From 5cf11f2650bb3400a1673e2f20451e3f40e2d224 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 2 Mar 2021 08:52:33 +0000
Subject: [PATCH] Server scripts update

---
 debian9-x86_64.sh                 |  92 ++++++++++++++++++++++++------
 dsvpn-run                         |   2 +-
 dsvpn0-config                     |   1 +
 glorytun-tcp-run                  |   2 +-
 glorytun-udp-run                  |   5 +-
 omr-admin.service.in              |   2 +-
 omr-service                       |  29 +++++-----
 openmptcprouter-shorewall.tar.gz  | Bin 4076 -> 4080 bytes
 openmptcprouter-shorewall6.tar.gz | Bin 3809 -> 3780 bytes
 shorewall4/policy                 |   4 +-
 shorewall6/policy                 |   4 +-
 tun0.glorytun                     |   1 +
 tun0.glorytun-udp                 |   2 +
 v2ray-server.json                 |   2 +-
 14 files changed, 104 insertions(+), 42 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index e2ee6ef..84ef712 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -32,23 +32,23 @@ NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.86"
-KERNEL_PACKAGE_VERSION="1.16+9d3f35b"
+KERNEL_VERSION="5.4.100"
+KERNEL_PACKAGE_VERSION="1.18+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba"
+OMR_ADMIN_VERSION="376322a61dc53e671e7e3c7eaaf6645c0537a9d3"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
-V2RAY_VERSION="4.31.0"
+V2RAY_VERSION="4.34.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
-VPSPATH="server"
+VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
 
 OMR_VERSION="0.1025-test"
@@ -167,11 +167,9 @@ Pin-Priority: 1001
 EOF
 wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
 
-# Install mptcp kernel and shadowsocks
-echo "Install mptcp kernel and shadowsocks..."
-apt-get update
-sleep 2
-apt-get -y install dirmngr patch
+# Add buster-backports repo
+echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/buster-backports.list
+
 #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
 if [ "$ID" = "debian" ]; then
 	if [ "$VERSION_ID" = "9" ]; then
@@ -182,8 +180,12 @@ elif [ "$ID" = "ubuntu" ]; then
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
 fi
+# Install mptcp kernel and shadowsocks
+echo "Install mptcp kernel and shadowsocks..."
 apt-get update
 sleep 2
+apt-get -y install dirmngr patch
+
 wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
 wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
 # Rename bzImage to vmlinuz, needed when custom kernel was used
@@ -400,6 +402,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	mkdir -p /var/opt/openmptcprouter
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
+		wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in
 		wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
 		cd /tmp
 		unzip -q -o openmptcprouter-vps-admin.zip
@@ -427,6 +430,10 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 		}
 		chmod u+x /usr/local/bin/omr-admin.py
+		#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
+		[ "$(ip -6 a)" != "" ] && {
+			systemctl enable omr-admin-ipv6.service
+		}
 		systemctl enable omr-admin.service
 		rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
 	else
@@ -580,6 +587,8 @@ if [ "$V2RAY" = "yes" ]; then
 		rm /etc/v2ray/config.json
 		ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	fi
+	sed -i 's:debug:warning:' /etc/v2ray/v2ray-server.json
+	rm -f /tmp/v2rayError.log
 	if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
 		mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
 	fi
@@ -644,10 +653,6 @@ if [ "$MLVPN" = "yes" ]; then
 	systemctl enable systemd-networkd.service
 	echo "install mlvpn done"
 fi
-if systemctl -q is-active openvpn-server@tun0.service; then
-	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
-	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
-fi
 if systemctl -q is-active ubond@ubond0.service; then
 	systemctl -q stop ubond@ubond0 > /dev/null 2>&1
 	systemctl -q disable ubond@ubond0 > /dev/null 2>&1
@@ -703,6 +708,32 @@ if [ "$UBOND" = "yes" ]; then
 	systemctl enable systemd-networkd.service
 	echo "install ubond done"
 fi
+
+if systemctl -q is-active wg-quick@wg0.service; then
+	systemctl -q stop wg-quick@wg0 > /dev/null 2>&1
+	systemctl -q disable wg-quick@wg0 > /dev/null 2>&1
+fi
+
+if [ "$WIREGUARD" = "yes" ]; then
+	echo "Install WireGuard"
+	rm -f /var/lib/dpkg/lock
+	rm -f /var/lib/dpkg/lock-frontend
+	apt-get --no-install-recommends -y wireguard-tools
+	if [ ! -f /etc/wireguard/wg0.conf ]; then
+		cd /etc/wireguard
+		umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key
+		cat > /etc/wireguard/wg0.conf <<-EOF
+		[Interface]
+		PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n")
+		ListenPort = 65311
+		Address = 10.255.247.1/24
+		SaveConfig = true
+		EOF
+	fi
+	systemctl enable wg-quick@wg0
+	echo "Install wireguard done"
+fi
+
 if systemctl -q is-active openvpn-server@tun0.service; then
 	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
 	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
@@ -974,6 +1005,14 @@ else
 fi
 chmod 755 /usr/local/bin/multipath
 
+# Add omr-test-speed utility
+if [ "$LOCALFILES" = "no" ]; then
+	wget -O /usr/local/bin/omr-test-speed ${VPSURL}${VPSPATH}/omr-test-speed
+else
+	cp ${DIR}/omr-test-speed /usr/local/bin/omr-test-speed
+fi
+chmod 755 /usr/local/bin/omr-test-speed
+
 # Add OpenMPTCProuter service
 if [ "$LOCALFILES" = "no" ]; then
 	wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service
@@ -1094,6 +1133,12 @@ if [ "$TLS" = "yes" ]; then
 			systemctl -q restart shorewall
 			~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null
 			set -e
+			if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then
+				rm -f /etc/openmptcprouter-vps-admin/cert.pem
+				ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer /etc/openmptcprouter-vps-admin/cert.pem
+				rm -f /etc/openmptcprouter-vps-admin/key.pem
+				ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.key /etc/openmptcprouter-vps-admin/key.pem
+			fi
 #			mkdir -p /etc/ssl/v2ray
 #			ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key
 #			ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer
@@ -1227,6 +1272,7 @@ if [ "$update" = "0" ]; then
 		Your OpenMPTCProuter Server username: openmptcprouter
 		EOF
 	fi
+	systemctl -q restart sshd
 else
 	echo '===================================================================================='
 	echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !"
@@ -1276,6 +1322,11 @@ else
 		systemctl -q restart openvpn@tun1
 		echo 'done'
 	fi
+	if [ "$WIREGUARD" = "yes" ]; then
+		echo 'Restarting WireGuard'
+		systemctl -q restart wg-quick@wg0
+		echo 'done'
+	fi
 	if [ "$OMR_ADMIN" = "yes" ]; then
 		echo 'Restarting OpenMPTCProuter VPS admin'
 		systemctl -q restart omr-admin
@@ -1293,16 +1344,14 @@ else
 			echo 'openmptcprouter'
 			echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
 			echo '===================================================================================='
+		else
+			echo '!!! Keys are in /root/openmptcprouter_config.txt !!!'
 		fi
 	fi
 	if [ "$VPS_CERT" = "0" ]; then
 		echo 'No working domain detected, not able to generate certificate for v2ray.'
 		echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.'
 	fi
-	echo 'Restarting shorewall...'
-	systemctl -q restart shorewall
-	systemctl -q restart shorewall6
-	echo 'done'
 	echo 'Apply latest sysctl...'
 	sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1
 	echo 'done'
@@ -1317,4 +1366,11 @@ else
 #		done
 #	fi
 	echo 'done'
+	echo 'Restarting shorewall...'
+	systemctl -q restart shorewall
+	systemctl -q restart shorewall6
+	echo 'done'
+	echo '===================================================================================='
+	echo '\033[1m  /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m'
+	echo '===================================================================================='
 fi
diff --git a/dsvpn-run b/dsvpn-run
index e4000c2..f4a2a5d 100644
--- a/dsvpn-run
+++ b/dsvpn-run
@@ -12,7 +12,7 @@ fi
 exec dsvpn \
 	${MODE} \
 	"$1".key \
-	auto \
+	${HOST:-auto} \
 	${PORT} \
 	${DEV} \
 	${LOCALTUNIP} \
diff --git a/dsvpn0-config b/dsvpn0-config
index 933e98b..647f160 100644
--- a/dsvpn0-config
+++ b/dsvpn0-config
@@ -1,4 +1,5 @@
 PORT=65401
+HOST=0.0.0.0
 DEV=dsvpn0
 MODE=server
 LOCALTUNIP=10.255.251.1
diff --git a/glorytun-tcp-run b/glorytun-tcp-run
index 9ccbee6..0572861 100644
--- a/glorytun-tcp-run
+++ b/glorytun-tcp-run
@@ -9,7 +9,7 @@ fi
 
