Merge pull request #537 from billz/armbian-buster

Extend installer to Debian-based distros
2020-03-29 22:40:49 +02:00 · 2020-03-29 22:40:49 +02:00 · b922f380ba
parent 6f503d8b53 e4ff789a50
commit b922f380ba
10 changed files with 420 additions and 330 deletions
--- a/config/config.php
+++ b/config/config.php
@ -9,7 +9,7 @@ define('RASPI_CACHE_PATH', sys_get_temp_dir() . '/raspap');
 // Constants for configuration file paths.
 // These are typical for default RPi installs. Modify if needed.
-define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.conf');
+define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.d/090_raspap.conf');
 define('RASPI_DNSMASQ_LEASES', '/var/lib/misc/dnsmasq.leases');
 define('RASPI_HOSTAPD_CONFIG', '/etc/hostapd/hostapd.conf');
 define('RASPI_DHCPCD_CONFIG', '/etc/dhcpcd.conf');
--- a/includes/defaults.php
+++ b/includes/defaults.php
@ -13,7 +13,7 @@ $defaults = [
  // Constants for configuration file paths.
  // These are typical for default RPi installs. Modify if needed.
-  'RASPI_DNSMASQ_CONFIG' => '/etc/dnsmasq.conf',
+  'RASPI_DNSMASQ_CONFIG' => '/etc/dnsmasq.d/090_raspap.conf',
  'RASPI_DNSMASQ_LEASES' => '/var/lib/misc/dnsmasq.leases',
  'RASPI_HOSTAPD_CONFIG' => '/etc/hostapd/hostapd.conf',
  'RASPI_DHCPCD_CONFIG' => '/etc/dhcpcd.conf',
--- a/installers/common.sh
+++ b/installers/common.sh
@ -1,54 +1,48 @@
 #!/bin/bash
 #
-# RaspAP installation functions.
+# RaspAP installation functions
-# author: @billz
+# Author: @billz <billzimmerman@gmail.com>
-# license: GNU General Public License v3.0
+# License: GNU General Public License v3.0
 #
 # You are not obligated to bundle the LICENSE file with your RaspAP projects as long
 # as you leave these references intact in the header comments of your source files.
-raspap_dir="/etc/raspap"
+# Exit on error
-raspap_user="www-data"
+set -o errexit
 # Exit on error inside functions
 set -o errtrace
 # Turn on traces, disabled by default
 # set -o xtrace
 # Set defaults
 readonly raspap_dir="/etc/raspap"
 readonly raspap_user="www-data"
 readonly raspap_sudoers="/etc/sudoers.d/090_raspap"
 readonly raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf"
 readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
 readonly rulesv4="/etc/iptables/rules.v4"
 webroot_dir="/var/www/html"
 version=`sed 's/\..*//' /etc/debian_version`
 git_source_url="https://github.com/$repo"  # $repo from install.raspap.com
-# Determine Raspbian version, set default home location for lighttpd and 
+# NOTE: all the below functions are overloadable for system-specific installs
 # php package to install 
 if [ "$version" -eq "10" ]; then
    version_msg="Raspbian 10.0 (Buster)"
    php_package="php7.3-cgi"
 elif [ "$version" -eq "9" ]; then
    version_msg="Raspbian 9.0 (Stretch)" 
    php_package="php7.0-cgi" 
 elif [ "$version" -eq "8" ]; then
    install_error "Raspbian 8.0 (Jessie) and php5 are deprecated. Please upgrade."
 elif [ "$version" -lt "8" ]; then
    install_error "Raspbian ${version} is unsupported. Please upgrade."
 fi
-phpcgiconf=""
+# Prompts user to set installation options
-if [ "$php_package" = "php7.3-cgi" ]; then
+function _config_installation() {
-    phpcgiconf="/etc/php/7.3/cgi/php.ini"
+    _install_log "Configure installation"
-elif [ "$php_package" = "php7.0-cgi" ]; then
+    _get_linux_distro
-    phpcgiconf="/etc/php/7.0/cgi/php.ini"
+    echo "Detected OS: ${DESC}"
-fi
+    echo "Using GitHub repository: ${repo} ${branch} branch"
 ### NOTE: all the below functions are overloadable for system-specific installs
 # Prompts user to set options for installation
 function config_installation() {
    install_log "Configure installation"
    echo "Detected ${version_msg}" 
    echo "Install directory: ${raspap_dir}"
-    echo -n "Install to Lighttpd root directory: ${webroot_dir}? [Y/n]: "
+    echo -n "Install to lighttpd root: ${webroot_dir}? [Y/n]: "
    if [ "$assume_yes" == 0 ]; then
        read answer < /dev/tty
        if [ "$answer" != "${answer#[Nn]}" ]; then
-            read -e -p < /dev/tty "Enter alternate Lighttpd directory: " -i "/var/www/html" webroot_dir
+            read -e -p < /dev/tty "Enter alternate lighttpd directory: " -i "/var/www/html" webroot_dir
        fi
    else
        echo -e
    fi
-    echo "Install to Lighttpd directory: ${webroot_dir}"
+    echo "Installing to lighttpd directory: ${webroot_dir}"
    echo -n "Complete installation with these values? [Y/n]: "
    if [ "$assume_yes" == 0 ]; then
        read answer < /dev/tty
@ -61,132 +55,182 @@ function config_installation() {
    fi
 }
 # Determines host Linux distrubtion details
 function _get_linux_distro() {
    if type lsb_release >/dev/null 2>&1; then # linuxbase.org
        OS=$(lsb_release -si)
        RELEASE=$(lsb_release -sr)
        CODENAME=$(lsb_release -sc)
        DESC=$(lsb_release -sd)
