From 743ce1eb1be433608f26e8909e4dc03668e6acea Mon Sep 17 00:00:00 2001 From: suyuan <175338101@qq.com> Date: Sun, 12 Mar 2023 12:14:18 +0800 Subject: [PATCH] fixx --- debian/changelog | 6 ++ debian10-x86_64.sh | 1 - debian11-x86_64.sh | 1 - debian9-x86_64.sh | 107 +++++++++++++++++------------- multipath | 40 ++++++++--- omr-pihole.sh | 5 ++ omr-service | 31 ++++++--- omr-test-speed | 12 ++-- omr-test-speedv6 | 12 ++-- omr-update | 2 +- omr-update.service.in | 2 +- openmptcprouter-shorewall.tar.gz | Bin 4192 -> 4154 bytes openmptcprouter-shorewall6.tar.gz | Bin 3780 -> 3803 bytes shadowsocks.conf | 2 +- shorewall4/shorewall.conf | 4 +- shorewall6/params.vpn | 1 + tun0.glorytun | 2 +- ubuntu18.04-x86_64.sh | 1 - ubuntu19.04-x86_64.sh | 1 - ubuntu20.04-x86_64.sh | 1 - 20 files changed, 145 insertions(+), 86 deletions(-) diff --git a/debian/changelog b/debian/changelog index 12a86ee..ef7d9d2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +omr-server (0.1028) unstable; urgency=medium + + * Many changes + + -- OpenMPTCProuter Fri, 14 Oct 2022 09:02:22 +0200 + omr-server (0.1026) unstable; urgency=medium * Many changes diff --git a/debian10-x86_64.sh b/debian10-x86_64.sh index 814a06c..e69de29 120000 --- a/debian10-x86_64.sh +++ b/debian10-x86_64.sh @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian11-x86_64.sh b/debian11-x86_64.sh index 814a06c..e69de29 120000 --- a/debian11-x86_64.sh +++ b/debian11-x86_64.sh @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 712682e..9b19d00 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -5,14 +5,9 @@ # This is free software, licensed under the GNU General Public License v3 or later. # See /LICENSE for more information. # --echo '====================================================================================' -echo '本脚本由蚂蚁聚合路由器出品。仅供DIY爱好者免费学习使用。请勿用于商业。' -echo '如果用于商业请选择蚂蚁聚合商业版,openmptcprouter合作伙伴请访问官网http://55860.com' -echo '5秒后自动开始安装' -echo '====================================================================================' -sleep 5 UPSTREAM=${UPSTREAM:-no} +UPSTREAM6=${UPSTREAM6:-no} SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} @@ -36,7 +31,7 @@ OPENVPN=${OPENVPN:-yes} DSVPN=${DSVPN:-yes} WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-no} -if [ "$UPSTREAM" = "yes" ]; then +if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" ]; then SOURCES="yes" fi NOINTERNET=${NOINTERNET:-no} @@ -52,6 +47,11 @@ if [ "$UPSTREAM" = "yes" ]; then KERNEL_PACKAGE_VERSION="1.6" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}" fi +if [ "$UPSTREAM6" = "yes" ]; then + KERNEL_VERSION="6.1.0" + KERNEL_PACKAGE_VERSION="1.30" + KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" +fi GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" GLORYTUN_UDP_BINARY_VERSION="0.3.4-5" GLORYTUN_TCP_BINARY_VERSION="0.0.35-3" @@ -69,7 +69,7 @@ V2RAY_VERSION="4.43.0" V2RAY_PLUGIN_VERSION="4.43.0" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" -if [ "$UPSTREAM" = "yes" ]; then +if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then SHADOWSOCKS_VERSION="410950d87d8cdf8502d8f59a79dc0ff4c7677543" fi IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" @@ -78,11 +78,11 @@ DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server" VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)} -VPSURL="https://openmptcprouter.55860.com/" -REPO="repo.55860.com" +VPSURL="https://www.openmptcprouter.com/" +REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} -OMR_VERSION="1031" +OMR_VERSION="0.1029-test" DIR=$( pwd ) #" @@ -166,7 +166,7 @@ fi # Force update key [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { echo "Update OpenMPTCProuter repo key" - wget -O - http://repo.55860.com/openmptcprouter.gpg.key | apt-key add - + wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - } CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')" @@ -261,6 +261,14 @@ else Pin: origin ${REPO} Pin-Priority: 1001 EOF + if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ]; then + cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref + Explanation: Prefer libuv1 Debian native package + Package: libuv1 + Pin: version * + Pin-Priority: 1003 + EOF + fi if [ -n "$(echo $OMR_VERSION | grep test)" ]; then echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref @@ -364,11 +372,11 @@ apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox echo "Install iperf3 OpenMPTCProuter edition" apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 -if [ "$UPSTREAM" = "yes" ]; then +if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then echo "Compile and install mptcpize..." apt-get -y install --no-install-recommends build-essential cd /tmp - git clone https://github.55860.com/Ysurac/mptcpize.git + git clone https://github.com/Ysurac/mptcpize.git cd mptcpize make make install @@ -399,7 +407,7 @@ if [ "$SOURCES" = "yes" ]; then #wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz cd /tmp rm -rf shadowsocks-libev - git clone https://github.55860.com/Ysurac/shadowsocks-libev.git + git clone https://github.com/Ysurac/shadowsocks-libev.git cd shadowsocks-libev git checkout ${SHADOWSOCKS_VERSION} git submodule update --init --recursive @@ -407,11 +415,11 @@ if [ "$SOURCES" = "yes" ]; then #cd shadowsocks-libev-${SHADOWSOCKS_VERSION} #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch #patch -p1 < 020-NOCRYPTO.patch - #wget https://github.55860.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch #patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch - #wget https://github.55860.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch #patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch - #wget https://github.55860.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch #patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch # Shadowsocks eBPF support #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch @@ -420,7 +428,7 @@ if [ "$SOURCES" = "yes" ]; then #apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev #cd /tmp #rm -rf libbpf - #git clone https://github.55860.com/libbpf/libbpf.git + #git clone https://github.com/libbpf/libbpf.git #cd libbpf #if [ "$ID" = "debian" ]; then # rm -f /var/lib/dpkg/lock @@ -569,10 +577,15 @@ if [ "$OMR_ADMIN" = "yes" ]; then fi apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen echo '-- pip3 install needed python modules' - echo "If you see any error here, I really don't care: it's about a not used module for home users" + echo "If you see any error here, I really don't care: it's about a module not used for home users" #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U - pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U + pip3 -q install netjsonconfig + pip3 -q install fastapi -U + pip3 -q install jsonschema -U + pip3 -q install python-multipart jinja2 -U + pip3 -q install starlette + pip3 -q install starlette mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 mkdir -p /etc/openmptcprouter-vps-admin/intf [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn @@ -580,11 +593,11 @@ if [ "$OMR_ADMIN" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in - wget -O /tmp/openmptcprouter-vps-admin.zip https://github.55860.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip + wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip cd /tmp unzip -q -o openmptcprouter-vps-admin.zip cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ - if [ -f /usr/local/bin/omr-admin.py ]; then + if [ -f /usr/local/bin/omr-admin.py ] || [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n") [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") [ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 @@ -631,7 +644,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then systemctl enable omr-admin-ipv6.service } systemctl enable omr-admin.service - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable omr-admin.service [ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service fi @@ -701,8 +714,12 @@ fi if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in + wget -O /usr/bin/omr-update ${VPSURL}${VPSPATH}/omr-update + chmod 755 /usr/bin/omr-update else cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service + cp ${DIR}/omr-update /usr/bin/omr-update + chmod 755 /usr/bin/omr-update fi # Install simple-obfs @@ -720,7 +737,7 @@ if [ "$OBFS" = "yes" ]; then else apt-get install -y --no-install-recommends build-essential autoconf libtool libssl-dev libpcre3-dev libev-dev asciidoc xmlto automake git ca-certificates fi - git clone https://github.55860.com/shadowsocks/simple-obfs.git /tmp/simple-obfs + git clone https://github.com/shadowsocks/simple-obfs.git /tmp/simple-obfs cd /tmp/simple-obfs git checkout ${OBFS_VERSION} git submodule update --init --recursive @@ -742,9 +759,9 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then echo "Install v2ray plugin" if [ "$SOURCES" = "yes" ]; then rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.55860.