1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-03-09 15:50:00 +00:00

Merge pull request #5 from Ysurac/develop

tongbu20200921
This commit is contained in:
suyuan 2020-09-21 10:09:43 +08:00 committed by GitHub
commit 944b314a71
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 708 additions and 332 deletions

File diff suppressed because it is too large Load diff

View file

@ -1,5 +1,6 @@
[Unit]
Description=Dead Simple VPN - Server
After=network.target network-online.target
[Service]
ExecStart=/usr/local/sbin/dsvpn server /etc/dsvpn/dsvpn.key auto 65011 dsvpn0 10.255.251.1 10.255.251.2

View file

@ -1,5 +1,6 @@
[Unit]
Description=Dead Simple VPN - Server on %I
After=network.target network-online.target
[Service]
ExecStart=/usr/local/bin/dsvpn-run /etc/dsvpn/%i

View file

@ -1,9 +1,13 @@
#!/bin/sh
[ ! -f $(readlink -f "$1") ] && exit 1
. "$(readlink -f "$1")"
INTF=gt-${DEV}
[ -z "$LOCALIP" ] && LOCALIP="10.255.255.1"
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3"
while [ -z "$(ip link show $INTF)" ]; do
sleep 2
done
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
ip link set dev ${INTF} up 2>&1 >/dev/null
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null

View file

@ -1,10 +1,15 @@
#!/bin/sh
[ ! -f $(readlink -f "$1") ] && exit 1
. "$(readlink -f "$1")"
INTF=gt-udp-${DEV}
[ -z "$LOCALIP" ] && LOCALIP="10.255.254.1"
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3"
while [ -z "$(ip link show $INTF)" ]; do
sleep 2
done
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
ip link set dev ${INTF} up 2>&1 >/dev/null
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
}
ip link set $INTF txqlen 100

View file

@ -9,7 +9,7 @@
],
"method": "chacha20-ietf-poly1305",
"fast_open": true,
"timeout": 600,
"timeout": 1000,
"port_key": {
"65101": "MySecretKey",
},

View file

@ -2,6 +2,7 @@
Description=MLVPN connection to %i
PartOf=mlvpn.service
ReloadPropagatedFrom=mlvpn.service
After=network.target network-online.target
[Service]
Type=notify

View file

@ -16,6 +16,7 @@ if [ "$1" = "start" ]; then
ip tunnel add ${DEV} mode sit remote ${REMOTEIP} local ${LOCALIP}
ip -6 addr add ${LOCALIP6} dev ${DEV}
ip link set ${DEV} up
[ -n "$ULA" ] && ip route replace ${ULA} via $(echo ${REMOTEIP6} | cut -d/ -f1) dev ${DEV}
fi
if [ "$1" = "stop" ]; then
ip tunnel del ${DEV}

View file

@ -6,9 +6,9 @@ _multipath() {
source /etc/shorewall/params.net
for intf in `ls -1 /sys/class/net`; do
if [ "$intf" = "$NET_IFACE" ]; then
multipath $intf on
[ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
else
multipath $intf off
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
fi
done
}
@ -16,30 +16,64 @@ _multipath() {
_glorytun_udp() {
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep server)" ] && {
logger -t "OMR-Service" "Restart Glorytun-UDP"
systemctl -q restart glorytun-udp@*
systemctl -q restart 'glorytun-udp@*'
}
for intf in /etc/glorytun-udp/*; do
/etc/glorytun-udp/post.sh /etc/glorytun-udp/${intf}
for intf in /etc/glorytun-udp/tun*; do
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
done
}
_glorytun_tcp() {
for intf in /etc/glorytun-tcp/*; do
/etc/glorytun-tcp/post.sh /etc/glorytun-tcp/${intf}
for intf in /etc/glorytun-tcp/tun*; do
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
done
}
_omr_api() {
[ -z "$(curl -s -k -m 1 https://127.0.0.1:65500/)" ] && {
[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
logger -t "OMR-Service" "Restart OMR-Admin"
systemctl -q restart omr-admin
}
}
_lan_route() {
cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' |
while IFS=$"\n" read -r c; do
vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
echo "$c" | jq -c '.lanips //empty' |
while IFS=$"\n" read -r d; do
network=$(ipcalc -n $d | grep Network | awk '{print $2}')
[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
done
fi
done
}
_gre_tunnels() {
. "$(readlink -f "/etc/shorewall/params.vpn")"
for intf in /etc/openmptcprouter-vps-admin/intf/*; do
if [ -f "$intf" ]; then
. "$(readlink -f "$intf")"
iface="$(basename $intf)"
if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
ip tunnel del $iface 2>&1 >/dev/null
ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR
ip link set $iface up
ip addr add $LOCALIP dev $iface
ip route add $NETWORK dev $iface 2>&1 >/dev/null
fi
fi
done
}
while true; do
_glorytun_udp
_glorytun_tcp
_multipath
_omr_api
_lan_route
_gre_tunnels
sleep 10
done

View file

@ -6,7 +6,7 @@ After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.s
Type=simple
Restart=always
ExecStart=/usr/local/bin/omr-service
ExecStop=/usr/local/bin/omr-service stop
KillSignal=9
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
[Install]

Binary file not shown.

