Merge pull request #5 from Ysurac/develop

tongbu20200921
2025-03-09 15:50:00 +00:00 · 2020-09-21 10:09:43 +08:00 · 2020-09-21 10:09:43 +08:00 · 944b314a71
commit 944b314a71
parent 6c2af1b843 d6b3042be4
20 changed files with 708 additions and 332 deletions
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@ -1,12 +1,22 @@
 #!/bin/sh
 #
 # Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
 #
 # This is free software, licensed under the GNU General Public License v3 or later.
 # See /LICENSE for more information.
 #
 SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
 DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
 #NBCPU=${NBCPU:-$(nproc --all | tr -d "\n")}
 NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")}
 OBFS=${OBFS:-yes}
 V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes}
 V2RAY=${V2RAY:-yes}
-UPDATE_DEBIAN=${UPDATE_DEBIAN:-yes}
+V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")}
 UPDATE_OS=${UPDATE_OS:-yes}
 UPDATE=${UPDATE:-yes}
 TLS=${TLS:-yes}
 OMR_ADMIN=${OMR_ADMIN:-yes}
 OMR_ADMIN_PASS=${OMR_ADMIN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
@ -15,31 +25,40 @@ MLVPN=${MLVPN:-yes}
 MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 OPENVPN=${OPENVPN:-yes}
 DSVPN=${DSVPN:-yes}
 SOURCES=${SOURCES:-yes}
 NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.0"
+KERNEL_VERSION="5.4.64"
-KERNEL_PACKAGE_VERSION="1.8+1efcfb3"
+KERNEL_PACKAGE_VERSION="1.12+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
-GLORYTUN_UDP_VERSION="c113724eb0370ecd80d038192deeeb82a13ebed3"
+GLORYTUN_UDP_VERSION="3622f928caf03709c4031a34feec85c623bc5281"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="d14741092dfe0ff550f09eee8a03865726114427"
+OMR_ADMIN_VERSION="2737c91e17731f82c96e579b4f963e0136e4df27"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 #V2RAY_VERSION="v1.1.0"
-V2RAY_VERSION="v1.2.0-8-g59b8f4f"
+V2RAY_PLUGIN_VERSION="v1.2.0-8-g59b8f4f"
 EASYRSA_VERSION="3.0.6"
-SHADOWSOCKS_VERSION="3.3.3"
+SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
-OMR_VERSION="0.1015"
+OMR_VERSION="0.1018-test"
 DIR=$( pwd )
 #"
 set -e
 umask 0022
 export LC_ALL=C
 export PATH=$PATH:/sbin
 export DEBIAN_FRONTEND=noninteractive 
 if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi
 # Check Linux version
 if test -f /etc/os-release ; then
 	. /etc/os-release
@ -49,13 +68,18 @@ fi
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then
 	echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)"
 	exit 1
-elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ]; then
+elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then
-	echo "This script only work with Ubuntu 18.04 or Ubuntu 19.04"
+	echo "This script only work with Ubuntu 18.04, 19.04 or 20.04"
 	exit 1
 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
 	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)"
 	exit 1
 fi
 ARCH=$(dpkg --print-architecture | tr -d "\n")
 if [ "$ARCH" != "amd64" ]; then
 	echo "Only x86_64 (amd64) is supported"
 	exit 1
 fi
 # Check if DPKG is locked and for broken packages
 #dpkg -i /dev/zero 2>/dev/null
@ -80,6 +104,7 @@ fi
 # Check if OpenMPTCProuter VPS is already installed
 update="0"
 if [ "$UPDATE" = "yes" ]; then
 	if [ -f /etc/motd ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd ; then
 		update="1"
 	elif [ -f /etc/motd.head ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head ; then
@ -87,6 +112,7 @@ elif [ -f /etc/motd.head ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head
 	elif [ -f /root/openmptcprouter_config.txt ]; then
 		update="1"
 	fi
 fi
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
@ -98,7 +124,7 @@ rm -f /var/cache/apt/archives/lock
 apt-get -y install apt-transport-https gnupg
 #if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then
-if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ]; then
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then
 	echo "Update Debian 9 Stretch to Debian 10 Buster"
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
@ -108,6 +134,16 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes"
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="10"
 fi
 if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then
 	echo "Update Ubuntu 18.04 to Ubuntu 20.04"
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
 	sed -i 's:bionic:focal:g' /etc/apt/sources.list
 	apt-get update
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="20.04"
 fi
 # Add OpenMPTCProuter repo
 echo 'deb [arch=amd64] https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list
 cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
@ -134,47 +170,61 @@ elif [ "$ID" = "ubuntu" ]; then
 fi
 apt-get update
 sleep 2
-wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb https://www.openmptcprouter.com/kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
+wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
-wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb https://www.openmptcprouter.com/kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
+wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
 # Rename bzImage to vmlinuz, needed when custom kernel was used
 cd /boot
-apt-get -y install rename curl
+apt-get -y install rename curl libcurl4 unzip git
 rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
 #apt-get -y install linux-mptcp
 #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
 #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
 if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
 	echo "Install kernel linux-image-${KERNEL_RELEASE}"
-	echo "if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp"
+	echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
 	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
 	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
 fi
 # Check if mptcp kernel is grub default kernel
 echo "Set MPTCP kernel as grub default..."