    elif [ -f /etc/os-release ]; then # freedesktop.org
        . /etc/os-release
        OS=$ID
        RELEASE=$VERSION_ID
        CODENAME=$VERSION_CODENAME
        DESC=$PRETTY_NAME
    else
        _install_error "Unsupported Linux distribution"
    fi
 }
 # Sets php package option based on Linux version, abort if unsupported distro
 function _set_php_package() {
    case $RELEASE in
        "18.04"|"19.10") # Ubuntu Server
            php_package="php7.4-cgi"
            phpcgiconf="/etc/php/7.4/cgi/php.ini" ;;
        "10")
            php_package="php7.3-cgi"
            phpcgiconf="/etc/php/7.3/cgi/php.ini" ;;
        "9")
            php_package="php7.0-cgi"
            phpcgiconf="/etc/php/7.0/cgi/php.ini" ;;
        "8")
            _install_error "${DESC} and php5 are not supported. Please upgrade." ;;
        *)
            _install_error "${DESC} is unsupported. Please install on a supported distro." ;;
    esac
 }
 # Runs a system software update to make sure we're using all fresh packages
-function install_dependencies() {
+function _install_dependencies() {
-    install_log "Installing required packages"
+    _install_log "Installing required packages"
-    sudo apt-get install $apt_option lighttpd $php_package git hostapd dnsmasq vnstat qrencode || install_error "Unable to install dependencies"
+    _set_php_package
    if [ "$php_package" = "php7.4-cgi" ]; then
        echo "Adding apt-repository ppa:ondrej/php"
        sudo apt-get install software-properties-common || _install_error "Unable to install dependency"
        sudo add-apt-repository ppa:ondrej/php || _install_error "Unable to add-apt-repository ppa:ondrej/php"
    fi
    if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then
        dhcpcd_package="dhcpcd5"
    fi
    # Set dconf-set-selections
    echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
    echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
    sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_error "Unable to install dependencies"
 }
 # Enables PHP for lighttpd and restarts service for settings to take effect
-function enable_php_lighttpd() {
+function _enable_php_lighttpd() {
-    install_log "Enabling PHP for lighttpd"
+    _install_log "Enabling PHP for lighttpd"
    sudo lighttpd-enable-mod fastcgi-php    
    sudo service lighttpd force-reload
-    sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd"
+    sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd"
 }
 # Verifies existence and permissions of RaspAP directory
-function create_raspap_directories() {
+function _create_raspap_directories() {
-    install_log "Creating RaspAP directories"
+    _install_log "Creating RaspAP directories"
    if [ -d "$raspap_dir" ]; then
-        sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || install_error "Unable to move old '$raspap_dir' out of the way"
+        sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || _install_error "Unable to move old '$raspap_dir' out of the way"
    fi
-    sudo mkdir -p "$raspap_dir" || install_error "Unable to create directory '$raspap_dir'"
+    sudo mkdir -p "$raspap_dir" || _install_error "Unable to create directory '$raspap_dir'"
    # Create a directory for existing file backups.
    sudo mkdir -p "$raspap_dir/backups"
    # Create a directory to store networking configs
    echo "Creating $raspap_dir/networking"
    sudo mkdir -p "$raspap_dir/networking"
    # Copy existing dhcpcd.conf to use as base config
-    cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults
+    echo "Adding /etc/dhcpcd.conf as base configuration"
-
+    cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null
-    sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'"
+    echo "Changing file ownership of $raspap_dir"
    sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'"
 }
 # Generate hostapd logging and service control scripts
-function create_hostapd_scripts() {
+function _create_hostapd_scripts() {
-    install_log "Creating hostapd logging & control scripts"
+    _install_log "Creating hostapd logging & control scripts"
-    sudo mkdir $raspap_dir/hostapd || install_error "Unable to create directory '$raspap_dir/hostapd'"
+    sudo mkdir $raspap_dir/hostapd || _install_error "Unable to create directory '$raspap_dir/hostapd'"
    # Move logging shell scripts 
-    sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || install_error "Unable to move logging scripts"
+    sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || _install_error "Unable to move logging scripts"
    # Move service control shell scripts
-    sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || install_error "Unable to move service control scripts"
+    sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || _install_error "Unable to move service control scripts"
