mirror of
https://github.com/Ysurac/openmptcprouter-vps.git
synced 2025-03-09 15:50:00 +00:00
Add glorytun udp server support and a service to set 6in4 tunnel
This commit is contained in:
parent
a7264f0746
commit
04c961d9ab
13 changed files with 144 additions and 33 deletions
|
@ -32,6 +32,10 @@ rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
|
||||||
dpkg -i /tmp/linux-image-4.14.24-mptcp-64056fa.amd64.deb
|
dpkg -i /tmp/linux-image-4.14.24-mptcp-64056fa.amd64.deb
|
||||||
dpkg -i /tmp/linux-headers-4.14.24-mptcp-64056fa.amd64.deb
|
dpkg -i /tmp/linux-headers-4.14.24-mptcp-64056fa.amd64.deb
|
||||||
|
|
||||||
|
# Check if mptcp kernel is grub default kernel
|
||||||
|
wget -O /tmp/update-grub.sh http://www.openmptcprouter.com/server/update-grub.sh
|
||||||
|
cd /tmp
|
||||||
|
bash update-grub.sh 4.14.24-mptcp
|
||||||
|
|
||||||
#apt -t stretch-backports -y install shadowsocks-libev
|
#apt -t stretch-backports -y install shadowsocks-libev
|
||||||
## Compile Shadowsocks
|
## Compile Shadowsocks
|
||||||
|
@ -90,27 +94,27 @@ if [ "$OBFS" = "yes" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Install Glorytun UDP
|
# Install Glorytun UDP
|
||||||
#apt-get -y install meson pkg-config ca-certificates
|
apt-get -y install meson pkg-config ca-certificates
|
||||||
#cd /tmp
|
cd /tmp
|
||||||
#wget -O /tmp/glorytun-0.0.98-mud.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.98-mud/glorytun-0.0.98-mud.tar.gz
|
wget -O /tmp/glorytun-0.0.99-mud.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.99-mud/glorytun-0.0.99-mud.tar.gz
|
||||||
#tar xzf glorytun-0.0.98-mud.tar.gz
|
tar xzf glorytun-0.0.99-mud.tar.gz
|
||||||
#cd glorytun-0.0.98-mud
|
cd glorytun-0.0.99-mud
|
||||||
#meson build
|
meson build
|
||||||
#ninja -C build install
|
ninja -C build install
|
||||||
#sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network
|
sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network
|
||||||
#rm /lib/systemd/system/glorytun*
|
rm /lib/systemd/system/glorytun*
|
||||||
#rm /lib/systemd/network/glorytun*
|
rm /lib/systemd/network/glorytun*
|
||||||
#wget -O /usr/local/bin/glorytun-run http://www.openmptcprouter.com/server/glorytun-udp-run
|
wget -O /usr/local/bin/glorytun-run http://www.openmptcprouter.com/server/glorytun-udp-run
|
||||||
#chmod 755 /usr/local/bin/glorytun-run
|
chmod 755 /usr/local/bin/glorytun-run
|
||||||
#wget -O /lib/systemd/system/glorytun-udp@.service http://www.openmptcprouter.com/server/glorytun-udp%40.service.in
|
wget -O /lib/systemd/system/glorytun-udp@.service http://www.openmptcprouter.com/server/glorytun-udp%40.service.in
|
||||||
#wget -O /lib/systemd/network/glorytun-udp.network http://www.openmptcprouter.com/server/glorytun-udp.network
|
wget -O /lib/systemd/network/glorytun-udp.network http://www.openmptcprouter.com/server/glorytun-udp.network
|
||||||
#mkdir -p /etc/glorytun-udp
|
mkdir -p /etc/glorytun-udp
|
||||||
#wget -O /etc/glorytun-udp/tun0 http://www.openmptcprouter.com/server/tun0.glorytun-udp
|
wget -O /etc/glorytun-udp/tun0 http://www.openmptcprouter.com/server/tun0.glorytun-udp
|
||||||
#echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key
|
echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key
|
||||||
#systemctl enable glorytun-udp@tun0.service
|
systemctl enable glorytun-udp@tun0.service
|
||||||
#systemctl enable systemd-networkd.service
|