-wget -O /tmp/update-grub.sh https://www.openmptcprouter.com/${VPSPATH}/update-grub.sh
+if [ "$LOCALFILES" = "no" ]; then
 	wget -O /tmp/update-grub.sh ${VPSURL}${VPSPATH}/update-grub.sh
 	cd /tmp
 else
 	cd ${DIR}
 fi
 bash update-grub.sh ${KERNEL_VERSION}-mptcp
 bash update-grub.sh ${KERNEL_RELEASE}
-echo "Install tracebox and iperf3 OpenMPTCProuter edition"
+echo "Install tracebox OpenMPTCProuter edition"
-apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox omr-iperf3
+apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
 echo "Install iperf3 OpenMPTCProuter edition"
 apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
 apt-get -y remove shadowsocks-libev
 if [ "$SOURCES" = "yes" ]; then
 	#apt -t stretch-backports -y install shadowsocks-libev
 	## Compile Shadowsocks
-rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
+	#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
-wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
+	#wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
 	cd /tmp
-tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
+	rm -rf shadowsocks-libev
-cd shadowsocks-libev-${SHADOWSOCKS_VERSION}
+	git clone https://github.com/Ysurac/shadowsocks-libev.git
-wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch
+	cd shadowsocks-libev
-patch -p1 < 020-NOCRYPTO.patch
+	git checkout ${SHADOWSOCKS_VERSION}
-wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch
+	git submodule update --init --recursive
-patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch
+	#tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
-wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
+	#cd shadowsocks-libev-${SHADOWSOCKS_VERSION}
-patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
+	#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch
-wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch
+	#patch -p1 < 020-NOCRYPTO.patch
-patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch
+	#wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch
 	#patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch
 	#wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
 	#patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
 	#wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch
 	#patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch
 	# Shadowsocks eBPF support
 	#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch
 	#patch -p1 < 030-eBPF.patch
@ -198,7 +248,7 @@ patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch
 	#rm -rf /tmp/libbpf
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
-apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged
+	apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev
 	sleep 1
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
@ -217,7 +267,7 @@ elif [ "$ID" = "ubuntu" ]; then
 		rm -f /var/lib/dpkg/lock-frontend
 		apt-get -y install libsodium-dev
 	fi
-cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
+	#cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
 	mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y"
@ -227,10 +277,15 @@ dpkg-buildpackage -b -us -uc
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
 	cd /tmp
-dpkg -i shadowsocks-libev_${SHADOWSOCKS_VERSION}-1_amd64.deb
+	#dpkg -i shadowsocks-libev_*.deb
 	dpkg -i omr-shadowsocks-libev_*.deb
 	#mkdir -p /usr/lib/shadowsocks-libev
 	#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev
-rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
+	#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
 	rm -rf /tmp/shadowsocks-libev
 else
 	apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev
 fi
 # Load OLIA Congestion module at boot time
 if ! grep -q olia /etc/modules ; then
@ -283,7 +338,6 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		#echo 'deb http://ftp.de.debian.org/debian buster main' > /etc/apt/sources.list.d/buster.list
 		#echo 'APT::Default-Release "stretch";' | tee -a /etc/apt/apt.conf.d/00local
 		#apt-get update
 		apt-get -y install unzip
 		#apt-get -y -t buster install python3.7-dev
 		#apt-get -y -t buster install python3-pip python3-setuptools python3-wheel
 		if [ "$(whereis python3 | grep python3.7)" = "" ]; then
@ -304,7 +358,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		pip3 -q install setuptools wheel
 		pip3 -q install pyopenssl
 	else
-		apt-get -y install unzip python3-openssl python3-pip python3-setuptools python3-wheel python3-dev
+		apt-get -y install python3-openssl python3-pip python3-setuptools python3-wheel python3-dev
 	fi
 	#apt-get -y install unzip gunicorn python3-flask-restful python3-openssl python3-pip python3-setuptools python3-wheel
 	#apt-get -y install unzip python3-openssl python3-pip python3-setuptools python3-wheel
@ -315,25 +369,27 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	else
 		apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
 	fi
 	apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil
 	echo '-- pip3 install needed python modules'
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
-	pip3 -q install fastapi netjsonconfig python-multipart uvicorn
+	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
 	pip3 -q install fastapi netjsonconfig python-multipart -U
 	mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
 	mkdir -p /etc/openmptcprouter-vps-admin/intf
 	mkdir -p /var/opt/openmptcprouter
-	wget -O /lib/systemd/system/omr-admin.service https://www.openmptcprouter.com/${VPSPATH}/omr-admin.service.in
+	if [ "$SOURCES" = "yes" ]; then
 		wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
 		wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
 		cd /tmp
 		unzip -q -o openmptcprouter-vps-admin.zip
 	if [ -f /usr/local/bin/omr-admin.py ]; then
 		apt-get -y install jq
 		cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
 		if [ -f /usr/local/bin/omr-admin.py ]; then
 			OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d  "\n")
 			[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
 			[ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
 			OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
 			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
 		else
 		cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/
 			cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
 			cd /etc/openmptcprouter-vps-admin
 		fi
@ -345,42 +401,72 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps"
 		sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
 		sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
 		[ "$NOINTERNET" = "yes" ] && {
