From c0a99de20c167332f1435106e30324f498dcb7c9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 22 Dec 2020 11:32:08 +0000 Subject: [PATCH 01/55] Add openvpn-bonding --- openvpn-bonding1.conf | 17 +++++++++++++++++ openvpn-bonding2.conf | 17 +++++++++++++++++ openvpn-bonding3.conf | 17 +++++++++++++++++ openvpn-bonding4.conf | 17 +++++++++++++++++ openvpn-bonding5.conf | 17 +++++++++++++++++ openvpn-bonding6.conf | 17 +++++++++++++++++ openvpn-bonding7.conf | 17 +++++++++++++++++ openvpn-bonding8.conf | 17 +++++++++++++++++ 8 files changed, 136 insertions(+) create mode 100644 openvpn-bonding1.conf create mode 100644 openvpn-bonding2.conf create mode 100644 openvpn-bonding3.conf create mode 100644 openvpn-bonding4.conf create mode 100644 openvpn-bonding5.conf create mode 100644 openvpn-bonding6.conf create mode 100644 openvpn-bonding7.conf create mode 100644 openvpn-bonding8.conf diff --git a/openvpn-bonding1.conf b/openvpn-bonding1.conf new file mode 100644 index 0000000..d675d34 --- /dev/null +++ b/openvpn-bonding1.conf @@ -0,0 +1,17 @@ +dev ovpnbonding1 +dev-type tap +cipher AES-256-CBC +proto udp +port 65351 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding2.conf b/openvpn-bonding2.conf new file mode 100644 index 0000000..8920940 --- /dev/null +++ b/openvpn-bonding2.conf @@ -0,0 +1,17 @@ +dev ovpnbonding2 +dev-type tap +cipher AES-256-CBC +proto udp +port 65352 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding3.conf b/openvpn-bonding3.conf new file mode 100644 index 0000000..b04099e --- /dev/null +++ b/openvpn-bonding3.conf @@ -0,0 +1,17 @@ +dev ovpnbonding3 +dev-type tap +cipher AES-256-CBC +proto udp +port 65353 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding4.conf b/openvpn-bonding4.conf new file mode 100644 index 0000000..d977b4e --- /dev/null +++ b/openvpn-bonding4.conf @@ -0,0 +1,17 @@ +dev ovpnbonding4 +dev-type tap +cipher AES-256-CBC +proto udp +port 65354 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding5.conf b/openvpn-bonding5.conf new file mode 100644 index 0000000..e5866b4 --- /dev/null +++ b/openvpn-bonding5.conf @@ -0,0 +1,17 @@ +dev ovpnbonding5 +dev-type tap +cipher AES-256-CBC +proto udp +port 65355 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding6.conf b/openvpn-bonding6.conf new file mode 100644 index 0000000..fb9ad29 --- /dev/null +++ b/openvpn-bonding6.conf @@ -0,0 +1,17 @@ +dev ovpnbonding6 +dev-type tap +cipher AES-256-CBC +proto udp +port 65356 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding7.conf b/openvpn-bonding7.conf new file mode 100644 index 0000000..f197366 --- /dev/null +++ b/openvpn-bonding7.conf @@ -0,0 +1,17 @@ +dev ovpnbonding7 +dev-type tap +cipher AES-256-CBC +proto udp +port 65357 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding8.conf b/openvpn-bonding8.conf new file mode 100644 index 0000000..2e6d7a6 --- /dev/null +++ b/openvpn-bonding8.conf @@ -0,0 +1,17 @@ +dev ovpnbonding8 +dev-type tap +cipher AES-256-CBC +proto udp +port 65358 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server From e87ff9af8e9bec07a7db6e77ca8c6a6c2b7fcc68 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 6 Jan 2021 07:53:55 +0000 Subject: [PATCH 02/55] Update kernel, API and latest glorytun udp fix --- debian9-x86_64.sh | 17 +++++++++++------ glorytun-udp-post.sh | 3 ++- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 1e8a1d3..e2ee6ef 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -15,7 +15,7 @@ OBFS=${OBFS:-yes} V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes} V2RAY=${V2RAY:-yes} V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")} -UPDATE_O7S=${UPDATE_OS:-yes} +UPDATE_OS=${UPDATE_OS:-yes} UPDATE=${UPDATE:-yes} TLS=${TLS:-yes} OMR_ADMIN=${OMR_ADMIN:-yes} @@ -32,15 +32,15 @@ NOINTERNET=${NOINTERNET:-no} SPEEDTEST=${SPEEDTEST:-no} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -KERNEL_VERSION="5.4.81" -KERNEL_PACKAGE_VERSION="1.15+9d3f35b" +KERNEL_VERSION="5.4.86" +KERNEL_PACKAGE_VERSION="1.16+9d3f35b" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="a3ffef1222177bb48d3de121c5be9159bdfaeb7a" +OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" V2RAY_VERSION="4.31.0" V2RAY_PLUGIN_VERSION="v1.4.3" @@ -51,7 +51,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com VPSPATH="server" VPSURL="https://www.openmptcprouter.com/" -OMR_VERSION="0.1023" +OMR_VERSION="0.1025-test" DIR=$( pwd ) #" @@ -568,8 +568,10 @@ fi if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray - rm -f /etc/systemd/system/v2ray.service wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then + wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service + fi dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb if [ ! -f /etc/v2ray/v2ray-server.json ]; then @@ -578,6 +580,9 @@ if [ "$V2RAY" = "yes" ]; then rm /etc/v2ray/config.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json fi + if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then + mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service + fi systemctl daemon-reload systemctl enable v2ray.service fi diff --git a/glorytun-udp-post.sh b/glorytun-udp-post.sh index 2c1dc40..51a20f0 100644 --- a/glorytun-udp-post.sh +++ b/glorytun-udp-post.sh @@ -13,4 +13,5 @@ done ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null } tc qdisc replace dev $INTF root cake -ip link set $INTF txqlen 100 \ No newline at end of file +ip link set $INTF txqlen 100 +glorytun set dev gt-udp-tun0 kxtimeout 7d 2>&1 >/dev/null \ No newline at end of file From 5cf11f2650bb3400a1673e2f20451e3f40e2d224 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 2 Mar 2021 08:52:33 +0000 Subject: [PATCH 03/55] Server scripts update --- debian9-x86_64.sh | 92 ++++++++++++++++++++++++------ dsvpn-run | 2 +- dsvpn0-config | 1 + glorytun-tcp-run | 2 +- glorytun-udp-run | 5 +- omr-admin.service.in | 2 +- omr-service | 29 +++++----- openmptcprouter-shorewall.tar.gz | Bin 4076 -> 4080 bytes openmptcprouter-shorewall6.tar.gz | Bin 3809 -> 3780 bytes shorewall4/policy | 4 +- shorewall6/policy | 4 +- tun0.glorytun | 1 + tun0.glorytun-udp | 2 + v2ray-server.json | 2 +- 14 files changed, 104 insertions(+), 42 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index e2ee6ef..84ef712 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -32,23 +32,23 @@ NOINTERNET=${NOINTERNET:-no} SPEEDTEST=${SPEEDTEST:-no} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -KERNEL_VERSION="5.4.86" -KERNEL_PACKAGE_VERSION="1.16+9d3f35b" +KERNEL_VERSION="5.4.100" +KERNEL_PACKAGE_VERSION="1.18+9d3f35b" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba" +OMR_ADMIN_VERSION="376322a61dc53e671e7e3c7eaaf6645c0537a9d3" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" -V2RAY_VERSION="4.31.0" +V2RAY_VERSION="4.34.0" V2RAY_PLUGIN_VERSION="v1.4.3" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} -VPSPATH="server" +VPSPATH="server-test" VPSURL="https://www.openmptcprouter.com/" OMR_VERSION="0.1025-test" @@ -167,11 +167,9 @@ Pin-Priority: 1001 EOF wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - -# Install mptcp kernel and shadowsocks -echo "Install mptcp kernel and shadowsocks..." -apt-get update -sleep 2 -apt-get -y install dirmngr patch +# Add buster-backports repo +echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/buster-backports.list + #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61 if [ "$ID" = "debian" ]; then if [ "$VERSION_ID" = "9" ]; then @@ -182,8 +180,12 @@ elif [ "$ID" = "ubuntu" ]; then echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list fi +# Install mptcp kernel and shadowsocks +echo "Install mptcp kernel and shadowsocks..." apt-get update sleep 2 +apt-get -y install dirmngr patch + wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb # Rename bzImage to vmlinuz, needed when custom kernel was used @@ -400,6 +402,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then mkdir -p /var/opt/openmptcprouter if [ "$SOURCES" = "yes" ]; then wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in + wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip cd /tmp unzip -q -o openmptcprouter-vps-admin.zip @@ -427,6 +430,10 @@ if [ "$OMR_ADMIN" = "yes" ]; then sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json } chmod u+x /usr/local/bin/omr-admin.py + #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py + [ "$(ip -6 a)" != "" ] && { + systemctl enable omr-admin-ipv6.service + } systemctl enable omr-admin.service rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION} else @@ -580,6 +587,8 @@ if [ "$V2RAY" = "yes" ]; then rm /etc/v2ray/config.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json fi + sed -i 's:debug:warning:' /etc/v2ray/v2ray-server.json + rm -f /tmp/v2rayError.log if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service fi @@ -644,10 +653,6 @@ if [ "$MLVPN" = "yes" ]; then systemctl enable systemd-networkd.service echo "install mlvpn done" fi -if systemctl -q is-active openvpn-server@tun0.service; then - systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 - systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1 -fi if systemctl -q is-active ubond@ubond0.service; then systemctl -q stop ubond@ubond0 > /dev/null 2>&1 systemctl -q disable ubond@ubond0 > /dev/null 2>&1 @@ -703,6 +708,32 @@ if [ "$UBOND" = "yes" ]; then systemctl enable systemd-networkd.service echo "install ubond done" fi + +if systemctl -q is-active wg-quick@wg0.service; then + systemctl -q stop wg-quick@wg0 > /dev/null 2>&1 + systemctl -q disable wg-quick@wg0 > /dev/null 2>&1 +fi + +if [ "$WIREGUARD" = "yes" ]; then + echo "Install WireGuard" + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + apt-get --no-install-recommends -y wireguard-tools + if [ ! -f /etc/wireguard/wg0.conf ]; then + cd /etc/wireguard + umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key + cat > /etc/wireguard/wg0.conf <<-EOF + [Interface] + PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n") + ListenPort = 65311 + Address = 10.255.247.1/24 + SaveConfig = true + EOF + fi + systemctl enable wg-quick@wg0 + echo "Install wireguard done" +fi + if systemctl -q is-active openvpn-server@tun0.service; then systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1 @@ -974,6 +1005,14 @@ else fi chmod 755 /usr/local/bin/multipath +# Add omr-test-speed utility +if [ "$LOCALFILES" = "no" ]; then + wget -O /usr/local/bin/omr-test-speed ${VPSURL}${VPSPATH}/omr-test-speed +else + cp ${DIR}/omr-test-speed /usr/local/bin/omr-test-speed +fi +chmod 755 /usr/local/bin/omr-test-speed + # Add OpenMPTCProuter service if [ "$LOCALFILES" = "no" ]; then wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service @@ -1094,6 +1133,12 @@ if [ "$TLS" = "yes" ]; then systemctl -q restart shorewall ~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null set -e + if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then + rm -f /etc/openmptcprouter-vps-admin/cert.pem + ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer /etc/openmptcprouter-vps-admin/cert.pem + rm -f /etc/openmptcprouter-vps-admin/key.pem + ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.key /etc/openmptcprouter-vps-admin/key.pem + fi # mkdir -p /etc/ssl/v2ray # ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key # ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer @@ -1227,6 +1272,7 @@ if [ "$update" = "0" ]; then Your OpenMPTCProuter Server username: openmptcprouter EOF fi + systemctl -q restart sshd else echo '====================================================================================' echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !" @@ -1276,6 +1322,11 @@ else systemctl -q restart openvpn@tun1 echo 'done' fi + if [ "$WIREGUARD" = "yes" ]; then + echo 'Restarting WireGuard' + systemctl -q restart wg-quick@wg0 + echo 'done' + fi if [ "$OMR_ADMIN" = "yes" ]; then echo 'Restarting OpenMPTCProuter VPS admin' systemctl -q restart omr-admin @@ -1293,16 +1344,14 @@ else echo 'openmptcprouter' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo '====================================================================================' + else + echo '!!! Keys are in /root/openmptcprouter_config.txt !!!' fi fi if [ "$VPS_CERT" = "0" ]; then echo 'No working domain detected, not able to generate certificate for v2ray.' echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.' fi - echo 'Restarting shorewall...' - systemctl -q restart shorewall - systemctl -q restart shorewall6 - echo 'done' echo 'Apply latest sysctl...' sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 echo 'done' @@ -1317,4 +1366,11 @@ else # done # fi echo 'done' + echo 'Restarting shorewall...' + systemctl -q restart shorewall + systemctl -q restart shorewall6 + echo 'done' + echo '====================================================================================' + echo '\033[1m /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m' + echo '====================================================================================' fi diff --git a/dsvpn-run b/dsvpn-run index e4000c2..f4a2a5d 100644 --- a/dsvpn-run +++ b/dsvpn-run @@ -12,7 +12,7 @@ fi exec dsvpn \ ${MODE} \ "$1".key \ - auto \ + ${HOST:-auto} \ ${PORT} \ ${DEV} \ ${LOCALTUNIP} \ diff --git a/dsvpn0-config b/dsvpn0-config index 933e98b..647f160 100644 --- a/dsvpn0-config +++ b/dsvpn0-config @@ -1,4 +1,5 @@ PORT=65401 +HOST=0.0.0.0 DEV=dsvpn0 MODE=server LOCALTUNIP=10.255.251.1 