mptcp/openmptcprouter-vps
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-03-09 15:50:00 +00:00
Code Issues Releases Wiki Activity

VPS script 0.1001

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2019-09-16 07:58:58 +02:00
parent c63225bb37
commit 3b7063139e
8 changed files with 113 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

97
debian9-x86_64.sh
View file

@ -1,6 +1,7 @@
#!/bin/sh #!/bin/sh
SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
#NBCPU=${NBCPU:-$(nproc --all | tr -d "\n")} #NBCPU=${NBCPU:-$(nproc --all | tr -d "\n")}
NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")} NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")}
OBFS=${OBFS:-yes} OBFS=${OBFS:-yes}
@ -11,20 +12,23 @@ OMR_ADMIN_PASS=${OMR_ADMIN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:low
MLVPN=${MLVPN:-yes} MLVPN=${MLVPN:-yes}
MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
OPENVPN=${OPENVPN:-yes} OPENVPN=${OPENVPN:-yes}
DSVPN=${DSVPN:-yes}
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
KERNEL_VERSION="4.19.56" KERNEL_VERSION="4.19.67"
#KERNEL_VERSION="4.14.110" #KERNEL_VERSION="4.14.110"
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_1.1+a289cca" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_1.4+4e10ec5"
#KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_1.0+4c83d3a" #KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_1.0+4c83d3a"
GLORYTUN_UDP_VERSION="5e89ebc55003b4af395ec58dce301046f9a3e7b7" GLORYTUN_UDP_VERSION="d451bc75b0c5784ce3851e8754fb824bffc3bcce"
MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
OBFS_VERSION="5cbfdcc28cdc912852cc3c99e3c7f5603d337805" OBFS_VERSION="5cbfdcc28cdc912852cc3c99e3c7f5603d337805"
OMR_ADMIN_VERSION="172a02677857b895539e1e5634dc4aeb6bb2ddfb" OMR_ADMIN_VERSION="bc84d257ef2e47fc3ae4469bb86ee1d8396aa6d8"
V2RAY_VERSION="v1.1.0" DSVPN_VERSION="57fb1bd5baf87c1e9b03833eb641897cab972895"
SHADOWSOCKS_VERSION="3.2.5" #V2RAY_VERSION="v1.1.0"
V2RAY_VERSION="v1.1.0-9-g2e56b2b"
SHADOWSOCKS_VERSION="3.3.1"
VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
OMR_VERSION="0.1000" OMR_VERSION="0.1001"
set -e set -e
umask 0022 umask 0022
@ -32,6 +36,7 @@ export LC_ALL=C
export PATH=$PATH:/sbin export PATH=$PATH:/sbin
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend
# Check Linux version # Check Linux version
if test -f /etc/os-release ; then if test -f /etc/os-release ; then
@ -42,11 +47,11 @@ fi
if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then
echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)" echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)"
exit 1 exit 1
elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ]; then elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ]; then
echo "This script only work with Ubuntu 18.04" echo "This script only work with Ubuntu 18.04 or Ubuntu 19.04"
exit 1 exit 1
elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
echo "This script only work with Ubuntu 18.04 or Debian Stretch (9.x)" echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)"
exit 1 exit 1
fi fi
@ -101,8 +106,11 @@ cd /boot
apt-get -y install rename curl apt-get -y install rename curl
rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
#apt-get -y install linux-mptcp #apt-get -y install linux-mptcp
dpkg --force-all -E -i /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
dpkg --force-all -E -i /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
# Check if mptcp kernel is grub default kernel # Check if mptcp kernel is grub default kernel
echo "Set MPTCP kernel as grub default..." echo "Set MPTCP kernel as grub default..."
@ -189,6 +197,10 @@ fi
if ! grep -q bbr /etc/modules ; then if ! grep -q bbr /etc/modules ; then
echo tcp_bbr >> /etc/modules echo tcp_bbr >> /etc/modules
fi fi
# Load mctcpdesync Congestion module at boot time
if ! grep -q mctcp_desync /etc/modules ; then
echo mctcp_desync >> /etc/modules
fi
if systemctl -q is-active omr-admin.service; then if systemctl -q is-active omr-admin.service; then
systemctl -q stop omr-admin > /dev/null 2>&1 systemctl -q stop omr-admin > /dev/null 2>&1
@ -227,6 +239,7 @@ if [ "$update" = "0" ]; then
SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;') SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;')
sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json
fi fi
[ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl
sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json
sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service
systemctl disable shadowsocks-libev systemctl disable shadowsocks-libev
@ -263,7 +276,8 @@ fi
if [ "$V2RAY" = "yes" ]; then if [ "$V2RAY" = "yes" ]; then
echo "Install v2ray plugin" echo "Install v2ray plugin"
rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz
wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz #wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz
wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz https://www.openmptcprouter.com/server/bin/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz
cd /tmp cd /tmp
tar xzvf v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz tar xzvf v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz
cp v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin cp v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
@ -307,6 +321,7 @@ if [ "$MLVPN" = "yes" ]; then
cd /tmp cd /tmp
git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn
#git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn #git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn
#git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn
cd /tmp/mlvpn cd /tmp/mlvpn
git checkout ${MLVPN_VERSION} git checkout ${MLVPN_VERSION}
./autogen.sh ./autogen.sh
@ -314,6 +329,7 @@ if [ "$MLVPN" = "yes" ]; then
make make
make install make install
wget -O /lib/systemd/network/mlvpn.network https://www.openmptcprouter.com/server/mlvpn.network wget -O /lib/systemd/network/mlvpn.network https://www.openmptcprouter.com/server/mlvpn.network
wget -O /lib/systemd/system/mlvpn@.service https://www.openmptcprouter.com/server/mlvpn@.service.in
mkdir -p /etc/mlvpn mkdir -p /etc/mlvpn
if [ "$mlvpnupdate" = "0" ]; then if [ "$mlvpnupdate" = "0" ]; then
wget -O /etc/mlvpn/mlvpn0.conf https://www.openmptcprouter.com/server/mlvpn0.conf wget -O /etc/mlvpn/mlvpn0.conf https://www.openmptcprouter.com/server/mlvpn0.conf
@ -381,6 +397,34 @@ systemctl enable systemd-networkd.service
cd /tmp cd /tmp
rm -rf /tmp/glorytun-udp rm -rf /tmp/glorytun-udp
if [ "$DSVPN" = "yes" ]; then
echo 'A Dead Simple VPN'
# Install A Dead Simple VPN
if systemctl -q is-active dsvpn-server.service; then
systemctl -q stop dsvpn-server > /dev/null 2>&1
fi
rm -f /var/lib/dpkg/lock
apt-get install -y --no-install-recommends build-essential git ca-certificates
rm -rf /tmp/dsvpn
cd /tmp
git clone https://github.com/jedisct1/dsvpn.git /tmp/dsvpn
cd /tmp/dsvpn
git checkout ${DSVPN_VERSION}
wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/13b8d06d41f92f5599cdf1f453771c64d67dda7a/dsvpn/patches/nofirewall.patch
patch -p1 < nofirewall.patch
make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL'
make install
rm -f /lib/systemd/system/dsvpn/*
wget -O /lib/systemd/system/dsvpn-server.service https://www.openmptcprouter.com/server/dsvpn-server.service.in
mkdir -p /etc/dsvpn
if [ "$update" = "0" ]; then
echo "$DSVPN_PASS" > /etc/dsvpn/dsvpn.key
fi
systemctl enable dsvpn-server.service
cd /tmp
rm -rf /tmp/dsvpn
fi
# Install Glorytun TCP # Install Glorytun TCP
if systemctl -q is-active glorytun-tcp@tun0.service; then if systemctl -q is-active glorytun-tcp@tun0.service; then
systemctl -q stop glorytun-tcp@tun0 > /dev/null 2>&1 systemctl -q stop glorytun-tcp@tun0 > /dev/null 2>&1
@ -447,6 +491,7 @@ sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config
# Remove fail2ban if available # Remove fail2ban if available
#systemctl -q disable fail2ban #systemctl -q disable fail2ban
if [ "$update" = "0" ]; then if [ "$update" = "0" ]; then
# Install and configure the firewall using shorewall # Install and configure the firewall using shorewall
apt-get -y install shorewall shorewall6 apt-get -y install shorewall shorewall6
@ -536,12 +581,12 @@ fi
if [ "$update" = "0" ]; then if [ "$update" = "0" ]; then
# Display important info # Display important info
echo '====================================================================================' echo '===================================================================================='