 . "$(readlink -f "$1")"
 
-DEV="gt${HOST:+c}-$(basename "$1")"
+DEV="gt-$(basename "$1")"
 
 exec glorytun-tcp \
 	${SERVER:+listener} \
diff --git a/glorytun-udp-run b/glorytun-udp-run
index 9aeb930..fb66c92 100644
--- a/glorytun-udp-run
+++ b/glorytun-udp-run
@@ -9,11 +9,10 @@ fi
 
 . "$(readlink -f "$1")"
 
-DEV="gt${HOST:+c}-udp-$(basename "$1")"
+DEV="gt-udp-$(basename "$1")"
 
 exec glorytun \
-	bind from addr $BIND port $BIND_PORT \
+	bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \
 	keyfile "$1".key \
 	${DEV:+dev "$DEV"} \
-	${HOST:+to addr "$HOST" port "$PORT"} \
 	${OPTIONS:+$OPTIONS}
diff --git a/omr-admin.service.in b/omr-admin.service.in
index d76318a..ba30724 100644
--- a/omr-admin.service.in
+++ b/omr-admin.service.in
@@ -6,7 +6,7 @@ After=network.target network-online.target
 Type=simple
 Restart=always
 ExecStart=/usr/local/bin/omr-admin.py
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
 
 [Install]
 WantedBy=multi-user.target
diff --git a/omr-service b/omr-service
index 1aa788f..4b8e54d 100755
--- a/omr-service
+++ b/omr-service
@@ -30,7 +30,10 @@ _glorytun_tcp() {
 		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
 	done
 	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
-		if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then
+		localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
+		[ -z "$localip" ] && localip="10.255.255.1"
+		remoteip="$(echo $localip | sed 's/\.1/\.2/')"
+		if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then
 			logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
 			systemctl restart glorytun-tcp@tun0
 		fi
@@ -66,9 +69,9 @@ _gre_tunnels() {
 			iface="$(basename $intf)"
 			if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
 				ip tunnel del $iface 2>&1 >/dev/null
-				ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR
-				ip link set $iface up
-				ip addr add $LOCALIP dev $iface
+				ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null
+				ip link set $iface up 2>&1 >/dev/null
+				ip addr add $LOCALIP dev $iface 2>&1 >/dev/null
 				ip route add $NETWORK dev $iface 2>&1 >/dev/null
 			fi
 		fi
@@ -77,23 +80,23 @@ _gre_tunnels() {
 