diff --git a/glorytun-tcp-run b/glorytun-tcp-run index 9ccbee6..0572861 100644 --- a/glorytun-tcp-run +++ b/glorytun-tcp-run @@ -9,7 +9,7 @@ fi . "$(readlink -f "$1")" -DEV="gt${HOST:+c}-$(basename "$1")" +DEV="gt-$(basename "$1")" exec glorytun-tcp \ ${SERVER:+listener} \ diff --git a/glorytun-udp-run b/glorytun-udp-run index 9aeb930..fb66c92 100644 --- a/glorytun-udp-run +++ b/glorytun-udp-run @@ -9,11 +9,10 @@ fi . "$(readlink -f "$1")" -DEV="gt${HOST:+c}-udp-$(basename "$1")" +DEV="gt-udp-$(basename "$1")" exec glorytun \ - bind from addr $BIND port $BIND_PORT \ + bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \ keyfile "$1".key \ ${DEV:+dev "$DEV"} \ - ${HOST:+to addr "$HOST" port "$PORT"} \ ${OPTIONS:+$OPTIONS} diff --git a/omr-admin.service.in b/omr-admin.service.in index d76318a..ba30724 100644 --- a/omr-admin.service.in +++ b/omr-admin.service.in @@ -6,7 +6,7 @@ After=network.target network-online.target Type=simple Restart=always ExecStart=/usr/local/bin/omr-admin.py -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP [Install] WantedBy=multi-user.target diff --git a/omr-service b/omr-service index 1aa788f..4b8e54d 100755 --- a/omr-service +++ b/omr-service @@ -30,7 +30,10 @@ _glorytun_tcp() { [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} done if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then - if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then + localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)" + [ -z "$localip" ] && localip="10.255.255.1" + remoteip="$(echo $localip | sed 's/\.1/\.2/')" + if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" systemctl restart glorytun-tcp@tun0 fi @@ -66,9 +69,9 @@ _gre_tunnels() { iface="$(basename $intf)" if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then ip tunnel del $iface 2>&1 >/dev/null - ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR - ip link set $iface up - ip addr add $LOCALIP dev $iface + ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null + ip link set $iface up 2>&1 >/dev/null + ip addr add $LOCALIP dev $iface 2>&1 >/dev/null ip route add $NETWORK dev $iface 2>&1 >/dev/null fi fi @@ -77,23 +80,23 @@ _gre_tunnels() { _openvpn_bonding() { if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then - echo 0 > /sys/class/net/omr-bonding/bonding/mode + echo 0 > /sys/class/net/omr-bonding/bonding/mode 2>&1 >/dev/null ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding1 up + ip link set ovpnbonding1 up 2>&1 >/dev/null ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding2 up + ip link set ovpnbonding2 up 2>&1 >/dev/null ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding3 up + ip link set ovpnbonding3 up 2>&1 >/dev/null ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding4 up + ip link set ovpnbonding4 up 2>&1 >/dev/null ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding5 up + ip link set ovpnbonding5 up 2>&1 >/dev/null ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding6 up + ip link set ovpnbonding6 up 2>&1 >/dev/null ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding7 up + ip link set ovpnbonding7 up 2>&1 >/dev/null ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding8 up + ip link set ovpnbonding8 up 2>&1 >/dev/null ip link set omr-bonding up mtu 1440 2>&1 >/dev/null ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index dbbaefbae4907faea3d9be6dd77f680a5a4cbb83..b7120120fce994d29ba0944d3beb4d99a80aeecf 100644 GIT binary patch delta 4068 zcmVXXzyDoEK6LgM)kK{$6}FYt+TA1q_y0)^*BP(tD- zFCq`#%snOX%fcl`bH^tcw`#`i2-yA5*NhQwk+aJ2n?U857c5y*IgT^6u^~ttCrYNp zak`;d8Yk+1ngJIkJ&aAs;LKau5{8w^58eYg;m4LXloVYuO!CJ+65AFm+v1IZWHAEU z=106L@-`!?2-fA3J6pKnr2~C1buM*{t8(~nIbCqgM&tWN5I1@M8hd0>{ zJN$ott8spY{{OsjcGhh-n&|(#XN}VTzXh!O|Br4Mp=4w!IDgWAe4me)Qce6+%IF7crgLbS`R{~KM!Cw zydY}nPu-A;f#%I45mw1nd+fxde0#Mu6j1PiSA0UG^6W)8G2ty!ag zU0{MBtc&537!ogzq+0xIO#Ay`8KN*Ubz{eyMNpx-SJ*>rUwM+FeFyX`RcP&<^YPD` zDiK0t)sl=pFW@^pFcZ0*asdK{Q{6 z57B7^Lp^b6QLji^fXDL z5LTWci~>`#TtLnXK_24p%#C9jS>u3Uya)fYgrJPkaSoY5FwZpr{MVGw*yBTcUnn~o ztlTxt7Gdz1X(IhfGn-4i;Fxpox$#pYxw;Z~)9N+P8nspjVtNCQoun*@3%zyMA3jW) z7tQbU%*p#gPp;x4WHFN1{F~dcfR$U_Vf}U|SWWWxj%~XdC4c@P8f_!OWYy99G88=YQSCyJj2Lf#C9vjMyXFN!(ya}$hv#in1uQAndWGy2nME{Ck35KmrqesJ z9Q~n}FmHwu>1&Fj-OB19?TgVEy68$G3J*F1AC99xhV(Z{fKDjR|8O}w!2cU)B46wNPvPvmi~+yn7(hMA-b27Qf^@HcQ09RPfoL-l;U1zK zzDTbb@<3MkG%yi^x1@Z1+;CKf%FY^h2-@+=`U7kM32#-ZF?^eRbx#)hbp^&c&Dm}VX!DLJ-TQ!k2jIlfYl=C1A>=u609EbkVZtkqWDJJDs!6 zzs+Mg-Q@9q8TCwam=5P&8s2KPs5o&b=-6ElA*WwUm(o z(LIC~(`iTtgR*EM({B6X;v&y|GV{=E@)JC<&|^{MEsj3zLe`fj>Fq4GS+Gi3eTIte z(Mzblb$)he$l`YmGr7aa_Ub+^G>IK*~0w4)$Wwf|K9}mo;P7sS>^XP zNow5LvbA8{^jOX9Nhp2H?Z&td;0rQQ%I=8q8#(^Md4$Y<76st6XPyt|F?ovP#bv$z z{QO*7RRd2@pELTX(74)DJfH3V?gqytKGh@^;fVpiW1_>gL?Cw}S44p`aqn^~kcb)9 zShppA6%sN@?A^Ih?|{wkL+=~V_FK?FA$z+wYdDVD8h z1DoDV1bvcK$r=vNuW)6eipdo$-Yl6{&7K;6FvQ9(TNDAE18WyX-Io=qSO4gQbx3;a zb2p06@vtJg+qHL;`O(WiMELKBmRkHkQE#_WSa{)_H5#J39Fd zFGbn-wCc*sli$oCZ%FG{Fo%Jp$vR+r^<@-7i4(f@Ut{~x4ZKBNk-%_QQe>U}n36>e zP`IWR2!^AHW1v7Tm5SPj%p3_=W9rd=z2{%n=?|5Vonx(WklI&q?yErL&fN6T64 z<*ui&;8ug!e1Wx0Hkl|kx$BWfg&Cp%sutyc-^u-d7z*>GBOJixh>040j>BGOl z_%H#)fUz9HXc{nM!ef z6N5<*QFlcG+)bAuz>z|h$xc;F7I;iv#5fRgqN*I9b9lrNlU9gBTU8BWVU$L?Rk3Nb@U|Ye~{=!?LZFh+|YadDqgkX(B}{ zr|HwWp=DT0p(&O+fZkkRHjQ}bACWySU?Nas8%93s2eboL0@gTx)>U0(O<|pAo8x|8 z{;Bs15`cS@>GpF=$u{}|ZqlZNxJ`T{|19+yt8+Uy zn^c+yQXkA3iaDV4;}{ZlJA3mfp`uA0jm%CMXW=^a-Ap)BJuRXrRN74O78-tjBC;m4 z3B-s@{sx+uB|%7kL{W5L*|jBPU2S^!D3YOmf|0XQ0^N{dn(Doy7CEDTcx=L7YyA&% z2b`HuLA#N~bQ&|9F;1H>HglRLvjB1W@D4lxuh=k8a-?8dD+EjS!AvF7gtc7K8EB$l z9|EsKxtUGlTg|xUp;uIqRsLBrG@JDyz0_2xg+IOOVSKxPP7|7I@a|TU^P1q>({r~*_pLVC*|NSOVc>gcm^MjdmedI*{Sh}Gzb=|Mr{?jdY z{``)U5e^?wLEP5;KOFsb5N5Cfhq+w-GeR8h0HWU;0@5q~N>*g+4mu5Dn? zylv5_HR{do>EA0Lr`f##TzegN4))e%s8)iyK-BjM8JGKH0h56a8h<}Y-wFA^ag7@N zt2cmU_WDN|zkfdv#ld3XP7k^bcvt*yofY5zZ^2m^|K9>$+yC3iIOx%z&WY0jZ^w*pfBf?*4Us; zKO?l83!~g1OTQ+xn|}eL+#qA0D%xG0Hor_W-T>ms;lBX5>;3O$xA^`~tJ&$4@&7I0 zxcK2S2G*UPL&$3NidV&3S+ufO479PeLRNC0NaLhm*~fS)s}%#s$;lUbzO}w3tOIVu z|HkkCH9MQ%|LV5O`+si&U-16l&uAj$>)&Pe|7!M6oyY;w{#E4LoM|vhK88k$Agddw zG(>%IuKybE^aE_^i`?0(Ea_`9-r{3BduN7JhH>F$AnN#Of&=uCe3=5Wve=(gMR z2v9sW&*8jzcHV5a+Kukn`8SPbv)%1}LmCHcQwGZ@c0xkF34Y5W&Yjo`eB#^(%b2)8;kgl%kod`q$b&a? zPf7f;aLLi!@kz$5nsGYRn$3t0F6AKWlPzuvAjNR^n*d@*y0oS6vegJ&n;{z?2CR5Q~d z;MO0!$7M)^LJc?y!Qv(K9-m_JPIymRF#Oe4quD0+FAyQzoIuNU<}|Wc7&vC$edvTQ z1Y=0(x+Dr7;%6sx|3Y4ZC7D1d3Eim|LA1GF#xC(<0-m)VgiwDTz-)Ly)Y6~2Ar%A7 zn@1#gpceymOcXbYplsm!Zs^R2zPz7#6R50s6W5Pi;zVSDxai59rfuzGL(HTh5CDNa zRr4>z^`IPOr@hvyHB)H`$5R4*_0Ea0{UHe!Sn)kH`i0CKXkA*fM!UcSL0A{VCov>m z97(nK*O>PA!!kr+Wa`F_H;bS`b+538*uL^4NBa)wS*p<5JLlt{HB};n$f_k7eO|zG z1Wm_O!K^^A;!Yr%*)kS#)2GSe6ynCi%z2DXL+BwFdIS_d^@C`>3?HJ?2!?v%(xP6Y z@?qg~k8w3#`hVuQj3(uf7K3kRB-<(GGx&YA{-=0Pqfga*4BhGyX2ff9gLzoJ4%YeNc^UuT1a__en0?Ur#7B|$=+o%+!3jO* zeg<(Neqzy$_%6gu2vIHzW^#;CJX$_Jx={=zlrF7Cd}j`I@7+fTE6)%{fhk!oAm@c3 z4{>KMga27VP{!yuhs+?D=NbV1Yf5PB@u9shlpPIL?wV$cFnG)~k$$C_ z%_UxN%(?g6_^FXxT?xEt^_pjmTB`#wy@AJ0QkKMp-n#1#A12L<=J$E#g+k(%BrA@MTs!8szHN_D2O{>drtg6!D=85Cu4{IhX~Lu-v8@# z&PxCP7LcX3)B%3&)|Bwp@D^To=lnn4od4(L{r@+C8{M>dQ8ao@nh4PU&5AZMHn6P< z(lTGcRk?S=tX=bhAnDcy z*~9ZTssff2YrR7Dip(M!r$-({L(}uuI9BuyEk}Q_80XPYB7IF!v|Cvnq3rIhAqz{}#gK?2wOsDeQ>A~(pox5G z_&|AGj4QYaiXKmM^E9iH^yC2Dk|>J-##FXZWJp`6eO^ z3~j7eelR80d%U8oE}$xZrO4(`5?4q=QlKYt2wA=16*-3(tCqnF*LfOMx~*iYiGlxJ zj2Tn#jNZt1C)9iw-sG3%f;}z5S%r@pjw`bN!I^o}cbGAuR=X0fc(R~#lL0@OxQm#G zs+p4%tzoPf18Qt?ADerp1?nYOE2+?_7 z#mo~}Z_pIQL7msd?NDVG?^G2r3>F2ZNB7S3i1zuv0^hCG(0!9d=zah%!(8MnNXYM9 zT5}czQ+HaU4w4E^2X1rdw&}f%1|Nha1DP`yDs&NqG5IU$b|5REZZ~>zronR*On!-I zTOVgZ_!2LD68LMq1WcLKwQeYiE?O2nQeo9@r*qc%-8`1lO&*_6&oqbWaPFnytyYVQ z6NiG1-31YHN>;YIX-qf~fcD{enhp{N-032QGBO~#htOg=4e4M|7ENT@ZC_kmf{@?DLcRI}$=KrmBr`-SXCb0Ls38Ts?zrRUR}vM~vUd@fXe`WcITt0H;0kd^nHEQyecY>-Fd7=h~_oc!K(z(MN^G)t=({Z2xz+ zI4<$2Cb0-l4EP-rywM{O$eqX)QQ%D6yW9#SVum%=ZApcMOcHx{Zd5shc1*n+P{IIZ zG*D9p74P=1(2ZnVX{K!5^_mA%1VD#j8K6G<*Fon8lF>V0^ZU^I2DJSabWn)0e+~Mw zA>BgCe@G=@$pMBmfIk`L$YB3UTq&^FfK`fRE84)OHeW9uVI7j*`rM5obUdtx?so1SWq$PXPZ9n*qNNr; z&{X9v6+)L_z;eV3g=VvRyU7Y`t?7mi(k;o@AU0pakH$uS6Px%Ez^^pP?+Ewe8lWl_ zOVI7U!Vk<17TM}tMFU3q!(n>pkSX&npZFpxA^2W+pt zj6x`JLbv{FY(Khzx2P);8171ntkWM;vZw(H*VF>Ra5QlY6v(AgQTvdYBLQnnJ-YY& z%R2p`60)=GWEM=ES@9C-pn1AvD7}=tzHq}C+M{V{hD3#jZWMzuU`a!b`3~D0O5i~# zee?tc<16#d#MbtXj?j<}<6J}-)7%BZ@IFh8@5Z=vv4Yr9MAa ztey{R1a8Nz1;N_7TjtOn=i1I$tDxUCU-sZXk49(su{YA z9QLS!oIYFP5m?KQV`(g{H+>6=J#G3Oj1Ln)3>eEHjHUr&sdEC1=7^3gPW%Ims{vk5 z&_?)LXz#lSmdz)>VbU6XgcDp&eEi$VZ_!H>yYr7Q!KW^6bf#(V$L}hJIn33Ko;Irh zW)jTt-BKVwNPiU)2I@2Q)wDRsM9?50$m)Qlq^oP2da)kcp$rA0Xv?|{A(=NN7H$z` z!iv6t9LcI|@>iy$T5u|+$u7Rli`@(86(V`PcZC@7*AnG(#hbEVv)ITuXY;dn1QGo- z$q!DmaE2x<40&0#O~C*soNyHsex#2~#zRmf-mt-?u_A4xE0VXCU!8(#=fJG#t(SkI; zQn{8S-8L-ST8TJDm6LaEO`9fCv~rq0ts7c~wG^6SsRQWE^<~qDhyD@S;{qlEHMU{o zvwlE3U?pIUV_nrn))dx>wmI(i<)3=LAOW~XnZABN$;X!Tla06jwXxOfHXuBYAw(K* zCD}$_z)kv;5ML7*$v;cI#_HV8%_f!Rfz$`HhGGsV{Wyk%-Ok>8OQ>j4MlrN z94VOA3c-?nFjL7iVJ(+*2AU|?hrsJlZf4W?Rx_@7=oM9Dm4B8D&1QW_FEv$a;ZLu6 z7~ihbgytH&yOrd;CiwPriB3KIA=g&mm~>niVSmuwE7=MwUy^!()jZ6XGJ{?%aPnoz zzM9oSXHy_s(rm%MT4S|}*(_VFW40@>=f2!Bh$DIj=^7WvJh_7b920B*VsXx0$rk$Y zbS7xm^A;QXK98qTibW(kuQ-R%GiAIt^mvk7LQ;Mc|seZPTbV>do%y zKPn)n*}VW_M9A_o5MT+nyoSg_#>wPIU6~^Yd~MP8F#(j7j25oZ-z~-H+Ik^-+Rigs~Z&60_UX0 zHcsiMp+28eT4RGY{fyLZE{t-6Ed83)ZU&5UgN%KuYIk+o{4&jW1BfSw{{rN$_y3#S z;`=|XW~Woe|F?kS;)m}TSa*63A*7OkCT37A7iSlRty{` zCtqm#+WMBT4!9BjE5HBO>}-Djt=lf||Gf!(#`}LiqluKS|CibStJyzwA_qwOlW()8 z!6^9{9w~yXZlKZ-_1U@pYrNAB@TD*EXRorPugQ3e5AE!m0raBGTT3XRgc3?9p@b4j eD4~QBN+_X(5=tncgc3^l>hN!#D3UQs zC@f){iUb^>b$na<->-Xk5klVeW><1@32m1IGt)giGd)lD41;FA=f$Bt`{mXCs0GwN zIbq*G8n<|eRA4=MOu5*DW_Ew+aV#ZLf?-+Rqna`|5G}s z9T4N*51j{lvFMXVgEXCZ){OF`<}9<28kQaUA#uH1KU~_e>wCn$@mDc%poHs0kVE2o zHzK$0!Z{-GW8jeb()P$&Tq74(2YEjXRei#nq+2`KE7cBo!IV^m<2XZ|>H_6Bks2n) zX}W5voT#a~$rb&i>mqWAeS5`R{tM6W-c0C)$m?r|4Py@Ak_0 z-|trV|01-3|Kyz$Mu_Ss$1TzzhP@0H4v}&bAw$4*0^m>L2fvY<4gpNRb?;Uoa|y>F zQSgJu(7n5l$!p;a>A>(eI<58zxp@Tt;1nt}9ec_AiivJx;ogLH_(;%$gpNZZ|2BTG zL+5+)=O97*WR-3WZm%_???8xz3SrXK?T(uX6h@ob$Z&a@c$*~`S?Gv5Qb2E6uEaE!>@OC z=-M|6K!*4}!8hVLfSLeOP6B6Aj5r>x?(Uo@h8$KdVUPC=YEI`u*P8RP@rc2JQXT@$CGE z>+<~XSMlGAP~gK7_;J5=JiGtX>%3~8wA!7{X}8tsCh`ACHU2L_pRxa=F%zlweyY8n zkM8{>D6;!~pM&ISO}^)X4{eHjFq$e$!u9%IR!2mpmsHN~rHN#oolkYctl=(9k(Zzi z7Ks-Gs+qOh2l6?^AY%SxF;Q1FwCyn^Lsgd5D@hq;`c9_MjB`q49`q_RmhW}?FDjV( z+6)R;i+yhWGkOO9Pfj{z{}07m75={jeFpyPXd+(=|3`3jTKRxKu@7KKvU3;kJ5hFE zAV=YnBii;vc#xowUM{cd(nwPH%rOz2H#eRp;IV@yd{21&0`CP?QJD8i^G#{8QGN{e zfd>+D{n&|xVm^DMd_ca8@F+y~{n~hwruR1s;Ut5dD^gF%zt<7Ih$1FZbHEE!`e zt`l`CLr)YEB;}Hqr9#3~F?C+JD3(#^RV{Ct=zHJB=r#QZL?h3cG4l=F*)OXg*(=6b zg*%l8HOYHtFWmWS^v>9-=e&443)tLDh@Z`zASR+>6l#jrb=O!5LtA zodga^UmgyxHtI>V%j;o{(OmD2$!@0NE;R)TC1N-ZA1ZMmhvVGfUBBVZmceEoZVNw= z$5>c_b>2s-ex_L)GE4QLOfmF>lCb)XJ+HHV|F7>k$HxfaBnX{%fHVnAF8s9kjl(z> zzCU;7#|$KK+*nN;z4wt`U<#G;aKAhq#)7f1>H^9ccKY9E1ZL!+f!bM9e z&im9@4@8B}tODveYqyT^uag`kYA{KExhEIv2Uy1#%I&3&Psji5cK@_|{-@LHcB=UQ zC1~ey6MB+$e1DmS#=WPWESGFA;e9#`Wluz%7@q@w&M8wSubv2;*j`}YL2$o_d_eAn z>%n!5IrniKoHd&d4-dyVD?SNpE)$k$OU2{+c)8g9E(gb@=xPv?@I;5tDbe7b5{RM5 zIg#N?+JE6YbUDhqjgF1E};=RG)9GHO3=jX-8blx>gTE7e<}4x13? zHkVEmA<`sS?2y}_p2O$a-y;04vs|{+N@SS)NLA$Pf#TO{6J983iRf9Yr3ti=*!WobWU3FhQ&ZT0^mR)LNBmvSjgKL%Rx<_78p{00*piX2>NXVI^(Y>2Xe9y| zx(Rlo5(SJ$B|{FU0AebxpLwt!5x&KAS_n{9g)0g3cW+m)updezOXJP)pnmusZ$(M} zQ0Tw2<|+!|-VU8&>fw81%^3aK5XbqUvSWR%lGR73pgH;;cL&o&nxHeGRLA{PfwI5&+VZeuA z4pT4@c5WEH&K(DJJ7WT~v(F2@0w88cO<-%Ijc5KTheC zZZ_zNq~z(wm({T!@1nzCk72lV7;KFbV7Mo2=n*CMFz`A+q@Ygl4Whxf5v;Bc-(y@G zeSiyGbA0&c;rr+@ik;;LfPlG!XCYZ+{NdZ0Zj1}O(fu|Hq|E#!zJ>(F_tIabXo3N( zww^b8nJFrG4@ns%@#^~CVlX#I4q`)wIFS^|;Li=Jm~bg(5iY*ah1~|p>xA?TuXVzN zzo5*+p7VwzSc!);l9X&>4(j07kJ6yvDEDb#n!=cu6w45FNi$QSg3M2}iIIp9WXkIn zKpDGHCz?#nq&k=i;E7=}T7Z(OJjET)M1V-KkY$dkV)0_y7*SQw`STcih}Q}~0bSSn zu_E**4J^cB4<99JL7REbA$7BqIeNd#YS0 z>J{{XE+uXTnI&iu)MkQx;@C`+wn>UCDHLRx!Z<64&d7p_6d1u&5ecG(q;ec()vMJm zDAg?8v{FZQokUE$n7%q?SS%i5$yq?OX$*O)iE#$Zn2}63*FD%k3&t#OHjZEtVzExL zjOlPF{WSOmQ>G^U$-+H(b!ra!ty&FF^iHIoDK0#+YpYT4o;?4-v0sqDkWAn(Kq>y11cxU;*pE&?(R2P>k|pyRIt_py zmc=?Rg4A2*yVluRv)wxScMa;eowxAzJFf5sDt0o=&E)weKJNsx23ul%$R4=lk3gf^ z0hWB72(>{}`who|ycSn_8TBvs(6gePqSy}tXTH~CpwFHE@Ab;>e|0)1)$c#N2z~7Q zXRi5KoL5 z@`Db)k?;`S?|lBh-RqoepZ~A$|3&CC&j0_6CQ`lrRiXb!(Vv0H9$-KHZ65PlV_={D zYQ`2WOUhOfBXw$iHr9VkcJ@mh*;`@xVb<)REFLY+UoB%de?XM4sG^E0s;HuhDypcW uiYlt8qKYc2sG^E0s;HuhDypcWiYlt8qKYc2sG^GgjPySSZ@`TJcmM!h5`xnJ delta 3806 zcmV<44k7Wx9pN2+ABzY8x&6yt00Zq@dvl{k65oH(rqavu2z}HD{TI)G+Tbh=}Lk2GP<>4?{I`Dfp)Qkylk#6l^uT(qW1xwacj^j*iY6ud? ziIQn?oNj1;md1&?W>}m_Kc}W-aORb43FBJrop(zP`KhIiB}JDElYH|Hv2DS!E#4SO z7RzAU{DfCU-e#FhL?NYIEx6|D&XYgjJ#?$uOLi!KKZ@cY(P0sDpPFW<`5Vl!+(QLC|zu!MC z6;vhbT-HomHMh(AZgS%Val?;G5_Zd6bp5F=3Bz)qfaKj$QIl7t?V_>cyCvCs{eHQq z{6wX(7j8=1YxT>$WvY{>O8U!E(RRN)hSrl~pKJ_1mh8V>7i8bNng5=jxY4aMbK~9c zdy1Za#s6*(@xRjt*l+b(i2wa=h5s)?8~9J&yHSj&esbI*4PrXWaN!a;R}nG<|Ze2l!i`-Hp}-jEIqf1?BDo!mTveQ*mETCTICcEv)o zvG8spCwe4kK_b^Bad4YFIFb83c??!$28JYma_3$Qw&rG)xWr2c;A=C8p!_m`Iq`^5 zD}U}rv>Fg^8I$0a21e?XC~h1>+Q{|Y$XO75b+hnhP+0M1t{=O^iAjiY@x43GWF4X) zW-17nKVVOr`8{zxNXNRfUh5pUv)WRQM+ExnwUeOy5eY&p_y&Z2BntlNb^&PNd`HmxT8B?JB~`$lOgFZxKU*#!l($E&Ey>;`*+wdG054cFy_WCry$Kml@c$*~dHFmAVYG`@QwH`peBHn%iv5-5Xa-y z-JKgJkV5li#fa}Lq3n%&2f*?GKnhIBDg@sLU>=Zo;U)>i)+8W^_?~~a0$4_Wd|ZNU z2$lr_U_#9aMIRpoex&RuT)CTV3!~sJZ;JE_HEw4Z;Mn{gxXFDh4W-k6Kqt8$#LHE5 zyHSw5F89+K|G-Mkf@uDRF)ttpdUJ;b_NnD_p+LM^Bp^AM#2aP>V(1_=NFFmNj3v2u zz%aQk^jYLV5BYfwC_A#>5_rddcqyxbG8HAlwBi`5E=K{_y##Pov=ds75=jQ`7*+*5ZU)@ z^GzOKZgx>bq>-Ub_1ZgAV!g*J$~pi=`Ex}!$C9{?G$aLjq7Wf}tCzeY7b2#rW$?m9 zF^?);)$*o^f&XoSRx)@%H1gdURo~E?{k#g!FR&J^zmK zZl>%mbrmu(HXMh4he{mq;W#gR-*0%cWw@D!