diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 57a9ec1..197bb2b 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
+# Copyright (C) 2018-2024 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
 #
 # This is free software, licensed under the GNU General Public License v3 or later.
 # See /LICENSE for more information.
@@ -8,7 +8,7 @@
 
 KERNEL=${KERNEL:-5.4}
 UPSTREAM=${UPSTREAM:-no}
-[ "$UPSTREAM" = "yes" ] && KERNEL="5.15"
+[ "$UPSTREAM" = "yes" ] && KERNEL="6.1"
 UPSTREAM6=${UPSTREAM6:-no}
 [ "$UPSTREAM6" = "yes" ] && KERNEL="6.1"
 SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
@@ -37,8 +37,10 @@ MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 UBOND=${UBOND:-no}
 UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 OPENVPN=${OPENVPN:-yes}
+OPENVPN_BONDING=${OPENVPN_BONDING:-yes}
 DSVPN=${DSVPN:-yes}
 WIREGUARD=${WIREGUARD:-yes}
+FAIL2BAN=${FAIL2BAN:-yes}
 SOURCES=${SOURCES:-no}
 if [ "$KERNEL" != "5.4" ]; then
 	SOURCES="yes"
@@ -54,11 +56,11 @@ INTERFACE6=${INTERFACE6:-$(ip -o -6 route show to default | grep -m 1 -Po '(?<=d
 KERNEL_VERSION="5.4.207"
 KERNEL_PACKAGE_VERSION="1.22"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
-if [ "$KERNEL" = "5.15" ]; then
-	KERNEL_VERSION="5.15.57"
-	KERNEL_PACKAGE_VERSION="1.6"
-	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
-fi
+#if [ "$KERNEL" = "5.15" ]; then
+#	KERNEL_VERSION="5.15.57"
+#	KERNEL_PACKAGE_VERSION="1.6"
+#	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
+#fi
 if [ "$KERNEL" = "6.1" ]; then
 	KERNEL_VERSION="6.1.0"
 	KERNEL_PACKAGE_VERSION="1.30"
@@ -75,8 +77,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="21d071ebece556f3114c18ed9e86414ea6c85e1c"
-OMR_ADMIN_BINARY_VERSION="0.11+20240704"
+OMR_ADMIN_VERSION="9e86294e416ad7bdc812a941c7cc89f97b90315d"
+OMR_ADMIN_BINARY_VERSION="0.12+20240725"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -113,8 +115,8 @@ echo "Check user..."
 if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi
 
 # Check Kernel
-if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "5.15" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ]; then
-	echo "Only kernels 5.4, 5.15, 6.1 and 6.6 are currently supported"
+if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ]; then
+	echo "Only kernels 5.4, 6.1, 6.6 and 6.10 are currently supported"
 	exit 1
 fi
 
@@ -240,7 +242,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ];
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	VERSION_ID="10"
 fi
-if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then
 	echo "Update Debian 10 Buster to Debian 11 Bullseye"
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
@@ -251,7 +253,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ]
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	VERSION_ID="11"
 fi
-if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then
 	echo "Update Debian 11 Bullseye to Debian 12 Bookworm"
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
@@ -271,7 +273,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="20.04"
 fi
-if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
+if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then
 	echo "Update Ubuntu 20.04 to Ubuntu 22.04"
 	apt-get -y -f --force-yes --allow-downgrades upgrade
 	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
@@ -444,6 +446,29 @@ elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then
 	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 
+#	wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg
+#	echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list
+#	apt-get update
+#	apt-get -y install linux-xanmod-lts-x64v3
+	[ -f /etc/default/grub ] && {
+		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
+		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
+	}
+elif [ "$KERNEL" = "6.10" ] && [ "$ARCH" = "amd64" ]; then
+	# awk command from xanmod website
+	PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n")
+	if [ "$PSABI" = "x64v1" ]; then
+		echo "psABI x86-64-v1 not supported by Xanmod kernel 6.10, use an older kernel"
+		exit 0
+	fi
+	KERNEL_VERSION="6.10.2"
+	KERNEL_REV="0~20240728.gae7b555"
+	wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release"
+	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+
 #	wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg
 #	echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list
 #	apt-get update
@@ -681,6 +706,10 @@ fi
 if systemctl -q is-active omr-admin.service; then
 	systemctl -q stop omr-admin > /dev/null 2>&1
 fi
+if systemctl -q is-active omr-admin-ipv6.service; then
+	systemctl -q stop omr-admin-ipv6 > /dev/null 2>&1
+	systemctl -q disable omr-admin-ipv6 > /dev/null 2>&1
+fi
 