 _openvpn_bonding() {
 	if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
-		echo 0 > /sys/class/net/omr-bonding/bonding/mode
+		echo 0 > /sys/class/net/omr-bonding/bonding/mode 2>&1 >/dev/null
 		ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding1 up
+		ip link set ovpnbonding1 up 2>&1 >/dev/null
 		ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding2 up
+		ip link set ovpnbonding2 up 2>&1 >/dev/null
 		ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding3 up
+		ip link set ovpnbonding3 up 2>&1 >/dev/null
 		ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding4 up
+		ip link set ovpnbonding4 up 2>&1 >/dev/null
 		ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding5 up
+		ip link set ovpnbonding5 up 2>&1 >/dev/null
 		ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding6 up
+		ip link set ovpnbonding6 up 2>&1 >/dev/null
 		ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding7 up
+		ip link set ovpnbonding7 up 2>&1 >/dev/null
 		ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding8 up
+		ip link set ovpnbonding8 up 2>&1 >/dev/null
 		ip link set omr-bonding up mtu 1440 2>&1 >/dev/null
 		ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null
 		ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null
diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index dbbaefbae4907faea3d9be6dd77f680a5a4cbb83..b7120120fce994d29ba0944d3beb4d99a80aeecf 100644
GIT binary patch
delta 4068
zcmV<A4;%38AMhW4ABzY8RCXy~00ZqD?Q)~YasQ&Hn6jPRZpHevB%hs9E*OwRjDQ1V
zpRZCyVF}yRNuU5)pL4bEp6(ey2+6BWR`Mnn+PeaJdb+1)db)dHU=sL#96FO<-W?7a
z0Nr+*9s!ES<~f`<&(53eR=d$XJAc<`Hrw6qJJL8{n=)8`MzIqT@-7U5_;Yl-%Kt~<
zxN=O)ryz8no!N|3tEBG6lX{e5>XXzyDoEK6LgM)kK{$6}FYt+TA1q_y0)^*BP(tD-
zFCq`#%snOX%fcl`bH^tcw`#`i2-yA5*NhQwk+aJ2n?U857c5y*IgT^6u^~ttCrYNp
zak`;d8Yk+1ngJIkJ&aAs;LKau5{8w^58eYg;m4LXloVYuO!CJ+65AFm+v1IZWHAEU
z=106L@-`!?2-fA3J6pKnr2~C1buM*{t8(~nIbCqgM&tWN<p<ZFdJk#+zNK$geux*V
zn(<`8wVH)$!?V`eW<7&93lh(p7rF8uYZqtDb<WLy^H#A*vLS4;_QJ_}#csEIUZ|)_
z)|IT8wrXzH_ucs33!<tY6<T;!<f7}_x@55^_6fB7tWeeDRcW(o<oIr(?VWD7SXJI4
zH1Zbft?e|r#ojX2(YBiYyim2-EsmkJb?oD{!N;22i&aH-{Mz~N`LP>5I1@M8hd0>{
zJN$ott8spY{{OsjcGhh-n&|(#XN}VTzXh!O|Br4Mp<i#;8l*~0XTF%ZM9xfv^ue<e
zaQ`HJ4yu{y5OC`c-s3W)L7@g5g<$a#dXG;rc`tk*Eg1f4tI=$e`xl51Zcd=(I&&IX
zEDRho?>=<G7lJV)bX^h!5Am}Tx_>4w!IDgWAe4me)Qce6+%IF7crgLbS`R{~KM!Cw
zydY}nPu-A;f#%I45<Jk0fjTCN8%0nyaD6v)W<+1!&%6m#R=kPpM=o(9vOrw)<WAGJ
z_OT&m(hvxMz@Do4XX1KLj<VBUYt@>mw1nd+fxde0#Mu6j1PiSA0UG^6W)8G2ty!ag
zU0{MBtc&537!ogzq+0xIO#Ay`8KN*Ubz{eyMNpx-SJ*>rUwM+FeFyX`RcP&<^YPD`
zDiK0t)sl=pFW@<XremsLRv=h$ClJkS84J1T(`0c9apPg;JVvJ>^pFcZ0*asdK{Q{6
z57B7^Lp^b6QLj<?xbV5hxEe40KXF`tMw4<#i@~=ulI;}p8T`Il|8u;j(dTMDhHiBU
zGvYP5!91+q2M}lc$1N1!+I5w%2Us|vGe2PLN7%LgYqi>i^<M*$finKT1?*b?G5etL
ziH{=h(WlYtqZ4}0{S4wl{KTRg@m+|S5TaZb%;XrOc(i<cbfXwbC|z2O_|6=E>fXDL
z5LTWci~>`#TtLnXK_24p%#C9jS>u3Uya)fYgrJPkaSoY5FwZpr{MVGw*yBTcUnn~o
ztlTxt7Gdz1X(IhfGn-4i;Fxpox$#pYxw;Z~)9N+P8nspjVtNCQoun*@3%zyMA3jW)
z7tQbU%*p#gPp;x4WHFN<oPJ<`@^cY}V<%KTJ59q7OOaft87*fqC<!XvvveVXzQoMM
zW0?ozO`aUcU|bivH}s%0{Y(_<$#DhcxL4KLbGVgNK^cn@VP;i>1{F~dcfR$U_<w@c
zKpalS4*w4kpj*8E*Xf*<{{Jl?OKqtG{MM~0;jQ5<yzb8Vf4({Y&&&IN|8D{}x@q&G
zX!M#i5upE@6>Vf}U|SWWWxj%~XdC4c@P8f_!OWYy99G88=YQSCyJj2Lf#<Dmw}tb+
z(P)?R|1IDP?*Ho4M9O==<-Olm@BK0_vj6+O$Lv8ZNdceNk{sxoA`5q`YegFnMY@rc
z^jaRt*5%dMFs%yS(ahI>C9vjMyXFN!(ya}$hv#in1uQAndWGy2nME{Ck35KmrqesJ
