"
    echo "  Admin Password: $ADMIN_PASS"
    echo ""
    echo -e "${BLUE}VPN User Credentials:${NC}"
    echo "  Username: $VPN_USER"
    echo "  Password: $VPN_PASS"
    echo ""
    echo -e "${BLUE}Configuration Files:${NC}"
    echo "  OpenVPN Config: /root/vpn_config.ovpn"
    echo "  Backup Config: /tmp/vpn_config.ovpn"
    echo ""
    echo -e "${BLUE}Management URLs:${NC}"
    echo "  Web Admin: https://$SERVER_IP:5555/"
    echo "  VPN Server: $SERVER_IP:443"
    echo ""
    echo -e "${BLUE}Service Management:${NC}"
    echo "  Start: systemctl start softether-vpnserver"
    echo "  Stop: systemctl stop softether-vpnserver"
    echo "  Status: systemctl status softether-vpnserver"
    echo ""
    echo -e "${YELLOW}Security Recommendations:${NC}"
    echo "1. 🔄 Chạy system update sau khi test VPN: apt update && apt upgrade"
    echo "2. 🔒 Thay đổi password mặc định"
    echo "3. 🛡️  Cấu hình firewall chi tiết hơn nếu cần"
    echo "4. 📊 Monitor system security updates định kỳ"
    echo ""
    echo -e "${BLUE}Next Steps:${NC}"
    echo "1. Download /root/vpn_config.ovpn to your client device"
    echo "2. Import the .ovpn file into your OpenVPN client"
    echo "3. Connect using username: $VPN_USER, password: $VPN_PASS"
    echo ""
    echo "=================================================================="
 }

 # Cleanup function
 cleanup() {
    log "Cleaning up temporary files..."
    rm -f /tmp/license_accept.exp
    rm -f /tmp/vpn_setup_initial.txt
    rm -f /tmp/vpn_setup_main.txt
    rm -f /opt/softether-vpnserver.tar.gz
 }

 # Main installation function
 main() {
    echo "=================================================================="
    echo -e "${GREEN}SoftEther VPN Server Auto Installer - FAST VERSION${NC}"
    echo -e "${BLUE}Headless Installation - No System Upgrade${NC}"
    echo -e "${YELLOW}⚠️  SYSTEM SẼ KHÔNG ĐƯỢC UPGRADE ĐỂ CÀI NHANH HỠN${NC}"
    echo "=================================================================="
    echo ""
    
    check_root
    detect_os
    update_package_list
    install_dependencies
    download_compile_softether
    start_vpn_server
    configure_vpn_server
    generate_ovpn_config
    create_systemd_service
    configure_firewall
    
    if check_installation; then
        cleanup
        show_final_info
        log "Installation completed successfully! (without system upgrade)"
        exit 0
    else
        error "Installation verification failed!"
        exit 1
    fi
 }

 # Run main function
 main "$@"
	#!/bin/bash

	# SoftEther VPN Server Auto Installation Script - NO SYSTEM UPGRADE
	# Headless 100% - No Interaction Required - FASTER VERSION
	# Author: AI Assistant
	# Version: 1.1 - Skip System Upgrade

	set -e # Exit on any error

	# Configuration variables
	VPN_USER="vpn"
	VPN_PASS="vpn"
	ADMIN_PASS="admin123"
	# Better SERVER_IP detection with fallbacks
	get_server_ip() {
	local ip=""

	# Try multiple methods to get external IP
	for url in "ifconfig.me" "ipinfo.io/ip" "icanhazip.com" "ident.me"; do
	ip=$(curl -s --connect-timeout 5 --max-time 10 "$url" 2>/dev/null \| grep -oE '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$')
	if [[ -n "$ip" ]]; then
	echo "$ip" # Only IP goes to stdout
	return 0
	fi
	done

	# Fallback to local IP
	ip=$(hostname -I 2>/dev/null \| awk '{print $1}' \| grep -oE '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$')
	if [[ -n "$ip" ]]; then
	echo "$ip" # Only IP goes to stdout
	return 0
	fi

	# Last resort
	echo "127.0.0.1" # Only IP goes to stdout
	}

	SERVER_IP=$(get_server_ip)
	VPN_PORT="1194"

	# Colors for output
	RED='\033[0;31m'
	GREEN='\033[0;32m'
	YELLOW='\033[1;33m'
	BLUE='\033[0;34m'
	NC='\033[0m' # No Color

	# Logging function
	log() {
	echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
	}

	error() {
	echo -e "${RED}[ERROR]${NC} $1" >&2
	}

	warning() {
	echo -e "${YELLOW}[WARNING]${NC} $1"
	}

	info() {
	echo -e "${BLUE}[INFO]${NC} $1"
	}

	# Check if running as root
	check_root() {
	if [[ $EUID -ne 0 ]]; then
	error "This script must be run as root"
	exit 1
	fi
	}