 			sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 		}
 		chmod u+x /usr/local/bin/omr-admin.py
 		systemctl enable omr-admin.service
 		rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
 	else
 		apt-get -y install omr-vps-admin
 		OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
 		OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
 	fi
 fi
 # Get shadowsocks optimization
-wget -O /etc/sysctl.d/90-shadowsocks.conf https://www.openmptcprouter.com/${VPSPATH}/shadowsocks.conf
+if [ "$LOCALFILES" = "no" ]; then
-
+	wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf
-if [ "$update" != 0 ] && [ ! -f /etc/shadowsocks-libev/manager.json ]; then
+else
-	SHADOWSOCKS_PASS=$(grep -Po '"'"key"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-libev/config.json | tr -d  "\n" | sed 's/-/+/g; s/_/\//g;')
+	cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf
 fi
 if [ "$update" != 0 ]; then
 	if [ ! -f /etc/shadowsocks-libev/manager.json ]; then
 		SHADOWSOCKS_PASS=$(grep -Po '"'"key"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-libev/config.json | tr -d  "\n" | sed 's/-/+/g; s/_/\//g;')
 	else
 		SHADOWSOCKS_PASS=$(grep -Po '"'"65101"'":\s*"\K([^"]*)' /etc/shadowsocks-libev/manager.json | tr -d  "\n" | sed 's/-/+/g; s/_/\//g;')
 	fi
 fi
 # Install shadowsocks config and add a shadowsocks by CPU
 if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then
-	#wget -O /etc/shadowsocks-libev/config.json https://www.openmptcprouter.com/${VPSPATH}/config.json
+	if [ "$LOCALFILES" = "no" ]; then
-	wget -O /etc/shadowsocks-libev/manager.json https://www.openmptcprouter.com/${VPSPATH}/manager.json
+		wget -O /etc/shadowsocks-libev/manager.json ${VPSURL}${VPSPATH}/manager.json
 	else
 		cp ${DIR}/manager.json /etc/shadowsocks-libev/manager.json
 	fi
 	SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;')
-	if [ $NBCPU -gt 1 ]; then
+	if [ "$NBCPU" -gt "1" ]; then
-		for i in $NBCPU; do
+		for i in $(seq 2 NBCPU); do
 			sed -i '0,/65101/ s/        "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json
 		done
 	fi
 	#sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json
 	sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json
 	[ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json
 elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then
 	for i in $(seq 2 $NBCPU); do
 		sed -i '0,/65101/ s/        "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json
 	done
 	sed -i 's/       "65101.*"$/&,/' /etc/shadowsocks-libev/manager.json
 fi
 [ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl
 #sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json
 #sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service
-wget -O /lib/systemd/system/shadowsocks-libev-manager@.service https://www.openmptcprouter.com/${VPSPATH}/shadowsocks-libev-manager@.service.in
+if [ "$LOCALFILES" = "no" ]; then
-systemctl disable shadowsocks-libev
+	wget -O /lib/systemd/system/shadowsocks-libev-manager@.service ${VPSURL}${VPSPATH}/shadowsocks-libev-manager@.service.in
 else
 	cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service
 fi
 if systemctl -q is-enabled shadowsocks-libev; then
 	systemctl -q disable shadowsocks-libev
 fi
 [ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service
 systemctl enable shadowsocks-libev-manager@manager.service
 if [ $NBCPU -gt 1 ]; then
-	for i in $NBCPU; do
+	for i in $(seq 1 $NBCPU); do
-		[ -f /etc/shadowsocks-libev/config$i.json ] && systemctl disable shadowsocks-libev-server@config$i.service
+		[ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service
 	done
 fi
 if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then
@ -389,6 +475,7 @@ fi
 # Install simple-obfs
 if [ "$OBFS" = "yes" ]; then
 	echo "Install OBFS"
 	if [ "$SOURCES" = "yes" ]; then
 		rm -rf /tmp/simple-obfs
 		cd /tmp
 		rm -f /var/lib/dpkg/lock
@ -409,21 +496,24 @@ if [ "$OBFS" = "yes" ]; then
 		make install
 		cd /tmp
 		rm -rf /tmp/simple-obfs
 	else
 		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs
 	fi
 	#sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json
 fi
 # Install v2ray-plugin
-if [ "$V2RAY" = "yes" ]; then
+if [ "$V2RAY_PLUGIN" = "yes" ]; then
 	echo "Install v2ray plugin"
-	rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz
+	rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz
+	#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz https://www.openmptcprouter.com/${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz
+	wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
 	cd /tmp
-	tar xzvf v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz
+	tar xzvf v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
 	cp v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
 	cd /tmp
 	rm -rf /tmp/v2ray-plugin_linux_amd64
-	rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz
+	rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
 	#rm -rf /tmp/v2ray-plugin
 	#cd /tmp
@ -431,7 +521,7 @@ if [ "$V2RAY" = "yes" ]; then
 	#apt-get install -y --no-install-recommends git ca-certificates golang-go
 	#git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin
 	#cd /tmp/v2ray-plugin
-	#git checkout ${V2RAY_VERSION}
+	#git checkout ${V2RAY_PLUGIN_VERSION}
 	#git submodule update --init --recursive
 	#CGO_ENABLED=0 go build -o v2ray-plugin
 	#cp v2ray-plugin /usr/local/bin/v2ray-plugin
@ -439,10 +529,26 @@ if [ "$V2RAY" = "yes" ]; then
 	#rm -rf /tmp/simple-obfs
 fi
-if [ "$OBFS" = "no" ] && [ "$V2RAYPLUGIN" = "no" ]; then
+if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then
 	sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json
 fi
 if systemctl -q is-active v2ray.service; then
 	systemctl -q stop v2ray > /dev/null 2>&1
 	systemctl -q disable v2ray > /dev/null 2>&1
 fi
 if [ "$V2RAY" = "yes" ]; then
 	apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
 	if [ ! -f /etc/v2ray/v2ray-server.json ]; then
 		wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
 		sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
 		rm /etc/v2ray/config.json
 		ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	fi
 	systemctl enable v2ray.service
 fi
 if systemctl -q is-active mlvpn@mlvpn0.service; then
 	systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1
 	systemctl -q disable mlvpn@mlvpn0 > /dev/null 2>&1
@ -455,6 +561,7 @@ if [ "$MLVPN" = "yes" ]; then
 	if [ -f /etc/mlvpn/mlvpn0.conf ]; then
 		mlvpnupdate="1"
 	fi
 	if [ "$SOURCES" = "yes" ]; then
 		rm -f /var/lib/dpkg/lock
 		rm -f /var/lib/dpkg/lock-frontend
 		apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git
