diff --git a/debian/changelog b/debian/changelog index 12a86ee..ef7d9d2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +omr-server (0.1028) unstable; urgency=medium + + * Many changes + + -- OpenMPTCProuter Fri, 14 Oct 2022 09:02:22 +0200 + omr-server (0.1026) unstable; urgency=medium * Many changes diff --git a/debian10-x86_64.sh b/debian10-x86_64.sh index 814a06c..e69de29 120000 --- a/debian10-x86_64.sh +++ b/debian10-x86_64.sh @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian11-x86_64.sh b/debian11-x86_64.sh index 814a06c..e69de29 120000 --- a/debian11-x86_64.sh +++ b/debian11-x86_64.sh @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 712682e..9b19d00 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -5,14 +5,9 @@ # This is free software, licensed under the GNU General Public License v3 or later. # See /LICENSE for more information. # --echo '====================================================================================' -echo '本脚本由蚂蚁聚合路由器出品。仅供DIY爱好者免费学习使用。请勿用于商业。' -echo '如果用于商业请选择蚂蚁聚合商业版,openmptcprouter合作伙伴请访问官网http://55860.com' -echo '5秒后自动开始安装' -echo '====================================================================================' -sleep 5 UPSTREAM=${UPSTREAM:-no} +UPSTREAM6=${UPSTREAM6:-no} SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} @@ -36,7 +31,7 @@ OPENVPN=${OPENVPN:-yes} DSVPN=${DSVPN:-yes} WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-no} -if [ "$UPSTREAM" = "yes" ]; then +if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" ]; then SOURCES="yes" fi NOINTERNET=${NOINTERNET:-no} @@ -52,6 +47,11 @@ if [ "$UPSTREAM" = "yes" ]; then KERNEL_PACKAGE_VERSION="1.6" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}" fi +if [ "$UPSTREAM6" = "yes" ]; then + KERNEL_VERSION="6.1.0" + KERNEL_PACKAGE_VERSION="1.30" + KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" +fi GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" GLORYTUN_UDP_BINARY_VERSION="0.3.4-5" GLORYTUN_TCP_BINARY_VERSION="0.0.35-3" @@ -69,7 +69,7 @@ V2RAY_VERSION="4.43.0" V2RAY_PLUGIN_VERSION="4.43.0" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" -if [ "$UPSTREAM" = "yes" ]; then +if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then SHADOWSOCKS_VERSION="410950d87d8cdf8502d8f59a79dc0ff4c7677543" fi IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" @@ -78,11 +78,11 @@ DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server" VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)} -VPSURL="https://openmptcprouter.55860.com/" -REPO="repo.55860.com" +VPSURL="https://www.openmptcprouter.com/" +REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} -OMR_VERSION="1031" +OMR_VERSION="0.1029-test" DIR=$( pwd ) #" @@ -166,7 +166,7 @@ fi # Force update key [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { echo "Update OpenMPTCProuter repo key" - wget -O - http://repo.55860.com/openmptcprouter.gpg.key | apt-key add - + wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - } CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')" @@ -261,6 +261,14 @@ else Pin: origin ${REPO} Pin-Priority: 1001 EOF + if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ]; then + cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref + Explanation: Prefer libuv1 Debian native package + Package: libuv1 + Pin: version * + Pin-Priority: 1003 + EOF + fi if [ -n "$(echo $OMR_VERSION | grep test)" ]; then echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref @@ -364,11 +372,11 @@ apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox echo "Install iperf3 OpenMPTCProuter edition" apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 -if [ "$UPSTREAM" = "yes" ]; then +if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then echo "Compile and install mptcpize..." apt-get -y install --no-install-recommends build-essential cd /tmp - git clone https://github.55860.com/Ysurac/mptcpize.git + git clone https://github.com/Ysurac/mptcpize.git cd mptcpize make make install @@ -399,7 +407,7 @@ if [ "$SOURCES" = "yes" ]; then #wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz cd /tmp rm -rf shadowsocks-libev - git clone https://github.55860.com/Ysurac/shadowsocks-libev.git + git clone https://github.com/Ysurac/shadowsocks-libev.git cd shadowsocks-libev git checkout ${SHADOWSOCKS_VERSION} git submodule update --init --recursive @@ -407,11 +415,11 @@ if [ "$SOURCES" = "yes" ]; then #cd shadowsocks-libev-${SHADOWSOCKS_VERSION} #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch #patch -p1 < 020-NOCRYPTO.patch - #wget https://github.55860.