+rm$z(IPa%I_;xXKhvxYo~8Pbrx*oc ziCO)|nb&E*|2Od6<70$y5=QQOKpF;lOW`l{NakUbpv~d93E!JU-Dp(;R05xD&xUoer%|91A*0k1xquQ@7QptS?jt>4lo^ z6N;NAU=0Qs{Ro;uXD1yc%DauV^-tcueOs({w(wAsit|2I)&o)HGp&Gn&f2YG{Ohob zL=DR6FL!c(u|B{$Mptexb$r_YZ@2rW^#0GuX}8^n0Qmo%-buCp^CGl!zX>hL+P}X{ zUE|(UC(9+>V`ZOqL+OdAo8UR{=iD--{OXM1#PLJt4xIZ%8~}1JJRhDDOu0{z@T}Q< zcz8I@i{eRGbIFRtTOuCcC(Fg|cR4sNMOTwpgeL}nd`=1O9!LayC~{5|coKJBZw(wW z!0q=I86iGyo5uI;0Bta+Ev2m>0UK{I7&;`QzubSW9xW4Bct6n;#`462dq{s zThT^;Hr-T&_N1$mjW~Qh#}$eyrlGYOc4!3j1uR)u;!swkLG!&6HNnqqF5Ngrq+v<) zlG~u3!{^!GV*IbuRJzn+JS={ssmk?04QjOsFO;NY8-nS=YC}>(huSU4*vf2vEPgUI zhTE|zY(V_FC50>gp6?~c5Lc^Nf^H8Leq?Tc@yJ(o8v^cn6c0Gm5&;z50zJ`)3d*CA zA%{}{F%{R(Jm`-I-(or~1jwtwlZ@%R*DF}q59N`q^VWD!Kl~MgqHKI9^xs)?6-N+u zBDWZO_^UbQ4QVqosK!XrWF2A$g<`)X_MIDeVN;PnXZ1cVyd@L$SEnDQ#575`py~*J zTBM0n$boEXHFXH?IA+i#Lt$)hJii&b(E{NK1#iX>bJnCEwA%bBe^>-FXHgDfzB($W zX=#Q;E05ebf!2UpjWvcFwmFsnJ!qxzJtR!e&1(~-9n|ZnRQmxI5e9q+>M#Y>u&81P znc9G&G|7a<7-+wCuNG_pWQ)>}pDNaWz=ySQ0fMsVI$fU2!bFdc&ZEGY&zv}6n;A!w z)gti<;W@0m)gUn+{j)@#V=ODeB}4*f8drqX7Eo`_TZc3^Jk7DNG;tO5aZ4kYVNZ;^UM@;w&iCWlm z-joHKSxA$`WD|2x2fKchIt536xlIGr6vn))+NNO0x|K2&6n>&lOvXY`B;K$A%4k5F z=!#^q>R>8>C5Fjp14?Sj6n8us15v_Ewl$Vin-|l@h? zK|^eM*eFY89;q2tiu){T$b)64I79^jcjSsUM4O3<8`CUX)>B|eMk+vm_Ef!4wJYcY zLuO_M3(L?VsLcZX#Ic#Ow#lj@s}k_CgmIP;jgbu%sW5`6AToFjta2P>&9BuiBuTdo z%T5j1HS?HwF@1H)w5dNtqcewSQyKDD3;hh3F(XCVT=!rDZ5Xq>**JpC#iE^Lo73S? z{&Da##!M~gM;rI#wW&3K=(lP$ywN+6f0A(Fkv-c5RaL1=MzM~aETB6k{V)Yr+0NfR zNOMvDirPgdN^)aq8&H>oQl{-U`AaB^-N$;;67mLR!5^V-tSqD(GAOk^sCP)0{^55U z{yLj~Xkt;1p@4QNi<#21IAfZP@YKwq97cwTgmL=#8s-bH*r1Dlg{&}m>j>r`gCa<# z3Co?dL8t_pA_}|?>1M9>SDJCbL*rGE75+&wG@JDU4Qi^?!H+>>KM1E&yMF-~XQghU z2?&?1Vkyq;bNM04rjCmV><=`2>qSU0C7WhzO)sW0&08-DifQS6hI|dMU0=Rz*iK># zgzfmXmv=!EdL*|Q5 zc=IAlMP+8s04xW1DTE+w;ue|+%BESwkS5xtw2RH^7@Ub6u=ylCbN{2$YSI1Qe&_VG z-|2Sn{>Mr0wA%lD3EI5>k>B|+Ro-e&ocKR0H*)5#`<2&!Kl;_pk3aFv55$mq-jH-x z{plU`=4L6npH7>(gy^CWf24aPPyBiW_vHN#j{brKx?}=}4odOIBsjbQLVt7uvYzwj zvLaj8&}jhtuq-xs5xCyE-?h%pn(fxnziUv(?YxD-@3_JnsMyIcH`)0no_B&;gD%lN zqz5kf5olb0JHVW;8B+&Xwcl_Y@N03Umr?(6hn^MX6emF#y7RqW1AXrPf3Mds{r*Fz zb5i~O!;8?z?tk_QzCb}mzSs|FcPba)&+GyebYu^&0et0U%*}FNbt$rV88Qu{c&ezIF{@@P6m}|LtDqWb6Kah5s)`L!WW~|0h(D>h-S*{XdHS6h!s_ z`{{46#xJL diff --git a/shorewall4/policy b/shorewall4/policy index 59142ff..2e5fe13 100644 --- a/shorewall4/policy +++ b/shorewall4/policy @@ -17,8 +17,8 @@ vpn net ACCEPT vpn fw ACCEPT fw vpn ACCEPT fw net ACCEPT -net all DROP info +net all DROP vpn vpn DROP # THE FOLLOWING POLICY MUST BE LAST -all all REJECT info +all all REJECT diff --git a/shorewall6/policy b/shorewall6/policy index 9a01ad9..8b37313 100644 --- a/shorewall6/policy +++ b/shorewall6/policy @@ -15,7 +15,7 @@ vpn all ACCEPT fw all ACCEPT -net all DROP info +net all DROP # THE FOLLOWING POLICY MUST BE LAST -all all REJECT info +all all REJECT diff --git a/tun0.glorytun b/tun0.glorytun index abd7ab1..a7fd471 100644 --- a/tun0.glorytun +++ b/tun0.glorytun @@ -1,4 +1,5 @@ PORT=65001 +HOST=0.0.0.0 DEV=tun0 SERVER=true MPTCP=true diff --git a/tun0.glorytun-udp b/tun0.glorytun-udp index a89e1a8..670bbac 100644 --- a/tun0.glorytun-udp +++ b/tun0.glorytun-udp @@ -1,4 +1,6 @@ BIND=0.0.0.0 BIND_PORT=65001 +HOST=0.0.0.0 +PORT=5000 DEV=tun0 OPTIONS="chacha persist" diff --git a/v2ray-server.json b/v2ray-server.json index 5d2b544..1fae64e 100644 --- a/v2ray-server.json +++ b/v2ray-server.json @@ -1,6 +1,6 @@ { "log": { - "loglevel": "debug", + "loglevel": "warning", "error": "/tmp/v2rayError.log" }, "transport": { From 379b30a65e4659978873293fa8becdee10733777 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 4 Mar 2021 14:16:24 +0000 Subject: [PATCH 04/55] Add omr-admin-ipv6 --- omr-admin-ipv6.service.in | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 omr-admin-ipv6.service.in diff --git a/omr-admin-ipv6.service.in b/omr-admin-ipv6.service.in new file mode 100644 index 0000000..9af8b55 --- /dev/null +++ b/omr-admin-ipv6.service.in @@ -0,0 +1,12 @@ +[Unit] +Description=OMR-Admin IPv6 +After=network.target network-online.target + +[Service] +Type=simple +Restart=always +ExecStart=/usr/local/bin/omr-admin.py --host="::" +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP + +[Install] +WantedBy=multi-user.target From 637e2ee08ae9a1f8359bf037747480f823bb5122 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 4 Mar 2021 14:18:14 +0000 Subject: [PATCH 05/55] Add symbolic link for ubuntu --- ubuntu19.04-x86_64.sh | 1 + ubuntu20.04-x86_64.sh | 1 + 2 files changed, 2 insertions(+) create mode 120000 ubuntu19.04-x86_64.sh create mode 120000 ubuntu20.04-x86_64.sh diff --git a/ubuntu19.04-x86_64.sh b/ubuntu19.04-x86_64.sh new file mode 120000 index 0000000..814a06c --- /dev/null +++ b/ubuntu19.04-x86_64.sh @@ -0,0 +1 @@ +debian9-x86_64.sh \ No newline at end of file diff --git a/ubuntu20.04-x86_64.sh b/ubuntu20.04-x86_64.sh new file mode 120000 index 0000000..814a06c --- /dev/null +++ b/ubuntu20.04-x86_64.sh @@ -0,0 +1 @@ +debian9-x86_64.sh \ No newline at end of file From 91116306a13ef67223b5940b03ddae1e577eb5c6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 4 Mar 2021 16:41:52 +0100 Subject: [PATCH 06/55] Add initial Debian packages files --- debian/changelog | 5 +++++ debian/compat | 1 + debian/control | 14 ++++++++++++++ debian/install | 3 +++ debian/postinst | 15 +++++++++++++++ debian/rules | 13 +++++++++++++ 6 files changed, 51 insertions(+) create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/install create mode 100644 debian/postinst create mode 100755 debian/rules diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..1e55a02 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +omr-server (0.1025) unstable; urgency=medium + + * Wireguard support and fixed + + -- OpenMPTCProuter Thu, 04 Mar 2021 14:36:12 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..9a03714 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 \ No newline at end of file diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..5f0b05c --- /dev/null +++ b/debian/control @@ -0,0 +1,14 @@ +Source: omr-server +Section: net +Priority: optional +Maintainer: OpenMPTCProuter +Build-Depends: debhelper (>= 10) +X-Python-Version: >= 3.2 +Standards-Version: 0.0.1 +Homepage: https://github.com/ysurac/openmptcprouter-vps + +Package: omr-server +Architecture: all +Multi-Arch: foreign +Depends: ${misc:Depends} +Description: OpenMPTCProuter Server script \ No newline at end of file diff --git a/debian/install b/debian/install new file mode 100644 index 0000000..2595ec1 --- /dev/null +++ b/debian/install @@ -0,0 +1,3 @@ +* usr/share/omr-server +shorewall4/* usr/share/omr-server/shorewall4 +shorewall6/* usr/share/omr-server/shorewall6 diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..9631851 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,15 @@ +#!/bin/sh -e + +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +# use debconf +. /usr/share/debconf/confmodule + +cd /usr/share/omr-server +LOCALFILES=no SOURCES=no sh build.sh + +db_stop + +#DEBHELPER# +exit 0 +# vim:set ai et sts=2 sw=2 tw=0: \ No newline at end of file diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..a45cfea --- /dev/null +++ b/debian/rules @@ -0,0 +1,13 @@ +#!/usr/bin/make -f +#export DH_VERBOSE = 1 + +# Security Hardening +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +%: + dh $@ + +override_dh_auto_install: + mkdir -p /usr/share/omr-server/shorewall4 + mkdir -p /usr/share/omr-server/shorewall6 + From 377ad59134538cd0d66afbbb624ae53bd5c95891 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 4 Mar 2021 16:38:04 +0000 Subject: [PATCH 07/55] Fix debian package --- debian/install | 3 --- debian/rules | 7 +++++-- 2 files changed, 5 insertions(+), 5 deletions(-) delete mode 100644 debian/install diff --git a/debian/install b/debian/install deleted file mode 100644 index 2595ec1..0000000 --- a/debian/install +++ /dev/null @@ -1,3 +0,0 @@ -* usr/share/omr-server -shorewall4/* usr/share/omr-server/shorewall4 -shorewall6/* usr/share/omr-server/shorewall6 diff --git a/debian/rules b/debian/rules index a45cfea..10d24ab 100755 --- a/debian/rules +++ b/debian/rules @@ -8,6 +8,9 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all dh $@ override_dh_auto_install: - mkdir -p /usr/share/omr-server/shorewall4 - mkdir -p /usr/share/omr-server/shorewall6 + mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server + find . -type f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';' + cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ + cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ + cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ From 795c693d13cfc996169fc89e9890857a3cf95838 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 5 Mar 2021 09:09:48 +0000 Subject: [PATCH 08/55] Add wireguard interface in firewall --- openmptcprouter-shorewall.tar.gz | Bin 4080 -> 4106 bytes shorewall4/interfaces | 1 + shorewall4/stoppedrules | 2 ++ 3 files changed, 3 insertions(+) diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index b7120120fce994d29ba0944d3beb4d99a80aeecf..f45840887cfcf10e3701975cb3de7fd86e8e40d0 100644 GIT binary patch literal 4106 zcmV+l5cTgLiwFQQl0RSo1MNIvbE8PE^A-P!u4LZrOuaa^iS2B1<+qOjwz*(n0VkWS zS49zIRIlGoHJ#Gk5z?W(=s+Qmb1nsi9#K20;?Jli%JQ4w?Yn zcAFjn%E#6@oVU)-TW!AG?4F&!YqnbLZucE&99aH&+cqS>UGlal1U@ZFpWuOA2p=xhY|6EhcKGEi5~{Uy$_cO@qohjVkjZWlOK}@ zf99Q#g(o6u*q5N_)Va8EQq$EYaGW}`q&g@j+11|<~YOD zZJm=0-GmE^9>$hza@MV4i^E#&C;x%G7sj?elvP7EE%KMY5XTX1#}>?iY%>DK5k`V0 z2@WHwiT34_H(Pkor3-y9buSH_t8@5oIbCqAX7k5p?I$mo`VU$CzHMw)en=Lpn#p9r z@vTy|;TeCnShS;y|}^e%5TG|L>mhmH&SWSoi;*yeLM$-ac)TI|<1?0RC|X1vdCGSnrZ@4}Nz2l>&|7!?(Zi&5(fYB- zoO~$t=|?8N5MelWLglm5EDW&}$%C5la+ZLSpwc}{7h>p3%v^kyc`)AO z$%PEY^PqbpA38J0MWLP?S5l69Rh>PDTSXJqu_O~_R;SRQG75sr_ns5~pI|i*hm*0x z|3d`mmhb;{I%k#te+$S{Tj~J6cWWwmYj_Ki++mz>Q%!f+U%}7EJ`` z|5i;OnHyNXhP2FAuoZ2yTIc=S!y=sdlb6HF*!ldg+obn@dH$U5c6prt&1Sor|8D_b zasSt#CQ{w|t?vE4dheHck^SHIJ!TJTNe1}5mK4CyRYkm8U90+lsPc`hX4lF{u`jR2 zre)Xgwq>y{fi=(CwIGVJVQ-KpekLR~JxKxKb5sC`&7(DXY*E1%#sA2&z&*j5XU7#OorB zCg0X_)ub@^A;E|lKBG4Zya_emg+KXixnNHVa8}{1=Hr?Yd~#?0^aDmv)M{7YO(qLE zHyH?%iML3Iq*(Dj!&^XMOp;f4e4!wJw)Kl`;I_k@9Y& z>~0JVh!9=mRn9zs^#)B@9MpMT+zwTC@y=9{qHs}SdUWqjk7%F&Ul@3&r|7=PBJw_g zmtih)7N+F)9<4bG!>Kntr4Et`&IWFC=(g#-jRqftqyt$n7bZ((OQ2Lfvls z2R{J-5f?{r!`=Kp-VQ$7EG6WDv+gi&Rc-`}LEac9fcf_2klHMb|B z^f9-W;68w_$V4f-BgSv!1`GEQGW%H^g43S)0h}k~DM=QWjmGoy^XaM@c!I{9(Z{96 zojxV=+5Ycta9rwBEn*XanD9F$23*Soawl>{R5+9NF1H4Wm}!p70bR(Nrx~156z19I00We@#2B^>ebufg1Z1xV={66%)32nax z9aN(3UxU74%D0g6A5sZea)2QX;7@@$GT6ToS1K$vV3lG!sy=Y&%|y^AU6rii@car_ zCYqF9!Q#zU1kLJcAw#U}lBWph99X+B>b|1Ny~ZauYCzK4n0s-Ij)xV|-LAc(+>c)V zM~wfDXsIm>bWOd>gwQ1zup9|usoCgAYqfNRwbpdg0O_`DZV+3q;YVY$zllx#2;f(m z6n6ys$tj>}HCr^CzA6l?4Ho(8ZmoU$9@S$GtwsdHx4~|7qJc5#q|f1$Kp%_iXaVd= zf}@m96A@^2I8(5E|8^#r1}=wX3)F?heqR|lhF}kSNALf@OGz<5ue$Q`{U6p)Fy(bD zn8QHU6$7xn#xjne#Erbh?}_v1h5n+U%3!!FDT+aVEZL?8C|*+w1jEs#F;F0vT21Ri zW{w1`F^%}%4=x+@hf2uL@{?IOacAXAq=V)evZ?km^2Wl8W@wL=t(!6x9(i#B%77&e zb>=%9Ybb*Uq4e<+6pXK|I}2OeJ32x`I*fCXV37M@0%I@-n;L_dnF<(3gN!J~#29t} zQ=n@hN0R%(Shafrtc?q9C_^7zMWH*LxN*W3!6&2TEb$B1Q&@0oVPd_&S|*=N6r0}l zD57z7E@@WeEehD98glw-iAP{9Kab_Hyx#OJDE9Q>A7Ff#0Aj*e4q-G+7)yf_VKhf{ zWO3pjU|db`dZIqU*8+P##IS6B{|6?m@n<-}<;3Uze*Z`O5+~mLGfeQQhZ|jK+WYy3 znrRISb>pYaDu9`Ub9}cD$PdzArG$a{Ok*`I4l)sR2ndQcU@7V9+M!;o$9AYffh0MK z;Xp_hESZH{L|L$+FCj;YrdYz2C2KaEN?EdtZ*yYz0(yl=U+-KYM#8mB`CJK>B04NK zGS2z@>>WWwKS}e0lRTWE35!EP(Hu)O!3n2aMO7FXBa876Rar0{aA~Ya9~r7_Gl4Ku zAPU0-b--Qf>KJc(GBQaI;wwP$xz?L;7+nn3BWv!#mm_ zBI{fTK?4n({aCx!^jqjQQ(*xLYbwwMAj$^Q$6+6{&Nx;yRncVNWQ)U$662TyVl=Rh zv>9L#sc5tyJ*d^LW!Z2{+p$+7j#1_GT}#WMi4?7zrBCaImSb&|rdZkldUJi*G!meH zB=)#~i9n4V82P*(&<(?2EWbn-bzS@saYY+-t7Rox*I=XdXy?Fl#90fb!2{NZ6hH&8L)# zCUrD2yHS#d>&$mE;Y{_ch@wzwE5qAp_{E9Hn#?8;BeH}WXkwlOArVE=j(BoL|M1v?KYslWa|fK6P(i;@q-+{9oH@>#Ft!Ssrn3NX z#_$e2fS@`sPYR@9S}O!g_Q6bL%YwCB+8Jn~U>~AjK)IDq<6GUl7NA!&iBQo-v7(?{9q>C7`gHPF1^T|dfqo~|LImcfBwWff6#{<<%*=wR(3sCp|$996{_YO z(8WglEA1oN^5GzE>;4~(eme*=SdqhAuJ{=t4tD_2?+pRzm2jn~ihT#21~KyIv1|$w za82K~Xr4A3t?tSH)Id(FdjYuiI_@0ot;75k0}{f_+$Z&3QT79oE)EmOD8{_{Ybgo}kYJ?J*zUGe{nKWE?n zId8R^dB4 zuD-ST^jk)|>jK&4Yc3VM0?Fj?UjW?o{&%Zee*cGWbvjl2e+xJ+fB1}nePF`n9L#lUe&`h}kFt#1YEfE)3@^ZS3T&gS>Oy6x)z z-+uiOv(l}t7GFV2j6B6<+41)M`bi2y`N8z|~Ow6Ys zbf2Bsj8vY4!;COwQz$>7Xe*%F48$`9THIpN2aHk1@yGEDNvKN8y(EZgFZfn+fP+vZ2SD)KfX zstDHQlRI0u;iUt8Fm*05I1@M8hd0>{JN$pEaejvW z|GaT_)@?VM=>NNCjned0&P;^#!Lt)^|0I46s+s8! zaO)4=<1(Z{p#~g^82)Oj(QK3Z7l;sUPN3yFa~fGJ3>-7>K6Jtt zf-xj?T@nQk@v{@UewjkY+rejqkRYTELCXjo%8X}nko@OWYv<4J}=-o zf~I4tU{)YlaVHSXY#9r=>CX;H6H z`MB`8$G93V{XcPBMw4<#i@~=ulI;}p8T`Il|8u;j(dTMDhHiBUGvYP5!91+q2M}lc z$1N1!+I5w%2Us|vGe2PLN7%LgYqi>i^a-n)+wR-Pe@0#mYFK+X$6 z9^&xKjbj>FVept~BK=A; zn@halm~-#B@lzwYx)ONP>NU?AwN?jWdIOK0q%4UGy>-_gK1`Yy&F}Nf$@@Z2uHqwP zF_R#ieqi!*5r$(YR6aXR!w^f6T&Ni>XE7)VD&4bmA%ecd%*A7w2jfki9LQi?7rHm} zpfmkU6za)w1?9L`)!B2nl~q9*ixOdGRf7ft!NwN67YW>7QxJ$yc|}>&gXyK#=B-4*MaA)ZnuT=ztL!y^Zza23-15w)I`dA zzvaE(SMU8YFS7spzQ^oAElB~N*ODCQnj#B#t7}CY5JkF?l=NC2$=2o7*f6aM-qFn0 zC9vjMyXFN!(ya}$hv#in1uQAndWGy2nME{Ck35KmrqesJ9Q~n}FmHwu>1&Fj-OB19 z?TgVEy68$G3J*F1AC99xhV(Z{fKDjR|8O}w!2cU) zB46wNPvPvmi~+yn7(hMA-b27Qf^@G?=79@=XfqPw9-)v3?0IyV{clZm^C ziKv=6NzqEigO|9qI7nqa2O(~qgDUS?tY>|B(!X7k!&;Zgp~~o<|44b)6LvSc3Pgy` z^D1T@zClQRvTqhRt& zMBDl}3&NLp>65@;>m^{yq^@;CQFPI==#dJmb~~N3&cDrLIo;&(8TCwam=5P&8s2KP zs5o&b=-6ElA*WwUm(o(LIC~(`iTtgR*EM({B6X;v&y| zGV{=E@)JC<&|^{MEsj3zLe`fj>Fq4GS+Gi3eTIte(Mzblb$)he$l`YmGr7aa_Ub+^G>JP!u-G0?v&5}-vsuaH(^v+<@Yy9YTVhfwP4-!Sk3K8D1FTB#<&mQ z3o=p4?uhXlIsU?Vgv@>x1>m%2o)70Sd5Yu3Wxf9V{9IdA15Z$&Gy15|xY|=ZpY8wd z2FE2n)g%_-i2=W3qQkXBAa^2HM1eDL?