echo "OpenMPTCProuter VPS $OMR_VERSION is now installed !" echo "OpenMPTCProuter Server $OMR_VERSION is now installed !"
echo 'SSH port: 65222 (instead of port 22)' echo 'SSH port: 65222 (instead of port 22)'
if [ "$OMR_ADMIN" = "yes" ]; then if [ "$OMR_ADMIN" = "yes" ]; then
echo '====================================================================================' echo '===================================================================================='
echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
echo 'OpenMPTCProuter VPS admin key (you need OpenMPTCProuter >= 0.42):' echo 'OpenMPTCProuter Server key (you need OpenMPTCProuter >= 0.42):'
echo $OMR_ADMIN_PASS echo $OMR_ADMIN_PASS
echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
echo '====================================================================================' echo '===================================================================================='
@ -554,6 +599,11 @@ if [ "$update" = "0" ]; then
echo 'Glorytun encryption: chacha20' echo 'Glorytun encryption: chacha20'
echo 'Your glorytun key: ' echo 'Your glorytun key: '
echo $GLORYTUN_PASS echo $GLORYTUN_PASS
if [ "$DSVPN" = "yes" ]; then
echo 'A Dead Simple VPN port: 65011'
echo 'A Dead Simple VPN key: '
echo $DSVPN_PASS
fi
if [ "$MLVPN" = "yes" ]; then if [ "$MLVPN" = "yes" ]; then
echo 'MLVPN first port: 65201' echo 'MLVPN first port: 65201'
echo 'Your MLVPN password: ' echo 'Your MLVPN password: '
@ -582,6 +632,12 @@ if [ "$update" = "0" ]; then
Glorytun encryption: chacha20 Glorytun encryption: chacha20
Your glorytun key: ${GLORYTUN_PASS} Your glorytun key: ${GLORYTUN_PASS}
EOF EOF
if [ "$DSVPN" = "yes" ]; then
cat >> /root/openmptcprouter_config.txt <<-EOF
A Dead Simple VPN port: 65011
A Dead Simple VPN key: ${DSVPN_PASS}
EOF
fi
if [ "$MLVPN" = "yes" ]; then if [ "$MLVPN" = "yes" ]; then
cat >> /root/openmptcprouter_config.txt <<-EOF cat >> /root/openmptcprouter_config.txt <<-EOF
MLVPN first port: 65201' MLVPN first port: 65201'
@ -590,12 +646,12 @@ if [ "$update" = "0" ]; then
fi fi
if [ "$OMR_ADMIN" = "yes" ]; then if [ "$OMR_ADMIN" = "yes" ]; then
cat >> /root/openmptcprouter_config.txt <<-EOF cat >> /root/openmptcprouter_config.txt <<-EOF
Your OpenMPTCProuter VPS Admin key: $OMR_ADMIN_PASS Your OpenMPTCProuter Server key: $OMR_ADMIN_PASS
EOF EOF
fi fi
else else
echo '====================================================================================' echo '===================================================================================='
echo "OpenMPTCProuter VPS is now updated to version $OMR_VERSION !" echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !"
echo 'Keys are not changed, shorewall rules files preserved' echo 'Keys are not changed, shorewall rules files preserved'
echo 'You need OpenMPTCProuter >= 0.30' echo 'You need OpenMPTCProuter >= 0.30'
echo '====================================================================================' echo '===================================================================================='
@ -607,6 +663,11 @@ else
systemctl -q start mlvpn@mlvpn0 systemctl -q start mlvpn@mlvpn0
echo 'done' echo 'done'
fi fi
if [ "$DSVPN" = "yes" ]; then
echo 'Restarting dsvpn...'
systemctl -q start dsvpn-server
echo 'done'
fi
echo 'Restarting glorytun and omr...' echo 'Restarting glorytun and omr...'
systemctl -q start glorytun-tcp@tun0 systemctl -q start glorytun-tcp@tun0
systemctl -q start glorytun-udp@tun0 systemctl -q start glorytun-udp@tun0
@ -623,7 +684,7 @@ else
echo 'done' echo 'done'
if ! grep -q 'VPS Admin key' /root/openmptcprouter_config.txt ; then if ! grep -q 'VPS Admin key' /root/openmptcprouter_config.txt ; then
cat >> /root/openmptcprouter_config.txt <<-EOF cat >> /root/openmptcprouter_config.txt <<-EOF
Your OpenMPTCProuter VPS Admin key: $OMR_ADMIN_PASS Your OpenMPTCProuter Server key: $OMR_ADMIN_PASS
EOF EOF
echo '====================================================================================' echo '===================================================================================='
echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'