systemctl enable systemd-networkd.service
|
||||||
#cd /tmp
|
cd /tmp
|
||||||
#rm -r /tmp/glorytun-0.0.98-mud
|
rm -r /tmp/glorytun-0.0.99-mud
|
||||||
|
|
||||||
|
|
||||||
# Install Glorytun TCP
|
# Install Glorytun TCP
|
||||||
|
@ -127,8 +131,6 @@ make
|
||||||
cp glorytun /usr/local/bin/glorytun-tcp
|
cp glorytun /usr/local/bin/glorytun-tcp
|
||||||
wget -O /usr/local/bin/glorytun-tcp-run http://www.openmptcprouter.com/server/glorytun-tcp-run
|
wget -O /usr/local/bin/glorytun-tcp-run http://www.openmptcprouter.com/server/glorytun-tcp-run
|
||||||
chmod 755 /usr/local/bin/glorytun-tcp-run
|
chmod 755 /usr/local/bin/glorytun-tcp-run
|
||||||
wget -O /usr/local/bin/omr-6in4 http://www.openmptcprouter.com/server/omr-6in4
|
|
||||||
chmod 755 /usr/local/bin/omr-6in4
|
|
||||||
wget -O /lib/systemd/system/glorytun-tcp@.service http://www.openmptcprouter.com/server/glorytun-tcp%40.service.in
|
wget -O /lib/systemd/system/glorytun-tcp@.service http://www.openmptcprouter.com/server/glorytun-tcp%40.service.in
|
||||||
wget -O /lib/systemd/network/glorytun-tcp.network http://www.openmptcprouter.com/server/glorytun.network
|
wget -O /lib/systemd/network/glorytun-tcp.network http://www.openmptcprouter.com/server/glorytun.network
|
||||||
mkdir -p /etc/glorytun-tcp
|
mkdir -p /etc/glorytun-tcp
|
||||||
|
@ -144,6 +146,14 @@ if ! grep -q tun /etc/modules ; then
|
||||||
echo tun >> /etc/modules
|
echo tun >> /etc/modules
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Add 6in4 support
|
||||||
|
wget -O /usr/local/bin/omr-6in4 http://www.openmptcprouter.com/server/omr-6in4
|
||||||
|
chmod 755 /usr/local/bin/omr-6in4
|
||||||
|
wget -O /usr/local/bin/omr-6in4-service http://www.openmptcprouter.com/server/omr-6in4-service
|
||||||
|
chmod 755 /usr/local/bin/omr-6in4-service
|
||||||
|
wget -O /lib/systemd/system/omr-6in4.service http://www.openmptcprouter.com/server/omr-6in4.service.in
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Change SSH port to 65222
|
# Change SSH port to 65222
|
||||||
sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config
|
sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config
|
||||||
|
@ -170,9 +180,9 @@ systemctl enable shorewall6
|
||||||
|
|
||||||
# Add OpenMPTCProuter VPS script version to /etc/motd
|
# Add OpenMPTCProuter VPS script version to /etc/motd
|
||||||
if grep --quiet 'OpenMPTCProuter VPS' /etc/motd; then
|
if grep --quiet 'OpenMPTCProuter VPS' /etc/motd; then
|
||||||
sed -i 's:< OpenMPTCProuter VPS [0-9]*\.[0-9]* >:< OpenMPCTProuter VPS 0.18 >:' /etc/motd
|
sed -i 's:< OpenMPTCProuter VPS [0-9]*\.[0-9]* >:< OpenMPCTProuter VPS 0.19 >:' /etc/motd
|
||||||
else
|
else
|
||||||
echo '< OpenMPCTProuter VPS 0.18 >' >> /etc/motd
|
echo '< OpenMPCTProuter VPS 0.19 >' >> /etc/motd
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Display important info
|
# Display important info
|
||||||
|
|
|
@ -6,8 +6,6 @@ After=network.target network-online.target
|
||||||
Type=simple
|
Type=simple
|
||||||
Restart=always
|
Restart=always
|
||||||
ExecStart=/usr/local/bin/glorytun-tcp-run /etc/glorytun-tcp/%i
|
ExecStart=/usr/local/bin/glorytun-tcp-run /etc/glorytun-tcp/%i
|
||||||
ExecStartPost=/usr/local/bin/omr-6in4 /etc/glorytun-tcp/%i start
|
|
||||||
ExecStopPost=/usr/local/bin/omr-6in4 /etc/glorytun-tcp/%i stop
|
|
||||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