{X`Uh#A&cwvK1X(DAS$y4$sPl=;!iKScQNh?ZLX zKvR{wR0v&y0m~6D6q=2Wv{Fe{SZhr;bdYXI#s;zZ8h$i3`kUCqj{tt9Nq$GL7uNt) zsaS$;_Z5C%Zm`H!cWdq2_oyCoXf*;Dz6Exp5fzL{BYh611o~K9NAqA$A{@nJng~Fv z!I_NZ`?oXR&~Z5|nV>E#_WSa{)_H5#J39FdFGbn-wCc*sli$oCZ%FG{Fo%Jp$vR+r z^<@-7i4(f@Ut{~x4ZKBNk-%_QQe>U}n36>eP`IWR2!^AHW1v7Tm5SPj%p3_=W9rep z=U>+850#LeWhb*>;>?PdNC(Z+B}3_@9; zLg}L?C>URvcP6&BcXWh?bQtF%!XWp-1jb+v7BvPTH5D+9IvG)nfidg=ra;$1wkY-a zv10XnSR3cuP>Mdf3Ik_4aiW+lf=@@wS?uMmr?B8wgV=n5wM;gdC^ot4kw@d|TvW}_ zUF5Jw73B2A5|6-IejH0$l}C5z_=RV z^#pB%uLbtLi(uJ&@*5_t(I+^;<;17Ip8OWQM6o;n1QUGf;zn1R_I~=VVwl5R-RNnv z3ScI|9N#Sj@`LnOAz`3CQ(sMsgG>Ys0)ng#SW3FOwy78Eu^p;VAd0rE+Ypj@Q)1y3 zQ6{YD3&@eI$|iqhN~#5?Vw&vY+nm_FfLM!ef6N5<*QFlcG+)bAuz>z|h$xc;F7I;iv#5C?KQWmrq0DV92b-dtZcjdlJ2#tDng>!J%o>V0p!DMy5_UU#^C_XCNga*MP8et5 zI`!R5I8!|>q9|0_Oz{>PetsgdCbJ2|h)n(lnwTX)NJLR|VA-`LWL<4~_$ZR0eu9y+ zQUcwOVVdf_qZT=%e|T)dUu*pja|fK6P(izq#dI1ooH0(DFgA0VCbIx>`tS}s0I%3E zPjaMSS}O!g_Q6ag(}cBL(iv!?U>^dnL%Eqv<6F(R=AlS27lP7|7I@a|TU^P1q>(kc{%V&sow$>2rcn!Ih%s5R=% z?&;qvAg9^A09<<=cMkT}WvEtyxF~Mxa-;TUoTSR}8eVwL(^MpGf1RU)jfaDytO( z$H~bTdcL*3C9DH(#Q(%IuKybE^aE_^i`?0(Ea_`9-r{3BduN Date: Fri, 5 Mar 2021 09:10:30 +0000 Subject: [PATCH 09/55] Force use of version for binaries, enable wireguard by default --- debian9-x86_64.sh | 79 +++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 34 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 84ef712..231325a 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -27,6 +27,7 @@ UBOND=${UBOND:-no} UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} OPENVPN=${OPENVPN:-yes} DSVPN=${DSVPN:-yes} +WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-yes} NOINTERNET=${NOINTERNET:-no} SPEEDTEST=${SPEEDTEST:-no} @@ -36,20 +37,28 @@ KERNEL_VERSION="5.4.100" KERNEL_PACKAGE_VERSION="1.18+9d3f35b" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" +GLORYTUN_UDP_BINARY_VERSION="0.3.4-4" +GLORYTUN_TCP_BINARY_VERSION="0.0.35-3" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" +MLVPN_BINARY_VERSION="3.0.0+20180903.git.8f97209" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="376322a61dc53e671e7e3c7eaaf6645c0537a9d3" +OBFS_BINARY_VERSION="0.0.5-1" +OMR_ADMIN_VERSION="6404f52ef4e285ae5760c363bc9d6f682f6d9099" +OMR_ADMIN_BINARY_VERSION="0.3+20210304" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" +DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.34.0" V2RAY_PLUGIN_VERSION="v1.4.3" EASYRSA_VERSION="3.0.6" -SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203" +SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a" +SHADOWSOCKS_BINARY_VERSION="3.3.5-1" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server-test" VPSURL="https://www.openmptcprouter.com/" +REPO="repo.openmptcprouter.com" OMR_VERSION="0.1025-test" @@ -78,7 +87,7 @@ elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != echo "This script only work with Ubuntu 18.04, 19.04 or 20.04" exit 1 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then - echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)" + echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x) or Debian Buster (10.x)" exit 1 fi @@ -158,17 +167,14 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" fi # Add OpenMPTCProuter repo echo "Add OpenMPTCProuter repo..." -echo 'deb [arch=amd64] https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list +echo "deb [arch=amd64] https://${REPO} stretch main" > /etc/apt/sources.list.d/openmptcprouter.list cat <> /etc/apt/sources.list.d/buster-backports.list +wget -O - http://${REPO}/openmptcprouter.gpg.key | apt-key add - #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61 if [ "$ID" = "debian" ]; then @@ -176,6 +182,8 @@ if [ "$ID" = "debian" ]; then #echo 'deb http://dl.bintray.com/cpaasch/deb jessie main' >> /etc/apt/sources.list echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list fi + # Add buster-backports repo + echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list elif [ "$ID" = "ubuntu" ]; then echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list @@ -302,7 +310,7 @@ if [ "$SOURCES" = "yes" ]; then #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} rm -rf /tmp/shadowsocks-libev else - apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev + apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} fi # Load OLIA Congestion module at boot time @@ -421,27 +429,28 @@ if [ "$OMR_ADMIN" = "yes" ]; then cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/ cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ cd /etc/openmptcprouter-vps-admin - sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json fi - openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps" - sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json - sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json - [ "$NOINTERNET" = "yes" ] && { - sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json - } - chmod u+x /usr/local/bin/omr-admin.py - #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py - [ "$(ip -6 a)" != "" ] && { - systemctl enable omr-admin-ipv6.service - } - systemctl enable omr-admin.service rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION} else - apt-get -y install omr-vps-admin - OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") - OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") + apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} + #OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") + #OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") fi - + if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then + openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps" + fi + sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json + sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json + sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json + [ "$NOINTERNET" = "yes" ] && { + sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json + } + chmod u+x /usr/local/bin/omr-admin.py + #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py + [ "$(ip -6 a)" != "" ] && { + systemctl enable omr-admin-ipv6.service + } + systemctl enable omr-admin.service fi # Get shadowsocks optimization @@ -531,7 +540,7 @@ if [ "$OBFS" = "yes" ]; then cd /tmp rm -rf /tmp/simple-obfs else - apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs + apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION} fi #sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json fi @@ -626,7 +635,7 @@ if [ "$MLVPN" = "yes" ]; then cd /tmp rm -rf /tmp/mlvpn else - apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn + apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn=${MLVPN_BINARY_VERSION} fi if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network @@ -718,7 +727,7 @@ if [ "$WIREGUARD" = "yes" ]; then echo "Install WireGuard" rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - apt-get --no-install-recommends -y wireguard-tools + apt-get -y install wireguard-tools --no-install-recommends if [ ! -f /etc/wireguard/wg0.conf ]; then cd /etc/wireguard umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key @@ -895,9 +904,11 @@ if [ "$SOURCES" = "yes" ]; then cd /tmp rm -rf /tmp/glorytun-udp else - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION} GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" fi +[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 + # Add chrony for time sync apt-get install -y chrony @@ -939,7 +950,7 @@ if [ "$DSVPN" = "yes" ]; then cd /tmp rm -rf /tmp/dsvpn else - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi fi @@ -987,9 +998,9 @@ if [ "$SOURCES" = "yes" ]; then cd /tmp rm -rf /tmp/glorytun-0.0.35 else - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION} fi - +[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0 # Load tun module at boot time From 8319728f56c1e43856b811229d955d13ff0fddfa Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 8 Mar 2021 08:12:51 +0000 Subject: [PATCH 10/55] Fix script --- debian9-x86_64.sh | 44 ++++++++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 231325a..b987c45 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -41,7 +41,7 @@ GLORYTUN_UDP_BINARY_VERSION="0.3.4-4" GLORYTUN_TCP_BINARY_VERSION="0.0.35-3" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" -MLVPN_BINARY_VERSION="3.0.0+20180903.git.8f97209" +MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" @@ -167,7 +167,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" fi # Add OpenMPTCProuter repo echo "Add OpenMPTCProuter repo..." -echo "deb [arch=amd64] https://${REPO} stretch main" > /etc/apt/sources.list.d/openmptcprouter.list +echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list cat < Date: Mon, 8 Mar 2021 14:02:06 +0000 Subject: [PATCH 11/55] Add version and depends in Debian package --- debian/control | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 5f0b05c..b95f591 100644 --- a/debian/control +++ b/debian/control @@ -10,5 +10,25 @@ Homepage: https://github.com/ysurac/openmptcprouter-vps Package: omr-server Architecture: all Multi-Arch: foreign -Depends: ${misc:Depends} +Depends: + curl, + rename, + libcurl4, + unzip, + tracebox, + omr-iperf3, + omr-shadowsocks-libev (= 3.3.5-1), + omr-vps-admin (= 0.3+20210304), + omr-simple-obfs, + mlvpn (= 3.0.0+20201216.git.2263bab), + omr-glorytun (= 0.3.4-4), + omr-glorytun-tcp (= 0.0.35-3), + omr-dsvpn (= 0.1.4-2), + shorewall, + shorewall6, + iptables, + ${misc:Depends} +Provides: omr-server +Conflicts: omr-server +Replaces: omr-server Description: OpenMPTCProuter Server script \ No newline at end of file From aacad49aa4c5619744add3b5b6777daba4fc5b9f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 8 Mar 2021 14:53:06 +0000 Subject: [PATCH 12/55] Update API and fix debian mlvpn depend --- debian/control | 2 +- debian9-x86_64.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/control b/debian/control index b95f591..fccd12e 100644 --- a/debian/control +++ b/debian/control @@ -20,7 +20,7 @@ Depends: omr-shadowsocks-libev (= 3.3.5-1), omr-vps-admin (= 0.3+20210304), omr-simple-obfs, - mlvpn (= 3.0.0+20201216.git.2263bab), + omr-mlvpn (= 3.0.0+20201216.git.2263bab), omr-glorytun (= 0.3.4-4), omr-glorytun-tcp (= 0.0.35-3), omr-dsvpn (= 0.1.4-2), diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index b987c45..c052fbf 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -45,7 +45,7 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="6404f52ef4e285ae5760c363bc9d6f682f6d9099" +OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9" OMR_ADMIN_BINARY_VERSION="0.3+20210304" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -174,7 +174,7 @@ Package: * Pin: origin ${REPO} Pin-Priority: 1001 EOF -wget -O - http://${REPO}/openmptcprouter.gpg.key | apt-key add - +wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61 if [ "$ID" = "debian" ]; then From c64bed8db51e8a28009d6a3aec24d6f25b49b6f2 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 8 Mar 2021 15:50:32 +0000 Subject: [PATCH 13/55] Fix script name --- debian/postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/postinst b/debian/postinst index 9631851..66b1e91 100644 --- a/debian/postinst +++ b/debian/postinst @@ -6,7 +6,7 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x . /usr/share/debconf/confmodule cd /usr/share/omr-server -LOCALFILES=no SOURCES=no sh build.sh +LOCALFILES=no SOURCES=no sh debian9-x86_64.sh db_stop From 3c6e85e07fb7d6f9019e2aea7e76cf25da392401 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 10:23:46 +0100 Subject: [PATCH 14/55] Add a service to do update after reboot --- debian/postinst | 6 ++++-- debian/rules | 3 ++- debian9-x86_64.sh | 7 +++++++ omr-update.service.in | 14 ++++++++++++++ 4 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 omr-update.service.in diff --git a/debian/postinst b/debian/postinst index 66b1e91..3f2400b 100644 --- a/debian/postinst +++ b/debian/postinst @@ -5,8 +5,10 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x # use debconf . /usr/share/debconf/confmodule -cd /usr/share/omr-server -LOCALFILES=no SOURCES=no sh debian9-x86_64.sh +sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" debian9-x86_64.sh +echo 'To finish installation reboot' + +systemctl enable omr-update db_stop diff --git a/debian/rules b/debian/rules index 10d24ab..4db8990 100755 --- a/debian/rules +++ b/debian/rules @@ -9,8 +9,9 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all override_dh_auto_install: mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server - find . -type f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';' + find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';' cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ + cp omr-update.service.in /lib/systemd/system/omr-update.service diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index c052fbf..c805f90 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -30,6 +30,7 @@ DSVPN=${DSVPN:-yes} WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-yes} NOINTERNET=${NOINTERNET:-no} +REINSTALL=${REINSTALL:-yes} SPEEDTEST=${SPEEDTEST:-no} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} @@ -133,6 +134,12 @@ if [ "$UPDATE" = "yes" ]; then echo "Update mode" fi +CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')" +if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then + exit 1 +fi + + echo "Remove lock and update packages