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.55860.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz cd /tmp tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin @@ -756,7 +773,7 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then #cd /tmp #rm -f /var/lib/dpkg/lock #apt-get install -y --no-install-recommends git ca-certificates golang-go - #git clone https://github.55860.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin + #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin #cd /tmp/v2ray-plugin #git checkout ${V2RAY_PLUGIN_VERSION} #git submodule update --init --recursive @@ -800,7 +817,7 @@ if [ "$V2RAY" = "yes" ]; then fi systemctl daemon-reload systemctl enable v2ray.service - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable v2ray fi fi @@ -824,10 +841,10 @@ if [ "$MLVPN" = "yes" ]; then apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git rm -rf /tmp/mlvpn cd /tmp - #git clone https://github.55860.com/markfoodyburton/MLVPN.git /tmp/mlvpn - #git clone https://github.55860.com/flohoff/MLVPN.git /tmp/mlvpn - git clone https://github.55860.com/zehome/MLVPN.git /tmp/mlvpn - #git clone https://github.55860.com/link4all/MLVPN.git /tmp/mlvpn + #git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn + #git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn + git clone https://github.com/zehome/MLVPN.git /tmp/mlvpn + #git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn cd /tmp/mlvpn git checkout ${MLVPN_VERSION} ./autogen.sh @@ -883,7 +900,7 @@ if [ "$UBOND" = "yes" ]; then apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git rm -rf /tmp/ubond cd /tmp - git clone https://github.55860.com/markfoodyburton/ubond.git /tmp/ubond + git clone https://github.com/markfoodyburton/ubond.git /tmp/ubond cd /tmp/ubond git checkout ${UBOND_VERSION} ./autogen.sh @@ -991,7 +1008,7 @@ if [ "$OPENVPN" = "yes" ]; then # openvpn --genkey --secret static.key #fi if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ ! -d /etc/openvpn/ca ]; then - wget -O /tmp/EasyRSA-unix-v${EASYRSA_VERSION}.tgz https://github.55860.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v${EASYRSA_VERSION}.tgz + wget -O /tmp/EasyRSA-unix-v${EASYRSA_VERSION}.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v${EASYRSA_VERSION}.tgz cd /tmp tar xzvf EasyRSA-unix-v${EASYRSA_VERSION}.tgz cd /tmp/EasyRSA-v${EASYRSA_VERSION} @@ -1073,7 +1090,7 @@ if [ "$OPENVPN" = "yes" ]; then mkdir -p /etc/openvpn/ccd systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable openvpn@tun0 fi systemctl enable openvpn@bonding1.service @@ -1098,7 +1115,7 @@ if [ "$SOURCES" = "yes" ]; then apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config rm -rf /tmp/glorytun-udp cd /tmp - git clone https://github.55860.com/angt/glorytun.git /tmp/glorytun-udp + git clone https://github.com/angt/glorytun.git /tmp/glorytun-udp cd /tmp/glorytun-udp git checkout ${GLORYTUN_UDP_VERSION} git submodule update --init --recursive @@ -1163,10 +1180,10 @@ if [ "$DSVPN" = "yes" ]; then apt-get install -y --no-install-recommends build-essential git ca-certificates rm -rf /tmp/dsvpn cd /tmp - git clone https://github.55860.com/jedisct1/dsvpn.git /tmp/dsvpn + git clone https://github.com/jedisct1/dsvpn.git /tmp/dsvpn cd /tmp/dsvpn git checkout ${DSVPN_VERSION} - wget https://github.55860.com/Ysurac/openmptcprouter-feeds/raw/develop/dsvpn/patches/nofirewall.patch + wget https://github.com/Ysurac/openmptcprouter-feeds/raw/develop/dsvpn/patches/nofirewall.patch patch -p1 < nofirewall.patch make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL' make install @@ -1189,7 +1206,7 @@ if [ "$DSVPN" = "yes" ]; then apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable dsvpn-server@dsvpn0 fi fi @@ -1214,13 +1231,13 @@ if [ "$SOURCES" = "yes" ]; then apt-get -y install build-essential pkg-config autoconf automake rm -rf /tmp/glorytun-0.0.35 cd /tmp - if [ "$UPSTREAM" = "yes" ]; then - wget -O /tmp/glorytun-0.0.35.tar.gz https://github.55860.