	# Detect OS
	detect_os() {
	if [[ -f /etc/os-release ]]; then
	. /etc/os-release
	OS=$NAME
	VER=$VERSION_ID
	else
	error "Cannot detect OS version"
	exit 1
	fi

	log "Detected OS: $OS $VER"
	}

	# Update package list only (không upgrade packages)
	update_package_list() {
	log "Updating package list only (không upgrade system)..."
	if [[ "$OS" == "Ubuntu" ]] \|\| [[ "$OS" == "Debian" ]]; then
	export DEBIAN_FRONTEND=noninteractive
	apt-get update -y
	warning "⚠️ System packages NOT upgraded - using existing versions"
	elif [[ "$OS" == "CentOS" ]] \|\| [[ "$OS" == "Red Hat" ]]; then
	yum makecache
	warning "⚠️ System packages NOT upgraded - using existing versions"
	else
	warning "Unsupported OS, continuing anyway..."
	fi
	}

	# Install dependencies (với existing packages)
	install_dependencies() {
	log "Installing required dependencies..."
	if [[ "$OS" == "Ubuntu" ]] \|\| [[ "$OS" == "Debian" ]]; then
	# Try to install, but don't fail if versions are incompatible
	apt-get install -y --no-upgrade \
	build-essential \
	cmake \
	libiconv-hook-dev \
	libssl-dev \
	zlib1g-dev \
	libreadline-dev \
	libncurses5-dev \
	wget \
	unzip \
	curl \
	net-tools \
	expect 2>/dev/null \|\| {
	warning "Some packages may be outdated, but continuing..."
	}
	elif [[ "$OS" == "CentOS" ]] \|\| [[ "$OS" == "Red Hat" ]]; then
	yum install -y \
	gcc \
	gcc-c++ \
	make \
	cmake \
	openssl-devel \
	zlib-devel \
	readline-devel \
	ncurses-devel \
	wget \
	unzip \
	curl \
	net-tools \
	expect 2>/dev/null \|\| {
	warning "Some packages may be outdated, but continuing..."
	}
	fi
	}

	# Download and compile SoftEther VPN
	download_compile_softether() {
	log "Downloading SoftEther VPN Server..."
	cd /opt

	# Download latest stable version
	DOWNLOAD_URL="https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.34-9745-beta/softether-vpnserver-v4.34-9745-beta-2020.04.05-linux-x64-64bit.tar.gz"

	wget -O softether-vpnserver.tar.gz "$DOWNLOAD_URL"

	log "Extracting SoftEther VPN Server..."
	tar -xzf softether-vpnserver.tar.gz

	cd vpnserver

	log "Compiling SoftEther VPN Server với existing tools..."

	# Check if we have minimum required tools
	if ! command -v gcc &> /dev/null; then
	error "GCC compiler not found. Please install build-essential first."
	exit 1
	fi

	if ! command -v make &> /dev/null; then
	error "Make not found. Please install make first."
	exit 1
	fi

	# Create expect script to handle license agreement
	cat > /tmp/license_accept.exp << 'EOF'
	#!/usr/bin/expect -f
	spawn make
	expect "Please choose one of above number:" { send "1\r" }
	expect "Please choose one of above number:" { send "1\r" }
	expect "Please choose one of above number:" { send "1\r" }
	expect eof
	EOF

	chmod +x /tmp/license_accept.exp

	# Try compilation with error handling
	if ! /tmp/license_accept.exp; then
	error "Compilation failed. This might be due to outdated system packages."
	error "Consider running the full version with system upgrade."
	exit 1
	fi

	# Set permissions
	chmod 600 *
	chmod 700 vpnserver
	chmod 700 vpncmd

	log "SoftEther VPN Server compiled successfully với existing system!"
	}

	# Start VPN Server
	start_vpn_server() {
	log "Starting SoftEther VPN Server..."
	cd /opt/vpnserver
	./vpnserver start
	sleep 3
	}

	# Configure VPN Server
	configure_vpn_server() {
	log "Configuring VPN Server..."
	cd /opt/vpnserver

	# Stop the server first to reset it
	./vpnserver stop
	sleep 2

	# Start the server fresh
	./vpnserver start
	sleep 3

	# Create configuration script for initial setup (try without password first)
	cat > /tmp/vpn_setup_initial.txt << EOF
	ServerPasswordSet $ADMIN_PASS
	exit
	EOF

