mirror of
https://github.com/Ysurac/openmptcprouter-vps.git
synced 2025-03-09 15:50:00 +00:00
commit
944b314a71
20 changed files with 708 additions and 332 deletions
File diff suppressed because it is too large
Load diff
|
@ -1,5 +1,6 @@
|
|||
[Unit]
|
||||
Description=Dead Simple VPN - Server
|
||||
After=network.target network-online.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/local/sbin/dsvpn server /etc/dsvpn/dsvpn.key auto 65011 dsvpn0 10.255.251.1 10.255.251.2
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
[Unit]
|
||||
Description=Dead Simple VPN - Server on %I
|
||||
After=network.target network-online.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/local/bin/dsvpn-run /etc/dsvpn/%i
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
#!/bin/sh
|
||||
[ ! -f $(readlink -f "$1") ] && exit 1
|
||||
. "$(readlink -f "$1")"
|
||||
|
||||
INTF=gt-${DEV}
|
||||
[ -z "$LOCALIP" ] && LOCALIP="10.255.255.1"
|
||||
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3"
|
||||
while [ -z "$(ip link show $INTF)" ]; do
|
||||
sleep 2
|
||||
done
|
||||
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
|
||||
ip link set dev ${INTF} up 2>&1 >/dev/null
|
||||
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
|
||||
|
|
|
@ -1,10 +1,15 @@
|
|||
#!/bin/sh
|
||||
[ ! -f $(readlink -f "$1") ] && exit 1
|
||||
. "$(readlink -f "$1")"
|
||||
|
||||
INTF=gt-udp-${DEV}
|
||||
[ -z "$LOCALIP" ] && LOCALIP="10.255.254.1"
|
||||
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3"
|
||||
while [ -z "$(ip link show $INTF)" ]; do
|
||||
sleep 2
|
||||
done
|
||||
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
|
||||
ip link set dev ${INTF} up 2>&1 >/dev/null
|
||||
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
|
||||
}
|
||||
ip link set $INTF txqlen 100
|
|
@ -9,7 +9,7 @@
|
|||
],
|
||||
"method": "chacha20-ietf-poly1305",
|
||||
"fast_open": true,
|
||||
"timeout": 600,
|
||||
"timeout": 1000,
|
||||
"port_key": {
|
||||
"65101": "MySecretKey",
|
||||
},
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
Description=MLVPN connection to %i
|
||||
PartOf=mlvpn.service
|
||||
ReloadPropagatedFrom=mlvpn.service
|
||||
After=network.target network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
|
|
|
@ -16,6 +16,7 @@ if [ "$1" = "start" ]; then
|
|||
ip tunnel add ${DEV} mode sit remote ${REMOTEIP} local ${LOCALIP}
|
||||
ip -6 addr add ${LOCALIP6} dev ${DEV}
|
||||
ip link set ${DEV} up
|
||||
[ -n "$ULA" ] && ip route replace ${ULA} via $(echo ${REMOTEIP6} | cut -d/ -f1) dev ${DEV}
|
||||
fi
|
||||
if [ "$1" = "stop" ]; then
|
||||
ip tunnel del ${DEV}
|
||||
|
|
50
omr-service
50
omr-service
|
@ -6,9 +6,9 @@ _multipath() {
|
|||
source /etc/shorewall/params.net
|
||||
for intf in `ls -1 /sys/class/net`; do
|
||||
if [ "$intf" = "$NET_IFACE" ]; then
|
||||
multipath $intf on
|
||||
[ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
|
||||
else
|
||||
multipath $intf off
|
||||
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
@ -16,30 +16,64 @@ _multipath() {
|
|||
_glorytun_udp() {
|
||||
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep server)" ] && {
|
||||
logger -t "OMR-Service" "Restart Glorytun-UDP"
|
||||
systemctl -q restart glorytun-udp@*
|
||||
systemctl -q restart 'glorytun-udp@*'
|
||||
}
|
||||
for intf in /etc/glorytun-udp/*; do
|
||||
/etc/glorytun-udp/post.sh /etc/glorytun-udp/${intf}
|
||||
for intf in /etc/glorytun-udp/tun*; do
|
||||
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
|
||||
done
|
||||
}
|
||||
|
||||
_glorytun_tcp() {
|
||||
for intf in /etc/glorytun-tcp/*; do
|
||||
/etc/glorytun-tcp/post.sh /etc/glorytun-tcp/${intf}
|
||||
for intf in /etc/glorytun-tcp/tun*; do
|
||||
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
|
||||
done
|
||||
}
|
||||
|
||||
_omr_api() {
|
||||
[ -z "$(curl -s -k -m 1 https://127.0.0.1:65500/)" ] && {
|
||||
[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
|
||||
logger -t "OMR-Service" "Restart OMR-Admin"
|
||||
systemctl -q restart omr-admin
|
||||
}
|
||||
}
|
||||
