From 743ce1eb1be433608f26e8909e4dc03668e6acea Mon Sep 17 00:00:00 2001
From: suyuan <175338101@qq.com>
Date: Sun, 12 Mar 2023 12:14:18 +0800
Subject: [PATCH] fixx

---
 debian/changelog                  |   6 ++
 debian10-x86_64.sh                |   1 -
 debian11-x86_64.sh                |   1 -
 debian9-x86_64.sh                 | 107 +++++++++++++++++-------------
 multipath                         |  40 ++++++++---
 omr-pihole.sh                     |   5 ++
 omr-service                       |  31 ++++++---
 omr-test-speed                    |  12 ++--
 omr-test-speedv6                  |  12 ++--
 omr-update                        |   2 +-
 omr-update.service.in             |   2 +-
 openmptcprouter-shorewall.tar.gz  | Bin 4192 -> 4154 bytes
 openmptcprouter-shorewall6.tar.gz | Bin 3780 -> 3803 bytes
 shadowsocks.conf                  |   2 +-
 shorewall4/shorewall.conf         |   4 +-
 shorewall6/params.vpn             |   1 +
 tun0.glorytun                     |   2 +-
 ubuntu18.04-x86_64.sh             |   1 -
 ubuntu19.04-x86_64.sh             |   1 -
 ubuntu20.04-x86_64.sh             |   1 -
 20 files changed, 145 insertions(+), 86 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 12a86ee..ef7d9d2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+omr-server (0.1028) unstable; urgency=medium
+
+    * Many changes
+
+ -- OpenMPTCProuter <contact@openmptcprouter.com>  Fri, 14 Oct 2022 09:02:22 +0200
+
 omr-server (0.1026) unstable; urgency=medium
 
     * Many changes
diff --git a/debian10-x86_64.sh b/debian10-x86_64.sh
index 814a06c..e69de29 120000
--- a/debian10-x86_64.sh
+++ b/debian10-x86_64.sh
@@ -1 +0,0 @@
-debian9-x86_64.sh
\ No newline at end of file
diff --git a/debian11-x86_64.sh b/debian11-x86_64.sh
index 814a06c..e69de29 120000
--- a/debian11-x86_64.sh
+++ b/debian11-x86_64.sh
@@ -1 +0,0 @@
-debian9-x86_64.sh
\ No newline at end of file
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 712682e..9b19d00 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -5,14 +5,9 @@
 # This is free software, licensed under the GNU General Public License v3 or later.
 # See /LICENSE for more information.
 #
--echo '===================================================================================='
-echo '本脚本由蚂蚁聚合路由器出品。仅供DIY爱好者免费学习使用。请勿用于商业。'
-echo '如果用于商业请选择蚂蚁聚合商业版，openmptcprouter合作伙伴请访问官网http://55860.com'
-echo '5秒后自动开始安装'
-echo '===================================================================================='
-sleep 5
 
 UPSTREAM=${UPSTREAM:-no}
+UPSTREAM6=${UPSTREAM6:-no}
 SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
 DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
@@ -36,7 +31,7 @@ OPENVPN=${OPENVPN:-yes}
 DSVPN=${DSVPN:-yes}
 WIREGUARD=${WIREGUARD:-yes}
 SOURCES=${SOURCES:-no}
-if [ "$UPSTREAM" = "yes" ]; then
+if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" ]; then
 	SOURCES="yes"
 fi
 NOINTERNET=${NOINTERNET:-no}
@@ -52,6 +47,11 @@ if [ "$UPSTREAM" = "yes" ]; then
 	KERNEL_PACKAGE_VERSION="1.6"
 	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
 fi
+if [ "$UPSTREAM6" = "yes" ]; then
+	KERNEL_VERSION="6.1.0"
+	KERNEL_PACKAGE_VERSION="1.30"
+	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
+fi
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 GLORYTUN_UDP_BINARY_VERSION="0.3.4-5"
 GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
@@ -69,7 +69,7 @@ V2RAY_VERSION="4.43.0"
 V2RAY_PLUGIN_VERSION="4.43.0"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
-if [ "$UPSTREAM" = "yes" ]; then
+if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 	SHADOWSOCKS_VERSION="410950d87d8cdf8502d8f59a79dc0ff4c7677543"
 fi
 IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
@@ -78,11 +78,11 @@ DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server"
 VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)}
-VPSURL="https://openmptcprouter.55860.com/"
-REPO="repo.55860.com"
+VPSURL="https://www.openmptcprouter.com/"
+REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}
 
-OMR_VERSION="1031"
+OMR_VERSION="0.1029-test"
 
 DIR=$( pwd )
 #"
@@ -166,7 +166,7 @@ fi
 # Force update key
 [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
 	echo "Update OpenMPTCProuter repo key"
-	wget -O - http://repo.55860.com/openmptcprouter.gpg.key | apt-key add -
+	wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
 }
 
 CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')"
@@ -261,6 +261,14 @@ else
 		Pin: origin ${REPO}
 		Pin-Priority: 1001
 	EOF
+	if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ]; then
+		cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
+			Explanation: Prefer libuv1 Debian native package
+			Package: libuv1
+			Pin: version *
+			Pin-Priority: 1003
+		EOF
+	fi
 	if [ -n "$(echo $OMR_VERSION | grep test)" ]; then
 		echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list
 		cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
@@ -364,11 +372,11 @@ apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
 echo "Install iperf3 OpenMPTCProuter edition"
 apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
 
-if [ "$UPSTREAM" = "yes" ]; then
+if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 	echo "Compile and install mptcpize..."
 	apt-get -y install --no-install-recommends build-essential
 	cd /tmp
-	git clone https://github.55860.com/Ysurac/mptcpize.git
+	git clone https://github.com/Ysurac/mptcpize.git
 	cd mptcpize
 	make
 	make install
@@ -399,7 +407,7 @@ if [ "$SOURCES" = "yes" ]; then
 	#wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
 	cd /tmp
 	rm -rf shadowsocks-libev
-	git clone https://github.55860.com/Ysurac/shadowsocks-libev.git
+	git clone https://github.com/Ysurac/shadowsocks-libev.git
 	cd shadowsocks-libev
 	git checkout ${SHADOWSOCKS_VERSION}
 	git submodule update --init --recursive
@@ -407,11 +415,11 @@ if [ "$SOURCES" = "yes" ]; then
 	#cd shadowsocks-libev-${SHADOWSOCKS_VERSION}
 	#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch
 	#patch -p1 < 020-NOCRYPTO.patch
-	#wget https://github.55860.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch
+	#wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch
 	#patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch
-	#wget https://github.55860.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
+	#wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
 	#patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
-	#wget https://github.55860.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch
+	#wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch
 	#patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch
 	# Shadowsocks eBPF support
 	#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch
@@ -420,7 +428,7 @@ if [ "$SOURCES" = "yes" ]; then
 	#apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev
 	#cd /tmp
 	#rm -rf libbpf
-	#git clone https://github.55860.com/libbpf/libbpf.git
+	#git clone https://github.com/libbpf/libbpf.git
 	#cd libbpf
 	#if [ "$ID" = "debian" ]; then
 	#	rm -f /var/lib/dpkg/lock
@@ -569,10 +577,15 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	fi
 	apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen
 	echo '-- pip3 install needed python modules'
-	echo "If you see any error here, I really don't care: it's about a not used module for home users"
+	echo "If you see any error here, I really don't care: it's about a module not used for home users"
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
-	pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U
+	pip3 -q install netjsonconfig
+	pip3 -q install fastapi -U
+	pip3 -q install jsonschema -U
+	pip3 -q install python-multipart jinja2 -U
+	pip3 -q install starlette
+	pip3 -q install starlette
 	mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
 	mkdir -p /etc/openmptcprouter-vps-admin/intf
 	[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn
@@ -580,11 +593,11 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
 		wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in
-		wget -O /tmp/openmptcprouter-vps-admin.zip https://github.55860.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
+		wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
 		cd /tmp
 		unzip -q -o openmptcprouter-vps-admin.zip
 		cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
-		if [ -f /usr/local/bin/omr-admin.py ]; then
+		if [ -f /usr/local/bin/omr-admin.py ] || [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
 			OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d  "\n")
 			[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
 			[ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
@@ -631,7 +644,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		systemctl enable omr-admin-ipv6.service
 	}
 	systemctl enable omr-admin.service
-	if [ "$UPSTREAM" = "yes" ]; then
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		mptcpize enable omr-admin.service
 		[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service
 	fi
@@ -701,8 +714,12 @@ fi
 
 if [ "$LOCALFILES" = "no" ]; then
 	wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in
+	wget -O /usr/bin/omr-update ${VPSURL}${VPSPATH}/omr-update
+	chmod 755 /usr/bin/omr-update
 else
 	cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service
+	cp ${DIR}/omr-update /usr/bin/omr-update
+	chmod 755 /usr/bin/omr-update
 fi
 