    # Make enablelog.sh and disablelog.sh not writable by www-data group.
-    sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || install_error "Unable change owner and/or group"
+    sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || _install_error "Unable change owner and/or group"
-    sudo chmod 750 "$raspap_dir/hostapd/"*.sh || install_error "Unable to change file permissions"
+    sudo chmod 750 "$raspap_dir/hostapd/"*.sh || _install_error "Unable to change file permissions"
 }
 # Generate lighttpd service control scripts
-function create_lighttpd_scripts() {
+function _create_lighttpd_scripts() {
-    install_log "Creating lighttpd control scripts"
+    _install_log "Creating lighttpd control scripts"
-    sudo mkdir $raspap_dir/lighttpd || install_error "Unable to create directory '$raspap_dir/lighttpd"
+    sudo mkdir $raspap_dir/lighttpd || _install_error "Unable to create directory '$raspap_dir/lighttpd"
    # Move service control shell scripts
-    sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || install_error "Unable to move service control scripts"
+    sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || _install_error "Unable to move service control scripts"
    # Make configport.sh writable by www-data group
-    sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || install_error "Unable change owner and/or group"
+    sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || _install_error "Unable change owner and/or group"
-    sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || install_error "Unable to change file permissions"
+    sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || _install_error "Unable to change file permissions"
 }
 # Prompt to install openvpn
-function prompt_install_openvpn() {
+function _prompt_install_openvpn() {
-    install_log "Setting up OpenVPN support (beta)"
+    _install_log "Setting up OpenVPN support"
    echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
    if [ "$assume_yes" == 0 ]; then
        read answer < /dev/tty
        if [ "$answer" != "${answer#[Nn]}" ]; then
            echo -e
        else
-            install_openvpn
+            _install_openvpn
        fi
    elif [ "$ovpn_option" == 1 ]; then
-        install_openvpn
+        _install_openvpn
    fi
 }
 # Install openvpn and enable client configuration option
-function install_openvpn() {
+function _install_openvpn() {
-    install_log "Installing OpenVPN and enabling client configuration"
+    _install_log "Installing OpenVPN and enabling client configuration"
-    sudo apt-get install -y openvpn || install_error "Unable to install openvpn"
+    sudo apt-get install -y openvpn || _install_error "Unable to install openvpn"
-    sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || install_error "Unable to modify config.php"
+    sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_error "Unable to modify config.php"
    echo "Enabling openvpn-client service on boot"
-    sudo systemctl enable openvpn-client@client || install_error "Unable to enable openvpn-client daemon"
+    sudo systemctl enable openvpn-client@client || _install_error "Unable to enable openvpn-client daemon"
-    create_openvpn_scripts || install_error "Unable to create openvpn control scripts"
+    _create_openvpn_scripts || _install_error "Unable to create openvpn control scripts"
 }
 # Generate openvpn logging and auth control scripts
-function create_openvpn_scripts() {
+function _create_openvpn_scripts() {
-    install_log "Creating OpenVPN control scripts"
+    _install_log "Creating OpenVPN control scripts"
-    sudo mkdir $raspap_dir/openvpn || install_error "Unable to create directory '$raspap_dir/openvpn'"
+    sudo mkdir $raspap_dir/openvpn || _install_error "Unable to create directory '$raspap_dir/openvpn'"
   # Move service auth control shell scripts
-    sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || install_error "Unable to move auth control script"
+    sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || _install_error "Unable to move auth control script"
    # Make configauth.sh writable by www-data group
-    sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || install_error "Unable change owner and/or group"
+    sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || _install_error "Unable change owner and/or group"
-    sudo chmod 750 "$raspap_dir/openvpn/"*.sh || install_error "Unable to change file permissions"
+    sudo chmod 750 "$raspap_dir/openvpn/"*.sh || _install_error "Unable to change file permissions"
 }
 # Fetches latest files from github to webroot
-function download_latest_files() {
+function _download_latest_files() {
    if [ ! -d "$webroot_dir" ]; then
-        sudo mkdir -p $webroot_dir || install_error "Unable to create new webroot directory"
+        sudo mkdir -p $webroot_dir || _install_error "Unable to create new webroot directory"
    fi
    if [ -d "$webroot_dir" ]; then
-        sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || install_error "Unable to remove old webroot directory"
+        sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || _install_error "Unable to remove old webroot directory"
    fi
-    install_log "Cloning latest files from github"
+    _install_log "Cloning latest files from github"
-    git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || install_error "Unable to download files from github"
+    git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || _install_error "Unable to download files from github"
-    sudo mv /tmp/raspap-webgui $webroot_dir || install_error "Unable to move raspap-webgui to web root"
+    sudo mv /tmp/raspap-webgui $webroot_dir || _install_error "Unable to move raspap-webgui to web root"
 }
 # Sets files ownership in web root directory
-function change_file_ownership() {
+function _change_file_ownership() {
    if [ ! -d "$webroot_dir" ]; then
-        install_error "Web root directory doesn't exist"
+        _install_error "Web root directory doesn't exist"
    fi
-    install_log "Changing file ownership in web root directory"
+    _install_log "Changing file ownership in web root directory"
-    sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || install_error "Unable to change file ownership for '$webroot_dir'"
+    sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || _install_error "Unable to change file ownership for '$webroot_dir'"
 }
-# Check for existing /etc/network/interfaces and /etc/hostapd/hostapd.conf files
+# Check for existing configuration files
-function check_for_old_configs() {
+function _check_for_old_configs() {
    if [ -f /etc/network/interfaces ]; then
        sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`"
        sudo ln -sf "$raspap_dir/backups/interfaces.`date +%F-%R`" "$raspap_dir/backups/interfaces"
@ -197,8 +241,8 @@ function check_for_old_configs() {
