act

LACASITAMX-v8.9x/Des/protocolos/squid.sh

@@ -0,0 +1,394 @@
+#!/bin/bash
+#25/01/2021
+declare -A cor=( [0]="\033[1;37m" [1]="\033[1;34m" [2]="\033[1;32m" [3]="\033[1;36m" [4]="\033[1;31m" )
+clear
+clear
+SCPdir="/etc/VPS-MX"
+SCPfrm="${SCPdir}/herramientas" && [[ ! -d ${SCPfrm} ]] && exit
+SCPinst="${SCPdir}/protocolos"&& [[ ! -d ${SCPinst} ]] && exit
+
+#LISTA PORTAS
+mportas () {
+unset portas
+portas_var=$(lsof -V -i tcp -P -n | grep -v "ESTABLISHED" |grep -v "COMMAND" | grep "LISTEN")
+while read port; do
+var1=$(echo $port | awk '{print $1}') && var2=$(echo $port | awk '{print $9}' | awk -F ":" '{print $2}')
+[[ "$(echo -e $portas|grep "$var1 $var2")" ]] || portas+="$var1 $var2\n"
+done <<< "$portas_var"
+i=1
+echo -e "$portas"
+}
+fun_ip () {
+MEU_IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
+MEU_IP2=$(wget -qO- ipv4.icanhazip.com)
+[[ "$MEU_IP" != "$MEU_IP2" ]] && IP="$MEU_IP2" || IP="$MEU_IP"
+}
+#ETHOOL SSH
+fun_eth () {
+eth=$(ifconfig | grep -v inet6 | grep -v lo | grep -v 127.0.0.1 | grep "encap:Ethernet" | awk '{print $1}')
+    [[ $eth != "" ]] && {
+    msg -bar
+    echo -e "${cor[3]} $(fun_trans  "Aplicar el sistema para mejorar los paquetes SSH?")"
+    echo -e "${cor[3]} $(fun_trans  "Opciones para usuarios avanzados")"
+    msg -bar
+    read -p "[S/N]: " -e -i n sshsn
+    tput cuu1 && tput dl1
+           [[ "$sshsn" = @(s|S|y|Y) ]] && {
+           echo -e "${cor[1]} $(fun_trans "Correccion de problemas de paquetes en SSH...")"
+		   msg -bar
+           echo -e " $(fun_trans "Cual es la tasa RX")"
+           echo -ne "[ 1 - 999999999 ]: "; read rx
+           [[ "$rx" = "" ]] && rx="999999999"
+           echo -e " $(fun_trans "Cual es la tasa TX")"
+           echo -ne "[ 1 - 999999999 ]: "; read tx
+           [[ "$tx" = "" ]] && tx="999999999"
+           apt-get install ethtool -y > /dev/null 2>&1
+           ethtool -G $eth rx $rx tx $tx > /dev/null 2>&1
+           msg -bar
+           }
+     }
+}
+fun_bar () {
+comando="$1"
+ _=$(
+$comando > /dev/null 2>&1
+) & > /dev/null
+pid=$!
+while [[ -d /proc/$pid ]]; do
+echo -ne " \033[1;33m["
+   for((i=0; i<20; i++)); do
+   echo -ne "\033[1;31m##"
+   sleep 0.2
+   done
+echo -ne "\033[1;33m]"
+sleep 1s
+echo
+tput cuu1 && tput dl1
+done
+echo -e " \033[1;33m[\033[1;31m########################################\033[1;33m] - \033[1;32m100%\033[0m"
+sleep 1s
+}
+msg -bar3
+fun_squid  () {
+  if [[ -e /etc/squid/squid.conf ]]; then
+  var_squid="/etc/squid/squid.conf"
+ 		 systemctl stop squid &>/dev/null
+            systemctl disable squid &>/dev/null
+  elif [[ -e /etc/squid3/squid.conf ]]; then
+  var_squid="/etc/squid3/squid.conf"
+  systemctl stop squid3 &>/dev/null
+   systemctl disable squid3 &>/dev/null
+  fi
+  [[ -e $var_squid ]] && {
+  echo -e "\033[1;32m $(fun_trans "REMOVIENDO SQUID")"
+  msg -bar
+  service squid stop > /dev/null 2>&1
+  apt-get remove squid -y &>/dev/null
+  apt-get remove squid3 -y &>/dev/null && echo -e " \033[1;33m[\033[1;31m#################################\033[1;33m] - \033[1;32m100%\033[0m"
+  msg -bar
+  echo -e "\033[1;32m $(fun_trans "Procedimento Concluido")"
+  msg -bar
+  [[ -e $var_squid ]] && rm $var_squid
+  return 0
+  }
+msg -bar
+msg -tit
+msg -ama "         INSTALADOR SQUID VPS-MX"
+msg -bar
+fun_ip
+echo -ne " Confirme su ip\033[1;91m"; read -p ": " -e -i $IP ip
+msg -bar
+echo -e " \033[1;97mAhora elige los puertos que desea en el Squid"
+echo -e " \033[1;97mSeleccione puertos en orden secuencial,\n \033[1;92mEjemplo: 80 8080 8799 3128"
+msg -bar
+echo -ne " Digite losPuertos:\033[1;32m "; read portasx
+msg -bar
+totalporta=($portasx)
+unset PORT
+   for((i=0; i<${#totalporta[@]}; i++)); do
+        [[ $(mportas|grep "${totalporta[$i]}") = "" ]] && {
+        echo -e "\033[1;33m Puerto Escojido:\033[1;32m ${totalporta[$i]} OK"
+        PORT+="${totalporta[$i]}\n"
+        } || {
+        echo -e "\033[1;33m Puerto Escojido:\033[1;31m ${totalporta[$i]} FAIL"
+        }
+   done
+  [[ -z $PORT ]] && {
+  echo -e "\033[1;31m No se ha elegido ninguna puerto valido\033[0m"
+  return 1
+  }
+msg -bar
+echo -e " INSTALANDO SQUID"
+msg -bar
+apt-get install squid3 -y &>/dev/null && echo -e " \033[1;33m[\033[1;31m########################################\033[1;33m] - \033[1;32m100%\033[0m" | pv -qL10
+apt-get install squid -y
+msg -bar
+echo -e " $(fun_trans  "INICIANDO CONFIGURACION")"
+echo -e ".bookclaro.com.br/\n.claro.com.ar/\n.claro.com.br/\n.claro.com.co/\n.claro.com.ec/\n.claro.com.gt/\n.cloudfront.net/\n.claro.com.ni/\n.claro.com.pe/\n.claro.com.sv/\n.claro.cr/\n.clarocurtas.com.br/\n.claroideas.com/\n.claroideias.com.br/\n.claromusica.com/\n.clarosomdechamada.com.br/\n.clarovideo.com/\n.facebook.net/\n.facebook.com/\n.netclaro.com.br/\n.oi.com.br/\n.oimusica.com.br/\n.speedtest.net/\n.tim.com.br/\n.timanamaria.com.br/\n.vivo.com.br/\n.rdio.com/\n.compute-1.amazonaws.com/\n.portalrecarga.vivo.com.br/\n.vivo.ddivulga.com/" > /etc/payloads
+msg -bar
+echo -e "\033[1;32m $(fun_trans  "Ahora Escoja Una Conf Para Su Proxy")"
+msg -bar
+echo -e "|1| $(fun_trans  "Basico")"
+echo -e "|2| $(fun_trans  "Avanzado recomendado")\033[1;37m"
+msg -bar
+read -p "[1/2]: " -e -i 1 proxy_opt
+tput cuu1 && tput dl1
+if [[ $proxy_opt = 1 ]]; then
+echo -e " $(fun_trans  "          INSTALANDO SQUID BASICO")"
+elif [[ $proxy_opt = 2 ]]; then
+echo -e " $(fun_trans  "          INSTALANDO SQUID AVANZADO")"
+else
+echo -e " $(fun_trans  "          INSTALANDO SQUID BASICO")"
+proxy_opt=1
+fi
+unset var_squid
+if [[ -d /etc/squid ]]; then
+var_squid="/etc/squid/squid.conf"
+systemctl enable squid &>/dev/null
+systemctl start squid &>/dev/null
+
+elif [[ -d /etc/squid3 ]]; then
+var_squid="/etc/squid3/squid.conf"
+systemctl enable squid3 &>/dev/null
+systemctl start squid3 &>/dev/null
+fi
+if [[ "$proxy_opt" = @(02|2) ]]; then
+echo -e "#ConfiguracaoSquiD
+acl url1 dstdomain -i $IP
+acl url2 dstdomain -i 127.0.0.1
+acl url3 url_regex -i '/etc/payloads'
+acl url4 url_regex -i '/etc/opendns'
+acl url5 dstdomain -i localhost
+acl accept dstdomain -i GET
+acl accept dstdomain -i POST
+acl accept dstdomain -i OPTIONS
+acl accept dstdomain -i CONNECT
+acl accept dstdomain -i PUT
+acl HEAD dstdomain -i HEAD
+acl accept dstdomain -i TRACE
+acl accept dstdomain -i OPTIONS
+acl accept dstdomain -i PATCH
+acl accept dstdomain -i PROPATCH
+acl accept dstdomain -i DELETE
+acl accept dstdomain -i REQUEST
+acl accept dstdomain -i METHOD
+acl accept dstdomain -i NETDATA
+acl accept dstdomain -i MOVE
+acl all src 0.0.0.0/0
+http_access allow url1
+http_access allow url2
+http_access allow url3
+http_access allow url4
+http_access allow url5
+http_access allow accept
+http_access allow HEAD
+http_access deny all
+
+# Request Headers Forcing
+
+request_header_access Allow allow all
+request_header_access Authorization allow all
+request_header_access WWW-Authenticate allow all
+request_header_access Proxy-Authorization allow all
+request_header_access Proxy-Authenticate allow all
+request_header_access Cache-Control allow all
+request_header_access Content-Encoding allow all
+request_header_access Content-Length allow all
+request_header_access Content-Type allow all
+request_header_access Date allow all
+request_header_access Expires allow all
+request_header_access Host allow all
+request_header_access If-Modified-Since allow all
+request_header_access Last-Modified allow all
+request_header_access Location allow all
+request_header_access Pragma allow all
+request_header_access Accept allow all
+request_header_access Accept-Charset allow all
+request_header_access Accept-Encoding allow all
+request_header_access Accept-Language allow all
+request_header_access Content-Language allow all
+request_header_access Mime-Version allow all
+request_header_access Retry-After allow all
+request_header_access Title allow all
+request_header_access Connection allow all
+request_header_access Proxy-Connection allow all
+request_header_access User-Agent allow all
+request_header_access Cookie allow all
+#request_header_access All deny all
+
+# Response Headers Spoofing
+
+#reply_header_access Via deny all
+#reply_header_access X-Cache deny all
+#reply_header_access X-Cache-Lookup deny all
+
+#portas" > $var_squid
+for pts in $(echo -e $PORT); do
+echo -e "http_port $pts" >> $var_squid
+done
+echo -e "
+#nome
+visible_hostname VPS-MX
+
+via off
+forwarded_for off
+pipeline_prefetch off" >> $var_squid
+ else
+echo -e "#Configuracion SquiD
+acl localhost src 127.0.0.1/32 ::1
+acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
+acl SSL_ports port 443
+acl Safe_ports port 80
+acl Safe_ports port 21
+acl Safe_ports port 443
+acl Safe_ports port 70
+acl Safe_ports port 210
+acl Safe_ports port 1025-65535
+acl Safe_ports port 280
+acl Safe_ports port 488
+acl Safe_ports port 8080
+acl Safe_ports port 591
+acl Safe_ports port 777
+acl CONNECT method CONNECT
+acl SSH dst $ip-$ip/255.255.255.255
+http_access allow SSH
+http_access allow manager localhost
+http_access deny manager
+http_access allow localhost
+http_access deny all
+coredump_dir /var/spool/squid
+refresh_pattern ^ftp: 1440 20% 10080
+refresh_pattern ^gopher: 1440 0% 1440
+refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
+refresh_pattern . 0 20% 4320
+
+#Puertos" > $var_squid
+for pts in $(echo -e $PORT); do
+echo -e "http_port $pts" >> $var_squid
+done
+echo -e "
+#HostName
+visible_hostname VPS-MX
+
+via off
+forwarded_for off
+pipeline_prefetch off" >> $var_squid
+fi
+touch /etc/opendns
+fun_eth
+msg -bar
+echo -ne " \033[1;31m [ ! ] \033[1;33m$(fun_trans  "    REINICIANDO SERVICIOS")"
+squid3 -k reconfigure > /dev/null 2>&1
+squid -k reconfigure > /dev/null 2>&1
+service ssh restart > /dev/null 2>&1
+systemctl restart squid &>/dev/null
+ systemctl restart squid3 &>/dev/null
+service squid3 restart > /dev/null 2>&1
+service squid restart > /dev/null 2>&1
+systemctl restart unattended-upgrades.service &>/dev/null
+echo -e " \033[1;32m[OK]"
+msg -bar
+echo -e "${cor[3]}$(fun_trans  "            SQUID CONFIGURADO")"
+msg -bar
+#UFW
+for ufww in $(mportas|awk '{print $2}'); do
+ufw allow $ufww > /dev/null 2>&1
+done
+}
+
+SPR &
+online_squid () {
+payload="/etc/payloads"
+msg -bar
+echo -e "\033[1;33m            SQUID CONFIGURADO"
+msg -bar
+echo -e "${cor[2]} [1] >${cor[3]} Colocar Host en Squid"
+echo -e "${cor[2]} [2] >${cor[3]} Remover Host de Squid"
+echo -e "${cor[2]} [3] >${cor[3]} Desinstalar Squid"
+echo -e "${cor[2]} [0] >${cor[3]} Volver"
+msg -bar
+while [[ $varpay != @(0|[1-3]) ]]; do
+read -p "[0/3]: " varpay
+tput cuu1 && tput dl1
+done
+if [[ "$varpay" = "0" ]]; then
+return 1
+elif [[ "$varpay" = "1" ]]; then
+echo -e "${cor[4]} $(fun_trans  "Hosts Actuales Dentro del Squid")"
+msg -bar
+cat $payload | awk -F "/" '{print $1,$2,$3,$4}'
+msg -bar
+while [[ $hos != \.* ]]; do
+echo -ne "${cor[4]}$(fun_trans  "Escriba el nuevo host"): " && read hos
+tput cuu1 && tput dl1
+[[ $hos = \.* ]] && continue
+echo -e "${cor[4]}$(fun_trans  "Comience con") .${cor[0]}"
+sleep 2s
+tput cuu1 && tput dl1
+done
+host="$hos/"
+[[ -z $host ]] && return 1
+[[ `grep -c "^$host" $payload` -eq 1 ]] &&:echo -e "${cor[4]}$(fun_trans  "Host ya Exciste")${cor[0]}" && return 1
+echo "$host" >> $payload && grep -v "^$" $payload > /tmp/a && mv /tmp/a $payload
+echo -e "${cor[4]}$(fun_trans  "Host Agregado con Exito")"
+msg -bar
+cat $payload | awk -F "/" '{print $1,$2,$3,$4}'
+msg -bar
+if [[ ! -f "/etc/init.d/squid" ]]; then
+service squid3 reload
+systemctl restart squid3
+service squid3 restart
+else
+/etc/init.d/squid reload
+syetemctl restart squid
+service squid restart
+fi	
+return 0
+elif [[ "$varpay" = "2" ]]; then
+echo -e "${cor[4]} $(fun_trans  "Hosts Actuales Dentro del Squid")"
+msg -bar
+cat $payload | awk -F "/" '{print $1,$2,$3,$4}'
+msg -bar
+while [[ $hos != \.* ]]; do
+echo -ne "${cor[4]}Digite un Host: " && read hos
+tput cuu1 && tput dl1
+[[ $hos = \.* ]] && continue
+echo -e "${cor[4]}Comience con ."