@ -469,11 +576,25 @@ if [ "$MLVPN" = "yes" ]; then
 		./configure --sysconfdir=/etc
 		make
 		make install
-	wget -O /lib/systemd/network/mlvpn.network https://www.openmptcprouter.com/${VPSPATH}/mlvpn.network
+		cd /tmp
-	wget -O /lib/systemd/system/mlvpn@.service https://www.openmptcprouter.com/${VPSPATH}/mlvpn@.service.in
+		rm -rf /tmp/mlvpn
 	else
 		apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn
 	fi
 	if [ "$LOCALFILES" = "no" ]; then
 		wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network
 		wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in
 	else
 		cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network
 		cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service
 	fi
 	mkdir -p /etc/mlvpn
 	if [ "$mlvpnupdate" = "0" ]; then
-		wget -O /etc/mlvpn/mlvpn0.conf https://www.openmptcprouter.com/${VPSPATH}/mlvpn0.conf
+		if [ "$LOCALFILES" = "no" ]; then
 			wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf
 		else
 			cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf
 		fi
 		sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf
 	fi
 	chmod 0600 /etc/mlvpn/mlvpn0.conf
@ -483,10 +604,8 @@ if [ "$MLVPN" = "yes" ]; then
 	chown mlvpn /var/opt/mlvpn
 	systemctl enable mlvpn@mlvpn0.service
 	systemctl enable systemd-networkd.service
 	cd /tmp
 	rm -rf /tmp/mlvpn
 fi
 	echo "install mlvpn done"
 fi
 if systemctl -q is-active openvpn-server@tun0.service; then
 	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
 	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
@ -496,10 +615,10 @@ if [ "$OPENVPN" = "yes" ]; then
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
 	apt-get -y install openvpn easy-rsa
-	#wget -O /lib/systemd/network/openvpn.network https://www.openmptcprouter.com/${VPSPATH}/openvpn.network
+	#wget -O /lib/systemd/network/openvpn.network ${VPSURL}${VPSPATH}/openvpn.network
 	rm -f /lib/systemd/network/openvpn.network
 	#if [ ! -f "/etc/openvpn/server/static.key" ]; then
-	#	wget -O /etc/openvpn/tun0.conf https://www.openmptcprouter.com/${VPSPATH}/openvpn-tun0.conf
+	#	wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf
 	#	cd /etc/openvpn/server
 	#	openvpn --genkey --secret static.key
 	#fi
@ -560,8 +679,13 @@ if [ "$OPENVPN" = "yes" ]; then
 	if [ ! -f "/etc/openvpn/server/dh2048.pem" ]; then
 		openssl dhparam -out /etc/openvpn/server/dh2048.pem 2048
 	fi
-	wget -O /etc/openvpn/tun0.conf https://www.openmptcprouter.com/${VPSPATH}/openvpn-tun0.conf
+	if [ "$LOCALFILES" = "no" ]; then
-	wget -O /etc/openvpn/tun1.conf https://www.openmptcprouter.com/${VPSPATH}/openvpn-tun1.conf
+		wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf
 		wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf
 	else
 		cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf
 		cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf
 	fi
 	mkdir -p /etc/openvpn/ccd
 	systemctl enable openvpn@tun0.service
 	systemctl enable openvpn@tun1.service
@ -570,8 +694,9 @@ fi
 echo 'Glorytun UDP'
 # Install Glorytun UDP
 if systemctl -q is-active glorytun-udp@tun0.service; then
-	systemctl -q stop glorytun-udp@* > /dev/null 2>&1
+	systemctl -q stop 'glorytun-udp@*' > /dev/null 2>&1
 fi
 if [ "$SOURCES" = "yes" ]; then
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
 	apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
@ -586,15 +711,28 @@ ninja -C build install
 	sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network
 	rm /lib/systemd/system/glorytun*
 	rm /lib/systemd/network/glorytun*
-wget -O /usr/local/bin/glorytun-udp-run https://www.openmptcprouter.com/${VPSPATH}/glorytun-udp-run
+	if [ "$LOCALFILES" = "no" ]; then
 		wget -O /usr/local/bin/glorytun-udp-run ${VPSURL}${VPSPATH}/glorytun-udp-run
 	else
 		cp ${DIR}/glorytun-udp-run /usr/local/bin/glorytun-udp-run
 	fi
 	chmod 755 /usr/local/bin/glorytun-udp-run
-wget -O /lib/systemd/system/glorytun-udp@.service https://www.openmptcprouter.com/${VPSPATH}/glorytun-udp%40.service.in
+	if [ "$LOCALFILES" = "no" ]; then
-#wget -O /lib/systemd/network/glorytun-udp.network https://www.openmptcprouter.com/${VPSPATH}/glorytun-udp.network
+		wget -O /lib/systemd/system/glorytun-udp@.service ${VPSURL}${VPSPATH}/glorytun-udp%40.service.in
 	else
 		cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service
 	fi
 	#wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network
 	rm -f /lib/systemd/network/glorytun-udp.network
 	mkdir -p /etc/glorytun-udp
-wget -O /etc/glorytun-udp/post.sh https://www.openmptcprouter.com/${VPSPATH}/glorytun-udp-post.sh
+	if [ "$LOCALFILES" = "no" ]; then
 		wget -O /etc/glorytun-udp/post.sh ${VPSURL}${VPSPATH}/glorytun-udp-post.sh
 		wget -O /etc/glorytun-udp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun-udp
 	else
 		cp ${DIR}/glorytun-udp-post.sh /etc/glorytun-udp/post.sh
 		cp ${DIR}/tun0.glorytun-udp /etc/glorytun-udp/tun0
 	fi
 	chmod 755 /etc/glorytun-udp/post.sh
 wget -O /etc/glorytun-udp/tun0 https://www.openmptcprouter.com/${VPSPATH}/tun0.glorytun-udp
 	if [ "$update" = "0" ] || [ ! -f /etc/glorytun-udp/tun0.key ]; then
 		echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key
 	elif [ ! -f /etc/glorytun-udp/tun0.key ] && [ -f /etc/glorytun-tcp/tun0.key ]; then
@ -604,6 +742,10 @@ systemctl enable glorytun-udp@tun0.service
 	systemctl enable systemd-networkd.service
 	cd /tmp
 	rm -rf /tmp/glorytun-udp
 else
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun
 	GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
 fi
 # Add chrony for time sync
 apt-get install -y chrony
@ -616,6 +758,7 @@ if [ "$DSVPN" = "yes" ]; then
 		systemctl -q disable dsvpn-server > /dev/null 2>&1
 		systemctl -q stop dsvpn-server > /dev/null 2>&1
 	fi
 	if [ "$SOURCES" = "yes" ]; then
 		rm -f /var/lib/dpkg/lock
 		rm -f /var/lib/dpkg/lock-frontend
 		apt-get install -y --no-install-recommends build-essential git ca-certificates
@ -629,12 +772,11 @@ if [ "$DSVPN" = "yes" ]; then
 		make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL'
 		make install
 		rm -f /lib/systemd/system/dsvpn/*
-	#wget -O /lib/systemd/system/dsvpn-server.service https://www.openmptcprouter.com/${VPSPATH}/dsvpn-server.service.in
+		wget -O /usr/local/bin/dsvpn-run ${VPSURL}${VPSPATH}/dsvpn-run
 	wget -O /usr/local/bin/dsvpn-run https://www.openmptcprouter.com/${VPSPATH}/dsvpn-run
 		chmod 755 /usr/local/bin/dsvpn-run
-	wget -O /lib/systemd/system/dsvpn-server@.service https://www.openmptcprouter.com/${VPSPATH}/dsvpn-server%40.service.in
+		wget -O /lib/systemd/system/dsvpn-server@.service ${VPSURL}${VPSPATH}/dsvpn-server%40.service.in
 		mkdir -p /etc/dsvpn