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch #patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch - #wget https://github.55860.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch #patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch - #wget https://github.55860.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch #patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch # Shadowsocks eBPF support #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch @@ -420,7 +428,7 @@ if [ "$SOURCES" = "yes" ]; then #apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev #cd /tmp #rm -rf libbpf - #git clone https://github.55860.com/libbpf/libbpf.git + #git clone https://github.com/libbpf/libbpf.git #cd libbpf #if [ "$ID" = "debian" ]; then # rm -f /var/lib/dpkg/lock @@ -569,10 +577,15 @@ if [ "$OMR_ADMIN" = "yes" ]; then fi apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen echo '-- pip3 install needed python modules' - echo "If you see any error here, I really don't care: it's about a not used module for home users" + echo "If you see any error here, I really don't care: it's about a module not used for home users" #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U - pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U + pip3 -q install netjsonconfig + pip3 -q install fastapi -U + pip3 -q install jsonschema -U + pip3 -q install python-multipart jinja2 -U + pip3 -q install starlette + pip3 -q install starlette mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 mkdir -p /etc/openmptcprouter-vps-admin/intf [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn @@ -580,11 +593,11 @@ if [ "$OMR_ADMIN" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in - wget -O /tmp/openmptcprouter-vps-admin.zip https://github.55860.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip + wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip cd /tmp unzip -q -o openmptcprouter-vps-admin.zip cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ - if [ -f /usr/local/bin/omr-admin.py ]; then + if [ -f /usr/local/bin/omr-admin.py ] || [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n") [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") [ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 @@ -631,7 +644,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then systemctl enable omr-admin-ipv6.service } systemctl enable omr-admin.service - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable omr-admin.service [ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service fi @@ -701,8 +714,12 @@ fi if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in + wget -O /usr/bin/omr-update ${VPSURL}${VPSPATH}/omr-update + chmod 755 /usr/bin/omr-update else cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service + cp ${DIR}/omr-update /usr/bin/omr-update + chmod 755 /usr/bin/omr-update fi # Install simple-obfs @@ -720,7 +737,7 @@ if [ "$OBFS" = "yes" ]; then else apt-get install -y --no-install-recommends build-essential autoconf libtool libssl-dev libpcre3-dev libev-dev asciidoc xmlto automake git ca-certificates fi - git clone https://github.55860.com/shadowsocks/simple-obfs.git /tmp/simple-obfs + git clone https://github.com/shadowsocks/simple-obfs.git /tmp/simple-obfs cd /tmp/simple-obfs git checkout ${OBFS_VERSION} git submodule update --init --recursive @@ -742,9 +759,9 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then echo "Install v2ray plugin" if [ "$SOURCES" = "yes" ]; then rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.55860.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.55860.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz cd /tmp tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin @@ -756,7 +773,7 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then #cd /tmp #rm -f /var/lib/dpkg/lock #apt-get install -y --no-install-recommends git ca-certificates golang-go - #git clone https://github.55860.