diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index db0b987..152084a 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -23,7 +23,7 @@ GLORYTUN_UDP_VERSION="a9408e799ddbb74b5476fba70a495770322cd327" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="9f69540b62b9919123dc39e256421ad4d55f51dc" +OMR_ADMIN_VERSION="0bee06d21605c9d9b4494a77e71043ce432aa5c2" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" #V2RAY_VERSION="v1.1.0" V2RAY_VERSION="v1.2.0-8-g59b8f4f" @@ -32,7 +32,7 @@ SHADOWSOCKS_VERSION="3.3.3" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server" -OMR_VERSION="0.1012" +OMR_VERSION="0.1013" set -e umask 0022 @@ -570,7 +570,7 @@ fi echo 'Glorytun UDP' # Install Glorytun UDP if systemctl -q is-active glorytun-udp@tun0.service; then - systemctl -q stop glorytun-udp@tun0 > /dev/null 2>&1 + systemctl -q stop glorytun-udp@* > /dev/null 2>&1 fi rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend @@ -648,7 +648,7 @@ fi # Install Glorytun TCP if systemctl -q is-active glorytun-tcp@tun0.service; then - systemctl -q stop glorytun-tcp@tun0 > /dev/null 2>&1 + systemctl -q stop glorytun-tcp@* > /dev/null 2>&1 fi if [ "$ID" = "debian" ]; then if [ "$VERSION_ID" = "9" ]; then @@ -708,7 +708,7 @@ if systemctl -q is-active omr-6in4.service; then systemctl -q stop omr-6in4 > /dev/null 2>&1 systemctl -q disable omr-6in4 > /dev/null 2>&1 fi -systemctl enable omr6in4@user1.service +systemctl enable omr6in4@user0.service systemctl enable omr.service # Change SSH port to 65222 @@ -906,18 +906,20 @@ else echo 'done' if [ "$MLVPN" = "yes" ]; then echo 'Restarting mlvpn...' - systemctl -q start mlvpn@mlvpn0 + systemctl -q restart mlvpn@mlvpn0 echo 'done' fi if [ "$DSVPN" = "yes" ]; then echo 'Restarting dsvpn...' - systemctl -q start dsvpn-server@dsvpn0 + systemctl -q restart dsvpn-server@* || true echo 'done' fi - echo 'Restarting glorytun and omr...' - systemctl -q start glorytun-tcp@tun0 - systemctl -q start glorytun-udp@tun0 - systemctl -q restart omr + echo 'Restarting glorytun...' + systemctl -q restart glorytun-tcp@* || true + systemctl -q restart glorytun-udp@* || true + echo 'done' + echo 'Restarting omr6in4...' + systemctl -q restart omr6in4@* || true echo 'done' if [ "$OPENVPN" = "yes" ]; then echo 'Restarting OpenVPN' @@ -955,6 +957,9 @@ else echo 'Apply latest sysctl...' sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 echo 'done' + echo 'Restarting omr...' + systemctl -q restart omr + echo 'done' echo 'Restarting shadowsocks...' systemctl -q restart shadowsocks-libev-manager@manager # if [ $NBCPU -gt 1 ]; then diff --git a/mlvpn@.service.in b/mlvpn@.service.in index 2074d75..bda7c50 100644 --- a/mlvpn@.service.in +++ b/mlvpn@.service.in @@ -9,7 +9,7 @@ NotifyAccess=main ExecStart=/usr/local/sbin/mlvpn --config /etc/mlvpn/%i.conf --name %i --user mlvpn --quiet ExecReload=/bin/kill -HUP $MAINPID WorkingDirectory=/etc/mlvpn -Restart=on-failure +Restart=always [Install] WantedBy=multi-user.target diff --git a/omr6in4@.service.in b/omr6in4@.service.in index 71b3542..a2e9722 100644 --- a/omr6in4@.service.in +++ b/omr6in4@.service.in @@ -5,7 +5,8 @@ After=network.target network-online.target [Service] Type=oneshot ExecStart=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i -ExecStop=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i +RemainAfterExit=true +ExecStop=/usr/local/bin/omr-6in4-run stop /etc/openmptcprouter-vps-admin/omr-6in4/%i [Install] WantedBy=multi-user.target diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index 35205d4..d8fc2a6 100644 Binary files a/openmptcprouter-shorewall.tar.gz and b/openmptcprouter-shorewall.tar.gz differ diff --git a/openvpn-tun0.conf b/openvpn-tun0.conf index 2b09931..fc778d9 100644 --- a/openvpn-tun0.conf +++ b/openvpn-tun0.conf @@ -6,6 +6,7 @@ proto tcp port 65301 persist-tun persist-key +reneg-sec 0 duplicate-cn verb 3 server 10.255.252.0 255.255.255.0 @@ -14,7 +15,7 @@ cert /etc/openvpn/ca/pki/issued/server.crt key /etc/openvpn/ca/pki/private/server.key dh /etc/openvpn/server/dh2048.pem crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 10 120 +keepalive 10 240 sndbuf 0 rcvbuf 0 tls-server diff --git a/openvpn-tun1.conf b/openvpn-tun1.conf index 29daffe..a5028f6 100644 --- a/openvpn-tun1.conf +++ b/openvpn-tun1.conf @@ -4,6 +4,7 @@ proto udp port 65301 persist-tun persist-key +reneg-sec 0 duplicate-cn #ncp-disable #mssfix 1300 @@ -14,4 +15,4 @@ cert /etc/openvpn/ca/pki/issued/server.crt key /etc/openvpn/ca/pki/private/server.key dh /etc/openvpn/server/dh2048.pem crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 10 120 +keepalive 10 240 diff --git a/shadowsocks-libev-manager@.service.in b/shadowsocks-libev-manager@.service.in index c8d60c6..3a5eaa8 100644 --- a/shadowsocks-libev-manager@.service.in +++ b/shadowsocks-libev-manager@.service.in @@ -6,7 +6,10 @@ After=network-online.target Type=simple CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE +LimitNOFILE=99999 +LimitNPROC=99999 ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json +Restart=always [Install] WantedBy=multi-user.target \ No newline at end of file diff --git a/shadowsocks.conf b/shadowsocks.conf index 0325bb9..00337dc 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -50,6 +50,8 @@ net.core.default_qdisc = fq # Default conntrack is too small net.netfilter.nf_conntrack_max = 131072 +net.ipv4.conf.all.log_martians = 0 + # MPTCP settings net.mptcp.mptcp_checksum = 0 net.mptcp.mptcp_syn_retries = 1 diff --git a/shorewall4/interfaces b/shorewall4/interfaces index 09e61b0..b667114 100644 --- a/shorewall4/interfaces +++ b/shorewall4/interfaces @@ -15,9 +15,9 @@ ############################################################################### #ZONE INTERFACE OPTIONS net $NET_IFACE dhcp,tcpflags,routefilter,nosmurfs,sourceroute=0 -vpn gt-tun+ nosmurfs,routefilter,tcpflags -vpn gt-udp-tun+ nosmurfs,routefilter,tcpflags -vpn mlvpn+ nosmurfs,routefilter,tcpflags -vpn tun+ nosmurfs,routefilter,tcpflags -vpn dsvpn+ nosmurfs,routefilter,tcpflags +vpn gt-tun+ nosmurfs,tcpflags +vpn gt-udp-tun+ nosmurfs,tcpflags +vpn mlvpn+ nosmurfs,tcpflags +vpn tun+ nosmurfs,tcpflags +vpn dsvpn+ nosmurfs,tcpflags diff --git a/shorewall4/shorewall.conf b/shorewall4/shorewall.conf index e82701f..2061a8e 100644 --- a/shorewall4/shorewall.conf +++ b/shorewall4/shorewall.conf @@ -144,7 +144,7 @@ BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" -CHAIN_SCRIPTS=Yes +#CHAIN_SCRIPTS=Yes CLAMPMSS=No @@ -180,7 +180,7 @@ IGNOREUNKNOWNVARIABLES=No IMPLICIT_CONTINUE=No -INLINE_MATCHES=No +#INLINE_MATCHES=No IPSET_WARNINGS=Yes @@ -188,7 +188,7 @@ IP_FORWARDING=On KEEP_RT_TABLES=No -LOAD_HELPERS_ONLY=Yes +#LOAD_HELPERS_ONLY=Yes MACLIST_TABLE=filter @@ -196,13 +196,13 @@ MACLIST_TTL= MANGLE_ENABLED=Yes -MAPOLDACTIONS=No +#MAPOLDACTIONS=No MARK_IN_FORWARD_CHAIN=No MINIUPNPD=No -MODULE_SUFFIX=ko +#MODULE_SUFFIX=ko MULTICAST=No