        sudo ln -sf "$raspap_dir/backups/hostapd.conf.`date +%F-%R`" "$raspap_dir/backups/hostapd.conf"
    fi
-    if [ -f /etc/dnsmasq.conf ]; then
+    if [ -f $raspap_dnsmasq ]; then
-        sudo cp /etc/dnsmasq.conf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`"
+        sudo cp $raspap_dnsmasq "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`"
        sudo ln -sf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`" "$raspap_dir/backups/dnsmasq.conf"
    fi
@ -207,11 +251,6 @@ function check_for_old_configs() {
        sudo ln -sf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`" "$raspap_dir/backups/dhcpcd.conf"
    fi
    if [ -f /etc/rc.local ]; then
        sudo cp /etc/rc.local "$raspap_dir/backups/rc.local.`date +%F-%R`"
        sudo ln -sf "$raspap_dir/backups/rc.local.`date +%F-%R`" "$raspap_dir/backups/rc.local"
    fi
    for file in /etc/systemd/network/raspap-*.net*; do
        if [ -f "${file}" ]; then
            filename=$(basename $file)
@ -222,58 +261,76 @@ function check_for_old_configs() {
 }
 # Move configuration file to the correct location
-function move_config_file() {
+function _move_config_file() {
    if [ ! -d "$raspap_dir" ]; then
-        install_error "'$raspap_dir' directory doesn't exist"
+        _install_error "'$raspap_dir' directory doesn't exist"
    fi
-    install_log "Moving configuration file to '$raspap_dir'"
+    _install_log "Moving configuration file to '$raspap_dir'"
-    sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || install_error "Unable to move files to '$raspap_dir'"
+    sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || _install_error "Unable to move files to '$raspap_dir'"
-    sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'"
+    sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'"
 }
 # Set up default configuration
-function default_configuration() {
+function _default_configuration() {
-    install_log "Setting up hostapd"
+    _install_log "Applying default configuration to installed services"
    if [ -f /etc/default/hostapd ]; then
-        sudo mv /etc/default/hostapd /tmp/default_hostapd.old || install_error "Unable to remove old /etc/default/hostapd file"
+        sudo mv /etc/default/hostapd /tmp/default_hostapd.old || _install_error "Unable to remove old /etc/default/hostapd file"
    fi
-    sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || install_error "Unable to move hostapd defaults file"
+    sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || _install_error "Unable to move hostapd defaults file"
-    sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || install_error "Unable to move hostapd configuration file"
+    sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || _install_error "Unable to move hostapd configuration file"
-    sudo cp $webroot_dir/config/dnsmasq.conf /etc/dnsmasq.conf || install_error "Unable to move dnsmasq configuration file"
+    sudo cp $webroot_dir/config/dnsmasq.conf $raspap_dnsmasq || _install_error "Unable to move dnsmasq configuration file"
-    sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || install_error "Unable to move dhcpcd configuration file"
+    sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || _install_error "Unable to move dhcpcd configuration file"
    [ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d
    sudo systemctl stop systemd-networkd
    sudo systemctl disable systemd-networkd
-    sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || install_error "Unable to move br0 netdev file"
+    sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || _install_error "Unable to move br0 netdev file"
-    sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || install_error "Unable to move br0 member file"
+    sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || _install_error "Unable to move br0 member file"
    if [ ! -f "$webroot_dir/includes/config.php" ]; then
        sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php"
    fi
 }
-    # Generate required lines for Rasp AP to place into rc.local file.
+# Install and enable RaspAP daemon
-    # #RASPAP is for removal script
+function _enable_raspap_daemon() {
-    lines=(
+    _install_log "Enabling RaspAP daemon"
-    'echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward #RASPAP'
+    echo "Disable with: sudo systemctl disable raspapd.service"
-    'iptables -t nat -A POSTROUTING -j MASQUERADE #RASPAP'
+    sudo cp $webroot_dir/installers/raspapd.service /lib/systemd/system/ || _install_error "Unable to move raspap.service file"
-    'iptables -t nat -A POSTROUTING -s 192.168.50.0\/24 ! -d 192.168.50.0\/24 -j MASQUERADE #RASPAP'
+    sudo systemctl daemon-reload
    sudo systemctl enable raspapd.service || _install_error "Failed to enable raspap.service"
 }
 # Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
 function _configure_networking() {
    _install_log "Configuring networking"
    echo "Enabling IP forwarding"
    echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl > /dev/null || _install_error "Unable to set IP forwarding"
    sudo sysctl -p $raspap_sysctl || _install_error "Unable to execute sysctl"
    sudo /etc/init.d/procps restart || _install_error "Unable to execute procps"
    echo "Checking iptables rules"
    rules=(
    "-A POSTROUTING -j MASQUERADE"
    "-A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE"
    )
-    
+    for rule in "${rules[@]}"; do
-    for line in "${lines[@]}"; do
+        if grep -- "$rule" $rulesv4 > /dev/null; then
-        if grep "$line" /etc/rc.local > /dev/null; then
+            echo "Rule already exits: ${rule}"
            echo "$line: Line already added"
        else
-            sudo sed -i "s/^exit 0$/$line\nexit 0/" /etc/rc.local
+            rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
-            echo "Adding line $line"
+            echo "Adding rule: ${rule}"
            sudo iptables $rule || _install_error "Unable to execute iptables"
            added=true
        fi
    done
-
+    # Persist rules if added
-    # Force a reload of new settings in /etc/rc.local
+    if [ "$added" = true ]; then
-    sudo systemctl restart rc-local.service
+        echo "Persisting IP tables rules"
-    sudo systemctl daemon-reload
+        sudo iptables-save | sudo tee $rulesv4 > /dev/null || _install_error "Unable to execute iptables-save"
    fi
    # Prompt to install RaspAP daemon
    echo -n "Enable RaspAP control service (Recommended)? [Y/n]: "
@ -282,106 +339,42 @@ function default_configuration() {
        if [ "$answer" != "${answer#[Nn]}" ]; then
            echo -e
        else
-            enable_raspap_daemon
+            _enable_raspap_daemon
        fi
    else
        echo -e
-        enable_raspap_daemon
+        _enable_raspap_daemon
    fi
-}
+ }
-# Install and enable RaspAP daemon
+# Add sudoers file to /etc/sudoers.d/ and set file permissions
