Update to v0.1013

debian9-x86_64.sh

@@ -23,7 +23,7 @@ GLORYTUN_UDP_VERSION="a9408e799ddbb74b5476fba70a495770322cd327"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="9f69540b62b9919123dc39e256421ad4d55f51dc"
+OMR_ADMIN_VERSION="0bee06d21605c9d9b4494a77e71043ce432aa5c2"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 #V2RAY_VERSION="v1.1.0"
 V2RAY_VERSION="v1.2.0-8-g59b8f4f"
@@ -32,7 +32,7 @@ SHADOWSOCKS_VERSION="3.3.3"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server"
 
-OMR_VERSION="0.1012"
+OMR_VERSION="0.1013"
 
 set -e
 umask 0022
@@ -570,7 +570,7 @@ fi
 echo 'Glorytun UDP'
 # Install Glorytun UDP
 if systemctl -q is-active glorytun-udp@tun0.service; then
-	systemctl -q stop glorytun-udp@tun0 > /dev/null 2>&1
+	systemctl -q stop glorytun-udp@* > /dev/null 2>&1
 fi
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
@@ -648,7 +648,7 @@ fi
 
 # Install Glorytun TCP
 if systemctl -q is-active glorytun-tcp@tun0.service; then
-	systemctl -q stop glorytun-tcp@tun0 > /dev/null 2>&1
+	systemctl -q stop glorytun-tcp@* > /dev/null 2>&1
 fi
 if [ "$ID" = "debian" ]; then
 	if [ "$VERSION_ID" = "9" ]; then
@@ -708,7 +708,7 @@ if systemctl -q is-active omr-6in4.service; then
 	systemctl -q stop omr-6in4 > /dev/null 2>&1
 	systemctl -q disable omr-6in4 > /dev/null 2>&1
 fi
-systemctl enable omr6in4@user1.service
+systemctl enable omr6in4@user0.service
 systemctl enable omr.service
 
 # Change SSH port to 65222
@@ -906,18 +906,20 @@ else
 	echo 'done'
 	if [ "$MLVPN" = "yes" ]; then
 		echo 'Restarting mlvpn...'
-		systemctl -q start mlvpn@mlvpn0
+		systemctl -q restart mlvpn@mlvpn0
 		echo 'done'
 	fi
 	if [ "$DSVPN" = "yes" ]; then
 		echo 'Restarting dsvpn...'
-		systemctl -q start dsvpn-server@dsvpn0
+		systemctl -q restart dsvpn-server@* || true
 		echo 'done'
 	fi
-	echo 'Restarting glorytun and omr...'
+	echo 'Restarting glorytun...'
-	systemctl -q start glorytun-tcp@tun0
+	systemctl -q restart glorytun-tcp@* || true
-	systemctl -q start glorytun-udp@tun0
+	systemctl -q restart glorytun-udp@* || true
-	systemctl -q restart omr
+	echo 'done'
+	echo 'Restarting omr6in4...'
+	systemctl -q restart omr6in4@* || true
 	echo 'done'
 	if [ "$OPENVPN" = "yes" ]; then
 		echo 'Restarting OpenVPN'
@@ -955,6 +957,9 @@ else
 	echo 'Apply latest sysctl...'
 	sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1
 	echo 'done'
+	echo 'Restarting omr...'
+	systemctl -q restart omr
+	echo 'done'
 	echo 'Restarting shadowsocks...'
 	systemctl -q restart shadowsocks-libev-manager@manager
 #	if [ $NBCPU -gt 1 ]; then

mlvpn@.service.in

@@ -9,7 +9,7 @@ NotifyAccess=main
 ExecStart=/usr/local/sbin/mlvpn --config /etc/mlvpn/%i.conf --name %i --user mlvpn --quiet
 ExecReload=/bin/kill -HUP $MAINPID
 WorkingDirectory=/etc/mlvpn
-Restart=on-failure
+Restart=always
 