list..." rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend diff --git a/omr-update.service.in b/omr-update.service.in new file mode 100644 index 0000000..c543d73 --- /dev/null +++ b/omr-update.service.in @@ -0,0 +1,14 @@ +[Unit] +Description=OMR Update +After=network.target network-online.target + +[Service] +Type=simple +Restart=no +Environment="SOURCES=no" +Environment="REINSTALL=no" +Environment="LOCALFILES=yes" +ExecStart=/usr/share/omr-server/debian9-x86_64.sh + +[Install] +WantedBy=multi-user.target From 0ddc538c87294424b9c2f5b06fac9469d273c08a Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 09:29:59 +0000 Subject: [PATCH 15/55] Add dependencie in debian package --- debian/control | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/control b/debian/control index fccd12e..37756a6 100644 --- a/debian/control +++ b/debian/control @@ -27,6 +27,8 @@ Depends: shorewall, shorewall6, iptables, + v2ray-plugin, + linux-image (= 5.4.100-mptcp_1.18+9d3f35b), ${misc:Depends} Provides: omr-server Conflicts: omr-server From 96eb181b403ad71405bf3717eb476e6799bd0dbb Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 09:30:19 +0000 Subject: [PATCH 16/55] Use Debian package for kernel --- debian9-x86_64.sh | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index c052fbf..cdd7d57 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -194,22 +194,29 @@ apt-get update sleep 2 apt-get -y install dirmngr patch -wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb -wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb -# Rename bzImage to vmlinuz, needed when custom kernel was used -cd /boot -apt-get -y install rename curl libcurl4 unzip git -rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 -#apt-get -y install linux-mptcp -#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp -#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp -if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then +if [ "$SOURCES" = "yes" ]; then + wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb + wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb + # Rename bzImage to vmlinuz, needed when custom kernel was used + cd /boot + apt-get -y install rename curl libcurl4 unzip git + rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 + #apt-get -y install linux-mptcp + #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp + #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp + if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then + echo "Install kernel linux-image-${KERNEL_RELEASE}" + echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" + dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb + dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb + fi +else + cd /boot + rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 echo "Install kernel linux-image-${KERNEL_RELEASE}" echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb + apt-get -y install linux-image=${KERNEL_RELEASE} linux-headers=${KERNEL_RELEASE} fi - # Check if mptcp kernel is grub default kernel echo "Set MPTCP kernel as grub default..." if [ "$LOCALFILES" = "no" ]; then @@ -594,7 +601,11 @@ fi if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray - wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + if [ "$SOURCES" = "yes" ]; then + wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + else + apt-get -y install v2ray=${V2RAY_VERSION} + fi if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service fi From cf1eca052a1107562c6d0980857c65330864c442 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 09:33:15 +0000 Subject: [PATCH 17/55] Fix kernel package version --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 37756a6..17c4b9b 100644 --- a/debian/control +++ b/debian/control @@ -28,7 +28,7 @@ Depends: shorewall6, iptables, v2ray-plugin, - linux-image (= 5.4.100-mptcp_1.18+9d3f35b), + linux-image-5.4.100-mptcp (= 1.18+9d3f35b), ${misc:Depends} Provides: omr-server Conflicts: omr-server From 605acd1ffdda1154e0233b02dec267a3f450ae14 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 09:35:54 +0000 Subject: [PATCH 18/55] Fix kernel package version in install script --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 72760df..30cb01c 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -222,7 +222,7 @@ else rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 echo "Install kernel linux-image-${KERNEL_RELEASE}" echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - apt-get -y install linux-image=${KERNEL_RELEASE} linux-headers=${KERNEL_RELEASE} + apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} fi # Check if mptcp kernel is grub default kernel echo "Set MPTCP kernel as grub default..." From 95453a801372c2db4b608fd84e6250ef2e694ee6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 09:51:50 +0000 Subject: [PATCH 19/55] Fix sed in debian package --- debian/postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/postinst b/debian/postinst index 3f2400b..03edb58 100644 --- a/debian/postinst +++ b/debian/postinst @@ -5,7 +5,7 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x # use debconf . /usr/share/debconf/confmodule -sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" debian9-x86_64.sh +sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh echo 'To finish installation reboot' systemctl enable omr-update From 382fc59a4f87cc6789a7dd18641a46fa733a1ad0 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 10:30:05 +0000 Subject: [PATCH 20/55] Fix v2ray --- debian9-x86_64.sh | 4 ++-- old-v2ray.service | 25 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) mode change 100644 => 100755 debian9-x86_64.sh create mode 100644 old-v2ray.service diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh old mode 100644 new mode 100755 index 30cb01c..bc28a86 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -610,14 +610,14 @@ if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray if [ "$SOURCES" = "yes" ]; then wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb + rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb else apt-get -y install v2ray=${V2RAY_VERSION} fi if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service fi - dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb - rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb if [ ! -f /etc/v2ray/v2ray-server.json ]; then wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json diff --git a/old-v2ray.service b/old-v2ray.service new file mode 100644 index 0000000..9ed715a --- /dev/null +++ b/old-v2ray.service @@ -0,0 +1,25 @@ +[Unit] +Description=V2Ray - A unified platform for anti-censorship +Documentation=https://v2ray.com https://guide.v2fly.org +After=network.target nss-lookup.target +Wants=network-online.target + +[Service] +# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple +#Type=exec +Type=simple +# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port. +# This service runs as root. You may consider to run it as another user for security concerns. +# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray. +# More discussion at https://github.com/v2ray/v2ray-core/issues/1011 +User=root +#User=v2ray +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW +NoNewPrivileges=yes +ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json +Restart=on-failure +# Don't restart in the case of configuration error +RestartPreventExitStatus=23 + +[Install] +WantedBy=multi-user.target From f573c43ce0f1a587b9452aa10641d5dd4cb97342 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 10:30:32 +0000 Subject: [PATCH 21/55] Fix omr-update service script install --- debian/rules | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 4db8990..d411dc4 100755 --- a/debian/rules +++ b/debian/rules @@ -13,5 +13,6 @@ override_dh_auto_install: cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ - cp omr-update.service.in /lib/systemd/system/omr-update.service + mkdir -p $(CURDIR)/debian/omr-server/lib/systemd/system + cp omr-update.service.in $(CURDIR)/debian/omr-server/lib/systemd/system/omr-update.service From 2dbc4e4f0fab5a029a4693a0bab2740e34b3beb0 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 10:31:20 +0000 Subject: [PATCH 22/55] Fix output of omr-update --- omr-update.service.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/omr-update.service.in b/omr-update.service.in index c543d73..1a21135 100644 --- a/omr-update.service.in +++ b/omr-update.service.in @@ -9,6 +9,8 @@ Environment="SOURCES=no" Environment="REINSTALL=no" Environment="LOCALFILES=yes" ExecStart=/usr/share/omr-server/debian9-x86_64.sh +StandardOutput=file:/var/log/omr-update.log +StandardError=file:/var/log/omr-update.log [Install] WantedBy=multi-user.target From 8e795b035b46cb5175131a7e2d047ab110c8d82e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 13:00:31 +0000 Subject: [PATCH 23/55] Reboot not needed after install --- debian/postinst | 2 -- 1 file changed, 2 deletions(-) diff --git a/debian/postinst b/debian/postinst index 03edb58..bd08d7f 100644 --- a/debian/postinst +++ b/debian/postinst @@ -6,8 +6,6 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x . /usr/share/debconf/confmodule sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh -echo 'To finish installation reboot' - systemctl enable omr-update db_stop From 5bfd42770dfd6cb9d304ffccda4bdd2ebb52b197 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 13:00:54 +0000 Subject: [PATCH 24/55] Fix get previous pass for omr-admin --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index bc28a86..837d4d6 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -450,9 +450,9 @@ if [ "$OMR_ADMIN" = "yes" ]; then if [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n") [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") - [ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 + [ -n "$OMR_ADMIN_PASS2" ] && [ "$OMR_ADMIN_PASS2" != "MySecretKey" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") - [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 + [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 fi apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then From 269b986cbe12f4cb8166fe88ed0f9f29ca800da9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 13:04:17 +0000 Subject: [PATCH 25/55] Install omr-server debian package at end of install script --- debian9-x86_64.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 837d4d6..b7e98d2 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1219,6 +1219,10 @@ else echo "< OpenMPTCProuter VPS $OMR_VERSION >" > /etc/motd fi +if [ "$SOURCES" != "yes" ]; then + apt-get -y install omr-server=${OMR_VERSION} +fi + if [ "$update" = "0" ]; then # Display important info echo '====================================================================================' From 7ce28a948188cfc8b3a40b30fc68d7e0f714bf8f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 13:43:18 +0000 Subject: [PATCH 26/55] Fix script for kernel binary install --- debian9-x86_64.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index b7e98d2..f8b3f97 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -199,14 +199,14 @@ fi echo "Install mptcp kernel and shadowsocks..." apt-get update sleep 2 -apt-get -y install dirmngr patch +apt-get -y install dirmngr patch rename curl libcurl4 unzip if [ "$SOURCES" = "yes" ]; then wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb # Rename bzImage to vmlinuz, needed when custom kernel was used cd /boot - apt-get -y install rename curl libcurl4 unzip git + apt-get -y install git rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 #apt-get -y install linux-mptcp #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp @@ -220,9 +220,11 @@ if [ "$SOURCES" = "yes" ]; then else cd /boot rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 - echo "Install kernel linux-image-${KERNEL_RELEASE}" - echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} + if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then + echo "Install kernel linux-image-${KERNEL_RELEASE}" + echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" + apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} + fi fi # Check if mptcp kernel is grub default kernel echo "Set MPTCP kernel as grub default..." From a713d44645de0311a8289bd0b9a8b77ef5c2163d Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 13:46:55 +0000 Subject: [PATCH 27/55] No error if omr-server not installed --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index f8b3f97..8c2fb45 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1222,7 +1222,7 @@ else fi if [ "$SOURCES" != "yes" ]; then - apt-get -y install omr-server=${OMR_VERSION} + apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true fi if [ "$update" = "0" ]; then From e70303ba3f1be88a0259ee94e4d90037bcde0cec Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 14:11:54 +0000 Subject: [PATCH 28/55] Change version --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 1e55a02..33cf21b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -omr-server (0.1025) unstable; urgency=medium +omr-server (0.1025-test) unstable; urgency=medium * Wireguard support and fixed From 8856fece584efb8c4244899d43a24461e98ffefb Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 14:38:35 +0000 Subject: [PATCH 29/55] Use v2ray_plugin debian package --- debian/control | 3 ++- debian9-x86_64.sh | 52 +++++++++++++++++++++++++---------------------- 