diff --git a/README.md b/README.md
index 750efff..a31dcf3 100644
--- a/README.md
+++ b/README.md
@@ -12,31 +12,32 @@ __work in progress__
 
 (is being tested on digitalocean ubuntu 16.04)
 
-## Ubuntu ##
+## Remote Linux via SSH ##
 
-Create a server (e.g., digitalocean on some other place) with Ubuntu 16.04 on it. 
+Create a server (e.g., digitalocean on some other place) with one of the following tested OS on it:
+* Ubuntu 17.10 x64
+* Ubuntu 16.04 x64
+* Debian 8.10 x64
 
 Clone this repository on your local machine.
 
 Now run: 
 
 ```
-ssh root@[ip exit node] 'bash -s' < create_exitnode.sh [ip exit node]
+exit_node_ip=165.227.241.194
+./build/remote root@$exit_node_ip
 ```
 
-Expected output should be something like:
+This should SSH to the exit node, configure it, reboot, and wait for the reboot to complete.
+
+Expected Output will be like
 
 ```
-Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
-Hit:2 http://ams2.mirrors.digitalocean.com/ubuntu xenial InRelease
-Get:3 http://security.ubuntu.com/ubuntu xenial-security/main Sources [108 kB]
-Get:5 http://security.ubuntu.com/ubuntu xenial-security/restricted Sources [2,116 B]
-[...]
-Cloning into '/opt/exitnode'...
-tunneldigger.service is not a native service, redirecting to systemd-sysv-install
-Executing /lib/systemd/systemd-sysv-install enable tunneldigger
-babeld.service is not a native service, redirecting to systemd-sysv-install
-Executing /lib/systemd/systemd-sysv-install enable babeld
+⚡ ./build/remote root@165.227.241.194
+testing ssh to root@165.227.241.194
+... # lots more stuff
+.
+remote exitnode provisioned, rebooted
 ```
 
 # Testing
diff --git a/build/bin/install-dependencies b/build/bin/install-dependencies
new file mode 100755
index 0000000..0b14c4c
--- /dev/null
+++ b/build/bin/install-dependencies
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+
+usage () {
+cat <<HELP_USAGE
+$0 
+
+Install dependency packages required to run an exitnode.
+HELP_USAGE
+}
+
+set -e
+
+release_info="$(cat /etc/*-release)"
+echo "release_info=$release_info"
+release_name="$(echo "$release_info" | grep ^NAME= | cut -d'=' -f2)"
+echo "release_name=$release_name"
+
+
+# Install extra linux kernel modules
+echo "release_name=$release_name"
+if [ "$release_name" == '"Ubuntu"' ]; then
+  echo "OS is Ubuntu. Need to upgrade kernel"
+  # This would NOT work on Debian 8.10, (@TODO test others).
+  # It does work on Ubuntu 16.04
+  apt-get install -yq \
+    linux-image-extra-"$(uname -r)"
+fi
+
+apt-get install -yq \
+  build-essential \
+  ca-certificates \
+  curl \
+  git \
+  zlib1g \
+  zlib1g-dev \
+  libssl-dev \
+  libxslt1-dev \
+  module-init-tools \
+  bridge-utils \
+  openssh-server \
+  openssl \
+  perl \
+  dnsmasq \
+  procps \
+  python-psycopg2 \
+  python-software-properties \
+  software-properties-common \
+  python \
+  python-dev \
+  python-pip \
+  iproute \
+  libnetfilter-conntrack3 \
+  libevent-dev \
+  ebtables \
+  vim \
+  tmux
+
+apt-get install -yq \
+  cmake \
+  libnl-3-dev \
+  libnl-genl-3-dev \
+  build-essential \
+  pkg-config
diff --git a/build/bin/lint b/build/bin/lint
new file mode 100755
index 0000000..180ace1
--- /dev/null
+++ b/build/bin/lint
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+# set -x
+set -e
+
+usage () {
+cat <<HELP_USAGE
+$0 [file]
+
+check bash scripts here for common mistakes
+
+[file] - file to lint for common bash mistakes. If omitted, all files will be checked
+HELP_USAGE
+}
+
+file="$1"
+
+if [ -z "$file" ]; then
+  # no file specified, do all
+  # find src -type f -print0 | xargs -0 -L1 ./build/bin/lint 
+  find build -type f -print0 | xargs -0 -L1 ./build/bin/lint 
+else
+  # check that file
+  cd "$(dirname "$file")"
+  shellcheck -e SC2029 -x "$(basename "$file")"
+fi
diff --git a/build/bin/set-public-ip b/build/bin/set-public-ip
new file mode 100755
index 0000000..c09d71c
--- /dev/null
+++ b/build/bin/set-public-ip
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+usage () {
+cat <<HELP_USAGE
+$0 [public_ip]
+
+set the public ip address of this exitnode.
+Configures babeld, tunneldigger, etc and restarts them.
+
+[public_ip] - public_ip to lint for common bash mistakes. If omitted, all files will be checked
+HELP_USAGE
+}
+
+cd "$(dirname "$0")" || return
+
+. ../variables
+
+# /opt/tunneldigger/... broker conf
+CFG="$TUNNELDIGGER_HOME/broker/l2tp_broker.cfg"
+sed -i.bak "s/address=\\(.*\\)/address=$PUBLIC_IP/" $CFG
+sed -i.bak "s/interface=\\(.*\\)/interface=$ETH_IF/" $CFG
+
+# /etc/babeld.conf
+sed 's/\(redistribute local ip \(.*\) proto 0 deny\)/redistribute local ip '"$PUBLIC_IP"' proto 0 deny/' -i /etc/babeld.conf
diff --git a/build/bin/tunneldigger b/build/bin/tunneldigger
new file mode 100755
index 0000000..5569256
--- /dev/null
+++ b/build/bin/tunneldigger
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+usage () {
+cat <<HELP_USAGE
+$0
+
+Run tunneldigger in the foreground (alternative to /etc/init.d/tunneldigger)
+HELP_USAGE
+}
+
+cd /opt/tunneldigger || return
+exec /opt/tunneldigger/broker/env_tunneldigger/bin/python -m broker.main /opt/tunneldigger/broker/l2tp_broker.cfg
diff --git a/build/lib b/build/lib
new file mode 100644
index 0000000..2c89f65
--- /dev/null
+++ b/build/lib
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+wait_for_ssh() {
+  ssh_to_test="$1"
+  while ! ssh "$ssh_to_test" exit > /dev/null 2>&1
+  do
+    printf "."
+    sleep 2
+  done
+}
diff --git a/build/remote b/build/remote
new file mode 100755
index 0000000..3709bef
--- /dev/null
+++ b/build/remote
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+usage () {
+cat <<HELP_USAGE
+$0 [ssh_host]@[ssh_host]
+
+Provision an exitnode by SSHing into a remote server.
+
+[ssh_user] - usually 'root'
+[ssh_host] - Public IP address that your exitnode will be available at
+
+HELP_USAGE
+}
+
+# set -x 
+# set -e
+
+this_dir="$(dirname "$0")"
+
+export EXITNODE_DIR=/opt/exitnode
+# shellcheck source=./lib
+source "$this_dir/lib"
+# shellcheck source=./variables
+source "$this_dir/variables"
+
+exitnode_ssh=$1
+PUBLIC_IP="${PUBLIC_IP:-$(echo "$exitnode_ssh" | cut -d'@' -f2)}"
+
+ssh "$exitnode_ssh" echo testing ssh to "$exitnode_ssh"
+
+# rsync these files so we can configure
+ssh "$exitnode_ssh" apt-get install -yq rsync > /dev/null 2>&1
+rsync -a "$this_dir/../" "$exitnode_ssh:$EXITNODE_DIR"
+
+# configure
+ssh "$exitnode_ssh" "apt-get clean && apt-get update && dpkg --configure -a" 
+  # shellcheck disable=SC2029
+ssh -t "$exitnode_ssh" "DEBIAN_FRONTEND=$DEBIAN_FRONTEND PUBLIC_IP=$PUBLIC_IP EXITNODE_DIR=$EXITNODE_DIR $EXITNODE_DIR/create_exitnode.sh"
+
+# reboot
+echo "rebooting $exitnode_ssh"
+ssh "$exitnode_ssh" 'nohup sudo reboot &>/dev/null & exit'
+# wait for ssh after reboot
+echo "Waiting for ssh $exitnode_ssh"
+wait_for_ssh "$exitnode_ssh"
+
+ssh "$exitnode_ssh" 'echo remote exitnode provisioned, rebooted'
\ No newline at end of file
diff --git a/build/variables b/build/variables
new file mode 100644
index 0000000..d3217eb
--- /dev/null
+++ b/build/variables
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2034
+
+GATEWAY_IP=$2
+
+MESH_IP=100.64.0.42
+MESH_PREFIX=32
+MESHNET=100.64.0.0/10
+ETH_IF=eth0
+PUBLIC_IP="${PUBLIC_IP:-$IP}"
+PUBLIC_SUBNET="$PUBLIC_IP/29"
+IP="${IP:-$PUBLIC_IP}"
+
+TUNNELDIGGER_HOME=/opt/tunneldigger
diff --git a/create_exitnode.sh b/create_exitnode.sh
index 19f9811..6ca5526 100755
--- a/create_exitnode.sh
+++ b/create_exitnode.sh
@@ -1,56 +1,27 @@
-#!/bin/sh
+#!/usr/bin/env bash
+
+cd "$(dirname $0)"
+
+# set -e # stop on first error
+# set -x # print every line before executing (to debug)
+
+source ./build/variables
 
