From 62e01c46a687b636129cbeafb655631f3f890180 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 3 Mar 2020 15:09:42 +0100 Subject: [PATCH 1/6] Update omr-admin API --- debian9-x86_64.sh | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index b69f5cd..648e3e6 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -23,7 +23,7 @@ GLORYTUN_UDP_VERSION="a9408e799ddbb74b5476fba70a495770322cd327" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="9f69540b62b9919123dc39e256421ad4d55f51dc" +OMR_ADMIN_VERSION="6cc1a3236a61344a03245284082a9602da709aca" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" #V2RAY_VERSION="v1.1.0" V2RAY_VERSION="v1.2.0-8-g59b8f4f" @@ -698,21 +698,18 @@ wget -O /usr/local/bin/multipath https://www.openmptcprouter.com/${VPSPATH}/mult chmod 755 /usr/local/bin/multipath # Add OpenMPTCProuter service -#wget -O /usr/local/bin/omr-service https://www.openmptcprouter.com/${VPSPATH}/omr-service -#chmod 755 /usr/local/bin/omr-service -#wget -O /lib/systemd/system/omr.service https://www.openmptcprouter.com/${VPSPATH}/omr.service.in +wget -O /usr/local/bin/omr-service https://www.openmptcprouter.com/${VPSPATH}/omr-service +chmod 755 /usr/local/bin/omr-service +wget -O /lib/systemd/system/omr.service https://www.openmptcprouter.com/${VPSPATH}/omr.service.in wget -O /usr/local/bin/omr-6in4-run https://www.openmptcprouter.com/${VPSPATH}/omr-6in4-run chmod 755 /usr/local/bin/omr-6in4-run wget -O /lib/systemd/system/omr6in4@.service https://www.openmptcprouter.com/${VPSPATH}/omr6in4%40.service.in -if systemctl -q is-active omr.service; then - systemctl -q stop omr > /dev/null 2>&1 - systemctl -q disable omr > /dev/null 2>&1 -fi if systemctl -q is-active omr-6in4.service; then systemctl -q stop omr-6in4 > /dev/null 2>&1 systemctl -q disable omr-6in4 > /dev/null 2>&1 fi systemctl enable omr6in4@user1.service +systemctl enable omr.service # Change SSH port to 65222 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config @@ -917,10 +914,12 @@ else systemctl -q start dsvpn-server@dsvpn0 echo 'done' fi - echo 'Restarting glorytun and omr...' + echo 'Restarting glorytun...' systemctl -q start glorytun-tcp@tun0 systemctl -q start glorytun-udp@tun0 - #systemctl -q restart omr + echo 'done' + echo 'Restarting omr...' + systemctl -q restart omr echo 'done' if [ "$OPENVPN" = "yes" ]; then echo 'Restarting OpenVPN' From 3f4bffd1efa9c0dbae271a4146b897b02d0f977b Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 3 Mar 2020 15:48:10 +0100 Subject: [PATCH 2/6] Update shorewall4 to