Add glorytun udp server support and a service to set 6in4 tunnel

debian9-x86_64.sh

@@ -32,6 +32,10 @@ rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
 dpkg -i /tmp/linux-image-4.14.24-mptcp-64056fa.amd64.deb
 dpkg -i /tmp/linux-headers-4.14.24-mptcp-64056fa.amd64.deb
 
+# Check if mptcp kernel is grub default kernel
+wget -O /tmp/update-grub.sh http://www.openmptcprouter.com/server/update-grub.sh
+cd /tmp
+bash update-grub.sh 4.14.24-mptcp
 
 #apt -t stretch-backports -y install shadowsocks-libev
 ## Compile Shadowsocks
@@ -90,27 +94,27 @@ if [ "$OBFS" = "yes" ]; then
 fi
 
 # Install Glorytun UDP
-#apt-get -y install meson pkg-config ca-certificates
-#cd /tmp
-#wget -O /tmp/glorytun-0.0.98-mud.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.98-mud/glorytun-0.0.98-mud.tar.gz
-#tar xzf glorytun-0.0.98-mud.tar.gz
-#cd glorytun-0.0.98-mud
-#meson build
-#ninja -C build install
-#sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network
-#rm /lib/systemd/system/glorytun*
-#rm /lib/systemd/network/glorytun*
-#wget -O /usr/local/bin/glorytun-run http://www.openmptcprouter.com/server/glorytun-udp-run
-#chmod 755 /usr/local/bin/glorytun-run
-#wget -O /lib/systemd/system/glorytun-udp@.service http://www.openmptcprouter.com/server/glorytun-udp%40.service.in
-#wget -O /lib/systemd/network/glorytun-udp.network http://www.openmptcprouter.com/server/glorytun-udp.network
-#mkdir -p /etc/glorytun-udp
-#wget -O /etc/glorytun-udp/tun0 http://www.openmptcprouter.com/server/tun0.glorytun-udp
-#echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key
-#systemctl enable glorytun-udp@tun0.service
-#systemctl enable systemd-networkd.service
-#cd /tmp
-#rm -r /tmp/glorytun-0.0.98-mud
+apt-get -y install meson pkg-config ca-certificates
+cd /tmp
+wget -O /tmp/glorytun-0.0.99-mud.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.99-mud/glorytun-0.0.99-mud.tar.gz
+tar xzf glorytun-0.0.99-mud.tar.gz
+cd glorytun-0.0.99-mud
+meson build
+ninja -C build install
+sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network
+rm /lib/systemd/system/glorytun*
+rm /lib/systemd/network/glorytun*
+wget -O /usr/local/bin/glorytun-run http://www.openmptcprouter.com/server/glorytun-udp-run
+chmod 755 /usr/local/bin/glorytun-run
+wget -O /lib/systemd/system/glorytun-udp@.service http://www.openmptcprouter.com/server/glorytun-udp%40.service.in
+wget -O /lib/systemd/network/glorytun-udp.network http://www.openmptcprouter.com/server/glorytun-udp.network
+mkdir -p /etc/glorytun-udp
+wget -O /etc/glorytun-udp/tun0 http://www.openmptcprouter.com/server/tun0.glorytun-udp
+echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key
+systemctl enable glorytun-udp@tun0.service
+systemctl enable systemd-networkd.service
+cd /tmp
+rm -r /tmp/glorytun-0.0.99-mud
 
 
 # Install Glorytun TCP
@@ -127,8 +131,6 @@ make
 cp glorytun /usr/local/bin/glorytun-tcp
 wget -O /usr/local/bin/glorytun-tcp-run http://www.openmptcprouter.com/server/glorytun-tcp-run
 chmod 755 /usr/local/bin/glorytun-tcp-run
-wget -O /usr/local/bin/omr-6in4 http://www.openmptcprouter.com/server/omr-6in4
-chmod 755 /usr/local/bin/omr-6in4
 wget -O /lib/systemd/system/glorytun-tcp@.service http://www.openmptcprouter.com/server/glorytun-tcp%40.service.in
 wget -O /lib/systemd/network/glorytun-tcp.network http://www.openmptcprouter.com/server/glorytun.network
 mkdir -p /etc/glorytun-tcp
@@ -144,6 +146,14 @@ if ! grep -q tun /etc/modules ; then
 	echo tun >> /etc/modules
 fi
 
