From f957fafef19d7f464661290ba53aa77b504604f5 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 25 Sep 2020 14:49:52 +0000
Subject: [PATCH 01/14] Update v2ray plugin, kernel and omr API

---
 debian9-x86_64.sh | 11 ++++++-----
 shadowsocks.conf  |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 752e3ce..08afd38 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -30,17 +30,17 @@ NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.64"
-KERNEL_PACKAGE_VERSION="1.12+9d3f35b"
+KERNEL_VERSION="5.4.65"
+KERNEL_PACKAGE_VERSION="1.13+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="3622f928caf03709c4031a34feec85c623bc5281"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="2737c91e17731f82c96e579b4f963e0136e4df27"
+OMR_ADMIN_VERSION="4e6b8ea2d5ad0f64f6edc73daf47d269ca0f941c"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 #V2RAY_VERSION="v1.1.0"
-V2RAY_PLUGIN_VERSION="v1.2.0-8-g59b8f4f"
+V2RAY_PLUGIN_VERSION="v1.4.3"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
@@ -507,7 +507,8 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then
 	echo "Install v2ray plugin"
 	rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
 	#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
+	#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
+	wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
 	cd /tmp
 	tar xzvf v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
 	cp v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
diff --git a/shadowsocks.conf b/shadowsocks.conf
index c8a441f..8de0b56 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -56,4 +56,4 @@ net.ipv4.conf.default.log_martians = 0
 # MPTCP settings
 net.mptcp.mptcp_checksum = 0
 net.mptcp.mptcp_syn_retries = 2
-net.ipv4.tcp_ecn=1
\ No newline at end of file
+net.ipv4.tcp_ecn=1

From 8fb17cef85ae06146aa67ae32792a3233bacaaee Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 29 Sep 2020 13:42:58 +0000
Subject: [PATCH 02/14] Fix v2ray config

---
 v2ray-server.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/v2ray-server.json b/v2ray-server.json
index c8754bd..d9f3525 100644
--- a/v2ray-server.json
+++ b/v2ray-server.json
@@ -22,7 +22,7 @@
 			"port": 65228,
 			"protocol": "vless",
 			"settings": {
-				"disableInsecureEncryption": false,
+				"decryption": "none",
 				"clients": [
 					{
 						"id": "V2RAY_UUID",

From d87b58da11bf5ba4e38cab5aeab6ba1c36e76a88 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 29 Sep 2020 13:43:24 +0000
Subject: [PATCH 03/14] Fix gre-tunnels creation when multiple users

---
 omr-service | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/omr-service b/omr-service
index 3890f2b..0b551da 100755
--- a/omr-service
+++ b/omr-service
@@ -56,9 +56,9 @@ _gre_tunnels() {
 		if [ -f "$intf" ]; then
 			. "$(readlink -f "$intf")"
 			iface="$(basename $intf)"
-			if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
+			if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$REMOTEIP" ]; then
 				ip tunnel del $iface 2>&1 >/dev/null
-				ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR
+				ip tunnel add $iface mode gre local $INTFADDR remote $REMOTEIP
 				ip link set $iface up
 				ip addr add $LOCALIP dev $iface
 				ip route add $NETWORK dev $iface 2>&1 >/dev/null

From d6bb43acebac38d436d5bb6b9e7e102e2256f930 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 29 Sep 2020 13:43:48 +0000
Subject: [PATCH 04/14] Update API

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 08afd38..d4a99af 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -37,7 +37,7 @@ GLORYTUN_UDP_VERSION="3622f928caf03709c4031a34feec85c623bc5281"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="4e6b8ea2d5ad0f64f6edc73daf47d269ca0f941c"
+OMR_ADMIN_VERSION="cbde68adfc9d5be5ef5e6ee8e1dd78bb305f832a"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 #V2RAY_VERSION="v1.1.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"

From 192ff0620beaeb0412d539d08f839979cfe04087 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 20 Oct 2020 08:30:17 +0000
Subject: [PATCH 05/14] Update to latest API and add ubond as test

---
 debian9-x86_64.sh | 103 +++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 98 insertions(+), 5 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index d4a99af..b26ca61 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -23,6 +23,8 @@ OMR_ADMIN_PASS=${OMR_ADMIN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:low
 OMR_ADMIN_PASS_ADMIN=${OMR_ADMIN_PASS_ADMIN:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
 MLVPN=${MLVPN:-yes}
 MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
+UBOND=${UBOND:-no}
+UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 OPENVPN=${OPENVPN:-yes}
 DSVPN=${DSVPN:-yes}
 SOURCES=${SOURCES:-yes}
@@ -33,11 +35,12 @@ INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev
 KERNEL_VERSION="5.4.65"
 KERNEL_PACKAGE_VERSION="1.13+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
-GLORYTUN_UDP_VERSION="3622f928caf03709c4031a34feec85c623bc5281"
+GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
+UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="cbde68adfc9d5be5ef5e6ee8e1dd78bb305f832a"
+OMR_ADMIN_VERSION="7f44bd857ebd67a6b6da1f717e1bf1de0381f599"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 #V2RAY_VERSION="v1.1.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"
@@ -57,9 +60,11 @@ export LC_ALL=C
 export PATH=$PATH:/sbin
 export DEBIAN_FRONTEND=noninteractive 
 
+echo "Check user..."
 if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi
 
 # Check Linux version
+echo "Check Linux version..."
 if test -f /etc/os-release ; then
 	. /etc/os-release
 else
@@ -75,6 +80,8 @@ elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
 	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)"
 	exit 1
 fi
+
+echo "Check architecture..."
 ARCH=$(dpkg --print-architecture | tr -d "\n")
 if [ "$ARCH" != "amd64" ]; then
 	echo "Only x86_64 (amd64) is supported"
@@ -87,13 +94,13 @@ fi
 #	echo "E: dpkg database is locked. Check that an update is not running in background..."
 #	exit 1
 #fi
+echo "Check about broken packages..."
 apt-get check >/dev/null 2>&1
 if [ "$?" -ne 0 ]; then
 	echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..."
 	exit 1
 fi
 