remove warnings in log --- openmptcprouter-shorewall.tar.gz | Bin 4022 -> 4017 bytes shorewall4/interfaces | 10 +++++----- shorewall4/shorewall.conf | 10 +++++----- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index 35205d4a7af607260a4ee5ac279a89e71d04bc42..d8fc2a6ba4c20b348b24a9bdc11e225f1fa524a3 100644 GIT binary patch delta 3961 zcmV-<4~FozAF&^QABzY83vOOs00ZqDYjdN>@xG#8F=acs-HNT3^*B4FTrePs7y$>! zK3}DZ!V4^a5RzA$tmIAZXzvQ>>FJqndb)dtfl1)|ap+8b{^oE{ z2k5j~^axNqHo9=$IPcUOt#-G0e*R6p(P(wfzajMl_9=sZWfVIhA>V{S5PynpSNZ=b z99NEs`4oiivoo8Kvolh2<4G+_F||o*9~GqR2O;tNhaj9gu^0Hnxet~xae=~fBPb#9 zlNXT(Z|0to_+{aeqq*agjN4hp?FiU?-`9*0Z;|uL@tZ*9m=`QrQ#p<^wXq>c94AVq z#c{f!SsEvQ>Y4!;COwQz$>7Xe*%F48%J<#_IpN2aHk1@yGEDNvKN8y(EZgFZfn+fP z+vZ2SD)KfXstDHQlRI0u;iUsQm^zob#+`BaZ#i9Xje7mNdgXi9pL!2z{l2AdR(^;V ztD5m-!8IF&YQyv9`DQ(XHw!Ix8yC6qAF3DUjdjj{jc&8pCD{-*S$pARy<(@+=@u%g zl656(rmdQr^?f(K_k!rmj|x3JFLKfKZ7NwTiaLRwpBJi{yee&0jU3-C^u68b6syWx z8jZZgdT-nHPElK?I@(s#pBJh&I>mcvZN2yL+RewBor_gPcKp)u@AHpsX*8TqnH;mA)x2kn=MoeeEn7KsGOoa5ovlDRt zBz_LgGSea8)*rmbWk`cU6*vmP;wAJRpJMV(cu$&e`_GyX-pTz7LyNg zLPJ;=!zVE$UK~l)_?MXK`(YVkV`S>ajyH>-!r5M753zmaNsjg%(6dybxp&UTKWVB& z2$5AwGWxuL=LnjPse)O7V8xw4G_z$aHbpZY;GUxp9S zX#}@=;?kmCz4Bq)E z0ewHhF8|+bwhH-wz1wM*{{JmtSN_lJgZd{vio8dkdan;o=sEW@@C)%1^KQgX*J?IbEtdoK7w0$1~&>!$#MZX4>)=7!!tLIsb`IU1A_kE z^BTnCmBaHqbDLP;cmgGX1P6l#}BM!f~&P zvuAfJtAa8XCBn?A3LPqoU%_U7H1#iDeJbH= z!y=e@lb6G`v19z>@(^ABYr#dk*`@Qpa{Rvye8&2pPEDj-`zzP}US0cRUS$94e#h)V z9Z3P7*O46Pnj#B#t7}CY5JkF?l=NC2$=2o7*f6aMu7~C85}5O>UGst<>DC6>!}B(( z0+tkOy+Za%n?*DZk35KfhNkDQ@m|sOJ&yihF^;35MEaVdXt%ODNOdzBgUYTXqVS*t z;LCCJ$B_Oe2^PmuPGubb-9osW9rDp1g&py~)oK;@f7CnY-7@~a1$;*QH_$}BH2j~! zS+~pqe#1Ec^(1>w0lpHXdxf%yTS!DUGZEZFl*1S4HA5cADxW5QCdA+^DPJEq9M#}B z;*D#(7Bp3**-KJx$)h#;A=n3QMaud|_bTPf>1L8+^4|e&f=Z9?%=a0-D0aS!2m?bK z>y__KiD{2ll+^`P<*yXk97^H}X-EoaB8QOG8(xufh_PxJyl|bTQKj2TCYl)d-^Q3R z1<&Y>e0M_4ci~NceqJuv(;^&I_^9EyBKselnKylh852siEAfga3pzF#@RNzVh>570 zxt5|;8xLOM*5V*-^En7{>l{>h$8tTU%ai`?T05+FSvyo1-SZzQ?^?p{MpuCd(Rp6Q z%oA8|&=i}4I-Q&Ge)SQMBZ-8<7Gs`GyZzFVz-qWdO`(ER{jhPlXDkdWWI zwB{@brtY*#9VBfyy>XkjZkycOXz)Q;awBu*LK|HKVNCu)I&H{GsN0R6oN4eJ1(Tm6 z+SkWf5Wd7qp9KDzmVha1bxjS$ri+$EkF>F~PP={H{*QSqr<*)JA)aXt)7!b1jyIc4 z+MGBPbW|6AM93*w+3Kb-;XnY|hv#W}lQ`f`CozR9`zkJ2YhRyNa3IVcPg~ z{@-YH>)qA}OE`PJ8D0a2}JVI9^=VYR}Kl)m1g{1hqM%j|!cuKE?Cd{#Um+ zF7c@*u?SBL_#G2m=#dEIPUMOxa3=1(-3laPhBel0Nri+=5_@-UR5^rnOuQQq!T@13 z5K{(!5%2ad(2ZnVX{K!5^%@5h1VD$|GC+CuFN4kxB%^o0?)O3a2K4BgCe@G!