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then + wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz else wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz fi tar xzf glorytun-0.0.35.tar.gz - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35 fi cd glorytun-0.0.35 @@ -1381,8 +1398,8 @@ fi if [ "$TLS" = "yes" ]; then VPS_CERT=0 - apt-get -y install dnsutils socat - if [ "$VPS_DOMAIN" != "" ] && [ "$(dig +noidnout +noall +answer $VPS_DOMAIN)" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then + apt-get -y install socat + if [ "$VPS_DOMAIN" != "" ] && [ "$(getent hosts $VPS_DOMAIN | awk '{ print $1; exit }')" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then echo "Generate certificate for V2Ray" set +e diff --git a/multipath b/multipath index 41c3880..23d87e1 100755 --- a/multipath +++ b/multipath @@ -115,26 +115,48 @@ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH else - ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}') - IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}') + ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}') + IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}') IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }') [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null case $TYPE in "off") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } exit 0;; "on") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null - ip mptcp endpoint add $IP dev $DEVICE subflow fullmesh + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } + for i in $IP; do + ip mptcp endpoint add $i dev $DEVICE subflow fullmesh + done exit 0;; "signal") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null - ip mptcp endpoint add $IP dev $DEVICE signal fullmesh + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } + for i in $IP; do + ip mptcp endpoint add $i dev $DEVICE signal + done exit 0;; "backup") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null - ip mptcp endpoint add $IP dev $DEVICE backup fullmesh + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } + for i in $IP; do + ip mptcp endpoint add $i dev $DEVICE backup fullmesh + done exit 0;; "") case "$IFF" in diff --git a/omr-pihole.sh b/omr-pihole.sh index 8310b72..bfffd4a 100644 --- a/omr-pihole.sh +++ b/omr-pihole.sh @@ -8,6 +8,11 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then echo "This script doesn't work with Debian Stretch (9.x)" exit 1 fi +if [ "$(id -u)" -ne 0 ]; then + echo "You must run the script as root" + exit 1 +fi + echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end." echo "Don't apply Pi-hole firewall rules." diff --git a/omr-service b/omr-service index 9f8bb57..3898c5d 100755 --- a/omr-service +++ b/omr-service @@ -6,7 +6,7 @@ _multipath() { source /etc/shorewall/params.net for intf in `ls -1 /sys/class/net`; do if [ "$intf" != "bonding_masters" ]; then - if [ "$intf" = "$NET_IFACE" ]; then + if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on [ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && { multipath $intf signal @@ -52,6 +52,15 @@ _glorytun_tcp() { _dsvpn() { [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null + if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then + localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)" + [ -z "$localip" ] && localip="10.255.251.1" + remoteip="$(echo $localip | sed 's/\.1/\.2/')" + if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then + logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN" + systemctl restart dsvpn@dsvpn0 + fi + fi } _shadowsocks() { @@ -77,15 +86,19 @@ _omr_api() { } _lan_route() { - cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' | + cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]?' | while IFS=$"\n" read -r c; do - vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') - if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ] && [ -n "$(grep lanips /etc/openmptcprouter-vps-admin/omr-admin-config.json)" ]; then - echo "$c" | jq -c -r '.lanips[] //empty' | - while IFS=$"\n" read -r d; do - network=$(ipcalc -n $d | grep Network | awk '{print $2}') - [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null - done + if [ -n "$c" ]; then + vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') + if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then + echo "$c" | jq -c -r '.lanips[]? //empty' | + while IFS=$"\n" read -r d; do + if [ "$d" != "" ]; then + network=$(ipcalc -n $d | grep Network | awk '{print $2}') + [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null + fi + done + fi fi done } diff --git a/omr-test-speed b/omr-test-speed index 863232f..15666e1 100644 --- a/omr-test-speed +++ b/omr-test-speed @@ -1,8 +1,8 @@ #!/bin/sh # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -OVH=false -if [ "$1" = "ovh" ]; then - OVH=true +HETZNER=false +if [ "$1" = "hetzner" ]; then + HETZNER=true INTERFACE="$2" else INTERFACE="$1" @@ -13,9 +13,9 @@ fi exit 0 } -if [ "$OVH" = false ]; then +if [ "$HETZNER" = false ]; then echo "Select best test server..." - HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" + HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" bestping="9999" for pinghost in $HOSTLST; do domain=$(echo $pinghost | awk -F/ '{print $3}') @@ -32,7 +32,7 @@ if [ "$OVH" = false ]; then done fi -[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" +[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin" echo "Best server is $HOST, running test:" trap : HUP INT TERM diff --git a/omr-test-speedv6 b/omr-test-speedv6 index ca3d64d..3db10fe 100644 --- a/omr-test-speedv6 +++ b/omr-test-speedv6 @@ -1,8 +1,8 @@ #!/bin/sh # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -OVH=false -if [ "$1" = "ovh" ]; then - OVH=true +HETZNER=false +if [ "$1" = "hetzner" ]; then + HETZNER=true INTERFACE="$2" else INTERFACE="$1" @@ -14,9 +14,9 @@ fi } -if [ "$OVH" = false ]; then +if [ "$HETZNER" = false ]; then echo "Select best test server..." - HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" + HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" bestping="9999" for pinghost in $HOSTLST; do domain=$(echo $pinghost | awk -F/ '{print $3}') @@ -33,7 +33,7 @@ if [ "$OVH" = false ]; then done fi -[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" +[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin" echo "Best server is $HOST, running test:" trap : HUP INT TERM diff --git a/omr-update b/omr-update index 33b3fa6..ff2e201 100755 --- a/omr-update +++ b/omr-update @@ -1,6 +1,6 @@ #!/bin/sh if [ -f /etc/openmptcprouter-vps-admin/update ]; then - wget -O - http://www.openmptcprouter.com/server-test/debian10-x86_64.sh | sh + wget -O - http://www.openmptcprouter.com/server/debian10-x86_64.sh | sh rm -f /etc/openmptcprouter-vps-admin/update reboot fi diff --git a/omr-update.service.in b/omr-update.service.in index 231803a..99120f8 100644 --- a/omr-update.service.in +++ b/omr-update.service.in @@ -4,7 +4,7 @@ After=network.target network-online.target [Service] Type=simple -Restart=never +Restart=no ExecStart=/usr/bin/omr-update #ExecStart=/usr/share/omr-server/debian9-x86_64.sh AmbientCapabilities= diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index 67d46c4e05633e7be5618a85267cacb4c9a732fd..92957efcab04f4eca8eb09a1b98a997dd26d155f 100644 GIT binary patch literal 4154 zcmV-A5XJ8wiwFRpt_foR1MNKhbE8JG`z!h@rewd%Zk_c3`igy}%OOA#&j<)0J5F5{ zg(YlLkw6d7I)17B->+u|5JK{5FDrR-Ioi8|>FMd7kDl%xm|+(9ejGZpU*4S#ngHE) zn_K~kSGEWDY^&F6wpzVrhke&%*><<{4mD3$rwrCn?1Tut3xgp39NnS(|4=xqoFVfm z2;FCAu|TyNYPj*N5v7>MEY*(+rW^(#^8AM&TspBA_{g~r)-iH{!gC|YLGhCpp$Bi_ zUZD78<)Z4+@lnRDmT{{ByB~&{G2t!Ls+_$ERL*$8k~NiK7*m@Xg2XVQWLgZP8=9pt zqOKW`Fv(?VN(N)z%9b#$RDSRt&^bS~w6Ubp4`RC4X+&NgSm61YfO#7|JL&r!#11WH!DB5{@i;=%MUGmx9~%}+LVlED~4kW z#l|hJwOh{M&4R=pdzs7sv3}WNw>h&tu2?165O!I6;cUBLx7+O%3aXMdkTug*&E4|8 z8{d0DRP&=k4O>Mny1uVVR;yy4K+Ri)q9(6OyG0|%cMEmzbi2i(@*bg)x7x04r`av` zmZ?tmmGqZ|qHMP~hSuJ(kGBRNm+W3{3exM>&VSF3-SEMgxzRDK$$mIs|2a_2cWk=_ zL>$*_x3K;1vZeih6WF%@AKfs*cD-G1q8c)t)g*tE)g4IjtJwC5XFtRnS$+pq`3wQ`OC(v@8CGjj4b{q@uK6JttgndZp zx+n@B;%6sx|At1eUcCgiwANz-)NIsI@`)q5w#^$$_7!UaD-rC-p(f!d`d>!b@z5QNKO_lXRN7bj9Z z{xv53{jd(PFf?~#$6G{DpmtO^f^XkglIpP?dKM~hN9TO@v!+T2Az8H~W5^5m9)qUi zP{FK#vtrJ{o7pnXWadw^)dl#ChlTSPU4+m>F7yaA{K5~S z&pgJpcpgQ~B(k}}35FW?z8gO^lhi=qO{>qgnsu%NKD~*rog^>u3;k`=A3n_3 zOZNLbbM(H@lNqQKWgeKk7a3O-e#F2|f zBM-_OJvk7;xGr>W=s{=tnJC;&hAA|Td9^u5cDJ%BC{s~FRITbzp&|-A$G4sn|4pzN zh||e9VE@4bbc@gbIvuXG|8D_VXiE&>x2{bIZw+r@bq~(}-tPSGmCt|P1a5TG=0(xy zvm_88|JjN*F?O(A1=CVnL07cRauN3*5369|&0bC`wl&wbD6i&~TdeqW1nplgaO+-=f|HbRPYBPnTGp2*hKU}~6F z1wWI_mqoDV*-G<*AnDc)*~9Zbssa`jOT9w&ip(M!Pmer^hNhEestox_le0yF*i@Y$ zFg`)S>>5jGs40qeE32cl$0k$g$bp0u9(o3(F%0=Jr2mx!=&EmRl}dOk2-k~KzWOC_ z!2h?~?c)9)AZJVe{}%8C{@=hV^0n^&0`7Wc4Dct80f;3zdI<21Al)mLdEi1IvKxuu zJ!Cn2kzO<8k*xA*V1f+ZlJe#8hO-7-C%kcu(}Jd|Bzj5mEqSsp*ygES-sdLoCA z)f--sbBL*G8N6_vr%|QbO4c+n@V|?3#1uSZYvj8#qP{C{_RD%j-xlFngC8 zv+(BcaRh~1btv$PXDc!{De$wIyNZ#hnmI|)M#h7en6)@aWj+TX-Z}|I-qVPT_T~BT zc1sSeT_%S#M)&+j!n={MyU|r3!stA&V&n;|cW8>@pv>#y4m9Nu@3bjm7_16RtM|^l zO8Wf&1K+LJvH3=;(ESKjhMLGlkdWWIq~sz9=I*>s3?vbp4&3h0?Q8cw8vG(G8OWTv z5TUCejM3jww*yfLF}u-|GY_7lVD?Ky>iW0{!k2jMqrl(lC16UWZgoRZbWyX&l?bbK zJDpbN-{!HN@ACLe^GtJ`4(CxS&T$+OCyoUjcNcibIojyzt}@|?0JIO!^K_6H;7*n- zgpmQ>J%k#QX-EcxuwXIMZu|1`GS8jvUfG)9iH4quDsM65Z6{`Zb)G)Xq?