z9Q~n}FmHwu>1&Fj-OB19?TgVEy68$G3J*F1AC99xhV(Z{fKDjR|8O}w<fA_dJN$pU
z-7fC`0P<Gp|K9?>!2cU)B46wNPvPvmi~+yn7(hMA-b27Qf^@HcQ09RPfoL-l;U1zK
zzDTbb@<3MkG%yi^x1@Z1+;CKf<A^t|@mkPSl}4|m+>%FY^h2-@+=`U7kM32<m($H8
z$K*c)+ys>#-<uyYd{OOu6A=c6Hr6XYm=fzfUQt#TP?f(@WOFEqE2JSQ&=Wa?tlsd7
zoI{LN%ix9UJdG-U-BvQy#K8Y9#)ug_qc`&12{qq^H~D3`U{4EhR^hGY<BIHmbY|Z4
zJw{N}YFFTmCkr|^8Ss;dyNHRXnmI|)O2&hixV1P)Wj+TXZk>ZF?^&#8eR<NqU6aFF
zm&u{Z=$`*bdDjzmH@XT$h|cpWW*)$LgQh4B>bx#)hbp^&c&Dm}VX!DLJ-T<MN3_rX
z8Tf9khVGjzLiZzh8RjBqK|+4-(weg%n7Y#%b&ynWI&hmqw@vSDH25GS8OWTuP@#(;
zjLBa}w*y%Tb-U4%GYy`jVDd{u+xj>Q!k2jIlfYl=C1A>=u609EbkVZtkqWDJJDs!6
zzs+Mg-Q@9q8TCwam=5P&8s2KPs5o&b=-6ElA*W<ztDDAz69H%+o~P*`aloA>wUm(o
z(LIC~(`iTtgR*EM({B6X;v&y|GV{=E@)JC<&|^{MEsj3zLe`fj>Fq4GS+Gi3eTIte
z(Mzblb$)he$l`YmGr7aa_<a7~Y&E+b%>Ub+^G>IK*~0w4)$Wwf|K9}mo;P7sS>^XP
zNow5LvbA8{^jOX9Nhp2H?Z&td;0rQQ%I=8q8#(^Md4$Y<76st6XPyt|F?ovP#bv$z
z{QO*7RRd2@pELTX(74)DJfH3V?gqytKGh@^;fVpiW1_>gL?Cw}S44p`aqn^~kcb)9
zShppA6%sN@?A^Ih<q+C2^=?231C-G~O&L_Y+rL6Ll5wS(vUS&M9#9bg9foCq`s`l^
zogYX>?|{wkL+=~V_FK?FA<F(W=*xz53n~90m4GD&7}5a#WSAp^{VQ>$z+wYdDVD8h
z1DoDV1bvcK$r=vNuW)6eipdo$-Yl6{&7K;6FvQ9(TNDAE18WyX-Io=qSO4gQbx3;a
zb2p06@vtJg+qHL;`O(WiMELKBmRkHkQ<b|^2wj2!%MmXWnvIUMQb|@=YfU$FkZwuF
z2C?}Xel#}vo7lvU0Dh%Oen+qu*8o+iSb}c%6@FlDu*g<-Ywg?js2+1@H3AsE1$Lu<
z5fzL{BYh611o~K9NAqA$A{@nJng~Fv!I_NZ`?oXR&~Z5|nV>E#_WSa{)_H5#J39Fd
zFGbn-wCc*sli$oCZ%FG{Fo%Jp$vR+r^<@-7i4(f@Ut{~x4ZKBNk-%_QQe>U}n36>e
zP`IWR2!^AHW1v7Tm5SPj%p3_=W9rd=z2{%n=?|5Von<GpVB*Y*mq-WA(<MXcrR4R6
z8_v)kO-nN*Dm-+f7?c4^8fwgU*yd0I4?^jqCny+SnRh0(ws&-dhIAO`BElf|!34%&
z4i+^AAvF~+jyf4pjDa!i0H#3KLbfRN`LSa4d{`Uj+)#=>x(WklI&q?yErL&fN6T64
z<*ui&;8ug!e1Wx0Hkl|kx$BWf<LX>g&Cp%sutyc-^u-d7z*>GBOJixh>040j>BGOl
z_%H#)fUz9HXc{n<Iw!zrj_AnZ#6Q5e8sPN=ZG^7{_P&c?*?jUFCauvYIKkz_r@x;3
z7QIBVJO2a|eCpyxSDN;I`mSPsn8RG%=xMVGU?#yF-z^04gY;J+VW2)!UrmdHOau)A
zf~*c$O1iqXsTb?99jZ_uingrV5R!RQV&N81CamZS$dRndCVyp0ss*QFn(X4+oY=j9
zULlg#J6DJie=SiySG*|;Hj9mnb2dMFM-b6Zll<T`3ukD;!jP9$+Y}6caKZ^!LE%UG
z$YeYOMdA$`TpBCVM!F(dOd!k@h{7;IZE%;GGRE7Uj7*e}$hL-(igzngq($c!>M!ef
z6N5<*QFlcG+)bAuz>z|h$xc;F7I;iv#5<KAfrcxsC|l_#9qiAhPZnj#%#fO4B|(Fs
z`aEO;)QM5fkiOjVhG;W?{qT-9h)6pZLeM}3XFpc2RqYnK&5&7u!kRL40f@4|^l{k7
ztTT>fRgqN*I9b9lrNlU9gBTU8BWVU$L?Rk3Nb@U|Ye~{=!?LZFh+|YadDqgkX(B}{
zr|HwWp=DT0p(&O+fZkkRHjQ}bACWySU?Nas8%93s2eboL0@gTx)>U0(O<|pAo8x|8
z{;Bs15`cS@>GpF<KDMNvY`pcajjdj{0pWQJA<}>=$u{}|ZqlZNxJ`T{|19+yt8+Uy
zn^c+yQXkA3iaDV4;}{ZlJA3mfp`uA0jm%CMXW=^a-Ap)BJuRXrRN74O78-tjBC;m4
z3B-s@{sx+uB|%7kL{W5L*|jBPU2S^!D3YOmf|0XQ0^N{dn(Doy7CEDTcx=L7YyA&%
z2b`HuLA#N~bQ&|9F;1H>HglRLvjB1W@D4lxuh=k8a-?8dD+EjS!AvF7gtc7K8EB$l
z9|EsKxtUGlTg|xUp;uIqRsLBrG@JDyz0_2xg+IOOVSKxPP7|7I@a|TU^P1q>(<M6f
z@P}Mmfn(BfVTAobcQa%wtb9r81y=JgUz%=dNEbNyvSeSyYN4|!kS%Gp;9sq=TE%RZ
zt=2Ky71(oMZW+W8y@Pa(3uK<$!2phlwSTcV=dNT6{dhW)Hm<dPpDi**ym_6LqA|1c
za@**C5k!zLaUNR6&iDV>{r~*_pLVC*|NSOVc>gcm^MjdmedI*{Sh}Gzb=|Mr{?jdY
z{``)U5e^?wLEP5;KOFsb5N5Cfhq+w-GeR8h0HWU;0@5q~N>*g+4mu5D<d0*?;6>n?
zylv5_HR{do>EA0Lr`f##TzegN4))e%s8)iyK-BjM8JGKH0h56a8h<}Y-wFA^ag7@N
zt2cmU_WDN|zkfdv#ld3XP7k^bcvt*yofY5zZ^2m^|K9>$+yC3i<pMbq`H%B}W~)pA
ze$OdD&PERK8pu~}#$B)XRhwe-n_-jdjU9B!_kObL>IOx%z&WY0jZ^w*pfBf?*4Us;
zKO?l83!~g1OTQ+xn|}eL+#qA0D%xG0Hor_W-T>ms;lBX5>;3O$xA^`~tJ&$4@&7I0
zxcK2S2G*UPL&$3NidV&3S+ufO479PeLRNC0NaLhm*~fS)s}%#s$;lUbzO}w3tOIVu
z|HkkCH9MQ%|LV5O`+si&U-16l&uAj$>)&Pe|7!M6oyY;w{#E4LoM|vhK88k$Agddw
zG(>%IuKybE^aE_^i`?0(Ea_`9-r{3BduN<plzD3jC6rJ?2_=+JLJ1|5P(leMlu$wm
WC6rJ?2_=;9P2pc@jbV`hcmM!e6ak(9