 # Install simple-obfs
@@ -720,7 +737,7 @@ if [ "$OBFS" = "yes" ]; then
 		else
 			apt-get install -y --no-install-recommends build-essential autoconf libtool libssl-dev libpcre3-dev libev-dev asciidoc xmlto automake git ca-certificates
 		fi
-		git clone https://github.55860.com/shadowsocks/simple-obfs.git /tmp/simple-obfs
+		git clone https://github.com/shadowsocks/simple-obfs.git /tmp/simple-obfs
 		cd /tmp/simple-obfs
 		git checkout ${OBFS_VERSION}
 		git submodule update --init --recursive
@@ -742,9 +759,9 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then
 	echo "Install v2ray plugin"
 	if [ "$SOURCES" = "yes" ]; then
 		rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.55860.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
 		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
-		wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.55860.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
 		cd /tmp
 		tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
 		cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
@@ -756,7 +773,7 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then
 		#cd /tmp
 		#rm -f /var/lib/dpkg/lock
 		#apt-get install -y --no-install-recommends git ca-certificates golang-go
-		#git clone https://github.55860.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin
+		#git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin
 		#cd /tmp/v2ray-plugin
 		#git checkout ${V2RAY_PLUGIN_VERSION}
 		#git submodule update --init --recursive
@@ -800,7 +817,7 @@ if [ "$V2RAY" = "yes" ]; then
 	fi
 	systemctl daemon-reload
 	systemctl enable v2ray.service
-	if [ "$UPSTREAM" = "yes" ]; then
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		mptcpize enable v2ray
 	fi
 fi
@@ -824,10 +841,10 @@ if [ "$MLVPN" = "yes" ]; then
 		apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git
 		rm -rf /tmp/mlvpn
 		cd /tmp
-		#git clone https://github.55860.com/markfoodyburton/MLVPN.git /tmp/mlvpn
-		#git clone https://github.55860.com/flohoff/MLVPN.git /tmp/mlvpn
-		git clone https://github.55860.com/zehome/MLVPN.git /tmp/mlvpn
-		#git clone https://github.55860.com/link4all/MLVPN.git /tmp/mlvpn
+		#git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn
+		#git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn
+		git clone https://github.com/zehome/MLVPN.git /tmp/mlvpn
+		#git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn
 		cd /tmp/mlvpn
 		git checkout ${MLVPN_VERSION}
 		./autogen.sh
@@ -883,7 +900,7 @@ if [ "$UBOND" = "yes" ]; then
 		apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git
 		rm -rf /tmp/ubond
 		cd /tmp
-		git clone https://github.55860.com/markfoodyburton/ubond.git /tmp/ubond
+		git clone https://github.com/markfoodyburton/ubond.git /tmp/ubond
 		cd /tmp/ubond
 		git checkout ${UBOND_VERSION}
 		./autogen.sh
@@ -991,7 +1008,7 @@ if [ "$OPENVPN" = "yes" ]; then
 	#	openvpn --genkey --secret static.key
 	#fi
 	if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ ! -d /etc/openvpn/ca ]; then
-		wget -O /tmp/EasyRSA-unix-v${EASYRSA_VERSION}.tgz https://github.55860.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v${EASYRSA_VERSION}.tgz
+		wget -O /tmp/EasyRSA-unix-v${EASYRSA_VERSION}.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v${EASYRSA_VERSION}.tgz
 		cd /tmp
 		tar xzvf EasyRSA-unix-v${EASYRSA_VERSION}.tgz
 		cd /tmp/EasyRSA-v${EASYRSA_VERSION}
@@ -1073,7 +1090,7 @@ if [ "$OPENVPN" = "yes" ]; then
 	mkdir -p /etc/openvpn/ccd
 	systemctl enable openvpn@tun0.service
 	systemctl enable openvpn@tun1.service
-	if [ "$UPSTREAM" = "yes" ]; then
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		mptcpize enable openvpn@tun0
 	fi
 	systemctl enable openvpn@bonding1.service
@@ -1098,7 +1115,7 @@ if [ "$SOURCES" = "yes" ]; then
 	apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
 	rm -rf /tmp/glorytun-udp
 	cd /tmp
-	git clone https://github.55860.com/angt/glorytun.git /tmp/glorytun-udp
+	git clone https://github.com/angt/glorytun.git /tmp/glorytun-udp
 	cd /tmp/glorytun-udp
 	git checkout ${GLORYTUN_UDP_VERSION}
 	git submodule update --init --recursive
@@ -1163,10 +1180,10 @@ if [ "$DSVPN" = "yes" ]; then
 		apt-get install -y --no-install-recommends build-essential git ca-certificates
 		rm -rf /tmp/dsvpn
 		cd /tmp
-		git clone https://github.55860.com/jedisct1/dsvpn.git /tmp/dsvpn
+		git clone https://github.com/jedisct1/dsvpn.git /tmp/dsvpn
 		cd /tmp/dsvpn
 		git checkout ${DSVPN_VERSION}
-		wget https://github.55860.com/Ysurac/openmptcprouter-feeds/raw/develop/dsvpn/patches/nofirewall.patch
+		wget https://github.com/Ysurac/openmptcprouter-feeds/raw/develop/dsvpn/patches/nofirewall.patch
 		patch -p1 < nofirewall.patch
 		make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL'
 		make install
@@ -1189,7 +1206,7 @@ if [ "$DSVPN" = "yes" ]; then
 		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
 		DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
 	fi
-	if [ "$UPSTREAM" = "yes" ]; then
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		mptcpize enable dsvpn-server@dsvpn0
 	fi
 fi
@@ -1214,13 +1231,13 @@ if [ "$SOURCES" = "yes" ]; then
 	apt-get -y install build-essential pkg-config autoconf automake
 	rm -rf /tmp/glorytun-0.0.35
 	cd /tmp
-	if [ "$UPSTREAM" = "yes" ]; then
-		wget -O /tmp/glorytun-0.0.35.tar.gz https://github.55860.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+		wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz
 	else
 		wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
 	fi
 	tar xzf glorytun-0.0.35.tar.gz
-	if [ "$UPSTREAM" = "yes" ]; then
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35
 	fi
 	cd glorytun-0.0.35
@@ -1381,8 +1398,8 @@ fi
 
 if [ "$TLS" = "yes" ]; then
 	VPS_CERT=0
-	apt-get -y install dnsutils socat
-	if [ "$VPS_DOMAIN" != "" ] && [ "$(dig +noidnout +noall +answer $VPS_DOMAIN)" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then
+	apt-get -y install socat
+	if [ "$VPS_DOMAIN" != "" ] && [ "$(getent hosts $VPS_DOMAIN | awk '{ print $1; exit }')" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then
 		if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then
 			echo "Generate certificate for V2Ray"
 			set +e
diff --git a/multipath b/multipath
index 41c3880..23d87e1 100755
--- a/multipath
+++ b/multipath
@@ -115,26 +115,48 @@ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
 
         printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
 else
-        ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}')
-        IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}')
+        ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}')
+        IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}')
         IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
 	RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
         [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
         case $TYPE in
                 "off")
-                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        [ -n "$ID" ] && {
+                            for i in $ID; do
+                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
+                            done
+                        }
                         exit 0;;
                 "on")
-                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
-                        ip mptcp endpoint add $IP dev $DEVICE subflow fullmesh
+                        [ -n "$ID" ] && {
+                            for i in $ID; do
+                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
+                            done
+                        }
+                        for i in $IP; do
+                            ip mptcp endpoint add $i dev $DEVICE subflow fullmesh
+                        done
                         exit 0;;
                 "signal")
-                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
-                        ip mptcp endpoint add $IP dev $DEVICE signal fullmesh
+                        [ -n "$ID" ] && {
+                            for i in $ID; do
+                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
+                            done
+                        }
+                        for i in $IP; do
+                            ip mptcp endpoint add $i dev $DEVICE signal
+                        done
                         exit 0;;
                 "backup")
-                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
-                        ip mptcp endpoint add $IP dev $DEVICE backup fullmesh
+                        [ -n "$ID" ] && {
+                            for i in $ID; do
+                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
+                            done
+                        }
+                        for i in $IP; do
+                            ip mptcp endpoint add $i dev $DEVICE backup fullmesh
+                        done
                         exit 0;;
                 "")
                         case "$IFF" in
diff --git a/omr-pihole.sh b/omr-pihole.sh
index 8310b72..bfffd4a 100644
--- a/omr-pihole.sh
+++ b/omr-pihole.sh
@@ -8,6 +8,11 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
         echo "This script doesn't work with Debian Stretch (9.x)"
         exit 1
 fi
+if [ "$(id -u)" -ne 0 ]; then
+	echo "You must run the script as root"
+	exit 1
+fi
+
 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
 echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end."
 echo "Don't apply Pi-hole firewall rules."
diff --git a/omr-service b/omr-service
index 9f8bb57..3898c5d 100755
--- a/omr-service
+++ b/omr-service
@@ -6,7 +6,7 @@ _multipath() {
 	source /etc/shorewall/params.net
 	for intf in `ls -1 /sys/class/net`; do
 		if [ "$intf" != "bonding_masters" ]; then
-			if [ "$intf" = "$NET_IFACE" ]; then
+			if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then
 				[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
 				[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
 					multipath $intf signal
@@ -52,6 +52,15 @@ _glorytun_tcp() {
 
 _dsvpn() {
 	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
+	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then
+		localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)"
+		[ -z "$localip" ] && localip="10.255.251.1"
+		remoteip="$(echo $localip | sed 's/\.1/\.2/')"
+		if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
+			logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
+			systemctl restart dsvpn@dsvpn0
+		fi
+	fi
 }
 