-
 # Fix old string...
 if [ -f /etc/motd ] && grep --quiet 'OpenMPCTProuter VPS' /etc/motd ; then
 	sed -i 's/OpenMPCTProuter/OpenMPTCProuter/g' /etc/motd
@@ -103,6 +110,7 @@ if [ -f /etc/motd.head ] && grep --quiet 'OpenMPCTProuter VPS' /etc/motd.head ;
 fi
 
 # Check if OpenMPTCProuter VPS is already installed
+echo "Check if OpenMPTCProuter VPS is already installed..."
 update="0"
 if [ "$UPDATE" = "yes" ]; then
 	if [ -f /etc/motd ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd ; then
@@ -112,8 +120,10 @@ if [ "$UPDATE" = "yes" ]; then
 	elif [ -f /root/openmptcprouter_config.txt ]; then
 		update="1"
 	fi
+	echo "Update mode"
 fi
 
+echo "Remove lock and update packages list..."
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
@@ -121,7 +131,8 @@ apt-get update
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
-apt-get -y install apt-transport-https gnupg
+echo "Install apt-transport-https, gnupg and openssh-server..."
+apt-get -y install apt-transport-https gnupg openssh-server
 
 #if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then
@@ -145,6 +156,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 	VERSION_ID="20.04"
 fi
 # Add OpenMPTCProuter repo
+echo "Add OpenMPTCProuter repo..."
 echo 'deb [arch=amd64] https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list
 cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
 Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
@@ -155,6 +167,7 @@ EOF
 wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
 
 # Install mptcp kernel and shadowsocks
+echo "Install mptcp kernel and shadowsocks..."
 apt-get update
 sleep 2
 apt-get -y install dirmngr patch
@@ -472,6 +485,11 @@ fi
 if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then
 	echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf
 fi
+
+if systemctl -q is-active shadowsocks-libev-manager@manager; then
+	systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1
+fi
+
 # Install simple-obfs
 if [ "$OBFS" = "yes" ]; then
 	echo "Install OBFS"
@@ -511,7 +529,7 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then
 	wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
 	cd /tmp
 	tar xzvf v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	cp v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
+	cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
 	cd /tmp
 	rm -rf /tmp/v2ray-plugin_linux_amd64
 	rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
@@ -611,6 +629,65 @@ if systemctl -q is-active openvpn-server@tun0.service; then
 	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
 	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
 fi
+if systemctl -q is-active ubond@ubond0.service; then
+	systemctl -q stop ubond@ubond0 > /dev/null 2>&1
+	systemctl -q disable ubond@ubond0 > /dev/null 2>&1
+fi
+echo "install ubond"
+# Install UBOND
+if [ "$UBOND" = "yes" ]; then
+	echo 'Install UBOND'
+	ubondupdate="0"
+	if [ -f /etc/ubond/ubond0.conf ]; then
+		ubondupdate="1"
+	fi
+#	if [ "$SOURCES" = "yes" ]; then
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
+		apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git
+		rm -rf /tmp/ubond
+		cd /tmp
+		git clone https://github.com/markfoodyburton/ubond.git /tmp/ubond
+		cd /tmp/ubond
+		git checkout ${UBOND_VERSION}
+		./autogen.sh
+		./configure --sysconfdir=/etc
+		make
+		make install
+		cd /tmp
+		rm -rf /tmp/ubond
+#	else
+#		apt-get -y -o Dpkg::Options::="--force-overwrite" install ubond
+#	fi
+	if [ "$LOCALFILES" = "no" ]; then
+		wget -O /lib/systemd/network/ubond.network ${VPSURL}${VPSPATH}/ubond.network
+		wget -O /lib/systemd/system/ubond@.service ${VPSURL}${VPSPATH}/ubond@.service.in
+	else
+		cp ${DIR}/ubond.network /lib/systemd/network/ubond.network
+		cp ${DIR}/ubond@.service.in /lib/systemd/system/ubond@.service
+	fi
+	mkdir -p /etc/ubond
+	if [ "$ubondupdate" = "0" ]; then
+		if [ "$LOCALFILES" = "no" ]; then
+			wget -O /etc/ubond/ubond0.conf ${VPSURL}${VPSPATH}/ubond0.conf
+		else
+			cp ${DIR}/ubond0.conf /etc/ubond/ubond0.conf
+		fi
+		sed -i "s:UBOND_PASS:$UBOND_PASS:" /etc/ubond/ubond0.conf
+	fi
+	chmod 0600 /etc/ubond/ubond0.conf
+	adduser --quiet --system --home /var/opt/ubond --shell /usr/sbin/nologin ubond
+	mkdir -p /var/opt/ubond
+	usermod -d /var/opt/ubond ubond
+	chown ubond /var/opt/ubond
+	systemctl enable ubond@ubond0.service
+	systemctl enable systemd-networkd.service
+	echo "install ubond done"
+fi
+if systemctl -q is-active openvpn-server@tun0.service; then
+	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
+	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
+fi
 if [ "$OPENVPN" = "yes" ]; then
 	echo "Install OpenVPN"
 	rm -f /var/lib/dpkg/lock
@@ -1042,6 +1119,11 @@ if [ "$update" = "0" ]; then
 		echo 'Your MLVPN password: '
 		echo $MLVPN_PASS
 	fi
+	if [ "$UBOND" = "yes" ]; then
+		echo 'UBOND first port: 65251'
+		echo 'Your UBOND password: '
+		echo $UBOND_PASS
+	fi
 	if [ "$OMR_ADMIN" = "yes" ]; then
 		echo "OpenMPTCProuter API Admin key (only for configuration via API, you don't need it): "
 		echo $OMR_ADMIN_PASS_ADMIN
@@ -1085,6 +1167,12 @@ if [ "$update" = "0" ]; then
 		Your MLVPN password: $MLVPN_PASS
 		EOF
 	fi
+	if [ "$UBOND" = "yes" ]; then
+		cat >> /root/openmptcprouter_config.txt <<-EOF
+		UBOND first port: 65251'
+		Your UBOND password: $UBOND_PASS
+		EOF
+	fi
 	if [ "$OMR_ADMIN" = "yes" ]; then
 		cat >> /root/openmptcprouter_config.txt <<-EOF
 		Your OpenMPTCProuter ADMIN API Server key (only for configuration via API access, you don't need it): $OMR_ADMIN_PASS_ADMIN
@@ -1109,6 +1197,11 @@ else
 		systemctl -q restart mlvpn@mlvpn0
 		echo 'done'
 	fi
+	if [ "$UBOND" = "yes" ]; then
+		echo 'Restarting ubond...'
+		systemctl -q restart ubond@ubond0
+		echo 'done'
+	fi
 	if [ "$V2RAY" = "yes" ]; then
 		echo 'Restarting v2ray...'
 		systemctl -q restart v2ray