-	wget -O /etc/dsvpn/dsvpn0 https://www.openmptcprouter.com/${VPSPATH}/dsvpn0-config
+		wget -O /etc/dsvpn/dsvpn0 ${VPSURL}${VPSPATH}/dsvpn0-config
 		if [ -f /etc/dsvpn/dsvpn.key ]; then
 			mv /etc/dsvpn/dsvpn.key /etc/dsvpn/dsvpn0.key
 		fi
@ -644,12 +786,17 @@ if [ "$DSVPN" = "yes" ]; then
 		systemctl enable dsvpn-server@dsvpn0.service
 		cd /tmp
 		rm -rf /tmp/dsvpn
 	else
 		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn
 		DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
 	fi
 fi
 # Install Glorytun TCP
 if systemctl -q is-active glorytun-tcp@tun0.service; then
-	systemctl -q stop glorytun-tcp@* > /dev/null 2>&1
+	systemctl -q stop 'glorytun-tcp@*' > /dev/null 2>&1
 fi
 if [ "$SOURCES" = "yes" ]; then
 	if [ "$ID" = "debian" ]; then
 		if [ "$VERSION_ID" = "9" ]; then
 			apt -t stretch-backports -y install libsodium-dev
@ -671,22 +818,27 @@ cd glorytun-0.0.35
 	./configure
 	make
 	cp glorytun /usr/local/bin/glorytun-tcp
-wget -O /usr/local/bin/glorytun-tcp-run https://www.openmptcprouter.com/${VPSPATH}/glorytun-tcp-run
+	wget -O /usr/local/bin/glorytun-tcp-run ${VPSURL}${VPSPATH}/glorytun-tcp-run
 	chmod 755 /usr/local/bin/glorytun-tcp-run
-wget -O /lib/systemd/system/glorytun-tcp@.service https://www.openmptcprouter.com/${VPSPATH}/glorytun-tcp%40.service.in
+	wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in
-#wget -O /lib/systemd/network/glorytun-tcp.network https://www.openmptcprouter.com/${VPSPATH}/glorytun.network
+	#wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network
 	rm -f /lib/systemd/network/glorytun-tcp.network
 	mkdir -p /etc/glorytun-tcp
-wget -O /etc/glorytun-tcp/post.sh https://www.openmptcprouter.com/${VPSPATH}/glorytun-tcp-post.sh
+	wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh
 	chmod 755 /etc/glorytun-tcp/post.sh
-wget -O /etc/glorytun-tcp/tun0 https://www.openmptcprouter.com/${VPSPATH}/tun0.glorytun
+	wget -O /etc/glorytun-tcp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun
 	if [ "$update" = "0" ]; then
 		echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key
 	fi
 	systemctl enable glorytun-tcp@tun0.service
-systemctl enable systemd-networkd.service
+	#systemctl enable systemd-networkd.service
 	cd /tmp
 	rm -rf /tmp/glorytun-0.0.35
 else
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp
 fi
 # Load tun module at boot time
 if ! grep -q tun /etc/modules ; then
@ -694,16 +846,27 @@ if ! grep -q tun /etc/modules ; then
 fi
 # Add multipath utility
-wget -O /usr/local/bin/multipath https://www.openmptcprouter.com/${VPSPATH}/multipath
+if [ "$LOCALFILES" = "no" ]; then
 	wget -O /usr/local/bin/multipath ${VPSURL}${VPSPATH}/multipath
 else
 	cp ${DIR}/multipath /usr/local/bin/multipath
 fi
 chmod 755 /usr/local/bin/multipath
 # Add OpenMPTCProuter service
-wget -O /usr/local/bin/omr-service https://www.openmptcprouter.com/${VPSPATH}/omr-service
+if [ "$LOCALFILES" = "no" ]; then
 	wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service
 	wget -O /lib/systemd/system/omr.service ${VPSURL}${VPSPATH}/omr.service.in
 	wget -O /usr/local/bin/omr-6in4-run ${VPSURL}${VPSPATH}/omr-6in4-run
 	wget -O /lib/systemd/system/omr6in4@.service ${VPSURL}${VPSPATH}/omr6in4%40.service.in
 else
 	cp ${DIR}/omr-service /usr/local/bin/omr-service
 	cp ${DIR}/omr.service.in /lib/systemd/system/omr.service
 	cp ${DIR}/omr-6in4-run /usr/local/bin/omr-6in4-run
 	cp ${DIR}/omr6in4@.service.in /lib/systemd/system/omr6in4@.service
 fi
 chmod 755 /usr/local/bin/omr-service
 wget -O /lib/systemd/system/omr.service https://www.openmptcprouter.com/${VPSPATH}/omr.service.in
 wget -O /usr/local/bin/omr-6in4-run https://www.openmptcprouter.com/${VPSPATH}/omr-6in4-run
 chmod 755 /usr/local/bin/omr-6in4-run
 wget -O /lib/systemd/system/omr6in4@.service https://www.openmptcprouter.com/${VPSPATH}/omr6in4%40.service.in
 if systemctl -q is-active omr-6in4.service; then
 	systemctl -q stop omr-6in4 > /dev/null 2>&1
 	systemctl -q disable omr-6in4 > /dev/null 2>&1
@ -724,36 +887,62 @@ sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config
 if [ "$update" = "0" ]; then
 	# Install and configure the firewall using shorewall
 	apt-get -y install shorewall shorewall6
-	wget -O /etc/shorewall/openmptcprouter-shorewall.tar.gz https://www.openmptcprouter.com/${VPSPATH}/openmptcprouter-shorewall.tar.gz
+	if [ "$LOCALFILES" = "no" ]; then
 		wget -O /etc/shorewall/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz
 	else
 		cp ${DIR}/openmptcprouter-shorewall.tar.gz /etc/shorewall/openmptcprouter-shorewall.tar.gz
 	fi
 	tar xzf /etc/shorewall/openmptcprouter-shorewall.tar.gz -C /etc/shorewall
 	rm /etc/shorewall/openmptcprouter-shorewall.tar.gz
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
 	systemctl enable shorewall
-	wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz https://www.openmptcprouter.com/${VPSPATH}/openmptcprouter-shorewall6.tar.gz
+	if [ "$LOCALFILES" = "no" ]; then
 		wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz
 	else
 		cp ${DIR}/openmptcprouter-shorewall6.tar.gz /etc/shorewall6/openmptcprouter-shorewall6.tar.gz
 	fi
 	tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6
 	rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
 	systemctl enable shorewall6
 else
 	# Update only needed firewall files
-	wget -O /etc/shorewall/interfaces https://www.openmptcprouter.com/${VPSPATH}/shorewall4/interfaces
+	if [ "$LOCALFILES" = "no" ]; then
-	wget -O /etc/shorewall/snat https://www.openmptcprouter.com/${VPSPATH}/shorewall4/snat
+		wget -O /etc/shorewall/interfaces ${VPSURL}${VPSPATH}/shorewall4/interfaces
-	wget -O /etc/shorewall/stoppedrules https://www.openmptcprouter.com/${VPSPATH}/shorewall4/stoppedrules
+		wget -O /etc/shorewall/snat ${VPSURL}${VPSPATH}/shorewall4/snat
-	wget -O /etc/shorewall/tcinterfaces https://www.openmptcprouter.com/${VPSPATH}/shorewall4/tcinterfaces
+		wget -O /etc/shorewall/stoppedrules ${VPSURL}${VPSPATH}/shorewall4/stoppedrules
-	wget -O /etc/shorewall/shorewall.conf https://www.openmptcprouter.com/${VPSPATH}/shorewall4/shorewall.conf
+		wget -O /etc/shorewall/tcinterfaces ${VPSURL}${VPSPATH}/shorewall4/tcinterfaces
-	wget -O /etc/shorewall/policy https://www.openmptcprouter.com/${VPSPATH}/shorewall4/policy
+		wget -O /etc/shorewall/shorewall.conf ${VPSURL}${VPSPATH}/shorewall4/shorewall.conf
-	wget -O /etc/shorewall/params https://www.openmptcprouter.com/${VPSPATH}/shorewall4/params
+		wget -O /etc/shorewall/policy ${VPSURL}${VPSPATH}/shorewall4/policy
-	wget -O /etc/shorewall/params.vpn https://www.openmptcprouter.com/${VPSPATH}/shorewall4/params.vpn