@ -12,7 +12,8 @@ fi
|
||||||
DEV="gt${HOST:+c}-udp-$(basename "$1")"
|
DEV="gt${HOST:+c}-udp-$(basename "$1")"
|
||||||
|
|
||||||
exec glorytun \
|
exec glorytun \
|
||||||
bind $BIND $BIND_PORT
|
bind $BIND $BIND_PORT \
|
||||||
|
keyfile "$1".key \
|
||||||
${DEV:+dev "$DEV"} \
|
${DEV:+dev "$DEV"} \
|
||||||
${HOST:+to "$HOST" "$PORT"} \
|
${HOST:+to "$HOST" "$PORT"} \
|
||||||
${OPTIONS:+$OPTIONS}
|
${OPTIONS:+$OPTIONS}
|
||||||
|
|
|
@ -11,6 +11,7 @@ IPMasquerade=yes
|
||||||
PoolOffset=2
|
PoolOffset=2
|
||||||
PoolSize=1
|
PoolSize=1
|
||||||
EmitDNS=no
|
EmitDNS=no
|
||||||
|
EmitNTP=no
|
||||||
DNS=9.9.9.9
|
DNS=9.9.9.9
|
||||||
DefaultLeaseTimeSec=12h
|
DefaultLeaseTimeSec=12h
|
||||||
MaxLeaseTimeSec=24h
|
MaxLeaseTimeSec=24h
|
|
@ -6,7 +6,7 @@ After=network.target network-online.target
|
||||||
Type=simple
|
Type=simple
|
||||||
Restart=always
|
Restart=always
|
||||||
EnvironmentFile=/etc/glorytun-udp/%i
|
EnvironmentFile=/etc/glorytun-udp/%i
|
||||||
ExecStart=/usr/local/bin/glorytun-udp-run keyfile /etc/glorytun-udp/%i.key
|
ExecStart=/usr/local/bin/glorytun-udp-run /etc/glorytun-udp/%i
|
||||||
CapabilityBoundingSet=CAP_NET_ADMIN
|
CapabilityBoundingSet=CAP_NET_ADMIN
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
@ -11,6 +11,7 @@ IPMasquerade=yes
|
||||||
PoolOffset=2
|
PoolOffset=2
|
||||||
PoolSize=1
|
PoolSize=1
|
||||||
EmitDNS=no
|
EmitDNS=no
|
||||||
|
EmitNTP=no
|
||||||
DNS=9.9.9.9
|
DNS=9.9.9.9
|
||||||
DefaultLeaseTimeSec=12h
|
DefaultLeaseTimeSec=12h
|
||||||
MaxLeaseTimeSec=24h
|
MaxLeaseTimeSec=24h
|
56
omr-6in4-service
Executable file
56
omr-6in4-service
Executable file
|
@ -0,0 +1,56 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# OpenMPTCProuter VPS 6in4 service script
|
||||||
|
|
||||||
|
if [ "$1" = "stop" ] && [ "$(ip link show omr-6in4 up)" ]; then
|
||||||
|
ip route del fd00::/8 via fe80::a00:2 dev omr-6in4
|
||||||
|
ip link set omr-6in4 down
|
||||||
|
ip tunnel del omr-6in4
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Add IPv6 tunnel
|
||||||
|
if [ "$(ip link show omr-6in4 up)" ]; then
|
||||||
|
ip tunnel change omr-6in4 mode sit remote 10.0.0.2 local 10.0.0.1
|
||||||
|
else
|
||||||
|
ip tunnel add omr-6in4 mode sit remote 10.0.0.2 local 10.0.0.1
|
||||||
|
fi
|
||||||
|
ip link set omr-6in4 up
|
||||||
|
ip route replace fd00::/8 via fe80::a00:2 dev omr-6in4
|
||||||
|
|
||||||
|
_ping() {
|
||||||
|
local host=$1
|
||||||
|
ret=$(ping -4 "${host}" \
|
||||||
|
-W 5 \
|
||||||
|
-c 1 \
|
||||||
|
-q
|
||||||
|
) && echo "$ret" | grep -sq "0% packet loss" && {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
false
|
||||||
|
}
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
currentaddr=$(ip addr show omr-6in4 | grep link/sit | awk '{print $2}' | tr -d "\n")
|
||||||
|
currentpeer=$(ip addr show omr-6in4 | grep link/sit | awk '{print $4}' | tr -d "\n")
|
||||||
|
if [ -n "$currentpeer" ]; then
|
||||||
|
_ping $currentpeer
|
||||||
|
status=$?
|
||||||
|
if ! $(exit $status); then
|
||||||
|
allip_tcp=$(ip -4 addr show gt-tun0 | grep inet)
|
||||||
|
allip_udp=$(ip -4 addr show gt-udp-tun0 | grep inet)
|
||||||
|
allip="$allip_tcp
|
||||||
|
$allip_udp"
|
||||||
|
while IFS= read -r inet; do
|
||||||
|
ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n")
|
||||||
|
ipd=$(echo $ip | sed 's/.1/.2/' | tr -d "\n")
|
||||||
|
_ping $ipd
|
||||||
|
status=$?
