1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-03-09 15:50:00 +00:00

Merge pull request #7 from Ysurac/develop

同步
This commit is contained in:
suyuan 2020-10-31 16:33:23 +08:00 committed by GitHub
commit 94d4877d2a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 127 additions and 25 deletions

View file

@ -23,6 +23,8 @@ OMR_ADMIN_PASS=${OMR_ADMIN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:low
OMR_ADMIN_PASS_ADMIN=${OMR_ADMIN_PASS_ADMIN:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
MLVPN=${MLVPN:-yes}
MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
UBOND=${UBOND:-no}
UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
OPENVPN=${OPENVPN:-yes}
DSVPN=${DSVPN:-yes}
SOURCES=${SOURCES:-yes}
@ -30,17 +32,18 @@ NOINTERNET=${NOINTERNET:-no}
SPEEDTEST=${SPEEDTEST:-no}
LOCALFILES=${LOCALFILES:-no}
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
KERNEL_VERSION="5.4.64"
KERNEL_PACKAGE_VERSION="1.12+9d3f35b"
KERNEL_VERSION="5.4.65"
KERNEL_PACKAGE_VERSION="1.13+9d3f35b"
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
GLORYTUN_UDP_VERSION="3622f928caf03709c4031a34feec85c623bc5281"
GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77"
#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
OMR_ADMIN_VERSION="2737c91e17731f82c96e579b4f963e0136e4df27"
OMR_ADMIN_VERSION="8d0706e8c234f9a0eaa88ace6d58c2d0f45156cf"
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
#V2RAY_VERSION="v1.1.0"
V2RAY_PLUGIN_VERSION="v1.2.0-8-g59b8f4f"
V2RAY_PLUGIN_VERSION="v1.4.3"
EASYRSA_VERSION="3.0.6"
SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
@ -57,9 +60,11 @@ export LC_ALL=C
export PATH=$PATH:/sbin
export DEBIAN_FRONTEND=noninteractive
echo "Check user..."
if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi
# Check Linux version
echo "Check Linux version..."
if test -f /etc/os-release ; then
. /etc/os-release
else
@ -75,6 +80,8 @@ elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)"
exit 1
fi
echo "Check architecture..."
ARCH=$(dpkg --print-architecture | tr -d "\n")
if [ "$ARCH" != "amd64" ]; then
echo "Only x86_64 (amd64) is supported"
@ -87,13 +94,13 @@ fi
# echo "E: dpkg database is locked. Check that an update is not running in background..."
# exit 1
#fi
echo "Check about broken packages..."
apt-get check >/dev/null 2>&1
if [ "$?" -ne 0 ]; then
echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..."
exit 1
fi
# Fix old string...
if [ -f /etc/motd ] && grep --quiet 'OpenMPCTProuter VPS' /etc/motd ; then
sed -i 's/OpenMPCTProuter/OpenMPTCProuter/g' /etc/motd
@ -103,6 +110,7 @@ if [ -f /etc/motd.head ] && grep --quiet 'OpenMPCTProuter VPS' /etc/motd.head ;
fi
# Check if OpenMPTCProuter VPS is already installed
echo "Check if OpenMPTCProuter VPS is already installed..."
update="0"
if [ "$UPDATE" = "yes" ]; then
if [ -f /etc/motd ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd ; then
@ -112,8 +120,10 @@ if [ "$UPDATE" = "yes" ]; then
elif [ -f /root/openmptcprouter_config.txt ]; then
update="1"
fi
echo "Update mode"
fi
echo "Remove lock and update packages list..."
rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend
rm -f /var/cache/apt/archives/lock
@ -121,7 +131,8 @@ apt-get update
rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend
rm -f /var/cache/apt/archives/lock
apt-get -y install apt-transport-https gnupg
echo "Install apt-transport-https, gnupg and openssh-server..."
apt-get -y install apt-transport-https gnupg openssh-server
#if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then
@ -145,6 +156,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
VERSION_ID="20.04"
fi
# Add OpenMPTCProuter repo
echo "Add OpenMPTCProuter repo..."
echo 'deb [arch=amd64] https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list
cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
@ -155,6 +167,7 @@ EOF
wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