<$^nKnfIk_=$YB3MTq!WwfLV%VE84)Oi^(8QGAmib;rSKLOjI$sg2|gD z^Qy@P6k=9}*`x^24oqGcd0$qfUhRVu)*$PDt!166H9F3@8O&aNQI401^;zXJUgA(B=CgVhZ z09p;sWGvsmq49=}^I^#ZabdRKmj|}aTf^Sb$**`R%Erf)DlbodHHW+*tz*F)29hT0 zfbG?mQ3xeY=+=IT?MFB87Bxiz%U!i1>-5KzENXzlHMKx698DYp1#+oW)IOx-C8&cxpKj*iff4&z-!xXFDmfiakaMU6p7O$CgjMn)84U=TZiDbUG~ zElPcUtXMrCCdU<==w=w4OT(S{VJwZMb+Roe_Gl-=8SXz|N_8NYY=ClxpdJH%l%sP3 zsAoh~g(K+ziZZ~B2-*l=wCjBv!9?`rS4;z=k8pws`p3VX{2IMPu{-|=BWCL2)?u1R ze*Cs#n8RG%=xMVGU?#yF-_`^2gXpUef~gbIS9W#~%hJHZ%Ibi{q}8=e-9nG;`Go>e zv}N6fAjg~FEHJbn%7i&`0XdR?RoUdPOi8uiR7}%Hd_NM^3+NRhd0}#e81dH<<#WZG zvS71d!#HPww|4{~@-&IKr&)Y}!GA0ad0Dkh!2qw8a1|7Oq>oI-Lr^5%u)#;LB5kBA zlEoT?;Q(PxR81TFkEV=qA(4@Z5)#?gP*QRJpCT{S1Q+%q}zsNTdO9HQRL+9MboC439X#wBkP8iVJ(H`Eb0KX zxjqpY@t_}(Ex@xTP+}YIe5MDq16BgoIM!8NWL;rOw9Rq9FaOy48417#%5+0NB_CVT zk2Wr*Yh$a|sYARQL(DPYO0tcCH*jl z6xhz*B}%AhmPA9H6UJHmOC2<8oQa+mQ4|Vorg#etKR*yzm)QVfL?(X&UCgoyB%&yK zW7)MOWU4kje7MI@Kf;}}QUcwOVVLT@qb510e|T)bUvvErgE5XwsG!}*Vmgc&&KRd% z7@IjslTm;;eRu~U9)MSD7$-SWFs&7WWzS%yl4-*1C{YHQDArifH!;=aP8h>xs zX@+nO-rY))NE3W}I_aez{*bd3a7;SRG*BOOKS(xb$(N*FU^Nc&rOcpLGlqOwvQuR> zbJ%Q<%@MZXU#+p47HpQSCI;ID*t0IT+{6)GlexwzCr|F+29Alf|7LN_UC9>u@pL3@ zTx64 zoamoRH*}`1`-R&-I_1uf-|)^4^dU!?Aj#VLu61=|9vG3S8JcjA9(AIX*v$8cNs ze{l5MF_>=&9A+N*&&Y7N1B8BW21u{?D_N1PJ5U;UbeO{%ya-&Aw=L?`dVj6aIsJPD z+G%ty0M}Z_b-~^`4Ao3f7l`^UA>(qdtm9pQ!OWhM;&W3N2Vi_u>GTOr_9!)~93$ns zlk}aC_Z(NR(!W|ASZ1$({N^8u{*EAugT=y~9&{V%uK3?PZx!DE095(@=bON5`#;;c zTp(v6|8*YFXqG9!Z#f0X*=EQAUIY2U&6w-;zGzcqeluipy|IHT`QA%*eYQbyR^Xh} z*v2XSG|cC7N^5M;rk|17&4p2JkfmRf+0B4aZjiB0)$FcLyI-amZvgS+@Lz!2_5OFG zQ+)rU*=RS*`2QAgT>S7AlMD|S0c4XU4aubmxR=?B=-7rC=n8PeAzyv2uB_RcuHDD&2nkPjM@ TpbrHMz8d@+#lAz50C)fZM^naj delta 4009 zcmV;a4_5H8AGRNVABzY8`{prT00Zqje{-WoviTQ%iYeRgvRh~Cx8&GYx*P^1aYjG@ z*>UQsC@f){7YXzLt>c&4?|$7gfDn=+->u}mOK9&3=;`U1ZhE?VhJi`o`*G+@e*Wfg zPzUI?+w=%fJT}hZywU2`8|}_{v(@^h-e|PDt#3&EfPKn;U>U_uNXR!~5X8Slx2ycW z6pky$#C!@u_t}}v$k`dGx$&eHrI^|zwT}u?_Jfdk{zDMXo!AR};@k(zn7BaUxe=6* z_{odNgEwK$zVBMw;Ol@ok632;> zX>puxXqLu*iMnRMg-H)%Q!+U7RxZn3Jo zrP0V+toOE4?-sRXs-tZ+{du8kqg%X(*4BF;uibpC*}Yg*WXCTZ|DGSa;e#`AqkVXj z?Xbgt|2OO1F8cpQz1{3|T6OgQ-Daos|L+0o{{NF3M(Eeu)jByNrZZp6Tq0*CLi*s@ z3Ald}KL=--=@4-158mT4q(Pwy9ED)<5_*qMG5H{TBu%*eXH5w2qjneBCyY`hVtsxQr%WG3Az$f}dyPyQ$|h_6^S}Cew~YVq0=wpa%syy*;-koW^l9|^3LSgeaE+x<2|*d7;~X-BV4my1G6L>2_W01>7s`$XD|bz@MHoD0l1RVM%;pj= zIOg1YZv0eFuC4^$w0ezJz1r+ROt0gylawWKp||e(!-q-ZqVZjxIr&h~!_`P!R?3=WCCNKN75N#Npc5;r}55bc^eMold>< z|L*}=YD*p9*X~UT?