	# Try to connect without password first (fresh install)
	log "Setting admin password..."
	if ! (echo "" \| timeout 10 ./vpncmd localhost:443 /SERVER /IN:/tmp/vpn_setup_initial.txt); then
	log "Initial connection failed, trying alternative method..."
	# If that fails, try connecting to management interface
	echo "" \| timeout 10 ./vpncmd localhost /SERVER /IN:/tmp/vpn_setup_initial.txt
	fi

	sleep 2

	# Create configuration script for main setup
	cat > /tmp/vpn_setup_main.txt << EOF
	HubCreate DEFAULT /PASSWORD:
	Hub DEFAULT
	UserCreate $VPN_USER /GROUP: /REALNAME:"VPN User" /NOTE:"Auto-created VPN user"
	UserPasswordSet $VPN_USER /PASSWORD:$VPN_PASS
	SecureNatEnable
	OpenVpnEnable yes /PORTS:$VPN_PORT
	OpenVpnMakeConfig openvpn_config.zip
	exit
	EOF

	# Apply main configuration with admin password
	log "Configuring VPN settings..."
	echo "$ADMIN_PASS" \| timeout 15 ./vpncmd localhost:443 /SERVER /IN:/tmp/vpn_setup_main.txt

	log "VPN Server configured successfully"
	}

	# Generate OpenVPN config
	generate_ovpn_config() {
	log "Generating OpenVPN configuration file..."
	cd /opt/vpnserver

	# Extract config files
	unzip -o openvpn_config.zip

	# Find the remote access config file
	OVPN_FILE=$(ls *_openvpn_remote_access_l3.ovpn \| head -1)

	if [[ -z "$OVPN_FILE" ]]; then
	error "OpenVPN config file not found"
	exit 1
	fi

	# Create final config file
	cp "$OVPN_FILE" vpn_config.ovpn

	# Debug: show what we're working with
	log "DEBUG: SERVER_IP='$SERVER_IP'"
	log "DEBUG: VPN_PORT='$VPN_PORT'"
	log "DEBUG: OVPN_FILE='$OVPN_FILE'"

	# Validate SERVER_IP format
	if [[ ! "$SERVER_IP" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
	warning "SERVER_IP không hợp lệ: '$SERVER_IP', đang detect lại..."
	SERVER_IP=$(get_server_ip)
	log "SERVER_IP mới: '$SERVER_IP'"
	fi

	# Replace server address with actual IP using a more robust approach
	# First, backup original file
	cp vpn_config.ovpn vpn_config.ovpn.backup

	# Use awk instead of sed for more reliable replacement
	awk -v server_ip="$SERVER_IP" -v vpn_port="$VPN_PORT" '
	/^remote / {
	print "remote " server_ip " " vpn_port
	next
	}
	{ print }
	' vpn_config.ovpn.backup > vpn_config.ovpn

	# Copy to easily accessible location
	cp vpn_config.ovpn /root/vpn_config.ovpn
	cp vpn_config.ovpn /tmp/vpn_config.ovpn

	log "OpenVPN config file created at: /root/vpn_config.ovpn"
	}

	# Create systemd service
	create_systemd_service() {
	log "Creating systemd service..."

	cat > /etc/systemd/system/softether-vpnserver.service << EOF
	[Unit]
	Description=SoftEther VPN Server
	After=network.target

	[Service]
	Type=forking
	ExecStart=/opt/vpnserver/vpnserver start
	ExecStop=/opt/vpnserver/vpnserver stop
	ExecReload=/bin/kill -HUP \$MAINPID
	KillMode=process
	Restart=on-failure

	[Install]
	WantedBy=multi-user.target
	EOF

	systemctl daemon-reload
	systemctl enable softether-vpnserver

	log "Systemd service created and enabled"
	}

	# Configure firewall (basic)
	configure_firewall() {
	log "Configuring firewall (basic rules)..."

	# UFW (Ubuntu/Debian)
	if command -v ufw &> /dev/null; then
	ufw allow $VPN_PORT/udp 2>/dev/null \|\| true
	ufw allow 443/tcp 2>/dev/null \|\| true
	ufw allow 5555/tcp 2>/dev/null \|\| true
	# Don't force enable UFW if not already enabled
	fi

	# Firewall-cmd (CentOS/RHEL)
	if command -v firewall-cmd &> /dev/null; then
	firewall-cmd --permanent --add-port=$VPN_PORT/udp 2>/dev/null \|\| true
	firewall-cmd --permanent --add-port=443/tcp 2>/dev/null \|\| true
	firewall-cmd --permanent --add-port=5555/tcp 2>/dev/null \|\| true
	firewall-cmd --reload 2>/dev/null \|\| true
	fi