|
||||
_lan_route() {
|
||||
cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' |
|
||||
while IFS=$"\n" read -r c; do
|
||||
vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
|
||||
if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
|
||||
echo "$c" | jq -c '.lanips //empty' |
|
||||
while IFS=$"\n" read -r d; do
|
||||
network=$(ipcalc -n $d | grep Network | awk '{print $2}')
|
||||
[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
|
||||
done
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
_gre_tunnels() {
|
||||
. "$(readlink -f "/etc/shorewall/params.vpn")"
|
||||
for intf in /etc/openmptcprouter-vps-admin/intf/*; do
|
||||
if [ -f "$intf" ]; then
|
||||
. "$(readlink -f "$intf")"
|
||||
iface="$(basename $intf)"
|
||||
if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
|
||||
ip tunnel del $iface 2>&1 >/dev/null
|
||||
ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR
|
||||
ip link set $iface up
|
||||
ip addr add $LOCALIP dev $iface
|
||||
ip route add $NETWORK dev $iface 2>&1 >/dev/null
|
||||
fi
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
while true; do
|
||||
_glorytun_udp
|
||||
_glorytun_tcp
|
||||
_multipath
|
||||
_omr_api
|
||||
_lan_route
|
||||
_gre_tunnels
|
||||
sleep 10
|
||||
done
|
||||
|
|
|
@ -6,7 +6,7 @@ After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.s
|
|||
Type=simple
|
||||
Restart=always
|
||||
ExecStart=/usr/local/bin/omr-service
|
||||
ExecStop=/usr/local/bin/omr-service stop
|
||||
KillSignal=9
|
||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
|
||||
|
||||
[Install]
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -8,7 +8,7 @@ CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
|||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
LimitNOFILE=99999
|
||||
LimitNPROC=99999
|
||||
ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json
|
||||
ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json --manager-address 127.0.0.1:8839
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
|
|
|
@ -2,10 +2,10 @@
|
|||
# max open files
|
||||
fs.file-max = 512000
|
||||
# max read buffer
|
||||
net.core.rmem_max = 150000000
|
||||
net.core.rmem_max = 67108864
|
||||
# max write buffer
|
||||
net.core.wmem_max = 75000000
|
||||
net.core.optmem_max = 75000000
|
||||
net.core.wmem_max = 67108864
|
||||
net.core.optmem_max = 33554432
|
||||
# default read buffer
|
||||
net.core.rmem_default = 131072
|
||||
# default write buffer
|
||||
|
@ -28,19 +28,19 @@ net.ipv4.tcp_keepalive_time = 7200
|
|||
# outbound port range
|
||||
net.ipv4.ip_local_port_range = 9999 65000
|
||||
# max SYN backlog
|
||||
net.ipv4.tcp_max_syn_backlog = 4096
|
||||
net.ipv4.tcp_max_syn_backlog = 10240
|
||||
# max timewait sockets held by system simultaneously
|
||||
net.ipv4.tcp_max_tw_buckets = 10000
|
||||
# turn on TCP Fast Open on both client and server side
|
||||
net.ipv4.tcp_fastopen = 3
|
||||
# TCP buffer
|
||||
net.ipv4.tcp_mem = 768174 75000000 150000000
|
||||
net.ipv4.tcp_mem = 8092 131072 67108864
|
||||
# UDP buffer
|
||||
net.ipv4.udp_mem = 768174 75000000 150000000
|
||||
net.ipv4.udp_mem = 8092 131072 67108864
|
||||
# TCP receive buffer
|
||||
net.ipv4.tcp_rmem = 4096 524288 75000000
|
||||
net.ipv4.tcp_rmem = 4096 87380 33554432
|
||||
# TCP write buffer
|
||||
net.ipv4.tcp_wmem = 4096 524288 75000000
|
||||
net.ipv4.tcp_wmem = 4096 65536 33554432
|
||||
# turn on path MTU discovery
|
||||
net.ipv4.tcp_mtu_probing = 0
|
||||
|
||||
|
@ -51,8 +51,9 @@ net.core.default_qdisc = fq
|
|||
net.netfilter.nf_conntrack_max = 131072
|
||||
|
||||
net.ipv4.conf.all.log_martians = 0
|
||||
net.ipv4.conf.default.log_martians = 0
|
||||
|
||||
# MPTCP settings
|
||||
net.mptcp.mptcp_checksum = 0
|
||||
net.mptcp.mptcp_syn_retries = 1
|
||||
net.mptcp.mptcp_syn_retries = 2
|
||||
net.ipv4.tcp_ecn=1
|
|
@ -20,4 +20,5 @@ vpn gt-udp-tun+ nosmurfs,tcpflags
|
|||
vpn mlvpn+ nosmurfs,tcpflags
|
||||
vpn tun+ nosmurfs,tcpflags
|
||||
vpn dsvpn+ nosmurfs,tcpflags
|
||||
vpn gre-user+ nosmurfs,tcpflags
|
||||
|
||||
|
|
|
