1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-03-09 15:50:00 +00:00

Fix conflict

This commit is contained in:
Ycarus (Yannick Chabanois) 2020-02-21 17:13:54 +01:00
commit 0e9ccb525c
11 changed files with 135 additions and 74 deletions

View file

@ -19,28 +19,26 @@ INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev
KERNEL_VERSION="4.19.80"
KERNEL_PACKAGE_VERSION="1.6+c62d9f6"
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
GLORYTUN_UDP_VERSION="b9aaab661fb879e891d34a91b5d2e78088fd9d9d"
GLORYTUN_UDP_VERSION="7f30cdc5ee2e89f0008144ad71f4c0bd4215a0f4"
#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
OMR_ADMIN_VERSION="f3b3a4dbe1cbd2d45ebb80d12ec365c56369ffea"
OMR_ADMIN_VERSION="4ed9794b3ccc75d0d0bc01dc4d2ae689e51bb3de"
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
#V2RAY_VERSION="v1.1.0"
V2RAY_VERSION="v1.2.0-2-g68e2207"
V2RAY_VERSION="v1.2.0-8-g59b8f4f"
EASYRSA_VERSION="3.0.6"
SHADOWSOCKS_VERSION="3.3.3"
VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
VPSPATH="server"
OMR_VERSION="0.1008"
OMR_VERSION="0.1009"
set -e
umask 0022
export LC_ALL=C
export PATH=$PATH:/sbin
export DEBIAN_FRONTEND=noninteractive
rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend
# Check Linux version
if test -f /etc/os-release ; then
@ -59,6 +57,19 @@ elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
exit 1
fi
# Check if DPKG is locked and for broken packages
#dpkg -i /dev/zero 2>/dev/null
#if [ "$?" -eq 2 ]; then
# echo "E: dpkg database is locked. Check that an update is not running in background..."
# exit 1
#fi
apt-get check >/dev/null 2>&1
if [ "$?" -ne 0 ]; then
echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..."
exit 1
fi
# Fix old string...
if [ -f /etc/motd ] && grep --quiet 'OpenMPCTProuter VPS' /etc/motd ; then
sed -i 's/OpenMPCTProuter/OpenMPTCProuter/g' /etc/motd
@ -162,6 +173,8 @@ wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea0156
patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch
wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch
patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch
# Shadowsocks eBPF support
#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch
#patch -p1 < 030-eBPF.patch
@ -240,24 +253,24 @@ if ! grep -q mctcp_desync /etc/modules ; then
echo mctcp_desync >> /etc/modules
fi
# Load ndiffports module at boot time
if ! grep -q mctcp_ndiffports /etc/modules ; then
echo mctcp_ndiffports >> /etc/modules
if ! grep -q mptcp_ndiffports /etc/modules ; then
echo mptcp_ndiffports >> /etc/modules
fi
# Load redundant module at boot time
if ! grep -q mctcp_redundant /etc/modules ; then
echo mctcp_redundant >> /etc/modules
if ! grep -q mptcp_redundant /etc/modules ; then
echo mptcp_redundant >> /etc/modules
fi
# Load rr module at boot time
if ! grep -q mctcp_rr /etc/modules ; then
echo mctcp_rr >> /etc/modules
if ! grep -q mptcp_rr /etc/modules ; then
echo mptcp_rr >> /etc/modules
fi
# Load mctcp ECF scheduler at boot time
if ! grep -q mctcp_ecf /etc/modules ; then
echo mctcp_ecf >> /etc/modules
if ! grep -q mptcp_ecf /etc/modules ; then
echo mptcp_ecf >> /etc/modules
fi
# Load mctcp BLEST scheduler at boot time
if ! grep -q mctcp_blest /etc/modules ; then
echo mctcp_blest >> /etc/modules
if ! grep -q mptcp_blest /etc/modules ; then
echo mptcp_blest >> /etc/modules
fi
if systemctl -q is-active omr-admin.service; then
@ -295,10 +308,17 @@ if [ "$OMR_ADMIN" = "yes" ]; then
fi
#apt-get -y install unzip gunicorn python3-flask-restful python3-openssl python3-pip python3-setuptools python3-wheel
#apt-get -y install unzip python3-openssl python3-pip python3-setuptools python3-wheel
if [ "$ID" = "ubuntu" ]; then
apt-get -y install python3-passlib python3-netaddr