<)+gwRZQWr-sab*Ks6w8X2FD|5=Xh^vLr+uEq7(F5p?N&6WE<-UN;wH({@`iSKWc z(73Z_Yst3i(USXvP_oUzjqyH^FNj15yDH^3ar~9@2$B6F3czSDJRk03^c2Udt48Db z`MJI+29}_)r1Vjta`mTpxj6pQErv;Ks);PbBLjY?NQbn9Aa+6nq`;kcbh#A>#0+by z+mZ?anI!h_+^BMj*3stOKqCxjj0Vk=p^10LZ_tfo3^Y@=?)vNr8v>xiu#9kfj^75I zA4x|4gw-EH?;B9}TWEuVl;gKxC>zo(g#4#$1S~l~kw)+*!yFkMzYzlk78|fiv1~;f z+2mm|v?p1WY~k?z0Iy6`F-gJV&60W5?5hDqZ1j>N2V^)|Ey>s+ zHebU}rp9m=o7fS+Z(5Sy5$?rxKvgQ1pxZ-*ADKHWven&I{f<4VXAIUF0TkZ?z0r^g z%A}zogQo`0Zkff)OOhBSON<|=%Xjdm=4T46W6w1tztzwjd2lSkcXfGQ&0zs zD1(ry3MfYdO$f%oKI{alK-NOGC=L0kV)cDk8|TbWimndAz?sjSD5i_xi^+Nsd%5%+ z7TjtOn=i1I$tDxQCQm)`XuLWXRWo!~Ic&9pIeoFjDrn1(Q)wz~SA7qPzE}D;7@x+0 z7%-M&7)=AlQfCAh%?TMI3t_D~=L7U)Xq5bb7ST>*khJ)7V6WrkC#HW9p{}#PO zvAg^P6MXLCjm{+O{q$YMFvq#F(bH}bz|4XrK3fXpC+V+3z(8!KzL^#$nFty<1X&%? zkaUx_i52V99mOjywukP}&zO@3fXss*=V8tmfJytsP-y+I_$ zdpC#)e=QL{1KyMcoBBq|Ih&vTDtPpZBtE#v+!*u1FS@2NMOHFw9RItfi(*@l#LAK$I|%ZH*-rKdeZoEi$`s>t!83!l3*` z+;T+%+)bAvz>GqSNpDpgD)2aT5${xf0`1$hiHMSZ(n0%d^2S(}%nYd+R^l=!YRE$z zKuj3n48hASZ-_Q+9e$n-BGRq}2Q*T_)KArGRl9{wGi2(Xa7h_@07O}!_;}E#v@gzN zRgqN*I9b9trNmy$1~Dq=Mp6yXheR~iAI+~+t|dvg4a>GRBF=D=lasclO~NQrI1Qe* z)hxqW3JI{(5%lKvqG`fI|A_Qu0TqE;Y{R%`{eZQA=726vbycUMc1AnVHmAd({8RrI zOaR7FCWj9Q`P7nrvhjm|ZEE$qO>oXraF7P1B-f>E>5ly1l{LG^x>LoM=$uPpp=+kZG}z;hA`Xg9K$ zPGE{Nrm6U;nQLV-129e>-@)AH6&vPAjug~tgP>tPsHkL`u!>7M0;?zJhQRBPZ)P+2 zRx_@7=n++m=zO}D9}OPhRNvhQWH#Mu={7c+bCua?-XUv~30E13NaIC5X^ z8N>;Bc65!G#yq-%0h}W1_+s^{*6;pt4;No&I)U0zIh^E%DN%1rOe4a0vph#=xT zwTwgie_Jf~j%_!)Y`4X=TV1^Wr`;}}|GxyY5$R|LK-H zfBwWff3OXyW(`T+tsHuoz%@N>)9%%q4X%Ch&kB=6e!mCVY3@U^`;go| zWNRO?y${*RBfFQB3~+2W!S!GgbSa8UP?s3>eL}|MzN3Lv1uP7Gd5>S_!{me+K{SE9 zHq74dN0l>7`TjgTsPuthnsxHmXadXZOi~$I{4R*%V6}4RC*1~o$p5!ny~6n)j%$_Y zf8GRM+yC3i#R54M`Q32<%atL(pE(4`>BtF=0e$6W-0gB-wJA2g88%7p?4V1&_mrh; zI~277=cL3wPU)wizMNB9Vuv>UjMQN+lyZkG{T|d|29$D#jDD)>aPhs>C*QIHpoiu6M2mEEBzQ#VxP&dh8}YyK`9HSPF3$gEw~YVa2EO3@ z-_KY@%H#iK^#5w~PmIV3!v5sjtf@0fK8A;iAgep5)J1)9tp6JC^aFh9LH_J0OL|Pk zTYYS2-wa3-vqhTt^GA>+lu$wmC6rJ?2_=+JLJ1|5P(leMlu$wmCHxWLU!*femH>DF E0Q3D=uCfpcRXkSbXqNP z1t?zGF5I&%uG4I`n%yqy*JNik%RlcVQ63pQGEC|33;Rl@nw>2BG`p z%;%_9Lv=Tv)}s_tpQidz!IXm_M4o>igbOG30v|bd!74^BPZ+lBAr<+@}%T{0Y7C^l+x z&FyjqZx$qW*^6BM59b$6c9S#P<%(634Pl$L7fv?|b~>GIp`a>ReOWVY)!Z)cyYZbD zL^VGu)Ua9PqU*c5WVtN%3DmqsUammibx*)xN?fm!r*bVQUsT&=_n(T%>_MZdQ#P+}2?6z2z zW3m13aP89mzXojD|Br4MVY}WsZ=f17oyBtQA~{nLGyuzv!2F~5DX3+tgTSocdk?FS zIE8cIC82o2P-rMR}#82F9L6Kw~Afl#Rx2GJqV%vB7oWOj8Q9p=7vNJRBsWX;GQIg z>I5ln6hYq5_1(~!BYkx@_oh%-@usdHxyXso662yrcb3+5fGc7q6#)kb>`62KhFlNw zvFx)`8vI zT#Hx!Ul}H&Njaq1VB0ClZi>YmeqSvAIo?kXFJ(>V%yjO-@YXQR?$Wd9b8;U-x3+@$ z^it_y5!UVk@KXN64vM!nd?gTAI-#>TqVLDBZ~ez{t#=UoK?u-lbedi8|BY_9QTqSa zfPL#fsvpEZ@loVG_{4jCbVAR$n}c77AE|dkz6(ART$D?lnH*y;9<3f8+$e?|LYEdp zzO#U`ckTnYl_zkcz!a^P5c7hQ2R}S_Mqk!{8xniS!GJY%Xzvp~k)E#*d98)fafv>aoqnIoAfC-oV#(l9%{} z-lpjf@2Bhq`(2(ndSB?twSR;tW*UUE4^)26!!Y!Q$fvid8=@hS3nin~JcdR>lkRA^ z5J6w!$i<_P2jz_(9f)9D7rHm}pfmkU6mBQO6dK38*qj5qTUiy9i6|keR_9QmA__dm zThEFACs+@}@nr0=|KI^S1^dso+s)GczXoKXEir&^U7HeK8(zce?w$YL?fDO=a{j*p zTb#s6)B(nmd}1)eD+JN$l;&+p3oPyCMaTdh{3`24riD);}q3Veb8H?WF)t@}TNyKWf+{E1@#Vo44j0=yBV zd&M#jTnI$ABN4oZEQc@BYlb|ORXz<&kilD0zC7M=R)_1DH?DA6&{UN~FG;>7k2mN? zpdWZET2?=@S1q4UHWQto-v@XTTzY+Pe#r2}X6LJjVQ6R*z4E;&(ca?~Wu1Vcd|#2x zktD8>hNM7G+`?0Sj@E3y12N=bEmskHYRwYp(mosTMT*IiCJHs zrjIk}X3-j9^%*L%M>C;%>-g;0kooU(9LXI=#^>XImSel*`Cq5OwKxvbv0STJ#{aJZ z2alVuS6RpR*GXvH-m$f0Q}t-c-9aeX=HSM7AIKL(qJ&+Q@*6w;(s_W$ejWv2wCA1= z_c3~mg!)K< zJMrLhD-eho){j*djJx!jC7$U>lp*5x}oolHU>T#pi&kR4hTa2MRwlw^(GWyN&uCdQ?vs ztTh5Cz6E-tAr+KKLjwj+32bBWI+_Q465%Q)(?kGT4en%|e|SCP4IM9sB@>zpi~WH- zv~}JZ^{S`8;-n}WpVnP@dHSn4;tgpN3+gbGG+761ufB>x$ZxPiBj|B&LJv z>5`%JQu6xJ4d+-NO-nN*B0O}X7#ahbG}5T;u+5PK7KG48kB~9xo3|#eZLeCzigX;~ zBEldKKm{hC4i-@cAypMnjyf6>jDdaF5mbS!g=|q8@Ds)A`LH(5nV}S2?T3Lgn>tZU z7r|%a)jalc=@~4z)gU&XVJ(wQCW1|#dgRe~buOxA=q_{EY6WxpVu@AImLDe4MB1$S z4itT_^cxr-$AK6ymLnKV1IAKk1Q^XR8Cg8>k1(zVSUo`-<71({ZzEVXpZ(L#`kRgh;tlQv{c~he97Nbm9(HD?oS(Qz`Z%V2Kw_+OX z;?umidjY*hB*%McNl1_RD~TlfyeSJdb&WJTo1VQYIP|k5JUGj|8P;H7#LKE}3I^C< zlS&a3eyop8%0o~j-mt-vhUsa8vDB0ae&|UVh!Q5Ut&ybSXB7#x zMJ5++ysYCV7?i(=8?H!zyY5f~SWyTu>8*+*1zzm=_jYzF+m5^?JWN&a}71-p?^gB?tqHGEw(`qvVOo? zL32PgC%UTBQ9PlYXq%J4K>o4!GbR9ADU-7ZgnVL2Kic>`fHtvuod)>o3HVC`Qj%>9 z1iWLP5aKffWBDhk*I3`%xv8a+ppY13T2UMjNdbhJ# zKd7i=ny{!#Is&UF=!U@SkZ)!)`bIOZc<2#Tq=kQy49%wfN0OQc zX5LDIUlWXcx>hHq{+Np_Fj6{RA>sZY+gh@vRz4@S0P8uJ&rNr&q${0#Ua}2lz2eyx zNY^$y@Gq8FFK4#%)(e{54LERL?ij=|d6aa8SIRuPg#nx(>+oXnoa@ULw&Cea+DdDK z0bOm3dGjjG#mY?Y%l*S|4-rJ1$Cj~g|8JA!-m$Glhi!KN8hHOttKBM}|Gx$l&VQzR zesCmRA3M>%S8nLcT=y%t|8&ZoKY!w#KiGy;vxX$^R`$JDA*INB71GQFp!1dZBkd#F z@!