 _shadowsocks() {
@@ -77,15 +86,19 @@ _omr_api() {
 }
 
 _lan_route() {
-	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' |
+	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]?' |
 	while IFS=$"\n" read -r c; do
-		vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
-		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ] && [ -n "$(grep lanips /etc/openmptcprouter-vps-admin/omr-admin-config.json)" ]; then
-			echo "$c" | jq -c -r '.lanips[] //empty' | 
-			while IFS=$"\n" read -r d; do
-				network=$(ipcalc -n $d | grep Network | awk '{print $2}')
-				[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
-			done
+		if [ -n "$c" ]; then
+			vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
+			if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
+				echo "$c" | jq -c -r '.lanips[]? //empty' | 
+				while IFS=$"\n" read -r d; do
+					if [ "$d" != "" ]; then
+						network=$(ipcalc -n $d | grep Network | awk '{print $2}')
+						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
+					fi
+				done
+			fi
 		fi
 	done
 }
diff --git a/omr-test-speed b/omr-test-speed
index 863232f..15666e1 100644
--- a/omr-test-speed
+++ b/omr-test-speed
@@ -1,8 +1,8 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
-OVH=false
-if [ "$1" = "ovh" ]; then
-	OVH=true
+HETZNER=false
+if [ "$1" = "hetzner" ]; then
+	HETZNER=true
 	INTERFACE="$2"
 else
 	INTERFACE="$1"
@@ -13,9 +13,9 @@ fi
 	exit 0
 }
 
-if [ "$OVH" = false ]; then
+if [ "$HETZNER" = false ]; then
 	echo "Select best test server..."
-	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
 	bestping="9999"
 	for pinghost in $HOSTLST; do
 		domain=$(echo $pinghost | awk -F/ '{print $3}')
@@ -32,7 +32,7 @@ if [ "$OVH" = false ]; then
 	done
 fi
 
-[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
 
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM
diff --git a/omr-test-speedv6 b/omr-test-speedv6
index ca3d64d..3db10fe 100644
--- a/omr-test-speedv6
+++ b/omr-test-speedv6
@@ -1,8 +1,8 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
-OVH=false
-if [ "$1" = "ovh" ]; then
-	OVH=true
+HETZNER=false
+if [ "$1" = "hetzner" ]; then
+	HETZNER=true
 	INTERFACE="$2"
 else
 	INTERFACE="$1"
@@ -14,9 +14,9 @@ fi
 }
 
 
-if [ "$OVH" = false ]; then
+if [ "$HETZNER" = false ]; then
 	echo "Select best test server..."
-	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
 	bestping="9999"
 	for pinghost in $HOSTLST; do
 		domain=$(echo $pinghost | awk -F/ '{print $3}')
@@ -33,7 +33,7 @@ if [ "$OVH" = false ]; then
 	done
 fi
 
-[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
 
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM
diff --git a/omr-update b/omr-update
index 33b3fa6..ff2e201 100755
--- a/omr-update
+++ b/omr-update
@@ -1,6 +1,6 @@
 #!/bin/sh
 if [ -f /etc/openmptcprouter-vps-admin/update ]; then
-        wget -O - http://www.openmptcprouter.com/server-test/debian10-x86_64.sh | sh
+        wget -O - http://www.openmptcprouter.com/server/debian10-x86_64.sh | sh
         rm -f /etc/openmptcprouter-vps-admin/update
         reboot
 fi
diff --git a/omr-update.service.in b/omr-update.service.in
index 231803a..99120f8 100644
--- a/omr-update.service.in
+++ b/omr-update.service.in
@@ -4,7 +4,7 @@ After=network.target network-online.target
 