literal 4076
zcmV<I4-@boiwFP!E81TG1MM8`a-+!c{-URtvYor#iuGwpK0BpcFd&H-0SCxFU!{t|
z61J(6KmoKq=W5?Q-7|m?l2?0K$(vkg?+WPY>7JhH>F$AnN#Of&=uCe3=5Wve=(gMR
z2v9sW&*8jzcHV5a+Kukn`8SPbv)%1}LmCHcQwGZ@c0xkF34<X16y2`!|4}%u924^?
z2;FCAHY3$4sk`x{9;KN2B(;wUQuc$8c>Y5W&Yjo`eB#^(%b2)8;kgl%kod`q$b&a?
zPf7f;aLLi!@kz$5nsGY<c0cqrW5iqJtaAJ&P&wuWOV(75<4kRA2olGMl4)_AZfKUq
ziMnRMg-H)%Q!+U7R<?v;rSgOKKu-9vr41!Tmkg79`z^6;!Llvh7)TZ)ux)<Ct0HeR
zqKaT$KDo1n8(uol2UF)#*SIQ&|CZAQ*K9PtZ&ZG8{i*km*6&;TX61)?v8owQ7F?@Y
zs5U%noo&`Lc(Wk!ym^r;|FL#))?DY@JZ}}7BpbpeYcHIvSL}AX=Y@)@WL?RcX{+XD
zecz4my&$UkQK5xrMJ~F&txFb*VxK_E&k9vdUX?bhMvm_m+TQ7Qi&f<<LL+an-r7#1
zTkI`U9c`=W&kI$X-QpNpTgN_L8+@$Uy;xOb$1k1#o*%p6gEMiXeRz}Yu*3hi8s}%|
z|GVw;W~<X_q5to;8>Rn$3t0F6AKWlPzuvAjNR^n*d@*y0oS6vegJ&n;{z?2CR5Q~d
z;MO0!$7M)^LJc?y!Qv(K9-m_JPIymRF#Oe4quD0+FAyQzoIuNU<}|Wc7&vC$edvTQ
z1Y=0(x+Dr7;%6sx|3Y4ZC7D1d3Eim|LA1GF#xC(<0-m)VgiwDTz-)Ly)Y6~2Ar%A7
zn@1#gpceymOcXbYplsm!Zs^R2zPz7#6R50s6W5Pi;zVSDxai59rfuzGL(HTh5CDNa
zRr4>z^`IPOr@hvyHB)H`$5R4*_0Ea0{UHe!Sn)kH`i0CKXkA*fM!UcSL0A{VCov>m
z97(nK*O>PA!!kr+Wa`F_H;bS`b+538*uL^4NBa)wS*p<5JLlt{HB};n$f_k7eO|zG
z1Wm_O!K^^A;!Yr%*)kS#)2GSe6ynCi%z2DXL+BwFdIS_d^@C`>3?HJ?2!?v%(xP6Y
z@?qg~k8w3#`hVuQj3(uf7K3kRB-<(GGx&YA{-=0Pqfga*4BhGyX2ff9gLzoJ4<OF?
zk6S3dw(BZk53q1TXMVugkFaa~*J`y3>%YeNc^UuT1a__en0?Ur#7B|$=+o%+!3jO*
zeg<(Neqzy$_%6gu2vIHzW^#;CJX$_Jx={=zlrF7Cd}j`I@7+fTE6)%{fhk!oAm@c3
z4{><r#xaeoaX>KMga27VP{!yuhs+?D=NbV1Yf5PB@u9shlpPIL?wV$cFnG)~k$$C_
z%_UxN%(?g6_^FXxT?xEt^_pjmTB`#wy@AJ0QkKMp-n#1#A12L<=J$E#<XxdBSMd?D
zm`M;$-!u8S2*a@xDxaOEVTh$jF4T;cvlx^FmF`)(5J6vJ=Hju;gYhO$4rDN{3*8%f
z(3yTF3iaf;f^yue>g+k(%BrA@MTs!8szHN_D2O{>drtg6!D=85Cu4{IhX~Lu-v8@#
z&PxCP7LcX3)B%3&)|Bwp@D^To=lnn4od4(L{r@+C8{M>dQ8ao@nh4PU&5AZMHn6P<
z(lTGcR<w<B3HUz`i(uwWUJff`=l$Qt#{6$I%J}~#@EP}ib!sBzz2EZQ@2mHInHSmr
zecxmDpq8Y7&ud8zbWM?kyVbR#4TvJ$NJ@Gwk7VoeYHXNR1@CC)>k?S=tX=bhAnDcy
z*~9ZTssff2YrR7Dip(M!r$-({L(}uuI9BuyEk}Q_80XPYB7IF!v|Cvnq<u3QLzi7i
zMB$+ifG@|<A4B@PBv>3rIhAqz{}#gK?2wOsDeQ><?RLAk{|CrhW&D2&_>A~(pox5G
z_&<fS^D+nc1LpwLlk7bO_)3uO70V)SAraZkL~svT4qv3#40#}{e43aLgSVu7ecW(X
zhvSGhuJKyXRF!5gNx3DD*64>|AGj4QYaiXKmM^E9iH^yC2Dk|>J-##FXZWJp`6eO^
z3~j7eelR80d%U8oE}$xZrO4(`5?4q=QlKYt2wA=16*-3(tCqnF*LfOMx~*iYiGlxJ
zj2Tn#jNZt1C)9iw-sG3%f;}z5S%r@pjw`bN!I^o}cbGAuR=X0fc(R~#lL0@OxQm#G
zs+p4%tz<lSiCc?<ROWLK;?_y1@{Z+ttS?Xcw`+1(>oPf18Qt?ADerp1?nYOE2+?_7
z#mo~}Z_pIQL7msd?NDVG?^G2r3>F2ZNB7S3i1zuv0^hCG(0!9d=zah%!(8MnNXYM9
zT5}czQ+HaU4w4E^2X1rdw&}f%1|Nha1DP`yDs&NqG5IU$b|5REZZ~>zronR*On!-I
zTOVgZ_!2LD68LMq1WcLKwQeYiE?O2nQeo9@r*qc%-8`1lO&*_6&oqbWaPFnytyYVQ
z6NiG1-31YHN>;YIX-qf~fcD{enhp{N-032QGBO~#htOg=4e4M|7ENT@ZC_km<hf5~
z9-2*lf+rSwEUG*#ZSZL)vc5b?Z)dX2qE*W36I67MW<vF~^Rq)k7Qbtl$sI<<r}O`2
ztJ&>f{@?DLcRI}$=KrmBr`-SXCb0Ls38Ts?zrRUR<Ia|?CF`cgYHm+L={5&9#(f~4
zk%>}vM~vUd@fXe`WcITt0H;0kd^nHEQyecY>-Fd7=h~_oc!K(z(MN^G)t=({Z2xz+
zI4<$2Cb0-l4EP-rywM{O$eqX)QQ%D6yW9#SVum%=ZApcMOcHx{Zd5shc1*n+P{IIZ
zG*D9p74P=1(2ZnVX{K!5^_mA%1VD#j8K6G<*Fon8lF>V0^ZU^I2DJSabWn)0e+~Mw
zA>BgCe@G=@$pMBmfIk`L$YB3UTq&^FfK`fRE84)OH<Ll1WL2_;!}BX#nW$oN1&cRJ
z=2f$&1`M&X%N9jI=fK*9QTJs<>eW9uVI7j*`rM5obUdtx?so1SWq$PXPZ9n*qNNr;
z&{X9v6+)L_z;eV3g=VvRyU7Y`t?7mi(k;o@AU0pakH$uS6Px%Ez^^pP?+Ewe8lWl_
zOVI7U!Vk<17TM}<t$q6*)ng8=MgYUNz-~06f-z~N&*79nAB*c~9_&ekqnJz+0cbTi
zld*jNcE%ezE{7!()P==<Umn;xZw-4#C%@sPC>tMFU3q!(n>pkSX&npZFpxA^2W+pt
zj6x`JLbv{FY(Khzx2P);8171ntkWM;vZw(H*VF>Ra5QlY6v(AgQTvdYBLQnnJ-YY&
z%R2p`60)=GWEM=ES@9C-pn1AvD7}=tzHq}C+M{V{hD3#jZWMzuU`a!b`3~D0O5i~#
zee?tc<16#d#MbtXj?j<}<6J}-<UW|d7|g+<#vr7o0>)7%BZ@IFh8@5Z=vv4Yr9MAa
ztey{R<D45x(MMNd;7lh@6thL}>1a8Nz1;N_7TjtOn=i1I$tDxUCU-sZXk49(su{YA
z9QLS!oIYFP5m?KQV`(g{H+>6=J#G3Oj1Ln)3>eEHjHUr&sdEC1=7^3gPW%Ims{vk5
z&_?)LXz#lSmdz)>VbU6XgcDp&eEi$VZ_!H>yYr7Q!KW^6bf#(V$L}hJIn33Ko;Irh
zW)jTt-BKVwNPiU)2I@2Q)wDRsM9?50$m)Qlq^oP2da)kcp$rA0Xv?|{A(=NN7H$z`
z!iv6t9LcI|@>iy$T5u|+$u7Rli`@(86(V`PcZC@7*AnG(#hbEVv)ITuXY;dn1QGo-
z$q!DmaE2x<40&0#O~C*soNyHsex#2~#zRmf-mt-?u_A4xE0V<o!c2iE3=`A_cd033
zyzR-zL<xy(YbdFBw<1Mabbg`!vW_<~m;@1ZS0upQbQuC1DP)=KRK;Y0$K*x4Q~42S
zxYCNUm44E}{%rarS(eNUsTo!hG#IMSLnc6-808G<%Pnt+Hq#I9XoHBfb0Gu`RB-lV
z^;*?#q1z0Z1t_d3Ll=N33rrt}eat%JSXLETm4K5a3{y&sV>XCU!8(#=fJG#t(SkI;
zQn{8S-8L-ST8TJDm6LaEO`9fCv~rq0ts7c~wG^6SsRQWE^<~qDhyD@S;{qlEHMU{o
zvwlE3U?pIUV_nrn))dx>wmI(i<)3=LAOW~XnZABN$;X!Tla06jwXxOfHXuBYAw(K*
zCD}$_z)kv;5ML7*$v;cI#_HV8%_f!Rfz$`HhGGsV{Wyk%-Ok>8OQ>j4M<cTn##y*d
zeK!-%R8Na23Y9ifyoH9JpNOo<YyvSNlfQu`W=RkdQ4}3mc5Mk+SDPL_ie#vtVC1Zn
zKsRKVrh4zFMb79S9-HvjTK~h`0cR#u&~9WgoyH7jjMFBJ&77vmEI^z-yaNxwD>lrN
z94VOA3c-?nFjL7iVJ(+*2AU|?hrsJlZf4W?Rx_@7=oM9Dm4B8D&1QW_FEv$a;ZLu6
z7~ihbgytH&yOrd;CiwPriB3KIA=g&mm~>niVSmuwE7=MwUy^!()jZ6XGJ{?%aPnoz
zzM9oSXHy_s(rm%MT4S|}*(_VFW40@>=f2!Bh$DIj=^7WvJh_7b920B*VsXx0$rk$Y
zbS7<FYyCc3WQ=(8IxR(GX6NO$;r}9tAmco=jGg;`+5P|g{-1WI-2eY3P<a0{-SdN)
zbbaJR|6IDEGj-iB-2T%ocmDi=cmALcIm#4Co~`V9u0m_k=PFdqIiT~6_;1=rwB^H5
z+}8a+9Q}3_X0QT>xm^A;QXK98qTibW(kuQ-R%GiAIt^mvk7LQ;Mc|seZPTbV>do%y
zKPn)n*}VW<dmVQU_SR*nR)V@f)b|M)m-}P|jtWd>_M9A_o5MT+<D;EUpU`EG(xb{T
zQocJ$-wArpag7@Nt2cmU_WDm5zyCN8#ld3XP7k^bcvt*yofW_T&}x<6e|j5uZU1j4
zmkZ=f<Uh^>nyoSg_#>wPIU6~^Yd~MP8F#(j7j25oZ-z~-H+Ik^-+Rigs~Z&60_UX0
zHcsiMp+28eT4RGY{fyLZE{t-6Ed83)ZU&5UgN%KuYIk+o{4&jW1BfSw{{rN$_y3#S
z;`=|XW~Woe|F?kS;)m}TSa*63A*<CZUKMX;(aK&i(8ksZS;>7OkCT37A7iSlRty{`
zCtqm#+WMBT4!9BjE5HBO>}-Djt=lf||Gf!(#`}LiqluKS|CibStJyzwA_qwOlW()8
z!6^9{9w~yXZlKZ-_1U@pYrNAB@TD*EXRorPugQ3e5AE!m0raBGTT3XRgc3?9p@b4j
eD4~QBN+_X(5=tncgc3^l>hN!#D3<g9cmMz~cm87l

diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz
index 2f4dee49c8cd7be2a6734da76cc5f231add1b4f1..d5769fae4f168217f983a780a6bdd3be7bb4e23a 100644
GIT binary patch
literal 3780
zcmV;#4m<H5iwFQ<b}3*01MOUGbE8HQ-mmCaOv%1vx6ZQOEII3xE{9<xaYjG@*>UQs
zC@f){iUb^>b$na<->-Xk5klVeW><1@32m1IGt)giGd)lD41;FA=f$Bt`{mXCs0GwN
zIbq*G<?nX?wDYRnJ#C+KPFnr$>8n<|eRA4=MOu5*DW_Ew+aV#ZLf?-+Rqna`|5G}s
z9T4N*51j{lvFMXVgEXCZ){OF`<}9<28kQaUA#uH1KU~_e>wCn$@mDc%poHs0kVE2o
zHzK$0!Z{-GW8jeb()P$&Tq74(2YEjXRei#nq+2`KE7cBo!IV^m<2XZ|>H_6Bks2n)
zX}W5voT#a~$r<c(YEYdst|U_!*J?kwx8#tYn(CO!8r2Q*%{Rod1k*BkeMHTqfMxL$
zUJ-dKDO3~8vwLR|IN_NMZJ*m`n#wge{9nxjuH9;V*Q)*CcysqQ;~$#ZHuG&9tU2RZ
zz;)UswsE)9-R9GIqg3N*`)wir$K$u%_NL_aX{W4`qzl`k-Eg+a*zfmGON<IN&n4Bc
z6l0s;bK)D<j~ZT7(y&{WqG?ZcNf4C#1T^oKSPfpG+pLl8IVIhD{eGEMdZN<E4K}sy
zwfg1WGL*?voZhm;+U}Rf(0p?2<Bh>b&i>mqWAeS5`R{tM6W-c0C)$m?r|4Py@Ak_0
z-|trV|01-3|Kyz$Mu_Ss$1TzzhP@0H4v}&bAw$4*0^m>L2fvY<4gpNRb?;Uoa|y>F
zQSgJu(7n5l$!p;a>A>(eI<58zxp@Tt;1nt}9ec_AiivJx;ogLH_(;%$gpNZZ|2BTG
zL+5+)=&#5O97*WR-3WZm%_???8xz3SrXK?T(uX<mh)FAN?u4uwP;VI#|CZg1lqr#&
zD1y9^<2j+dAlm9?;m&|rc4v+kImC`gfN9aaGtYD#q9R7B2)I8G&zku?aa_p9y0c#E
z9JjODQi(?d`s%eEqy8cB17v&yN<Wf?4ccX#$E*tss0ew{c@mxS;)EW@zs9V;Z&x8!
zM&?dzyNd`I8at)0_v~wPi0Zrc=6RgZ*}3F{pH+ntLL|kc`j8j!8cEeKUNCClvbaO=
zX_i#TWHi5@1xMgWZWs1lbQA{AGtdD?(1Bnn^FjM4g#L4GFmQSoc$~is8-3S1X{^8m
z|DFlS`JZCj5yXFz0z0&qd&GXE=kUMX>6h@ob$Z&a@c$*~`S?Gv5Qb2E6uEaE!>@OC
z=-M|6K!*4}!8hVLfSLeOP6B6Aj5r>x?(Uo@h8$KdV<Vou1l}9x4uItWfE0w1RRFOM
zz&s%F!ii&st+7uK@m=q31+a|xxCGzeFAEC5gqjnEJ{~Ci$iy+YayHu*g#KOL6#6T3
zZfAJICG&gW#P_ZAE}i}ZHpx9dTCT#|4My_1+)r!#11~l6!}*&;cmY8$nma6rPd%Rl
z4AE*4gXZ88ZxSyMK?k8jaubJ=h$QzmI3~w|J_}vwAuq21bw}}A3hx*%B}I^@A|;7c
z97EORBmldY0IrI5LhEtdUmefjKdu1E@qe$^t?>UPC=YEI`u*P8RP@rc2JQXT@$CGE
z>+<~XSMlGAP~gK7_;J5=JiGtX>%3~8wA!7{X}8tsCh`ACHU2L_pRxa=F%zlweyY8n
zkM8{>D6;!~pM&ISO}^)X4{eHjFq$e$!u9%IR!2mpmsHN~rHN#oolkYctl=(9k(Zzi
z7Ks-Gs+qOh2l6?^AY%SxF;Q1FwCyn^Lsgd5D@hq;`c9_MjB`q49`q_RmhW}?FDjV(
z+6)R;i+yhWGkOO9Pfj{z{}07m75={jeFpyPXd+(=|3`3jTKRxKu@7KKvU3;kJ5hFE
zAV=YnBii;vc#xowUM{cd(nwPH%rOz2H#eRp;IV@yd{21&0`CP?QJD8i^G#{8QGN{e
zfd>+D{n&|xVm^DMd_ca8@F+y~{n~hwr<a>uR1s;Ut5dD^gF%zt<7Ih$1FZbHEE!`e
zt`l`CLr)YEB;}Hqr9#3~F?C+JD3(#^RV{Ct=zHJB=r#QZL?h3cG4l=F*)OXg*(=6b
zg*%l8HOYHtFWmWS^v>9-=e&443)tLDh@Z`zASR+>6l#jrb=<lsti^s-=Yt>O!5LtA
zodga^UmgyxHtI>V%j;o{(OmD2$!@0NE;R)TC1N-ZA1ZMmhvVGfUBBVZmceEoZVNw=
z$5>c_b>2s-ex_L)GE4QLOfmF>lCb)XJ+HHV|F7>k$HxfaBnX{%fHVnAF8s9kjl(z>
zzCU;7#|$KK+*nN;z4wt`U<#G;aKAhq#)7f1>H<HE$v;TH2Qdi)-RRz)`wx*n`z2yp
z-Yxv_F<yDZ_cr<^?}&}@ENfV{EB4JQYxH})ZtpkCSk1R(e4=@VG0p~XCyIAE9afz<
z7BrGRz9ef)-8P@Hy)YYO2Wq-c7;c(@HR#~<Lud+{ootkt>^9ccKY9E1ZL!+f!bM9e
z&im9@4@8B}tODveYqyT^uag`kYA{KExhEIv2Uy1#%I&3&Psji5cK@_|{-@LHcB=UQ
zC1~ey6MB+$e1DmS#=WPWESGFA;e9#`Wluz%7@q@w&M8wSubv2;*j`}YL2$o_d_eAn
z>%n!5IrniKoHd&d4-dyVD?SNpE)$k$OU2{+c)8g9E(gb@=xPv?@I;5tDbe7b5{RM5
zIg#N?+<Cn<2*`AEs##Qlz>JE6YbUDhqjgF1E};=RG)9GHO3=jX-8blx>gTE<nb(8%
z9vcFr!LW?5J-cs%#*e5z*rWPG=zSe@zk)W%MBaT1hLTRNAoSm7BVg$PhBSgd3FgRX
z_l-E0VbKAr71NT{k;OI@p*`v9WFrl)&vAvKi0R$h3_C0V`T~|LN#;<J>7e<}4x13?
zHkVEmA<`sS?2y}_p2O$a-y;04vs|{+N@SS)NLA$Pf#TO{6J983iRf9Yr3<SKO?3@w
zH>ti=*!WobWU3FhQ&ZT0^mR)LNBmvSjgKL%Rx<_78p{00*piX2>NXVI^(Y>2Xe9y|
zx(Rlo5(SJ$B|{FU0AebxpLwt!5x&KAS_n{9g)0g3cW+m)updezOXJP)pnmusZ$(M}
zQ0Tw2<|+!|-VU8&>fw81%<FWsFqp=Os*(n&g96*Hv32M8ZqSq|*sRvag*P?Oel_-C
z(8Q923ucaBMXET35-6rtQ-%<ZV*!ooaw7J|^_qbbE)bqj@n!@mXHE9Os?D$Ri-kY4
z7v)<lS4ZPCOjW0>^3aK5XbqUvSWR%lGR73pgH;;cL&o&nxHeGRLA{PfwI5&+VZeuA
z4pT4<lNpAPnGG09lT28Oj{a-+W|1s_ERhcRsca5BSQ{50C`+!h<+&tGwCLzO^zHe~
zj^bo9<7l#4#BSk!4r_14kBvv~>@c5WEH&K(DJJ7WT~v(F2@0w88cO<-%Ijc5KTheC
zZZ_zNq~z(wm({T!@1nzCk72lV7;KFbV7Mo2=n*CMFz`A+q@Ygl4Whxf5v;Bc-(y@G
zeSiyGbA0&c;rr+@ik;;LfPlG!XCYZ+{NdZ0Zj1}O(fu|Hq|E#!zJ>(F_tIabXo3N(
zww^b8nJFrG4@ns%@#^~CVlX#I4q`)wIFS^|;Li=Jm~bg(5iY*ah1~|p>xA?TuXVzN
zzo5*+p7VwzSc!);l9X&>4(j07kJ6yvDEDb#n!=cu6w45FNi$QSg3M2}iIIp9WXkIn
zKpDGHCz?#nq&k=i;E7=}T7Z(OJjET)M1V-KkY$dkV)0_y7*SQw`STcih}Q}~0bSSn
zu_E**4J^cB4<99J<cX?ornsLZ4SDeF42PH^5RP2&x@aY;;>L7REbA$7BqIeNd#YS0
z>J{{XE+uXTnI&iu)MkQx;@C`+wn>UCDHLRx!Z<64&d7p_6d1u&5ecG(q;ec()vMJm
zDAg?8v{FZQokUE$n7%q?SS%i5$yq?OX$*O)iE#$Zn2}63*FD%k3&t#OHjZEtVzExL
zjOlPF{WSOmQ>G^U$-+H(b!ra!ty&FF^iHIoDK0#+YpY<Y3Jb{?)+J9CFdU;lP9apb
z@^=r?QY^k=e$fu&+*w*W)J0LtwEYHu3B1^SNl%(W-k|LEC+Hh9yVG<Dj9MGiJEY70
z@VgCvoy|XVv1rG@pk7L1X7ov#KFvmWYUEH3Ba^6vY1;T2<_j-dV2g#KFnH^PBtQm3
zpoRg<owPw{1gb0wyaxG3ZuVEIe!)ZI6)|D{nd+*Q^aHz9723g%L1RA%r!l{O0T^ed
zVWI&Dm#tzM&h2ygAxegZiwW!xcBmj<gcNhKX|}fXVs3VZAX^j^^V0JS`5IumzI@rR
zos}#Qw$s;v|90Lw^nbbmJMPOT264hRSuSu5$&+gsz$r0zUoFnLbIC-Y%x2Qoy*eBw
zvG{~HF0x!S=HwcH<p2+f5QI(KLKDH*RFmj*qF&NnY*t4QOzc3+C+V5<ADvdKy#L!e
z=~d@HUW7K!f8=LA423tF6Fd6P$_eec<9y}ukA8LX<4=6@12LqYHzeIve|kr~xyi-$
z(^)f@kX%&ak93aYiC>T4o;?4-v0sqDkWAn(Kq>y11cxU;*pE&?(R2P>k|pyRIt_py
zmc=?Rg4A2*yVluRv)wxScMa;eowxAzJFf5sDt0o=&E)weKJNsx23ul%$R4=lk3gf^
z0hWB72(>{}`who|ycSn_8TBvs(6gePqSy}tXTH~CpwFHE@Ab;>e|0)1)$c#N2z~7Q
zXRi<o6inoc<A8Rj3IYDiAwa=K_V60OS02XP<ol{ak;TK1={>5KoL<V@D%V)2HP*>5
z@`Db)k?;`S?|lBh-RqoepZ~A$|3&CC&j0_6CQ`lrRiXb!(Vv0H9$-KHZ65PlV_={D
zYQ`2WOUhOfBXw$iHr9VkcJ@mh*;`@xVb<)REFLY+UoB%de?XM4sG^E0s;HuhDypcW
uiYlt8qKYc2sG^E0s;HuhDypcWiYlt8qKYc2sG^GgjPySSZ@`TJcmM!h5`xnJ