+x$ab$5>c^Ud*pUatSY3*6|Y&5NSZYtTf1{%=%&w2`raZB~$$ z`3g3pt(Wt_|9V&iGjH;8*fw^q|JK?1Z@blPwVHJNV{tkD-vQpR{;N|HDc63>wcl6Q zewi29|GMundr(VKz~{9j2fC)n!rkgx(FR13ZX_kWmPfL6c{MgntAgvB`MLz=JZsmy zAV|8kLH6*xjjDhp#agd_kiF7o5skwm52B&z`D?sabiJ0NKUj?8Xeg1srYPF2tPWD$ zjK-j{D~TvP=m7X~9Q`q*ze|F}agbAaD*4nRH0-cx|D1nFL}EaDatkvSIF5MZ8m|RSRcZE;lw0y>jeZFBfm_kC{?WZ^`Et6M=$QO_fScgb;|KF& zhA)bp?;^s$(8hY@dsAZC;}vCf0af`cMK*_$xI!9|0-DGnWc7wum)J zO$PjA;x1w$s%EaGXw}Apm$kLmKHf4kNW>s{6k6-M{`N6NdF zu)EP!AVPGWS26Ph)*Cd%=Ah2&&Fv6n7w=RQF$@+3rbqXG&h&`t{Qm>rtya-}lSSx$ z0x!c{Hk{tL&0Duk?rk*qAS}6&Idh?nE`l&7e7T!+)KxQo6RO|P82i=I(dzd=R!XeLx&J3l)# zWbwO-ncQL8`0f0^(KxR+3;BPu-744r-UaraH(^wNS>^XPNow5LvbAL0^jOX9Nhsas z;KsNQL?Cw}S44p`aqsO`AQ3aHv2IH$BxI7 zLX`bW(3cJA7E=C03IS6NFr)$e$uLF+`xoL$fyoBUQY>511~y$x26>WM$r=vNuW)9f zipdpB-Yl6{O*Wtqvog#kMSyl-^1{gbvLf|=YM-3223c=y?nV)M9#%xRJNJ$Qq>Zu_ikG5nd|s*Y^5j=@$Q#l+ z7R+HFX|fL3UTqnLP~wDc?U&eobOUcuQzWq5RV%Vie@w}u1}I!p3k1W_#4%7Hmr6zL zLu!r$tTVOf-t#YO^oO>Pon80egg&WS$9!*O#B-(iBMllEj zmNe9u^RUgK1TKWqM^8{NzB2Dj>}~Jp2o32l-bI9)+y@gFgE?5#7=+YRz&L7TL@@>i zu>+U_oebHc)aS>F)$?I;T)~NMhQYZs+?gN7(pXw2+k#?`b~2pd{x3|a4&;)54N%Sy z)MJ2hbWQ;EjHs$`BppCe2DlMH8{vzVy>BC!h@Sk4X<+mjPB20L{I`=|qn9Xl=bvH3 zOkLbMOcTk^-&PEBn5!E-ZB_xyB$(sdnm~RKeHB75bwc{e&JJQ(8hBV)9k7_Ry0)oX z=&?P&P#}u7tlJRecoUojh89GBnJ`B#AV;z)oBWk2sTQ1yY5Iuo$D(=xy+R}}%&rh4 z{#v4Zu6R=xY!+-7=PdB{jvz#yCK2~Eiw`jPg&{Aiwka6k)DotG!jJTk$yf-A#2Yra z2v($xbVagQdoUUxs)?#;gZt5xF|H#rGEqVz+ZswLPXAM+MaK||FYCB}D!^J0QFKKD z+)bAuz%fDE#!giXzC30F;+@KmK){tyl&$om4(4amN3*hIW=PGj5+}@1eI6n!bqbU- zqyx9SA=*qnTq1@hQr&_}AE@9w$Lh7J-GbH(nK^u{DT4~2DGMwg@A{Z2Lsk`8m4J~Y z3{yf33pTW(f^8(d0DDM(T1NZP{7U6ol62d!Y-`m53Y@&UYT7g{p>@+_WZlX#tfkO| zMIC@H*JdFj9+V@p#dp>KifhAd&y;{hz)HXp$GWPE?20PTHpl(G{A2HD#DM#g>0W+X zKDMMEZCpp!##XOehfp_$aAUxgWE*_}cf3}`exQR6Fe=VD3sYu@fI3=ehjiMv$4a7O#TMCm?acQ zL{apvvTIAo6m5F=T#uoCg!^Wt1iB%^2-SN>P12%&cx=F5bNvtFFb+znpxww~I)WL_ z7^htrn>k675r8;J_*OHn zdC-a~vdTY6hGsJz(o0R1n)uT@JB(Y`X>xE4j@?S~M-$w7I^U(v{g4wCa7sE(GEg6M zD@Zn7$(N)aU^NQ!rOcpLlZAX)vPoq%Y1nL#O%Jxy&V1=zDLx7@@L zU5>fN*(Oi!;0BI~wf|;u%w5SA`tWolZCq>pK1L*?FWvKjd0%bhME|#RLucx`U%36FTkib$9q;@=A99ollB})o zT34sF=(;+86>|>gd?)^s_K|G)a1gh3{|86E9fV1jz+w84|BMiaJ3#37hJf^nzmgT% zx&x(wTZcKk!Hd8(dE261t=Age(|=T;oksTpaP4*6IoMm5p_&Qm0#V;3WL)l(1$b9r zFtg{R_}mo60T>@uI(wVFt$oyu=pOrWx-5@#OGd0NnNdccWW;|D)OHG|Tw^9&lXz@EHT^PR}7^ z_3VmQ#amglvMuJ?*jgbgxlg2%9SR0BFO3nDh*L@&h=m8oqm8VeUUqRl_7mi!drZ5XYY*Di!yI5la3D;lb{a< P3o85*s9jH60C)fZ Date: Wed, 4 Mar 2020 17:52:11 +0100 Subject: [PATCH 3/6] Increase openvpn keepalive --- openvpn-tun0.conf | 3 ++- openvpn-tun1.conf | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/openvpn-tun0.conf b/openvpn-tun0.conf index 2b09931..fc778d9 100644 --- a/openvpn-tun0.conf +++ b/openvpn-tun0.conf @@ -6,6 +6,7 @@ proto