|
||||||
|
if $(exit $status); then
|
||||||
|
ip tunnel change omr-6in4 mode sit remote $ipd local $ip
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done < <(printf '%s\n' "$allip")
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
sleep 5
|
||||||
|
done
|
13
omr-6in4.service.in
Normal file
13
omr-6in4.service.in
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
[Unit]
|
||||||
|
Description=OMR-6in4
|
||||||
|
After=network.target network-online.target glorytun-tcp@.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Restart=always
|
||||||
|
ExecStart=/usr/local/bin/omr-6in4-service
|
||||||
|
ExecStop=/usr/local/bin/omr-6in4-service stop
|
||||||
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -14,6 +14,7 @@
|
||||||
?FORMAT 2
|
?FORMAT 2
|
||||||
###############################################################################
|
###############################################################################
|
||||||
#ZONE INTERFACE OPTIONS
|
#ZONE INTERFACE OPTIONS
|
||||||
net eth0 dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0
|
net eth0 dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0
|
||||||
vpn gt-tun0 nosmurfs,routefilter,logmartians,tcpflags
|
vpn gt-tun0 nosmurfs,routefilter,logmartians,tcpflags
|
||||||
|
vpn gt-udp-tun0 nosmurfs,routefilter,logmartians,tcpflags
|
||||||
|
|
||||||
|
|
|
@ -55,7 +55,12 @@ ACCEPT net $FW tcp 65222
|
||||||
#
|
#
|
||||||
DHCPfwd(ACCEPT) $FW vpn
|
DHCPfwd(ACCEPT) $FW vpn
|
||||||
#
|
#
|
||||||
# Redirect all port from 1 to 64999 to the VPN client from the network
|
# Redirect all port from 1 to 64999 to the VPN UDP client from the network
|
||||||
|
#
|
||||||
|
#DNAT net vpn:10.0.1.2 tcp 1-64999
|
||||||
|
#DNAT net vpn:10.0.1.2 udp 1-64999
|
||||||
|
#
|
||||||
|
# Redirect all port from 1 to 64999 to the VPN TCP client from the network
|
||||||
#
|
#
|
||||||
#DNAT net vpn:10.0.0.2 tcp 1-64999
|
#DNAT net vpn:10.0.0.2 tcp 1-64999
|
||||||
#DNAT net vpn:10.0.0.2 udp 1-64999
|
#DNAT net vpn:10.0.0.2 udp 1-64999
|
||||||
|
|
|
@ -20,4 +20,5 @@ MASQUERADE 10.0.0.0/8,\
|
||||||
172.16.0.0/12,\
|
172.16.0.0/12,\
|
||||||
192.168.0.0/16 eth0
|
192.168.0.0/16 eth0
|
||||||
# SNAT from VPN server for all VPN clients
|
# SNAT from VPN server for all VPN clients
|
||||||
SNAT(10.0.0.1) 0.0.0.0/0 gt-tun0
|
SNAT(10.0.0.1) 0.0.0.0/0 gt-tun0
|
||||||
|
SNAT(10.0.1.1) 0.0.0.0/0 gt-udp-tun0
|
||||||
|
|
|
@ -15,4 +15,6 @@
|
||||||
# PORT(S) PORT(S)
|
# PORT(S) PORT(S)
|
||||||
ACCEPT gt-tun0 -
|
ACCEPT gt-tun0 -
|
||||||
ACCEPT - gt-tun0
|
ACCEPT - gt-tun0
|
||||||
|
ACCEPT gt-udp-tun0 -
|
||||||
|
ACCEPT - gt-udp-tun0
|
||||||
|
|
||||||
|
|
22
update-grub.sh
Executable file
22
update-grub.sh
Executable file
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/bash
|
||||||
|
kernel=$1
|
||||||
|
[ -z "$kernel" ] && exit 0
|
||||||
|
|
||||||
|
config_file="$(find /boot/grub* -maxdepth 1 -name grub.cfg 2>/dev/null)"
|
||||||
|
[ $config_file ] || exit 0
|
||||||
|
|
||||||
|
deflt_file="$(find /etc/default \( -name grub -o -name grub2 \) 2>/dev/null)"
|
||||||
|
[ $deflt_file ] || exit 0
|
||||||
|
|
||||||
|
if [ -z "$(grep -m 1 vmlinuz $config_file | grep $kernel)" ]; then
|
||||||
|
x=0
|
||||||
|
sed -n -e 's@\([^'\"\'']*\)['\"\'']\([^'\"\'']*\).*@\1\2@' -e '/\(menuentry\) /p' <$config_file | \
|
||||||
|
while IFS= read ln
|
||||||
|
do
|
||||||
|
if [ -n "$(echo $ln | grep $kernel)" ]; then
|
||||||
|
sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"$x\"@" $deflt_file
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
x=$(expr $x + 1)
|
||||||
|
done | sed 's@\(menuentry\) @@'
|
||||||
|
fi
|
Loading…
Add table
Add a link
Reference in a new issue