+		wget -O /etc/shorewall/params ${VPSURL}${VPSPATH}/shorewall4/params
-	wget -O /etc/shorewall/params.net https://www.openmptcprouter.com/${VPSPATH}/shorewall4/params.net
+		wget -O /etc/shorewall/params.vpn ${VPSURL}${VPSPATH}/shorewall4/params.vpn
 		wget -O /etc/shorewall/params.net ${VPSURL}${VPSPATH}/shorewall4/params.net
 		wget -O /etc/shorewall6/params ${VPSURL}${VPSPATH}/shorewall6/params
 		wget -O /etc/shorewall6/params.net ${VPSURL}${VPSPATH}/shorewall6/params.net
 		wget -O /etc/shorewall6/params.vpn ${VPSURL}${VPSPATH}/shorewall6/params.vpn
 		wget -O /etc/shorewall6/interfaces ${VPSURL}${VPSPATH}/shorewall6/interfaces
 		wget -O /etc/shorewall6/stoppedrules ${VPSURL}${VPSPATH}/shorewall6/stoppedrules
 		wget -O /etc/shorewall6/snat ${VPSURL}${VPSPATH}/shorewall6/snat
 	else
 		cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces
 		cp ${DIR}/shorewall4/snat /etc/shorewall/snat
 		cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules
 		cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces
 		cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
 		cp ${DIR}/shorewall4/policy /etc/shorewall/policy
 		cp ${DIR}/shorewall4/params /etc/shorewall/params
 		cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
 		cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
 		cp ${DIR}/shorewall6/params /etc/shorewall6/params
 		cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
 		cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
 		cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
 		cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
 		cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
 	fi
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
 	sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules
 	sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
 	wget -O /etc/shorewall6/params https://www.openmptcprouter.com/${VPSPATH}/shorewall6/params
 	wget -O /etc/shorewall6/params.net https://www.openmptcprouter.com/${VPSPATH}/shorewall6/params.net
 	wget -O /etc/shorewall6/params.vpn https://www.openmptcprouter.com/${VPSPATH}/shorewall6/params.vpn
 	wget -O /etc/shorewall6/interfaces https://www.openmptcprouter.com/${VPSPATH}/shorewall6/interfaces
 	wget -O /etc/shorewall6/stoppedrules https://www.openmptcprouter.com/${VPSPATH}/shorewall6/stoppedrules
 	wget -O /etc/shorewall6/snat https://www.openmptcprouter.com/${VPSPATH}/shorewall6/snat
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
 fi
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then
@ -761,7 +950,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then
 	update-alternatives --set iptables /usr/sbin/iptables-legacy
 	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
 fi
-if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "19.04" ]); then
+if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "19.04" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "20.04" ]); then
 	sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf
 	sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf
 	sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf
@ -771,7 +960,7 @@ fi
 if [ "$TLS" = "yes" ]; then
 	VPS_CERT=0
 	apt-get -y install dnsutils socat
-	if [ "$VPS_DOMAIN" != "" ] && [ "$(dig +noall +answer $VPS_DOMAIN)" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then
+	if [ "$VPS_DOMAIN" != "" ] && [ "$(dig +noidnout +noall +answer $VPS_DOMAIN)" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then
 		if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then
 			echo "Generate certificate for V2Ray"
 			set +e
@ -791,7 +980,14 @@ if [ "$TLS" = "yes" ]; then
 	fi
 fi
-
+if [ "$SPEEDTEST" = "yes" ]; then
 	if [ ! -f /usr/share/omr-server/speedtest/test.img ]; then
 		echo "Generate speedtest image..."
 		mkdir -p /usr/share/omr-server/speedtest
 		dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576
 		echo "Done"
 	fi
 fi
 # Add OpenMPTCProuter VPS script version to /etc/motd
 if [ -f /etc/motd.head ]; then
@ -816,7 +1012,7 @@ if [ "$update" = "0" ]; then
 	# Display important info
 	echo '===================================================================================='
 	echo "OpenMPTCProuter Server $OMR_VERSION is now installed !"
-	echo 'SSH port: 65222 (instead of port 22)'
+	echo '\033[4m\0331mSSH port: 65222 (instead of port 22)\033[0m'
 	if [ "$OMR_ADMIN" = "yes" ]; then
 		echo '===================================================================================='
 		echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
@ -849,7 +1045,7 @@ if [ "$update" = "0" ]; then
 		echo "OpenMPTCProuter API Admin key (only for configuration via API, you don't need it): "
 		echo $OMR_ADMIN_PASS_ADMIN
 		echo 'OpenMPTCProuter Server key: '
-		echo $OMR_ADMIN_PASS
+		echo "\033[1m${OMR_ADMIN_PASS}\033[0m"
 		echo 'OpenMPTCProuter Server username: '
 		echo 'openmptcprouter'
 	fi
@ -860,10 +1056,10 @@ if [ "$update" = "0" ]; then
 	echo '===================================================================================='
 	echo 'Keys are also saved in /root/openmptcprouter_config.txt, you are free to remove them'
 	echo '===================================================================================='
-	echo '  /!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\'
+	echo '\033[1m  /!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\ \033[0m'
 	echo '------------------------------------------------------------------------------------'
 	echo ' After reboot, check with uname -a that the kernel name contain mptcp.'
-	echo ' Else, you may have to modify GRUB_DEFAULT in /etc/defaut/grub'
+	echo ' Else, you may have to modify GRUB_DEFAULT in /etc/default/grub'
 	echo '===================================================================================='
 	# Save info in file
@ -912,17 +1108,22 @@ else
 		systemctl -q restart mlvpn@mlvpn0
 		echo 'done'
 	fi
 	if [ "$V2RAY" = "yes" ]; then
 		echo 'Restarting v2ray...'
 		systemctl -q restart v2ray
 		echo 'done'
 	fi
 	if [ "$DSVPN" = "yes" ]; then
 		echo 'Restarting dsvpn...'
 		systemctl -q start dsvpn-server@dsvpn0 || true
-		systemctl -q restart dsvpn-server@* || true
+		systemctl -q restart 'dsvpn-server@*' || true
 		echo 'done'
 	fi
 	echo 'Restarting glorytun...'
 	systemctl -q start glorytun-tcp@tun0 || true
-	systemctl -q restart glorytun-tcp@* || true
+	systemctl -q restart 'glorytun-tcp@*' || true
 	systemctl -q start glorytun-udp@tun0 || true
-	systemctl -q restart glorytun-udp@* || true
+	systemctl -q restart 'glorytun-udp@*' || true
 	echo 'done'
 	echo 'Restarting omr6in4...'