tcp port 65301 persist-tun persist-key +reneg-sec 0 duplicate-cn verb 3 server 10.255.252.0 255.255.255.0 @@ -14,7 +15,7 @@ cert /etc/openvpn/ca/pki/issued/server.crt key /etc/openvpn/ca/pki/private/server.key dh /etc/openvpn/server/dh2048.pem crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 10 120 +keepalive 10 240 sndbuf 0 rcvbuf 0 tls-server diff --git a/openvpn-tun1.conf b/openvpn-tun1.conf index 29daffe..a5028f6 100644 --- a/openvpn-tun1.conf +++ b/openvpn-tun1.conf @@ -4,6 +4,7 @@ proto udp port 65301 persist-tun persist-key +reneg-sec 0 duplicate-cn #ncp-disable #mssfix 1300 @@ -14,4 +15,4 @@ cert /etc/openvpn/ca/pki/issued/server.crt key /etc/openvpn/ca/pki/private/server.key dh /etc/openvpn/server/dh2048.pem crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 10 120 +keepalive 10 240 From 54e516399e7c12730d5d55d18d2f2db5f0c85c42 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 4 Mar 2020 17:52:33 +0100 Subject: [PATCH 4/6] Add NOFILE to ss --- shadowsocks-libev-manager@.service.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/shadowsocks-libev-manager@.service.in b/shadowsocks-libev-manager@.service.in index c8d60c6..e06a882 100644 --- a/shadowsocks-libev-manager@.service.in +++ b/shadowsocks-libev-manager@.service.in @@ -6,6 +6,8 @@ After=network-online.target Type=simple CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE +LimitNOFILE=99999 +LimitNPROC=99999 ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json [Install] From 61b4452941903948021472da10a8e3503365d757 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 5 Mar 2020 13:37:27 +0100 Subject: [PATCH 5/6] Disable log martians --- shadowsocks.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/shadowsocks.conf b/shadowsocks.conf index 0325bb9..00337dc 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -50,6 +50,8 @@ net.core.default_qdisc = fq # Default conntrack is too small net.netfilter.nf_conntrack_max = 131072 +net.ipv4.conf.all.log_martians = 0 + # MPTCP settings net.mptcp.mptcp_checksum = 0 net.mptcp.mptcp_syn_retries = 1 From 4285efb8c78850af56638d945a15fbed4681818e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 10 Mar 2020 10:45:06 +0100 Subject: [PATCH 6/6] Fixes --- debian9-x86_64.sh | 23 +++--- mlvpn@.service.in | 2 +- omr-service | 112 +------------------------- omr6in4@.service.in | 3 +- shadowsocks-libev-manager@.service.in | 1 + 5 files changed, 18 insertions(+), 123 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 648e3e6..02702c3 