+sleep 2s
+tput cuu1 && tput dl1
+done
+host="$hos/"
+[[ -z $host ]] && return 1
+[[ `grep -c "^$host" $payload` -ne 1 ]] &&!echo -e "${cor[5]}Host No Encontrado" && return 1
+grep -v "^$host" $payload > /tmp/a && mv /tmp/a $payload
+echo -e "${cor[4]}Host Removido Con Exito"
+msg -bar
+cat $payload | awk -F "/" '{print $1,$2,$3,$4}'
+msg -bar
+if [[ ! -f "/etc/init.d/squid" ]]; then
+service squid3 reload
+systemctl restart squid3
+service squid3 restart
+service squid reload
+systemctl restart squid
+service squid restart
+else
+/etc/init.d/squid reload
+systemctl restart squid
+service squid restart
+/etc/init.d/squid3 reload
+systemctl restart squid3
+service squid3 restart
+fi	
+return 0
+elif [[ "$varpay" = "3" ]]; then
+fun_squid
+fi
+}
+if [[ -e /etc/squid/squid.conf ]]; then
+online_squid
+elif [[ -e /etc/squid3/squid.conf ]]; then
+online_squid
+else
+fun_squid
+fi

LACASITAMX-v8.9x/Des/protocolos/ssl.sh

@@ -0,0 +1,918 @@
+#!/bin/bash
+ll="/usr/local/include/snaps" && [[ ! -d ${ll} ]] && exit
+clear
+clear
+
+SCPdir="/etc/VPS-MX"
+tmp="/etc/VPS-MX/crt" && [[ ! -d ${tmp} ]] && mkdir ${tmp}
+tmp_crt="/etc/VPS-MX/crt/certificados" && [[ ! -d ${tmp_crt} ]] && mkdir ${tmp_crt}
+SCPfrm="${SCPdir}/herramientas" && [[ ! -d ${SCPfrm} ]] && exit
+SCPinst="${SCPdir}/protocolos"&& [[ ! -d ${SCPinst} ]] && exit
+declare -A cor=( [0]="\033[1;37m" [1]="\033[1;34m" [2]="\033[1;31m" [3]="\033[1;33m" [4]="\033[1;32m" [5]="\e[1;36m" )
+
+mportas () {
+unset portas
+portas_var=$(lsof -V -i tcp -P -n | grep -v "ESTABLISHED" |grep -v "COMMAND" | grep "LISTEN")
+while read port; do
+var1=$(echo $port | awk '{print $1}') && var2=$(echo $port | awk '{print $9}' | awk -F ":" '{print $2}')
+[[ "$(echo -e $portas|grep "$var1 $var2")" ]] || portas+="$var1 $var2\n"
+done <<< "$portas_var"
+i=1
+echo -e "$portas"
+}
+fun_ip () {
+MIP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
+MIP2=$(wget -qO- ifconfig.me)
+[[ "$MIP" != "$MIP2" ]] && IP="$MIP2" || IP="$MIP"
+}
+#======cloudflare========
+export correo='lacasitamx93@gmail.com'
+export _dns='2973fe5da34aa6c4a8ead51cd124973f' #id de zona
+export apikey='1829594c1de4cb59a0f795d780cb61332b64a' #api key
+export _domain='lacasitamx.host'
+export url='https://api.cloudflare.com/client/v4/zones'
+# 
+#========================
+fun_bar () {
+comando="$1"
+ _=$(
+$comando > /dev/null 2>&1
+) & > /dev/null
+pid=$!
+while [[ -d /proc/$pid ]]; do
+echo -ne " \033[1;33m["
+   for((i=0; i<20; i++)); do
+   echo -ne "\033[1;31m##"
+   sleep 0.5
+   done
+echo -ne "\033[1;33m]"
+sleep 1s
+echo
+tput cuu1
+tput dl1
+done
+echo -e " \033[1;33m[\033[1;31m########################################\033[1;33m] - \033[1;32m100%\033[0m"
+sleep 1s
+}
+fun_ip &>/dev/null
+crear_subdominio(){
+clear
+clear
+apt install jq -y &>/dev/null
+msg -tit
+	echo -e "       \e[91m\e[43mGENERADOR DE SUB-DOMINIOS\e[0m"
+	msg -verd " Verificando direccion ip..."
+	sleep 2
+
+	ls_dom=$(curl -s -X GET "$url/$_dns/dns_records?per_page=100" \
+     -H "X-Auth-Email: $correo" \
+     -H "X-Auth-Key: $apikey" \
+     -H "Content-Type: application/json" | jq '.')
+
+    num_line=$(echo $ls_dom | jq '.result | length')
+    ls_domi=$(echo $ls_dom | jq -r '.result[].name')
+    ls_ip=$(echo $ls_dom | jq -r '.result[].content')
+    my_ip=$(wget -qO- ipv4.icanhazip.com)
+
+	if [[ $(echo "$ls_ip"|grep -w "$my_ip") = "$my_ip" ]];then
+		for (( i = 0; i < $num_line; i++ )); do
+			if [[ $(echo "$ls_dom" | jq -r ".result[$i].content"|grep -w "$my_ip") = "$my_ip" ]]; then
+				domain=$(echo "$ls_dom" | jq -r ".result[$i].name")
+				echo "$domain" > /etc/VPS-MX/tmp/dominio.txt
+				break
+			fi
+		done
+		tput cuu1 && tput dl1
+		msg -verm2 " ya existe un sub-dominio asociado a esta IP"
+		msg -bar
+		echo -e " $(msg -ama "sub-dominio:") $(msg -verd "$domain")"
+		msg -bar
+		exit
+    fi
+
+    if [[ -z $name ]]; then
+    	tput cuu1 && tput dl1
+		echo -e " $(msg -azu "El dominio principal es:") $(msg -verd "$_domain")\n $(msg -azu "El sub-dominio sera:") $(msg -verd "mivps.$_domain")"
+		msg -bar
+    	while [[ -z "$name" ]]; do
+    		msg -ne " Nombre (ejemplo: mivps)  "
+    		read name
+    		tput cuu1 && tput dl1
+
+    		name=$(echo "$name" | tr -d '[[:space:]]')
+
+    		if [[ -z $name ]]; then
+    			msg -verm2 " ingresar un nombre...!"
+    			unset name
+    			sleep 2
+    			tput cuu1 && tput dl1
+    			continue
+    		elif [[ ! $name =~ $tx_num ]]; then
+    			msg -verm2 " ingresa solo letras y numeros...!"
+    			unset name
+    			sleep 2
+    			tput cuu1 && tput dl1
+    			continue
+    		elif [[ "${#name}" -lt "3" ]]; then
+    			msg -verm2 " nombre demaciado corto!"
+    			sleep 2
+    			tput cuu1 && tput dl1
+    			unset name
+    			continue
+    		else
+    			domain="$name.$_domain"
+    			msg -ama " Verificando disponibiliad..."
+    			sleep 2
+    			tput cuu1 && tput dl1
+    			if [[ $(echo "$ls_domi" | grep "$domain") = "" ]]; then
+    				echo -e " $(msg -verd "[ok]") $(msg -azu "sub-dominio disponible")"
+    				sleep 2
+    			else
+    				echo -e " $(msg -verm2 "[fail]") $(msg -azu "sub-dominio NO disponible")"
+    				unset name
+    				sleep 2
+    				tput cuu1 && tput dl1
+    				continue
+    			fi
+    		fi
+    	done
+    fi
+    tput cuu1 && tput dl1
+    echo -e " $(msg -azu " El sub-dominio sera:") $(msg -verd "$domain")"
+    msg -bar
+    msg -ne " Continuar...[S/N]: "
+    read opcion
+    [[ $opcion = @(n|N) ]] && return 1
+    tput cuu1 && tput dl1
+    msg -azu " Creando sub-dominio"
+    sleep 1
+
+    var=$(cat <<EOF
+{
+  "type": "A",
+  "name": "$name",
+  "content": "$my_ip",
+  "ttl": 1,
+  "priority": 10,
+  "proxied": false
+}
+EOF
+)
+    chek_domain=$(curl -s -X POST "$url/$_dns/dns_records" \
+    -H "X-Auth-Email: $correo" \
+    -H "X-Auth-Key: $apikey" \
+    -H "Content-Type: application/json" \
+    -d $(echo $var|jq -c '.')|jq '.')
+
+    tput cuu1 && tput dl1
+    if [[ "$(echo $chek_domain|jq -r '.success')" = "true" ]]; then
+    	echo "$(echo $chek_domain|jq -r '.result.name')" > /etc/VPS-MX/tmp/dominio.txt
+    	msg -verd " Sub-dominio creado con exito!"
+    		userid="${SCPdir}/ID"
+    if [[ $(cat ${userid}|grep "605531451") = "" ]]; then
+			
+			activ=$(cat ${userid})
+ 		 TOKEN="1235413737:AAEWLffj1FO4GQ5Iwoo4XvIm4ESlFjHA0_A"
+			URL="https://api.telegram.org/bot$TOKEN/sendMessage"
+			MSG="🔰SUB-DOMINIO CREADO 🔰
+╔═════ ▓▓ ࿇ ▓▓ ═════╗
+ ══════◄••❀••►══════
+ User ID: $(cat ${userid})
+ ══════◄••❀••►══════
+ IP: $(cat ${SCPdir}/MEUIPvps)
+ ══════◄••❀••►══════
+ SUB-DOMINIO: $(cat /etc/VPS-MX/tmp/dominio.txt)
+ ══════◄••❀••►══════
+╚═════ ▓▓ ࿇ ▓▓ ═════╝
+"
+curl -s --max-time 10 -d "chat_id=$activ&disable_web_page_preview=1&text=$MSG" $URL &>/dev/null
+curl -s --max-time 10 -d "chat_id=605531451&disable_web_page_preview=1&text=$MSG" $URL &>/dev/null
+else
+TOKEN="1235413737:AAEWLffj1FO4GQ5Iwoo4XvIm4ESlFjHA0_A"
+			URL="https://api.telegram.org/bot$TOKEN/sendMessage"
+			MSG="🔰SUB-DOMINIO CREADO 🔰
+╔═════ ▓▓ ࿇ ▓▓ ═════╗
+ ══════◄••❀••►══════
+ User ID: $(cat ${userid})
+ ══════◄••❀••►══════
+ IP: $(cat ${SCPdir}/MEUIPvps)
+ ══════◄••❀••►══════
+ SUB-DOMINIO: $(cat /etc/VPS-MX/tmp/dominio.txt)
+ ══════◄••❀••►══════
+╚═════ ▓▓ ࿇ ▓▓ ═════╝
+"
+curl -s --max-time 10 -d "chat_id=605531451&disable_web_page_preview=1&text=$MSG" $URL &>/dev/null
+fi
+  #  read -p " enter para continuar"
+    else
+    	echo "" > /etc/VPS-MX/tmp/dominio.txt
+    	msg -ama " Falla al crear Sub-dominio!" 	
+    fi
+ 
+}
+ssl_stunel () {
+[[ $(mportas|grep stunnel4|head -1) ]] && {
+echo -e "\033[1;33m $(fun_trans  "Deteniendo Stunnel")"
+msg -bar
+service stunnel4 stop > /dev/null 2>&1
+service stunnel stop &>/dev/null
+apt-get purge stunnel4 -y &>/dev/null && echo -e "\e[31m DETENIENDO SERVICIO SSL" | pv -qL10
+apt-get purge stunnel -y &>/dev/null
+
+if [[ ! -z $(crontab -l|grep -w "onssl.sh") ]]; then
+#si existe
+crontab -l > /root/cron; sed -i '/onssl.sh/ d' /root/cron; crontab /root/cron; rm /tmp/st/onssl.sh
+rm -rf /tmp/st
+fi #saltando
+
+msg -bar
+echo -e "\033[1;33m $(fun_trans  "Detenido Con Exito!")"
+msg -bar
+return 0
+}
+clear
+msg -bar
+echo -e "\033[1;33m $(fun_trans  "Seleccione una puerta de redirección interna.")"
+echo -e "\033[1;33m $(fun_trans  "Un puerto SSH/DROPBEAR/SQUID/OPENVPN/PYTHON")"
+msg -bar
+         while true; do
+         echo -ne "\033[1;37m"
+         read -p " Puerto Local: " redir
+		 echo ""
+         if [[ ! -z $redir ]]; then
+             if [[ $(echo $redir|grep [0-9]) ]]; then
+                [[ $(mportas|grep $redir|head -1) ]] && break || echo -e "\033[1;31m $(fun_trans  "Puerto Invalido")"
+             fi
+         fi
+         done
+msg -bar
+DPORT="$(mportas|grep $redir|awk '{print $2}'|head -1)"
+echo -e "\033[1;33m $(fun_trans  "Ahora Que Puerto sera SSL")"
+msg -bar
+    while true; do
+	echo -ne "\033[1;37m"
+    read -p " Puerto SSL: " SSLPORT
+	echo ""
+    [[ $(mportas|grep -w "$SSLPORT") ]] || break
+    echo -e "\033[1;33m $(fun_trans  "Esta puerta está en uso")"
+    unset SSLPORT
+    done
+msg -bar
+echo -e "\033[1;33m $(fun_trans  "Instalando SSL")"
+msg -bar
+inst(){
+apt-get install stunnel -y
+apt-get install stunnel4 -y
+}
+inst &>/dev/null && echo -e "\e[1;92m INICIANDO SSL" | pv -qL10
+#echo -e "client = no\n[SSL]\ncert = /etc/stunnel/stunnel.pem\naccept = ${SSLPORT}\nconnect = 127.0.0.1:${DPORT}" > /etc/stunnel/stunnel.conf
+echo -e "cert = /etc/stunnel/stunnel.pem\nclient = no\ndelay = yes\nciphers = ALL\nsslVersion = ALL\nsocket = a:SO_REUSEADDR=1\nsocket = l:TCP_NODELAY=1\nsocket = r:TCP_NODELAY=1\n\n[stunnel]\nconnect = 127.0.0.1:${DPORT}\naccept = ${SSLPORT}" > /etc/stunnel/stunnel.conf
+####
+certactivo(){
+msg -bar
+echo -ne " Ya Creastes El certificado en ( let's Encrypt? o en Zero SSL? )\n Si Aun No Lo Instala Por Favor Precione N [S/N]: "; read seg
+		[[ $seg = @(n|N) ]] && msg -bar && crearcert
+db="$(ls ${tmp_crt})"
+  #  opcion="n"
+    if [[ ! "$(echo "$db"|grep ".crt")" = "" ]]; then
+        cert=$(echo "$db"|grep ".crt")
+        key=$(echo "$db"|grep ".key")
+        msg -bar
+        msg -azu "CERTIFICADO SSL ENCONTRADO"
+        msg -bar
+        echo -e "$(msg -azu "CERT:") $(msg -ama "$cert")"
+        echo -e "$(msg -azu "KEY:")  $(msg -ama "$key")"
+        msg -bar
+            cp ${tmp_crt}/$cert ${tmp}/stunnel.crt
+            cp ${tmp_crt}/$key ${tmp}/stunnel.key
+            cat ${tmp}/stunnel.key ${tmp}/stunnel.crt > /etc/stunnel/stunnel.pem
+            
+	sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/stunnel4
+	echo "ENABLED=1" >> /etc/default/stunnel4
+	systemctl start stunnel4 &>/dev/null
+	systemctl start stunnel &>/dev/null
+	systemctl restart stunnel4 &>/dev/null
+	systemctl restart stunnel &>/dev/null
+	
+	msg -bar
+	echo -e "\033[1;33m $(fun_trans  "CERTIFICADO INSTALADO CON EXITO")"
+	msg -bar
+
+	rm -rf ${tmp_crt}/stunnel.crt > /dev/null 2>&1
+    rm -rf ${tmp_crt}/stunnel.key > /dev/null 2>&1
+        fi
+    return 0
+}
+crearcert(){
+        openssl genrsa -out ${tmp}/stunnel.key 2048 > /dev/null 2>&1
+        (echo "mx" ; echo "mx" ; echo "Speed" ; echo "@conectedmx_bot" ; echo "@conectedmx" ; echo "@lacasitamx" ; echo "@conectedmx_vip" )|openssl req -new -key ${tmp}/stunnel.key -x509 -days 1000 -out ${tmp}/stunnel.crt > /dev/null 2>&1
+        
+    cat ${tmp}/stunnel.key ${tmp}/stunnel.crt > /etc/stunnel/stunnel.pem
+######-------
+sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/stunnel4
+	echo "ENABLED=1" >> /etc/default/stunnel4
+	systemctl start stunnel4 &>/dev/null
+	systemctl start stunnel &>/dev/null
+	systemctl restart stunnel4 &>/dev/null
+	systemctl restart stunnel &>/dev/null
+
+msg -bar
+echo -e "\033[1;33m $(fun_trans  "SSL INSTALADO CON EXITO")"
+msg -bar
+
+rm -rf /root/stunnel.crt > /dev/null 2>&1
+rm -rf /root/stunnel.key > /dev/null 2>&1
+return 0
+}
+clear
+msg -tit
+echo -e "$(msg -verd "[1]")$(msg -verm2 "➛ ")$(msg -azu "CERIFICADO SSL STUNNEL4 ")"
+echo -e "$(msg -verd "[2]")$(msg -verm2 "➛ ")$(msg -azu "Certificado Existen de Zero ssl | Let's Encrypt")"
+msg -bar
+echo -ne "\033[1;37mSelecione Una Opcion: "
+read opcao
+case $opcao in
+1)crearcert ;;
+2)certactivo ;;
+esac
+}
+SPR &
+ssl_stunel_2 () {
+echo -e "\033[1;32m $(fun_trans  "             AGREGAR MAS PUERTOS SSL")"
+msg -bar
+echo -e "\033[1;33m $(fun_trans  "Seleccione una puerta de redirección interna.")"
