From 148d3fbcd09f306387f2ce920423da046879ac28 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 12 Jun 2018 15:13:34 +0000 Subject: [PATCH] Add OpenVPN support and fix MLVPN support --- debian9-x86_64.sh | 27 ++++++++++++++++++++++----- openvpn-tun0.conf | 9 +++++++++ openvpn.network | 17 +++++++++++++++++ shorewall4/interfaces | 1 + shorewall4/stoppedrules | 2 ++ 5 files changed, 51 insertions(+), 5 deletions(-) create mode 100644 openvpn-tun0.conf create mode 100644 openvpn.network diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 0ca5d34..be16242 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -5,6 +5,7 @@ GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lowe NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")} OBFS=${OBFS:-no} MLVPN=${MLVPN:-no} +OPENVPN=${OPENVPN:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | awk '{print $5}' | tr -d "\n")} DEBIAN_VERSION=$(sed 's/\..*//' /etc/debian_version) @@ -105,10 +106,21 @@ fi if [ "$MLVPN" = "yes" ]; then cd /tmp - wget http://www.openmptcprouter.com/server/debian9-x86_64-mlvpn.sh - chmod u+x debian9-x86_64-mlvpn.sh + wget -O /tmp/debian9-x86_64-mlvpn.sh http://www.openmptcprouter.com/server/debian-x86_64-mlvpn.sh sh debian9-x86_64-mlvpn.sh - rm debian9-x86_64-mlvpn.sh +fi + +if [ "$OPENVPN" = "yes" ]; then + if systemctl -q is-active openvpn-server@tun0.service; then + systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 + fi + apt-get -y install openvpn + wget -O /lib/systemd/network/openvpn.network http://www.openmptcprouter.com/server/openvpn.network + if [ ! -f "/etc/openvpn/server/static.key" ]; then + wget -O /etc/openvpn/server/tun0.conf http://www.openmptcprouter.com/server/openvpn-tun0.conf + cd /etc/openvpn/server + openvpn --genkey --secret static.key + fi fi # Install Glorytun UDP @@ -221,9 +233,9 @@ fi # Add OpenMPTCProuter VPS script version to /etc/motd if grep --quiet 'OpenMPTCProuter VPS' /etc/motd; then - sed -i 's:< OpenMPTCProuter VPS [0-9]*\.[0-9]* >:< OpenMPCTProuter VPS 0.21 >:' /etc/motd + sed -i 's:< OpenMPTCProuter VPS [0-9]*\.[0-9]* >:< OpenMPCTProuter VPS 0.22 >:' /etc/motd else - echo '< OpenMPTCProuter VPS 0.21 >' >> /etc/motd + echo '< OpenMPTCProuter VPS 0.22 >' >> /etc/motd fi if [ "$update" = "0" ]; then @@ -277,6 +289,11 @@ else systemctl -q restart shorewall systemctl -q restart shorewall6 echo 'done' + if [ "$OPENVPN" = "yes" ]; then + echo 'Restarting OpenVPN' + systemctl -q restart openvpn-server@tun0 + echo 'done' + fi echo 'Restarting shadowsocks...' systemctl -q restart shadowsocks-libev echo 'done' diff --git a/openvpn-tun0.conf b/openvpn-tun0.conf new file mode 100644 index 0000000..fa7253a --- /dev/null +++ b/openvpn-tun0.conf @@ -0,0 +1,9 @@ +dev tun +secret /etc/openvpn/server/static.key +cipher AES-256-CBC +compress lz4 +proto tcp-server +port 65301 +persist-tun +persist-key + diff --git a/openvpn.network b/openvpn.network new file mode 100644 index 0000000..abdbd70 --- /dev/null +++ b/openvpn.network @@ -0,0 +1,17 @@ +[Match] +Name=tun* + +[Network] +Description=OpenVPN tunnel +Address=10.255.252.1/24 +DHCPServer=yes +IPMasquerade=yes + +[DHCPServer] +PoolOffset=2 +PoolSize=1 +EmitDNS=no +EmitNTP=no +DNS=9.9.9.9 +DefaultLeaseTimeSec=12h +MaxLeaseTimeSec=24h \ No newline at end of file diff --git a/shorewall4/interfaces b/shorewall4/interfaces index 3aa7d7d..7870b01 100644 --- a/shorewall4/interfaces +++ b/shorewall4/interfaces @@ -18,4 +18,5 @@ net eth0 dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0 vpn gt-tun0 nosmurfs,routefilter,logmartians,tcpflags vpn gt-udp-tun0 nosmurfs,routefilter,logmartians,tcpflags vpn mlvpn0 nosmurfs,routefilter,logmartians,tcpflags +vpn tun0 nosmurfs,routefilter,logmartians,tcpflags diff --git a/shorewall4/stoppedrules b/shorewall4/stoppedrules index 30fc23c..b276de9 100644 --- a/shorewall4/stoppedrules +++ b/shorewall4/stoppedrules @@ -19,4 +19,6 @@ ACCEPT gt-udp-tun0 - ACCEPT - gt-udp-tun0 ACCEPT mlvpn0 - ACCEPT - mlvpn0 +ACCEPT tun0 - +ACCEPT - tun0