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin + #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin #cd /tmp/v2ray-plugin #git checkout ${V2RAY_PLUGIN_VERSION} #git submodule update --init --recursive @@ -800,7 +817,7 @@ if [ "$V2RAY" = "yes" ]; then fi systemctl daemon-reload systemctl enable v2ray.service - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable v2ray fi fi @@ -824,10 +841,10 @@ if [ "$MLVPN" = "yes" ]; then apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git rm -rf /tmp/mlvpn cd /tmp - #git clone https://github.55860.com/markfoodyburton/MLVPN.git /tmp/mlvpn - #git clone https://github.55860.com/flohoff/MLVPN.git /tmp/mlvpn - git clone https://github.55860.com/zehome/MLVPN.git /tmp/mlvpn - #git clone https://github.55860.com/link4all/MLVPN.git /tmp/mlvpn + #git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn + #git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn + git clone https://github.com/zehome/MLVPN.git /tmp/mlvpn + #git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn cd /tmp/mlvpn git checkout ${MLVPN_VERSION} ./autogen.sh @@ -883,7 +900,7 @@ if [ "$UBOND" = "yes" ]; then apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git rm -rf /tmp/ubond cd /tmp - git clone https://github.55860.com/markfoodyburton/ubond.git /tmp/ubond + git clone https://github.com/markfoodyburton/ubond.git /tmp/ubond cd /tmp/ubond git checkout ${UBOND_VERSION} ./autogen.sh @@ -991,7 +1008,7 @@ if [ "$OPENVPN" = "yes" ]; then # openvpn --genkey --secret static.key #fi if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ ! -d /etc/openvpn/ca ]; then - wget -O /tmp/EasyRSA-unix-v${EASYRSA_VERSION}.tgz https://github.55860.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v${EASYRSA_VERSION}.tgz + wget -O /tmp/EasyRSA-unix-v${EASYRSA_VERSION}.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v${EASYRSA_VERSION}.tgz cd /tmp tar xzvf EasyRSA-unix-v${EASYRSA_VERSION}.tgz cd /tmp/EasyRSA-v${EASYRSA_VERSION} @@ -1073,7 +1090,7 @@ if [ "$OPENVPN" = "yes" ]; then mkdir -p /etc/openvpn/ccd systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable openvpn@tun0 fi systemctl enable openvpn@bonding1.service @@ -1098,7 +1115,7 @@ if [ "$SOURCES" = "yes" ]; then apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config rm -rf /tmp/glorytun-udp cd /tmp - git clone https://github.55860.com/angt/glorytun.git /tmp/glorytun-udp + git clone https://github.com/angt/glorytun.git /tmp/glorytun-udp cd /tmp/glorytun-udp git checkout ${GLORYTUN_UDP_VERSION} git submodule update --init --recursive @@ -1163,10 +1180,10 @@ if [ "$DSVPN" = "yes" ]; then apt-get install -y --no-install-recommends build-essential git ca-certificates rm -rf /tmp/dsvpn cd /tmp - git clone https://github.55860.com/jedisct1/dsvpn.git /tmp/dsvpn + git clone https://github.com/jedisct1/dsvpn.git /tmp/dsvpn cd /tmp/dsvpn git checkout ${DSVPN_VERSION} - wget https://github.55860.com/Ysurac/openmptcprouter-feeds/raw/develop/dsvpn/patches/nofirewall.patch + wget https://github.com/Ysurac/openmptcprouter-feeds/raw/develop/dsvpn/patches/nofirewall.patch patch -p1 < nofirewall.patch make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL' make install @@ -1189,7 +1206,7 @@ if [ "$DSVPN" = "yes" ]; then apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable dsvpn-server@dsvpn0 fi fi @@ -1214,13 +1231,13 @@ if [ "$SOURCES" = "yes" ]; then apt-get -y install build-essential pkg-config autoconf automake rm -rf /tmp/glorytun-0.0.35 cd /tmp - if [ "$UPSTREAM" = "yes" ]; then - wget -O /tmp/glorytun-0.0.35.tar.gz https://github.55860.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then + wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz else wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz fi tar xzf glorytun-0.0.35.tar.gz - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35 fi cd glorytun-0.0.35 @@ -1381,8 +1398,8 @@ fi if [ "$TLS" = "yes" ]; then VPS_CERT=0 - apt-get -y install dnsutils socat - if [ "$VPS_DOMAIN" != "" ] && [ "$(dig +noidnout +noall +answer $VPS_DOMAIN)" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then + apt-get -y install socat + if [ "$VPS_DOMAIN" != "" ] && [ "$(getent hosts $VPS_DOMAIN | awk '{ print $1; exit }')" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then echo "Generate certificate for V2Ray" set +e diff --git a/multipath b/multipath index 41c3880..23d87e1 100755 --- a/multipath +++ b/multipath @@ -115,26 +115,48 @@ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH else - ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}') - IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}') + ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}') + IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}') IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }') [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null case $TYPE in "off") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } exit 0;; "on") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null - ip mptcp endpoint add $IP dev $DEVICE subflow fullmesh + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } + for i in $IP; do + ip mptcp endpoint add $i dev $DEVICE subflow fullmesh + done exit 0;; "signal") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null - ip mptcp endpoint add $IP dev $DEVICE signal fullmesh + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } + for i in $IP; do + ip mptcp endpoint add $i dev $DEVICE signal + done exit 0;; "backup") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null - ip mptcp endpoint add $IP dev $DEVICE backup fullmesh + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } + for i in $IP; do + ip mptcp endpoint add $i dev $DEVICE backup fullmesh + done exit 0;; "") case "$IFF" in diff --git a/omr-pihole.sh b/omr-pihole.sh index 8310b72..bfffd4a 100644 --- a/omr-pihole.sh +++ b/omr-pihole.sh @@ -8,6 +8,11 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then echo "This script doesn't work with Debian Stretch (9.x)" exit 1 fi +if [ "$(id -u)" -ne 0 ]; then + echo "You must run the script as root" + exit 1 +fi + echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end." echo "Don't apply Pi-hole firewall rules." diff --git a/omr-service b/omr-service index 9f8bb57..3898c5d 100755 --- a/omr-service +++ b/omr-service @@ -6,7 +6,7 @@ _multipath() { source /etc/shorewall/params.net for intf in `ls -1 /sys/class/net`; do if [ "$intf" != "bonding_masters" ]; then - if [ "$intf" = "$NET_IFACE" ]; then + if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on [ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && { multipath $intf signal @@ -52,6 +52,15 @@ _glorytun_tcp() { _dsvpn() { [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null + if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then + localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)" + [ -z "$localip" ] && localip="10.255.251.1" + remoteip="$(echo $localip | sed 's/\.1/\.2/')" + if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then + logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN" + systemctl restart dsvpn@dsvpn0 + fi + fi } _shadowsocks() { @@ -77,15 +86,19 @@ _omr_api() { } _lan_route() { - cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' | + cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]?' | while IFS=$"\n" read -r c; do - vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') - if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ] && [ -n "$(grep lanips /etc/openmptcprouter-vps-admin/omr-admin-config.json)" ]; then - echo "$c" | jq -c -r '.lanips[] //empty' | - while IFS=$"\n" read -r d; do - network=$(ipcalc -n $d | grep Network | awk '{print $2}') - [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null - done + if [ -n "$c" ]; then + vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') + if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then + echo "$c" | jq -c -r '.lanips[]? //empty' | + while IFS=$"\n" read -r d; do + if [ "$d" != "" ]; then + network=$(ipcalc -n $d | grep Network | awk '{print $2}') + [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null + fi + done + fi fi done } diff --git a/omr-test-speed b/omr-test-speed index 863232f..15666e1 100644 --- a/omr-test-speed +++ b/omr-test-speed @@ -1,8 +1,8 @@ #!