apt-get -y remove python3-jwt
pip3 -q install pyjwt
else
apt-get -y install python3-passlib python3-jwt python3-netaddr
fi
echo '-- pip3 install needed python modules'
#pip3 -q install flask-jwt-simple netjsonconfig
pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart
mkdir -p /etc/openmptcprouter-vps-admin
#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
pip3 -q install fastapi netjsonconfig python-multipart uvicorn
mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
mkdir -p /var/opt/openmptcprouter
wget -O /lib/systemd/system/omr-admin.service https://www.openmptcprouter.com/${VPSPATH}/omr-admin.service.in
wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
@ -308,8 +328,10 @@ if [ "$OMR_ADMIN" = "yes" ]; then
apt-get -y install jq
cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n")
[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
[ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
else
cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/
cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
@ -340,8 +362,14 @@ if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then
#wget -O /etc/shadowsocks-libev/config.json https://www.openmptcprouter.com/${VPSPATH}/config.json
wget -O /etc/shadowsocks-libev/manager.json https://www.openmptcprouter.com/${VPSPATH}/manager.json
SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;')
if [ $NBCPU -gt 1 ]; then
for i in $NBCPU; do
sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json
done
fi
#sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json
sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json
[ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json
fi
[ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl
#sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json
@ -480,19 +508,25 @@ if [ "$OPENVPN" = "yes" ]; then
cd /tmp
tar xzvf EasyRSA-unix-v${EASYRSA_VERSION}.tgz
cd /tmp/EasyRSA-v${EASYRSA_VERSION}
mkdir -p /etc/openvpn/ca/pki/private /etc/openvpn/ca/pki/issued
./easyrsa init-pki
./easyrsa --batch build-ca nopass
EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass
EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "openmptcprouter" nopass
EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
mv pki/ca.crt /etc/openvpn/ca/pki/ca.crt
mv pki/private/ca.key /etc/openvpn/ca/pki/private/ca.key
mv pki/issued/server.crt /etc/openvpn/ca/pki/issued/server.crt
mv pki/private/server.key /etc/openvpn/ca/pki/private/server.key
mv pki/crl.pem /etc/openvpn/ca/pki/crl.pem
mv pki/issued/openmptcprouter.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt
mv pki/private/openmptcprouter.key /etc/openvpn/ca/pki/private/openmptcprouter.key
mkdir /etc/openvpn/ca
cp easyrsa /etc/openvpn/ca/
cp openssl-easyrsa.cnf /etc/openvpn/ca/
cp vars.example /etc/openvpn/ca/vars
cp -r x509-types /etc/openvpn/ca/
#mkdir -p /etc/openvpn/ca/pki/private /etc/openvpn/ca/pki/issued
#./easyrsa init-pki
#./easyrsa --batch build-ca nopass
#EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass
#EASYRSA_CERT_EXPIRE=3650 EASYRSA_REQ_CN=openmptcprouter ./easyrsa build-client-full "openmptcprouter" nopass
#EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
#mv pki/ca.crt /etc/openvpn/ca/pki/ca.crt
#mv pki/private/ca.key /etc/openvpn/ca/pki/private/ca.key
#mv pki/issued/server.crt /etc/openvpn/ca/pki/issued/server.crt
#mv pki/private/server.key /etc/openvpn/ca/pki/private/server.key
#mv pki/crl.pem /etc/openvpn/ca/pki/crl.pem
#mv pki/issued/openmptcprouter.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt
#mv pki/private/openmptcprouter.key /etc/openvpn/ca/pki/private/openmptcprouter.key
fi
if [ -f "/etc/openvpn/server/server.crt" ]; then
@ -528,6 +562,7 @@ if [ "$OPENVPN" = "yes" ]; then