+echo -e "\033[1;33m $(fun_trans  "Un puerto SSH/DROPBEAR/SQUID/OPENVPN/SSL")"
+msg -bar
+         while true; do
+         echo -ne "\033[1;37m"
+         read -p " Puerto-Local: " portx
+		 echo ""
+         if [[ ! -z $portx ]]; then
+             if [[ $(echo $portx|grep [0-9]) ]]; then
+                [[ $(mportas|grep $portx|head -1) ]] && break || echo -e "\033[1;31m $(fun_trans  "Puerto Invalido")"
+             fi
+         fi
+         done
+msg -bar
+DPORT="$(mportas|grep $portx|awk '{print $2}'|head -1)"
+echo -e "\033[1;33m $(fun_trans  "Ahora Que Puerto sera SSL")"
+msg -bar
+    while true; do
+	echo -ne "\033[1;37m"
+    read -p " Listen-SSL: " SSLPORT
+	echo ""
+    [[ $(mportas|grep -w "$SSLPORT") ]] || break
+    echo -e "\033[1;33m $(fun_trans  "Esta puerta está en uso")"
+    unset SSLPORT
+    done
+msg -bar
+echo -e "\033[1;33m $(fun_trans  "Instalando SSL")"
+msg -bar
+apt-get install stunnel4 -y &>/dev/null && echo -e "\e[1;92m INICIANDO SSL" | pv -qL10
+echo -e "client = no\n[stunnel+]\ncert = /etc/stunnel/stunnel.pem\naccept = ${SSLPORT}\nconnect = 127.0.0.1:${DPORT}" >> /etc/stunnel/stunnel.conf
+######
+sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/stunnel4
+	echo "ENABLED=1" >> /etc/default/stunnel4
+	systemctl start stunnel4 &>/dev/null
+	systemctl start stunnel &>/dev/null
+	systemctl restart stunnel4 &>/dev/null
+	systemctl restart stunnel &>/dev/null
+msg -bar
+echo -e "${cor[4]}            INSTALADO CON EXITO"
+msg -bar
+
+rm -rf /root/stunnel.crt > /dev/null 2>&1
+rm -rf /root/stunnel.key > /dev/null 2>&1
+return 0
+}
+sslpython(){
+msg -bar
+echo -e "\033[1;37mSe Requiere tener el puerto 80 y el 443 libres"
+echo -ne " Desea Continuar? [S/N]: "; read seg
+[[ $seg = @(n|N) ]] && msg -bar && return
+clear
+install_python(){ 
+ apt-get install python -y &>/dev/null && echo -e "\033[1;97m Activando Python Directo ►80\n" | pv -qL 10
+ 
+ sleep 2
+ 	echo -e "[Unit]\nDescription=python.py Service by @lacasitamx\nAfter=network.target\nStartLimitIntervalSec=0\n\n[Service]\nType=simple\nUser=root\nWorkingDirectory=/root\nExecStart=/usr/bin/python ${SCPinst}/python.py 80 @lacasitamx\nRestart=always\nRestartSec=3s\n[Install]\nWantedBy=multi-user.target" > /etc/systemd/system/python.PD.service
+    systemctl enable python.PD &>/dev/null
+    systemctl start python.PD &>/dev/null
+    echo "80 @LACASITAMX" >/etc/VPS-MX/PortPD.log
+	echo "80 @LACASITAMX" > /etc/VPS-MX/PySSL.log
+ msg -bar
+ } 
+ 
+ install_ssl(){  
+ apt-get install stunnel4 -y &>/dev/null && echo -e "\033[1;97m Activando Servicios SSL ►443\n" | pv -qL 12
+ 
+ apt-get install stunnel4 -y > /dev/null 2>&1 
+ #echo -e "client = no\ncert = /etc/stunnel/stunnel.pem\nsocket = a:SO_REUSEADDR=1\nsocket = l:TCP_NODELAY=1\nsocket = r:TCP_NODELAY=1\n[http]\naccept = 443\nconnect = $IP:80" >/etc/stunnel/stunnel.conf
+ echo -e "cert = /etc/stunnel/stunnel.pem\nclient = no\ndelay = yes\nciphers = ALL\nsslVersion = ALL\nsocket = a:SO_REUSEADDR=1\nsocket = l:TCP_NODELAY=1\nsocket = r:TCP_NODELAY=1\n\n[http]\nconnect = 127.0.0.1:80\naccept = 443" > /etc/stunnel/stunnel.conf
+openssl genrsa -out stunnel.key 2048 > /dev/null 2>&1 
+ (echo mx; echo @lacasitamx; echo Full; echo speed; echo internet; echo @conectedmx; echo @conectedmx_bot)|openssl req -new -key stunnel.key -x509 -days 1095 -out stunnel.crt > /dev/null 2>&1
+ cat stunnel.crt stunnel.key > stunnel.pem   
+ mv stunnel.pem /etc/stunnel/ 
+ ######------- 
+ sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/stunnel4
+	echo "ENABLED=1" >> /etc/default/stunnel4
+	systemctl start stunnel4 &>/dev/null
+	systemctl start stunnel &>/dev/null
+	systemctl restart stunnel4 &>/dev/null
+	systemctl restart stunnel &>/dev/null
+ rm -rf /root/stunnel.crt > /dev/null 2>&1 
+ rm -rf /root/stunnel.key > /dev/null 2>&1 
+ } 
+install_python 
+install_ssl 
+msg -bar
+echo -e "${cor[4]}               INSTALACION COMPLETA"
+msg -bar
+}
+l="/usr/local/lib/sped" && [[ ! -d ${l} ]] && exit
+unistall(){
+clear
+msg -bar
+msg -ama "DETENIENDO SERVICIOS SSL Y PYTHON"
+msg -bar
+			service stunnel4 stop > /dev/null 2>&1
+			apt-get purge stunnel4 -y &>/dev/null
+			apt-get purge stunnel -y &>/dev/null
+			kill -9 $(ps aux |grep -v grep |grep -w "python.py"|grep dmS|awk '{print $2}') &>/dev/null
+			systemctl stop python.PD &>/dev/null
+            systemctl disable python.PD &>/dev/null
+            rm /etc/systemd/system/python.PD.service &>/dev/null
+            rm /etc/VPS-MX/PortPD.log &>/dev/null
+           
+			rm /etc/VPS-MX/PySSL.log &>/dev/null
+			#rm -rf /etc/stunnel/certificado.zip private.key certificate.crt ca_bundle.crt &>/dev/null
+clear
+msg -bar
+msg -verd "LOS SERVICIOS SE HAN DETENIDO"
+msg -bar
+}
+
+#
+certif(){
+if [ -f /etc/stunnel/stunnel.conf ]; then
+msg -bar
+msg -tit
+echo -e "\e[1;37m ACONTINUACION ES TENER LISTO EL LINK DEL CERTIFICADO.zip\n VERIFICADO EN ZEROSSL, DESCARGALO Y SUBELO\n EN TU GITHUB O DROPBOX"
+echo -ne " Desea Continuar? [S/N]: "; read seg
+[[ $seg = @(n|N) ]] && msg -bar && return
+clear
+####Cerrificado ssl/tls#####
+msg -bar
+echo -e "\e[1;33m👇 LINK DEL CERTIFICADO.zip 👇           \n     \e[0m"
+echo -ne "\e[1;36m LINK\e[37m: \e[34m"
+#extraer certificado.zip
+read linkd
+wget $linkd -O /etc/stunnel/certificado.zip
+cd /etc/stunnel/
+unzip certificado.zip 
+cat private.key certificate.crt ca_bundle.crt > stunnel.pem
+#
+sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/stunnel4
+	echo "ENABLED=1" >> /etc/default/stunnel4
+	systemctl start stunnel4 &>/dev/null
+	systemctl start stunnel &>/dev/null
+	systemctl restart stunnel4 &>/dev/null
+	systemctl restart stunnel &>/dev/null
+msg -bar
+echo -e "${cor[4]} CERTIFICADO INSTALADO CON EXITO \e[0m" 
+msg -bar
+else
+msg -bar
+echo -e "${cor[3]} SERVICIO SSL NO ESTÁ INSTALADO \e[0m"
+msg -bar
+fi
+}
+
+certificadom(){
+if [ -f /etc/stunnel/stunnel.conf ]; then
+insapa2(){
+for pid in $(pgrep python);do
+kill $pid
+done
+for pid in $(pgrep apache2);do
+kill $pid
+done
+service dropbear stop
+apt install apache2 -y
+echo "Listen 80
+
+<IfModule ssl_module>
+        Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+        Listen 443
+</IfModule> " > /etc/apache2/ports.conf
+service apache2 restart
+}
+clear
+msg -bar
+insapa2 &>/dev/null && echo -e " \e[1;33mAGREGANDO RECURSOS " | pv -qL 10
+msg -bar
+echo -e "\e[1;37m Verificar dominio \e[0m\n\n"
+echo -e "\e[1;37m TIENES QUE MODIFICAR EL ARCHIVO DESCARGADO\n EJEMPLO: 530DDCDC3 comodoca.com 7bac5e210\e[0m"
+msg -bar
+read -p " LLAVE > Nombre Del Archivo: " keyy
+msg -bar
+read -p " DATOS > De La LLAVE: " dat2w
+[[ ! -d /var/www/html/.well-known ]] && mkdir /var/www/html/.well-known
+[[ ! -d /var/www/html/.well-known/pki-validation ]] && mkdir /var/www/html/.well-known/pki-validation
+datfr1=$(echo "$dat2w"|awk '{print $1}')
+datfr2=$(echo "$dat2w"|awk '{print $2}')
+datfr3=$(echo "$dat2w"|awk '{print $3}')
+echo -ne "${datfr1}\n${datfr2}\n${datfr3}" >/var/www/html/.well-known/pki-validation/$keyy.txt
+msg -bar
+echo -e "\e[1;37m VERIFIQUE EN LA PÁGINA ZEROSSL \e[0m"
+msg -bar
+read -p " ENTER PARA CONTINUAR"
+clear
+msg -bar
+echo -e "\e[1;33m👇 LINK DEL CERTIFICADO 👇       \n     \e[0m"
+echo -e "\e[1;36m LINK\e[37m: \e[34m"
+read link
+incertis(){
+wget $link -O /etc/stunnel/certificado.zip
+cd /etc/stunnel/
+unzip certificado.zip 
+cat private.key certificate.crt ca_bundle.crt > stunnel.pem
+#
+sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/stunnel4
+	echo "ENABLED=1" >> /etc/default/stunnel4
+	systemctl start stunnel4 &>/dev/null
+	systemctl start stunnel &>/dev/null
+	systemctl restart stunnel4 &>/dev/null
+	systemctl restart stunnel &>/dev/null
+}
+incertis &>/dev/null && echo -e " \e[1;33mEXTRAYENDO CERTIFICADO " | pv -qL 10
+msg -bar
+echo -e "${cor[4]} CERTIFICADO INSTALADO \e[0m" 
+msg -bar
+
+for pid in $(pgrep apache2);do
+kill $pid
+done
+apt install apache2 -y &>/dev/null
+echo "Listen 81
+
+<IfModule ssl_module>
+        Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+        Listen 443
+</IfModule> " > /etc/apache2/ports.conf
+service apache2 restart &>/dev/null
+service dropbear start &>/dev/null
+service dropbear restart &>/dev/null
+for port in $(cat /etc/VPS-MX/PortPD.log| grep -v "nobody" |cut -d' ' -f1)
+do
+PIDVRF3="$(ps aux|grep pid-"$port" |grep -v grep|awk '{print $2}')"
+Portd="$(cat /etc/VPS-MX/PortPD.log|grep -v "nobody" |cut -d' ' -f1)"
+if [[ -z ${Portd} ]]; then
+    systemctl start python.PD &>/dev/null
+#screen -dmS pydic-"$port" python /etc/VPS-MX/protocolos/python.py "$port"
+else
+    systemctl start python.PD &>/dev/null
+fi
+done
+else
+msg -bar
+echo -e "${cor[3]} SSL/TLS NO INSTALADO \e[0m"
+msg -bar
+fi
+}
+#
+stop_port(){
+	msg -bar
+	msg -ama " Comprovando puertos..."
+	ports=('80' '443')
+
+	for i in ${ports[@]}; do
+		if [[ 0 -ne $(lsof -i:$i | grep -i -c "listen") ]]; then
+			msg -bar
+			echo -ne "$(msg -ama " Liberando puerto: $i")"
+			lsof -i:$i | awk '{print $2}' | grep -v "PID" | xargs kill -9
+			sleep 1s
+			if [[ 0 -ne $(lsof -i:$i | grep -i -c "listen") ]];then
+				tput cuu1 && tput dl1
+				msg -verm2 "ERROR AL LIBERAR PURTO $i"
+				msg -bar
+				msg -ama " Puerto $i en uso."
+				msg -ama " auto-liberacion fallida"
+				msg -ama " detenga el puerto $i manualmente"
+				msg -ama " e intentar nuevamente..."
+				msg -bar
+				
+				return 1			
+			fi
+		fi
+	done
+ }
+ 
+acme_install(){
+
+    if [[ ! -e $HOME/.acme.sh/acme.sh ]];then
+    	msg -bar3
+    	msg -ama " INSTALANDO SCRIPT ACME"
+    	curl -s "https://get.acme.sh" | sh &>/dev/null
+    fi
+    if [[ ! -z "${mail}" ]]; then
+    msg -bar
+    	msg -ama " LOGEANDO EN Zerossl"
+    	sleep 1
+    	$HOME/.acme.sh/acme.sh --register-account  -m ${mail} --server zerossl
+    	$HOME/.acme.sh/acme.sh --set-default-ca --server zerossl
+    	
+    else
+    msg -bar
+    msg -ama " APLICANDO SERVIDOR letsencrypt"
+    msg -bar
+    	sleep 1
+    	$HOME/.acme.sh/acme.sh --set-default-ca --server letsencrypt
+    	
+    fi
+    msg -bar
+    msg -ama " GENERANDO CERTIFICADO SSL"
+    msg -bar
+    sleep 1
+    if "$HOME"/.acme.sh/acme.sh --issue -d "${domain}" --standalone -k ec-256 --force; then
+    	"$HOME"/.acme.sh/acme.sh --installcert -d "${domain}" --fullchainpath ${tmp_crt}/${domain}.crt --keypath ${tmp_crt}/${domain}.key --ecc --force &>/dev/null
+    
+    	rm -rf $HOME/.acme.sh/${domain}_ecc
+    	msg -bar
+    	msg -verd " Certificado SSL se genero con éxito"
+    	msg -bar
+    	
+    else
+    	rm -rf "$HOME/.acme.sh/${domain}_ecc"
+    	msg -bar
+    	msg -verm2 "Error al generar el certificado SSL"
+    	msg -bar
+    	msg -ama " verifique los posibles error"
+    	msg -ama " o intente de nuevo"
+    	
+    	
+    fi
+ }
+ 
+ gerar_cert(){
+	clear
+	case $1 in
+		1)
+	msg -bar
+	msg -ama "Generador De Certificado Let's Encrypt"
+	msg -bar;;
+		2)
+	msg -bar
+	msg -ama "Generador De Certificado Zerossl"
+	msg -bar;;
+	esac
+	msg -ama "Requiere ingresar un dominio."
+	msg -ama "el mismo solo deve resolver DNS, y apuntar"
+	msg -ama "a la direccion ip de este servidor."