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -23,7 +23,7 @@ GLORYTUN_UDP_VERSION="a9408e799ddbb74b5476fba70a495770322cd327" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="6cc1a3236a61344a03245284082a9602da709aca" +OMR_ADMIN_VERSION="0bee06d21605c9d9b4494a77e71043ce432aa5c2" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" #V2RAY_VERSION="v1.1.0" V2RAY_VERSION="v1.2.0-8-g59b8f4f" @@ -570,7 +570,7 @@ fi echo 'Glorytun UDP' # Install Glorytun UDP if systemctl -q is-active glorytun-udp@tun0.service; then - systemctl -q stop glorytun-udp@tun0 > /dev/null 2>&1 + systemctl -q stop glorytun-udp@* > /dev/null 2>&1 fi rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend @@ -648,7 +648,7 @@ fi # Install Glorytun TCP if systemctl -q is-active glorytun-tcp@tun0.service; then - systemctl -q stop glorytun-tcp@tun0 > /dev/null 2>&1 + systemctl -q stop glorytun-tcp@* > /dev/null 2>&1 fi if [ "$ID" = "debian" ]; then if [ "$VERSION_ID" = "9" ]; then @@ -708,7 +708,7 @@ if systemctl -q is-active omr-6in4.service; then systemctl -q stop omr-6in4 > /dev/null 2>&1 systemctl -q disable omr-6in4 > /dev/null 2>&1 fi -systemctl enable omr6in4@user1.service +systemctl enable omr6in4@user0.service systemctl enable omr.service # Change SSH port to 65222 @@ -906,20 +906,20 @@ else echo 'done' if [ "$MLVPN" = "yes" ]; then echo 'Restarting mlvpn...' - systemctl -q start mlvpn@mlvpn0 + systemctl -q restart mlvpn@mlvpn0 echo 'done' fi if [ "$DSVPN" = "yes" ]; then echo 'Restarting dsvpn...' - systemctl -q start dsvpn-server@dsvpn0 + systemctl -q restart dsvpn-server@* || true echo 'done' fi echo 'Restarting glorytun...' - systemctl -q start glorytun-tcp@tun0 - systemctl -q start glorytun-udp@tun0 + systemctl -q restart glorytun-tcp@* || true + systemctl -q restart glorytun-udp@* || true echo 'done' - echo 'Restarting omr...' - systemctl -q restart omr + echo 'Restarting omr6in4...' + systemctl -q restart omr6in4@* || true echo 'done' if [ "$OPENVPN" = "yes" ]; then echo 'Restarting OpenVPN' @@ -957,6 +957,9 @@ else echo 'Apply latest sysctl...' sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 echo 'done' + echo 'Restarting omr...' + systemctl -q restart omr + echo 'done' echo 'Restarting shadowsocks...' systemctl -q restart shadowsocks-libev-manager@manager # if [ $NBCPU -gt 1 ]; then diff --git a/mlvpn@.service.in b/mlvpn@.service.in index 2074d75..bda7c50 100644 --- a/mlvpn@.service.in +++ b/mlvpn@.service.in @@ -9,7 +9,7 @@ NotifyAccess=main ExecStart=/usr/local/sbin/mlvpn --config /etc/mlvpn/%i.conf --name %i --user mlvpn --quiet ExecReload=/bin/kill -HUP $MAINPID WorkingDirectory=/etc/mlvpn -Restart=on-failure +Restart=always [Install] WantedBy=multi-user.target diff --git a/omr-service b/omr-service index 3591277..c439d32 100755 --- a/omr-service +++ b/omr-service @@ -1,13 +1,5 @@ #!