From e527e52c70f7e966210e0108de516cf744d16ea6 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 20 Oct 2020 08:31:12 +0000
Subject: [PATCH 06/14] Less errors in logs

---
 glorytun-tcp-post.sh | 2 +-
 glorytun-udp-post.sh | 2 +-
 omr-service          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/glorytun-tcp-post.sh b/glorytun-tcp-post.sh
index 240599c..e993b04 100644
--- a/glorytun-tcp-post.sh
+++ b/glorytun-tcp-post.sh
@@ -5,7 +5,7 @@
 INTF=gt-${DEV}
 [ -z "$LOCALIP" ] && LOCALIP="10.255.255.1"
 [ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3"
-while [ -z "$(ip link show $INTF)" ]; do
+while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do
 	sleep 2
 done
 [ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
diff --git a/glorytun-udp-post.sh b/glorytun-udp-post.sh
index 09cba72..a62144c 100644
--- a/glorytun-udp-post.sh
+++ b/glorytun-udp-post.sh
@@ -5,7 +5,7 @@
 INTF=gt-udp-${DEV}
 [ -z "$LOCALIP" ] && LOCALIP="10.255.254.1"
 [ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3"
-while [ -z "$(ip link show $INTF)" ]; do
+while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do
 	sleep 2
 done
 [ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
diff --git a/omr-service b/omr-service
index 0b551da..568ce7b 100755
--- a/omr-service
+++ b/omr-service
@@ -14,7 +14,7 @@ _multipath() {
 }
 
 _glorytun_udp() {
-	[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep server)" ] && {
+	[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
 		logger -t "OMR-Service" "Restart Glorytun-UDP"
 		systemctl -q restart 'glorytun-udp@*'
 	}

From 52a1b8a8f0fe9e470bfc9a32738776fe2cfa15d6 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 20 Oct 2020 08:31:36 +0000
Subject: [PATCH 07/14] Disable log martians in shorewall