# Install mptcp kernel and shadowsocks
echo "Install mptcp kernel and shadowsocks..."
apt-get update
sleep 2
apt-get -y install dirmngr patch
@ -472,6 +485,11 @@ fi
if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then
echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf
fi
if systemctl -q is-active shadowsocks-libev-manager@manager; then
systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1
fi
# Install simple-obfs
if [ "$OBFS" = "yes" ]; then
echo "Install OBFS"
@ -507,10 +525,11 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then
echo "Install v2ray plugin"
rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
cd /tmp
tar xzvf v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
cp v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
cd /tmp
rm -rf /tmp/v2ray-plugin_linux_amd64
rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
@ -610,6 +629,65 @@ if systemctl -q is-active openvpn-server@tun0.service; then
systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
fi
if systemctl -q is-active ubond@ubond0.service; then
systemctl -q stop ubond@ubond0 > /dev/null 2>&1
systemctl -q disable ubond@ubond0 > /dev/null 2>&1
fi
echo "install ubond"
# Install UBOND
if [ "$UBOND" = "yes" ]; then
echo 'Install UBOND'
ubondupdate="0"
if [ -f /etc/ubond/ubond0.conf ]; then
ubondupdate="1"
fi
# if [ "$SOURCES" = "yes" ]; then
rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend
apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git
rm -rf /tmp/ubond
cd /tmp
git clone https://github.com/markfoodyburton/ubond.git /tmp/ubond
cd /tmp/ubond
git checkout ${UBOND_VERSION}
./autogen.sh
./configure --sysconfdir=/etc
make
make install
cd /tmp
rm -rf /tmp/ubond
# else
# apt-get -y -o Dpkg::Options::="--force-overwrite" install ubond
# fi
if [ "$LOCALFILES" = "no" ]; then
wget -O /lib/systemd/network/ubond.network ${VPSURL}${VPSPATH}/ubond.network
wget -O /lib/systemd/system/ubond@.service ${VPSURL}${VPSPATH}/ubond@.service.in
else
cp ${DIR}/ubond.network /lib/systemd/network/ubond.network
cp ${DIR}/ubond@.service.in /lib/systemd/system/ubond@.service
fi
mkdir -p /etc/ubond
if [ "$ubondupdate" = "0" ]; then
if [ "$LOCALFILES" = "no" ]; then
wget -O /etc/ubond/ubond0.conf ${VPSURL}${VPSPATH}/ubond0.conf
else
cp ${DIR}/ubond0.conf /etc/ubond/ubond0.conf
fi
sed -i "s:UBOND_PASS:$UBOND_PASS:" /etc/ubond/ubond0.conf
fi
chmod 0600 /etc/ubond/ubond0.conf
adduser --quiet --system --home /var/opt/ubond --shell /usr/sbin/nologin ubond
mkdir -p /var/opt/ubond
usermod -d /var/opt/ubond ubond
chown ubond /var/opt/ubond
systemctl enable ubond@ubond0.service
systemctl enable systemd-networkd.service
echo "install ubond done"
fi
if systemctl -q is-active openvpn-server@tun0.service; then
systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
fi
if [ "$OPENVPN" = "yes" ]; then
echo "Install OpenVPN"
rm -f /var/lib/dpkg/lock
@ -1041,6 +1119,11 @@ if [ "$update" = "0" ]; then
echo 'Your MLVPN password: '
echo $MLVPN_PASS
fi
if [ "$UBOND" = "yes" ]; then
echo 'UBOND first port: 65251'
echo 'Your UBOND password: '
echo $UBOND_PASS
fi
if [ "$OMR_ADMIN" = "yes" ]; then
echo "OpenMPTCProuter API Admin key (only for configuration via API, you don't need it): "
echo $OMR_ADMIN_PASS_ADMIN
@ -1084,6 +1167,12 @@ if [ "$update" = "0" ]; then
Your MLVPN password: $MLVPN_PASS
EOF
fi
if [ "$UBOND" = "yes" ]; then
cat >> /root/openmptcprouter_config.txt <<-EOF
UBOND first port: 65251'
Your UBOND password: $UBOND_PASS
EOF
fi
if [ "$OMR_ADMIN" = "yes" ]; then
cat >> /root/openmptcprouter_config.txt <<-EOF
Your OpenMPTCProuter ADMIN API Server key (only for configuration via API access, you don't need it): $OMR_ADMIN_PASS_ADMIN
@ -1108,6 +1197,11 @@ else
systemctl -q restart mlvpn@mlvpn0
echo 'done'
fi
if [ "$UBOND" = "yes" ]; then
echo 'Restarting ubond...'
systemctl -q restart ubond@ubond0
echo 'done'
fi
if [ "$V2RAY" = "yes" ]; then
echo 'Restarting v2ray...'
systemctl -q restart v2ray

View file

@ -5,7 +5,7 @@
INTF=gt-${DEV}
[ -z "$LOCALIP" ] && LOCALIP="10.255.255.1"
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3"
while [ -z "$(ip link show $INTF)" ]; do
while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do
sleep 2
done
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {

View file

@ -5,11 +5,12 @@
INTF=gt-udp-${DEV}
[ -z "$LOCALIP" ] && LOCALIP="10.255.254.1"
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3"
while [ -z "$(ip link show $INTF)" ]; do
while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do
sleep 2
done
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
ip link set dev ${INTF} up 2>&1 >/dev/null
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
}
tc qdisc replace dev $INTF root cake
ip link set $INTF txqlen 100

View file

@ -14,7 +14,7 @@ _multipath() {
}
_glorytun_udp() {
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep server)" ] && {
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
logger -t "OMR-Service" "Restart Glorytun-UDP"
systemctl -q restart 'glorytun-udp@*'
}
@ -27,6 +27,12 @@ _glorytun_tcp() {
for intf in /etc/glorytun-tcp/tun*; do
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
done
if [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ]; then
logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
systemctl restart glorytun-tcp@tun0
fi
fi
}
_omr_api() {
@ -56,9 +62,9 @@ _gre_tunnels() {
if [ -f "$intf" ]; then
. "$(readlink -f "$intf")"
iface="$(basename $intf)"
if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$REMOTEIP" ]; then
ip tunnel del $iface 2>&1 >/dev/null
ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR
ip tunnel add $iface mode gre local $INTFADDR remote $REMOTEIP
ip link set $iface up
ip addr add $LOCALIP dev $iface
ip route add $NETWORK dev $iface 2>&1 >/dev/null

Binary file not shown.

View file

@ -45,7 +45,7 @@ net.ipv4.tcp_wmem = 4096 65536 33554432
net.ipv4.tcp_mtu_probing = 0
# for low-latency network, use cubic instead
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_congestion_control = cubic
net.core.default_qdisc = fq
# Default conntrack is too small
net.netfilter.nf_conntrack_max = 131072
@ -56,4 +56,5 @@ net.ipv4.conf.default.log_martians = 0
# MPTCP settings
net.mptcp.mptcp_checksum = 0
net.mptcp.mptcp_syn_retries = 2
net.ipv4.tcp_ecn=1
net.mptcp.mptcp_scheduler = blest
net.ipv4.tcp_ecn=1

View file

@ -39,7 +39,7 @@ INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_MARTIANS=No
LOG_VERBOSITY=2

View file

@ -18,11 +18,11 @@
},
"inbounds": [
{
"tag": "Vmess-In1",
"tag": "omrin-tunnel",
"port": 65228,
"protocol": "vless",
"settings": {
"disableInsecureEncryption": false,
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
@ -72,11 +72,11 @@
{
"type": "field",
"inboundTag": [
"Vmess-In1"
"omrin-tunnel"
],
"outboundTag": "WH-Lan1",
"outboundTag": "OMRLan",
"domain": [
"full:WH-Lan1"
"full:omr.lan"
]
},
{
@ -91,8 +91,8 @@
"reverse": {
"portals": [
{
"tag": "WH-Lan1",
"domain": "WH-Lan1"
"tag": "OMRLan",
"domain": "omr.lan"
}
]
},
@ -111,7 +111,7 @@
"uplinkOnly": 0,
"downlinkOnly": 0,
"bufferSize": 512,
"connIdle": 1200,
"connIdle": 2400,
"statsUserUplink": true,
"statsUserDownlink": true
}