+# Add 6in4 support
+wget -O /usr/local/bin/omr-6in4 http://www.openmptcprouter.com/server/omr-6in4
+chmod 755 /usr/local/bin/omr-6in4
+wget -O /usr/local/bin/omr-6in4-service http://www.openmptcprouter.com/server/omr-6in4-service
+chmod 755 /usr/local/bin/omr-6in4-service
+wget -O /lib/systemd/system/omr-6in4.service http://www.openmptcprouter.com/server/omr-6in4.service.in
+
+
 
 # Change SSH port to 65222
 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config
@@ -170,9 +180,9 @@ systemctl enable shorewall6
 
 # Add OpenMPTCProuter VPS script version to /etc/motd
 if grep --quiet 'OpenMPTCProuter VPS' /etc/motd; then
-	sed -i 's:< OpenMPTCProuter VPS [0-9]*\.[0-9]* >:< OpenMPCTProuter VPS 0.18 >:' /etc/motd
+	sed -i 's:< OpenMPTCProuter VPS [0-9]*\.[0-9]* >:< OpenMPCTProuter VPS 0.19 >:' /etc/motd
 else
-	echo '< OpenMPCTProuter VPS 0.18 >' >> /etc/motd
+	echo '< OpenMPCTProuter VPS 0.19 >' >> /etc/motd
 fi
 
 # Display important info

glorytun-tcp@.service.in

@@ -6,8 +6,6 @@ After=network.target network-online.target
 Type=simple
 Restart=always
 ExecStart=/usr/local/bin/glorytun-tcp-run /etc/glorytun-tcp/%i
-ExecStartPost=/usr/local/bin/omr-6in4 /etc/glorytun-tcp/%i start
-ExecStopPost=/usr/local/bin/omr-6in4 /etc/glorytun-tcp/%i stop
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 
 [Install]

glorytun-udp-run

@@ -12,7 +12,8 @@ fi
 DEV="gt${HOST:+c}-udp-$(basename "$1")"
 
 exec glorytun \
-	bind $BIND $BIND_PORT
+	bind $BIND $BIND_PORT \
+	keyfile "$1".key \
 	${DEV:+dev "$DEV"} \
 	${HOST:+to "$HOST" "$PORT"} \
 	${OPTIONS:+$OPTIONS}

glorytun-udp.network

@@ -11,6 +11,7 @@ IPMasquerade=yes
 PoolOffset=2
 PoolSize=1
 EmitDNS=no
+EmitNTP=no
 DNS=9.9.9.9
 DefaultLeaseTimeSec=12h
 MaxLeaseTimeSec=24h

glorytun-udp@.service.in

@@ -6,7 +6,7 @@ After=network.target network-online.target
 Type=simple
 Restart=always
 EnvironmentFile=/etc/glorytun-udp/%i
-ExecStart=/usr/local/bin/glorytun-udp-run keyfile /etc/glorytun-udp/%i.key
+ExecStart=/usr/local/bin/glorytun-udp-run /etc/glorytun-udp/%i
 CapabilityBoundingSet=CAP_NET_ADMIN
 
 [Install]

glorytun.network

@@ -11,6 +11,7 @@ IPMasquerade=yes
 PoolOffset=2
 PoolSize=1
 EmitDNS=no
+EmitNTP=no
 DNS=9.9.9.9
 DefaultLeaseTimeSec=12h
 MaxLeaseTimeSec=24h

omr-6in4-service

@@ -0,0 +1,56 @@
+#!/bin/bash
+# OpenMPTCProuter VPS 6in4 service script
+
+if [ "$1" = "stop" ] && [ "$(ip link show omr-6in4 up)" ]; then
+	ip route del fd00::/8 via fe80::a00:2 dev omr-6in4
+	ip link set omr-6in4 down
+	ip tunnel del omr-6in4
+	exit 0
+fi
+
+# Add IPv6 tunnel
+if [ "$(ip link show omr-6in4 up)" ]; then
+	ip tunnel change omr-6in4 mode sit remote 10.0.0.2 local 10.0.0.1
+else
+	ip tunnel add omr-6in4 mode sit remote 10.0.0.2 local 10.0.0.1
+fi
+ip link set omr-6in4 up
+ip route replace fd00::/8 via fe80::a00:2 dev omr-6in4
+
+_ping() {
+	local host=$1
+	ret=$(ping -4 "${host}" \
+		-W 5 \
+		-c 1 \
+		-q
+	) && echo "$ret" | grep -sq "0% packet loss" && {
+		return
+	}
+	false
+}
+
+while true; do
+	currentaddr=$(ip addr show omr-6in4 | grep link/sit | awk '{print $2}' | tr -d "\n")
+	currentpeer=$(ip addr show omr-6in4 | grep link/sit | awk '{print $4}' | tr -d "\n")
+	if [ -n "$currentpeer" ]; then
+		_ping $currentpeer
+		status=$?
+		if ! $(exit $status); then
+			allip_tcp=$(ip -4 addr show gt-tun0 | grep inet)
+			allip_udp=$(ip -4 addr show gt-udp-tun0 | grep inet)
+			allip="$allip_tcp
+$allip_udp"
+			while IFS= read -r inet; do
+				ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n")
+				ipd=$(echo $ip | sed 's/.1/.2/' | tr -d "\n")
+				_ping $ipd
+				status=$?
+				if $(exit $status); then
+					ip tunnel change omr-6in4 mode sit remote $ipd local $ip
+					break
+				fi
+			done < <(printf '%s\n' "$allip")
+		fi
+	fi
+	sleep 5
+done