-function enable_raspap_daemon() {
+function _patch_system_files() {
    install_log "Enabling RaspAP daemon"
    echo "Disable with: sudo systemctl disable raspap.service"
    sudo cp $webroot_dir/installers/raspap.service /lib/systemd/system/ || install_error "Unable to move raspap.service file"
    sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service"
 }
-# Add a single entry to the sudoers file
+    # Create sudoers if not present
-function sudo_add() {
+    if [ ! -f $raspap_sudoers ]; then
-    sudo bash -c "echo \"$raspap_user ALL=(ALL) NOPASSWD:$1\" | (EDITOR=\"tee -a\" visudo)" \
+        _install_log "Adding raspap.sudoers to ${raspap_sudoers}"
-        || install_error "Unable to patch /etc/sudoers"
+        sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || _install_error "Unable to apply raspap.sudoers to $raspap_sudoers"
-}
+        sudo chmod 0440 $raspap_sudoers || _install_error "Unable to change file permissions for $raspap_sudoers"
 # Adds www-data user to the sudoers file with restrictions on what the user can execute
 function patch_system_files() {
    # Set commands array
    cmds=(
        "/sbin/ifdown"
        "/sbin/ifup"
        "/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf"
        "/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf"
        "/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf"
        "/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf"
        "/sbin/wpa_cli -i wlan[0-9] scan_results"
        "/sbin/wpa_cli -i wlan[0-9] scan"
        "/sbin/wpa_cli -i wlan[0-9] reconfigure"
        "/sbin/wpa_cli -i wlan[0-9] select_network"
        "/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf"
        "/bin/systemctl start hostapd.service"
        "/bin/systemctl stop hostapd.service"
        "/bin/systemctl start dnsmasq.service"
        "/bin/systemctl stop dnsmasq.service"
        "/bin/systemctl start openvpn-client@client"
        "/bin/systemctl enable openvpn-client@client"
        "/bin/systemctl stop openvpn-client@client"
        "/bin/systemctl disable openvpn-client@client"
        "/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf"
        "/bin/cp /tmp/authdata /etc/openvpn/client/login.conf"
        "/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.conf"
        "/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf"
        "/sbin/shutdown -h now"
        "/sbin/reboot"
        "/sbin/ip link set wlan[0-9] down"
        "/sbin/ip link set wlan[0-9] up"
        "/sbin/ip -s a f label wlan[0-9]"
        "/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf"
        "/etc/raspap/hostapd/enablelog.sh"
        "/etc/raspap/hostapd/disablelog.sh"
        "/etc/raspap/hostapd/servicestart.sh"
        "/etc/raspap/lighttpd/configport.sh"
        "/etc/raspap/openvpn/configauth.sh"
        "/bin/chmod o+r /tmp/hostapd.log"
        "/bin/chmod o+r /tmp/dnsmasq.log"
    )
    # Check if sudoers needs patching
    if [ $(sudo grep -c $raspap_user /etc/sudoers) -ne ${#cmds[@]} ]
    then
        # Sudoers file has incorrect number of commands. Wiping them out.
        install_log "Cleaning system sudoers file"
        sudo sed -i "/$raspap_user/d" /etc/sudoers
        install_log "Patching system sudoers file"
        # patch /etc/sudoers file
        for cmd in "${cmds[@]}"
        do
            sudo_add $cmd
            IFS=$'\n'
        done
    else
        install_log "Sudoers file already patched"
    fi
    # Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces
-    install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces"
+    _install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces"
    if [ ! -f /usr/share/dhcpcd/hooks/10-wpa_supplicant ]; then
        sudo ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /etc/dhcp/dhclient-enter-hooks.d/
    fi
    # Unmask and enable hostapd.service
-    install_log "Unmasking and enabling hostapd service"
+    _install_log "Unmasking and enabling hostapd service"
    sudo systemctl unmask hostapd.service
    sudo systemctl enable hostapd.service
 }
 # Optimize configuration of php-cgi.
-function optimize_php() {
+function _optimize_php() {
-    install_log "Optimize PHP configuration"
+    _install_log "Optimize PHP configuration"
    if [ ! -f "$phpcgiconf" ]; then
-        install_warning "PHP configuration could not be found."
+        _install_warning "PHP configuration could not be found."
        return
    fi
@ -423,15 +416,14 @@ function optimize_php() {
            if [ -f "/usr/sbin/phpenmod" ]; then
                sudo phpenmod opcache
            else
-                install_warning "phpenmod not found."
+                _install_warning "phpenmod not found."
            fi
        fi
    fi
 }
-function install_complete() {
+function _install_complete() {
-    install_log "Installation completed!"
+    _install_log "Installation completed!"
    if [ "$assume_yes" == 0 ]; then
        # Prompt to reboot if wired ethernet (eth0) is connected.
        # With default_configuration this will create an active AP on restart.
@ -442,27 +434,28 @@ function install_complete() {
                echo "Installation reboot aborted."
                exit 0
            fi
-            sudo shutdown -r now || install_error "Unable to execute shutdown"
+            sudo shutdown -r now || _install_error "Unable to execute shutdown"
        fi
    fi
 }
-function install_raspap() {
+function _install_raspap() {
-    display_welcome
+    _display_welcome
-    config_installation
+    _config_installation
-    update_system_packages
+    _update_system_packages
-    install_dependencies
+    _install_dependencies
-    enable_php_lighttpd
+    _enable_php_lighttpd
-    create_raspap_directories
+    _create_raspap_directories
-    optimize_php
+    _optimize_php
-    check_for_old_configs
+    _check_for_old_configs
-    download_latest_files
+    _download_latest_files
-    change_file_ownership
+    _change_file_ownership
-    create_hostapd_scripts
+    _create_hostapd_scripts
-    create_lighttpd_scripts
+    _create_lighttpd_scripts
-    move_config_file
+    _move_config_file
-    default_configuration
+    _default_configuration
-    prompt_install_openvpn
+    _configure_networking
-    patch_system_files
+    _prompt_install_openvpn
-    install_complete
+    _patch_system_files
    _install_complete
 }
--- a/installers/configauth.sh
+++ b/installers/configauth.sh
@ -6,9 +6,17 @@
 # @author billz
 # license: GNU General Public License v3.0
 # Exit on error
 set -o errexit
 # Exit on error inside functions
 set -o errtrace
 # Turn on traces, disabled by default
 #set -o xtrace
 file=$1
 auth=$2
 interface=$3
 readonly rulesv4="/etc/iptables/rules.v4"
 if [ "$auth" = 1 ]; then
    echo "Enabling auth-user-pass in OpenVPN client.conf"
@ -22,26 +30,27 @@ if [ "$auth" = 1 ]; then
    fi
 fi
-# Generate iptables entries to place into rc.local file.