---
 openmptcprouter-shorewall.tar.gz | Bin 4075 -> 4056 bytes
 shorewall4/shorewall.conf        |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index 69fe33270e80b4aa2c3634eba31cbd64d03da7e8..5a984469460479c249eee19de9ccf473c2daf5e9 100644
GIT binary patch
literal 4056
zcmV;}4=3;+iwFQGJbzyR1MM8`a-+!c{-URtlAXKViuGwrK0BpcFd&H-0SCxFU!{t|
z61J(6KmoKq=W5?Q-7|m?l2@Co<jq}Z?+WPY>7JhH>F$AnN#Of&=uCe3=5Wvi=$@U?
zBS7)kI*0St>3Qp{eb(%ro`2J9wa&WTZ%FfiZOUL7#ZE}bH(?OOpQ77U{yT-E$`LW2
zg3x_-W;0T&k%k*j8c~XAOj7%(AZ0%YiRV8A;oOP6z$eaqu#AZd6rLMF35lP)h&*^R
z_k_eR3zt;qj!!afwTxR8*!|Ggj1g~<)5_7CK;?)RELl@Ijx)8fAxIo2N~Xnex}jMb
zC+eC37bZQ7P08TQTiFtZmC6s^13Bi$mNt|WT{2Aa?YG3X1<SU0V<1_Kz_$4juZq0Q
zh$@10`Q*+PZg}ZHA55J~UE^vT{##BLT&vmqzFGOf^{3uLTEB1Uo0T8p#j0jJS#a%E
zq1y1YeY#oC;LU=>^VUVK{KxvmX=|Nx>%3iTl57Z@ti5ouUa{Nlo);>rl656(rmdQr
z^?f(K_kyVAM}-!i7P;v9wk}yLihTktKP^->c~#o18acjOXnUvIEmoDc2#vhOdTTq)
zZn3vab+oOfKQB~mb&F$YZ5{h~ZSb*X_hMC%9lvz`dw%SO56;Am_Tf#o!w&!7Zl1P_
z{=eHU{r{W5y8r*+h7tPpvwD-%i0RB1GndGjiI6^cb^`97#Lq!3GaUkM{lR-&hBPSD
zfuj&CUPABjDJJiP_oNNOUu!p8XXO3`B7~b0Xt~auMivVL$IQDAo$!TV3<+JAM8QM+
z?1b)L$V;#!69^@tJM|)nHuuZeC0<Oxvo?Yd>dyn14KIjV`cpTgVxW2Rhy)MxVxW$R
z;zkja4P4(1of*-W_cLz-l@)K|`jJbVh%68nJ-O4gt$l2WnKT3fAh4%u{)M<6l%wpl
z*V^?~DlOr7LZGkSIWe|BB*6kJzK2G?keLImOKa9?7nmRj>tgsMhQx~_sUH6t)Bb)~
zhA50o-PrMF5mcz{74{I@SDvK0?|`1A3hljfKKfZxB|?a-T9VP{1w2R4bW9b@3Ir?e
z7^0aiV<9(vnk-HrZamDK$LJ)49&({aK=Bhlh~~@iAv%d*s3$Hh>NP7L7C!eF*W#uB
zXO7EgQVwY`_;yCJonk(N-&gB@iuW}7RL#fGtu0|jY?J%Nk)?#+11y}-nIACrBkWrL
zwcBTf_}@G~Z<g`@EnwIBkJ$%}Pka=4k3NlFADqy0?q?7e;wKi}i0?wogb?MjU?#^H
z#iQlpqZ`FgLg~_K#CPUU_uhSku<{IH6qu6b0&-pm@(_n-ZXDCd8V3a9z2`qJAt+;X
zoI_?1%ySI@|1~8v_W01=7s`$XD|bz^MHoD0nn=IW%;pj=IOg1YZv50tuC4^$w0f=6
zX1(2knBK%=Cn-zfLT}ymhYyq1MeF-KbMmgxldJd$S<EB|r|+5kT!i7+36;-I(=fzR
zBo}H%%UKLcf=c%+U5KDBF>~=)=D~QACkHYZ*M;s4J?Kn76NP$mTtPYRRdx0pZe>+a
z#-c=+S=FIIMHIxPuRSOJpI|i*hm*0x|3d`m7T15B&S~lY-vYAKmO8+%-I@~K8s5U|
z?wtSUoAdv?y#MniaHE?xFN#L5MH2z~zg5vj#s;=sL0aZ3*owAUt`UFtun1<}<mIq3
zcHaMOZp{B?vyA_50-tgJSEnXY-uo@@{l0qdmwA!>-}gOY4{AvY_`H_nK-UymxLaK-
z+JGq1jijX4@<_HWuf~RHRq&2yzAk|^&)PLF2$F7XkUczaqbguYvDPbOugEN-aeCxI
zG&DVbjblac;Bxc_i*X(eCDPXvMZ1;NLE1N?F?89LL=+zS0Qhno{V}A!OM=C5lv5eU
z|8F5&&JOwLm%@(te|C0O-2VgQ?K1wq1$;*QH_$}BH2j~y*?E}*{DE@->PhyV0(>P%
z_lji^w~&ZzW+J$UEQc@BYlb|KRX$Bjh{0P@zCLa^Yrt{D8`pR(XsSxHm!#a1M{D#$
zun*jdmbH)WRm+#t%|u7!zXRL^mmc4l?=yT+?R*mv28K4)D?gYL>pfmkRu@o}zfxp#
zD2XeiAt}%kIfSg<@QR#6j8)6vh3h<xD&1Bx)x^O6F2;;0ct&sJyAx`@3vcqva>1S!
z;jF?(4M!E(|KQBL={wArP^(>uS3FtJxygW^Ox#6GMAghmidHfnyu_`=K`Qe(2yyEq
zRC&j8J=T}U{o6G;taX_js*LXWkCb;KVRxgeK!oT#uVUs2tT$+i;-Jp!;&!OAi+8Gu
z7zT?1)9Sr5t<paKSKzz#I=XMN2;C3hWtfYc1qu1ROKZ-8VCqim)In0g>A-Cc-8Q|q
z(cpuyWFT|qLWM4ZFeZN`-40|W)a^!3&NO(Ag2^utZR_JK2w&o*PXd3fmw+jgy4DRv
z(M8LmM=Gq=?Q~8%|1po{bd$#?)HBUtI-GlHc)Q)E;>4k#V|PJ>oRXETZW<F#1fYF*
zo~DDu0e8BHp^OZO?jf|8PD45vltl}fcF!&@F7n(bGY`!sKfx0VJrY$OmNxjb6Iov#
zr?)fNX3-jD^$9AvM>C=N+WFa`A&cL2%;XLu<J0+ntKI5$F#kV2@1AzfyFk}!pLIHA
z{{I%R_q++C$|}FVNmAp^maQf0rpIb-PeSQ72RFujAfJ(mQg&6wZ{+w3=MggdSrmZN
zo_Ri;$K)xF7nhC3^Ye3kRSi5rW6tQKLgVUB@qD)byIUNW_*9cvgeM04jtSoAkqG2Y
z<ccV8ChlEs1rjmC8tb;CLP92qy*oFm96~#$-VG>WfHE4WDT9i4`&Z~jGOjdJw(feZ
z11bWb!>|lcpZ)8g^8?A~9kBU*=zRm)ehWG%MA^Rvec6z1A>}`$60qa|LmI%J40B|#
ze<iLISZu&5#j+J`VAGq)pii<YS;OJ^6|PKFF}Z@pn<ewA*;50CSlMNpBA|0%?ZT-0
zvLf{wADplONpEBBMiDw5Rz!C@_o|s6z5G*z|Ejdq;s=_l+@(V35)4?5c%jg2c5gRX
zVXZaY&_TK-85_jrYxvRF=x<^ZKLYrbCixxVUR(!MrD6%X-B<X5xxpe^-L186-=liO
zq16ar_!iiWMpQ5+jr2L366j-b9nFJ1iEtE?X(9lv24^ys@88aNL&xQ?WP-Y|*zd~&
zTj#A|uX_9&UW&5uan+TV$G@3F-jLR@U=9OGlXbxM8p|kz5+`&UzsB~X8+eO`B7xzq
zq{uq`F(r!{pm0qs5DZ5X$3THxDiyU4nK=@$#x$aP&%bQYA1Wa`%T8v&#F-T@kq(-t
zONP=*$r}qdoS{9MmS#v)c<4qkC<B%>)R^zE&7lMygwjV(P%yqS?@VlMuUbVzI*fA>
zVUYV^0%I@-iyDKFnhF?4gN!J~z!-J_Q=n@hTa^0zSh0FOtc`PSC`DJV!oZnMoG50C
z;FHmE7JIqtDJ;0vAU0oMEt5?qicRi%<k7e~7gaNK7ddRTf}B2EVim0A$FVe))|<Ws
z#hy0(2aFFBKnxhmA&jO0W2tijjOK`rEKd9bjH>}&PtZpAT4?XP2$s#qzhTlEeS{NS
zPJH~^@o&*f6ua|}Fu|uTZgi$;@5k>dhB?gDjh;5E0A>=*@!e7&KS+NS5(ers_0_aE
z$VAW}Ajs-~rKGECn|iSx+o22vqG-#y4I!B~B^GWGWx|TSfE>xHZ1Pv8q*`z)rpYe8
z&5PX&=oKP)y?2Ee@z)aNbH$soV6)iBIA`;-SA~dvlH>;`SvW%z7KXg6+NNND6Hd4a
z3O~|ECgUL}5^vbx(pZr;(iO>K0%4{=6ov_EgS*s}G2ZrMWTJ#bwl$PgyjzhXEjqtY
ze_6+y7)*kQx+@akZn_Ksjuf&?cB*2sz+>_v-l_ZuG+b##*-Ag@V1G7!k}OMRhSUrz
z2^tL5=OGiIPK<Jf^yQW}M4Rb{ceFu7+PM&d1}ZrFv3jj)x6o~d%mNhFl%Weilm(`b
z!#-x6aU`pXtV+Pi5{4-y#xWbjs9+sQGr%Ge(P%-MU#VP6l5QK8ZLLHcp~}g-wx&%J
zDOx#ApVkd6!&(YWvD5+d=K8W}#6$mx>~R4Tfg0N|@>xHi9k3Fx#<8yIB5MlkMB5zq
z`|?k{UyuOYqfB2vpyXpq`pL#y|JvB<b(;{L#}Fb7xRPw6FW@G9N{FusjO3rCUUPMB
z=Vp^i^FZo@Swk@glztpT!ft18z9m#NsiTqE3F9nWr@osBXR4<~6opEgDc(ZE&rd|w
zWHx~qk;&gc6SE`;i71K=EW5UZtgB5AA4M|MPcU*;N}wAuOjEsAZIe^_hsPHDwb%bJ
zcfgqm6|@^!Os6r!8RN7GV>72|G7Au=5AVPO@QMxdBu5ISwL-9DAIwxTO<2n%oq;9_
z_95^(l$+T!zSWFt9(qL;S>>N4L$g^Q(o0R1+W6C}9mcooG@-c$?`|bIuL-_AU7}MD
zf5^2JI3^tzM%W*8_e!?H%9o^GU^Nf(rOcpL3!Hpevae>f(AgBomNZ-Nuhv+tVm8ZG
z>zM5d?71(u4C091LAu5TGEeSc0LR4IzgV1eSF(kEJe^4!*IK{N78xVnyiQBenAv%`
zZTNo(BFH!oEo0~YUv~dLzyIf~Q||wN6DYj@neO?)Ou8|0qJJ*k(3!gK7jFOQmOFp`
zz&n4?hg35~l4mQso~zJW^tlREa}MZyBmS565pDT!6t{K%4@bWpg&C~CVJ?^dj1-4E
zfav$8fb@#Lk`>vygHD4O`QunJcoDcJZ`(BM%|@$x@{bD0X>~6Eceai@2Yc%>R69Xk
zAnN;sjLUtp0!IZVGkZ>s&&^>Tfbr2zr%&jzN9j@J2r1tkr|$&4=eTB_{xzDwGJE}}
zjNgA8h~i+eaHj{|2D~f&w@-`Te`v#58UNn`UfciM$>jn$6Zx<6fL6Oq0shD-K+Z-E
z@EXt;ZpK}&_eGmx^P6Fl>x~_B$@iYJ>)HlIt-v{{v5iyuX{gWVl-AgwO+O>Gn+v1d
zAWOd{wVMH>+#qA0s@h$hHor_W-T>ms;lBX6>;3;$xA^`~yH)Q0dmA_^e)x`ob*JYL
zvRb?1Rq<99t?U&8ZEUTOmE0%tIO$jRF{a9D#lUfL@`a|at#1kIfE)3@^80_S&gS>u
zx@YD6zc+!;c>nKbG?DW4|1$f3HT$Pd<N#@Z@@>{M7$qOWBSnza4OAMUK0DWcjd%J1
zzVt=@>{XWZH5qU5;Vk=R0KF*l))Go6p@b4jD4~QBN+_X(5=tncgc3?9p@b5?I{X{5
K7;ilQcmM!V{rblM

literal 4075
zcmV<H4;1hpiwFRtg&1D|1MM7tccZxR{>7g{&q?ogUz7N^b4j0jC4g-j3>@I(a<A|4
zh)ojS+28`+TzYT6duJrT7(452*Ut8?Om+<#jYb-2G&2%{N#Of&=uCe3=5SC4=(gMR
z3Q)W@&f&h%>ed_W&Uv%d`ljA!w7acuNd16q%3vAAPDsc%VGzWhqT7}KJB6dl5iy^F
z(0z7hGje)LYHmEKMJc8>N%f<Gl>Hzip8pVpb0_u!pE&oyGA1ricy0taB!2QD^5D(f
z6B55HTvDAoKFPS9X56a4?uWi+jChN*Do1Yul_OrTWKHEb&eX<+AaR^1nHI<ChGuD;
zsA~o!OnMoclEIm`vLy^Fl^?tZa?Fn{Z73<aWSHdJZ;5RSmTmFIK(ZKtZSx~u6?vNx
zRRrtu$(=3S@X~=km^zob#+`EbZ#i9Xje7n2dgTY#pL!2z`M#xZ7Ji5qtCI0#!8IF&
zV#8LmwOP*K%|eamjf-6Vk7pOH#yaQ5d9&Cg*$_5ad*NigV7J>nFBDWI>q^#4TQxV!
z`)+*i1<|P=6<XLTa?$l|U9wmd`vh9vDik$&RoW~XIlfzHd#Bqi7L~VD8hMNL)^_UM
zVsDx1Xj@5tUMSk=7RS)qI`;9};A6?|#i}5?e(C)8{MZd2oQWIl!<uY|9rnLjZ#BXG
zpVzyMdb3;ap#ASQ&P)6M7O-yrKe%CpcD;R8C#S@8=8Kt2<V;0KA1pfo^H1XE;51Vm
z0%rZedt8RpDVzaEAy~YG-s4kD-U;tX6Ndk^3GSWTzkr8ua}`>yGpC-#LdP-l?n5Vh
zA?QOw*CkQ#5I;Mi`xo*OEXf31N$5_!2)xbxGIog<6R@ncAcXSs0A|ArqL%*D4QVyd
zym>@|2bvhDW1_fG1bGA3cSC1J^yU4`n?Pa3o49`D5+@=H#6?f;G;M1i8)7C60S5@|
zshEEut_S&8ciL;svqoB5!tsPaU%hi;Y=20C1r~e{jea3B2U?ewJfmG;LPb~>-6t_5
zUK~kh@vkxM?}ufGm653%JKijU0;hY0J^1#OC8_S)p=Y5&bMKswe%4fp5F)FVWb}Cf
z?-4W|Lj|(}&Wbw*Z)VGw$xWXoixco04>RX6ItihNT<8%H{KOBU`7(TnP9hlUiA%G3
z^~#5Z&ppPc@zVb@$7M7rhcp{(J0sanF`vQjtK~n%dm4SJ<YVZbE@4J&tM`jNO9{UR
zSU90GKcMeN*tPy^Hrs{uU;Vt>DgFOjz^?Tl(+}#O_$cxoed@hFIHBj<&%iIlPt3a!
z-vyruF3M%jOpeiuN6W`YH;N&L(xt_S@64g>z557m<r&;4FeS?c#Ju3-!4J>eIHsO8
z4hZ^t&wpHkQ%3JNhsYq9=NbU^Yf7l^@u9shlpS?e?wVwaFnG))k$$C-%_Sx{X54#j
z{8Ud;R|0QZy+*5k*6e^!uj93o<RyNgw{H5whe_k2@qL~-c~|Jkm4AdNW)g(c_pJV$
zhvC=_t)JbdZit0QE|iRxvlxT~k?vWz5J6vJ<l?c&gYhO$4n#1n3*8%f(3yT#70StR
z1>v|?#o4pFl~q9*ixOdKbp{P8qQEbG?K$!P1gn8KTpc^?KX`y{asRK=sh9TuEg%bR
zsR8`jttsKH;VrE0&iQ}7Isebg{r@+C8{M>dQ8aoD8VJz;jfyrhHn7bK(lT4YR<!kU
zjrhBVMKJRwFNdvT=l*Y<&i`f`5}oEbUH_Hy|83wi_J4J%BIVw1x%d0(-Y>Hv```CH
zVh?Ib3i!O1<UrRHS-4xJ6>UHi=|)o0v^<in%d4?rS{2;!%$Fsw=2=Vgf*|SE2HC^&
zHmU-a6idBA_DY>aG)|8^h=!);(>PXi2bZHin2qyjD3QLVDB7*84${6EjiJk~B%<)p
z2f&x(=#L@&T@oygqnt`V{(lSMa(2i^zZ7=(|8~1wJpWVgw#w(fZvvm;{|!`;FLnPX
zaCctD0Ds^ZfLfBhhX7v*(z9Zj$1MaRn~?~fA<N;5^qL_LWR*_?6Jqd|lrN75&T4QS
z@y0c#1x;0H^pfOT@@S2I2>O9X(X#f@vugQ#dYI^l{C9wd;L__m^L>Udik)vF!obkR
zdgTXGV!g*J$|?ax`71>>hmyEL8j=D%kweJp4X?;K#8|ZqUbxQFsM2jE6HN^K?_!LY
zf@icwzB{4nyYMEzEEnu)5zZ=n)NoXh{SVH}o4&({38mT<c*T<iotq5!$;4g6L{!aO
zP0^~32QM*eagf&e9E5mu5{kTIu^#Ko<NobhJ*;(EJyaOo^B*biTEgx|SAhu8d0xfH
z6IgH16sv<WuUEH2lwG`2QN%D<6qr`;ooSW!`M(0+Jv&45O%|d10jvx&k+UEnzjtZL
zSrAO!=@~VUwBmH&HivGT+}mjIL0B@7Id!3xE`l&7e<j@xL?zVhMo-Q(c#eX}FA;6)
z<17eY;-yalf325*DXVp@8;VsIHH%(pWvAUvr`7q7c`T=!JU$_wX%5rj+)Klo%_gl*
z911#i7kJ1iS?TJgGT}r3+K1<9I!GLFr;8ZM$N=viLW}7%q=P|OG>~bxeQ|M-=RTQv
zs5bcto@nTisPeG1!Ka<b`tms4&SZy0PbsTUP|-7*3Dwt*&khZl|31S=?l5(HI{t4o