 [Service]
 Type=simple
-Restart=never
+Restart=no
 ExecStart=/usr/bin/omr-update
 #ExecStart=/usr/share/omr-server/debian9-x86_64.sh
 AmbientCapabilities=
diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index 67d46c4e05633e7be5618a85267cacb4c9a732fd..92957efcab04f4eca8eb09a1b98a997dd26d155f 100644
GIT binary patch
literal 4154
zcmV-A5XJ8wiwFRpt_foR1MNKhbE8JG`z!h@rewd%Zk_c3`igy}%OOA#&j<)0J5F5{
zg(YlLkw6d7I)17B->+u|5JK{5FDrR-Ioi8|>FMd7kDl%xm|+(9ejGZpU*4S#ngHE)
zn_K~kSGEWDY^&F6wpzVrhke&%*><<{4mD3$rwrCn?1Tut3xgp39NnS(|4=xqoFVfm
z2;FCAu|TyNYPj*N5v7>MEY*(+rW^(#^8AM&TspBA_{g~r)-iH{!gC|YLGhCpp$Bi_
zUZD78<)Z4+@lnRDmT{{ByB~&{G2t!Ls+_$ERL*$8k~NiK7*m@Xg2XVQWLgZP8=9pt
zqOKW`Fv(?VN(N)z%9b#$RDSRt&^bS~w6Ub<l3}91`~}&zVA&RLj3kQ^*fu}mRgt$T
zQAMz>p4`RC4X+&NgSm61YfO#7|JL&r!#11WH!DB5{@i;=%MUGmx9~%}+LVlED~4kW
z#l|hJwOh{M&4R=pdzs7sv3}WNw>h&tu2?165O!I6;cUBLx7+O%3aXMdkTug*&E4|8
z8{d0DRP&=k4O>Mny1uVVR;yy4K+Ri)q9(6OyG0|%cMEmzbi2i(@*bg)x7x04r`av`
zmZ?tmmGqZ|qHMP~hSuJ(kGBRNm+W3{3exM>&VSF3-SEMgxzRDK$$mIs|2a_2cWk=_
zL>$*_x3K;1vZeih6WF%@AKfs*cD-G1q8c)t<!a#~Ia3id1j~-V{G<3esAZ~yz^p%b
zkL!>)g*tE)g4IjtJwC<gz3>5XFtRnS$+pq`3wQ`OC(v@8CGjj4b{q@uK6JttgndZp
zx+n@B;%6sx|At<IHJX7d3EjCDfw#F|$1d_>1eUcCgiwANz-)NIsI@<LLm~#Mw~SEm
zKoTQ$iWE1BAaCUQZs;tKzP?|0GbpThGuMw?<V0wNanX}IPwP6w6)}^FfCB{fq?vz1
zt_S&8cG_!PolT`B94`>`)q5w#^$$_7!UaD-rC-p(f!d`d>!b@z5QNKO_lXRN7bj9Z
z{xv53{jd(PFf?~#$6G{DpmtO^f^XkglIpP?dKM~hN9TO@v!+T2Az8H~W5^5m9)qUi
zP{FK#vtrJ{o7pnXWadw^)dl#ChlTSPU4+m>F7yaA{K5~S<vM(bE+QD}nM<<z&C17>
z&pgJpc<uj{VKSPOLz)e?os#UQST5lA)$*U?{rvb^)@;Gd79I?54b$u|J&!&o_c3&9
zYnV^3l@69+?LGi6<v;GB_|}H61Oh83be1Rd{TL3d|2VE)SpPM9-CpVc-vSP;|EPWt
z|HMa;_vjPv_0b7E=Y9cxA%3FX4f!tkOmI;yb!Kvmy?C^Kd~~B2atK{o4EfFy%HF$=
z;8vc&jRI4&UO~(YP9FU5!i{6%S>pg<e-9R94Ne(*$0bAt!7^6?ut0M}e2)+HeIe|K
zvvRjuwhDvCtR>Q~B(k}}35FW?z8gO^lhi=qO{>qgnsu%NKD~*rog^>u3;k`=A3n_3
zOZNLbbM(H@lN<jCQOqm|=O3v2oQGlP4Utc8Q#V9IBo|6X>qQKWgeKk7a3O-e#F2|f
zBM-_OJvk7;xGr>W=s{=tnJC;&hAA|Td9^u5cDJ%BC{s~FRITbzp&|-A$G4sn|4pzN
zh||e9VE@4bbc@gbIvuXG|8D_VXiE&>x2{bIZw+r@bq~(}-tPSGmCt|P1a5TG=0(xy
zvm_88|JjN*F?O(A1=CVnL07cRauN3*5369|&0bC`<IwZpCf6-I|80UXDChrMz!yCK
z)rpFf&wk5izpp;~rB>wl&wbD6i&~TdeqW1nplgaO+-=f|HbRPYBPnTGp2*hKU}~6F
z1wWI_mqoDV*-G<*AnDc)*~9Zbssa`jOT9w&ip(M!Pmer^hNhEestox_le0yF*i@Y$
zFg`)S>>5jGs40qeE32cl$0k$g$bp0u9(o3(F%0=Jr2mx!=&EmRl}dOk2-k~KzWOC_
z!2h?~?c)9)AZJVe{}%8C{@=hV^0n^&0`7Wc4Dct80f;3zdI<21Al)mLdEi1IvKxuu
zJ!Cn2kzO<8k*xA*V1f+ZlJe#8hO-7-C%kcu(}Jd|Bzj5mEqSs<KL-84ThX%mk-cj9
ze6pG74E;X9o8Z#xd-FqvFE%@0MGPZDo9dMxOo{d$uPB=Y6y*nsY>p*ygES-sdLoCA
z)f--sbBL*G8N6_vr%|QbO4c+n@V|?3#1uSZYvj8#qP{C{_RD%j-xlFng<mzCRb>C8
zv+(BcaRh~1btv$PXDc!{De$wIyNZ#hnmI|)M#h7en6)@aWj+TX-Z}|I-qVPT_T~BT
zc1sSeT_%S#M)&+j!n={MyU|r3!stA&V&n;|cW8>@pv>#y4m9Nu@3bjm7_16RtM|^l
zO8Wf&1K+LJvH3=;(ESKjhMLGlkdWWIq~sz9=I*>s3?vbp4&3h0?Q8cw8vG(G8OWTv
z5TUCejM3jww*yfLF}u-|GY_7lVD?Ky>iW0{!k2jMqrl(lC16UWZgoRZbWyX&l?bbK
zJDpbN-{!HN@ACLe^GtJ`4(CxS&T$+OCyoUjcNcibIojyzt}@|?0JIO!^K_6H;7*n-
zgpmQ>J%k#QX-EcxuwXIMZu|1`GS8jvUfG)9iH4quDsM65Z6{`Zb)G)Xq?<)+gw<!L
z$R5pv>RZQWr-sab*Ks6w8X2FD|5=Xh^vLr+uEq7(F5p?N&6WE<-UN;wH({@`iSKWc
z(73Z_Yst3i(USXvP_oUzjqyH^FNj15yDH^3ar~9@2$B6F3czSDJRk03^c2Udt48Db
z`MJI+29}_)r1Vjta`mTpxj6pQErv;Ks);PbBLjY?NQbn9Aa+6nq`;kcbh#A>#0+by
z+mZ?anI!h_+^BMj*3stOKqCxjj0Vk=p^10LZ_tfo3^Y@=?)vNr8v>xiu#9kfj^75I
zA4x|4gw-EH?;B9}TWEuVl;gKxC>zo(g#4#$1S~l~kw)+*!yFkMzYzlk78|fiv1~;f
z+2mm|v?p1WY~k?z0Iy6`F-gJV&60W5?5hDqZ1j>N2<RMGyHM((tVsRFM<;AR(A!wL
zQG^W-%_6&<`_;^jUj0vm|5Zt@#g8;qxl4tRB^a=r@Is;5*pOB#$qH+$>V^)|Ey>s+
zHebU}rp9m=o7fS+Z(5Sy5$?rxKvgQ1pxZ-*ADKHWven&I{f<4VXAIUF0TkZ?z0r^g
z%A}zogQo<xv3MQLgFcCH6_aTq0IddhGR{A~p7Dl`m&1|?&4tDOP#)PjZ;kua^WSh%
zl#NfDuDm+`%^dTFw2cLI7)hF}1Ge8-M<L`mq1*U1wjbTVTQw936n7&<*2#}4SwsPa
zYodXmIGQ*G3e2TaQHKzjV**;4Ms)A_R}Jz*BxHBl%_5jNi((SfLG^UWQ2Hr(W95bm
ztdFLp84?j5x={>`0Zkff)OOhBSON<|=%Xjdm=4T46W6w1tztzwjd2lSkcXfGQ&0zs
zD1(ry3MfYdO$f%oKI{alK-NOGC=L0kV)cDk8|TbWimndAz?sjSD5i_xi^+Nsd%5%+
z7TjtOn=i1I$tDxQCQm)`XuLWXRWo!~Ic&9pIeoFjDrn1(Q)wz~SA7qPzE}D;7@x+0
z7%-M&7)=AlQfCAh%?TM<Jn>I3t_D~=L7U)Xq5bb7ST>*khJ)7V6WrkC#HW9p{}#PO
zvAg^P6MXLCjm{+O{q$YMFvq#F(bH}bz|4XrK3fXpC+V+3z(8!KzL^#$nFty<1X&%?
zkaUx_i52V99m<d)ingrV;F5V$qV5)>OjywukP}&zO@3fXss*=V8tmfJytsP-y+I_$
zdpC#)e=QL{1KyMcoBBq|Ih&vTDtPpZBtE#v+!<D3Va&^_Z3+e$;e@N8@DqJvQXYaL
z@rDg1jU=>*u1FS@2NMOHFw9RItfi(*@l#LAK$I|%ZH*-rKdeZoEi$`s>t!83!l3*`
z+;T+%+)bAvz>GqSNpDpgD)2aT5${xf0`1$hiHMSZ(n0%d^2S(}%nYd+R^l=!YRE$z
zKuj3n48hASZ-_Q+9e$n-BGRq}2Q*T_)KArGRl9{wGi2(Xa7h_@07O}!_;}E#v@gzN
zRgqN*I9b9trNmy$1~Dq=Mp6yXheR~iAI+~+t|dvg4a>GRBF=D=lasclO~NQrI1Qe*
z)hxqW3JI{(5%lKvqG`fI|A_Qu0TqE;Y{R%`{eZQA=726vbycUMc1AnVHmAd({8RrI
zOaR7FCWj9Q`P7nrvhjm|ZEE$qO>oXraF7P1B-<DYc#A$E#D@eX^3PJgxw*G<b4evp
zAhE!-qBsJSew;$MZfED-5-JkX5x?w&aptU3%T0yTrl(m1g&S?Acnhn2ej3s$)9FKr
zO#TL{n1w)?h@i;8(zGRHU7aR>f>E>5ly1l{LG^x>LoM=$uPpp=+kZG}z;hA`Xg9K$
zPGE{Nrm6U;nQLV-129e>-@)AH6&vPAjug~tgP>tPsHkL`u!>7M0;?zJhQRBPZ)P+2
zRx_@7=n++<g@2X|&8GcFlA0=U_@`exjaAo4D02;V-AbZe6Rdi=I48FKl&dN*N;+N=
z;r<}|ShBTMJ}0#Rn>m=zO}D9}OPhRNvhQWH#Mu={7c+bCua?-XUv~30E13NaIC5X^
z8N>;Bc65!G#yq-%0h}W1_+s&#8^{*6;pt4;No&I)U0zIh^E%DN%1rOe4a0vph#=xT
zwTwgie_Jf~j%_!)Y`4X=TV1^Wr`;}}|Gx<o&VQzResCn+m^jh@t=-U>yY5$R|LK-H
zfBwWff3OXyW(`T+tsHu<LQ0YMDx{f9K<6v*N7_fU=fhFV-u*ue`F0eJVFd<9botLn
zF?a_M`Q8+e4)}qr$krWn8hFYdr;@>oz%@N>)9%%q4X%Ch&kB=6e!mCVY3@U^`;go|
zWNRO?y${*RBfFQB3~+2W!S!GgbSa8UP?s3>eL}|MzN3Lv1uP7Gd5>S_!{me+K{SE9
zHq74dN0l>7`TjgTsPuthnsxHmXadXZOi~$I{4R*%V6}4RC*1~o$p5!ny~6n)j%$_Y
zf8GRM+yC3i#R54M`Q32<%atL(pE(4`>BtF=0e$6W-0gB-wJA2g88%7p?4V1&_mrh;
zI~277=cL3wPU)wizMNB9Vuv>UjMQN+lyZkG{T|d|29$D#jDD)>aPhs>C*QI<To%Z7
zXmVe=I?P~0{9kYoDxRJG3y_D-|FhlV_a8a7Jpc1Ha8~^A9R=%7&mm;BHsDq9Ru--7
zh=De>Hpoiu6M2mEEBzQ#<!lq3GmM;kqUl>VxP&dh8}YyK`9HSPF3$gEw~YVa2EO3@
z-_KY@%H#iK^#5w~PmIV3!v5sjtf@0fK8A;iAgep5)J1)9tp6JC^aFh9LH_J0OL|Pk
zTYYS2-wa3-vqhTt^GA>+lu$wmC6rJ?2_=+JLJ1|5P(leMlu$wmCHxWLU!*femH>DF
E0Q3<h8UO$Q