+# Configure NAT and forwarding with iptables
-# #RASPAP is for uninstall script
+echo "Checking iptables rules"
-echo "Checking iptables rules for $interface"
+rules=(
-
+"-A POSTROUTING -o tun0 -j MASQUERADE"
-lines=(
+"-A FORWARD -i tun0 -o ${interface} -m state --state RELATED,ESTABLISHED -j ACCEPT"
-"iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE #RASPAP"
+"-A FORWARD -i wlan0 -o tun0 -j ACCEPT"
 "iptables -A FORWARD -i tun0 -o $interface -m state --state RELATED,ESTABLISHED -j ACCEPT #RASPAP"
 "iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT #RASPAP"
 )
-for line in "${lines[@]}"; do
+for rule in "${rules[@]}"; do
-    if grep "$line" /etc/rc.local > /dev/null; then
+    if grep -- "$rule" $rulesv4 > /dev/null; then
-        echo "$line: Line already added"
+        echo "Rule already exits: ${rule}"
    else
-        sudo sed -i "s/^exit 0$/$line\nexit 0/" /etc/rc.local
+        rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
-        echo "Adding rule: $line"
+        echo "Adding rule: ${rule}"
        sudo iptables $rule
        added=true
    fi
 done
-# Force a reload of new settings in /etc/rc.local
+if [ "$added" = true ]; then
-sudo systemctl restart rc-local.service
+    echo "Persisting IP tables rules"
-sudo systemctl daemon-reload
+    sudo iptables-save | sudo tee $rulesv4 > /dev/null
 fi
--- a/installers/mkcert.sh
+++ b/installers/mkcert.sh
@ -1,19 +1,31 @@
 #!/bin/bash
 #
 # RaspAP SSL certificate installation functions
-# author: @billz
+# Author: @billz <billzimmerman@gmail.com>
-# license: GNU General Public License v3.0
+# License: GNU General Public License v3.0
 #
 # You are not obligated to bundle the LICENSE file with your RaspAP projects as long
 # as you leave these references intact in the header comments of your source files.
 # Exit on error
 set -o errexit
 # Exit on error inside functions
 set -o errtrace
 # Turn on traces, disabled by default
 # set -o xtrace
 # Set defaults
 certname=$HOSTNAME."local"
 lighttpd_ssl="/etc/lighttpd/ssl"
 lighttpd_conf="/etc/lighttpd/lighttpd.conf"
 webroot_dir="/var/www/html"
-mkcert_version="1.4.1"
+readonly mkcert_version="1.4.1"
 readonly git_source_url="https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}"
 ### NOTE: all the below functions are overloadable for system-specific installs
-function config_installation() {
+function _config_installation() {
-    install_log "Configure a new SSL certificate"
+    _install_log "Configure a new SSL certificate"
    echo "Current system hostname is $HOSTNAME"
    echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]"
    if [ $assume_yes == 0 ]; then
@ -35,10 +47,10 @@ function config_installation() {
        echo -e
    fi
-    install_divider
+    _install_divider
    echo "A new SSL certificate for: ${certname}"
    echo "will be installed to lighttpd SSL directory: ${lighttpd_ssl}"
-    install_divider
+    _install_divider
    echo -n "Complete installation with these values? [y/N]: "
    if [ $assume_yes == 0 ]; then
        read answer < /dev/tty
@ -52,43 +64,43 @@ function config_installation() {
 }
 # Installs pre-built mkcert binary for Arch Linux ARM
-function install_mkcert() {
+function _install_mkcert() {
-    install_log "Fetching mkcert binary"
+    _install_log "Fetching mkcert binary"
-    sudo wget -q https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || install_error "Unable to download mkcert"
+    sudo wget -q ${git_source_url}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || _install_error "Unable to download mkcert"
    sudo chmod +x /usr/local/bin/mkcert
-    install_log "Installing mkcert"
+    _install_log "Installing mkcert"
-    mkcert -install || install_error "Failed to install mkcert"
+    mkcert -install || _install_error "Failed to install mkcert"
 }
 # Generate a certificate for host
-function generate_certificate() {
+function _generate_certificate() {
-    install_log "Generating a new certificate for $certname"
+    _install_log "Generating a new certificate for $certname"
    cd $HOME
-    mkcert $certname "*.${certname}.local" $certname || install_error "Failed to generate certificate for $certname"
+    mkcert $certname "*.${certname}.local" $certname || _install_error "Failed to generate certificate for $certname"
-    install_log "Combining private key and certificate"
+    _install_log "Combining private key and certificate"
-    cat $certname+2-key.pem $certname+2.pem > $certname.pem || install_error "Failed to combine key and certificate"
+    cat $certname+2-key.pem $certname+2.pem > $certname.pem || _install_error "Failed to combine key and certificate"
    echo "OK"
 }
 # Create a directory for the combined .pem file in lighttpd
-function create_lighttpd_dir() {
+function _create_lighttpd_dir() {
-    install_log "Creating SLL directory for lighttpd"
+    _install_log "Creating SLL directory for lighttpd"
    if [ ! -d "$lighttpd_ssl" ]; then
-	sudo mkdir -p "$lighttpd_ssl" || install_error "Failed to create lighttpd directory"
+	sudo mkdir -p "$lighttpd_ssl" || _install_error "Failed to create lighttpd directory"
    fi
    echo "OK"
-    install_log "Setting permissions and moving .pem file"
+    _install_log "Setting permissions and moving .pem file"