2
omr-pihole.sh
View file

@ -14,6 +14,7 @@ cat > /etc/lighttpd/external.conf << 'EOF'
server.bind="10.255.255.1" server.bind="10.255.255.1"
$SERVER["socket"] == "10.255.254.1:80" { } $SERVER["socket"] == "10.255.254.1:80" { }
$SERVER["socket"] == "10.255.252.1:80" { } $SERVER["socket"] == "10.255.252.1:80" { }
$SERVER["socket"] == "10.255.251.1:80" { }
$SERVER["socket"] == "10.255.253.1:80" { } $SERVER["socket"] == "10.255.253.1:80" { }
EOF EOF
systemctl -q restart lighttpd systemctl -q restart lighttpd
@ -32,6 +33,7 @@ interface=gt-tun0
interface=gt-udp-tun0 interface=gt-udp-tun0
interface=tun0 interface=tun0
interface=mlvpn0 interface=mlvpn0
interface=dsvpn0
EOF EOF
systemctl -q restart pihole-FTL systemctl -q restart pihole-FTL
echo "Done" echo "Done"

16
omr-service
View file

@ -70,14 +70,26 @@ while true; do
allip_udp=$(ip -4 addr show gt-udp-tun0 2>/dev/null | grep inet) allip_udp=$(ip -4 addr show gt-udp-tun0 2>/dev/null | grep inet)
[ -d "/sys/class/net/mlvpn0" ] && allip_mlvpn=$(ip -4 addr show mlvpn0 2>/dev/null | grep inet) [ -d "/sys/class/net/mlvpn0" ] && allip_mlvpn=$(ip -4 addr show mlvpn0 2>/dev/null | grep inet)
[ -d "/sys/class/net/tun0" ] && allip_openvpn=$(ip -4 addr show tun0 2>/dev/null | grep inet) [ -d "/sys/class/net/tun0" ] && allip_openvpn=$(ip -4 addr show tun0 2>/dev/null | grep inet)
allip="$allip_tcp [ -d "/sys/class/net/dsvpn0" ] && allip_dsvpn=$(ip -4 addr show dsvpn0 2>/dev/null | grep inet)
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ]; then
current_vpn="$(cat /etc/openmptcprouter-vps-admin/current-vpn)"
[ "$current_vpn" = "glorytun_tcp" ] && allip="$allip_tcp"
[ "$current_vpn" = "glorytun_udp" ] && allip="$allip_udp"
[ "$current_vpn" = "mlvpn" ] && allip="$allip_mlvpn"
[ "$current_vpn" = "openvpn" ] && allip="$allip_openvpn"
[ "$current_vpn" = "dsvpn" ] && allip="$allip_dsvpn"
fi
if [ -z "$allip" ]; then
allip="$allip_tcp
$allip_udp $allip_udp
$allip_openvpn $allip_openvpn
$allip_dsvpn
$allip_mlvpn" $allip_mlvpn"
fi
while IFS= read -r inet; do while IFS= read -r inet; do
ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n") ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n")
if [ "$ip" != "" ]; then if [ "$ip" != "" ]; then
_ping_range $(echo $ip | sed 's/.1/./' | tr -d "\n") _ping_range $(echo $ip | sed 's/.1$/./' | tr -d "\n")
statusr=$? statusr=$?
if $(exit $statusr); then if $(exit $statusr); then
_ping $ipd _ping $ipd