-IP=$1
-GATEWAY_IP=$2
-
-MESH_IP=100.64.0.42
-MESH_PREFIX=32
-MESHNET=100.64.0.0/10
-ETH_IF=eth0
-PUBLIC_IP=$IP
-PUBLIC_SUBNET="$IP/29"
-
-
-apt-get update && apt-get install -y --force-yes \
-  build-essential \
-  ca-certificates \
-  curl \
-  git \
-  libssl-dev \
-  libxslt1-dev \
-  module-init-tools \
-  bridge-utils \
-  openssh-server \
-  openssl \
-  perl \
-  dnsmasq \
-  procps \
-  python-psycopg2 \
-  python-software-properties \
-  software-properties-common \
-  python \
-  python-dev \
-  python-pip \
-  iproute \
-  libnetfilter-conntrack3 \
-  libevent-dev \
-  ebtables \
-  vim \
-  tmux
+cat <<EOF
+
+create_exitnode.sh
+EXITNODE_DIR=$EXITNODE_DIR
+PUBLIC_IP=$PUBLIC_IP
+
+EOF
+
+./build/bin/install-dependencies
 
 KERNEL_VERSION=$(uname -r)
 echo kernel version [$KERNEL_VERSION]
 
-apt-get install -y --force-yes \
-  cmake \
-  libnl-3-dev \
-  libnl-genl-3-dev \
-  build-essential \
-  pkg-config \
-  linux-image-extra-$(uname -r)
-
-mkdir ~/babel_build
-git clone https://github.com/sudomesh/babeld.git ~/babel_build/
+rm -rf ~/babel_build
+git clone https://github.com/sudomesh/babeld.git ~/babel_build
 cd ~/babel_build
 
 make && make install
@@ -117,9 +88,14 @@ MESHNET="$MESHNET"
 DEFAULT_ROUTE="$(ip route | head -n1 | sed 's/onlink/proto static/g')"
 EOF
 
-git clone https://github.com/sudomesh/exitnode /opt/exitnode
-cp -r /opt/exitnode/src/etc/* /etc/
-cp /opt/exitnode/l2tp_broker.cfg $TUNNELDIGGER_HOME/broker/l2tp_broker.cfg
+echo "EXITNODE_DIR=$EXITNODE_DIR"
+if [[ ! $EXITNODE_DIR ]]; then
+  echo "cloning sudomesh/exitnode to /opt/exitnode"
+  git clone https://github.com/sudomesh/exitnode /opt/exitnode
+  EXITNODE_DIR=/opt/exitnode
+fi
+cp -r $EXITNODE_DIR/src/etc/* /etc/
+cp $EXITNODE_DIR/l2tp_broker.cfg $TUNNELDIGGER_HOME/broker/l2tp_broker.cfg
 
 # Setup public ip in tunneldigger.cfg
 CFG="$TUNNELDIGGER_HOME/broker/l2tp_broker.cfg"
@@ -127,12 +103,12 @@ CFG="$TUNNELDIGGER_HOME/broker/l2tp_broker.cfg"
 sed -i.bak "s#address=[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+#address=$PUBLIC_IP#" $CFG
 sed -i.bak "s#interface=lo#interface=$ETH_IF#" $CFG 
 
+$EXITNODE_DIR/build/bin/set-public-ip $PUBLIC_IP
+
 # for Digital Ocean only
 sed -i 's/dns-nameservers.*/dns-nameservers 8.8.8.8/g' /etc/network/interfaces.d/50-cloud-init.cfg
 sed -i '/address/a \   \ dns-nameservers 8.8.8.8' /etc/network/interfaces.d/50-cloud-init.cfg 
 
-
-
 # start babeld and tunnel digger on reboot
 systemctl enable sudomesh-gateway
 systemctl enable tunneldigger
@@ -141,5 +117,3 @@ systemctl enable babeld
 service sudomesh-gateway start
 service tunneldigger start
 service babeld start
-
-reboot now
diff --git a/src/etc/init.d/sudomesh-gateway b/src/etc/init.d/sudomesh-gateway
index d8b250b..4095f70 100755
--- a/src/etc/init.d/sudomesh-gateway
+++ b/src/etc/init.d/sudomesh-gateway
@@ -39,9 +39,14 @@ do_start()
 	#   0 if daemon has been started
 	#   1 if daemon was already running
 	#   2 if daemon could not be started
-	
-  echo 1 > /proc/sys/net/ipv4/ip_forward
-  sed -i.backup 's/\(.*net.ipv4.ip_forward.*\)/# Enable forwarding for mesh (altered by provisioning script)\nnet.ipv4.ip_forward=1/' /etc/sysctl.conf
+  ip_forward="$(cat /proc/sys/net/ipv4/ip_forward)"
+  echo "PUBLIC_IP=$PUBLIC_IP"
+  echo "ip_forward=$ip_forward"
+  echo "whoami=$(whoami)"
+  if [ $ip_forward != "1" ]; then
+    echo 1 > /proc/sys/net/ipv4/ip_forward
+    sed -i.backup 's/\(.*net.ipv4.ip_forward.*\)/# Enable forwarding for mesh (altered by provisioning script)\nnet.ipv4.ip_forward=1/' /etc/sysctl.conf
+  fi
 
   # make sure that protocol is status to make babeld distribute gateway route
   # see https://github.com/jech/babeld/blob/1a6135dca042f0f22dc450699a900e3ca7bc06ca/README#L88