 	systemctl -q start omr6in4@user0 || true
--- a/dsvpn-server.service.in
+++ b/dsvpn-server.service.in
@ -1,5 +1,6 @@
 [Unit]
 Description=Dead Simple VPN - Server
 After=network.target network-online.target
 [Service]
 ExecStart=/usr/local/sbin/dsvpn server /etc/dsvpn/dsvpn.key auto 65011 dsvpn0 10.255.251.1 10.255.251.2
--- a/dsvpn-server@.service.in
+++ b/dsvpn-server@.service.in
@ -1,5 +1,6 @@
 [Unit]
 Description=Dead Simple VPN - Server on %I
 After=network.target network-online.target
 [Service]
 ExecStart=/usr/local/bin/dsvpn-run /etc/dsvpn/%i
--- a/glorytun-tcp-post.sh
+++ b/glorytun-tcp-post.sh
@ -1,9 +1,13 @@
 #!/bin/sh
 [ ! -f $(readlink -f "$1") ] && exit 1
 . "$(readlink -f "$1")"
 INTF=gt-${DEV}
 [ -z "$LOCALIP" ] && LOCALIP="10.255.255.1"
 [ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3"
 while [ -z "$(ip link show $INTF)" ]; do
 	sleep 2
 done
 [ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
 	ip link set dev ${INTF} up 2>&1 >/dev/null
 	ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
--- a/glorytun-udp-post.sh
+++ b/glorytun-udp-post.sh
@ -1,10 +1,15 @@
 #!/bin/sh
 [ ! -f $(readlink -f "$1") ] && exit 1
 . "$(readlink -f "$1")"
 INTF=gt-udp-${DEV}
 [ -z "$LOCALIP" ] && LOCALIP="10.255.254.1"
 [ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3"
 while [ -z "$(ip link show $INTF)" ]; do
 	sleep 2
 done
 [ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
 	ip link set dev ${INTF} up 2>&1 >/dev/null
 	ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
 }
 ip link set $INTF txqlen 100
--- a/manager.json
+++ b/manager.json
@ -9,7 +9,7 @@
    ],
    "method": "chacha20-ietf-poly1305",
    "fast_open": true,
-    "timeout": 600,
+    "timeout": 1000,
    "port_key": {
        "65101": "MySecretKey",
    },
--- a/mlvpn@.service.in
+++ b/mlvpn@.service.in
@ -2,6 +2,7 @@
 Description=MLVPN connection to %i
 PartOf=mlvpn.service
 ReloadPropagatedFrom=mlvpn.service
 After=network.target network-online.target
 [Service]
 Type=notify
--- a/1
+++ b/1
@ -16,6 +16,7 @@ if [ "$1" = "start" ]; then
        ip tunnel add ${DEV} mode sit remote ${REMOTEIP} local ${LOCALIP}
        ip -6 addr add ${LOCALIP6} dev ${DEV}
        ip link set ${DEV} up
        [ -n "$ULA" ] && ip route replace ${ULA} via $(echo ${REMOTEIP6} | cut -d/ -f1) dev ${DEV}
 fi
 if [ "$1" = "stop" ]; then
        ip tunnel del ${DEV}
--- a/50
+++ b/50
@ -6,9 +6,9 @@ _multipath() {
 	source /etc/shorewall/params.net
 	for intf in `ls -1 /sys/class/net`; do
 		if [ "$intf" = "$NET_IFACE" ]; then
-			multipath $intf on
+			[ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
 		else
-			multipath $intf off
+			[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
 		fi
 	done
 }
@ -16,30 +16,64 @@ _multipath() {
 _glorytun_udp() {
 	[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep server)" ] && {
 		logger -t "OMR-Service" "Restart Glorytun-UDP"
-		systemctl -q restart glorytun-udp@*
+		systemctl -q restart 'glorytun-udp@*'
 	}
-	for intf in /etc/glorytun-udp/*; do
+	for intf in /etc/glorytun-udp/tun*; do
-		/etc/glorytun-udp/post.sh /etc/glorytun-udp/${intf}
+		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
 	done
 }
 _glorytun_tcp() {
-	for intf in /etc/glorytun-tcp/*; do
+	for intf in /etc/glorytun-tcp/tun*; do
-		/etc/glorytun-tcp/post.sh /etc/glorytun-tcp/${intf}
+		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
 	done
 }
 _omr_api() {
-	[ -z "$(curl -s -k -m 1 https://127.0.0.1:65500/)" ] && {
+	[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
 		logger -t "OMR-Service" "Restart OMR-Admin"
 		systemctl -q restart omr-admin
 	}
 }
 _lan_route() {
 	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' |
 	while IFS=$"\n" read -r c; do
 		vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
 		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
 			echo "$c" | jq -c '.lanips //empty' | 
 			while IFS=$"\n" read -r d; do
 				network=$(ipcalc -n $d | grep Network | awk '{print $2}')
 				[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
 			done
 		fi
 	done
 }
 _gre_tunnels() {
 	. "$(readlink -f "/etc/shorewall/params.vpn")"
 	for intf in /etc/openmptcprouter-vps-admin/intf/*; do
 		if [ -f "$intf" ]; then
 			. "$(readlink -f "$intf")"
 			iface="$(basename $intf)"
 			if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
 				ip tunnel del $iface 2>&1 >/dev/null
 				ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR
 				ip link set $iface up
 				ip addr add $LOCALIP dev $iface
 				ip route add $NETWORK dev $iface 2>&1 >/dev/null
 			fi
 		fi
 	done
 }
 while true; do
 	_glorytun_udp
 	_glorytun_tcp
 	_multipath
 	_omr_api
 	_lan_route
 	_gre_tunnels
 	sleep 10
 done
--- a/omr.service.in
+++ b/omr.service.in
@ -6,7 +6,7 @@ After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.s
 Type=simple
 Restart=always
 ExecStart=/usr/local/bin/omr-service
-ExecStop=/usr/local/bin/omr-service stop
+KillSignal=9
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 [Install]
--- a/openmptcprouter-shorewall.tar.gz
+++ b/openmptcprouter-shorewall.tar.gz
--- a/openmptcprouter-shorewall6.tar.gz
+++ b/openmptcprouter-shorewall6.tar.gz
--- a/shadowsocks-libev-manager@.service.in
+++ b/shadowsocks-libev-manager@.service.in
@ -8,7 +8,7 @@ CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 LimitNOFILE=99999
 LimitNPROC=99999
-ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json
+ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json --manager-address 127.0.0.1:8839