-    chmod 400 "$HOME/$certname".pem || install_error "Unable to set permissions for .pem file"
+    chmod 400 "$HOME/$certname".pem || _install_error "Unable to set permissions for .pem file"
-    sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || install_error "Unable to move .pem file"
+    sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || _install_error "Unable to move .pem file"
    echo "OK"
 }
 # Generate config to enable SSL in lighttpd
-function configure_lighttpd() {
+function _configure_lighttpd() {
-    install_log "Configuring lighttpd for SSL"
+    _install_log "Configuring lighttpd for SSL"
    lines=(
        'server.modules += ("mod_openssl")'
        '$SERVER["socket"] == ":443" {'
@ -110,22 +122,22 @@ function configure_lighttpd() {
 }
 # Copy rootCA.pem to RaspAP web root
-function copy_rootca() {
+function _copy_rootca() {
-    install_log "Copying rootCA.pem to RaspAP web root"
+    _install_log "Copying rootCA.pem to RaspAP web root"
-    sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || install_error "Unable to copy rootCA.pem to ${webroot_dir}"
+    sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || _install_error "Unable to copy rootCA.pem to ${webroot_dir}"
    echo "OK"
 }
 # Restart lighttpd service
-function restart_lighttpd() {
+function _restart_lighttpd() {
-    install_log "Restarting lighttpd service"
+    _install_log "Restarting lighttpd service"
-    sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd service"
+    sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd service"
    sudo systemctl status lighttpd.service
 }
-function install_complete() {
+function _install_complete() {
-    install_log "SSL certificate install completed!"
+    _install_log "SSL certificate install completed!"
-    install_divider
+    _install_divider
    printf '%s\n' \
    "Open a browser and enter the address: http://$certname/rootCA.pem" \
    "Download the root certificate to your client and add it to your system keychain." \
@ -133,18 +145,18 @@ function install_complete() {
    "Finally, enter the address https://$certname in your browser." \
    "Enjoy an encrypted SSL connection to RaspAP 🔒" \
    "For advanced options, run mkcert -help"
-    install_divider
+    _install_divider
 }
-function install_certificate() {
+function _install_certificate() {
-    display_welcome
+    _display_welcome
-    config_installation
+    _config_installation
-    install_mkcert
+    _install_mkcert
-    generate_certificate
+    _generate_certificate
-    create_lighttpd_dir 
+    _create_lighttpd_dir
-    configure_lighttpd
+    _configure_lighttpd
-    copy_rootca
+    _copy_rootca
-    restart_lighttpd
+    _restart_lighttpd
-    install_complete
+    _install_complete
 }
--- a/installers/raspap.service
+++ b/installers/raspap.service
@ -1,10 +0,0 @@
 [Unit]
 Description=RaspAP daemon
 After=multi-user.target
 [Service]
 Type=idle
 ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3
 [Install]
 WantedBy=multi-user.target
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@ -0,0 +1,37 @@
 www-data ALL=(ALL) NOPASSWD:/sbin/ifdown
 www-data ALL=(ALL) NOPASSWD:/sbin/ifup
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
 www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan_results
 www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan
 www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] reconfigure
 www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] select_network
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl start hostapd.service
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop hostapd.service
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl start dnsmasq.service
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop dnsmasq.service
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl enable openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl disable openvpn-client@client
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_raspap.conf
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf
 www-data ALL=(ALL) NOPASSWD:/sbin/shutdown -h now
 www-data ALL=(ALL) NOPASSWD:/sbin/reboot
 www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] down
 www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] up
 www-data ALL=(ALL) NOPASSWD:/sbin/ip -s a f label wlan[0-9]
 www-data ALL=(ALL) NOPASSWD:/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/enablelog.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/servicestart.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
 www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
 www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
--- a/installers/raspapd.service
+++ b/installers/raspapd.service
@ -0,0 +1,24 @@
 ### BEGIN INIT INFO
 # Provides:          raspapd
 # Required-Start:    $remote_fs $syslog
 # Required-Stop:     $remote_fs $syslog
 # Default-Start:     S 2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Start RaspAP daemon at boot time
 # Description:       Enable service provided by daemon
 ### END INIT INFO
 # Author: BillZ <billzimmerman@gmail.com>
 [Unit]
 Description=RaspAP Service Daemon
 DefaultDependencies=no
 After=multi-user.target
 [Service]
 Type=oneshot
 ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3
 RemainAfterExit=no
 [Install]