2 files changed, 30 insertions(+), 25 deletions(-) diff --git a/debian/control b/debian/control index 17c4b9b..0da3629 100644 --- a/debian/control +++ b/debian/control @@ -27,7 +27,8 @@ Depends: shorewall, shorewall6, iptables, - v2ray-plugin, + v2ray-plugin (= 4.35.1), + v2ray (=4.35.1), linux-image-5.4.100-mptcp (= 1.18+9d3f35b), ${misc:Depends} Provides: omr-server diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 8c2fb45..fd83af2 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -50,8 +50,8 @@ OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9" OMR_ADMIN_BINARY_VERSION="0.3+20210304" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" -V2RAY_VERSION="4.34.0" -V2RAY_PLUGIN_VERSION="v1.4.3" +V2RAY_VERSION="4.35.1" +V2RAY_PLUGIN_VERSION="4.35.1" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a" SHADOWSOCKS_BINARY_VERSION="3.3.5-1" @@ -574,29 +574,33 @@ fi # Install v2ray-plugin if [ "$V2RAY_PLUGIN" = "yes" ]; then echo "Install v2ray plugin" - rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - #wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - #wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - cd /tmp - tar xzvf v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin - cd /tmp - rm -rf /tmp/v2ray-plugin_linux_amd64 - rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz + if [ "$SOURCES" = "yes" ]; then + rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz + #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + cd /tmp + tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin + cd /tmp + rm -rf /tmp/v2ray-plugin_linux_amd64 + rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - #rm -rf /tmp/v2ray-plugin - #cd /tmp - #rm -f /var/lib/dpkg/lock - #apt-get install -y --no-install-recommends git ca-certificates golang-go - #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin - #cd /tmp/v2ray-plugin - #git checkout ${V2RAY_PLUGIN_VERSION} - #git submodule update --init --recursive - #CGO_ENABLED=0 go build -o v2ray-plugin - #cp v2ray-plugin /usr/local/bin/v2ray-plugin - #cd /tmp - #rm -rf /tmp/simple-obfs + #rm -rf /tmp/v2ray-plugin + #cd /tmp + #rm -f /var/lib/dpkg/lock + #apt-get install -y --no-install-recommends git ca-certificates golang-go + #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin + #cd /tmp/v2ray-plugin + #git checkout ${V2RAY_PLUGIN_VERSION} + #git submodule update --init --recursive + #CGO_ENABLED=0 go build -o v2ray-plugin + #cp v2ray-plugin /usr/local/bin/v2ray-plugin + #cd /tmp + #rm -rf /tmp/simple-obfs + else + apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION} + fi fi if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then From 47df28fdc67b2f5927da84924d18edd8c4ec1133 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 11 Mar 2021 08:07:55 +0000 Subject: [PATCH 30/55] Fix symbolic link for v2ray config --- debian9-x86_64.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index fd83af2..3706227 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -630,6 +630,7 @@ if [ "$V2RAY" = "yes" ]; then rm /etc/v2ray/config.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json fi + ln -sf /etc/v2ray/v2ray-server.json /etc/v2ray/config.json sed -i 's:debug:warning:' /etc/v2ray/v2ray-server.json rm -f /tmp/v2rayError.log if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then From 83e81cfd9ffb14d8495a8f210d3a9854e52d84bb Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 11 Mar 2021 14:48:12 +0000 Subject: [PATCH 31/55] Go to openmptcprouter-vps-admin dir before creating key --- debian9-x86_64.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 3706227..4be25a4 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -464,6 +464,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then #OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") fi if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then + cd /etc/openmptcprouter-vps-admin openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps" fi sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json From 8e738a8f197f823f1ac6a0cee5e1b81f16fcf21f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Mar 2021 06:46:05 +0000 Subject: [PATCH 32/55] Fix https://github.com/Ysurac/openmptcprouter-vps/issues/46 --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 4be25a4..2d1af03 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -579,7 +579,7 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz cd /tmp tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin From fd10d9ac2002dbf1eade75fd113b683893fc2201 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Mar 2021 13:21:25 +0000 Subject: [PATCH 33/55] Force update repo key --- debian9-x86_64.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 2d1af03..60966c2 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -139,6 +139,10 @@ if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then exit 1 fi +[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { + echo "Update ${REPO} key" + wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - +} echo "Remove lock and update packages list..." rm -f /var/lib/dpkg/lock From 5291876fe682ca6404944030cae2235c90016a26 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Mar 2021 16:57:04 +0000 Subject: [PATCH 34/55] Fix mlvpn source install and use binary by default --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 60966c2..0a3520b 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -28,7 +28,7 @@ UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} OPENVPN=${OPENVPN:-yes} DSVPN=${DSVPN:-yes} WIREGUARD=${WIREGUARD:-yes} -SOURCES=${SOURCES:-yes} +SOURCES=${SOURCES:-no} NOINTERNET=${NOINTERNET:-no} REINSTALL=${REINSTALL:-yes} SPEEDTEST=${SPEEDTEST:-no} @@ -657,6 +657,7 @@ if [ "$MLVPN" = "yes" ]; then if [ -f /etc/mlvpn/mlvpn0.conf ]; then mlvpnupdate="1" fi + mkdir -p /etc/mlvpn if [ "$SOURCES" = "yes" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend @@ -691,7 +692,6 @@ if [ "$MLVPN" = "yes" ]; then else apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-mlvpn=${MLVPN_BINARY_VERSION} fi - mkdir -p /etc/mlvpn if [ "$mlvpnupdate" = "0" ]; then sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf fi From 69df502cb9eff01699e1a037b568689da3613086 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Mar 2021 17:13:56 +0000 Subject: [PATCH 35/55] Keep old config --- debian9-x86_64.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 0a3520b..136053e 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -330,7 +330,7 @@ if [ "$SOURCES" = "yes" ]; then #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} rm -rf /tmp/shadowsocks-libev else - apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} + apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} fi # Load OLIA Congestion module at boot time @@ -460,7 +460,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 fi - apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} + apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/ fi @@ -624,7 +624,7 @@ if [ "$V2RAY" = "yes" ]; then dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb else - apt-get -y install v2ray=${V2RAY_VERSION} + apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION} fi if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service @@ -690,7 +690,7 @@ if [ "$MLVPN" = "yes" ]; then fi fi else - apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-mlvpn=${MLVPN_BINARY_VERSION} + apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION} fi if [ "$mlvpnupdate" = "0" ]; then sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf From 507f49413cd3a7bdefe45a9d122e3b3f2d97d67a Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 15 Mar 2021 19:12:01 +0000 Subject: [PATCH 36/55] Update API --- debian9-x86_64.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 136053e..90a710b 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) for OpenMPTCProuter +# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) for OpenMPTCProuter # # This is free software, licensed under the GNU General Public License v3 or later. # See /LICENSE for more information. @@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9" -OMR_ADMIN_BINARY_VERSION="0.3+20210304" +OMR_ADMIN_VERSION="f408dfb7e73970d3ae10bb188174c070e5b18fe7" +OMR_ADMIN_BINARY_VERSION="0.3+20210315" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.35.1" From 454046f830402050b6c7143eac494520ec4b46f1 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 15 Mar 2021 19:40:17 +0000 Subject: [PATCH 37/55] Update API --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 90a710b..540473f 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -46,7 +46,7 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="f408dfb7e73970d3ae10bb188174c070e5b18fe7" +OMR_ADMIN_VERSION="db77dc0508bf14089a185cbf3b2c1aee5333b2d7" OMR_ADMIN_BINARY_VERSION="0.3+20210315" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" From 9a764d0eaf95b27a750e6a910e6531e9345ad9a8 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 12:36:53 +0000 Subject: [PATCH 38/55] Fix LAN default route, fix https://github.com/Ysurac/openmptcprouter-vps/pull/47 in an other way --- omr-service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omr-service b/omr-service index 4b8e54d..0711abc 100755 --- a/omr-service +++ b/omr-service @@ -52,7 +52,7 @@ _lan_route() { while IFS=$"\n" read -r c; do vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then - echo "$c" | jq -c '.lanips //empty' | + echo "$c" | jq -c '.lanips[] //empty' | while IFS=$"\n" read -r d; do network=$(ipcalc -n $d | grep Network | awk '{print $2}') [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null From 98ee07f6a6cd7e8bc7f4559788b018b9e641747a Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:41:26 +0000 Subject: [PATCH 39/55] Add a test for a China compatible script --- debian9-x86_64.sh | 46 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 8 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 540473f..8cf27d3 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -60,6 +60,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com VPSPATH="server-test" VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" +CHINA=${CHINA:-no} OMR_VERSION="0.1025-test" @@ -176,16 +177,45 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="20.04" fi + # Add OpenMPTCProuter repo echo "Add OpenMPTCProuter repo..." -echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list -cat < /etc/apt/sources.list.d/openmptcprouter.list + cat /var/lib/openmptcprouter-vps-debian | apt-key add - + if [ ! -d /usr/share/omr-server ]; then + git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server + fi + cd /usr/share/omr-server + git pull + if [ "$VPS_PATH" = "server-test" ]; then + git checkout develop + else + git checkout master + fi + DIR="/usr/share/omr-server" +else + echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list + cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref + Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones + Package: * + Pin: origin ${REPO} + Pin-Priority: 1001 + EOF + wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - +fi #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61 if [ "$ID" = "debian" ]; then From dae3133a1d308601b718b59911e2c052f185cd7f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:44:43 +0000 Subject: [PATCH 40/55] Fix --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 8cf27d3..c8722ba 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -194,7 +194,7 @@ if [ "$CHINA" = "yes" ]; then # git checkout main # fi echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list - cat /var/lib/openmptcprouter-vps-debian | apt-key add - + cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add - if [ ! -d /usr/share/omr-server ]; then git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server fi From 31d4712c8314283508475a4f0fb0b4cb11145c9e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:49:12 +0000 Subject: [PATCH 41/55] Fix --- debian9-x86_64.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index c8722ba..bd715f1 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -142,7 +142,11 @@ fi [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { echo "Update ${REPO} key" - wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - + if [ "$CHINA" = "yes" ]; then + wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - + else + wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - + fi } echo "Remove lock and update packages list..." @@ -195,17 +199,17 @@ if [ "$CHINA" = "yes" ]; then # fi echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add - - if [ ! -d /usr/share/omr-server ]; then - git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server + if [ ! -d /usr/share/omr-server-git ]; then + git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git fi - cd /usr/share/omr-server + cd /usr/share/omr-server-git git pull if [ "$VPS_PATH" = "server-test" ]; then git checkout develop else git checkout master fi - DIR="/usr/share/omr-server" + DIR="/usr/share/omr-server-git" else echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref From cedb65670e46ea680bddb3304e2f842569251be4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:53:25 +0000 Subject: [PATCH 42/55] Add missing files and use localfiles for china --- debian9-x86_64.