Binary file not shown.

View file

@ -8,7 +8,7 @@ CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
LimitNOFILE=99999
LimitNPROC=99999
ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json
ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json --manager-address 127.0.0.1:8839
Restart=always
[Install]

View file

@ -2,10 +2,10 @@
# max open files
fs.file-max = 512000
# max read buffer
net.core.rmem_max = 150000000
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 75000000
net.core.optmem_max = 75000000
net.core.wmem_max = 67108864
net.core.optmem_max = 33554432
# default read buffer
net.core.rmem_default = 131072
# default write buffer
@ -28,19 +28,19 @@ net.ipv4.tcp_keepalive_time = 7200
# outbound port range
net.ipv4.ip_local_port_range = 9999 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_max_syn_backlog = 10240
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 10000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP buffer
net.ipv4.tcp_mem = 768174 75000000 150000000
net.ipv4.tcp_mem = 8092 131072 67108864
# UDP buffer
net.ipv4.udp_mem = 768174 75000000 150000000
net.ipv4.udp_mem = 8092 131072 67108864
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 524288 75000000
net.ipv4.tcp_rmem = 4096 87380 33554432
# TCP write buffer
net.ipv4.tcp_wmem = 4096 524288 75000000
net.ipv4.tcp_wmem = 4096 65536 33554432
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 0
@ -51,8 +51,9 @@ net.core.default_qdisc = fq
net.netfilter.nf_conntrack_max = 131072
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
# MPTCP settings
net.mptcp.mptcp_checksum = 0
net.mptcp.mptcp_syn_retries = 1
net.mptcp.mptcp_syn_retries = 2
net.ipv4.tcp_ecn=1

View file

@ -20,4 +20,5 @@ vpn gt-udp-tun+ nosmurfs,tcpflags
vpn mlvpn+ nosmurfs,tcpflags
vpn tun+ nosmurfs,tcpflags
vpn dsvpn+ nosmurfs,tcpflags
vpn gre-user+ nosmurfs,tcpflags

View file

@ -108,10 +108,11 @@ TC=
###############################################################################
ACCEPT_DEFAULT=none
DROP_DEFAULT=Drop
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
REJECT_DEFAULT=Reject
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
###############################################################################
# R S H / R C P C O M M A N D S

View file

@ -105,10 +105,11 @@ TC=
###############################################################################
ACCEPT_DEFAULT=none
DROP_DEFAULT=Drop
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
REJECT_DEFAULT=Reject
REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
###############################################################################
# R S H / R C P C O M M A N D S

View file

@ -18,4 +18,4 @@
MASQUERADE fe80::/10,\
fd00::/8 $NET_IFACE
# SNAT from VPN server for all VPN clients
SNAT(fe80::a00:1) ::/0 omr-6in4-user+
#SNAT(fe80::a00:1) ::/0 omr-6in4-user+

View file

@ -3,4 +3,4 @@ DEV=tun0
SERVER=true
MPTCP=true
IPV6=true
OPTIONS="chacha20 retry count -1 const 5000000 timeout 10000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"

124
v2ray-server.json Normal file
View file

@ -0,0 +1,124 @@
{
"log": {
"loglevel": "debug",
"error": "/tmp/v2rayError.log"
},
"transport": {
"tcpSettings": {},
"wsSettings": {},
"kcpSettings": {
"mtu": 1460,
"tti": 10,
"uplinkCapacity": 100,
"downlinkCapacity": 100,
"congestion": false,
"readBufferSize": 8,
"writeBufferSize": 8
}
},
"inbounds": [
{
"tag": "Vmess-In1",
"port": 65228,
"protocol": "vless",
"settings": {
"disableInsecureEncryption": false,
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"listen": "127.0.0.1",
"port": 10085,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {
"userLevel": 0
},
"tag": "direct"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"Vmess-In1"
],
"outboundTag": "WH-Lan1",
"domain": [
"full:WH-Lan1"
]
},
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
}
]
},
"reverse": {
"portals": [
{
"tag": "WH-Lan1",
"domain": "WH-Lan1"
}
]
},
"stats": {},
"api": {
"tag": "api",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"policy": {
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0,
"bufferSize": 512,
"connIdle": 1200,
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true
}
}
}