=?D=l&mtd^-vUtpbBXxcq0N7`y|Bd~XU!`+Q$kWa}0>4P4_76UpF3;F_McX?4#V zb*^>xuL_exezybJZtOy`yO7*2WOEm?wF}wKBRdzA3~+2G!F6F0bSR2TP!|~WT|&m> zzN3Lv1uP7Gd5>S_!{me+K{SE9Hq74dN0k#y`TjILsPuth8t3G%-T;=_nWQq7_+1di z!E))&j=BwapZ{+)yX*5m?GAqb4?0}>|JQ(*_W!nXu|Q5mes>(ea%BkcXAS{!I&y?# zKwr5TceC7AZHmorhE392JLr<{J!R?I7DcVVIVrJ=Q~GJBFXxn&*rH88BekCkrQ9M* zzX!FS0j1m`qo1nUUwmiv$+xWbmj$vdn%tMJ_A^)${~sKLil@i_0_48)|7?eR|FPX| zG#gE>jr~8{F2DcuDsWQ#@Erx~R?i`1wbtiV@kSP{?1+IjvDU~+?h|>8^b7qMQ{`kG zoimJ_e4^>C8(hK$;EniieEyGZx7Oc(<+?0A|5twh<5l1b&j0;{Rir%rUq=5gM*qZ! z93kvazRj9CqvT_Fs0gyUg-Tu27svW9@lHR$mmcKLjj3+s;P3K zrs^hVu+OPMbD%dcB}PWtM-HA&E4CKe`spk%(ro{=8R_n*J+p7 z#@$YLn@{JBQj4eUw}t#4kKcCNn>DvjJ7tk1UD&SL4QHE-{eJ(n#Hdj7Tv827F}C?V zC%$q0sNqE=3A^Q5H0`M&34-#NfaKj0tHCRDn>DgMrzCr?-!HRDPc(lTxxuEiy;i?G zT81)tiql(`Slj*b9GXwgeY`RG$k~6pW=y_!v;JK#cEVeG=0v-x?JY&6Tla1iGLvu&H41+4 z7`k`&F?lV#Asv|hMyG$(J|Q=cU>}@9gQjCInO!l_Y%JWH&<-C7T9D9jNaWwf4|eE$ zPagdhnSmh*ow*xBM-7MT0Fw5@D@gj%V5eYCYx_9Q8tV0yUNCg4&2i1SGZhlW37xJ;~Y}7i( z?X0!5#v=k__1cb6{*d?qGQI(!AIZW7=`zk^HUtJVguG}xiB5TOLXYELV>aHms}LI_ zb0@alMFb3uozmA^_O&`h^<7)@+)wE2yyke+hct|4%f8Arv1)?w!Z*>zy6C z_RRv2A-+%Wjd%{ACV-Taz?l>yjz_DzJ12@Ehn36Nh-ZH=Zo;lwe+*4QVA_^x-i0$4_TT!L-zmjwY}LCpz69}fh6WYsaaayI)Gg#KOL75XbP zZfAJICF^_O#P_ZAE?xcuw#Yp{TCT#|4My_1JWgx;11mN2!}*(}@&baOH+NX5KDB%f zFhr|G43d9?NxVs{Km-GX2FXnfN>U}cx4|$u4vbmo!U%bJ3n)8Qza{XF@lsL*c`8zp zXvHx!T}}e9dkNsGXeYFu$NjbO4F2N|pzQzmdYuaYUxISihN0i@Elou)O>5BJUmMS^ z{|@Z`Pr&EvcKR(W2kXD`|6YdFiEi}VzXU~gf9`jXJgv*m-0-1Y z@eEE=Wl6YR-^=QV$n=uR*}XK8%(L^UZkRPZg)8zB)WIV0f?d!7D^3g*5J1H;u~pO1bRJ%j%zC!JRL z{IB1w@c%{VGw@$W75Q5DKZ2{%$_D(2Z2&`(otuE)iL!u^9ED4UXxkEDAW0#;Twc|s zk)-gMVIn$jZahuGu#+ZyPk8+T?*&y+nDu{3^G#{8QGN{ifdMJGd@N$6n9o8A4#<}g zhQeguuZ=f(db!(05s^l^I@M}F7&I9@UY6H4z{;P?k};;@I#H)Gj6@+pQZ9K}DkMx5 zQ|EA)$*>1zV~g6R?~k#H1eDoQ{TXy{jv&@X9c*b@TB^nCVB7dg*$(Z)){|$ z^_&%tX8~KA3GuU;6U0PRj6zG%x{X^mg|*nv+I;Xs44eX%*NNkhjOF3*YNMS*y1X6M z8O`_em!#8JP!`r);D<5!2kG~~Ct;u)-P?2jA@XOxL`=%Ng&#h~E06fz#<=7I zu`!=z3CnuLzFA|9ey`W<{pLDW^X)o5(LKW$XA`&+!8@G}Yfc;s8c82tleK@QZmUmO zUziTEfU52jikoI&3pyD65W2!vCz~Z!cN<&lpS*qhw%F`!;i4uL*L|w22cp7fS^@2x zwOhyd*GU4&8my+j+|k$i0p>Bfa(ijx)BbkC%(xpK@?qimnDR2~TwRoDvQ0DFGjfoD&(Y#GSWW1BXmE zrY}9 zK4|=i>VrLsKZMcOLG~-?gG}Vz_h2aL^a@=6eRcx29-v4g_>*9bjCS9Na~U=ruv;-L zSshvIP!al*?oKw+@cJBgD2kZgt<|u@5@0M~%aUXcC7BMI@9eM%er|K=L=hrQlEs1? z2lX62&;AzSf1TyBtyX_hhslprMZO*=eyuj)g_4wrp0!%KvD%PS*PwNi>RW}4kEKth z`fxing$+nw_oVQOhwHiVF{IUMrl46vnI9Qjb>zFc4FPvOiw7KPi2#ajf}W^E0p(H2 zki#W_n2P&n9`r|qZ!ujK0+dzZO2Yiz>lJM5htkN>cym0cAHILbTT#+K6vpqYxr#!# zw?n6xdidTL^E%xu45~4rs-!{cpuqNPY~4A&8#HAKI;-_@<4q0JUyXejG|?pCf~g~D zkt$B11Xfe4DMN6_v4BQ(IjQ!>^_qbbE)bqj@MZ)lXHE9On$55Bi-kY47v)@z9B4=na3U)mTk%!!pJc(1SG^-9yIo+_*MS+CjaJO0^$g5n;lIpbk?|4U;K` zkf{wQN|Q`jijMYc_iB-BfGm*?`KfFUJlGo-ASg?&v+cPgOtk3eJoN4P%#PyZFym;l zTEuSQehzzY#gC0g@9Z#NV=Og21SuxtMqN~l&dr+nR2S3%t?&HVdT8{3X7I2F3R>UL|jW0j#!OH+xwr zDp(Im86|)I>iXVdFgHj7@gYN;NQz|e=LS_wxD+!F7hmYZVT0s#Li&c^I$^?JP-bDz zc|#Jc#6lWLO13Zub+GG4sZ(&2+cZ#3Va!X4WeB>YnQ5hh%ulq5kyIhbl-DhQGIpa* zG?|)7bFdV^62oG&03}sFepGV(AyjJ)L$hww~6`?Z*)*NMl(i|MO#hQ<6LmYg|6o63-TIxqI)9!OmX9pU0VfJRhUc0ur7JBfbJOmaSE=omA`wE zmSX-Dvx{~Z=f={~p)HD1ru{egOW?)fOGbav6!H#bw?DzynAx4COQ6)+pxz-}_J`kX z`0H%`p@~I31_t#~5;LVw()4LI!&4)Na+sM!BuvxB*RWoA*#ccG6otuKCnOFsC;~MM z*zTkqLM2dTQQ$SmH*&SVQuPZSIK{$=s{R_Z2Gj)Fx z4M4bT7t3&NpW6>nGBn&w;CQg0f_xKF%*mG7TGNZUSqwq8DJbTp@eKJMV7tA1+pwLL zY!J57*N*>o-rDtlx&u2N%O@sr!VXz3a1Y6oYnZ?(F?ZiAuDNr`M4-%8($>8?945Z_ zgf}j-TvX=d8i3^hgG30zCLW=QplpAtNpw06!SCPODWu|81R| zRPi4#LYwg)dCZ5Q@Md#jNB>zlp*?q;uMGd_SCJoo;>Zugkb2&c^i=)n6ZPgM7dua9 z-CRO)QHVcM9LW>E9>P5t|G}|e5J8tr;Lt%S{+I}d5g_bGN1*6Ae=fO8pSAPGm(>bYr|KmmIWAUH8f-g`| zkuUZG+MUV;_%piz1s&PLYXE;=8H~Bf_fq(dmol@;HP&g3b@Ge+pvP|{ z48r@Je&dFB%e}(@qL!S}<|1+vc_4-$Z{vSnu1|oZa{q(n)%xjH-efp~@TevJK zTS<)6srlJh|FOEWUuwzT3d@68vp`u4EzVypV>f?5l&`3wiYlt8qKcEL4iA%`4iOFL P&r1ITPlA_20C)fZM6_PA delta 3704 zcmV-;4u|pE9mE|6ABzY8V0I~y2Sk58Ju^K|_Y8w(zURfEJ^SU={-_1iKRIFFK;`dt z|FrX}-92rebWU3R?&+&myM1!ne??k*)G4P`6x$&ouR`CCKUMCz{Qpxrs2vdF-VdDz zd$H(~MuRk+c-D;aq~TR&XdvFm%pzVTNvaiE0jM36(`dpCa~x9-9@ zBJpG3kowa0$XZ+@7gq;)KMYlU!keU9JJ>7L4tT+oRE6U>L!IgZ~m^RoinZ^QyAB3Ke)H#ke{0Bn93T}4f4%5#Igj_GI@PO&7^>3@e^JVc`GSY z6U?)FXAwBznGJ29+h>}}H8_9#U(Exq-D-W;s{P=2bN4pmADY@W^KBfgIpbNtb=oDi zaktam=F@qjRO4y;Z6W{1v5s3)`aIaJI?V@Apqjj0!c+CDpJLW1HV| z;v3hG8eUY=uv?a*X-{=Y5S04_H1C#J4PK$!tdZ?GCEa`dewkHzqSAlJ4K}sywfg1W zGL*?voZhm;+U}Rf(0p?2b&i>mqWAeS5`R{tM6W-c0C)$m?r|4Py@Ak_0-|trV z|01-3|Kyz$Mu_Ss$1TzzhP@0H4v}&bAw$4*0^m>L2fvY<4gpNRb?;Uoa|y>FQSgJu z(7n5l$!p;a>A>(eI<0^93AuR$|KJoVG#z`%{ECTgW8vO}cKArpgM^MlBL6miutVp2 z^60O~3>-=5%-sll&CM!yh#M2Y*QOr=|I&v!