fi
wget -O /etc/openvpn/tun0.conf https://www.openmptcprouter.com/${VPSPATH}/openvpn-tun0.conf
wget -O /etc/openvpn/tun1.conf https://www.openmptcprouter.com/${VPSPATH}/openvpn-tun1.conf
mkdir -p /etc/openvpn/ccd
systemctl enable openvpn@tun0.service
systemctl enable openvpn@tun1.service
fi
@ -554,8 +589,11 @@ rm /lib/systemd/network/glorytun*
wget -O /usr/local/bin/glorytun-udp-run https://www.openmptcprouter.com/${VPSPATH}/glorytun-udp-run
chmod 755 /usr/local/bin/glorytun-udp-run
wget -O /lib/systemd/system/glorytun-udp@.service https://www.openmptcprouter.com/${VPSPATH}/glorytun-udp%40.service.in
wget -O /lib/systemd/network/glorytun-udp.network https://www.openmptcprouter.com/${VPSPATH}/glorytun-udp.network
#wget -O /lib/systemd/network/glorytun-udp.network https://www.openmptcprouter.com/${VPSPATH}/glorytun-udp.network
rm -f /lib/systemd/network/glorytun-udp.network
mkdir -p /etc/glorytun-udp
wget -O /etc/glorytun-udp/post.sh https://www.openmptcprouter.com/${VPSPATH}/glorytun-udp-post.sh
chmod 755 /etc/glorytun-udp/post.sh
wget -O /etc/glorytun-udp/tun0 https://www.openmptcprouter.com/${VPSPATH}/tun0.glorytun-udp
if [ "$update" = "0" ] || [ ! -f /etc/glorytun-udp/tun0.key ]; then
echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key
@ -575,6 +613,7 @@ if [ "$DSVPN" = "yes" ]; then
echo 'A Dead Simple VPN'
# Install A Dead Simple VPN
if systemctl -q is-active dsvpn-server.service; then
systemctl -q disable dsvpn-server > /dev/null 2>&1
systemctl -q stop dsvpn-server > /dev/null 2>&1
fi
rm -f /var/lib/dpkg/lock
@ -590,12 +629,19 @@ if [ "$DSVPN" = "yes" ]; then
make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL'
make install
rm -f /lib/systemd/system/dsvpn/*
wget -O /lib/systemd/system/dsvpn-server.service https://www.openmptcprouter.com/${VPSPATH}/dsvpn-server.service.in
#wget -O /lib/systemd/system/dsvpn-server.service https://www.openmptcprouter.com/${VPSPATH}/dsvpn-server.service.in
wget -O /usr/local/bin/dsvpn-run https://www.openmptcprouter.com/${VPSPATH}/dsvpn-run
chmod 755 /usr/local/bin/dsvpn-run
wget -O /lib/systemd/system/dsvpn-server@.service https://www.openmptcprouter.com/${VPSPATH}/dsvpn-server%40.service.in
mkdir -p /etc/dsvpn
if [ "$update" = "0" ] || [ ! -f /etc/dsvpn/dsvpn.key ]; then
echo "$DSVPN_PASS" > /etc/dsvpn/dsvpn.key
wget -O /etc/dsvpn/dsvpn0 https://www.openmptcprouter.com/${VPSPATH}/dsvpn0-config
if [ -f /etc/dsvpn/dsvpn.key ]; then
mv /etc/dsvpn/dsvpn.key /etc/dsvpn/dsvpn0.key
fi
systemctl enable dsvpn-server.service
if [ "$update" = "0" ] || [ ! -f /etc/dsvpn/dsvpn0.key ]; then
echo "$DSVPN_PASS" > /etc/dsvpn/dsvpn0.key
fi
systemctl enable dsvpn-server@dsvpn0.service
cd /tmp
rm -rf /tmp/dsvpn
fi
@ -628,8 +674,11 @@ cp glorytun /usr/local/bin/glorytun-tcp
wget -O /usr/local/bin/glorytun-tcp-run https://www.openmptcprouter.com/${VPSPATH}/glorytun-tcp-run
chmod 755 /usr/local/bin/glorytun-tcp-run
wget -O /lib/systemd/system/glorytun-tcp@.service https://www.openmptcprouter.com/${VPSPATH}/glorytun-tcp%40.service.in
wget -O /lib/systemd/network/glorytun-tcp.network https://www.openmptcprouter.com/${VPSPATH}/glorytun.network
#wget -O /lib/systemd/network/glorytun-tcp.network https://www.openmptcprouter.com/${VPSPATH}/glorytun.network
rm -f /lib/systemd/network/glorytun-tcp.network
mkdir -p /etc/glorytun-tcp
wget -O /etc/glorytun-tcp/post.sh https://www.openmptcprouter.com/${VPSPATH}/glorytun-tcp-post.sh
chmod 755 /etc/glorytun-tcp/post.sh
wget -O /etc/glorytun-tcp/tun0 https://www.openmptcprouter.com/${VPSPATH}/tun0.glorytun
if [ "$update" = "0" ]; then
echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key
@ -649,14 +698,17 @@ wget -O /usr/local/bin/multipath https://www.openmptcprouter.com/${VPSPATH}/mult