 WantedBy=multi-user.target
--- a/installers/raspbian.sh
+++ b/installers/raspbian.sh
@ -1,8 +1,8 @@
 #!/bin/bash
 #
 # RaspAP Quick Installer
-# author: @billz
+# Author: @billz <billzimmerman@gmail.com>
-# license: GNU General Public License v3.0
+# License: GNU General Public License v3.0
 #
 # Usage:
 #
@ -27,13 +27,16 @@
 # https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/common.sh
 # - or -
 # https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/mkcert.sh
 #
 # You are not obligated to bundle the LICENSE file with your RaspAP projects as long
 # as you leave these references intact in the header comments of your source files.
 # Set defaults
 repo="billz/raspap-webgui"
 branch="master"
 VERSION=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
 assume_yes=0
 ovpn_option=1
 readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
 # Define usage notes
 usage=$(cat << EOF
@ -75,7 +78,7 @@ while :; do
        exit 1
        ;;
        -v|--version)
-        printf "RaspAP v${VERSION} - simple AP setup and wifi mangement for the RaspberryPi\n"
+        printf "RaspAP v${RASPAP_LATEST} - simple AP setup and wifi mangement for the RaspberryPi\n"
        exit 1
 	;;
        -*|--*)
@ -93,7 +96,7 @@ done
 UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
 # Outputs a welcome message
-function display_welcome() {
+function _display_welcome() {
    raspberry='\033[0;35m'
    green='\033[1;32m'
@ -105,35 +108,35 @@ function display_welcome() {
    echo -e " 88     88 88.  .88       88 88.  .88 88     88   88"
    echo -e " dP     dP  88888P8  88888P  88Y888P  88     88   dP"
    echo -e "                             88"
-    echo -e "                             dP       version ${VERSION}"
+    echo -e "                             dP       version ${RASPAP_LATEST}"
    echo -e "${green}"
    echo -e "The Quick Installer will guide you through a few easy steps\n\n"
 }
 # Outputs a RaspAP Install log line
-function install_log() {
+function _install_log() {
    echo -e "\033[1;32mRaspAP Install: $*\033[m"
 }
 # Outputs a RaspAP Install Error log line and exits with status code 1
-function install_error() {
+function _install_error() {
    echo -e "\033[1;37;41mRaspAP Install Error: $*\033[m"
    exit 1
 }
 # Outputs a RaspAP Warning line
-function install_warning() {
+function _install_warning() {
    echo -e "\033[1;33mWarning: $*\033[m"
 }
 # Outputs a RaspAP divider
-function install_divider() {
+function _install_divider() {
    echo -e "\033[1;32m***************************************************************$*\033[m"
 }
-function update_system_packages() {
+function _update_system_packages() {
-    install_log "Updating sources"
+    _install_log "Updating sources"
-    sudo apt-get update || install_error "Unable to update package list"
+    sudo apt-get update || _install_error "Unable to update package list"
 }
 # Fetch required installer functions
@ -141,11 +144,11 @@ if [ "${install_cert:-}" = 1 ]; then
    source="mkcert"
    wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
    source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
-    install_certificate || install_error "Unable to install certificate"
+    _install_certificate || _install_error "Unable to install certificate"
 else
    source="common"
    wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
    source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
-    install_raspap || install_error "Unable to install RaspAP"
+    _install_raspap || _install_error "Unable to install RaspAP"
 fi
--- a/installers/servicestart.sh
+++ b/installers/servicestart.sh
@ -1,12 +1,12 @@
 #!/bin/bash
-# When wireless client AP mode is enabled, this script handles starting
+# When wireless client AP or Bridge mode is enabled, this script handles starting
 # up network services in a specific order and timing to avoid race conditions.
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-NAME=raspap
+NAME=raspapd
 DESC="Service control for RaspAP"
 CONFIGFILE="/etc/raspap/hostapd.ini"
-DAEMONPATH="/lib/systemd/system/raspap.service"
+DAEMONPATH="/lib/systemd/system/raspapd.service"
 OPENVPNENABLED=$(pidof openvpn | wc -l)
 positional=()
@ -22,21 +22,33 @@ case $key in
    ;;
    -s|--seconds)
    seconds="$2"
-    shift # past argument
+    shift
-    shift # past value
+    shift
    ;;
    -a|--action)
    action="$2"
    shift
    shift
    ;;
 esac
 done
 set -- "${positional[@]}"
 echo "Stopping network services..."
-systemctl stop openvpn-client@client
+if [ $OPENVPNENABLED -eq 1 ]; then
    systemctl stop openvpn-client@client
 fi
 systemctl stop systemd-networkd
 systemctl stop hostapd.service
 systemctl stop dnsmasq.service
 systemctl stop dhcpcd.service
-if [ -f "$DAEMONPATH" ]; then
+if [ "${action}" = "stop" ]; then
    echo "Services stopped. Exiting."
    exit 0
 fi
 if [ -f "$DAEMONPATH" ] && [ ! -z "$interface" ]; then
    echo "Changing RaspAP Daemon --interface to $interface"
    sed -i "s/\(--interface \)[[:alnum:]]*/\1$interface/" "$DAEMONPATH"
 fi
@ -49,6 +61,9 @@ if [ -r "$CONFIGFILE" ]; then
    if [ "${config[BridgedEnable]}" = 1 ]; then
        if [ "${interface}" = "br0" ]; then
            echo "Stopping systemd-networkd"
            systemctl stop systemd-networkd
            echo "Restarting eth0 interface..."
            ip link set down eth0
            ip link set up eth0
@ -64,14 +79,21 @@ if [ -r "$CONFIGFILE" ]; then
        echo "Disabling systemd-networkd"
        systemctl disable systemd-networkd
        ip link ls up | grep -q 'br0' &> /dev/null
        if [ $? == 0 ]; then
            echo "Removing br0 interface..."
            ip link set down br0
            ip link del dev br0
        fi
        if [ "${config[WifiAPEnable]}" = 1 ]; then
            if [ "${interface}" = "uap0" ]; then
                ip link ls up | grep -q 'uap0' &> /dev/null
                if [ $? == 0 ]; then
                    echo "Removing uap0 interface..."
                    iw dev uap0 del
                fi
                echo "Adding uap0 interface to ${config[WifiManaged]}"
                iw dev ${config[WifiManaged]} interface add uap0 type __ap