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index bd715f1..6045365 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -209,6 +209,7 @@ if [ "$CHINA" = "yes" ]; then else git checkout master fi + LOCALFILES="yes" DIR="/usr/share/omr-server-git" else echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list From 07e23b78512794d7902387fe92151e4ee0488cca Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:57:16 +0000 Subject: [PATCH 43/55] fix --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 6045365..a9c2151 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -192,7 +192,7 @@ if [ "$CHINA" = "yes" ]; then fi cd /var/lib/openmptcprouter-vps-debian git pull -# if [ "$VPS_PATH" = "server-test" ]; then +# if [ "$VPSPATH" = "server-test" ]; then # git checkout develop # else # git checkout main @@ -204,7 +204,7 @@ if [ "$CHINA" = "yes" ]; then fi cd /usr/share/omr-server-git git pull - if [ "$VPS_PATH" = "server-test" ]; then + if [ "$VPSPATH" = "server-test" ]; then git checkout develop else git checkout master From 1d2887c747f7fc3d0c3aa8a2fd5cfa77c0d226dc Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:58:37 +0000 Subject: [PATCH 44/55] Add omr-test-speed --- omr-test-speed | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100755 omr-test-speed diff --git a/omr-test-speed b/omr-test-speed new file mode 100755 index 0000000..fa95ff2 --- /dev/null +++ b/omr-test-speed @@ -0,0 +1,42 @@ +#!/bin/sh +# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : +INTERFACE="$1" + +echo "Select best test server..." +HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" +bestping="999" +for pinghost in $HOSTLST; do + domain=$(echo $pinghost | awk -F/ '{print $3}') + if [ -z "$INTERFACE" ]; then + ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) + else + ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) + fi + echo "host: $domain - ping: $ping" + if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then + bestping=$ping + HOST=$pinghost + fi +done + +[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" + +echo "Best server is $HOST, running test:" +trap : HUP INT TERM +if [ -z "$INTERFACE" ]; then + curl -4 $HOST >/dev/null || echo +else + domain=$(echo $HOST | awk -F/ '{print $3}') + hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') + if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then + for ip in $hostip; do + ipset add ss_rules_dst_bypass_all $ip + done + fi + curl -4 --interface $INTERFACE $HOST >/dev/null || echo + if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then + for ip in $hostip; do + ipset del ss_rules_dst_bypass_all $ip + done + fi +fi From 5023d5cf33a4381d85e0b2d804c552a1591f2834 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 24 Mar 2021 14:02:18 +0000 Subject: [PATCH 45/55] Fix --- omr-service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omr-service b/omr-service index 0711abc..6fe97bf 100755 --- a/omr-service +++ b/omr-service @@ -52,7 +52,7 @@ _lan_route() { while IFS=$"\n" read -r c; do vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then - echo "$c" | jq -c '.lanips[] //empty' | + echo "$c" | jq -c -r '.lanips[] //empty' | while IFS=$"\n" read -r d; do network=$(ipcalc -n $d | grep Network | awk '{print $2}') [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null From fd915dfbb974675fa7e7f38db7aa0ab08ea5abb2 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 25 Mar 2021 09:19:08 +0000 Subject: [PATCH 46/55] Update API version --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index a9c2151..6a3e7e2 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="db77dc0508bf14089a185cbf3b2c1aee5333b2d7" -OMR_ADMIN_BINARY_VERSION="0.3+20210315" +OMR_ADMIN_VERSION="2694612565aba58cc0a9bd2ad5d550aa4ef7bcf5" +OMR_ADMIN_BINARY_VERSION="0.3+20210325" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.35.1" From db95630ef98657da896dcdeefa212224b2ef9357 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 29 Mar 2021 14:32:39 +0000 Subject: [PATCH 47/55] Disable TLS from let's encrypt in China --- debian9-x86_64.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 6a3e7e2..a7f8d39 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -210,6 +210,7 @@ if [ "$CHINA" = "yes" ]; then git checkout master fi LOCALFILES="yes" + TLS="no" DIR="/usr/share/omr-server-git" else echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list From 950b704495a080ee65b4f39554aca34a97102916 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 14 Apr 2021 19:16:45 +0000 Subject: [PATCH 48/55] Update server API --- debian9-x86_64.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index a7f8d39..34e2969 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="2694612565aba58cc0a9bd2ad5d550aa4ef7bcf5" -OMR_ADMIN_BINARY_VERSION="0.3+20210325" +OMR_ADMIN_VERSION="b40c6b615eca1a7171d83e3a3f58c7d4d17e0fd5" +OMR_ADMIN_BINARY_VERSION="0.3+20210414" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.35.1" @@ -1295,7 +1295,7 @@ if [ "$update" = "0" ]; then echo 'Your glorytun key: ' echo $GLORYTUN_PASS if [ "$DSVPN" = "yes" ]; then - echo 'A Dead Simple VPN port: 65011' + echo 'A Dead Simple VPN port: 65401' echo 'A Dead Simple VPN key: ' echo $DSVPN_PASS fi @@ -1342,7 +1342,7 @@ if [ "$update" = "0" ]; then EOF if [ "$DSVPN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF - A Dead Simple VPN port: 65011 + A Dead Simple VPN port: 65401 A Dead Simple VPN key: ${DSVPN_PASS} EOF fi From 180a3fc0acc21e51b906ebde2f1dccf8139eb939 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 19 Apr 2021 19:15:43 +0000 Subject: [PATCH 49/55] Remove bad dsvpn ipv6 route --- omr-service | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/omr-service b/omr-service index 6fe97bf..ff51abe 100755 --- a/omr-service +++ b/omr-service @@ -40,6 +40,11 @@ _glorytun_tcp() { fi } +_dsvpn() { + [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null +} + + _omr_api() { [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { logger -t "OMR-Service" "Restart OMR-Admin" @@ -109,6 +114,7 @@ ip link add omr-bonding type bond 2>&1 >/dev/null while true; do _glorytun_udp _glorytun_tcp + _dsvpn _multipath _omr_api _lan_route From c39b07eaa57fdd0c86652b80f3b42ddadf5388f5 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 27 Apr 2021 08:24:10 +0000 Subject: [PATCH 50/55] Doesn't download each firewall file for update --- debian9-x86_64.sh | 53 ++++++++++++++++++++--------------------------- 1 file changed, 22 insertions(+), 31 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 34e2969..2d6ddf7 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1157,38 +1157,29 @@ if [ "$update" = "0" ]; then else # Update only needed firewall files if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/shorewall/interfaces ${VPSURL}${VPSPATH}/shorewall4/interfaces - wget -O /etc/shorewall/snat ${VPSURL}${VPSPATH}/shorewall4/snat - wget -O /etc/shorewall/stoppedrules ${VPSURL}${VPSPATH}/shorewall4/stoppedrules - wget -O /etc/shorewall/tcinterfaces ${VPSURL}${VPSPATH}/shorewall4/tcinterfaces - wget -O /etc/shorewall/shorewall.conf ${VPSURL}${VPSPATH}/shorewall4/shorewall.conf - wget -O /etc/shorewall/policy ${VPSURL}${VPSPATH}/shorewall4/policy - wget -O /etc/shorewall/params ${VPSURL}${VPSPATH}/shorewall4/params - wget -O /etc/shorewall/params.vpn ${VPSURL}${VPSPATH}/shorewall4/params.vpn - wget -O /etc/shorewall/params.net ${VPSURL}${VPSPATH}/shorewall4/params.net - wget -O /etc/shorewall6/params ${VPSURL}${VPSPATH}/shorewall6/params - wget -O /etc/shorewall6/params.net ${VPSURL}${VPSPATH}/shorewall6/params.net - wget -O /etc/shorewall6/params.vpn ${VPSURL}${VPSPATH}/shorewall6/params.vpn - wget -O /etc/shorewall6/interfaces ${VPSURL}${VPSPATH}/shorewall6/interfaces - wget -O /etc/shorewall6/stoppedrules ${VPSURL}${VPSPATH}/shorewall6/stoppedrules - wget -O /etc/shorewall6/snat ${VPSURL}${VPSPATH}/shorewall6/snat - else - cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces - cp ${DIR}/shorewall4/snat /etc/shorewall/snat - cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules - cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces - cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf - cp ${DIR}/shorewall4/policy /etc/shorewall/policy - cp ${DIR}/shorewall4/params /etc/shorewall/params - cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn - cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net - cp ${DIR}/shorewall6/params /etc/shorewall6/params - cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net - cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn - cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces - cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules - cp ${DIR}/shorewall6/snat /etc/shorewall6/snat + mkdir -p ${DIR} + wget -O ${DIR}/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz + wget -O ${DIR}/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz + mkdir -p ${DIR}/shorewall4 + tar xzvf ${DIR}/openmptcprouter-shorewall.tar.gz -C ${DIR}/shorewall4 + mkdir -p ${DIR}/shorewall6 + tar xzvf ${DIR}/openmptcprouter-shorewall6.tar.gz -C ${DIR}/shorewall6 fi + cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces + cp ${DIR}/shorewall4/snat /etc/shorewall/snat + cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules + cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces + cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf + cp ${DIR}/shorewall4/policy /etc/shorewall/policy + cp ${DIR}/shorewall4/params /etc/shorewall/params + cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn + cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net + cp ${DIR}/shorewall6/params /etc/shorewall6/params + cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net + cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn + cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces + cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules + cp ${DIR}/shorewall6/snat /etc/shorewall6/snat sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules From df637bb0c455c4a3bf8360d6eca0407cd68cf4c9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sat, 8 May 2021 06:46:40 +0000 Subject: [PATCH 51/55] Fix VPS update via web and update omr-test-speed --- debian/postinst | 3 ++- debian/rules | 4 ++-- debian9-x86_64.sh | 11 +++++++-- omr-test-speed | 51 ++++++++++++++++++++++++--------------- omr-test-speedv6 | 56 +++++++++++++++++++++++++++++++++++++++++++ omr-update | 11 +++++++++ omr-update.service.in | 9 ++++--- 7 files changed, 116 insertions(+), 29 deletions(-) mode change 100755 => 100644 omr-test-speed create mode 100644 omr-test-speedv6 create mode 100755 omr-update diff --git a/debian/postinst b/debian/postinst index bd08d7f..57ee50d 100644 --- a/debian/postinst +++ b/debian/postinst @@ -6,7 +6,8 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x . /usr/share/debconf/confmodule sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh -systemctl enable omr-update +systemctl daemon-reload +systemctl restart omr-update db_stop diff --git a/debian/rules b/debian/rules index d411dc4..9a69cc6 100755 --- a/debian/rules +++ b/debian/rules @@ -13,6 +13,6 @@ override_dh_auto_install: cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ - mkdir -p $(CURDIR)/debian/omr-server/lib/systemd/system - cp omr-update.service.in $(CURDIR)/debian/omr-server/lib/systemd/system/omr-update.service + mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin + touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 2d6ddf7..a75b4a4 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="b40c6b615eca1a7171d83e3a3f58c7d4d17e0fd5" -OMR_ADMIN_BINARY_VERSION="0.3+20210414" +OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c" +OMR_ADMIN_BINARY_VERSION="0.3+20210508" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.35.1" @@ -582,6 +582,12 @@ if systemctl -q is-active shadowsocks-libev-manager@manager; then systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1 fi +if [ "$LOCALFILES" = "no" ]; then + wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in +else + cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service +fi + # Install simple-obfs if [ "$OBFS" = "yes" ]; then echo "Install OBFS" @@ -1260,6 +1266,7 @@ fi if [ "$SOURCES" != "yes" ]; then apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true + rm -f /etc/openmtpcprouter-vps-admin/update-bin fi if [ "$update" = "0" ]; then diff --git a/omr-test-speed b/omr-test-speed old mode 100755 new mode 100644 index fa95ff2..863232f --- a/omr-test-speed +++ b/omr-test-speed @@ -1,30 +1,43 @@ #!