 [Install]
 WantedBy=multi-user.target

omr6in4@.service.in

@@ -5,7 +5,8 @@ After=network.target network-online.target
 [Service]
 Type=oneshot
 ExecStart=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i
-ExecStop=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i
+RemainAfterExit=true
+ExecStop=/usr/local/bin/omr-6in4-run stop /etc/openmptcprouter-vps-admin/omr-6in4/%i
 
 [Install]
 WantedBy=multi-user.target

openvpn-tun0.conf

@@ -6,6 +6,7 @@ proto tcp
 port 65301
 persist-tun
 persist-key
+reneg-sec 0
 duplicate-cn
 verb 3
 server 10.255.252.0 255.255.255.0
@@ -14,7 +15,7 @@ cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
-keepalive 10 120
+keepalive 10 240
 sndbuf 0
 rcvbuf 0
 tls-server

openvpn-tun1.conf

@@ -4,6 +4,7 @@ proto udp
 port 65301
 persist-tun
 persist-key
+reneg-sec 0
 duplicate-cn
 #ncp-disable
 #mssfix 1300
@@ -14,4 +15,4 @@ cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
-keepalive 10 120
+keepalive 10 240

shadowsocks-libev-manager@.service.in

@@ -6,7 +6,10 @@ After=network-online.target
 Type=simple
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
+LimitNOFILE=99999
+LimitNPROC=99999
 ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json
+Restart=always
 
 [Install]
 WantedBy=multi-user.target

shadowsocks.conf

@@ -50,6 +50,8 @@ net.core.default_qdisc = fq
 # Default conntrack is too small
 net.netfilter.nf_conntrack_max = 131072
 
+net.ipv4.conf.all.log_martians = 0
+
 # MPTCP settings
 net.mptcp.mptcp_checksum = 0
 net.mptcp.mptcp_syn_retries = 1

shorewall4/interfaces

@@ -15,9 +15,9 @@
 ###############################################################################
 #ZONE   INTERFACE       OPTIONS
 net	$NET_IFACE	dhcp,tcpflags,routefilter,nosmurfs,sourceroute=0
-vpn	gt-tun+		nosmurfs,routefilter,tcpflags
+vpn	gt-tun+		nosmurfs,tcpflags
-vpn	gt-udp-tun+	nosmurfs,routefilter,tcpflags
+vpn	gt-udp-tun+	nosmurfs,tcpflags
-vpn	mlvpn+		nosmurfs,routefilter,tcpflags
+vpn	mlvpn+		nosmurfs,tcpflags
-vpn	tun+		nosmurfs,routefilter,tcpflags
+vpn	tun+		nosmurfs,tcpflags
-vpn	dsvpn+		nosmurfs,routefilter,tcpflags
+vpn	dsvpn+		nosmurfs,tcpflags
 

shorewall4/shorewall.conf

@@ -144,7 +144,7 @@ BASIC_FILTERS=No
 
 BLACKLIST="NEW,INVALID,UNTRACKED"
 
-CHAIN_SCRIPTS=Yes
+#CHAIN_SCRIPTS=Yes
 
 CLAMPMSS=No
 
@@ -180,7 +180,7 @@ IGNOREUNKNOWNVARIABLES=No
 
 IMPLICIT_CONTINUE=No
 
-INLINE_MATCHES=No
+#INLINE_MATCHES=No
 
 IPSET_WARNINGS=Yes
 
@@ -188,7 +188,7 @@ IP_FORWARDING=On
 
 KEEP_RT_TABLES=No
 
-LOAD_HELPERS_ONLY=Yes
+#LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
 
@@ -196,13 +196,13 @@ MACLIST_TTL=
 
 MANGLE_ENABLED=Yes
 
-MAPOLDACTIONS=No
+#MAPOLDACTIONS=No
 
 MARK_IN_FORWARD_CHAIN=No
 
 MINIUPNPD=No
 
-MODULE_SUFFIX=ko
+#MODULE_SUFFIX=ko
 
 MULTICAST=No