delta 3806
zcmV<44k7Wx9pN2+ABzY8x&6yt00Zq@dvl{k65oH(r<js`$!?uxy(~HFlx`0Lk~kwE
zfb2MRRTP%6O+^9@&^o@<e)sF10fdluz1fwVTteF=F|VGUnVw(wJkTug{UmZ`Kfl@^
zwSf93C-fVr{N3)Kc3!o+{Z{*=ciQQ8U$xrplhf`i(%PecOgXLM#EA%b6$L@^seI3+
z|DV!9?SPo~LF7I-i$$L_8l>qavu2z}HD{TI)G+Tbh=}Lk2GP<<yuc^UO|VLc3pqSD
zh7^+Adoj877VZ&A9z&PZmyS=?>>4?{I`Dfp)Qkylk#6l^uT(qW1xwacj^j*iY6ud?
ziIQn?oNj1;md1&?W>}m_Kc}W-aORb43FBJrop(zP`KhIiB}JDElYH|Hv2DS!E#4SO
z7RzAU{DfCU-e#F<f^~N9E<!gtbD-^W=S<hQ28aKvdC0X}t?yd3cdkG8ZnN@3OW!Vh
zn}q9<$t>hL?NYIEx6|D&XYgjJ#?$uOLi!KKZ@cY(P0sDpPFW<`5Vl!+(QLC|zu!MC
z6;vhbT-HomHMh(AZgS%Val?;G5_Zd6bp5F=3Bz)qfaKj$QIl7t?V_>cyCvCs{eHQq
z{6wX(7j8=1YxT>$WvY{>O8U!E(RRN)hSrl~pKJ_1mh8V>7i8bNng5=jxY4aMbK~9c
zdy1Za#s6*(@xRjt*l+b(i2wa=h5s)?8~9J&yHSj&esbI*4PrXWaN!a;R}nG<Tqgkj
zBzXuLx#|$W^jq(46;YFL3><|Ze2l!i`-Hp}-jEIqf1?BDo!mTveQ*mETCTICcEv)o
zvG8spCwe4kK_b^Bad4YFIFb83c??!$28JYma_3$Qw&rG)xWr2c;A=C8p!_m`Iq`^5
zD}U}rv>Fg^8I$0a21e?XC~h1>+Q{|Y$XO75b+hnhP+0M1t{=O^iAjiY@x43GWF4X)
zW-17nKVVOr`8{zxNXNRfUh5pUv)WRQM+ExnwUeOy5eY&p_y&Z2Bnt<m%Ss;8E-;~g
zA}ou>lNb^&PNd`HmxT8B?JB~`$lOgFZxKU*#!l($E&Ey>;`*+wdG054cFy_WCry<I
zA+l;o#*i2A8A;R8UodN6vbaOAX|`NQq%^;ug-2jWZWqp7d=!PyGtdD?(1D;S^FjM4
zg8p-F&~bVn`dqM#8hy_{X{<m6|DG{_$;&@gY)26PNeZ3FS?&@0k)Ff<cBfDA{{#ZP
z&MDx3>$Kml@c$*~dH<hj2t_D9j=ejd;@5j8@|>FmAVYG`@QwH`peBHn%iv5-5Xa-y
z-JKgJkV5li#fa}Lq3n%&2f*?GKnhIBDg@sLU>=Zo;U)>i)+8W^_?~~a0$4_Wd|ZNU
z2$lr_U_#9aMIRpoex&RuT)CTV3!~sJZ;JE_HEw4Z;Mn{gxXFDh4W-k6Kqt8$#LHE5
zyHSw5F89+K|G-Mkf@uDRF)ttpdUJ;b_NnD_p+LM^Bp^AM#2aP>V(1_=NFFmNj3v2u
zz%aQk^jYLV5BYfwC_A#>5_rddcqyxbG8HAlwBi`5E=K{_y##Pov=ds7<NoS+2LEvd
zP~QLP!7`x2{}-U#wV~+udrMQ%OVb*(_gBZW^B<l!{XdxhmH+o56b7&ae%x;z&-wqS
z?N%B8A+{R-m!Qws|Iw+6RC_<w-p@z(ei(}Ee&6SSoz~=gE_i5D+=J17HANP#*I`8)
z5k<O`lq@VyWb5pFYM53HcVUWU3F=^xctMbKt9JW9J|`P^%%99A8k$}VWA~!2k0mnH
z6h*s|)lnw@WD3nXmx#iHoMlGkup#|R608#AFJ5s)tHnOI{wY0!|0gG%GXA&lNT9<1
z7og9;e*;zIYvKP0o=z)&8}KK#0TfAgZUTNM$}SA#C|fc_+m;9~5)|Ug`87ix$ts^2
zCSvf`#%TgxJ7~i9gf}iQENH4qtyh|E$&-!zW6%%0kdVtqZ!8qk>5=jQ`7*+*5ZU)@
z^GzOKZgx>bq>-Ub_1ZgAV!g*J$~pi=`Ex}!$C9{?G$aLjq7Wf}tCzeY7b2#rW$?m9
zF^?);)$*o^f&XoSRx)@%H1gdURo~E?{k#g<UNO!p+^IaM$^Lt1;mu#8b;edbXT_6Q
zNarRael~N%govtHs3~68aqFe9mIPUy4?%<%XQ0Sy<~XpvJRDwa)Wf99>!FR&J^zmK
zZl>%mbrmu(HXMh4he{mq;W#gR-*0%cWw@D!+rm$z(IPa%I_;xXKhvxYo~8Pbrx*oc
ziCO)|nb&E*|2Od6<70$y5=QQOKpF;<iy+N@<I<9gAeg)JV+xWuZnUP2-up-|P=QKm
zxL=+QV?kMHbzu-C<R7Hp1D}L~ZhY^|gNHbn{Tx#%?-oIS^q8!C68Ibal6S<$c$OtB
z>lOW`l{NakUbpv~d93E!JU-Dp(;R05xD&xUoer%|91A*0k1xquQ@7QptS?jt>4lo^
z6N;NAU=0Qs{Ro;uXD1yc%DauV^-tcueOs({w(wAsit|2I)&o)HGp&Gn&f2YG{Ohob
zL=DR6FL!c(u|B{$Mptexb$r_YZ@2rW^#0GuX}8^n0Qmo%-buCp^CGl!zX>hL+P}X{
zUE|(UC(9+>V`ZOqL+OdAo8UR{=iD--{OXM1#PLJt4xIZ%8~}1JJRhDDOu0{z@T}Q<
zcz8I@i{eRGbIFRtTOuCcC(Fg|cR4sNMOTwpgeL}nd`=1O9!LayC~{5|coKJBZw(wW
z!<y>0q=I86iGyo5uI;0Bta+Ev2m>0UK{I7&;`QzubSW9<nkie?gZ3U90;I#RjIces
zZ-dT{BxA5g@rTg+2FQK|ZBU4^`xXpkL%IUjf1izjr3Wa|2>xW4Bct6n;#`462dq{s
zThT^;Hr-T&_N1$mjW~Qh#}$eyrlGYOc4!3j1uR)u;!swkLG!&6HNnqqF5Ngrq+v<)
zlG~u3!{^!GV*IbuRJzn+JS={ssmk?04QjOsFO;NY8-nS=YC}>(huSU4*vf2vEPgUI
zhTE|zY(V_FC50>gp6?~c5Lc^Nf^H8Leq?Tc@yJ(o8v^cn6c0Gm5&;z50zJ`)3d*CA
zA%{}{F%{R(Jm`-I-(or~1jwtwlZ@%R*DF}q59N`q^VWD!Kl~MgqHKI9^xs)?6-N+u
zBDWZO_^UbQ4QVqosK!XrWF2A$g<`)X_MIDeVN;PnXZ1cVyd@L$SEnDQ#575`py~*J
zTBM0n$boEXHFXH?IA+i#Lt$)hJii&b(E{NK1#iX>bJnCEwA%bBe^>-FXHgDfzB($W
zX=#Q;E05ebf!2UpjWvcFwmFsnJ!qxzJtR!e&1(~-9n|ZnRQmxI5e9q+>M#Y>u&81P
znc9G&G|7a<7-+wCuNG_pWQ)>}pDNaWz=ySQ0fMsVI$fU2!bFdc&ZEGY&zv}6n;A!w
z)gti<;W@0m)gUn+{j<Y-j?vh36Qmf83w2R7BR4F>)@#V=ODeB}4*f8drqX7Eo`_<n
z8DCb%eyocDgFS}fHej%IPJrQ_(4j|^*u%gZ0Fi<=!8eEo-^Q@IKKvE^+V}&1Jm8w+
z!#@vyjUVI0U48%vn7eovl6uA;zO5PNxKK8}-!1|%vtWs@Awl-N^jFE7pa83{=gnSb
ziU!t0R!7WVU59N7a|3n}8xq8ctjZ>TZc3^Jk7DNG;tO5aZ4kYVNZ;^UM@;w&iCWlm
z-joHKSxA$`WD|2x2fKchIt536xlIGr6vn))+NNO0x|K2&6n>&lOvXY`B;K$A%4k5F
z=!#^q>R>8>C5Fjp14?Sj6n8us15v_Ewl$Vin-|l@h?<JVpGV(AyjJ-M$hww~W|4l>
zK|^eM*eFY89;q2tiu){T$b)64I79^jcjSsUM4O3<8`CUX)>B|eMk+vm_Ef!4wJYcY
zLuO_M3(L?VsLcZX#Ic#Ow#lj@s}k_CgmIP;jgbu%sW5`6AToFjta2P>&9BuiBuTdo
z%T5j1HS?HwF@1H)w5dNtqcewSQyKDD3;hh3F(XCVT=!rDZ5Xq>**JpC#iE^Lo73S?
z{&Da##!M~gM;rI#wW&3K=(lP$ywN+6f0A(Fkv-c5RaL1=MzM~aETB6k{V)Yr+0NfR
zNOMvDirPgdN^)aq8&H>oQl{-U`AaB^-N$;;67mLR!5^V-tSqD(GAOk^sCP)0{^55U
z{yLj~Xkt;1p@4QNi<#21IAfZP@YKwq97cwTgmL=#8s-bH*r1Dlg{&}m>j>r`gCa<#
z3Co?dL8t_pA_}|?>1M9>SDJCbL*rGE75+&wG@JDU4Qi^?!H+>>KM1E&yMF-~XQghU
z2?&?1Vkyq;bNM04rjCmV><=`2>qSU0C7WhzO)sW0&08-DifQS6hI|dMU0=Rz*iK>#
zgzfmX<G-D@cKx4!ZorQF@`*v5&`p*LTto8Y8U}Dmtld|ObM9QW5Gb>mv=!EdL*|Q5
zc=IAlMP+8s04xW1DTE+w;ue|+%BESwkS5xtw2RH^7@Ub6u=ylCbN{2$YSI1Qe&_VG
z-|2Sn{>Mr0wA%lD3EI5>k>B|+Ro-e&ocKR0H*)5#`<2&!Kl;_pk3aFv55$mq-jH-x
z{plU`=4L6npH7>(gy^CWf24aPPyBiW_vHN#j{brKx?}=}4odOIBsjbQLVt7uvYzwj
zvLaj8&}jhtuq-xs5xCyE-?h%pn(fxnziUv(?YxD-@3_JnsMyIcH`)0no_B&;gD%lN
zqz5kf5olb0JHVW;8B+&Xwcl_Y@N03Umr?(6hn^MX6emF#y7RqW1AXrPf3Mds{r*Fz
zb5i~O!;8?z?tk_QzCb}mzSs|FcPba)&+GyebYu^&0et0U%*}FNbt$rV88Qu{c<lC4
zW>&ezI<B#fevuz^_>F{@@P6m}|LtDqWb6Kah5s)`L!WW~|0h(D>h-S*{XdHS6h!s_
z`{{4<Sl2oQ`}9{cws2Wix1uO%Q|q&_{$sqeU+T!-3d=9EW*24gYH|K*84dgaQNELo
U4k`{R`ZLo10ClEqp#XRQ041<>6#xJL