omr-6in4.service.in

@@ -0,0 +1,13 @@
+[Unit]
+Description=OMR-6in4
+After=network.target network-online.target glorytun-tcp@.service
+
+[Service]
+Type=simple
+Restart=always
+ExecStart=/usr/local/bin/omr-6in4-service
+ExecStop=/usr/local/bin/omr-6in4-service stop
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
+
+[Install]
+WantedBy=multi-user.target

shorewall4/interfaces

@@ -14,6 +14,7 @@
 ?FORMAT 2
 ###############################################################################
 #ZONE   INTERFACE       OPTIONS
-net	eth0            dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0
-vpn	gt-tun0        nosmurfs,routefilter,logmartians,tcpflags
+net	eth0		dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0
+vpn	gt-tun0		nosmurfs,routefilter,logmartians,tcpflags
+vpn	gt-udp-tun0	nosmurfs,routefilter,logmartians,tcpflags
 

shorewall4/rules

@@ -55,7 +55,12 @@ ACCEPT          net             $FW             tcp     65222
 #
 DHCPfwd(ACCEPT)	$FW		vpn
 #
-#	Redirect all port from 1 to 64999 to the VPN client from the network
+#	Redirect all port from 1 to 64999 to the VPN UDP client from the network
+#
+#DNAT		net		vpn:10.0.1.2	tcp	1-64999
+#DNAT		net		vpn:10.0.1.2	udp	1-64999
+#
+#	Redirect all port from 1 to 64999 to the VPN TCP client from the network
 #
 #DNAT		net		vpn:10.0.0.2	tcp	1-64999
 #DNAT		net		vpn:10.0.0.2	udp	1-64999

shorewall4/snat

@@ -20,4 +20,5 @@ MASQUERADE		10.0.0.0/8,\
 			172.16.0.0/12,\
 			192.168.0.0/16		eth0
 # SNAT from VPN server for all VPN clients
-SNAT(10.0.0.1)		0.0.0.0/0		gt-tun0
+SNAT(10.0.0.1)		0.0.0.0/0		gt-tun0
+SNAT(10.0.1.1)		0.0.0.0/0		gt-udp-tun0

shorewall4/stoppedrules

@@ -15,4 +15,6 @@
 #                                                       PORT(S)         PORT(S)
 ACCEPT          gt-tun0         -
 ACCEPT          -               gt-tun0
+ACCEPT          gt-udp-tun0     -
+ACCEPT          -               gt-udp-tun0
 

update-grub.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+kernel=$1
+[ -z "$kernel" ] && exit 0
+
+config_file="$(find /boot/grub* -maxdepth 1 -name grub.cfg 2>/dev/null)"
+[ $config_file ] || exit 0
+
+deflt_file="$(find /etc/default \( -name grub -o -name grub2 \) 2>/dev/null)"
+[ $deflt_file ] || exit 0
+
+if [ -z "$(grep -m 1 vmlinuz $config_file | grep $kernel)" ]; then
+	x=0
+	sed -n -e 's@\([^'\"\'']*\)['\"\'']\([^'\"\'']*\).*@\1\2@' -e '/\(menuentry\) /p' <$config_file | \
+		while IFS= read ln
+		do
+			if [ -n "$(echo $ln | grep $kernel)" ]; then
+				sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"$x\"@" $deflt_file
+				exit 0
+			fi
+			x=$(expr $x + 1)
+		done | sed 's@\(menuentry\) @@'
+fi