chmod 755 /usr/local/bin/multipath
# Add OpenMPTCProuter service
wget -O /usr/local/bin/omr-service https://www.openmptcprouter.com/${VPSPATH}/omr-service
chmod 755 /usr/local/bin/omr-service
wget -O /lib/systemd/system/omr.service https://www.openmptcprouter.com/${VPSPATH}/omr.service.in
#wget -O /usr/local/bin/omr-service https://www.openmptcprouter.com/${VPSPATH}/omr-service
#chmod 755 /usr/local/bin/omr-service
#wget -O /lib/systemd/system/omr.service https://www.openmptcprouter.com/${VPSPATH}/omr.service.in
wget -O /usr/local/bin/omr-6in4-run https://www.openmptcprouter.com/${VPSPATH}/omr-6in4-run
chmod 755 /usr/local/bin/omr-6in4-run
wget -O /lib/systemd/system/omr6in4@.service https://www.openmptcprouter.com/${VPSPATH}/omr6in4%40.service.in
if systemctl -q is-active omr-6in4.service; then
systemctl -q stop omr-6in4 > /dev/null 2>&1
systemctl -q disable omr-6in4 > /dev/null 2>&1
fi
systemctl enable omr.service
#systemctl enable omr.service
# Change SSH port to 65222
sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config
@ -688,6 +740,7 @@ else
wget -O /etc/shorewall/stoppedrules https://www.openmptcprouter.com/${VPSPATH}/shorewall4/stoppedrules
wget -O /etc/shorewall/tcinterfaces https://www.openmptcprouter.com/${VPSPATH}/shorewall4/tcinterfaces
wget -O /etc/shorewall/shorewall.conf https://www.openmptcprouter.com/${VPSPATH}/shorewall4/shorewall.conf
wget -O /etc/shorewall/policy https://www.openmptcprouter.com/${VPSPATH}/shorewall4/policy
wget -O /etc/shorewall/params https://www.openmptcprouter.com/${VPSPATH}/shorewall4/params
wget -O /etc/shorewall/params.vpn https://www.openmptcprouter.com/${VPSPATH}/shorewall4/params.vpn
wget -O /etc/shorewall/params.net https://www.openmptcprouter.com/${VPSPATH}/shorewall4/params.net
@ -791,7 +844,7 @@ if [ "$update" = "0" ]; then
echo $MLVPN_PASS
fi
if [ "$OMR_ADMIN" = "yes" ]; then
echo 'OpenMPTCProuter API Admin key: '
echo "OpenMPTCProuter API Admin key (only for configuration via API, you don't need it): "
echo $OMR_ADMIN_PASS_ADMIN
echo 'OpenMPTCProuter Server key: '
echo $OMR_ADMIN_PASS
@ -835,7 +888,7 @@ if [ "$update" = "0" ]; then
fi
if [ "$OMR_ADMIN" = "yes" ]; then
cat >> /root/openmptcprouter_config.txt <<-EOF
Your OpenMPTCProuter ADMIN API Server key: $OMR_ADMIN_PASS_ADMIN
Your OpenMPTCProuter ADMIN API Server key (only for configuration via API access, you don't need it): $OMR_ADMIN_PASS_ADMIN
Your OpenMPTCProuter Server key: $OMR_ADMIN_PASS
Your OpenMPTCProuter Server username: openmptcprouter
EOF
@ -856,7 +909,7 @@ else
fi
if [ "$DSVPN" = "yes" ]; then
echo 'Restarting dsvpn...'
systemctl -q start dsvpn-server
systemctl -q start dsvpn-server@dsvpn0
echo 'done'
fi
echo 'Restarting glorytun and omr...'
@ -874,16 +927,16 @@ else
echo 'Restarting OpenMPTCProuter VPS admin'
systemctl -q restart omr-admin
echo 'done'
if ! grep -q 'VPS Admin key' /root/openmptcprouter_config.txt ; then
if ! grep -q 'Server key' /root/openmptcprouter_config.txt ; then
cat >> /root/openmptcprouter_config.txt <<-EOF
Your OpenMPTCProuter Server key: $OMR_ADMIN_PASS
Your OpenMPTCProuter Server username: openmptcprouter
EOF
echo '===================================================================================='
echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
echo 'OpenMPTCProuter Server key (you need OpenMPTCProuter >= 0.42):'
echo 'OpenMPTCProuter Server key:'
echo $OMR_ADMIN_PASS
echo 'OpenMPTCProuter Server username (you need OpenMPTCProuter >= 0.42):'
echo 'OpenMPTCProuter Server username:'
echo 'openmptcprouter'
echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
echo '===================================================================================='