	# IPTables fallback (basic rules)
	if command -v iptables &> /dev/null; then
	iptables -I INPUT -p udp --dport $VPN_PORT -j ACCEPT 2>/dev/null \|\| true
	iptables -I INPUT -p tcp --dport 443 -j ACCEPT 2>/dev/null \|\| true
	iptables -I INPUT -p tcp --dport 5555 -j ACCEPT 2>/dev/null \|\| true
	fi

	warning "⚠️ Basic firewall rules applied. You may need to configure manually."
	}

	# Check installation
	check_installation() {
	log "Verifying installation..."

	# Check if VPN server is running
	if pgrep -f vpnserver > /dev/null; then
	info "✓ VPN Server is running"
	else
	error "✗ VPN Server is not running"
	return 1
	fi

	# Check if port is listening
	if netstat -tulpn \| grep ":$VPN_PORT " > /dev/null; then
	info "✓ Port $VPN_PORT is listening"
	else
	error "✗ Port $VPN_PORT is not listening"
	return 1
	fi

	# Check config file
	if [[ -f /root/vpn_config.ovpn ]]; then
	info "✓ OpenVPN config file created"
	else
	error "✗ OpenVPN config file not found"
	return 1
	fi
	}

	# Display final information
	show_final_info() {
	echo ""
	echo "=================================================================="
	echo -e "${GREEN}🚀 SoftEther VPN Server Installation Complete! (NO UPGRADE)${NC}"
	echo "=================================================================="
	echo ""
	echo -e "${YELLOW}⚠️ THÔNG BÁO QUAN TRỌNG:${NC}"
	echo -e "${YELLOW} System KHÔNG được upgrade để cài nhanh hơn${NC}"
	echo -e "${YELLOW} Khuyến nghị chạy system update sau khi test VPN OK${NC}"
	echo ""
	echo -e "${BLUE}Server Information:${NC}"
	echo " Server IP: $SERVER_IP"
	echo " OpenVPN Port: $VPN_PORT (UDP)"
	echo " Admin Password: $ADMIN_PASS"
	echo ""
	echo -e "${BLUE}VPN User Credentials:${NC}"
	echo " Username: $VPN_USER"
	echo " Password: $VPN_PASS"
	echo ""
	echo -e "${BLUE}Configuration Files:${NC}"
	echo " OpenVPN Config: /root/vpn_config.ovpn"
	echo " Backup Config: /tmp/vpn_config.ovpn"
	echo ""
	echo -e "${BLUE}Management URLs:${NC}"
	echo " Web Admin: https://$SERVER_IP:5555/"
	echo " VPN Server: $SERVER_IP:443"
	echo ""
	echo -e "${BLUE}Service Management:${NC}"
	echo " Start: systemctl start softether-vpnserver"
	echo " Stop: systemctl stop softether-vpnserver"
	echo " Status: systemctl status softether-vpnserver"
	echo ""
	echo -e "${YELLOW}Security Recommendations:${NC}"
	echo "1. 🔄 Chạy system update sau khi test VPN: apt update && apt upgrade"
	echo "2. 🔒 Thay đổi password mặc định"
	echo "3. 🛡️ Cấu hình firewall chi tiết hơn nếu cần"
	echo "4. 📊 Monitor system security updates định kỳ"
	echo ""
	echo -e "${BLUE}Next Steps:${NC}"
	echo "1. Download /root/vpn_config.ovpn to your client device"
	echo "2. Import the .ovpn file into your OpenVPN client"
	echo "3. Connect using username: $VPN_USER, password: $VPN_PASS"
	echo ""
	echo "=================================================================="
	}

	# Cleanup function
	cleanup() {
	log "Cleaning up temporary files..."
	rm -f /tmp/license_accept.exp
	rm -f /tmp/vpn_setup_initial.txt
	rm -f /tmp/vpn_setup_main.txt
	rm -f /opt/softether-vpnserver.tar.gz
	}

	# Main installation function
	main() {
	echo "=================================================================="
	echo -e "${GREEN}SoftEther VPN Server Auto Installer - FAST VERSION${NC}"
	echo -e "${BLUE}Headless Installation - No System Upgrade${NC}"
	echo -e "${YELLOW}⚠️ SYSTEM SẼ KHÔNG ĐƯỢC UPGRADE ĐỂ CÀI NHANH HỠN${NC}"
	echo "=================================================================="
	echo ""

	check_root
	detect_os
	update_package_list
	install_dependencies
	download_compile_softether
	start_vpn_server
	configure_vpn_server
	generate_ovpn_config
	create_systemd_service
	configure_firewall

	if check_installation; then
	cleanup
	show_final_info
	log "Installation completed successfully! (without system upgrade)"
	exit 0
	else
	error "Installation verification failed!"
	exit 1
	fi
	}

	# Run main function
	main "$@"