 Restart=always
 [Install]
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@ -2,10 +2,10 @@
 # max open files
 fs.file-max = 512000
 # max read buffer
-net.core.rmem_max = 150000000
+net.core.rmem_max = 67108864
 # max write buffer
-net.core.wmem_max = 75000000
+net.core.wmem_max = 67108864
-net.core.optmem_max = 75000000
+net.core.optmem_max = 33554432
 # default read buffer
 net.core.rmem_default = 131072
 # default write buffer
@ -28,19 +28,19 @@ net.ipv4.tcp_keepalive_time = 7200
 # outbound port range
 net.ipv4.ip_local_port_range = 9999 65000
 # max SYN backlog
-net.ipv4.tcp_max_syn_backlog = 4096
+net.ipv4.tcp_max_syn_backlog = 10240
 # max timewait sockets held by system simultaneously
 net.ipv4.tcp_max_tw_buckets = 10000
 # turn on TCP Fast Open on both client and server side
 net.ipv4.tcp_fastopen = 3
 # TCP buffer
-net.ipv4.tcp_mem = 768174 75000000 150000000
+net.ipv4.tcp_mem = 8092 131072 67108864
 # UDP buffer
-net.ipv4.udp_mem = 768174 75000000 150000000
+net.ipv4.udp_mem = 8092 131072 67108864
 # TCP receive buffer
-net.ipv4.tcp_rmem = 4096 524288 75000000
+net.ipv4.tcp_rmem = 4096 87380 33554432
 # TCP write buffer
-net.ipv4.tcp_wmem = 4096 524288 75000000
+net.ipv4.tcp_wmem = 4096 65536 33554432
 # turn on path MTU discovery
 net.ipv4.tcp_mtu_probing = 0
@ -51,8 +51,9 @@ net.core.default_qdisc = fq
 net.netfilter.nf_conntrack_max = 131072
 net.ipv4.conf.all.log_martians = 0
 net.ipv4.conf.default.log_martians = 0
 # MPTCP settings
 net.mptcp.mptcp_checksum = 0
-net.mptcp.mptcp_syn_retries = 1
+net.mptcp.mptcp_syn_retries = 2
 net.ipv4.tcp_ecn=1
--- a/shorewall4/interfaces
+++ b/shorewall4/interfaces
@ -20,4 +20,5 @@ vpn	gt-udp-tun+	nosmurfs,tcpflags
 vpn	mlvpn+		nosmurfs,tcpflags
 vpn	tun+		nosmurfs,tcpflags
 vpn	dsvpn+		nosmurfs,tcpflags
 vpn	gre-user+	nosmurfs,tcpflags
--- a/shorewall4/shorewall.conf
+++ b/shorewall4/shorewall.conf
@ -108,10 +108,11 @@ TC=
 ###############################################################################
 ACCEPT_DEFAULT=none
-DROP_DEFAULT=Drop
+BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
 DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
-REJECT_DEFAULT=Reject
+REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 ###############################################################################
 #			 R S H / R C P	C O M M A N D S
--- a/shorewall6/shorewall6.conf
+++ b/shorewall6/shorewall6.conf
@ -105,10 +105,11 @@ TC=
 ###############################################################################
 ACCEPT_DEFAULT=none
-DROP_DEFAULT=Drop
+BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
 DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
-REJECT_DEFAULT=Reject
+REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
 ###############################################################################
 #			 R S H / R C P	C O M M A N D S
--- a/shorewall6/snat
+++ b/shorewall6/snat
@ -18,4 +18,4 @@
 MASQUERADE		fe80::/10,\
 			fd00::/8		$NET_IFACE
 # SNAT from VPN server for all VPN clients
-SNAT(fe80::a00:1)		::/0		omr-6in4-user+
+#SNAT(fe80::a00:1)		::/0		omr-6in4-user+
--- a/tun0.glorytun
+++ b/tun0.glorytun
@ -3,4 +3,4 @@ DEV=tun0
 SERVER=true
 MPTCP=true
 IPV6=true
-OPTIONS="chacha20 retry count -1 const 5000000 timeout 10000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
+OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
--- a/v2ray-server.json
+++ b/v2ray-server.json
@ -0,0 +1,124 @@
 {
 	"log": {
 		"loglevel": "debug",
 		"error": "/tmp/v2rayError.log"
 	},
 	"transport": {
 		"tcpSettings": {},
 		"wsSettings": {},
 		"kcpSettings": {
 			"mtu": 1460,
 			"tti": 10,
 			"uplinkCapacity": 100,
 			"downlinkCapacity": 100,
 			"congestion": false,
 			"readBufferSize": 8,
 			"writeBufferSize": 8
 		}
 	},
 	"inbounds": [
 		{
 			"tag": "Vmess-In1",
 			"port": 65228,
 			"protocol": "vless",
 			"settings": {
 				"disableInsecureEncryption": false,
 				"clients": [
 					{
 						"id": "V2RAY_UUID",
 						"level": 0,
 						"alterId": 0,
 						"email": "openmptcprouter"
 					}
 				]
 			},
 			"streamSettings": {
 				"sockopt": {
 					"mark": 0
 				},
 				"network": "tcp",
 				"security": "tls",
 				"tlsSettings": {
 					"certificates": [
 						{
 							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
 							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
 						}
 					]
 				}
 			}
 		},
 		{
 			"listen": "127.0.0.1",
 			"port": 10085,
 			"protocol": "dokodemo-door",
 			"settings": {
 				"address": "127.0.0.1"
 			},
 			"tag": "api"
 		}
 	],
 	"outbounds": [
 		{
 			"protocol": "freedom",
 			"settings": {
 				"userLevel": 0
 			},
 			"tag": "direct"
 		}
 	],
 	"routing": {
 		"rules": [
 			{
 				"type": "field",
 				"inboundTag": [
 					"Vmess-In1"
 				],
 				"outboundTag": "WH-Lan1",
 				"domain": [
 					"full:WH-Lan1"
 				]
 			},
 			{
 				"inboundTag": [
 					"api"
 				],
 				"outboundTag": "api",
 				"type": "field"
 			}
 		]
 	},
 	"reverse": {
 		"portals": [
 			{
 				"tag": "WH-Lan1",
 				"domain": "WH-Lan1"
 			}
 		]
 	},
 	"stats": {},
 	"api": {
 		"tag": "api",
 		"services": [
 			"HandlerService",
 			"LoggerService",
 			"StatsService"
 		]
 	},
 	"policy": {
 		"levels": {
 			"0": {
 				"uplinkOnly": 0,
 				"downlinkOnly": 0,
 				"bufferSize": 512,
 				"connIdle": 1200,
 				"statsUserUplink": true,
 				"statsUserDownlink": true
 			}
 		},
 		"system": {
 			"statsInboundUplink": true,
 			"statsInboundDownlink": true
 		}
 	}
 }