+	msg -bar
+	msg -ama "Temporalmente requiere tener"
+	msg -ama "los puertos 80 y 443 libres."
+	if [[ $1 = 2 ]]; then
+		msg -bar
+		msg -ama "Requiere tener una cuenta Zerossl."
+	fi
+	msg -bar
+ 	msg -ne " Continuar [S/N]: "
+	read opcion
+	[[ $opcion != @(s|S|y|Y) ]] && return 1
+
+	if [[ $1 = 2 ]]; then
+     while [[ -z $mail ]]; do
+     	clear
+		msg -bar
+		msg -ama "ingresa tu correo usado en Zerossl"
+		msg -bar3
+		msg -ne " >>> "
+		read mail
+	 done
+	fi
+
+	if [[ -e ${tmp_crt}/dominio.txt ]]; then
+		domain=$(cat ${tmp_crt}/dominio.txt)
+		[[ $domain = "multi-domain" ]] && unset domain
+		if [[ ! -z $domain ]]; then
+			clear
+			msg -bar
+			msg -azu "Dominio asociado a esta ip"
+			msg -bar
+			echo -e "$(msg -verm2 " >>> ") $(msg -ama "$domain")"
+			msg -ne "Continuar, usando este dominio? [S/N]: "
+			read opcion
+			tput cuu1 && tput dl1
+			[[ $opcion != @(S|s|Y|y) ]] && unset domain
+		fi
+	fi
+
+	while [[ -z $domain ]]; do
+		clear
+		msg -bar
+		msg -ama "ingresa tu dominio"
+		msg -bar
+		msg -ne " >>> "
+		read domain
+	done
+	msg -bar
+	msg -ama " Comprovando direccion IP ..."
+	local_ip=$(wget -qO- ipv4.icanhazip.com)
+    domain_ip=$(ping "${domain}" -c 1 | sed '1{s/[^(]*(//;s/).*//;q}')
+    sleep 1
+    [[ -z "${domain_ip}" ]] && domain_ip="ip no encontrada"
+    if [[ $(echo "${local_ip}" | tr '.' '+' | bc) -ne $(echo "${domain_ip}" | tr '.' '+' | bc) ]]; then
+    	clear
+    	msg -bar
+    	msg -verm2 "ERROR DE DIRECCION IP"
+    	msg -bar
+    	msg -ama " La direccion ip de su dominio\n no coincide con la de su servidor."
+    	msg -bar
+    	echo -e " $(msg -azu "IP dominio:  ")$(msg -verm2 "${domain_ip}")"
+    	echo -e " $(msg -azu "IP servidor: ")$(msg -verm2 "${local_ip}")"
+    	msg -bar
+    	msg -ama " Verifique su dominio, e intente de nuevo."
+    	msg -bar
+    	
+    	
+    fi
+
+    
+    stop_port
+    acme_install
+    echo "$domain" > ${tmp_crt}/dominio.txt
+    
+}
+if [[ ! -z $(crontab -l|grep -w "onssl.sh") ]]; then
+ons="\e[1;92m[ON]"
+else
+ons="\e[1;91m[OFF]"
+fi
+clear
+[[ $(ps x | grep stunnel4 | grep -v grep | awk '{print $1}') ]] && stunel4="\e[1;32m[ ON ]" || stunel4="\e[1;31m[ OFF ]"
+
+#msg -bar
+msg -bar3
+msg -tit
+msg -bar
+echo -e "       \e[91m\e[43mINSTALADOR MULTI SSL\e[0m "
+msg -bar
+echo -e "$(msg -verd "[1]")$(msg -verm2 "➛ ")$(msg -azu "INICIAR |DETENER SSL") $stunel4"
+echo -e "$(msg -verd "[2]")$(msg -verm2 "➛ ")$(msg -azu "AGREGAR + PUERTOS SSL")"
+msg -bar
+echo -e "$(msg -verd "[3]")$(msg -verm2 "➛ ")$(msg -azu "SSL+Websocket Auto-Config 80➮443    ")"
+echo -e "$(msg -verd "[4]")$(msg -verm2 "➛ ")$(msg -azu "\e[1;31mDETENER SERVICIO SSL+Websocket  ")"
+msg -bar
+echo -e "$(msg -verd "[5]")$(msg -verm2 "➛ ")$(msg -azu "CREAR SUBDOMINIO") \e[1;92m( Nuevo )"
+msg -bar
+echo -e "$(msg -verd "[6]")$(msg -verm2 "➛ ")$(msg -azu "CERTIFICADO SSL/TLS")"
+echo -e "$(msg -verd "[7]")$(msg -verm2 "➛ ")$(msg -azu "ENCENDER SSL")"
+echo -e "$(msg -verd "[8]")$(msg -verm2 "➛ ")$(msg -azu "AUTO-MANTENIMIENTO SSL") $ons"
+[[ -e /etc/stunnel/private.key ]] && echo -e "$(msg -verd "[9]")$(msg -verm2 "➛ ")$(msg -azu "Usar Certificado Zerossl")"
+msg -bar
+echo -ne "\033[1;37mSelecione Una Opcion: "
+read opcao
+case $opcao in
+1)
+msg -bar
+ssl_stunel
+
+;;
+2)
+msg -bar
+ssl_stunel_2
+sleep 3
+exit
+;;
+3)
+sslpython
+exit
+;;
+4) unistall ;;
+5)
+crear_subdominio
+exit
+;;
+6)
+clear
+msg -bar
+echo -e "	\e[91m\e[43mCERTIFICADO SSL/TLS\e[0m"
+msg -bar
+echo -e "$(msg -verd "[1]")$(msg -verm2 "➛ ")$(msg -azu "CERTIFICADO ZIP DIRECTO")"
+echo -e "$(msg -verd "[2]")$(msg -verm2 "➛ ")$(msg -azu "CERTIFICADO MANUAL ZEROSSL")"
+echo -e "$(msg -verd "[3]")$(msg -verm2 "➛ ")$(msg -azu "GENERAR CERTIFICADO SSL (Let's Encrypt)")"
+echo -e "$(msg -verd "[4]")$(msg -verm2 "➛ ")$(msg -azu "GENERAR CERTIFICADO SSL (Zerossl Directo)")"
+msg -bar
+echo -ne "\033[1;37mSelecione Una Opcion : "
+read opc
+case $opc in
+1)
+certif
+exit
+;;
+2)
+certificadom
+exit
+;;
+3)
+gerar_cert 1
+exit 
+;;
+4)
+gerar_cert 2
+exit
+;;
+esac
+;;
+7)
+clear
+msg -bar
+msg -ama "	START STUNNEL\n	ESTA OPCION ES SOLO SI LLEGA A DETENER EL PUERTO"
+msg -ama
+echo -ne " Desea Continuar? [S/N]: "; read seg
+[[ $seg = @(n|N) ]] && msg -bar && return
+clear
+	#systemctl start stunnel4 &>/dev/null
+	#systemctl start stunnel &>/dev/null
+	systemctl restart stunnel4 &>/dev/null
+	systemctl restart stunnel &>/dev/null
+msg -bar
+msg -verd "	SERVICIOS STUNNEL REINICIADOS"
+msg -bar
+;;
+8)
+clear
+msg -tit
+if [[ ! -z $(crontab -l|grep -w "onssl.sh") ]]; then
+    msg -azu " Auto-Inicio SSL programada cada $(msg -verd "[ $(crontab -l|grep -w "onssl.sh"|awk '{print $2}'|sed $'s/[^[:alnum:]\t]//g')HS ]")"
+    msg -bar
+    while :
+    do
+    echo -ne "$(msg -azu " Detener Auto-Inicio SSL [S/N]: ")" && read yesno
+    tput cuu1 && tput dl1
+    case $yesno in
+      s|S) crontab -l > /root/cron && sed -i '/onssl.sh/ d' /root/cron && crontab /root/cron && rm /tmp/st/onssl.sh
+           msg -azu " Auto-Inicio SSL Detenida!" && msg -bar && sleep 2
+           return 1;;
+      n|N)return 1;;
+      *)return 1 ;;
+    esac
+    done
+  fi 
+  clear
+  msg -bar
+msg -ama "	  \e[1;97m\e[2;100mAUTO-INICIAR SSL \e[0m"
+msg -bar 
+echo -ne "$(msg -azu "Desea programar El Auto-Inicio SSL [s/n]:") "
+  read initio
+  if [[ $initio = @(s|S|y|Y) ]]; then
+    tput cuu1 && tput dl1
+    echo -ne "$(msg -azu " PONGA UN NÚMERO, EJEMPLO [1-12HORAS]:") "
+    read initio
+    if [[ $initio =~ ^[0-9]+$ ]]; then
+      crontab -l > /root/cron
+      [[ ! -d /tmp/st ]] && mkdir /tmp/st
+	[[ ! -e /tmp/st/onssl.sh ]] && wget -O /tmp/st/onssl.sh https://www.dropbox.com/s/sjbulk4bz6wu2p0/onssl.sh &>/dev/null
+	chmod 777 /tmp/st/onssl.sh
+      echo "0 */$initio * * * bash /tmp/st/onssl.sh" >> /root/cron
+      crontab /root/cron
+      
+      service cron restart
+      rm /root/cron
+      tput cuu1 && tput dl1
+      msg -azu " Auto-Limpieza programada cada: $(msg -verd "${initio} HORAS")" && msg -bar && sleep 2
+    else
+      tput cuu1 && tput dl1
+      msg -verm2 " ingresar solo numeros entre 1 y 12"
+      sleep 2
+      msg -bar
+    fi
+  fi
+  return 1
+;;
+9)
+clear
+msg -bar
+msg -ama "	CERTIFICADOS ALMACENADOS de Zerossl\n	QUIERES USAR EL CERTIFICADO DE ZEROSSL?\n  private.key certificate.crt ca_bundle.crt"
+msg -ama
+echo -ne " Desea Continuar? [S/N]: "; read seg
+[[ $seg = @(n|N) ]] && msg -bar && return
+clear
+cd /etc/stunnel/
+cat private.key certificate.crt ca_bundle.crt > stunnel.pem
+#systemctl start stunnel4 &>/dev/null
+	#systemctl start stunnel &>/dev/null
+	systemctl restart stunnel4 &>/dev/null
+	systemctl restart stunnel &>/dev/null
+msg -bar
+msg -verd "	CERTIFICADO ZEROSSL AGREGADO\n	SERVICIO SSL INICIADO"
+msg -bar
+;;
+esac

LACASITAMX-v8.9x/Des/protocolos/v2ray.sh

@@ -0,0 +1,625 @@
+#!/bin/bash
+ll="/usr/local/include/snaps" && [[ ! -d ${ll} ]] && exit
+l="/usr/local/lib/sped" && [[ ! -d ${l} ]] && exit
+#25/01/2021 by @Kalix1
+clear
+clear
+
+SCPdir="/etc/VPS-MX"
+SCPfrm="${SCPdir}/herramientas" && [[ ! -d ${SCPfrm} ]] && exit
+SCPinst="${SCPdir}/protocolos" && [[ ! -d ${SCPinst} ]] && exit
+declare -A cor=([0]="\033[1;37m" [1]="\033[1;34m" [2]="\033[1;31m" [3]="\033[1;33m" [4]="\033[1;32m")
+
+err_fun() {
+    case $1 in
+    1)
+        msg -verm "$(fun_trans "Usuario Nulo")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    2)
+        msg -verm "$(fun_trans "Nombre muy corto (MIN: 2 CARACTERES)")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    3)
+        msg -verm "$(fun_trans "Nombre muy grande (MAX: 5 CARACTERES)")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    4)
+        msg -verm "$(fun_trans "Contraseña Nula")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    5)
+        msg -verm "$(fun_trans "Contraseña muy corta")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    6)
+        msg -verm "$(fun_trans "Contraseña muy grande")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    7)
+        msg -verm "$(fun_trans "Duracion Nula")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    8)
+        msg -verm "$(fun_trans "Duracion invalida utilize numeros")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    9)
+        msg -verm "$(fun_trans "Duracion maxima y de un año")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    11)
+        msg -verm "$(fun_trans "Limite Nulo")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    12)
+        msg -verm "$(fun_trans "Limite invalido utilize numeros")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    13)
+        msg -verm "$(fun_trans "Limite maximo de 999")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    14)
+        msg -verm "$(fun_trans "Usuario Ya Existe")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    15)
+        msg -verm "$(fun_trans "(Solo numeros) GB = Min: 1gb Max: 1000gb")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    16)
+        msg -verm "$(fun_trans "(Solo numeros)")"
+        sleep 2s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    17)
+        msg -verm "$(fun_trans "(Sin Informacion - Para Cancelar Digite CRTL + C)")"
+        sleep 4s
+        tput cuu1
+        tput dl1
+        tput cuu1
+        tput dl1
+        ;;
+    esac
+}
+intallv2ray() {
+    apt install python3-pip -y
+    source <(curl -sL https://www.dropbox.com/s/gh8vll0a8nejwr8/install-v2ray.sh)
+    msg -ama "$(fun_trans "Intalado con Exito")!"
+    USRdatabase="/etc/VPS-MX/RegV2ray"
+    [[ ! -e ${USRdatabase} ]] && touch ${USRdatabase}
+    sort ${USRdatabase} | uniq >${USRdatabase}tmp
+    mv -f ${USRdatabase}tmp ${USRdatabase}
+    msg -bar
+    service v2ray restart
+    msg -ne "Enter Para Continuar" && read enter
+    ${SCPinst}/v2ray.sh
+
+}
+protocolv2ray() {
+    msg -ama "$(fun_trans "Escojer opcion 3 y poner el dominio de nuestra IP")!"
+    msg -bar
+    v2ray stream
+    msg -bar
+    msg -ne "Enter Para Continuar" && read enter
+    ${SCPinst}/v2ray.sh
+}
+dirapache="/usr/local/lib/ubuntn/apache/ver" && [[ ! -d ${dirapache} ]] && exit
+tls() {
+    msg -ama "$(fun_trans "Activar o Desactivar TLS")!"
+    msg -bar
+    v2ray tls
+    msg -bar
+    msg -ne "Enter Para Continuar" && read enter
+    ${SCPinst}/v2ray.sh
+}
+portv() {
+    msg -ama "$(fun_trans "Cambiar Puerto v2ray")!"
+    msg -bar
+    v2ray port
+    msg -bar
+    msg -ne "Enter Para Continuar" && read enter
+    ${SCPinst}/v2ray.sh
+}
+stats() {
+    msg -ama "$(fun_trans "Estadisticas de Consumo")!"