/bin/bash # OpenMPTCProuter VPS service script -# This script configure 6in4, multipath and firewall for current VPN - -if [ "$1" = "stop" ] && [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then - ip route del fd00::/8 via fe80::a00:2 dev omr-6in4 - ip link set omr-6in4 down - ip tunnel del omr-6in4 - exit 0 -fi _multipath() { # Force multipath status @@ -21,109 +13,7 @@ _multipath() { done } -# Add IPv6 tunnel -if [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then - ip tunnel change omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1 -else - ip tunnel add omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1 - ip addr add fe80::a00:1/126 dev omr-6in4 >/dev/null 2>&1 -fi -ip link set omr-6in4 up -ip route replace fd00::/8 via fe80::a00:2 dev omr-6in4 - -_ping() { - local host=$1 - ret=$(ping -4 "${host}" \ - -W 5 \ - -c 1 \ - -q - ) - [ -n "$ret" ] && echo "$ret" | grep -s " 0% packet loss" > /dev/null && { - return - } - false -} - -_ping_range() { - local network=$1 - for i in {2..50} ;do - _ping $network$i - pingr=$? - if $(exit $pingr); then - ipd=$network$i - return - fi - done - false -} - while true; do - source /etc/shorewall/params.vpn - iface="" - currentaddr=$(ip addr show omr-6in4 | grep link/sit | awk '{print $2}' | tr -d "\n") - currentpeer=$(ip addr show omr-6in4 | grep link/sit | awk '{print $4}' | tr -d "\n") - if [ -n "$currentpeer" ]; then - _ping $currentpeer - status=$? - if ! $(exit $status) || [ "$currentpeer" != "$OMR_ADDR" ]; then - allip_tcp=$(ip -4 addr show gt-tun0 2>/dev/null | grep inet) - allip_udp=$(ip -4 addr show gt-udp-tun0 2>/dev/null | grep inet) - [ -d "/sys/class/net/mlvpn0" ] && allip_mlvpn=$(ip -4 addr show mlvpn0 2>/dev/null | grep inet) - [ -d "/sys/class/net/tun0" ] && allip_openvpn=$(ip -4 addr show tun0 2>/dev/null | grep inet) - [ -d "/sys/class/net/dsvpn0" ] && allip_dsvpn=$(ip -4 addr show dsvpn0 2>/dev/null | grep inet) - if [ -f /etc/openmptcprouter-vps-admin/current-vpn ]; then - current_vpn="$(cat /etc/openmptcprouter-vps-admin/current-vpn)" - [ "$current_vpn" = "glorytun_tcp" ] && allip="$allip_tcp" - [ "$current_vpn" = "glorytun_udp" ] && allip="$allip_udp" - [ "$current_vpn" = "mlvpn" ] && allip="$allip_mlvpn" - [ "$current_vpn" = "openvpn" ] && allip="$allip_openvpn" - [ "$current_vpn" = "dsvpn" ] && allip="$allip_dsvpn" - fi - if [ -z "$allip" ]; then - allip="$allip_tcp -$allip_udp -$allip_openvpn -$allip_dsvpn -$allip_mlvpn" - fi - while IFS= read -r inet; do - ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n") - if [ "$ip" != "" ]; then - _ping_range $(echo $ip | sed 's/.1$/./' | tr -d "\n") - statusr=$? - if $(exit $statusr); then - _ping $ipd - statusp=$? - if $(exit $statusp); then - logger -t "OMR-Service" "Set new 6in4 tunnel IPs" - ip tunnel change omr-6in4 mode sit remote $ipd local $ip - #echo "VPS_ADDR=$ip" > /etc/shorewall/params.vpn - #echo "OMR_ADDR=$ipd" >> /etc/shorewall/params.vpn - iface=$(ip -4 addr | grep $ip/ | awk '{print $7}' | tr -d "\n") - #echo "VPS_IFACE=$iface" >> /etc/shorewall/params.vpn - #systemctl reload shorewall - _multipath - break - fi - fi - fi - done < <(printf '%s\n' "$allip") - [ -z "$iface" ] && [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && { - logger -t "OMR-Service" "Restart Glorytun" - current_vpn="$(cat /etc/openmptcprouter-vps-admin/current-vpn)" - [ "$current_vpn" = "glorytun_tcp" ] && systemctl -q restart glorytun-tcp@tun0 - [ "$current_vpn" = "glorytun_udp" ] && systemctl -q restart glorytun-udp@tun0 - #systemctl -q restart systemd-networkd - _multipath - sleep 10 - } - fi - fi - #result="$(curl -Isk -m 30 https://127.0.0.1:65500/status | head -n 1 | grep 405)" - #if [ "$result" = "" ]; then - # logger -t "OMR-Service" "Restart OMR Admin" - # systemctl -q restart omr-admin - # sleep 10 - #fi + _multipath sleep 10 done diff --git a/omr6in4@.service.in b/omr6in4@.service.in index 71b3542..a2e9722 100644 --- a/omr6in4@.service.in +++ b/omr6in4@.service.in @@ -5,7 +5,8 @@ After=network.target network-online.target [Service] Type=oneshot ExecStart=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i -ExecStop=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i +RemainAfterExit=true +ExecStop=/usr/local/bin/omr-6in4-run stop /etc/openmptcprouter-vps-admin/omr-6in4/%i [Install] WantedBy=multi-user.target diff --git a/shadowsocks-libev-manager@.service.in b/shadowsocks-libev-manager@.service.in index e06a882..3a5eaa8 100644 --- a/shadowsocks-libev-manager@.service.in +++ b/shadowsocks-libev-manager@.service.in @@ -9,6 +9,7 @@ AmbientCapabilities=CAP_NET_BIND_SERVICE LimitNOFILE=99999 LimitNPROC=99999 ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json +Restart=always [Install] WantedBy=multi-user.target \ No newline at end of file