@rX$)Z|;Pw8c=T;5&xFmjFc&nohX95 zk>fd`y&&4^X5r3&S$1cR7dga^NPub4y)(~r9ik#estCA05YK;_`8{!5$j7>~Uh5pU zv)WRLM+ExnwH>4WA@Kubd;>~9l7$W0Wt_*X3k;|TdC_?io$}&@9>>4NtiNwpAy!7_ zPHel22pAeWrLXtwYjcR|yY}XJoY2|17w{TM)i7Q#YT&ZCL-1*q zRLEpBzn=w1;7EUN7xrCr6b8^U&;du#fnX`~LHj6#{&Q|HaC#SboWBekeb+l_tiS~S zo(akMpJLk)#D9_kJG7U3#D1jb@W0*Zm+-%JdfKk=|0U@8_&>1_hERMIxpyAJuXlFn z+BXY8hWI|gH{v;fngCKx0%uZ;I3BI;?wlxw99Ax4Bc6Y~1l}9x4uItWfE0w1RRFOM zz&s%F!ii&st+7uK@m=q31+a|xxCGzeFAEC5gqjnEJ{~Ci$iy+YayHu*g#KOL6#6T3 zZfAJICG&gW#P_ZAE}i}ZHpx9dTCT#|4My_1+)r!#11~l6!}*&;cmY8$nma6rPd%Rl z4AE*4gXVwW5^oYO5J3l_Lvj;`l87YtHaI57fj$de=piq!0d+_5TMF+OFC|5gry?bZ zRUAXruR1s;Ut5dD^gF%zt<7Ih$1FZbH zEE!`et`l`CLr)YEB;}Hqr9#3~F?C+JD3(#^RV{Ct=zHJB=r#QZL?h3cG4l=F*)OXg z*(=6bg*%l8HOYHtFWmWS^v>9-=e&443)tLDh@Z`zASR+>6l#jrb=&GO;x07>3MFDV4j(FUAcy1J;9bAr&X&Pu z9&QUik;hnAfpy+TtA3_g8!}7vp-eIKgOafNjXkfke*drUImgEc;Uoy1cYrhrOfLMi z_>IFj7rsAt=En>qaoku<8@>0DUSNL;mGW@EJRQb@v9Rg_Ka9ygNWTX$2?O2e-k$pp zkw5z-Vp`rU{O~bedBpcN`X%p(jqxmNShg$n%_?j3d%bS&H_KSfw`F{yd4@6025={e zcRC$boj4XWl0Lp9YfIfWpR&C$8)OG+x=$Exnt?Uw;PgXi3Y(p5l$h)`*4BSNdHeQl zvD(?fMN2Bq`_xzuM1{|+0_r(yw~q0zlN=;!FiC&8Cl~7nSjQO3?WK-S$N%ki|FnGm zr_<|ps`&pUXy5Hy{DcmmuxTLeL4(fPeh#!F7x|_i-GYHJg7A4-dyVD?SNpE)$k$OU2{+c)8g9E(gb@=xPv?@I;5t zDbe7b5{RM5Ig#N?+JE6YbUDhqjgF1E};=RG)9GHO3=jX-8blx z>gTESQAgug`IXqKN6;+6+4^0r~=#EJ@~2 zlIfuN&JLRp=Qfv46d}?iS?rM8pq|6$+211kud`gX)JkNS{76;g>w)6eY7<^4X^H4r ztECI84NY|oYB#CARoH*{So&nD54TfO*nsqPOA1H)UC)h=A+1(31B85S~!+W&|l` zP4>a6&9Cx{g+H?wb1Ri~`-(1~Jb4VcwfO>o09#uU(lRT|wx#`N5{Hc;C^ zy^cn;A7Bw-z=wZe4pT4@c5WEH&K(DJJ7WT~v(F2@0w8 z8cO<-%Ijc5KTheCZZ_zNq~z(wm({T!@1nzCk72lV7;Jxy6JWR}Z0Hds_Au}|K%}5f z@C~BDw-Kza58q>48-0KaTyuQ*=i&S4F^Zk#2Y`UNgJ&UGWc=aVnr@5>ywUwO3#82a zCBB9P#rM)*rD%cythSyvdzmRJcn?V#CGqO|-eNE}NDg8{hB%QF$>7fos+e#oW)UvF z(1qOw$?JcF^bN0d!i2w|%)_4Zh9p>thcuFuY+?@T;Mb4Rpx`L?X<(Ydn3ojG5Ohg1 zQ=x*)Pqc}Vh!AAT>lQ#6yHO{aOwFV^mnU&~BLyIPs$3}Q74(5FC2j_pC1?@UW`cd<*i4hQNs25f6l9sgI4g+G$byO# z7{OE#38IFiavWvVtJN+j)hyk#Qb%^3L`=MxzB*-CEFNOXSwOUD40)=FaR$tokxVz& zJ=lLh3&t#OHjZEtVzExLjOlPF{WSOmQ>G^U$-+H(b!ra!ty&FF^iHIoDK0#+YpYe*qY0reUH12$!v58P4r<`5{V%hKmX84|b>^UxXBMvT3%q^kRQ* zc7`BZ6cqE)^9=bKV7tD2*|43JED*NS*Ma|b-a7Pux&b@x%O?hL!Zukha1F_mYZ$;O zF?U}r&bf2RM4-%O($>8?944{&gf}j-Tr}q78i3^h4~YZATvXzZbdKbSUytCPJpaM5Uy#6%OyDp;DgKxQ zhbKVTk4`|*bN*bCCG#3O4S*k(#X2v7)LZAf*4bIJ-8%Yr4eGd^xA68muJC^bDt0o= z&E)weKJNsx23ul%$R4=lk3gf^0hWB72(>{}`who|ycSn_8TBvs(6gePqSy}tXTH~C zpwFHE@Ab;>e|0)1)$c#N2z~7QXRi5KoLN70{w$R1!n{cRreT4P|J{%Xb+E=$T*5+ikLem2&BOm_B59obu9`C-=Vpe!Df WoDMP%sG^GgjPySSZ@`TJcmM!)=v)v0 diff --git a/shadowsocks.conf b/shadowsocks.conf index d6d760a..0b813e7 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -58,6 +58,6 @@ net.ipv4.conf.default.log_martians = 0 # MPTCP settings net.mptcp.mptcp_checksum = 0 -net.mptcp.mptcp_syn_retries = 2 +net.mptcp.mptcp_syn_retries = 4 net.mptcp.mptcp_scheduler = blest net.ipv4.tcp_ecn = 2 diff --git a/shorewall4/shorewall.conf b/shorewall4/shorewall.conf index be836d4..d1ed03f 100644 --- a/shorewall4/shorewall.conf +++ b/shorewall4/shorewall.conf @@ -137,7 +137,7 @@ ADMINISABSENTMINDED=Yes AUTOCOMMENT=Yes -AUTOHELPERS=No +AUTOHELPERS=Yes AUTOMAKE=No @@ -163,7 +163,7 @@ DISABLE_IPV6=No DOCKER=No -DONT_LOAD=nf_conntrack_sip +DONT_LOAD= DYNAMIC_BLACKLIST=Yes diff --git a/shorewall6/params.vpn b/shorewall6/params.vpn index e69de29..a7a7058 100644 --- a/shorewall6/params.vpn +++ b/shorewall6/params.vpn @@ -0,0 +1 @@ +OMR_ADDR=fe80::a00:2 diff --git a/tun0.glorytun b/tun0.glorytun index a7fd471..2a6c695 100644 --- a/tun0.glorytun +++ b/tun0.glorytun @@ -4,4 +4,4 @@ DEV=tun0 SERVER=true MPTCP=true IPV6=true -OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue" \ No newline at end of file +OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 1024 multiqueue" \ No newline at end of file diff --git a/ubuntu18.04-x86_64.sh b/ubuntu18.04-x86_64.sh index 814a06c..e69de29 120000 --- a/ubuntu18.04-x86_64.sh +++ b/ubuntu18.04-x86_64.sh @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/ubuntu19.04-x86_64.sh b/ubuntu19.04-x86_64.sh index 814a06c..e69de29 120000 --- a/ubuntu19.04-x86_64.sh +++ b/ubuntu19.04-x86_64.sh @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/ubuntu20.04-x86_64.sh b/ubuntu20.04-x86_64.sh index 814a06c..e69de29 120000 --- a/ubuntu20.04-x86_64.sh +++ b/ubuntu20.04-x86_64.sh @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file