+    msg -bar
+    v2ray stats
+    msg -bar
+    msg -ne "Enter Para Continuar" && read enter
+    ${SCPinst}/v2ray.sh
+}
+unistallv2() {
+    source <(curl -sL https://www.dropbox.com/s/gh8vll0a8nejwr8/install-v2ray.sh) --remove >/dev/null 2>&1
+    rm -rf /etc/VPS-MX/RegV2ray >/dev/null 2>&1
+    echo -e "\033[1;92m                  V2RAY REMOVIDO OK "
+    msg -bar
+    msg -ne "Enter Para Continuar" && read enter
+    ${SCPinst}/v2ray.sh
+}
+infocuenta() {
+    v2ray info
+    msg -bar
+    msg -ne "Enter Para Continuar" && read enter
+    ${SCPinst}/v2ray.sh
+}
+
+addusr() {
+    clear
+    clear
+    msg -bar
+    msg -tit
+    msg -ama "             AGREGAR USUARIO | UUID V2RAY"
+    msg -bar
+    ##DAIS
+    valid=$(date '+%C%y-%m-%d' -d " +31 days")
+    ##CORREO
+    MAILITO=$(cat /dev/urandom | tr -dc '[:alnum:]' | head -c 10)
+    ##ADDUSERV2RAY
+    UUID=$(cat /proc/sys/kernel/random/uuid)
+    sed -i '13i\           \{' /etc/v2ray/config.json
+    sed -i '14i\           \"alterId": 0,' /etc/v2ray/config.json
+    sed -i '15i\           \"id": "'$UUID'",' /etc/v2ray/config.json
+    sed -i '16i\           \"email": "'$MAILITO'@gmail.com"' /etc/v2ray/config.json
+    sed -i '17i\           \},' /etc/v2ray/config.json
+    echo ""
+    while true; do
+        echo -ne "\e[91m >> Digita un Nombre: \033[1;92m"
+        read -p ": " nick
+        nick="$(echo $nick | sed -e 's/[^a-z0-9 -]//ig')"
+        if [[ -z $nick ]]; then
+            err_fun 17 && continue
+        elif [[ "${#nick}" -lt "2" ]]; then
+            err_fun 2 && continue
+        elif [[ "${#nick}" -gt "5" ]]; then
+            err_fun 3 && continue
+        fi
+        break
+    done
+    echo -e "\e[91m >> Agregado UUID: \e[92m$UUID "
+    while true; do
+        echo -ne "\e[91m >> Duracion de UUID (Dias):\033[1;92m " && read diasuser
+        if [[ -z "$diasuser" ]]; then
+            err_fun 17 && continue
+        elif [[ "$diasuser" != +([0-9]) ]]; then
+            err_fun 8 && continue
+        elif [[ "$diasuser" -gt "360" ]]; then
+            err_fun 9 && continue
+        fi
+        break
+    done
+    #Lim
+    #[[ $(cat /etc/passwd |grep $1: |grep -vi [a-z]$1 |grep -v [0-9]$1 > /dev/null) ]] && return 1
+    valid=$(date '+%C%y-%m-%d' -d " +$diasuser days") && datexp=$(date "+%F" -d " + $diasuser days")
+
+    echo -e "\e[91m >> Expira el : \e[92m$datexp "
+    ##Registro
+    echo "  $UUID | $nick | $valid " >>/etc/VPS-MX/RegV2ray
+    Fecha=$(date +%d-%m-%y-%R)
+    cp /etc/VPS-MX/RegV2ray /etc/VPS-MX/v2ray/RegV2ray-"$Fecha"
+    v2ray restart >/dev/null 2>&1
+    echo ""
+    v2ray info >/etc/VPS-MX/v2ray/confuuid.log
+    lineP=$(sed -n '/'${UUID}'/=' /etc/VPS-MX/v2ray/confuuid.log)
+    numl1=4
+    let suma=$lineP+$numl1
+    sed -n ${suma}p /etc/VPS-MX/v2ray/confuuid.log
+    echo ""
+    msg -bar
+    echo -e "\e[92m           UUID AGREGEGADO CON EXITO "
+    msg -bar
+    msg -ne "Enter Para Continuar" && read enter
+    ${SCPinst}/v2ray.sh
+}
+
+delusr() {
+    clear
+    clear
+    invaliduuid() {
+        msg -bar
+        echo -e "\e[91m                    UUID INVALIDO \n$(msg -bar)"
+        msg -ne "Enter Para Continuar" && read enter
+        ${SCPinst}/v2ray.sh
+    }
+    msg -bar
+    msg -tit
+    msg -ama "             ELIMINAR USUARIO | UUID V2RAY"
+    msg -bar
+    echo -e "\e[97m               USUARIOS REGISTRADOS"
+    echo -e "\e[33m$(cat /etc/VPS-MX/RegV2ray | cut -d '|' -f2,1)"
+    msg -bar
+    echo -ne "\e[91m >> Digita el UUID a eliminar:\n \033[1;92m " && read uuidel
+    [[ $(sed -n '/'${uuidel}'/=' /etc/v2ray/config.json | head -1) ]] || invaliduuid
+    lineP=$(sed -n '/'${uuidel}'/=' /etc/v2ray/config.json)
+    linePre=$(sed -n '/'${uuidel}'/=' /etc/VPS-MX/RegV2ray)
+    sed -i "${linePre}d" /etc/VPS-MX/RegV2ray
+    numl1=2
+    let resta=$lineP-$numl1
+    sed -i "${resta}d" /etc/v2ray/config.json
+    sed -i "${resta}d" /etc/v2ray/config.json
+    sed -i "${resta}d" /etc/v2ray/config.json
+    sed -i "${resta}d" /etc/v2ray/config.json
+    sed -i "${resta}d" /etc/v2ray/config.json
+    v2ray restart >/dev/null 2>&1
+    msg -bar
+    msg -ne "Enter Para Continuar" && read enter
+    ${SCPinst}/v2ray.sh
+}
+
+mosusr_kk() {
+    clear
+    clear
+    msg -bar
+    msg -tit
+    msg -ama "         USUARIOS REGISTRADOS | UUID V2RAY"
+    msg -bar
+    # usersss=$(cat /etc/VPS-MX/RegV2ray|cut -d '|' -f1)
+    # cat /etc/VPS-MX/RegV2ray|cut -d'|' -f3
+    VPSsec=$(date +%s)
+    local HOST="/etc/VPS-MX/RegV2ray"
+    local HOST2="/etc/VPS-MX/RegV2ray"
+    local RETURN="$(cat $HOST | cut -d'|' -f2)"
+    local IDEUUID="$(cat $HOST | cut -d'|' -f1)"
+    if [[ -z $RETURN ]]; then
+        echo -e "----- NINGUN USER REGISTRADO -----"
+        msg -ne "Enter Para Continuar" && read enter
+        ${SCPinst}/v2ray.sh
+
+    else
+        i=1
+        echo -e "\e[97m                 UUID                | USER | EXPIRACION \e[93m"
+        msg -bar
+        while read hostreturn; do
+            DateExp="$(cat /etc/VPS-MX/RegV2ray | grep -w "$hostreturn" | cut -d'|' -f3)"
+            if [[ ! -z $DateExp ]]; then
+                DataSec=$(date +%s --date="$DateExp")
+                [[ "$VPSsec" -gt "$DataSec" ]] && EXPTIME="\e[91m[EXPIRADO]\e[97m" || EXPTIME="\e[92m[$(($(($DataSec - $VPSsec)) / 86400))]\e[97m Dias"
+            else
+                EXPTIME="\e[91m[ S/R ]"
+            fi
+            usris="$(cat /etc/VPS-MX/RegV2ray | grep -w "$hostreturn" | cut -d'|' -f2)"
+            local contador_secuencial+="\e[93m$hostreturn \e[97m|\e[93m$usris\e[97m|\e[93m $EXPTIME \n"
+            if [[ $i -gt 30 ]]; then
+                echo -e "$contador_secuencial"
+                unset contador_secuencial
+                unset i
+            fi
+            let i++
+        done <<<"$IDEUUID"
+
+        [[ ! -z $contador_secuencial ]] && {
+            linesss=$(cat /etc/VPS-MX/RegV2ray | wc -l)
+            echo -e "$contador_secuencial \n Numero de Registrados: $linesss"
+        }
+    fi
+    msg -bar
+    msg -ne "Enter Para Continuar" && read enter
+    ${SCPinst}/v2ray.sh
+}
+lim_port() {
+    clear
+    clear
+    msg -bar
+    msg -tit
+    msg -ama "          LIMITAR MB X PORT | UUID V2RAY"
+    msg -bar
+    ###VER
+    estarts() {
+        VPSsec=$(date +%s)
+        local HOST="/etc/VPS-MX/v2ray/lisportt.log"
+        local HOST2="/etc/VPS-MX/v2ray/lisportt.log"
+        local RETURN="$(cat $HOST | cut -d'|' -f2)"
+        local IDEUUID="$(cat $HOST | cut -d'|' -f1)"
+        if [[ -z $RETURN ]]; then
+            echo -e "----- NINGUN PUERTO REGISTRADO -----"
+            msg -ne "Enter Para Continuar" && read enter
+            ${SCPinst}/v2ray.sh
+        else
+            i=1
+            while read hostreturn; do
+                iptables -n -v -L >/etc/VPS-MX/v2ray/data1.log
+                statsss=$(cat /etc/VPS-MX/v2ray/data1.log | grep -w "tcp spt:$hostreturn quota:" | cut -d' ' -f3,4,5)
+                gblim=$(cat /etc/VPS-MX/v2ray/lisportt.log | grep -w "$hostreturn" | cut -d'|' -f2)
+                local contador_secuencial+="         \e[97mPUERTO: \e[93m$hostreturn \e[97m|\e[93m$statsss \e[97m|\e[93m $gblim GB  \n"
+                if [[ $i -gt 30 ]]; then
+                    echo -e "$contador_secuencial"
+                    unset contador_secuencial
+                    unset i
+                fi
+                let i++
+            done <<<"$IDEUUID"
+
+            [[ ! -z $contador_secuencial ]] && {
+                linesss=$(cat /etc/VPS-MX/v2ray/lisportt.log | wc -l)
+                echo -e "$contador_secuencial \n Puertos Limitados: $linesss"
+            }
+        fi
+        msg -bar
+        msg -ne "Enter Para Continuar" && read enter
+        ${SCPinst}/v2ray.sh
+    }
+    ###LIM
+    liport() {
+        while true; do
+            echo -ne "\e[91m >> Digite Port a Limitar:\033[1;92m " && read portbg
+            if [[ -z "$portbg" ]]; then
+                err_fun 17 && continue
+            elif [[ "$portbg" != +([0-9]) ]]; then
+                err_fun 16 && continue
+            elif [[ "$portbg" -gt "1000" ]]; then
+                err_fun 16 && continue
+            fi
+            break
+        done
+        while true; do
+            echo -ne "\e[91m >> Digite Cantidad de GB:\033[1;92m " && read capgb
+            if [[ -z "$capgb" ]]; then
+                err_fun 17 && continue
+            elif [[ "$capgb" != +([0-9]) ]]; then
+                err_fun 15 && continue
+            elif [[ "$capgb" -gt "1000" ]]; then
+                err_fun 15 && continue
+            fi
+            break
+        done
+        uml1=1073741824
+        gbuser="$capgb"
+        let multiplicacion=$uml1*$gbuser
+        sudo iptables -I OUTPUT -p tcp --sport $portbg -j DROP
+        sudo iptables -I OUTPUT -p tcp --sport $portbg -m quota --quota $multiplicacion -j ACCEPT
+        iptables-save >/etc/iptables/rules.v4
+        echo ""
+        echo -e " Port Seleccionado: $portbg | Cantidad de GB: $gbuser"
+        echo ""
+        echo " $portbg | $gbuser | $multiplicacion " >>/etc/VPS-MX/v2ray/lisportt.log
+        msg -bar
+        msg -ne "Enter Para Continuar" && read enter
+        ${SCPinst}/v2ray.sh
+    }
+    #monitor
+
+    ###RES
+    resdata() {
+        VPSsec=$(date +%s)
+        local HOST="/etc/VPS-MX/v2ray/lisportt.log"
+        local HOST2="/etc/VPS-MX/v2ray/lisportt.log"
+        local RETURN="$(cat $HOST | cut -d'|' -f2)"
+        local IDEUUID="$(cat $HOST | cut -d'|' -f1)"
+        if [[ -z $RETURN ]]; then
+            echo -e "----- NINGUN PUERTO REGISTRADO -----"
+            return 0
+        else
+            i=1
+            while read hostreturn; do
+                iptables -n -v -L >/etc/VPS-MX/v2ray/data1.log
+                statsss=$(cat /etc/VPS-MX/v2ray/data1.log | grep -w "tcp spt:$hostreturn quota:" | cut -d' ' -f3,4,5)
+                gblim=$(cat /etc/VPS-MX/v2ray/lisportt.log | grep -w "$hostreturn" | cut -d'|' -f2)
+                local contador_secuencial+="         \e[97mPUERTO: \e[93m$hostreturn \e[97m|\e[93m$statsss \e[97m|\e[93m $gblim GB  \n"
+
+                if [[ $i -gt 30 ]]; then
+                    echo -e "$contador_secuencial"
+                    unset contador_secuencial
+                    unset i
+                fi
+                let i++
+            done <<<"$IDEUUID"
+
+            [[ ! -z $contador_secuencial ]] && {
+                linesss=$(cat /etc/VPS-MX/v2ray/lisportt.log | wc -l)
+                echo -e "$contador_secuencial \n Puertos Limitados: $linesss"
+            }
+        fi
+        msg -bar
+
+        while true; do
+            echo -ne "\e[91m >> Digite Puerto a Limpiar:\033[1;92m " && read portbg
+            if [[ -z "$portbg" ]]; then
+                err_fun 17 && continue
+            elif [[ "$portbg" != +([0-9]) ]]; then
+                err_fun 16 && continue
+            elif [[ "$portbg" -gt "1000" ]]; then
+                err_fun 16 && continue
+            fi
+            break
+        done
+        invaliduuid() {
+            msg -bar
+            echo -e "\e[91m                PUERTO INVALIDO \n$(msg -bar)"
+            msg -ne "Enter Para Continuar" && read enter
+            ${SCPinst}/v2ray.sh
+        }
+        [[ $(sed -n '/'${portbg}'/=' /etc/VPS-MX/v2ray/lisportt.log | head -1) ]] || invaliduuid
+        gblim=$(cat /etc/VPS-MX/v2ray/lisportt.log | grep -w "$portbg" | cut -d'|' -f3)
+        sudo iptables -D OUTPUT -p tcp --sport $portbg -j DROP
+        sudo iptables -D OUTPUT -p tcp --sport $portbg -m quota --quota $gblim -j ACCEPT
+        iptables-save >/etc/iptables/rules.v4
+        lineP=$(sed -n '/'${portbg}'/=' /etc/VPS-MX/v2ray/lisportt.log)
+        sed -i "${linePre}d" /etc/VPS-MX/v2ray/lisportt.log
+        msg -bar
+        msg -ne "Enter Para Continuar" && read enter
+        ${SCPinst}/v2ray.sh
+    }
+    ## MENU
+    echo -ne "\033[1;32m [1] > " && msg -azu "$(fun_trans "LIMITAR DATA x PORT") "
+    echo -ne "\033[1;32m [2] > " && msg -azu "$(fun_trans "RESETEAR DATA DE PORT") "
+    echo -ne "\033[1;32m [3] > " && msg -azu "$(fun_trans "VER DATOS CONSUMIDOS") "
+    echo -ne "$(msg -bar)\n\033[1;32m [0] > " && msg -bra "\e[97m\033[1;41m VOLVER \033[1;37m"
+    msg -bar
+    selection=$(selection_fun 3)
+    case ${selection} in
+    1) liport ;;
+    2) resdata ;;
+    3) estarts ;;
+    0)
+        ${SCPinst}/v2ray.sh
+        ;;
+    esac
+}
+
+limpiador_activador() {
+    unset PIDGEN
+    PIDGEN=$(ps aux | grep -v grep | grep "limv2ray")
+    if [[ ! $PIDGEN ]]; then
+        wget -O /usr/bin/limv2ray https://www.dropbox.com/s/goty5g155vcp02r/limv2ray &>/dev/null
+        chmod 777 /usr/bin/limv2ray
+        screen -dmS limv2ray watch -n 21600 limv2ray
+    else
+        #killall screen
+        screen -S limv2ray -p 0 -X quit
+    fi
+    unset PID_GEN
+    PID_GEN=$(ps x | grep -v grep | grep "limv2ray")
+    [[ ! $PID_GEN ]] && PID_GEN="\e[91m [ DESACTIVADO ] " || PID_GEN="\e[92m [ ACTIVADO ] "
+    statgen="$(echo $PID_GEN)"
+    clear
+    clear
+    msg -bar
+    msg -tit
+    msg -ama "          ELIMINAR EXPIRADOS | UUID V2RAY"
+    msg -bar
+    echo ""