z8(q5p*FJAGx^RW~zu9h=`+si&dykvYtE}Stn<O;uY&lx8u6nHG_8^oVb8urk2l5$_
zC}me={6>zya2_GDpG5%}?V0DpeN3L>cyU>)JwHF6t%`vqsLdIDRA}7UQ#_yTe|L-H
z5}Rrgi}1vN-!Z|B9*IEgM6QSecjDgbtw11VSYzFmR0zl<v3KW2l|x9!#Jd3@3=l>G
zF=Y_(ZvO(^NXC_B%GO=4aX>);bQqQa%CmnNbbcTiy#qGC54~?d+iyVzg(&-%pf4NJ
zErk4s6atnUphyGwlVOew_AkVh0*eh;rC7G24Q#rZ4Duwak~JLOU*XC`6_XS!-Yl6{
zO*Wwrvr^0^ML_Ss;)Rj-Wku@MJ~&|wqTbrvjUu!>EQ=m@?o~5Gdikda|5a(O#Sb)9
zx$CI`P0}?OupIG1q1|kAH(6q>wcXI6c1togh|SmVqp{K7#3qIW@GD93N5Z}M3{aJd
zCFpiv;Roghi)?wf*1mlY>k)@)BY@^xpg0;)L7Ozv=WtG-k;R2H4+<s1RZQlI0JIw1
z$(X-?MdJ+}*Ta$t;=*dbFAr>;w}!py@o$(EW#i+jD=&|KGl#q(tz$tQ29hT0fbG?m
zQ3yFs=+=IX?MFB87Bxiz&0W<Z>-5KzEUJLQHPt{+98DYp1#+oW)INmfNWdCXi|#%D
zvPOSs4cT3GGYclpte8YPXr3+^N-rg^E!=R1`e<63A<@c1H;O?R(4?WpjE8LwB`_hB
zK6-+T@s)XJVrzTVDk{=ptcwVP+y@mHgF0AL8H7|-Ksjn;L@@?Bu>+_AT@2Zx)aS>F
z)$?I-oU=nIx_T7`&UE5LF<S+njFz+5%cZBV;#Py$e1XMGHkl|k+4jhzad|GPX6P<*
z*lGnieRhpi(3T&^(pXw=`W6&>-1HwXK8y!3U@V6)ng)!e&IvG@BRaA;@eeSr23S2o
z8{vDQz3(DeHy{6oQET)OZg4&E@o&e!MK4k8&OgEgpSpO`nZ~^zzpEJLFjqEu+AIQ?
zNifHkOM(0#{Z)t<sLj+@)8Zf#K?8>%s{`gjS81DCu^v033>l(m%eoCdnK!|<p(jL?
z2}}9{awMy=$zPe0YQe3TM!WbrFLp1WSBT{O-W6iRUrUtF6>rLd&3q%{oXyW(6+HS$
z5+Iyp?hI8}81k}en}PvGIN>TN{74^}jEA5|ykUb$V_DirS0sy72r~t|FicPz%%!G`
zao>}Xi4qdo)=*M$yCOwebbg`yvW~kLtOgNfS0upQbQuB+DTJBqR>fd}$LK}8Q~41{
zxRQ#pm44De|7`jwS(eNUsTo${G#IMSLnJ_r808G%%Pnt+Hj@vxw4sW$bHN1-R512q
z^;*?#q1z0ZIVdbCLl;0*7N|ZB`<Qjck*q4RDgh@;7^aly$84xZ1?@<h0UD81jT)r+
zmCCgw>9%3n)~bpl6ghd>*0gCLMGL3l)4HN%SWBTHmO6mmTwgbhc<3LIJuhHYpu{$e
zeAW-B2P_A)ajdJl$eO}B(Kg5ZzWh_~7bF1lDAV^3DEZiuezI}zUmIJ!ZXMk77+j<Q
zDakha0-n;Rg!rDoNd8&s)mQg+ZZ@ej4x~1iH56k&>Blid>~{9*TS7&HI_jC7FwWd{
zYP(tGO!PF1qEKiv#apQO`H9Gy%q9>cGWi>5Vip7;5k=8~Wob*uy4v*cStLXK1S4mq
z1iB%^G}U|6CTY<>yf)ykx&DW-1I|n+pxww~I*l357^h7bn>k67S%5fwcn21MS8SLk
zIZ{xq6@mr(pr(>(!eTDz3{+9j4}sSq-^`}*t!7;F&?~CQ3jZt_n$7x<CN))R;!p4N
zFt%N%0nIg7cPoi`O|b3h8l77BLoTksFzL83!v3JgSF$BmJ}0#Tt9h8uWeUAo;N<g?
zgEgy#&Sr&dNwWq2YKhe<W;1WKj@d52p8ImkAdcu3(lxG-d2$B>I40KqtHn8YC0l66
z)0wo9*7|+6$QbeFb()LH%<ju`!~Z)FLBM(FI(DA_?RJXif7+dL|Nl*(@cw6d<_81m
z+Q^CixpYHk>bhTe{HI%<{P_c){6QO1%>+rFt?YWPLQB!-Dpbrlp!1FRUphy$<-<|j
z*7H9c{dN=vumXpnT>djs9G(E8-<tx`EB;DWWa|z(4P4}pW69t};F`Q`Q$MTM8r_qB
zRG^+l_X2S3b=*1VTbH4l3F-n--zQ{T?voWbDlnPZb8>uc4)Xw%k9InJLYF;Ck19t<
z`R+J<C+I!L)z9c(tqv@+*MCa){l|eQ4i*b{deCFQyZnE%)h@jM1E})--#3BR&i{6D
zu|Q5m{_8lP(JVuNKXM3=(~$$b2K0r8ao5Xz(V^J<Vb~<Sae^-S-cy!7-Jm!va862W
z<CK0H>hn3JB{pc&&q(d&!YDV$(yvMFX22*n$k?Z<b{D73FT;#CfOvBFFF@{k|G&{K
zzW>u~beg6Ae+xJ&e)x`ob*JYLvU+;OtKzLJTG=ZG+SpnlE4fePani5sV@#FRih<+g
z<O@w-Tiz1Z0T1GT<@f(!u5Wz*ty`Y|eH-|U_y2xI6)9i;FQflgqkn2d4iNSy-)2pn
zQSvc7QUqDuK&39~vt#|&c&8uWOJC&AUS&yNlkpZG+SxY)Xrhc;ODLg)5=tncgc3?9
dp@b4jD4~QBN+_X(5=!{$@NXHRir4^n004XO`OW|U