 if [ "$OMR_ADMIN" = "yes" ]; then
 	echo 'Install OpenMPTCProuter VPS Admin'
@@ -735,14 +764,14 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
 	if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then
-		pip3 -q install netjsonconfig --break-system-packages
+		#pip3 -q install netjsonconfig --break-system-packages
 		pip3 -q install fastapi -U --break-system-packages
 		pip3 -q install jsonschema -U --break-system-packages
 		pip3 -q install python-multipart jinja2 -U --break-system-packages
 		pip3 -q install starlette --break-system-packages
 		pip3 -q install starlette --break-system-packages
 	else
-		pip3 -q install netjsonconfig
+		#pip3 -q install netjsonconfig
 		if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then
 			pip3 -q install fastapi==0.99.1 -U
 		else
@@ -761,7 +790,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	mkdir -p /var/opt/openmptcprouter
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
-		wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in
+		#wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in
 		wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
 		cd /tmp
 		unzip -q -o openmptcprouter-vps-admin.zip
@@ -812,27 +841,31 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		sed -i 's/"port": 65500,/"port": 65500,\n    "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	}
 	chmod 644 /lib/systemd/system/omr-admin.service
-	chmod 644 /lib/systemd/system/omr-admin-ipv6.service
+	#chmod 644 /lib/systemd/system/omr-admin-ipv6.service
 	#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
-	[ "$(ip -6 a)" != "" ] && {
-		systemctl enable omr-admin-ipv6.service
-	}
+	#[ "$(ip -6 a)" != "" ] && {
+	#	systemctl enable omr-admin-ipv6.service
+	#}
 	systemctl enable omr-admin.service
 	if [ "$KERNEL" != "5.4" ]; then
 		mptcpize enable omr-admin.service >/dev/null 2>&1
-		[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1
+		#[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1
+	fi
+	if systemctl -q is-active omr-admin-ipv6.service; then
+		systemctl -q stop omr-admin-ipv6 >/dev/null 2>&1
+		systemctl -q disable omr-admin-ipv6 >/dev/null 2>&1
 	fi
 fi
 
 # Get shadowsocks optimization
 if [ "$LOCALFILES" = "no" ]; then
-	if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then
+	if [ "$KERNEL" != "5.4" ]; then
 		wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.6.1.conf
 	else
 		wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf
 	fi
 else
-	if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then
+	if [ "$KERNEL" != "5.4" ]; then
 		cp ${DIR}/shadowsocks.6.1.conf /etc/sysctl.d/90-shadowsocks.conf
 	else
 		cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf
@@ -1336,6 +1369,20 @@ if [ "$WIREGUARD" = "yes" ]; then
 	echo "Install wireguard done"
 fi
 
+if systemctl -q is-active fail2ban.service; then
+	systemctl -q stop fail2ban > /dev/null 2>&1
+	systemctl -q disable fail2ban > /dev/null 2>&1
+fi
+if [ "$FAIL2BAN" = "yes" ]; then
+	echo "Install Fail2ban"
+	rm -f /var/lib/dpkg/lock
+	rm -f /var/lib/dpkg/lock-frontend
+	apt-get -y install fail2ban
+	systemctl enable fail2ban
+	wget -O /etc/fail2ban/jail.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-jail-openmptcprouter.conf
+	echo "Install Fail2ban done"
+fi
+
 if systemctl -q is-active openvpn-server@tun0.service; then
 	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
 	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
@@ -1417,14 +1464,16 @@ if [ "$OPENVPN" = "yes" ]; then
 			wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf
 			wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf
 		fi
-		wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf
-		wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf
-		wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf
-		wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf
-		wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf
-		wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf
-		wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf
-		wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf
+		if [ "$OPENVPN_BONDING" = "yes" ]; then
+			wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf
+			wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf
+			wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf
+			wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf
+			wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf
+			wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf
+			wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf
+			wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf
+		fi
 	else
 		if [ "$KERNEL" != "5.4" ]; then
 			cp ${DIR}/openvpn-tun0.6.1.conf /etc/openvpn/tun0.conf
@@ -1433,14 +1482,16 @@ if [ "$OPENVPN" = "yes" ]; then
 			cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf
 			cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf
 		fi
-		cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf
-		cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf
-		cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf
-		cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf
-		cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf
-		cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf
-		cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf
-		cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf
+		if [ "$OPENVPN_BONDING" = "yes" ]; then
+			cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf
+			cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf
+			cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf
+			cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf
+			cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf
+			cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf
+			cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf
+			cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf
+		fi
 	fi
 	mkdir -p /etc/openvpn/ccd
 	if [ ! -f /etc/openvpn/ccd/ipp_tcp.txt ]; then
@@ -1455,14 +1506,16 @@ if [ "$OPENVPN" = "yes" ]; then
 	if [ "$KERNEL" != "5.4" ]; then
 		mptcpize enable openvpn@tun0 >/dev/null 2>&1
 	fi
-	systemctl enable openvpn@bonding1.service
-	systemctl enable openvpn@bonding2.service
-	systemctl enable openvpn@bonding3.service
-	systemctl enable openvpn@bonding4.service
-	systemctl enable openvpn@bonding5.service
-	systemctl enable openvpn@bonding6.service
-	systemctl enable openvpn@bonding7.service
-	systemctl enable openvpn@bonding8.service
+	if [ "$OPENVPN_BONDING" = "yes" ]; then
+		systemctl enable openvpn@bonding1.service
+		systemctl enable openvpn@bonding2.service
+		systemctl enable openvpn@bonding3.service
+		systemctl enable openvpn@bonding4.service
+		systemctl enable openvpn@bonding5.service
+		systemctl enable openvpn@bonding6.service
+		systemctl enable openvpn@bonding7.service
+		systemctl enable openvpn@bonding8.service
+	fi
 fi
 
 echo 'Glorytun UDP'