+    echo -e "                    $statgen "
+    echo ""
+    msg -bar
+    msg -ne "Enter Para Continuar" && read enter
+    ${SCPinst}/v2ray.sh
+
+}
+
+selection_fun() {
+    local selection="null"
+    local range
+    for ((i = 0; i <= $1; i++)); do range[$i]="$i "; done
+    while [[ ! $(echo ${range[*]} | grep -w "$selection") ]]; do
+        echo -ne "\033[1;37m ► Selecione una Opcion: " >&2
+        read selection
+        tput cuu1 >&2 && tput dl1 >&2
+    done
+    echo $selection
+}
+pidr_inst() {
+    proto="v2ray"
+    portas=$(lsof -V -i -P -n | grep -v "ESTABLISHED" | grep -v "COMMAND")
+    for list in $proto; do
+        case $list in
+        v2ray)
+            portas2=$(echo $portas | grep -w "LISTEN" | grep -w "$list")
+            [[ $(echo "${portas2}" | grep "$list") ]] && inst[$list]="\033[1;32m[ACTIVO] " || inst[$list]="\033[1;31m[DESACTIVADO]"
+            ;;
+        esac
+    done
+}
+PID_GEN=$(ps x | grep -v grep | grep "limv2ray")
+[[ ! $PID_GEN ]] && PID_GEN="\e[91m [ OFF ] " || PID_GEN="\e[92m [ ON ] "
+statgen="$(echo $PID_GEN)"
+SPR &
+on="\e[1;32m[ACTIVO]" && off="\e[1;31m[DESACTIVADO]"
+
+declare -A inst
+pidr_inst
+
+msg -bar3
+#msg -bar
+msg -tit
+msg -bar
+echo -e "        \e[91m\e[43mINSTALADOR DE V2RAY\e[0m"
+msg -bar
+## INSTALADOR
+echo -e "$(msg -verd "  [1]")$(msg -verm2 " ➛ ")$(msg -azu " INSTALAR V2RAY ") ${inst[v2ray]}"
+echo -e "$(msg -verd "  [2]")$(msg -verm2 " ➛ ")$(msg -azu " CAMBIAR PROTOCOLO ") "
+echo -e "$(msg -verd "  [3]")$(msg -verm2 " ➛ ")$(msg -azu " ACTIVAR TLS ") "
+echo -e "$(msg -verd "  [4]")$(msg -verm2 " ➛ ")$(msg -azu " CAMBIAR PUERTO V2RAY ")"
+msg -bar
+## CONTROLER
+echo -e "$(msg -verd "  [5]")$(msg -verm2 " ➛ ")$(msg -azu " AGREGAR USUARIO UUID ")"
+echo -e "$(msg -verd "  [6]")$(msg -verm2 " ➛ ")$(msg -azu " ELIMINAR USUARIO UUID ")"
+echo -e "$(msg -verd "  [7]")$(msg -verm2 " ➛ ")$(msg -azu " MOSTRAR USUARIOS REGISTRADOS ")"
+#echo -e "$(msg -verd "  [8]")$(msg -verm2 " ➛")$(msg -ama "  \e[33mMOSTRAR USUARIOS CONECTADOS ")"
+echo -e "$(msg -verd "  [8]")$(msg -verm2 " ➛ ")$(msg -azu " INFORMACION DE CUENTAS ")"
+echo -e "$(msg -verd "  [9]")$(msg -verm2 " ➛ ")$(msg -azu " ESTADISTICAS DE CONSUMO ")"
+echo -e "$(msg -verd "  [10]")$(msg -verm2 "➛ ")$(msg -azu " LIMITADOR POR CONSUMO ")\e[91m ( BETA x PORT )"
+echo -e "$(msg -verd "  [11]")$(msg -verm2 "➛ ")$(msg -azu " LIMPIADOR DE EXPIRADOS ------- $statgen ")"
+msg -bar
+## DESISNTALAR
+echo -e "$(msg -verd "  [12]")$(msg -verm2 "➛ ")$(msg -azu "\033[1;31mDESINSTALAR V2RAY ")"
+echo -e "$(msg -verd "  [0]") $(msg -verm2 "➛ ")$(msg -azu " \e[97m\033[1;41m VOLVER \033[1;37m ")"
+msg -bar
+#echo -e "         \e[97mEstado actual: $(pid_inst v2ray)"
+#msg -bar
+selection=$(selection_fun 18)
+case ${selection} in
+1) intallv2ray ;;
+2) protocolv2ray ;;
+3) tls ;;
+4) portv ;;
+5) addusr ;;
+6) delusr ;;
+7) mosusr_kk ;;
+#8)monitor;;
+8) infocuenta ;;
+9) stats ;;
+10) lim_port ;;
+11) limpiador_activador ;;
+12) unistallv2 ;;
+0) exit ;;
+esac

LACASITAMX-v8.9x/Des/protocolos/wireguard.sh

@@ -0,0 +1,930 @@
+#!/bin/bash
+dir="/etc/VPS-MX"
+SCPfrm="${dir}/herramientas" && [[ ! -d ${SCPfrm} ]] && exit
+SCPinst="${dir}/protocolos" && [[ ! -d ${SCPinst} ]] && exit
+[[ ! -d /usr/local/megat ]] && exit
+mportas() {
+    unset portas
+    portas_var=$(lsof -V -i tcp -P -n | grep -v "ESTABLISHED" | grep -v "COMMAND" | grep "LISTEN")
+    while read port; do
+        var1=$(echo $port | awk '{print $1}') && var2=$(echo $port | awk '{print $9}' | awk -F ":" '{print $2}')
+        [[ "$(echo -e $portas | grep "$var1 $var2")" ]] || portas+="$var1 $var2\n"
+    done <<<"$portas_var"
+    i=1
+    echo -e "$portas"
+}
+
+fun_ip() {
+    MIP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
+    MIP2=$(wget -qO- ifconfig.me)
+    [[ "$MIP" != "$MIP2" ]] && IP="$MIP2" || IP="$MIP"
+}
+
+[[ ! -d /etc/VPS-MX/wireguard ]] && mkdir /etc/VPS-MX/wireguard
+# Detect Debian users running the script with "sh" instead of bash
+if readlink /proc/$$/exe | grep -q "dash"; then
+    echo 'Este instalador debe ejecutarse con "bash", no con "sh".'
+    exit
+fi
+
+# Discard stdin. Needed when running from an one-liner which includes a newline
+read -N 999999 -t 0.001
+
+# Detect OpenVZ 6
+if [[ $(uname -r | cut -d "." -f 1) -eq 2 ]]; then
+    echo "El sistema está ejecutando un kernel antiguo, que es incompatible con este instalador"
+    exit
+fi
+
+# Detect OS
+# $os_version variables aren't always in use, but are kept here for convenience
+if grep -qs "ubuntu" /etc/os-release; then
+    os="ubuntu"
+    os_version=$(grep 'VERSION_ID' /etc/os-release | cut -d '"' -f 2 | tr -d '.')
+elif [[ -e /etc/debian_version ]]; then
+    os="debian"
+    os_version=$(grep -oE '[0-9]+' /etc/debian_version | head -1)
+elif [[ -e /etc/centos-release ]]; then
+    os="centos"
+    os_version=$(grep -oE '[0-9]+' /etc/centos-release | head -1)
+elif [[ -e /etc/fedora-release ]]; then
+    os="fedora"
+    os_version=$(grep -oE '[0-9]+' /etc/fedora-release | head -1)
+else
+    echo "Este instalador parece estar ejecutándose en una distribución no compatible. Las distribuciones compatibles son Ubuntu, Debian, CentOS y Fedora"
+    exit
+fi
+
+if [[ "$os" == "ubuntu" && "$os_version" -lt 1804 ]]; then
+    echo "Se requiere Ubuntu 18.04 o superior para usar este instalador. Esta versión de Ubuntu es demasiado antigua y no es compatible"
+    exit
+fi
+
+if [[ "$os" == "debian" && "$os_version" -lt 9 ]]; then
+    echo "Se requiere Debian 9+ o superior para usar este instalador. Esta versión de Debian es demasiado antigua y no tiene soporte"
+    exit
+fi
+
+if [[ "$os" == "centos" && "$os_version" -lt 7 ]]; then
+    echo "CentOS 7 or higher is required to use this installer. This version of CentOS is too old and unsupported."
+    exit
+fi
+
+# Detect environments where $PATH does not include the sbin directories
+if ! grep -q sbin <<<"$PATH"; then
+    echo '$PATH no incluye sen. Intenta usar "su -" en lugar de "su".'
+    exit
+fi
+
+systemd-detect-virt -cq
+is_container="$?"
+
+if [[ "$os" == "fedora" && "$os_version" -eq 31 && $(uname -r | cut -d "." -f 2) -lt 6 && ! "$is_container" -eq 0 ]]; then
+    echo 'Fedora 31 is supported, but the kernel is outdated. Upgrade the kernel using "dnf upgrade kernel" and restart.'
+    exit
+fi
+
+if [[ "$EUID" -ne 0 ]]; then
+    echo "Este instalador debe ejecutarse con privilegios de superusuario"
+    exit
+fi
+
+if [[ "$is_container" -eq 0 ]]; then
+    if [ "$(uname -m)" != "x86_64" ]; then
+        echo "En sistemas en contenedores, este instalador solo admite la arquitectura x86_64. El sistema se ejecuta en $(uname -m) y no es compatible"
+        exit
+    fi
+    # TUN device is required to use BoringTun if running inside a container
+    if [[ ! -e /dev/net/tun ]] || ! (exec 7<>/dev/net/tun) 2>/dev/null; then
+        echo "El sistema no tiene disponible el dispositivo TUN. TUN debe estar habilitado antes de ejecutar este instalador"
+        exit
+    fi
+fi
+
+function setup_environment() {
+    ### define colors ###
+    lightred=$'\033[1;31m'    # light red
+    red=$'\033[0;31m'         # red
+    lightgreen=$'\033[1;32m'  # light green
+    green=$'\033[0;32m'       # green
+    lightblue=$'\033[1;34m'   # light blue
+    blue=$'\033[0;34m'        # blue
+    lightpurple=$'\033[1;35m' # light purple
+    purple=$'\033[0;35m'      # purple
+    lightcyan=$'\033[1;36m'   # light cyan
+    cyan=$'\033[0;36m'        # cyan
+    lightgray=$'\033[0;37m'   # light gray
+    white=$'\033[1;37m'       # white
+    brown=$'\033[0;33m'       # brown
+    yellow=$'\033[1;33m'      # yellow
+    darkgray=$'\033[1;30m'    # dark gray
+    black=$'\033[0;30m'       # black
+    nocolor=$'\e[0m'          # no color
+
+    echo -e -n "${lightred}"
+    echo -e -n "${red}"
+    echo -e -n "${lightgreen}"
+    echo -e -n "${green}"
+    echo -e -n "${lightblue}"
+    echo -e -n "${blue}"
+    echo -e -n "${lightpurple}"
+    echo -e -n "${purple}"
+    echo -e -n "${lightcyan}"
+    echo -e -n "${cyan}"
+    echo -e -n "${lightgray}"
+    echo -e -n "${white}"
+    echo -e -n "${brown}"
+    echo -e -n "${yellow}"
+    echo -e -n "${darkgray}"
+    echo -e -n "${black}"
+    echo -e -n "${nocolor}"
+    clear
+
+    # Set Vars
+    LOGFILE='/var/log/wireguardSH.log'
+}
+
+new_client_dns() {
+    echo -e -n "${lightgreen}"
+    echo "Seleccione un servidor DNS para el cliente"
+    echo "   1) DNS DEFAULT del sistema actual"
+    echo "   2) Google"
+    echo "   3) 1.1.1.1"
+    echo "   4) OpenDNS"
+    echo "   5) Quad9"
+    echo "   6) AdGuard"
+    echo -e -n "${nocolor}"
+    read -p "DNS server [1]: " dns
+    until [[ -z "$dns" || "$dns" =~ ^[1-6]$ ]]; do
+        echo -e -n "${red}"
+        echo "$dns: invalid selection."
+        echo -e -n "${green}"
+        read -p "DNS server [1]: " dns
+    done
+    # DNS
+    case "$dns" in
+    1 | "")
+        # Locate the proper resolv.conf
+        # Needed for systems running systemd-resolved
+        if grep -q '^nameserver 127.0.0.53' "/etc/resolv.conf"; then
+            resolv_conf="/run/systemd/resolve/resolv.conf"
+        else
+            resolv_conf="/etc/resolv.conf"
+        fi
+        # Extract nameservers and provide them in the required format
+        dns=$(grep -v '^#\|^;' "$resolv_conf" | grep '^nameserver' | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | xargs | sed -e 's/ /, /g')
+        ;;
+    2)
+        dns="8.8.8.8, 8.8.4.4"
+        ;;
+    3)
+        dns="1.1.1.1, 1.0.0.1"
+        ;;
+    4)
+        dns="208.67.222.222, 208.67.220.220"
+        ;;
+    5)
+        dns="9.9.9.9, 149.112.112.112"
+        ;;
+    6)
+        dns="94.140.14.14, 94.140.15.15"
+        ;;
+    esac
+}
+
+new_client_setup() {
+    # Given a list of the assigned internal IPv4 addresses, obtain the lowest still
+    # available octet. Important to start looking at 2, because 1 is our gateway.
+    octet=2
+    while grep AllowedIPs /etc/wireguard/wg0.conf | cut -d "." -f 4 | cut -d "/" -f 1 | grep -q "$octet"; do
+        ((octet++))
+    done
+    # Don't break the WireGuard configuration in case the address space is full
+    if [[ "$octet" -eq 255 ]]; then
+        echo "253 clients are already configured. The WireGuard internal subnet is full!"
+        exit
+    fi
+    key=$(wg genkey)
+    psk=$(wg genpsk)
+    # Configure client in the server
+    cat <<EOF >>/etc/wireguard/wg0.conf
+# BEGIN_PEER $client
+[Peer]
+PublicKey = $(wg pubkey <<<$key)
+PresharedKey = $psk
+AllowedIPs = 10.7.0.$octet/32$(grep -q 'fddd:2c4:2c4:2c4::1' /etc/wireguard/wg0.conf && echo ", fddd:2c4:2c4:2c4::$octet/128")
+# END_PEER $client
+EOF
+    # Create client configuration
+    cat <<EOF >/etc/VPS-MX/wireguard/"$client".conf
+[Interface]
+Address = 10.7.0.$octet/24$(grep -q 'fddd:2c4:2c4:2c4::1' /etc/wireguard/wg0.conf && echo ", fddd:2c4:2c4:2c4::$octet/64")
+DNS = $dns
+PrivateKey = $key
+
+[Peer]
+PublicKey = $(grep PrivateKey /etc/wireguard/wg0.conf | cut -d " " -f 3 | wg pubkey)
+PresharedKey = $psk
+AllowedIPs = 0.0.0.0/0, ::/0
+Endpoint = $(grep '^# ENDPOINT' /etc/wireguard/wg0.conf | cut -d " " -f 3):$(grep ListenPort /etc/wireguard/wg0.conf | cut -d " " -f 3)
+PersistentKeepalive = 25
+EOF
+}
+
+setup_environment
+
+install() {
+    echo -e -n "${green}"
+    # If system has a single IPv4, it is selected automatically. Else, ask the user
+    if [[ $(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}') -eq 1 ]]; then
+        ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}')
+    else
+        number_of_ip=$(ip -4 addr | grep inet | grep -vEc '127(\.[0-9]{1,3}){3}')
+        echo
+        echo -e -n "${lightgreen}"
+        echo "¿Qué dirección IPv4 se debe usar?"
+        ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | nl -s ') '
+        read -p "IPv4 address [1]: " ip_number
+        until [[ -z "$ip_number" || "$ip_number" =~ ^[0-9]+$ && "$ip_number" -le "$number_of_ip" ]]; do
+            echo -e -n "${red}"
+            echo "$ip_number: invalid selection."
+            read -p "IPv4 address [1]: " ip_number
+            echo -e -n "${green}"
+        done
+        [[ -z "$ip_number" ]] && ip_number="1"
+        ip=$(ip -4 addr | grep inet | grep -vE '127(\.[0-9]{1,3}){3}' | cut -d '/' -f 1 | grep -oE '[0-9]{1,3}(\.[0-9]{1,3}){3}' | sed -n "$ip_number"p)
+    fi
+    # If $ip is a private IP address, the server must be behind NAT
+    if echo "$ip" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then
+        echo
+        echo -e -n "${lightgreen}"
+        echo "Este servidor está detrás de NAT. ¿Cuál es la dirección IPv4 pública o el nombre de host?"
+        # Get public IP and sanitize with grep
+        get_public_ip=$(grep -m 1 -oE '^[0-9]{1,3}(\.[0-9]{1,3}){3}$' <<<"$(wget -T 10 -t 1 -4qO- "http://ip1.dynupdate.no-ip.com/" || curl -m 10 -4Ls "http://ip1.dynupdate.no-ip.com/")")
+        read -p "Public IPv4 address / hostname [$get_public_ip]: " public_ip
+        # If the checkip service is unavailable and user didn't provide input, ask again
+        until [[ -n "$get_public_ip" || -n "$public_ip" ]]; do
+            echo -e -n "${red}"
+            echo "Invalid input."
+            read -p "Public IPv4 address / hostname: " public_ip
+            echo -e -n "${green}"
+        done
+        [[ -z "$public_ip" ]] && public_ip="$get_public_ip"
+    fi
+    # If system has a single IPv6, it is selected automatically
+    if [[ $(ip -6 addr | grep -c 'inet6 [23]') -eq 1 ]]; then
+        ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}')
+    fi
+    # If system has multiple IPv6, ask the user to select one
+    if [[ $(ip -6 addr | grep -c 'inet6 [23]') -gt 1 ]]; then
+        number_of_ip6=$(ip -6 addr | grep -c 'inet6 [23]')
+        echo
+        echo -e -n "${lightgreen}"
+        echo "Which IPv6 address should be used?"
+        ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}' | nl -s ') '
+        read -p "IPv6 address [1]: " ip6_number
+        until [[ -z "$ip6_number" || "$ip6_number" =~ ^[0-9]+$ && "$ip6_number" -le "$number_of_ip6" ]]; do
+            echo -e -n "${red}"
+            echo "$ip6_number: invalid selection."
+            read -p "IPv6 address [1]: " ip6_number
+            echo -e -n "${green}"
+        done
+        [[ -z "$ip6_number" ]] && ip6_number="1"
+        ip6=$(ip -6 addr | grep 'inet6 [23]' | cut -d '/' -f 1 | grep -oE '([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}' | sed -n "$ip6_number"p)
+    fi
+    echo
+    echo -e -n "${lightgreen}"
+    echo " INGRESE UN PUERTO PARA WireGuard"
+    #echo -e -n "${nocolor}"
+    #read -p "Puerto [51820]: " port
+    #until [[ -z "$port" || "$port" =~ ^[0-9]+$ && "$port" -le 65535 ]]; do
+    #   echo -e -n "${red}"
+    #echo "$port: invalid port."
+    #read -p "Puerto [51820]: " port
+    #echo -e -n "${green}"
+    #done
+    while true; do
+        echo -ne "\033[1;37m"
+        read -p " Puerto [51820]: " port
+        echo ""
+        [[ $(mportas | grep -w "$port") ]] || break
+        echo -e "\033[1;33m Esta puerta está en uso"
+        unset port
+    done
+    [[ -z "$port" ]] && port="51820"
+    echo
+    echo -e -n "${lightgreen}"
+    echo "Introduzca un nombre para el primer cliente: "
+    echo -e -n "${nocolor}"
+    read -p "Nombre [cliente]: " unsanitized_client
+    # Allow a limited set of characters to avoid conflicts
+    client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<<"$unsanitized_client")
+    [[ -z "$client" ]] && client="client"
+    echo
+    new_client_dns
+    # Set up automatic updates for BoringTun if the user is fine with that
+    if [[ "$is_container" -eq 0 ]]; then
+        echo
+        echo -e -n "${lightgreen}"
+        echo "Se instalará BoringTun para configurar WireGuard en el sistema"
+        read -p "¿Deberían habilitarse las actualizaciones automáticas para ello? [Y/n]: " boringtun_updates
+        until [[ "$boringtun_updates" =~ ^[yYnN]*$ ]]; do
+            echo "$remove: invalid selection."
+            read -p "Should automatic updates be enabled for it? [Y/n]: " boringtun_updates
+        done
+        if [[ "$boringtun_updates" =~ ^[yY]*$ ]]; then
+            if [[ "$os" == "centos" || "$os" == "fedora" ]]; then
+                cron="cronie"
+            elif [[ "$os" == "debian" || "$os" == "ubuntu" ]]; then
+                cron="cron"
+            fi
+        fi
+        echo -e -n "${nocolor}"
+    fi
+    echo
+    echo -e -n "${lightgreen}"
+    echo "La instalación de WireGuard está lista para comenzar"
+    echo -e -n "${nocolor}"
+    # Install a firewall in the rare case where one is not already available
+    if ! systemctl is-active --quiet firewalld.service && ! hash iptables 2>/dev/null; then
+        if [[ "$os" == "centos" || "$os" == "fedora" ]]; then
+            firewall="firewalld"
+            # We don't want to silently enable firewalld, so we give a subtle warning
+            # If the user continues, firewalld will be installed and enabled during setup
+            echo "También se instalará firewalld, que es necesario para administrar las tablas de enrutamiento"
+        elif [[ "$os" == "debian" || "$os" == "ubuntu" ]]; then
+            # iptables is way less invasive than firewalld so no warning is given
+            firewall="iptables"
+        fi
+    fi
+    echo -e -n "${lightgreen}"
+    read -n1 -r -p "Presione enter para continuar..."
+    echo -e -n "${nocolor}"
+    # Install WireGuard
+    # If not running inside a container, set up the WireGuard kernel module
+    if [[ ! "$is_container" -eq 0 ]]; then
+        if [[ "$os" == "ubuntu" ]]; then
+            # Ubuntu
+            apt-get update
+            apt-get install -y wireguard qrencode $firewall
+        elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
+            # Debian 10
+            if ! grep -qs '^deb .* buster-backports main' /etc/apt/sources.list /etc/apt/sources.list.d/*.list; then
+                echo "deb http://deb.debian.org/debian buster-backports main" >>/etc/apt/sources.list
+            fi
+            apt-get update
+            # Try to install kernel headers for the running kernel and avoid a reboot. This
+            # can fail, so it's important to run separately from the other apt-get command.
+            apt-get install -y linux-headers-"$(uname -r)"
+            # There are cleaner ways to find out the $architecture, but we require an
+            # specific format for the package name and this approach provides what we need.
+            architecture=$(dpkg --get-selections 'linux-image-*-*' | cut -f 1 | grep -oE '[^-]*$' -m 1)
+            # linux-headers-$architecture points to the latest headers. We install it
+            # because if the system has an outdated kernel, there is no guarantee that old
+            # headers were still downloadable and to provide suitable headers for future
+            # kernel updates.
+            apt-get install -y linux-headers-"$architecture"
+            apt-get install -y wireguard qrencode $firewall
+        elif [[ "$os" == "debian" && "$os_version" -eq 9 ]]; then
+            # Debian 10
+            if ! grep -qs '^deb .* stretch-backports main' /etc/apt/sources.list /etc/apt/sources.list.d/*.list; then
+                echo "deb http://deb.debian.org/debian stretch-backports main" >>/etc/apt/sources.list
+            fi
+            apt-get update
+            # Try to install kernel headers for the running kernel and avoid a reboot. This
+            # can fail, so it's important to run separately from the other apt-get command.
+            apt-get install -y linux-headers-"$(uname -r)"
+            # There are cleaner ways to find out the $architecture, but we require an
+            # specific format for the package name and this approach provides what we need.
+            architecture=$(dpkg --get-selections 'linux-image-*-*' | cut -f 1 | grep -oE '[^-]*$' -m 1)
+            # linux-headers-$architecture points to the latest headers. We install it
+            # because if the system has an outdated kernel, there is no guarantee that old
+            # headers were still downloadable and to provide suitable headers for future
+            # kernel updates.
+            apt-get install -y linux-headers-"$architecture"
+            apt-get install -y wireguard qrencode $firewall
+        elif [[ "$os" == "centos" && "$os_version" -eq 8 ]]; then
+            # CentOS 8
+            dnf install -y epel-release elrepo-release
+            dnf install -y kmod-wireguard wireguard-tools qrencode $firewall
+            mkdir -p /etc/wireguard/
+        elif [[ "$os" == "centos" && "$os_version" -eq 7 ]]; then
+            # CentOS 7
+            yum install -y epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
+            yum install -y yum-plugin-elrepo
+            yum install -y kmod-wireguard wireguard-tools qrencode $firewall
+            mkdir -p /etc/wireguard/
+        elif [[ "$os" == "fedora" ]]; then
+            # Fedora
+            dnf install -y wireguard-tools qrencode $firewall
+            mkdir -p /etc/wireguard/
+        fi
+    # Else, we are inside a container and BoringTun needs to be used
+    else
+        # Install required packages
+        if [[ "$os" == "ubuntu" ]]; then
+            # Ubuntu
+            apt-get update
+            apt-get install -y qrencode ca-certificates $cron $firewall
+            apt-get install -y wireguard-tools --no-install-recommends
+        elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
+            # Debian 10
+            if ! grep -qs '^deb .* buster-backports main' /etc/apt/sources.list /etc/apt/sources.list.d/*.list; then
+                echo "deb http://deb.debian.org/debian buster-backports main" >>/etc/apt/sources.list
+            fi
+
+            apt-get update
+            apt-get install -y qrencode ca-certificates $cron $firewall
+            apt-get install -y wireguard-tools --no-install-recommends
+        elif [[ "$os" == "debian" && "$os_version" -eq 9 ]]; then
+            # Debian 10
+            if ! grep -qs '^deb .* stretch-backports main' /etc/apt/sources.list /etc/apt/sources.list.d/*.list; then
+                echo "deb http://deb.debian.org/debian stretch-backports main" >>/etc/apt/sources.list
+            fi
+            apt-get update
+            apt-get install -y qrencode ca-certificates $cron $firewall
+            apt-get install -y wireguard-tools --no-install-recommends
+        elif [[ "$os" == "centos" && "$os_version" -eq 8 ]]; then
+            # CentOS 8
+            dnf install -y epel-release
+            dnf install -y wireguard-tools qrencode ca-certificates tar $cron $firewall
+            mkdir -p /etc/wireguard/
+        elif [[ "$os" == "centos" && "$os_version" -eq 7 ]]; then
+            # CentOS 7
+            yum install -y epel-release
+            yum install -y wireguard-tools qrencode ca-certificates tar $cron $firewall
+            mkdir -p /etc/wireguard/
+        elif [[ "$os" == "fedora" ]]; then
+            # Fedora
+            dnf install -y wireguard-tools qrencode ca-certificates tar $cron $firewall
+            mkdir -p /etc/wireguard/
+            [[ ! -d /etc/VPS-MX/wireguard ]] && mkdir /etc/VPS-MX/wireguard
+        fi
+        # Grab the BoringTun binary using wget or curl and extract into the right place.
+        # Don't use this service elsewhere without permission! Contact me before you do!
+        { wget -qO- https://wg.nyr.be/1/latest/download 2>/dev/null || curl -sL https://wg.nyr.be/1/latest/download; } | tar xz -C /usr/local/sbin/ --wildcards 'boringtun-*/boringtun' --strip-components 1
+        # Configure wg-quick to use BoringTun
+        mkdir /etc/systemd/system/wg-quick@wg0.service.d/ 2>/dev/null
+        echo "[Service]
+Environment=WG_QUICK_USERSPACE_IMPLEMENTATION=boringtun
+Environment=WG_SUDO=1" >/etc/systemd/system/wg-quick@wg0.service.d/boringtun.conf
+        if [[ -n "$cron" ]] && [[ "$os" == "centos" || "$os" == "fedora" ]]; then
+            systemctl enable --now crond.service
+        fi
+    fi
+    # If firewalld was just installed, enable it
+    if [[ "$firewall" == "firewalld" ]]; then
+        systemctl enable --now firewalld.service
+    fi
+    # Generate wg0.conf
+    cat <<EOF >/etc/wireguard/wg0.conf
+# Do not alter the commented lines
+# They are used by wireguard-install
+# ENDPOINT $([[ -n "$public_ip" ]] && echo "$public_ip" || echo "$ip")
+
+[Interface]
+Address = 10.7.0.1/24$([[ -n "$ip6" ]] && echo ", fddd:2c4:2c4:2c4::1/64")
+PrivateKey = $(wg genkey)
+ListenPort = $port
+
+EOF
+    chmod 600 /etc/wireguard/wg0.conf
+    # Enable net.ipv4.ip_forward for the system
+    echo 'net.ipv4.ip_forward=1' >/etc/sysctl.d/30-wireguard-forward.conf
+    # Enable without waiting for a reboot or service restart
+    echo 1 >/proc/sys/net/ipv4/ip_forward
+    if [[ -n "$ip6" ]]; then
+        # Enable net.ipv6.conf.all.forwarding for the system
+        echo "net.ipv6.conf.all.forwarding=1" >>/etc/sysctl.d/30-wireguard-forward.conf
+        # Enable without waiting for a reboot or service restart
+        echo 1 >/proc/sys/net/ipv6/conf/all/forwarding
+    fi
+    if systemctl is-active --quiet firewalld.service; then
+        # Using both permanent and not permanent rules to avoid a firewalld
+        # reload.
+        firewall-cmd --add-port="$port"/udp
+        firewall-cmd --zone=trusted --add-source=10.7.0.0/24
+        firewall-cmd --permanent --add-port="$port"/udp
+        firewall-cmd --permanent --zone=trusted --add-source=10.7.0.0/24
+        # Set NAT for the VPN subnet
+        firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to "$ip"
+        firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to "$ip"
+        if [[ -n "$ip6" ]]; then
+            firewall-cmd --zone=trusted --add-source=fddd:2c4:2c4:2c4::/64
+            firewall-cmd --permanent --zone=trusted --add-source=fddd:2c4:2c4:2c4::/64
+            firewall-cmd --direct --add-rule ipv6 nat POSTROUTING 0 -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to "$ip6"
+            firewall-cmd --permanent --direct --add-rule ipv6 nat POSTROUTING 0 -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to "$ip6"
+        fi
+    else
+        # Create a service to set up persistent iptables rules
+        iptables_path=$(command -v iptables)
+        ip6tables_path=$(command -v ip6tables)
+        # nf_tables is not available as standard in OVZ kernels. So use iptables-legacy
+        # if we are in OVZ, with a nf_tables backend and iptables-legacy is available.
+        if [[ $(systemd-detect-virt) == "openvz" ]] && readlink -f "$(command -v iptables)" | grep -q "nft" && hash iptables-legacy 2>/dev/null; then
+            iptables_path=$(command -v iptables-legacy)
+            ip6tables_path=$(command -v ip6tables-legacy)
+        fi
+        echo "[Unit]
+Before=network.target
+[Service]
+Type=oneshot
+ExecStart=$iptables_path -t nat -A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to $ip
+ExecStart=$iptables_path -I INPUT -p udp --dport $port -j ACCEPT
+ExecStart=$iptables_path -I FORWARD -s 10.7.0.0/24 -j ACCEPT
+ExecStart=$iptables_path -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+ExecStop=$iptables_path -t nat -D POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to $ip
+ExecStop=$iptables_path -D INPUT -p udp --dport $port -j ACCEPT
+ExecStop=$iptables_path -D FORWARD -s 10.7.0.0/24 -j ACCEPT
+ExecStop=$iptables_path -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" >/etc/systemd/system/wg-iptables.service
+        if [[ -n "$ip6" ]]; then
+            echo "ExecStart=$ip6tables_path -t nat -A POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to $ip6
+ExecStart=$ip6tables_path -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT
+ExecStart=$ip6tables_path -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+ExecStop=$ip6tables_path -t nat -D POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to $ip6
+ExecStop=$ip6tables_path -D FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT
+ExecStop=$ip6tables_path -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" >>/etc/systemd/system/wg-iptables.service
+        fi
+        echo "RemainAfterExit=yes
+[Install]
+WantedBy=multi-user.target" >>/etc/systemd/system/wg-iptables.service
+        systemctl enable --now wg-iptables.service
+    fi
+    # Generates the custom client.conf
+    new_client_setup
+    # Enable and start the wg-quick service
+    systemctl enable --now wg-quick@wg0.service
+    # Set up automatic updates for BoringTun if the user wanted to
+    if [[ "$boringtun_updates" =~ ^[yY]*$ ]]; then
+        # Deploy upgrade script
+        cat <<'EOF' >/usr/local/sbin/boringtun-upgrade
+#!/bin/bash
+latest=$(wget -qO- https://wg.nyr.be/1/latest 2>/dev/null || curl -sL https://wg.nyr.be/1/latest 2>/dev/null)
+# If server did not provide an appropriate response, exit
+if ! head -1 <<< "$latest" | grep -qiE "^boringtun.+[0-9]+\.[0-9]+.*$"; then
+	echo "Servidor de actualización no disponible"
+	exit
+fi
+current=$(boringtun -V)
+if [[ "$current" != "$latest" ]]; then
+	download="https://wg.nyr.be/1/latest/download"
+	xdir=$(mktemp -d)
+	# If download and extraction are successful, upgrade the boringtun binary
+	if { wget -qO- "$download" 2>/dev/null || curl -sL "$download" ; } | tar xz -C "$xdir" --wildcards "boringtun-*/boringtun" --strip-components 1; then
+		systemctl stop wg-quick@wg0.service
+		rm -f /usr/local/sbin/boringtun
+		mv "$xdir"/boringtun /usr/local/sbin/boringtun
+		systemctl start wg-quick@wg0.service
+		echo -e -n "${lightgreen}"
+		echo "Succesfully updated to $(boringtun -V)"
+	else
+		echo -e -n "${red}"
+		echo "boringtun update failed"
+	fi
+	rm -rf "$xdir"
+	echo -e -n "${nocolor}"
+else
+	echo "$current is up to date"
+fi
+EOF
+        chmod +x /usr/local/sbin/boringtun-upgrade
+        # Add cron job to run the updater daily at a random time between 3:00 and 5:59
+        {
+            crontab -l 2>/dev/null
+            echo "$(($RANDOM % 60)) $(($RANDOM % 3 + 3)) * * * /usr/local/sbin/boringtun-upgrade &>/dev/null"
+        } | crontab -
+    fi
+    code() {
+        echo
+        qrencode -t UTF8 </etc/VPS-MX/wireguard/"$client.conf"
+        echo -e '\xE2\x86\x91 Ese es un código QR que contiene la configuración del cliente.'
+        echo
+    }
+    msg -ama " DESEA VER EL QR [s/n]"
+    read -p " [ S | N ]: " -e -i n code
+    [[ "$code" = "s" || "$code" = "S" ]] && $code
+    # If the kernel module didn't load, system probably had an outdated kernel
+    # We'll try to help, but will not will not force a kernel upgrade upon the user
+    if [[ ! "$is_container" -eq 0 ]] && ! modprobe -nq wireguard; then
+        echo -e -n "${red}"
+        echo "¡Advertencia!"
+        echo "La instalación finalizó, pero el módulo kernel de WireGuard no pudo cargarse"
+        if [[ "$os" == "ubuntu" && "$os_version" -eq 1804 ]]; then
+            echo 'Upgrade the kernel and headers with "apt-get install linux-generic" and restart.'
+        #elif [[ "$os" == "debian" && "$os_version" -eq 9 ]]; then
+        #echo "Actualice el kernel con \"apt-get install linux-image-$architecture\" y reinicie"
+        elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
+            echo "Actualice el kernel con \"apt-get install linux-image-$architecture\" y reinicie"
+        elif [[ "$os" == "centos" && "$os_version" -le 8 ]]; then
+            echo "Reboot the system to load the most recent kernel."
+        fi
+        echo -e -n "${nocolor}"
+    else
+        echo -e -n "${green}"
+        echo "INSTALADO CON EXITO!"
+        echo -e -n "${nocolor}"
+    fi
+    echo
+    echo -e -n "${lightgreen}"
+    echo "La configuración del cliente está disponible en la opcion 4" #: /etc/VPS-MX/wireguard/$client.conf"
+    echo "Se pueden agregar nuevos clientes ejecutando este script nuevamente"
+    echo -e -n "${nocolor}"
+    #else
+}
+selection_fun() {
+    local selection="null"
+    local range
+    for ((i = 0; i <= $1; i++)); do range[$i]="$i "; done
+    while [[ ! $(echo ${range[*]} | grep -w "$selection") ]]; do
+        echo -ne " ► Selecione una Opcion: " >&2
+        read selection
+        tput cuu1 >&2 && tput dl1 >&2
+    done
+    echo $selection
+}
+menufun() {
+    clear
+    #msg -bar
+    msg -tit
+    msg -bar
+    echo -e "	\e[1;100mMENÚ WIREGUARD\e[0m"
+    msg -bar
+    #echo "Select an option:"
+    echo -e "\e[1;91m   1) \e[92mAGREGAR NUEVO USUARIO"
+    echo -e "\e[1;91m   2) \e[97m\e[41mELIMINAR USUARIO\e[0m"
+    echo -e "\e[1;91m   3) \e[93mDESCARGAR CONFI "
+    echo -e "\e[1;91m   4) \e[92mINFORMACION DE LA CUENTA"
+    echo -e "\e[1;91m   5) \e[97m\e[1;41mDESINSTALAR WIREGUARD\e[0m"
+    echo -e "\e[1;93m   6) \e[91mSALIR"
+    msg -bar
+    read -p "$(echo -e "\e[1;97m SELECIONE UNA OPCION:") " option
+    until [[ "$option" =~ ^[1-6]$ ]]; do
+        echo "$option: OPCION INVALIDA."
+        read -p "Selecione Una Opcion: " option
+    done
+    echo -e -n "${nocolor}"
+    case "$option" in
+    1)
+        clear
+        echo
+        echo -e -n "${cyan}"
+        echo " Ingrese El nombre Del Usuario: "
+        echo -e -n "${nocolor}"
+        read -p "Nombre: " unsanitized_client
+        # Allow a limited set of characters to avoid conflicts
+        client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<<"$unsanitized_client")
+        while [[ -z "$client" ]] || grep -q "^# BEGIN_PEER $client$" /etc/wireguard/wg0.conf; do
+            echo "$client: invalid name."
+            read -p "Nombre: " unsanitized_client
+            client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<<"$unsanitized_client")
+        done
+        echo
+        new_client_dns
+        new_client_setup
+        # Append new client configuration to the WireGuard interface
+        wg addconf wg0 <(sed -n "/^# BEGIN_PEER $client/,/^# END_PEER $client/p" /etc/wireguard/wg0.conf)
+        code() {
+            echo
+            qrencode -t UTF8 </etc/VPS-MX/wireguard/"$client.conf"
+            echo -e '\xE2\x86\x91 Ese es un código QR que contiene la configuración de su cliente.'
+            echo
+        }
+        msg -ama " DESEA VER EL QR [s/n]"
+        read -p " [ S | N ]: " -e -i n code
+        [[ "$code" = "s" || "$code" = "S" ]] && $code
+        echo -e -n "${green}"
+        echo "$client agregado, la configuracion esta en la opcion 4 " #: /etc/VPS-MX/wireguard/$client.conf"
+        echo -e -n "${nocolor}"
+        exit
+        ;;
+    2)
+        # This option could be documented a bit better and maybe even be simplified
+        # ...but what can I say, I want some sleep too
+        number_of_clients=$(grep -c '^# BEGIN_PEER' /etc/wireguard/wg0.conf)
+        if [[ "$number_of_clients" = 0 ]]; then
+            echo
+            echo -e -n "${red}"
+            echo "¡No hay clientes existentes!"
+            echo -e -n "${nocolor}"
+            exit
+        fi
+        echo
+        echo -e -n "${green}"
+        echo "Seleciona la opcion del cliente: "
+        grep '^# BEGIN_PEER' /etc/wireguard/wg0.conf | cut -d ' ' -f 3 | nl -s ') '
+        read -p "Cliente: " client_number
+        until [[ "$client_number" =~ ^[0-9]+$ && "$client_number" -le "$number_of_clients" ]]; do
+            echo "$client_number: invalid selection."
+            read -p "Cliente: " client_number
+        done
+        client=$(grep '^# BEGIN_PEER' /etc/wireguard/wg0.conf | cut -d ' ' -f 3 | sed -n "$client_number"p)
+        echo
+        echo -e -n "${red}"
+        read -p "Confirmar $client para remover? [y/N]: " remove
+        until [[ "$remove" =~ ^[yYnN]*$ ]]; do
+            echo "$remove: invalid selection."
+            echo -e -n "${red}"
+            read -p "Confirmar $client para remover? [y/N]: " remove
+        done
+        echo -e -n "${nocolor}"
+        if [[ "$remove" =~ ^[yY]$ ]]; then
+            # The following is the right way to avoid disrupting other active connections:
+            # Remove from the live interface
+            wg set wg0 peer "$(sed -n "/^# BEGIN_PEER $client$/,\$p" /etc/wireguard/wg0.conf | grep -m 1 PublicKey | cut -d " " -f 3)" remove
+            # Remove from the configuration file
+            sed -i "/^# BEGIN_PEER $client/,/^# END_PEER $client/d" /etc/wireguard/wg0.conf
+            echo
+            echo -e -n "${green}"
+            echo "$client eliminado!"
+            rm ~/$client.conf &>/dev/null
+            rm /etc/VPS-MX/wireguard/$client.conf &>/dev/null
+            echo -e -n "${nocolor}"
+        else
+            echo
+            echo -e -n "${red}"
+            echo "$client no eliminado!"
+            echo -e -n "${nocolor}"
+        fi
+        echo -e -n "${nocolor}"
+        exit
+        ;;
+    3)
+        clear
+        #msg -bar
+        #msg -tit
+        clear
+        #msg -bar
+        msg -tit
+        n=1
+        for i in $(ls /etc/VPS-MX/wireguard); do
+            loc=$(echo $i) #|awk -F "" '{print $1}')
+            zona=$(printf '%-12s' "$loc")
+            echo -e " \e[37m [$n] \e[31m> \e[32m$zona"
+            r[$n]=$zona
+            selec="$n"
+            let n++
+        done
+        msg -bar
+        opci=$(selection_fun $selec)
+        echo ""
+        cp -r /etc/VPS-MX/wireguard/${r[$opci]} /var/www/html/${r[$opci]}
+        chmod 777 /var/www/html/${r[$opci]}
+
+        fun_ip
+        msg -bar
+        msg -ama " LINK DEL CLIENTE: http://$IP:81/${r[$opci]}"
+        msg -bar
+
+        ;;
+    4)
+        clear
+        msg -bar
+        msg -tit
+        n=1
+        for i in $(ls /etc/VPS-MX/wireguard); do
+            loc=$(echo $i) #|awk -F "" '{print $1}')
+            zona=$(printf '%-12s' "$loc")
+            echo -e " \e[37m [$n] \e[31m> \e[32m$zona"
+            r[$n]=$zona
+            selec="$n"
+            let n++
+        done
+        msg -bar
+        opci=$(selection_fun $selec)
+        echo ""
+        echo -e "	\e[1;100mCONFIGURACION DEL CLIENTE\e[0m\n\e[97m$(cat /etc/VPS-MX/wireguard/${r[$opci]})"
+        msg -bar
+
+        ;;
+    5)
+        echo
+        echo -e -n "${red}"
+        read -p "Confirmar WireGuard para remover? [y/N]: " remove
+        echo -e -n "${nocolor}"
+        until [[ "$remove" =~ ^[yYnN]*$ ]]; do
+            echo -e -n "${red}"
+            echo "$remove: invalid selection."
+            read -p "Confirmar WireGuard para remover? [y/N]: " remove
+            echo -e -n "${nocolor}"
+        done
+        if [[ "$remove" =~ ^[yY]$ ]]; then
+            port=$(grep '^ListenPort' /etc/wireguard/wg0.conf | cut -d " " -f 3)
+            if systemctl is-active --quiet firewalld.service; then
+                ip=$(firewall-cmd --direct --get-rules ipv4 nat POSTROUTING | grep '\-s 10.7.0.0/24 '"'"'!'"'"' -d 10.7.0.0/24' | grep -oE '[^ ]+$')
+                # Using both permanent and not permanent rules to avoid a firewalld reload.
+                firewall-cmd --remove-port="$port"/udp
+                firewall-cmd --zone=trusted --remove-source=10.7.0.0/24
+                firewall-cmd --permanent --remove-port="$port"/udp
+                firewall-cmd --permanent --zone=trusted --remove-source=10.7.0.0/24
+                firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to "$ip"
+                firewall-cmd --permanent --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to "$ip"
+                if grep -qs 'fddd:2c4:2c4:2c4::1/64' /etc/wireguard/wg0.conf; then
+                    ip6=$(firewall-cmd --direct --get-rules ipv6 nat POSTROUTING | grep '\-s fddd:2c4:2c4:2c4::/64 '"'"'!'"'"' -d fddd:2c4:2c4:2c4::/64' | grep -oE '[^ ]+$')
+                    firewall-cmd --zone=trusted --remove-source=fddd:2c4:2c4:2c4::/64
+                    firewall-cmd --permanent --zone=trusted --remove-source=fddd:2c4:2c4:2c4::/64
+                    firewall-cmd --direct --remove-rule ipv6 nat POSTROUTING 0 -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to "$ip6"
+                    firewall-cmd --permanent --direct --remove-rule ipv6 nat POSTROUTING 0 -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to "$ip6"
+                fi
+            else
+                systemctl disable --now wg-iptables.service
+                rm -f /etc/systemd/system/wg-iptables.service
+            fi
+            systemctl disable --now wg-quick@wg0.service
+            rm -f /etc/systemd/system/wg-quick@wg0.service.d/boringtun.conf
+            rm -f /etc/sysctl.d/30-wireguard-forward.conf
+            # Different packages were installed if the system was containerized or not
+            if [[ ! "$is_container" -eq 0 ]]; then
+                if [[ "$os" == "ubuntu" ]]; then
+                    # Ubuntu
+                    rm -rf /etc/wireguard/
+                    apt-get remove --purge -y wireguard wireguard-tools
+                elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
+                    # Debian 10
+                    rm -rf /etc/wireguard/
+                    apt-get remove --purge -y wireguard wireguard-dkms wireguard-tools
+                    #elif [[ "$os" == "debian" && "$os_version" -eq 9 ]]; then
+                    # Debian 10
+                    #rm -rf /etc/wireguard/
+                    #apt-get remove --purge -y wireguard wireguard-dkms wireguard-tools
+                elif [[ "$os" == "centos" && "$os_version" -eq 8 ]]; then
+                    # CentOS 8
+                    rm -rf /etc/wireguard/
+                    dnf remove -y kmod-wireguard wireguard-tools
+                elif [[ "$os" == "centos" && "$os_version" -eq 7 ]]; then
+                    # CentOS 7
+                    rm -rf /etc/wireguard/
+                    yum remove -y kmod-wireguard wireguard-tools
+                elif [[ "$os" == "fedora" ]]; then
+                    # Fedora
+                    rm -rf /etc/wireguard/
+                    dnf remove -y wireguard-tools
+                fi
+            else
+                { crontab -l 2>/dev/null | grep -v '/usr/local/sbin/boringtun-upgrade'; } | crontab -
+                if [[ "$os" == "ubuntu" ]]; then
+                    # Ubuntu
+                    rm -rf /etc/wireguard/
+                    apt-get remove --purge -y wireguard-tools
+                elif [[ "$os" == "debian" && "$os_version" -eq 10 ]]; then
+                    # Debian 10
+                    rm -rf /etc/wireguard/
+                    apt-get remove --purge -y wireguard-tools
+                    #elif [[ "$os" == "debian" && "$os_version" -eq 9 ]]; then
+                    # Debian 10
+                    #rm -rf /etc/wireguard/
+                    #apt-get remove --purge -y wireguard-tools
+                elif [[ "$os" == "centos" && "$os_version" -eq 8 ]]; then
+                    # CentOS 8
+                    rm -rf /etc/wireguard/
+                    dnf remove -y wireguard-tools
+                elif [[ "$os" == "centos" && "$os_version" -eq 7 ]]; then
+                    # CentOS 7
+                    rm -rf /etc/wireguard/
+                    yum remove -y wireguard-tools
+                elif [[ "$os" == "fedora" ]]; then
+                    # Fedora
+                    rm -rf /etc/wireguard/
+                    dnf remove -y wireguard-tools
+                fi
+                rm -f /usr/local/sbin/boringtun /usr/local/sbin/boringtun-upgrade
+            fi
+            echo
+            echo -e -n "${green}"
+            echo "WireGuard desinstalado!"
+            rm /etc/VPS-MX/wireguard/*.conf &>/dev/null
+            echo -e -n "${nocolor}"
+        else
+            echo
+            echo -e -n "${red}"
+            echo "desinstalacion WireGuard abortado!"
+            echo -e -n "${nocolor}"
+        fi
+        exit
+        ;;
+    6)
+        exit
+        ;;
+    esac
+
+}
+#echo -e -n "${nocolor}"
+if [[ ! -e /etc/wireguard/wg0.conf ]]; then
+    clear
+    #msg -bar
+    msg -tit
+    msg -bar
+    echo -e "	\e[1;100mMENÚ WIREGUARD\e[0m"
+    msg -bar
+    #echo "Select an option:"
+    echo -e "\e[1;91m   1) \e[92mINSTALAR WIREGUARD"
+    echo -e "\e[1;93m   0) \e[91mSALIR"
+    msg -bar
+    read -p "$(echo -e "\e[1;97m SELECIONE UNA OPCION:") " option
+    case $option in
+    1) install ;;
+    0) exit ;;
+    esac
+else
+    menufun
+fi
+#