diff --git a/shorewall4/shorewall.conf b/shorewall4/shorewall.conf
index 5e800f8..11bd54a 100644
--- a/shorewall4/shorewall.conf
+++ b/shorewall4/shorewall.conf
@@ -39,7 +39,7 @@ INVALID_LOG_LEVEL=
 
 LOG_BACKEND=
 
-LOG_MARTIANS=Yes
+LOG_MARTIANS=No
 
 LOG_VERBOSITY=2
 

From 09792055fc7939efa6094c8221b05931b0175abe Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 27 Oct 2020 08:27:30 +0000
Subject: [PATCH 08/14] Update v2ray config

---
 v2ray-server.json | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/v2ray-server.json b/v2ray-server.json
index d9f3525..5d2b544 100644
--- a/v2ray-server.json
+++ b/v2ray-server.json
@@ -18,7 +18,7 @@
 	},
 	"inbounds": [
 		{
-			"tag": "Vmess-In1",
+			"tag": "omrin-tunnel",
 			"port": 65228,
 			"protocol": "vless",
 			"settings": {
@@ -72,11 +72,11 @@
 			{
 				"type": "field",
 				"inboundTag": [
-					"Vmess-In1"
+					"omrin-tunnel"
 				],
-				"outboundTag": "WH-Lan1",
+				"outboundTag": "OMRLan",
 				"domain": [
-					"full:WH-Lan1"
+					"full:omr.lan"
 				]
 			},
 			{
@@ -91,8 +91,8 @@
 	"reverse": {
 		"portals": [
 			{
-				"tag": "WH-Lan1",
-				"domain": "WH-Lan1"
+				"tag": "OMRLan",
+				"domain": "omr.lan"
 			}
 		]
 	},
@@ -111,7 +111,7 @@
 				"uplinkOnly": 0,
 				"downlinkOnly": 0,
 				"bufferSize": 512,
-				"connIdle": 1200,
+				"connIdle": 2400,
 				"statsUserUplink": true,
 				"statsUserDownlink": true
 			}

From deb6350860f28d069fd923a2e100bafbb60892c2 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 27 Oct 2020 08:27:45 +0000
Subject: [PATCH 09/14] Update OMR API

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index b26ca61..82cca13 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -40,7 +40,7 @@ GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="7f44bd857ebd67a6b6da1f717e1bf1de0381f599"
+OMR_ADMIN_VERSION="de656bffbc30b37d82afc4eb0ec2ea0322d0be40"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 #V2RAY_VERSION="v1.1.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"

From ad5bf18f710c3afef1a7453266c8da492627503d Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 28 Oct 2020 14:55:54 +0000
Subject: [PATCH 10/14] Use cubic and bbr by default

---
 shadowsocks.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/shadowsocks.conf b/shadowsocks.conf
index 8de0b56..302bbe0 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -45,7 +45,7 @@ net.ipv4.tcp_wmem = 4096 65536 33554432
 net.ipv4.tcp_mtu_probing = 0
 
 # for low-latency network, use cubic instead
-net.ipv4.tcp_congestion_control = bbr
+net.ipv4.tcp_congestion_control = cubic
 net.core.default_qdisc = fq
 # Default conntrack is too small
 net.netfilter.nf_conntrack_max = 131072
@@ -56,4 +56,5 @@ net.ipv4.conf.default.log_martians = 0
 # MPTCP settings
 net.mptcp.mptcp_checksum = 0
 net.mptcp.mptcp_syn_retries = 2
+net.mptcp.mptcp_scheduler = blest
 net.ipv4.tcp_ecn=1

From 0b650ad217a5c0c5ead46a5c5fc0b6ae330d8b9b Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 28 Oct 2020 14:56:11 +0000
Subject: [PATCH 11/14] Use cake for glorytun udp

---
 glorytun-udp-post.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/glorytun-udp-post.sh b/glorytun-udp-post.sh
index a62144c..2c1dc40 100644
--- a/glorytun-udp-post.sh
+++ b/glorytun-udp-post.sh
@@ -12,4 +12,5 @@ done
 	ip link set dev ${INTF} up 2>&1 >/dev/null
 	ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
 }
+tc qdisc replace dev $INTF root cake
 ip link set $INTF txqlen 100
\ No newline at end of file

From b792232e720bcde3f01fffdddf7bddb5339992d9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 28 Oct 2020 14:56:25 +0000
Subject: [PATCH 12/14] Update API

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 82cca13..80b23dc 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -40,7 +40,7 @@ GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="de656bffbc30b37d82afc4eb0ec2ea0322d0be40"
+OMR_ADMIN_VERSION="6392c3eb25fa44d0d77b615240a7b17c6b5eec66"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 #V2RAY_VERSION="v1.1.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"

From 956245a52366cc7ea66559f07372284cd999ce14 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 29 Oct 2020 07:47:31 +0000
Subject: [PATCH 13/14] Update API

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 80b23dc..8e83633 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -40,7 +40,7 @@ GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="6392c3eb25fa44d0d77b615240a7b17c6b5eec66"
+OMR_ADMIN_VERSION="8d0706e8c234f9a0eaa88ace6d58c2d0f45156cf"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 #V2RAY_VERSION="v1.1.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"

From 3ba380d2fee4a51efead3500260320e7f0e88022 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 30 Oct 2020 14:21:28 +0000
Subject: [PATCH 14/14] Check if Glorytun TCP client side answer, else restart
 it

---
 omr-service | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/omr-service b/omr-service
index 568ce7b..114c1b8 100755
--- a/omr-service
+++ b/omr-service
@@ -27,6 +27,12 @@ _glorytun_tcp() {
 	for intf in /etc/glorytun-tcp/tun*; do
 		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
 	done
+	if [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
+		if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ]; then
+			logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
+			systemctl restart glorytun-tcp@tun0
+		fi
+	fi
 }
 
 _omr_api() {