@ -108,10 +108,11 @@ TC=
|
|||
###############################################################################
|
||||
|
||||
ACCEPT_DEFAULT=none
|
||||
DROP_DEFAULT=Drop
|
||||
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
|
||||
NFQUEUE_DEFAULT=none
|
||||
QUEUE_DEFAULT=none
|
||||
REJECT_DEFAULT=Reject
|
||||
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
|
||||
|
||||
###############################################################################
|
||||
# R S H / R C P C O M M A N D S
|
||||
|
|
|
@ -105,10 +105,11 @@ TC=
|
|||
###############################################################################
|
||||
|
||||
ACCEPT_DEFAULT=none
|
||||
DROP_DEFAULT=Drop
|
||||
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
|
||||
DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
|
||||
NFQUEUE_DEFAULT=none
|
||||
QUEUE_DEFAULT=none
|
||||
REJECT_DEFAULT=Reject
|
||||
REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
|
||||
|
||||
###############################################################################
|
||||
# R S H / R C P C O M M A N D S
|
||||
|
|
|
@ -18,4 +18,4 @@
|
|||
MASQUERADE fe80::/10,\
|
||||
fd00::/8 $NET_IFACE
|
||||
# SNAT from VPN server for all VPN clients
|
||||
SNAT(fe80::a00:1) ::/0 omr-6in4-user+
|
||||
#SNAT(fe80::a00:1) ::/0 omr-6in4-user+
|
||||
|
|
|
@ -3,4 +3,4 @@ DEV=tun0
|
|||
SERVER=true
|
||||
MPTCP=true
|
||||
IPV6=true
|
||||
OPTIONS="chacha20 retry count -1 const 5000000 timeout 10000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
|
||||
OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
|
124
v2ray-server.json
Normal file
124
v2ray-server.json
Normal file
|
@ -0,0 +1,124 @@
|
|||
{
|
||||
"log": {
|
||||
"loglevel": "debug",
|
||||
"error": "/tmp/v2rayError.log"
|
||||
},
|
||||
"transport": {
|
||||
"tcpSettings": {},
|
||||
"wsSettings": {},
|
||||
"kcpSettings": {
|
||||
"mtu": 1460,
|
||||
"tti": 10,
|
||||
"uplinkCapacity": 100,
|
||||
"downlinkCapacity": 100,
|
||||
"congestion": false,
|
||||
"readBufferSize": 8,
|
||||
"writeBufferSize": 8
|
||||
}
|
||||
},
|
||||
"inbounds": [
|
||||
{
|
||||
"tag": "Vmess-In1",
|
||||
"port": 65228,
|
||||
"protocol": "vless",
|
||||
"settings": {
|
||||
"disableInsecureEncryption": false,
|
||||
"clients": [
|
||||
{
|
||||
"id": "V2RAY_UUID",
|
||||
"level": 0,
|
||||
"alterId": 0,
|
||||
"email": "openmptcprouter"
|
||||
}
|
||||
]
|
||||
},
|
||||
"streamSettings": {
|
||||
"sockopt": {
|
||||
"mark": 0
|
||||
},
|
||||
"network": "tcp",
|
||||
"security": "tls",
|
||||
"tlsSettings": {
|
||||
"certificates": [
|
||||
{
|
||||
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
|
||||
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"listen": "127.0.0.1",
|
||||
"port": 10085,
|
||||
"protocol": "dokodemo-door",
|
||||
"settings": {
|
||||
"address": "127.0.0.1"
|
||||
},
|
||||
"tag": "api"
|
||||
}
|
||||
],
|
||||
"outbounds": [
|
||||
{
|
||||
"protocol": "freedom",
|
||||
"settings": {
|
||||
"userLevel": 0
|
||||
},
|
||||
"tag": "direct"
|
||||
}
|
||||
],
|
||||
"routing": {
|
||||
"rules": [
|
||||
{
|
||||
"type": "field",
|
||||
"inboundTag": [
|
||||
"Vmess-In1"
|
||||
],
|
||||
"outboundTag": "WH-Lan1",
|
||||
"domain": [
|
||||
"full:WH-Lan1"
|
||||
]
|
||||
},
|
||||
{
|
||||
"inboundTag": [
|
||||
"api"
|
||||
],
|
||||
"outboundTag": "api",
|
||||
"type": "field"
|
||||
}
|
||||
]
|
||||
},
|
||||
"reverse": {
|
||||
"portals": [
|
||||
{
|
||||
"tag": "WH-Lan1",
|
||||
"domain": "WH-Lan1"
|
||||
}
|
||||
]
|
||||
},
|
||||
"stats": {},
|
||||
"api": {
|
||||
"tag": "api",
|
||||
"services": [
|
||||
"HandlerService",
|
||||
"LoggerService",
|
||||
"StatsService"
|
||||
]
|
||||
},
|
||||
"policy": {
|
||||
"levels": {
|
||||
"0": {
|
||||
"uplinkOnly": 0,
|
||||
"downlinkOnly": 0,
|
||||
"bufferSize": 512,
|
||||
"connIdle": 1200,
|
||||
"statsUserUplink": true,
|
||||
"statsUserDownlink": true
|
||||
}
|
||||
},
|
||||
"system": {
|
||||
"statsInboundUplink": true,
|
||||
"statsInboundDownlink": true
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue