#!/bin/bash # VPN Gateway Uninstall Script # Completely removes VPN Gateway # Version: 1.0.0 set -e # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' INSTALL_DIR="/opt/vpn-gateway" log() { echo -e "${GREEN}[+]${NC} $1" } error() { echo -e "${RED}[!]${NC} $1" } warning() { echo -e "${YELLOW}[!]${NC} $1" } # Check root if [[ $EUID -ne 0 ]]; then error "This script must be run as root" exit 1 fi echo -e "${RED}=== VPN Gateway Uninstaller ===${NC}" echo "" warning "This will completely remove VPN Gateway and its components." warning "The killswitch will be DISABLED, potentially exposing your traffic!" echo "" echo "The following will be removed:" echo " - VPN Gateway application ($INSTALL_DIR)" echo " - WireGuard configurations" echo " - Systemd services" echo " - Firewall rules (killswitch)" echo " - Nginx configuration" echo "" read -p "Are you SURE you want to uninstall? Type 'YES' to confirm: " CONFIRM if [ "$CONFIRM" != "YES" ]; then log "Uninstall cancelled" exit 0 fi # Create backup just in case BACKUP_DIR="/root/vpn-gateway-final-backup-$(date +%Y%m%d-%H%M%S)" log "Creating final backup at $BACKUP_DIR..." mkdir -p "$BACKUP_DIR" # Backup configs cp -r /etc/wireguard "$BACKUP_DIR/wireguard" 2>/dev/null || true cp -r "$INSTALL_DIR" "$BACKUP_DIR/app" 2>/dev/null || true iptables-save > "$BACKUP_DIR/iptables.rules" 2>/dev/null || true # Stop and disable services log "Stopping services..." systemctl stop vpn-webui vpn-killswitch vpn-security-monitor 2>/dev/null || true systemctl disable vpn-webui vpn-killswitch vpn-security-monitor 2>/dev/null || true # Stop WireGuard wg-quick down wg0 2>/dev/null || true systemctl stop wg-quick@wg0 2>/dev/null || true systemctl disable wg-quick@wg0 2>/dev/null || true # Remove systemd services log "Removing systemd services..." rm -f /etc/systemd/system/vpn-*.service systemctl daemon-reload # Remove application files log "Removing application files..." rm -rf "$INSTALL_DIR" # Remove scripts log "Removing scripts..." rm -f /usr/local/bin/vpn-*.sh # Remove Nginx configuration log "Removing Nginx configuration..." rm -f /etc/nginx/sites-enabled/vpn-gateway rm -f /etc/nginx/sites-available/vpn-gateway systemctl reload nginx 2>/dev/null || true # Remove WireGuard configs (optional) read -p "Remove WireGuard configurations? (y/N): " -n 1 -r echo "" if [[ $REPLY =~ ^[Yy]$ ]]; then rm -rf /etc/wireguard log "WireGuard configurations removed" fi # CRITICAL: Remove killswitch warning "Removing killswitch - your traffic will no longer be protected!" read -p "Remove killswitch firewall rules? (y/N): " -n 1 -r echo "" if [[ $REPLY =~ ^[Yy]$ ]]; then # Reset firewall to default ACCEPT policies iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # IPv6 ip6tables -P INPUT ACCEPT ip6tables -P FORWARD ACCEPT ip6tables -P OUTPUT ACCEPT ip6tables -F ip6tables -X # Save clean rules iptables-save > /etc/iptables/rules.v4 2>/dev/null || true ip6tables-save > /etc/iptables/rules.v6 2>/dev/null || true warning "Firewall reset to ACCEPT all - System is no longer protected!" else warning "Killswitch still active - you may have no internet access!" fi # Remove log files read -p "Remove log files? (y/N): " -n 1 -r echo "" if [[ $REPLY =~ ^[Yy]$ ]]; then rm -f /var/log/vpn-*.log log "Log files removed" fi # Final cleanup log "Cleaning up..." rm -f /tmp/vpn-gateway* 2>/dev/null || true echo "" echo -e "${GREEN}=== Uninstall Complete ===${NC}" echo "" echo "VPN Gateway has been removed." echo "Backup saved at: $BACKUP_DIR" echo "" warning "IMPORTANT: Your system is no longer protected by the killswitch!" warning "All traffic will now use your regular internet connection." echo "" echo "To reinstall, run:" echo " curl -sSL https://your-domain/install.sh | bash"