1
shadowsocks.conf
View file

@ -53,3 +53,4 @@ net.netfilter.nf_conntrack_max = 131072
# MPTCP settings # MPTCP settings
net.mptcp.mptcp_checksum = 0 net.mptcp.mptcp_checksum = 0
net.mptcp.mptcp_syn_retries = 1 net.mptcp.mptcp_syn_retries = 1
net.ipv4.tcp_ecn=1

11
shorewall4/interfaces
View file

@ -14,9 +14,10 @@
?FORMAT 2 ?FORMAT 2
############################################################################### ###############################################################################
#ZONE INTERFACE OPTIONS #ZONE INTERFACE OPTIONS
net $NET_IFACE dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0 net $NET_IFACE dhcp,tcpflags,routefilter,nosmurfs,sourceroute=0
vpn gt-tun0 nosmurfs,routefilter,logmartians,tcpflags vpn gt-tun0 nosmurfs,routefilter,tcpflags
vpn gt-udp-tun0 nosmurfs,routefilter,logmartians,tcpflags vpn gt-udp-tun0 nosmurfs,routefilter,tcpflags
vpn mlvpn0 nosmurfs,routefilter,logmartians,tcpflags vpn mlvpn0 nosmurfs,routefilter,tcpflags
vpn tun0 nosmurfs,routefilter,logmartians,tcpflags vpn tun0 nosmurfs,routefilter,tcpflags
vpn dsvpn0 nosmurfs,routefilter,tcpflags

2
shorewall4/stoppedrules
View file

@ -19,6 +19,8 @@ ACCEPT gt-udp-tun0 -
ACCEPT - gt-udp-tun0 ACCEPT - gt-udp-tun0
ACCEPT mlvpn0 - ACCEPT mlvpn0 -
ACCEPT - mlvpn0 ACCEPT - mlvpn0
ACCEPT dsvpn0 -
ACCEPT - dsvpn0
ACCEPT tun0 - ACCEPT tun0 -
ACCEPT - tun0 ACCEPT - tun0

2
shorewall6/policy
View file

@ -13,7 +13,7 @@
############################################################################### ###############################################################################
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
vpn all ACCEPT info vpn all ACCEPT
fw all ACCEPT fw all ACCEPT
net all DROP info net all DROP info
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST

15
shorewall6/rules
View file

@ -30,18 +30,18 @@ DNS(ACCEPT) $FW net
# #
# Allow Ping from/to the VPN # Allow Ping from/to the VPN
# #
Ping(ACCEPT) vpn $FW ACCEPT vpn $FW ipv6-icmp
Ping(ACCEPT) vpn net ACCEPT vpn net ipv6-icmp
Ping(ACCEPT) $FW vpn ACCEPT $FW vpn ipv6-icmp
# #
# Allow Ping from the firewall to the network # Allow Ping from the firewall to the network
# #
Ping(ACCEPT) $FW net ACCEPT $FW net ipv6-icmp
# #
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
# #
#Ping(DROP) net $FW #DROP net $FW ipv6-icmp
Ping(ACCEPT) net $FW ACCEPT net $FW ipv6-icmp
# #
# Accept connection from port > 65000 for shadowsocks and glorytun on the firewall # Accept connection from port > 65000 for shadowsocks and glorytun on the firewall
# #
@ -54,7 +54,8 @@ ACCEPT net $FW tcp 65222
# #
# DHCP forward to the VPN from the firewall # DHCP forward to the VPN from the firewall
# #
DHCPfwd(ACCEPT) $FW vpn ACCEPT $FW vpn udp 53
ACCEPT vpn net udp 53
# #
# Redirect all port from 1 to 64999 to the VPN client from the network # Redirect all port from 1 to 64999 to the VPN client from the network
# #