diff --git a/shorewall4/policy b/shorewall4/policy
index 59142ff..2e5fe13 100644
--- a/shorewall4/policy
+++ b/shorewall4/policy
@@ -17,8 +17,8 @@ vpn             net             ACCEPT
 vpn             fw             ACCEPT
 fw              vpn             ACCEPT
 fw              net             ACCEPT
-net             all             DROP            info
+net             all             DROP
 vpn		vpn		DROP
 # THE FOLLOWING POLICY MUST BE LAST
-all		all		REJECT		info
+all		all		REJECT
 
diff --git a/shorewall6/policy b/shorewall6/policy
index 9a01ad9..8b37313 100644
--- a/shorewall6/policy
+++ b/shorewall6/policy
@@ -15,7 +15,7 @@
 
 vpn             all             ACCEPT
 fw              all             ACCEPT
-net             all             DROP            info
+net             all             DROP
 # THE FOLLOWING POLICY MUST BE LAST
-all             all             REJECT          info
+all             all             REJECT
 
diff --git a/tun0.glorytun b/tun0.glorytun
index abd7ab1..a7fd471 100644
--- a/tun0.glorytun
+++ b/tun0.glorytun
@@ -1,4 +1,5 @@
 PORT=65001
+HOST=0.0.0.0
 DEV=tun0
 SERVER=true
 MPTCP=true
diff --git a/tun0.glorytun-udp b/tun0.glorytun-udp
index a89e1a8..670bbac 100644
--- a/tun0.glorytun-udp
+++ b/tun0.glorytun-udp
@@ -1,4 +1,6 @@
 BIND=0.0.0.0
 BIND_PORT=65001
+HOST=0.0.0.0
+PORT=5000
 DEV=tun0
 OPTIONS="chacha persist"
diff --git a/v2ray-server.json b/v2ray-server.json
index 5d2b544..1fae64e 100644
--- a/v2ray-server.json
+++ b/v2ray-server.json
@@ -1,6 +1,6 @@
 {
 	"log": {
-		"loglevel": "debug",
+		"loglevel": "warning",
 		"error": "/tmp/v2rayError.log"
 	},
 	"transport": {