/bin/sh # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -OVH=false -if [ "$1" = "ovh" ]; then - OVH=true +HETZNER=false +if [ "$1" = "hetzner" ]; then + HETZNER=true INTERFACE="$2" else INTERFACE="$1" @@ -13,9 +13,9 @@ fi exit 0 } -if [ "$OVH" = false ]; then +if [ "$HETZNER" = false ]; then echo "Select best test server..." - HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" + HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" bestping="9999" for pinghost in $HOSTLST; do domain=$(echo $pinghost | awk -F/ '{print $3}') @@ -32,7 +32,7 @@ if [ "$OVH" = false ]; then done fi -[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" +[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin" echo "Best server is $HOST, running test:" trap : HUP INT TERM diff --git a/omr-test-speedv6 b/omr-test-speedv6 index ca3d64d..3db10fe 100644 --- a/omr-test-speedv6 +++ b/omr-test-speedv6 @@ -1,8 +1,8 @@ #!/bin/sh # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -OVH=false -if [ "$1" = "ovh" ]; then - OVH=true +HETZNER=false +if [ "$1" = "hetzner" ]; then + HETZNER=true INTERFACE="$2" else INTERFACE="$1" @@ -14,9 +14,9 @@ fi } -if [ "$OVH" = false ]; then +if [ "$HETZNER" = false ]; then echo "Select best test server..." - HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" + HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" bestping="9999" for pinghost in $HOSTLST; do domain=$(echo $pinghost | awk -F/ '{print $3}') @@ -33,7 +33,7 @@ if [ "$OVH" = false ]; then done fi -[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" +[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin" echo "Best server is $HOST, running test:" trap : HUP INT TERM diff --git a/omr-update b/omr-update index 33b3fa6..ff2e201 100755 --- a/omr-update +++ b/omr-update @@ -1,6 +1,6 @@ #!/bin/sh if [ -f /etc/openmptcprouter-vps-admin/update ]; then - wget -O - http://www.openmptcprouter.com/server-test/debian10-x86_64.sh | sh + wget -O - http://www.openmptcprouter.com/server/debian10-x86_64.sh | sh rm -f /etc/openmptcprouter-vps-admin/update reboot fi diff --git a/omr-update.service.in b/omr-update.service.in index 231803a..99120f8 100644 --- a/omr-update.service.in +++ b/omr-update.service.in @@ -4,7 +4,7 @@ After=network.target network-online.target [Service] Type=simple -Restart=never +Restart=no ExecStart=/usr/bin/omr-update #ExecStart=/usr/share/omr-server/debian9-x86_64.sh AmbientCapabilities= diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index 67d46c4..92957ef 100644 Binary files a/openmptcprouter-shorewall.tar.gz and b/openmptcprouter-shorewall.tar.gz differ diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz index d5769fa..eeb36f2 100644 Binary files a/openmptcprouter-shorewall6.tar.gz and b/openmptcprouter-shorewall6.tar.gz differ diff --git a/shadowsocks.conf b/shadowsocks.conf index d6d760a..0b813e7 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -58,6 +58,6 @@ net.ipv4.conf.default.log_martians = 0 # MPTCP settings net.mptcp.mptcp_checksum = 0 -net.mptcp.mptcp_syn_retries = 2 +net.mptcp.mptcp_syn_retries = 4 net.mptcp.mptcp_scheduler = blest net.ipv4.tcp_ecn = 2 diff --git a/shorewall4/shorewall.conf b/shorewall4/shorewall.conf index be836d4..d1ed03f 100644 --- a/shorewall4/shorewall.conf +++ b/shorewall4/shorewall.conf @@ -137,7 +137,7 @@ ADMINISABSENTMINDED=Yes AUTOCOMMENT=Yes -AUTOHELPERS=No +AUTOHELPERS=Yes AUTOMAKE=No @@ -163,7 +163,7 @@ DISABLE_IPV6=No DOCKER=No -DONT_LOAD=nf_conntrack_sip +DONT_LOAD= DYNAMIC_BLACKLIST=Yes diff --git a/shorewall6/params.vpn b/shorewall6/params.vpn index e69de29..a7a7058 100644 --- a/shorewall6/params.vpn +++ b/shorewall6/params.vpn @@ -0,0 +1 @@ +OMR_ADDR=fe80::a00:2 diff --git a/tun0.glorytun b/tun0.glorytun index a7fd471..2a6c695 100644 --- a/tun0.glorytun +++ b/tun0.glorytun @@ -4,4 +4,4 @@ DEV=tun0 SERVER=true MPTCP=true IPV6=true -OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue" \ No newline at end of file +OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 1024 multiqueue" \ No newline at end of file diff --git a/ubuntu18.04-x86_64.sh b/ubuntu18.04-x86_64.sh index 814a06c..e69de29 120000 --- a/ubuntu18.04-x86_64.sh +++ b/ubuntu18.04-x86_64.sh @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/ubuntu19.04-x86_64.sh b/ubuntu19.04-x86_64.sh index 814a06c..e69de29 120000 --- a/ubuntu19.04-x86_64.sh +++ b/ubuntu19.04-x86_64.sh @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/ubuntu20.04-x86_64.sh b/ubuntu20.04-x86_64.sh index 814a06c..e69de29 120000 --- a/ubuntu20.04-x86_64.sh +++ b/ubuntu20.04-x86_64.sh @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file