View file

@ -6,6 +6,7 @@ After=network.target network-online.target
Type=simple
Restart=always
ExecStart=/usr/local/bin/glorytun-tcp-run /etc/glorytun-tcp/%i
ExecStartPost=-/etc/glorytun-tcp/post.sh /etc/glorytun-tcp/%i
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
[Install]

View file

@ -7,6 +7,7 @@ Type=simple
Restart=always
EnvironmentFile=/etc/glorytun-udp/%i
ExecStart=/usr/local/bin/glorytun-udp-run /etc/glorytun-udp/%i
ExecStartPost=-/etc/glorytun-udp/post.sh /etc/glorytun-udp/%i
CapabilityBoundingSet=CAP_NET_ADMIN
[Install]

View file

@ -26,7 +26,7 @@ if [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
ip tunnel change omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
else
ip tunnel add omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
ip addr add fe80::a00:1/64 dev omr-6in4 >/dev/null 2>&1
ip addr add fe80::a00:1/126 dev omr-6in4 >/dev/null 2>&1
fi
ip link set omr-6in4 up
ip route replace fd00::/8 via fe80::a00:2 dev omr-6in4
@ -99,7 +99,7 @@ $allip_mlvpn"
ip tunnel change omr-6in4 mode sit remote $ipd local $ip
echo "VPS_ADDR=$ip" > /etc/shorewall/params.vpn
echo "OMR_ADDR=$ipd" >> /etc/shorewall/params.vpn
iface=$(ip -4 addr | grep $ip | awk '{print $7}' | tr -d "\n")
iface=$(ip -4 addr | grep $ip/ | awk '{print $7}' | tr -d "\n")
echo "VPS_IFACE=$iface" >> /etc/shorewall/params.vpn
systemctl reload shorewall
_multipath

View file

@ -1,4 +1,6 @@
dev tun0
user nobody
group nogroup
cipher AES-256-CBC
proto tcp
port 65301
@ -14,4 +16,9 @@ dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 120
sndbuf 0
rcvbuf 0
rcvbuf 0
tls-server
tls-version-min 1.2
#compress lzo
push "route 10.255.252.1 255.255.255.255"
client-config-dir ccd

View file

@ -15,10 +15,9 @@
###############################################################################
#ZONE INTERFACE OPTIONS
net $NET_IFACE dhcp,tcpflags,routefilter,nosmurfs,sourceroute=0
vpn gt-tun0 nosmurfs,routefilter,tcpflags
vpn gt-udp-tun0 nosmurfs,routefilter,tcpflags
vpn mlvpn0 nosmurfs,routefilter,tcpflags
vpn tun0 nosmurfs,routefilter,tcpflags
vpn tun1 nosmurfs,routefilter,tcpflags
vpn dsvpn0 nosmurfs,routefilter,tcpflags
vpn gt-tun+ nosmurfs,routefilter,tcpflags
vpn gt-udp-tun+ nosmurfs,routefilter,tcpflags
vpn mlvpn+ nosmurfs,routefilter,tcpflags
vpn tun+ nosmurfs,routefilter,tcpflags
vpn dsvpn+ nosmurfs,routefilter,tcpflags

View file

@ -18,6 +18,7 @@ vpn fw ACCEPT
fw vpn ACCEPT
fw net ACCEPT
net all DROP info
vpn vpn DROP
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
all all REJECT info

View file

@ -13,16 +13,14 @@
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE
# PORT(S) PORT(S)
ACCEPT gt-tun0 -
ACCEPT - gt-tun0
ACCEPT gt-udp-tun0 -
ACCEPT - gt-udp-tun0
ACCEPT mlvpn0 -
ACCEPT - mlvpn0
ACCEPT dsvpn0 -
ACCEPT - dsvpn0
ACCEPT tun0 -
ACCEPT - tun0
ACCEPT tun1 -
ACCEPT - tun1
ACCEPT gt-tun+ -
ACCEPT - gt-tun+
ACCEPT gt-udp-tun+ -
ACCEPT - gt-udp-tun+
ACCEPT mlvpn+ -
ACCEPT - mlvpn+
ACCEPT dsvpn+ -
ACCEPT - dsvpn+
ACCEPT tun+ -
ACCEPT - tun+

View file

@ -14,6 +14,6 @@
?FORMAT 2
###############################################################################
#ZONE INTERFACE OPTIONS
net $NET_IFACE dhcp,tcpflags,rpfilter,forward=1
vpn omr-6in4 tcpflags,forward=1
net $NET_IFACE dhcp,tcpflags,rpfilter,forward=1,routeback
vpn omr-6in4 tcpflags,forward=1,routeback

View file

@ -21,4 +21,5 @@
# net eth0 - dhcp,nosmurfs
#
###############################################################################
INCLUDE params.net
INCLUDE params.net
INCLUDE params.vpn

0
shorewall6/params.vpn Normal file
View file