From 5cd78a9401c59e3216bcea8a5691cef0e249d309 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 12 May 2019 02:45:49 +0000 Subject: [PATCH] Update do VPS script 0.993 --- debian9-x86_64-bin.sh | 15 ++++++++------ debian9-x86_64.sh | 42 ++++++++++++++++++++++++++++++++++++--- omr-service | 4 ++-- omr.service.in | 2 +- shadowsocks.conf | 6 +++--- shorewall4/shorewall.conf | 2 +- shorewall4/tcinterfaces | 3 +++ tun0.glorytun | 2 +- 8 files changed, 59 insertions(+), 17 deletions(-) create mode 100644 shorewall4/tcinterfaces diff --git a/debian9-x86_64-bin.sh b/debian9-x86_64-bin.sh index f013768..d6024c4 100644 --- a/debian9-x86_64-bin.sh +++ b/debian9-x86_64-bin.sh @@ -3,8 +3,8 @@ set -e umask 0022 export LC_ALL=C -rm -f /var/lib/dpkg/lock -rm -f /var/cache/apt/archives/lock +#rm -f /var/lib/dpkg/lock +#rm -f /var/cache/apt/archives/lock # Check Linux version if test -f /etc/os-release ; then @@ -38,11 +38,14 @@ apt-get -y install dirmngr patch rename curl # Rename bzImage to vmlinuz, needed when custom kernel was used cd /boot rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 -rm -f /var/lib/dpkg/lock -rm -f /var/cache/apt/archives/lock -rm /etc/kernel-img.conf +#rm -f /var/lib/dpkg/lock +#rm -f /var/cache/apt/archives/lock +rm -f /etc/kernel-img.conf echo "Install all" -DEBIAN_FRONTEND=noninteractive apt-get -y --force-yes -o Dpkg::Options::="--force-overwrite" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install omr-vps +DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-overwrite" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install omr-vps + +systemctl -q enable shorewall +systemctl -q enable shorewall6 # Change SSH port to 65222 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 53add53..2d25a1a 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -5,21 +5,26 @@ GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lowe NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")} OBFS=${OBFS:-yes} V2RAY=${V2RAY:-yes} +TLS=${TLS:-yes} OMR_ADMIN=${OMR_ADMIN:-yes} OMR_ADMIN_PASS=${OMR_ADMIN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} MLVPN=${MLVPN:-yes} MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} OPENVPN=${OPENVPN:-yes} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} +#KERNEL_VERSION="4.19.36" KERNEL_VERSION="4.14.110" +#KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_1.1+f446ba3" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_1.0+4c83d3a" GLORYTUN_UDP_VERSION="db718d59426957eef89357d5b58ae59cae2f8c5d" MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" OBFS_VERSION="5cbfdcc28cdc912852cc3c99e3c7f5603d337805" -OMR_ADMIN_VERSION="d6aa36cace845b6cf3b2fb1c0689eb9d22fd6a51" +OMR_ADMIN_VERSION="23177d99d00a9a7e94cd3e1eb63f60e587f92e07" V2RAY_VERSION="v1.1.0" SHADOWSOCKS_VERSION="3.2.5" -OMR_VERSION="0.992" +VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 hostname.openmptcprouter.com)} + +OMR_VERSION="0.993" set -e umask 0022 @@ -421,7 +426,6 @@ if systemctl -q is-active omr-6in4.service; then fi systemctl enable omr.service - # Change SSH port to 65222 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config @@ -463,6 +467,30 @@ else wget -O /etc/shorewall6/snat https://www.openmptcprouter.com/server/shorewall6/snat sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* fi +if [ "$TLS" = "yes" ]; then + VPS_CERT=0 + apt-get -y install dnsutils socat + if [ "$VPS_DOMAIN" != "" ] && [ "$(dig +noall +answer $VPS_DOMAIN)" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then + if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then + echo "Generate certificate for V2Ray" + set +e + #[ "$(shorewall status | grep stopped)" = "" ] && shorewall open all all tcp 443 + curl https://get.acme.sh | sh + systemctl -q restart shorewall + ~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null + set -e +# mkdir -p /etc/ssl/v2ray +# ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key +# ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer + #[ "$(shorewall status | grep stopped)" = "" ] && shorewall close all all tcp 443 + fi + VPS_CERT=1 + else + echo "Not working domain detected..." + fi +fi + + # Add OpenMPTCProuter VPS script version to /etc/motd if [ -f /etc/motd.head ]; then @@ -509,6 +537,10 @@ if [ "$update" = "0" ]; then echo 'Your MLVPN password: ' echo $MLVPN_PASS fi + if [ "$VPS_CERT" = "0" ]; then + echo 'Not working domain detected, not able to generate certificate for v2ray.' + echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.' + fi echo '====================================================================================' echo 'Keys are also saved in /root/openmptcprouter_config.txt, you are free to remove them' echo '====================================================================================' @@ -579,6 +611,10 @@ else echo '====================================================================================' fi fi + if [ "$VPS_CERT" = "0" ]; then + echo 'Not working domain detected, not able to generate certificate for v2ray.' + echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.' + fi echo 'Restarting shorewall...' systemctl -q restart shorewall systemctl -q restart shorewall6 diff --git a/omr-service b/omr-service index 4f1190e..5b6484d 100755 --- a/omr-service +++ b/omr-service @@ -38,7 +38,7 @@ _ping() { -c 1 \ -q ) - [ -n "$ret" ] && echo "$ret" | grep -sq "0% packet loss" && { + [ -n "$ret" ] && echo "$ret" | grep -sq " 0% packet loss" && { return } false @@ -112,5 +112,5 @@ $allip_mlvpn" systemctl -q restart omr-admin sleep 10 fi - sleep 5 + sleep 10 done diff --git a/omr.service.in b/omr.service.in index 6728648..9ce5fa5 100644 --- a/omr.service.in +++ b/omr.service.in @@ -1,6 +1,6 @@ [Unit] Description=OMR -After=network.target network-online.target glorytun-tcp@.service +After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service [Service] Type=simple diff --git a/shadowsocks.conf b/shadowsocks.conf index 752dc33..0507244 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -20,13 +20,13 @@ net.ipv4.tcp_syncookies = 1 # reuse timewait sockets when safe net.ipv4.tcp_tw_reuse = 1 # turn off fast timewait sockets recycling -net.ipv4.tcp_tw_recycle = 0 +#net.ipv4.tcp_tw_recycle = 0 # short FIN timeout -net.ipv4.tcp_fin_timeout = 40 +net.ipv4.tcp_fin_timeout = 60 # short keepalive time net.ipv4.tcp_keepalive_time = 7200 # outbound port range -net.ipv4.ip_local_port_range = 10000 65000 +net.ipv4.ip_local_port_range = 9999 65000 # max SYN backlog net.ipv4.tcp_max_syn_backlog = 4096 # max timewait sockets held by system simultaneously diff --git a/shorewall4/shorewall.conf b/shorewall4/shorewall.conf index 670da69..e82701f 100644 --- a/shorewall4/shorewall.conf +++ b/shorewall4/shorewall.conf @@ -232,7 +232,7 @@ SAVE_ARPTABLES=No SAVE_IPSETS=No -TC_ENABLED=Internal +TC_ENABLED=Simple TC_EXPERT=No diff --git a/shorewall4/tcinterfaces b/shorewall4/tcinterfaces new file mode 100644 index 0000000..106fbc6 --- /dev/null +++ b/shorewall4/tcinterfaces @@ -0,0 +1,3 @@ +#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH +$NET_IFACE External +$VPS_IFACE Internal \ No newline at end of file diff --git a/tun0.glorytun b/tun0.glorytun index 09d6500..f156c47 100644 --- a/tun0.glorytun +++ b/tun0.glorytun @@ -3,4 +3,4 @@ DEV=tun0 SERVER=true MPTCP=true IPV6=true -OPTIONS="chacha20 retry count -1 const 5000000 timeout 40000 keepalive count 5 idle 10 interval 2 buffer-size 32768 multiqueue" \ No newline at end of file +OPTIONS="chacha20 retry count -1 const 5000000 timeout 10000 keepalive count 5 idle 10 interval 2 buffer-size 32768 multiqueue" \ No newline at end of file