literal 4192
zcmV-m5TEZKiwFP<!|!4M1MM7ZbE8IbzoK6;CHs=yI?EF175hq;Lx3dC2nZlMPF)p+
zC2UiXKnG|YUuysR^~?Z5NM3ESlAX)Z-W5zwPxm}}x_e-TY2f>D=uCfpcRXkSbXqNP
z1t?zGF5I&%uG4I`n%yq<uEDY`xS+-n>y*JNik%RlcVQ63pQGEC|33;Rl@nw>2BG`p
z%;%_9Lv=Tv)}s_tpQidz!IXm_M4o>igbOG30v|bd!74^BP<U<xIVgVgB6RP~-7^$F
zFI`k!I6lg_)iQ2XVE6q%Gse7ynw67RfyxOlShA)v3}b2&Ly#ColuV0ZbVIW=M$|O}
z5+=D!Ovzx(8`%;@mCE<tJv!wlmNt?UT{2Ac%{R!l1<SU0V<=gaz_$4@uZp})i7JA1
z`RLA<Zg}ZHAIzLfU1Mqt{<oSf8Me{*u2K2k^=ICFT7F>Z+lBAr<+@}%T{0Y7C^l+x
z&FyjqZx$qW*^6BM59b$6c9S#P<%(634Pl$L7fv?|b~>GIp`a>ReOWVY)!Z)cyYZbD
zL^VGu)Ua9PqU*c5WVtN%3Dmq<C~ESmv|TiEe78{dcBfM;D(?^)dCSe(wi}&dZ<*?N
zS4n?SD9Uz<V`%Lh`*>sUammibx*)xN?fm!r*bVQUsT&=_n(T%>_MZdQ#P+}2?6z2z
zW3m13aP89mzXojD|Br4MVY}WsZ=f17oyBtQA~{nLGyuzv!2F~5DX3+tgTSocdk?FS
zIE8cIC<M#r(0h1{(R<+o;$Zk|T!U?)yJzqaZcd=(It$`iEbKVu-d*T~&j|aF&~;H1
z+{aH&=>82o2P-rMR}#82F9L6Kw~Afl#Rx2GJqV%vB7oWOj8Q9p=7vNJRBsWX;GQIg
z>I5ln6hYq5_1(~!BYkx@_oh%-@usdHxyXso662yrcb3+5fGc7q6#)kb>`62KhFlNw
zvFx<hxN|m@mT){n&{yxB7}q~U!4enz0F{15a|dddmOLk2V1giA7Q0VmNW3_f&f{NV
z(%<*15DP;yH+H;v1O;jbg#-BZwI!(@+M#Em0(WrECqHSbgb<QdOELz$fbTJAIt~@g
z3OFm~6ug-&<4k7uI9;BB-?*PU57Ai&J>)`<K*P`cAX==#`{*o!p`N-VtJkP}T>8vI
zT#Hx!Ul}H&Njaq1VB0ClZi>YmeqSvAIo?kXFJ(>V%yjO-@YXQR?$Wd9b8;U-x3+@$
z^it_y5!UVk@KXN64vM!nd?gTAI-#>TqVLDBZ~ez{t#=UoK?u-lbedi8|BY_9QTqSa
zfPL#fsvpEZ@loVG_{4jCbVAR$n}c77AE|dkz6(ART$D?lnH*y;9<3f8+$e?|LYEdp
zzO#U`ckTnYl_zkcz!a^P5c7hQ2R}S_<Cu8XI6&Cng9TZEQ^wwL0g*wl$W;I=&<qjZ
z<3oL)2|MDf+>Mqk!{8xniS!GJY%Xzvp~k)E#*d98)fafv>aoqnIoAfC-oV#(l9%{}
z-lpjf@2Bhq`(2(ndSB?twSR;tW*UUE4^)26!!Y!Q$fvid8=@hS3nin~JcdR>lkRA^
z5J6w!$i<_P2jz_(9f)9D7rHm}pfmkU6mBQO6dK38*qj5qTUiy9i6|keR_9QmA__dm
zThEFACs+@}@nr0=|KI^S1^dso+s)GczXoKXEir&^U7HeK8(zce?w$YL?fDO=a{j*p
zT<fOIi=xqENgzP}vlVS@Y+<<yrlq!mu4o(OBJO`4mciVcJ|9=czURLUu9H3g<(lOE
zU!zg_|5t%8c>b#s6)B(nmd}1)eD+JN$l;&+p3oPyC<Xk!7Ue+K6j``krxk686zN)0
z(zHC5t;_zzFs%xHCYdjbV9m3U<^@60tu3<qr(IM9EGm|If$RmDMKqosc@PavC(l$F
z@{=Z~^8~T3IzeE3f`ZvKlF&d?6zxV<hiQ+EC(x072`N1E3`k=b@?%K<lmzIix3)?p
zycUG3`7vMp64>MaTdh{3`24riD);}q3Veb8H?WF)t@}TNyKWf+{E1@#Vo44j0=yBV
zd&M#jTnI$ABN4oZEQc@BYlb|ORXz<&kilD0zC7M=R)_1DH?DA6&{UN~FG;>7k2mN?
zpdWZET2?=@S1q4UHWQto-v@XTTzY+Pe#r2}X6LJjVQ6R*z4E;&(ca?~Wu1Vcd|#2x
zktD8>hNM7G<PfrY%`0*aF;Ojp7q0R&s&rGynkEMRw=s^Gf+uW^e0NIJcj--kUM=a{
zB0Q_`tA>+`?0<CT-t0Y&pm3}91zz!VN#-U6emZrRF%nfXCn;LXxc3sX76+-!ry#^z
zC!xrD8j;byJRRI@$f32%<dDYbp8r62*AsTvx(Y-Xo#$1IJc0EVO;H?_d0E_^rtIUL
zHbo4BWr1n+&Y4w7pZ_QD-Scy7zR@ytKZ2E^CUPDm<aaJ9IS+!FJ3A)^k_b)*ZhPo<
zwR;y0ei4=oWKLa(&}9(D=<lf0hNy&?-RRMo1y4~h{W&6aeV7N~bG-6V;BWL2Fr`vA
zx}hk#s9EGngw;CjcC-DPd8}sJJU-Jr(;TJ4d60^897n{7BSFXA1s-yS*1Ec_On4#y
z?fug%9V7<0lO+pbWPo=Mp~hqylEEM>Sj@E3y12N=bEmskHYRwYp(mosTMT*IiCJHs
zrjIk}X3-j9^%*L%M>C;%>-g;0kooU(9LXI=#^>XImSel*`Cq5OwKxvbv0STJ#{aJZ
z2alVuS6RpR*GXvH-m$f0Q}t-c-9aeX=HSM7AIKL(qJ&+Q@*6w;(s_W$ejWv2wCA1=
z_c3~m<K<<&{`B;8zAgrqpuV8=QK53@kMUxD_@`S8lh{-fS%^ml{7#S#X$e8>g!)K<
zJMrLhD-eho)<m}@6#_Cz?A^Li<ruA_&AWz17|<9EnkhpQZx7#~Ysu(qrfl8z*dsOs
zK!;%&;`SWA4LU!RjNTEeKY-phpzb%&1_ddHZ^1w|q#FqNkJ$)Va)2TY;ZKG+GCX`E
z`U)&IV3lIoiZ-;#!(?brvMSlY;rl*bnW$otg2kI9^QzfX1BzJdB}Wj@Ik0x2)B{<O
zdi9S^ScjmuzHp-m8y=cPc02c~nH|0SON9SbNv_2YHC4Gyg^(o}upIM3q1xDxRw~H~
zYoqFh4$>{j*djJx!jC7$U>lp*5x}oolHU>T#pi&kR4hTa2MRwlw^(GWyN&uCdQ?vs
ztTh5Cz6E-tAr+KKLjwj+32bBWI+_Q465%Q)(?kGT4en%|e|SCP4IM9sB@>zpi~WH-
zv~}JZ^{S`8;-n}WpVnP@dHSn4;tgpN3+gbGG+761ufB>x$Z<lq{!45>xPiB<D-tN~
zT8gZbA5*f30t#0|13_^#aRL;WOQoU?ATq}Uv@-SR&hszp<cCPe?y{SCFm>j|B&LJv
z>5`%JQu6xJ4d+-NO-nN*B0O}X7#ahbG}5T;u+5PK7KG48kB~9xo3|#eZLeCzigX;~
zBEldKKm{hC4i-@cAypMnjyf6>jDdaF5mbS!g=|q8@Ds)A`LH(5nV}S2?T3Lgn>tZU
z7r|%a)jalc=@~4z)gU&XVJ(wQCW1|#dgRe~buOxA=q_{EY6WxpVu@AImLDe4MB1$S
z4itT_^cxr-$AK6ymLnKV1IAKk1Q^XR8Cg8>k1(zVSUo`-<71({ZzEVXpZ<!2*60)5
z;N`@pf1LgrJx8&-_yiMt=HiXcB<%h4ZN)H0xw6sYb`ii#g9ScY3gk!WuR_2;Y^J`R
z7Dt%~8aM=59nz3=owkV;>(L#`kRgh;tlQv{c~he97Nbm9(HD?oS(Qz`Z%V2Kw_+OX
z;?umidjY*hB*%McNl1_RD~TlfyeSJdb&WJTo1VQYIP|k5JUGj|8P;H7#LKE}3I^C<
zlS&a3eyop8%0o~j-mt-<k%TtZ70IIVV4i>vhUsa8vDB0ae&|UVh!Q5Ut&ybSXB7#x
zMJ5++ysYCV7?i(=8?H!zyY5f~SWyTu>8*+*1zzm=_jYzF+m5^?<lU<L7}~pTBM~kA
zsDm=v<OQ-UnHf?uti*#*)PRSufLJsl31XQW-VkltTKsq$EO^?};E#qXSpJE6rD`|O
ziH1zQ6)q`5kANr(<^k4$3GJH`Syg0J0#24NN-42Zvq6jss*+R#)FTm%)k*U!l`Bco
zZNsvywTKhk1<Ao%(<V_BDV)Yqn_8D)ErrBe>JWN&a}71-p?^gB?tqHGEw(`qvVOo?
zL32PgC%UTBQ9PlYXq%J4K>o4!GbR9ADU-7ZgnVL2Kic>`fHtvuod)>o3HVC`Qj%>9
z1iWLP5aKffWBDhk*I3`%xv8a+ppY13T2UMjN<T~>dbhJ<a0wNO@Q9ms!Z`EYsUfGr
zY17jzg2Ih9Q@n+zL4H=!D%0siiA??)s+dJYn24arz|yoOWL=#me}qx9(v)t<Fk$sx
zl|xPPhp#OBahrcQh`@6c3TW4|m`-SlGbX9{iJ5C<G6OJ9AKij2;1wI@NRAZLYK@>#
zKd7i=ny{!#Is&UF=!U@SkZ)!)`bIOZc<2#Tq=kQy49%wfN0OQ<armcKJC2dpNn~>c
zX5LDIUlWXcx>hHq{+Np_Fj6{RA>sZY+gh@vRz4@S0P8uJ&rNr&q${0#Ua}2lz2eyx
zNY^$y@Gq8FFK4#%)(e{54LERL?ij=|d6aa8SIRuPg#nx(>+oXnoa@ULw&Cea+DdDK
z0bOm3dGjjG#mY?Y%l*S|4-rJ1$Cj~g|8JA!-m$Glhi!KN8hHOttKBM}|Gx$l&VQzR
zesCmRA3M>%S8nLcT=y%t|8&ZoKY!w#KiGy;vxX$^R`$JDA*INB71GQFp!1dZBkd#F
z@!=?D=l&mtd^-vUtpbBXxcq0N7`y|Bd~XU!`+Q$kWa}0>4P4_76UpF3;F_McX?4#V
zb*^>xuL_exezybJZtOy`yO7*2WOEm?wF}wKBRdzA3~+2G!F6F0bSR2TP!|~WT|&m>
zzN3Lv1uP7Gd5>S_!{me+K{SE9Hq74dN0k#y`TjILsPuth8t3G%-T;=_nWQq7_+1di
z!E))&j=BwapZ{+)yX*5m?GAqb4?0}>|JQ(*_W!nXu|Q5mes>(ea%BkcXAS{!I&y?#
zKwr5TceC7AZHmorhE392JLr<{J!R?I7DcVVIVrJ=Q~GJBFXxn&*rH88BekCkrQ9M*
zzX!FS0j1m`qo1nUUwmiv$+xWbmj$vdn%tMJ_A^)${~sKLil@i_0_48)|7?eR|FPX|
zG#gE>jr~8{F2DcuDsWQ#@Erx~R?i`1wbtiV@kSP{?1+IjvDU~+?h|>8^b7qMQ{`kG
zoimJ_e4^>C8(hK$;EniieEyGZx7Oc(<+?0A|5twh<5l1b&j0;{Rir%rUq=5gM*qZ!
z93kvazRj9CqvT_Fs0gyUg-Tu27svW9@lHR$mmcKLj<Tf3WW43aR`$(+G%=m0i9de?
qSwaaVlu$wmC6rJ?2_=+JLJ1|5P(leMlu*JS5&jDq0=BLIcmMz{V-n&3

diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz
index d5769fae4f168217f983a780a6bdd3be7bb4e23a..eeb36f255423786ff3502b03dab8b9a259e435a2 100644
GIT binary patch
delta 3749
zcmV;W4qEZV9oroTABzY8C#?OE2Sk4}Ju^K|_Y93@zURfEJ^SU={-_1iKRIFFK;`dt
z|FrX}-90^Rb-SmnUi($6-99<(y&|nW%9PV8itUh)SE296pDOoU{{JZ*)DDPo?}yHV
zy;$@~qd}TZJZnaIQgfDRNDa#l{gAlctsgG!*!4YP-}tMTI8efMBFG`}y&Hd#TX*3c
zk@zuiNPTI0WL;e&udWXD{V-JZ32%~a?O?A|JKzOVQWcKl40Wmtl;cEdm>j3+s;P3K
zrs^hVu+OPMb<VhwOkrHB{ovk`Lw;(iV=8M@H^?{N5X%xw%jESDHIo9C#ZP!e<gKJo
zO)$^yokie;XEyYGZl7r?*WiEfe>D%dcB}PWtM-HA&E4CKe`spk%(ro{=8R_n*J+p7
z#@$YLn@{JBQj4eUw}t#4kKcCNn>DvjJ7tk1UD&SL4QHE-{eJ(n#Hdj7Tv827F}C?V
zC%$q0sNqE=3A^Q5H0`M&34-#NfaKj0tHCRDn>DgMrzCr?-!HRDPc(lTxxuEiy;i?G
zT81)tiql(`Slj*b9GXwgeY`RG$k~6pW=y_!v;JK#cEVeG=0v-x?<sl~|GT|1{$o;w
z|1Urr_)p$BVT7oDa@-;fV%W=I;SecT5i$f^CjkB=e()Q)>JY&6Tla1iGLvu&H41+4
z7`k`&F?lV#Asv|hMyG$(J|Q=cU>}@9gQjCInO!l_Y%JWH&<-C7T9D9jNaWwf4|eE$
zPagdhnSmh*ow*x<t+`pn4sl}w_}cVC;9vT%CLS?q<;|UtH3Q-;BjVq(n~^dlvJ*v+
zH*!2Dv=>BM-7MT0Fw5@D@gj%V5eYCYx_9Q8tV0yUNCg4&2i1SGZhlW37xJ;~Y}7i(
z?X0!5#v=k__1cb6{*d?qGQI(!AIZW7=`zk^HUtJVguG}xiB5TOLXYELV>aHms}LI_
zb0@alMFb3uozmA^_O&`h^<7)@+)wE2yyk<SRfQ5lB*moqkQeY8N!8F_Flu13xI?gM
zmQ=`OG{2t(M__+QZWs1lbQA_KGB5x~Fo2*b^FjM4gz<B3&~bVfc$~is8-3S1X{<m6
z|DIKn^FPJ5BZ&Vb1$JmJ_lW&S&*6W&(=XwF3vMd>e+hct|4%f8Arv1)?w!Z*>zy6C
z_RRv2A-+%Wjd%{ACV-Taz?l>yjz_DzJ12@Ehn36Nh-ZH<f%nF_17LXoAcacFDgfUH
zU>=Zo;lwe+*4QVA_^x-i0$4_TT!L-zmjwY}LCpz69}fh6WYsaaayI)Gg#KOL75XbP
zZfAJICF^_O#P_ZAE?xcuw#Yp{TCT#|4My_1JWgx;11mN2!}*(}@&baOH+NX5KDB%f
zFhr|G43d9?NxVs{Km-GX2FXnfN>U}cx4|$u4vbmo!U%bJ3n)8Qza{XF@lsL*c`8zp
zXvHx!T}}e9dkNsGXeYFu$NjbO4F2N|pzQzmdYuaYUxISihN0i@Elou)O>5BJUmMS^
z{|@Z`Pr&EvcKR(W2kXD`|6YdFiEi<ts1I(P?^=InXLhS~)~U?*UxxyJ;m#iS+s3o!
ze_-rk{rB7bZs(-i$MxT8omT7rCFnEG|1_o|)!AQl_V>}VzXU~gf9`jXJgv*m-0-1Y
z@eEE=Wl6YR-^=QV$n=uR*}XK8%(L^UZkRPZg)8zB)WIV0f<QI1cKbj+rx@&*K3PoE
zRSkc2drZktm1XrxQbw7)lPPrLoD!J_xyp>?d!7D^3g*5J1H;u~pO1bRJ%j%zC!JRL
z{IB1w@c%{VGw@$W75Q5DKZ2{%$_D(2Z2&`(otuE)iL!u^9ED4UXxkEDAW0#;Twc|s
zk)-gMVIn$jZahuGu#+ZyPk8+T?*&y+nDu{3^G#{8QGN{ifdMJGd@N$6n9o8A4#<}g
zhQeguuZ=f(db!(05s^l^I@M}F7&I9@UY6H4z{;P?k};;@I#H)Gj6@+pQZ9K}DkMx5
zQ|E<?Vi|>A)$*>1zV~g6R?~k#H1eDoQ{TXy{jv&@X9c*b@TB^nCVB7dg*$(Z)){|$
z^_&%tX8~KA3GuU;6U0PRj6zG%x{X^mg|*nv+I;Xs44eX%*NNkhjOF3*YNMS*y1X6M
z8O`<XSl!LEx=T%gLP<3ohYuAwsE6a+;9bAr&X&Pu9zGU$B9F1K0_(hwHvLSuHtH<3
zhjogfACxMq-`Mjy8~6YEo^yPR5Ke!B(0K<)lfdM{PmA9;jC0}pb7y|cKoaMTwX`vM
z9~lKEP$>_em!#8JP!`r);D<5!2kG~~Ct;u)-P?2jA@XOxL`=%Ng&#h~E06fz#<=7I
zu`!=z3CnuLzFA|9ey`W<{pLDW^X)o5(LKW$XA`&+!8@G}Yfc;s8c82tleK@QZmUmO
zUziTEfU52jikoI&3pyD65W2!vCz~Z!cN<&lpS*qhw%F`!;i4uL*L|w22cp7fS^@2x
zwOhyd*GU4&8my+j+|k$i0p>Bfa(ijx)Bb<E-9IhIe|37@cIE%S1nt~!LQAst?=Mr=
zxc5|KK}q)#-lyGA_C(x?F%Ey=bE1q{ef6ZmiR}gU9XR)k$Oq(JxE@@`m~$V;!CABU
z@bGY)v*MG`<}zW4wnRL>kC%(xpK@?qimnDR2~TwRoDvQ0DFGjfoD&(Y#GSWW1BXmE
zr<z3-aLlMUxOSr2K6;mQ?-DwpLuXXzrUYHQ-hGEIseY~+l6gI7@3DU)KpITT2>Y}9
zK4|=i>VrLsKZMcOLG~-?gG}Vz_h2aL^a@=6eRcx29-v4g_>*9bjCS9Na~U=ruv;-L
zSshvIP!al*?oKw+@cJBgD2kZgt<|u@5@0M~%aUXcC7BMI@9eM%er|K=L=hrQlEs1?
z2lX62&;AzSf1TyBtyX_hhslprMZO*=eyuj)g_4wrp0!%KvD%PS*PwNi>RW}4kEKth
z`fxing$+nw_oVQOhwHiVF{IUMrl46vnI9Qjb>zFc4FPvOiw7KPi2#ajf}W^E0p(H2
zki#W_n2P&n9`r|qZ!ujK0+dzZO2Yiz>lJM5htkN>cym0cAHILbTT#+K6vpqYxr#!#
zw?n6xdidTL^E%xu45~4rs-!{cpuqNPY~4A&8#HAKI;-_@<4q0JUyXejG|?pCf~g~D
zkt$B11Xfe4DMN6_v4BQ(IjQ!>^_qbbE)bqj@MZ)lXHE9On$55Bi-kY47v)<lS4ZVE
zOjW0>@z9B4=na3U)mTk%!!pJc(1SG^-9yIo+_*MS+CjaJO0^$g5n;lIpbk?|4U;K`
zkf{wQN|Q`jijMYc_iB-BfGm*?`KfFUJlGo-ASg?&v+cPgOtk3eJoN4P%#PyZFym;l
zTEuSQehzzY#gC0g@9Z#NV=Og21SuxtMqN~l&<P5u^%{TH^d*hgL5F^v(kb2S&=X0?
z(~U1{V?WkKhshqpbn7tL8YjSXPuSEWO6+0cb%01go!}c}gKs0)T_3(jzc%^+7r5v6
z@Xy2d(PI=l%MSnna|dH#nP>dr+nR2S3%t?&HVdT8{3X7I2F3R>UL|jW0j#!OH+xwr
zDp(Im86|)I>iXVdFgHj7@gYN;NQz|e=LS_wxD+!F7hmYZVT0s#Li&c^I$^?JP-bDz
zc|#Jc#6lWLO13Zub+GG4sZ(&2+cZ#3Va!X4WeB>YnQ5hh%ulq5kyIhbl-DhQGIpa*
zG?|)7bFdV^62oG&03}s<iYJ~)1tP^lmN}*h#_WHjiK>FepGV(AyjJ)L$hww~6`?<A
zpdl7}_$W~$PgHd?#r-5{$b)5PIK%`2cjSuKMJo{%52ll1*+_vQ87TnSQ{_TYuV4&x
zDKRt1EJ2T;H52p`=VqGpO;Th@p-`78jI)Ahj4WtKff-B%k-%$68pl~yy;|*pQq9s$
zD>Z*)*NMl(i|MO#hQ<6LmYg|6o63-<n&@Z1iW$jtbKip<v|!HiZsQClE*2Xk%a{&_
z(och5FlB1epDa9+SEuHn->TIxqI)9!OmX9pU0VfJRhUc0ur7JBfbJOmaSE=omA`wE
zmSX-Dvx{~Z=f={~p)HD1ru{egOW?)fOGbav6!H#bw?DzynAx4COQ6)+pxz-}_J`kX
z`0H%`p@~I31_t#~5;LVw()4LI!&4)Na+sM!BuvxB*RWoA*#ccG6otuKCnOFsC;~MM
z*zTkqLM2dTQQ$SmH*&SVQuPZSI<JTc^UqXQtz;b7t*X!teheD>K{$=s{R_Z2Gj)Fx
z4M4bT7t3&NpW6>nGBn&w;CQg0f_xKF%*mG7TGNZUSqwq8DJbTp@eKJMV7tA1+pwLL
zY!J57*N*>o-rDtlx&u2N%O@sr!VXz3a1Y6oYnZ?(F?ZiAuDNr`M4-%8($>8?945Z_
zgf}j-TvX=d8i3^hgG30zCLW=QplpAtNpw0<FX=80t0QnGc2LbH>6!SCPODWu|81R|
zRPi4#LYwg)dCZ5Q@Md#jNB>zlp*?q;uMGd_SCJoo;>Zugkb2&c^i=)n6ZPgM7dua9
z-CRO)QHVcM9LW>E9>P5t|G}|e5J8tr;Lt%S{+I}d5g_bGN1*6Ae=f<Ac@2Mq2EY&7
zVx1SE)+7eM*=`;Ey9RCC&Rcl<9ane*83!5GX7YR!pLc><gD$Z#WDi{ON1##d0874J
z2llt$a2(Xv;z}<g|K%QfR+Li|`$6E$_ZkNJT>O8pSAPGm(>bYr|KmmIWAUH8f-g`|
zkuUZG+MUV;_%piz1s&PLYXE;=8H~Bf_f<iW#bC(v9>q(dmol@;HP&g3b@Ge+pvP|{
z48r@J<Nw>e&dFB%e}(@qL!S}<|1+vc_4-$Z{vSnu1|oZa{q(n)%xjH-efp~@TevJK
zTS<)6srlJh|FOEWUuwzT3d@68vp`u4EzVypV>f?5l&`3wiYlt8qKcEL4iA%`4iOFL
P&r1ITPlA_20C)fZM6_PA

delta 3704
zcmV-;4u|pE9mE|6ABzY8V0I~y2Sk58Ju^K|_Y8w(zURfEJ^SU={-_1iKRIFFK;`dt
z|FrX}-92rebWU3R?&+&myM1!ne??k*)G4P`6x$&ouR`CCKUMCz{Qpxrs2vdF-VdDz
zd$H(~MuRk+c-D;aq~<KMkQ$a9`XO<>TR&XdvFm%pzVTNvaiE0jM36(`dpCa~x9-9@
zBJpG3kowa0$XZ+@7gq;)KMYlU!keU9JJ>7L4tT+oRE6U>L!IgZ<v5WVCdX;IYO0*5
zsk+G->~m^RoinZ^QyAB3Ke)H#ke{0Bn93T}4f4%5#Igj_GI@PO&7^>3@e^JVc`GSY
z6U?)FXAwBznGJ29+h>}}H8_9#U(Exq-D-W;s{P=2bN4pmADY@W^KBfgIpbNtb=oDi
zaktam=F@qjRO4y;Z6W{1<G0=RrsVc%r>v5s3)`aIaJI?V@Apqjj0!c+CDpJLW1HV|
z;v3hG8eUY=uv?a*X-{=Y5S04_H1C#J4PK$!tdZ?GCEa`dewkHzqSAlJ4K}sywfg1W
zGL*?voZhm;+U}Rf(0p?2<Bh>b&i>mqWAeS5`R{tM6W-c0C)$m?r|4Py@Ak_0-|trV
z|01-3|Kyz$Mu_Ss$1TzzhP@0H4v}&bAw$4*0^m>L2fvY<4gpNRb?;Uoa|y>FQSgJu
z(7n5l$!p;a>A>(eI<0^93AuR$|KJoVG#z`%{ECTgW8vO}cKArpgM^MlBL6miutVp2
z^60O~3>-=5%-sll&CM!yh#M2Y*QOr=|I&v!@rX$)Z|;Pw8c=T;5&xFmjFc&nohX95
zk>fd`y&&4^X5r3&S$1cR7dga^NPub4y)(~r9ik#estCA05YK;_`8{!5$j7>~Uh5pU
zv)WRLM+ExnwH>4WA@Kubd;>~9l7$W0Wt_*X3k;|TdC_?io$}&@9>>4NtiNwpAy!7_
zPHel22pAeWrLXtwYjcR|yY}XJoY2|1<b$78g%Uy}#iaU>7w{TM)i7Q#YT&ZCL-1*q
zRLEpBzn=w1;7EUN7xrCr6b8^U&;du#fnX`~LHj6#{&Q|HaC#SboWBekeb+l_tiS~S
zo(akMpJLk)#D9_kJG7U3#D1jb@W0*Zm+-%JdfKk=|0U@8_&>1_hERMIxpyAJuXlFn
z+BXY8hWI|gH{v;fngCKx0%uZ;I3BI;?wlxw99Ax4Bc6Y~1l}9x4uItWfE0w1RRFOM
zz&s%F!ii&st+7uK@m=q31+a|xxCGzeFAEC5gqjnEJ{~Ci$iy+YayHu*g#KOL6#6T3
zZfAJICG&gW#P_ZAE}i}ZHpx9dTCT#|4My_1+)r!#11~l6!}*&;cmY8$nma6rPd%Rl
z4AE*4gXVwW5^oYO5J3l_Lvj;`l87YtHaI57fj$de=piq!0d+_5TMF+OFC|5gry?bZ
zRUAXr<s<;RmjJGcc0%iM++Q8f;6JVa%JF}%*RAmXB`6PV82bI*+Enz?v<B_{)$#27
zhwJkE?^p5Pi%{Uh68Leybv(QO)9buypS0SY&S`(Q)#)bj|4B9eFF~KN|D!PzsrG)V
zy`PWn{Uj)|`+c8-<Y`U5=YkJyihD4cDoeuk`d(H?M5dQi&hDj&WS*T*b;GRTE=-Y^
zpbZv@7X+%Awc7{sImIAi{$w#xS2eWlF(pG)mengs8D;uTrqGOYN@O1NDl?Yvb^0$V
znEQX)3<_6^eQy0TdItYbPC8}(55-#*{=Wo$2L9`4B3}#tM{spo`G7yM4`4{La~JSC
zQFdS;N8yqq+V(_vkf4xWF0bm+NK*LBF%g|NH=ZWov4bXjPk8+T?*&y+nD<KaO=+@G
zehl`32NH7q*olQ=K6|8mK)#IdC`9)C+IWAHr<a>uR1s;Ut5dD^gF%zt<7Ih$1FZbH
zEE!`et`l`CLr)YEB;}Hqr9#3~F?C+JD3(#^RV{Ct=zHJB=r#QZL?h3cG4l=F*)OXg
z*(=6bg*%l8HOYHtFWmWS^v>9-=e&443)tLDh@Z`zASR+>6l#jrb=<lsti^s-=YxMA
z;=vhUd7T6fNnaiguQuvQw9D&ZjnQ21j>&GO;x07>3MFDV4j(FUAcy1J;9bAr&X&Pu
z9&QUik;hnAfpy+TtA3_g8!}7vp-eIKgOafNjXkfke*drUImgEc;Uoy1cYrhrOfLMi
z_>IFj7rsAt=En>qaoku<8@>0DUSNL;mGW@EJRQb@v9Rg_Ka9ygNWTX$2?O2e-k$pp
zkw5z-Vp`rU{O~bedBpcN`X%p(jqxmNShg$n%_?j3d%bS&H_KSfw`F{yd4@6025={e
zcRC$boj4XWl0Lp9YfIfWpR&C$8)OG+x=$Exnt?Uw;PgXi3Y(p5l$h)`*4BSNdHeQl
zvD(?fMN2Bq`_xzuM1{|+0_r(yw~q0zlN=;!FiC&8Cl~7nSjQO3?WK-S$N%ki|FnGm
zr_<|ps`&pUXy<VgdXjZ~f0>5Hy{DcmmuxTLeL4(fPeh#<p96o+DN`n|o(P=SUSQur
zaKDIrK<<U>!F7x|_i-GYHJg7A4-dyVD?SNpE)$k$OU2{+c)8g9E(gb@=xPv?@I;5t
zDbe7b5{RM5Ig#N?+<Cn<2*`AEs##Qlz>JE6YbUDhqjgF1E};=RG)9GHO3=jX-8blx
z>gTE<nb(8%9vcFr!LW?5J-cs%#*e5z*rWPG=zSe@zk)W%MBaT1hLV3yuORf_XCq+g
z0fsb!KMCf@X!ngcmtoNXs}<9d)se+E6`?)p>SQAgug`IXqKN6;+6+4^0r~=#EJ@~2
zlIfuN&JLRp=Qfv46d}?iS?rM8pq|6$+211kud`gX)JkNS{76;g>w)6eY7<^4X^H4r
ztECI84NY|oYB#CARoH*{So&nD54TfO*nsqPOA1H)UC)h=A+1(31<e}D{K(jnk+14D
z6x{VF9&l(S0vNgpcA^pmj7KFy4yOQODz2Y-upbe=#dKN-P*#O23G;VvSFo@jN+V0-
z&GDdq_#SUXN&isjzq95l3gO-konq?Ydt=P&bh9v+#)ztt2C0980^6^#b?5kQ(3C0I
ztk%bcH#N|HHTGf9#FB&yW{zM*syKxbD5h3Zh7gWp0gdW%BKF4hnt>B85S~!+W&|l`
zP4>a6&9Cx{g+H?w<y$OQN8>b1Ri~`-(1~Jb4VcwfO>o09#uU(lRT|wx#`N5{Hc;C^
zy^cn;A7Bw-z=wZe4pT4<lNpAPnGG09lT28Oj{a-+W|1s_ERhcRsca5BSQ{50C`+!h
z<+&tGwCLzO^zHe~j^bo9<7l#4#BSk!4r_14kBvv~>@c5WEH&K(DJJ7WT~v(F2@0w8
z8cO<-%Ijc5KTheCZZ_zNq~z(wm({T!@1nzCk72lV7;Jxy6JWR}Z0Hds_Au}|K%}5f
z@C~BDw-Kza58q>48-0KaTyuQ*=i&S4F^Zk#2Y`UNgJ&UGWc=aVnr@5>ywUwO3#82a
zCBB9P#rM)*rD%cythSyvdzmRJcn?V#CGqO|-eNE}NDg8{hB%QF$>7fos+e#oW)UvF
z(1qOw$?JcF^bN0d!i2w|%)_4Zh9p>thcuFuY+?@T;Mb4Rpx`L?X<(Ydn3ojG5Ohg1
zQ=x*)Pqc}Vh!AAT>lQ#6yHO{aOwFV^m<r&DVKQ2PlBzt#9nVC7NU@M*j;UhtV%iu{
zRnYnK7<-7<3O@l|*ZQ#{^d}80#9|L0C2Hh}s&0R#xSu2qdGPEEhnOM|j$HA&XeFxR
z#&l9F>nU&~BLyIPs$3}Q74(5FC2j_pC1?@UW`cd<*i4hQNs25f6l9sgI4g+G$byO#
z7{OE#38IFiavWvVtJN+j)hyk#Qb%^3L`=MxzB*-CEFNOXSwOUD40)=FaR$tokxVz&
zJ=lLh3&t#OHjZEtVzExLjOlPF{WSOmQ>G^U$-+H(b!ra!ty&FF^iHIoDK0#+YpY<Y
z3Jb{?)+J9CFdU;lP9apb@^=r?QY^k=e$fu&+*w*W)J0LtwEYHu3B1^SNl%(W-k|LE
zC+Hh9yVG<Dj9MGiJEY70@VgCvoy|XVv1otCz@T1AVrKM7nm)}&cxvQO4kMGOglXFN
z8s-ZxTVRWYqA+;tgd{))L!gEM%bm1AXauS(3cLpSMsD_3s(!&k;}tPs{+a5kmGlF<
zRTbL7k3nNU2&XZ>e*qY0reUH12$!v58P4r<`5{V%hKmX84|b>^UxXBMvT3%q^kRQ*
zc7`BZ6cqE)^9=bKV7tD2*|43JED*NS*Ma|b-a7Pux&b@x%O?hL!Zukha1F_mYZ$;O
zF?U}r&bf2RM4-%O($>8?944{&gf}j-Tr}q78i3^h4~Y<jP255g!Pr!j=yal9(p_v;
zM-WWxK+GrUne!i=R;#@K+dAo0=Rbd5gf`EA<Yzt%g*TfMJNnPc3GKP#eC6?ves%KW
zPkizNF{GY1B;8eidPlvv$;I~5Su>ZATvXzZbdKbSUytCPJpaM5Uy#6%OyDp;DgKxQ
zhbKVTk4`|*bN*bCCG#3O4S*k(#X2v7)LZAf*4bIJ-8%Yr4eGd^xA68muJC^bDt0o=
z&E)weKJNsx23ul%$R4=lk3gf^0hWB72(>{}`who|ycSn_8TBvs(6gePqSy}tXTH~C
zpwFHE@Ab;>e|0)1)$c#N2z~7QXRi<o6inoc<A8Rj3IYDiAwa=K_V60OS02XP<ol{a
zk;TK1={>5KoL<V@D%V)2HP%$gFY<#9zmf0|-tT<=zuoJcY@h$H@c%{VGtU42j3!dO
z{#Bv>N70{w$R1!n{cRreT4P|J{%Xb+E=$T*5+ikLem2&BOm_B59obu9`C-=Vpe!Df
WoDMP%sG^GgjPySSZ@`TJcmM!)=v)v0

diff --git a/shadowsocks.conf b/shadowsocks.conf
index d6d760a..0b813e7 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -58,6 +58,6 @@ net.ipv4.conf.default.log_martians = 0
 
 # MPTCP settings
 net.mptcp.mptcp_checksum = 0
-net.mptcp.mptcp_syn_retries = 2
+net.mptcp.mptcp_syn_retries = 4
 net.mptcp.mptcp_scheduler = blest
 net.ipv4.tcp_ecn = 2
diff --git a/shorewall4/shorewall.conf b/shorewall4/shorewall.conf
index be836d4..d1ed03f 100644
--- a/shorewall4/shorewall.conf
+++ b/shorewall4/shorewall.conf
@@ -137,7 +137,7 @@ ADMINISABSENTMINDED=Yes
 
 AUTOCOMMENT=Yes
 
-AUTOHELPERS=No
+AUTOHELPERS=Yes
 
 AUTOMAKE=No
 
@@ -163,7 +163,7 @@ DISABLE_IPV6=No
 
 DOCKER=No
 
-DONT_LOAD=nf_conntrack_sip
+DONT_LOAD=
 
 DYNAMIC_BLACKLIST=Yes
 
diff --git a/shorewall6/params.vpn b/shorewall6/params.vpn
index e69de29..a7a7058 100644
--- a/shorewall6/params.vpn
+++ b/shorewall6/params.vpn
@@ -0,0 +1 @@
+OMR_ADDR=fe80::a00:2
diff --git a/tun0.glorytun b/tun0.glorytun
index a7fd471..2a6c695 100644
--- a/tun0.glorytun
+++ b/tun0.glorytun
@@ -4,4 +4,4 @@ DEV=tun0
 SERVER=true
 MPTCP=true
 IPV6=true
-OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
\ No newline at end of file
+OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 1024 multiqueue"
\ No newline at end of file
diff --git a/ubuntu18.04-x86_64.sh b/ubuntu18.04-x86_64.sh
index 814a06c..e69de29 120000
--- a/ubuntu18.04-x86_64.sh
+++ b/ubuntu18.04-x86_64.sh
@@ -1 +0,0 @@
-debian9-x86_64.sh
\ No newline at end of file
diff --git a/ubuntu19.04-x86_64.sh b/ubuntu19.04-x86_64.sh
index 814a06c..e69de29 120000
--- a/ubuntu19.04-x86_64.sh
+++ b/ubuntu19.04-x86_64.sh
@@ -1 +0,0 @@
-debian9-x86_64.sh
\ No newline at end of file
diff --git a/ubuntu20.04-x86_64.sh b/ubuntu20.04-x86_64.sh
index 814a06c..e69de29 120000
--- a/ubuntu20.04-x86_64.sh
+++ b/ubuntu20.04-x86_64.sh
@@ -1 +0,0 @@
-debian9-x86_64.sh
\ No newline at end of file