/bin/sh # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -INTERFACE="$1" +OVH=false +if [ "$1" = "ovh" ]; then + OVH=true + INTERFACE="$2" +else + INTERFACE="$1" +fi -echo "Select best test server..." -HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" -bestping="999" -for pinghost in $HOSTLST; do - domain=$(echo $pinghost | awk -F/ '{print $3}') - if [ -z "$INTERFACE" ]; then - ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) - else - ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) - fi - echo "host: $domain - ping: $ping" - if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then - bestping=$ping - HOST=$pinghost - fi -done +[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && { + echo "You must use a real interface. You wan find them using 'ip a' for example" + exit 0 +} + +if [ "$OVH" = false ]; then + echo "Select best test server..." + HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" + bestping="9999" + for pinghost in $HOSTLST; do + domain=$(echo $pinghost | awk -F/ '{print $3}') + if [ -z "$INTERFACE" ]; then + ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) + else + ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) + fi + echo "host: $domain - ping: $ping" + if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then + bestping=$ping + HOST=$pinghost + fi + done +fi [ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" echo "Best server is $HOST, running test:" trap : HUP INT TERM if [ -z "$INTERFACE" ]; then - curl -4 $HOST >/dev/null || echo + curl -4 -o /dev/null $HOST || echo else domain=$(echo $HOST | awk -F/ '{print $3}') hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') @@ -33,7 +46,7 @@ else ipset add ss_rules_dst_bypass_all $ip done fi - curl -4 --interface $INTERFACE $HOST >/dev/null || echo + curl -4 -o /dev/null --interface $INTERFACE $HOST || echo if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then for ip in $hostip; do ipset del ss_rules_dst_bypass_all $ip diff --git a/omr-test-speedv6 b/omr-test-speedv6 new file mode 100644 index 0000000..ca3d64d --- /dev/null +++ b/omr-test-speedv6 @@ -0,0 +1,56 @@ +#!/bin/sh +# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : +OVH=false +if [ "$1" = "ovh" ]; then + OVH=true + INTERFACE="$2" +else + INTERFACE="$1" +fi + +[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && { + echo "You must use a real interface. You wan find them using 'ip a' for example" + exit 0 +} + + +if [ "$OVH" = false ]; then + echo "Select best test server..." + HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" + bestping="9999" + for pinghost in $HOSTLST; do + domain=$(echo $pinghost | awk -F/ '{print $3}') + if [ -z "$INTERFACE" ]; then + ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) + else + ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) + fi + echo "host: $domain - ping: $ping" + if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then + bestping=$ping + HOST=$pinghost + fi + done +fi + +[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" + +echo "Best server is $HOST, running test:" +trap : HUP INT TERM +if [ -z "$INTERFACE" ]; then + curl -6 $HOST >/dev/null || echo +else + domain=$(echo $HOST | awk -F/ '{print $3}') + hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') + if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then + for ip in $hostip; do + ipset add ss_rules6_dst_bypass_all $ip + done + fi + curl -6 --interface $INTERFACE $HOST >/dev/null || echo + if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then + for ip in $hostip; do + ipset del ss_rules6_dst_bypass_all $ip + done + fi +fi diff --git a/omr-update b/omr-update new file mode 100755 index 0000000..33b3fa6 --- /dev/null +++ b/omr-update @@ -0,0 +1,11 @@ +#!/bin/sh +if [ -f /etc/openmptcprouter-vps-admin/update ]; then + wget -O - http://www.openmptcprouter.com/server-test/debian10-x86_64.sh | sh + rm -f /etc/openmptcprouter-vps-admin/update + reboot +fi +if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then + LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh + rm -f /etc/openmptcprouter-vps-admin/update-bin + #reboot +fi diff --git a/omr-update.service.in b/omr-update.service.in index 1a21135..231803a 100644 --- a/omr-update.service.in +++ b/omr-update.service.in @@ -4,11 +4,10 @@ After=network.target network-online.target [Service] Type=simple -Restart=no -Environment="SOURCES=no" -Environment="REINSTALL=no" -Environment="LOCALFILES=yes" -ExecStart=/usr/share/omr-server/debian9-x86_64.sh +Restart=never +ExecStart=/usr/bin/omr-update +#ExecStart=/usr/share/omr-server/debian9-x86_64.sh +AmbientCapabilities= StandardOutput=file:/var/log/omr-update.log StandardError=file:/var/log/omr-update.log From 4b8a9432cd91f68f38d26ad56e33b170715cc0b4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 9 May 2021 08:35:34 +0000 Subject: [PATCH 52/55] Replace gitee by gitlab --- debian9-x86_64.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index a75b4a4..9e9b397 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -143,7 +143,8 @@ fi [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { echo "Update ${REPO} key" if [ "$CHINA" = "yes" ]; then - wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - + #wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - + wget -O - https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - else wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - fi @@ -188,7 +189,8 @@ if [ "$CHINA" = "yes" ]; then echo "Install git..." apt-get -y install git if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then - git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian + #git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian + git clone https://gitlab.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian fi cd /var/lib/openmptcprouter-vps-debian git pull @@ -200,7 +202,8 @@ if [ "$CHINA" = "yes" ]; then echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add - if [ ! -d /usr/share/omr-server-git ]; then - git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git + #git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git + git clone https://gitlab.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git fi cd /usr/share/omr-server-git git pull From a02b30624347dfc4d056c180c2f0300cff61a615 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 9 May 2021 08:35:55 +0000 Subject: [PATCH 53/55] Check wireguard ip --- omr-service | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/omr-service b/omr-service index ff51abe..d6d751d 100755 --- a/omr-service +++ b/omr-service @@ -44,6 +44,10 @@ _dsvpn() { [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null } +_wireguard() { + [ -n "$(ip a show dev wg0)" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null +} + _omr_api() { [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { @@ -115,6 +119,7 @@ while true; do _glorytun_udp _glorytun_tcp _dsvpn + _wireguard _multipath _omr_api _lan_route From c19bade451c2e9380edaf539f38208af962370b4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 8 Jun 2021 17:42:39 +0000 Subject: [PATCH 54/55] Add latest omr vps script changes --- debian/control | 4 ++-- debian9-x86_64.sh | 20 ++++++++++++++------ omr-service | 11 ++++++++++- openmptcprouter-shorewall.tar.gz | Bin 4106 -> 4136 bytes shadowsocks.conf | 3 +++ shorewall4/snat | 9 ++++++++- 6 files changed, 37 insertions(+), 10 deletions(-) diff --git a/debian/control b/debian/control index 0da3629..72af96a 100644 --- a/debian/control +++ b/debian/control @@ -17,8 +17,8 @@ Depends: unzip, tracebox, omr-iperf3, - omr-shadowsocks-libev (= 3.3.5-1), - omr-vps-admin (= 0.3+20210304), + omr-shadowsocks-libev (= 3.3.5-2), + omr-vps-admin (= 0.3+20210508), omr-simple-obfs, omr-mlvpn (= 3.0.0+20201216.git.2263bab), omr-glorytun (= 0.3.4-4), diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 9e9b397..99f120a 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -31,7 +31,7 @@ WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-no} NOINTERNET=${NOINTERNET:-no} REINSTALL=${REINSTALL:-yes} -SPEEDTEST=${SPEEDTEST:-no} +SPEEDTEST=${SPEEDTEST:-yes} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} KERNEL_VERSION="5.4.100" @@ -53,8 +53,8 @@ DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.35.1" V2RAY_PLUGIN_VERSION="4.35.1" EASYRSA_VERSION="3.0.6" -SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a" -SHADOWSOCKS_BINARY_VERSION="3.3.5-1" +SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead" +SHADOWSOCKS_BINARY_VERSION="3.3.5-2" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server-test" @@ -100,6 +100,13 @@ if [ "$ARCH" != "amd64" ]; then exit 1 fi +echo "Check virtualized environment" +VIRT="$(systemd-detect-virt 2>/dev/null || true)" +if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then + echo "Container are not supported: kernel can't be modified." + exit 1 +fi + # Check if DPKG is locked and for broken packages #dpkg -i /dev/zero 2>/dev/null #if [ "$?" -eq 2 ]; then @@ -269,6 +276,7 @@ else apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} fi fi + # Check if mptcp kernel is grub default kernel echo "Set MPTCP kernel as grub default..." if [ "$LOCALFILES" = "no" ]; then @@ -280,7 +288,7 @@ fi rm -f /etc/grub.d/30_os-prober bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_RELEASE} -sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null +[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null echo "Install tracebox OpenMPTCProuter edition" apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox @@ -1240,9 +1248,9 @@ if [ "$TLS" = "yes" ]; then fi if [ "$SPEEDTEST" = "yes" ]; then - if [ ! -f /usr/share/omr-server/speedtest/test.img ]; then + mkdir -p /usr/share/omr-server/speedtest + if [ ! -f /usr/share/omr-server/speedtest/test.img ] && [ "$(df /usr/share/omr-server/speedtest | awk '/[0-9]%/{print $(NF-2)}')" -gt 2000000 ]; then echo "Generate speedtest image..." - mkdir -p /usr/share/omr-server/speedtest dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576 echo "Done" fi diff --git a/omr-service b/omr-service index d6d751d..e1eaa5e 100755 --- a/omr-service +++ b/omr-service @@ -44,8 +44,15 @@ _dsvpn() { [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null } +_shadowsocks() { + [ -z "$(pgrep ss-server)" ] && { + logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks" + systemctl restart shadowsocks-libev-manager@manager + } +} + _wireguard() { - [ -n "$(ip a show dev wg0)" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null + [ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null } @@ -113,11 +120,13 @@ _openvpn_bonding() { fi } +sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null modprobe bonding 2>&1 >/dev/null ip link add omr-bonding type bond 2>&1 >/dev/null while true; do _glorytun_udp _glorytun_tcp + _shadowsocks _dsvpn _wireguard _multipath diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index f45840887cfcf10e3701975cb3de7fd86e8e40d0..356841434047882f570e6ccb2c8c8c84ccfd1e9a 100644 GIT binary patch delta 4121 zcmV+!5a#cSAgCaJABzY8l5?7100Zqje{-YAj`J`66kW;O+nKr~HpD+RdF9(9fNd@q zSis3<>#8VXlZ0B^_yA8fw>97Wq;9|%JL7pfcILf3lo?7k+fWXuv8n&z3oAu{@avy~8={zpA@Vv~$G`DrhVo~lBX!&`msx9iuX4Tl6`=z$G+U;^x zb&JqASgg0U)o7P{%hre6YR+e+s(iaVhR)WpPu2z>Yql>|71{Ay=YKFy{OG|O`|&=! z$#&R(;r|6*Xuso|5C__=&UvGW{=a=LRQ~@hVBPK|M-1di-VFdMO zA=5A>q1kBH{SF_iWFxgU8`VlMBe!5AuQ!PuY2KJj9*KwSLf zPqMc5upxHZ5D0+4o~rqG;s;QUva?dwLSba$Ctfg(p~C52VGpr=akCYx{cbW#hiOgPLt(-{NFh)r^z^E#o*f+$##m_6nELue}u5|3}F8yZ-25%wO<77MYU|rJh`W#Yf0u#$h!1$mACy498BWe0G|JA(kTfP%~am6HpRV zx@YM^41I~2OTaP@#+y8OkiqyqbZ-7JUnhM?;-oopD?wtRf&H3M{ z?*G3D+?cj2%CgnvX(B-X^EG2=ZD55O(lTGcRRt*ZC4z8H?6i>?%+iJ&v^;W+wZDgUKN&fO?XDy@!DB1leAp+yj>a z(PkvVJwye3nclF}zN(8^U?P_2D8>4?;iwMBp=e#>wPffzjb3TFqYl^T2Vft#6)A5Y z-K$hAr<+NR$)5w<1eF~>*dKFzS?yvI5&D)fGHXBC3hO;l(^eNyRlL$vd!WcGq@`%k z69t5---w!8K#X*M#}cLMB8{%x)^gS4aQ;Jr5i@*7Z#4JE)O;7g__yVPJuSdlg}0iI zYwG-yHw`8qFoL31y8>@AUeLM8Kpc<#MM7lVE=Y=3G9H4|ttDY5^Er%g>l{@1z+ye? z%lEz8H94$xxg4sD8O$Fk?|RDa#?*lb(M4Y6%mY|&(3Hi0L7msd?NDVG?@Sdr3Ku1& zNB7?3i1zvahI9Yy4BaRhvVO3+SbQu7`-IRISJ=$y#!2|)U|FXi!NIh zJyKz(?N;l5y!8+BSWY&1d_g_i9%RG0mxc?1K*h-e$;9r02st4uTirA!oCrYs@I1)| zi39F5sill8i0%=zm`+1F7?cH%Oxw+ii;E)n@iaiQDNgXzLXTx#bU6C73t3;j&u(Y2 z&4Q(@R{8x+ni{vZY%N$fJyvsj5=tL)`w8v?_=-%FvO8k@hTeSPJwj$bjYDwS(_jwg z33*DA#bv$z{QP{jss^5*K4bK8sc~md$!xm+yBi#r`c#`ZL?jmcj))1@3W3~-ToDb< ztIl1QKcFH2 zCJaj-_1V7;rr1}k?g5+MgWk8G?YE$VMzsBF&{Hkt7E=C0DgjFlFr+^GsW3PU}k~JKjU*XC`m(weMSiCu^sM}pVWQdhr3KRjI18WyX-BUHC zTmR%mbx3;aGe3^e@vtJg+qHX?`_apPi}BwPEp^1cp=)=U5V`~dmP1i0H5(mit(LB^ z)|zgaAl*@{4PyH>{BUITHnFK60sKmn;*Q`TIRjL!=18X7)5N~L!6IMXt+j98qk7DL zq18xW_zu{OL3A)CgY-C@66j-b9W8=A$#9g@X(9ow0cR?f@88Zu%f#idVuQM{*zc)* z*A$&W_vrl}cqyya=T%o;zW>7>h?cUB1#{>thH3(~TVKWzlz5R}|2=UZ{V-V6H3bZJ zB}FyqkF7Y=0HtecfnYd>JOT>jQmg5IJ;=Mb$r$2mf!!ZsST?`^1C!SH zGo0XZ;`4vL|08~h6Myy@CiujE$BnKu?fv{i&9VoDy7ALy6~K(c8NOQxhzU0lh+`uXnBxL-AUne6B=Wm0T7Z8RvX{c8?&UpQQQ0NgmFB(1fLdsOqjQ zS>S|Iu97AW&7sYBNSY#AF1R#SWDHGBahO1uDG-HWg1X=?4Q+(CJsFv-Ad%|~6dmtY zWJrh3FVtT(@g@e7AfxV@0=SztLx3ZNER&t;m@J5xyvTRDI0Ow>T2Z#jFDBTZOP?&N zik%}3%SnRJ#>xPzN9gU_~dLMdoec3b=p?_rdxPXa3ja?Xj`Me*{4p<3T{QKj3@Df!4zesS^EzcF&U?FNMB5rjw!t`yhmNw`Uy65=-T zq57-RZLH4S!feuM9!PyKYbfS`%FiQ6*xmfir<95&bu==2QId!2%y%>4O!cgYqEKl& z!#imB#fiw8%q9?jBeKOCXkwlOArVE>C|4wXwzBKF3av$-t57v(fG#%Tf1ha|(UuPf zaa;HQaP-?jn88XM=5oc)2ywUrh<}!gkgdixB)<(QY(t)JLpHY|TSa91f{_7^Z>P8pOoBE;2`TCVQ9q_+T;V$k zXe!`g*u#5#m=BW^W(2hafBM)kf4(2rj*;@i`|L%Pj~v%Hqkr`Vu*}~{sgjC61#uEC z7XIX*+kkh*f1$&^|I^|5hS0+2|3dZspSOY6_W!mDxj?~0{&XI|3snm6S55&6HgbU1 zK)!J^?s~m%+7w&d44YnW?4V1(_mf|rZcv<-IHxtXamqdo^!1#we;OOK*=K}yb77Pl zWZ5T!b~9j<8)WQLMZ2qSZ9e^$(eAoHw)vV%1+PFdKKvH|cfJ43x6AMU2z;wm#s9Z} zj03&OXLdTP5clr>0-%`QG|gunxEp z|2x0`$G0}W|J80*Z{L4-6Znev|9(Xisb2rCvj11Jf9gaIkoKqF=FEao`Y|+8236lc zWg+UTbN$zNXCGk8UgXYSWyxNX2^OE4`8(tEqDnq1sGx!hDyX1>3M#0ef(k0Apn?i2 XsGx!hDyX1>?+X71gZNS90C)fZ9&A2V delta 4091 zcmVpjn!AY~2E@G&mkIHJ!uMh* zA<2^;lLvq1osi^Z;gO@c8<3n^J?C}=?0)L&=18!~S?%~upmr>XwxVks$65N=6lIQ+ zWXt9_!_;kmos$gRgbRxv#+Gby)~#ZT!&>bp|AD+0#3wbAHxrqyO)o@s6`C{e~B{vb$ z2hUEx{gdQ5tmmdfz^y;{kIRS#g;U@thKrZTe|$>F2k|4}VfgEOv(+Z|FAyQTfQ#RLDVvsdJz=^&6~$0e4rNtZA?@zj-hPe1zzONh_Sq%`4gzD`V%jRJ>te>fw=g| zn`Uk8V?(U8ArJt8Jyr9s#PgvXWoNy{pSCh-DaR86ef7aju>BDU7g+HlH2Q_iTxeZ? zR`Zm0fdzuFE{0EH%7QeKPm|vh+TRb$2!)ZUm$?2ch6?q)!X9G#%99-JJD}&O0>5|8 z$G_^DObAglTQ>WGi025pfvJL3gJ8wIhiK*~SjbJECW{k@8xJ%0F+Pc)hdk&JQ2Zna zWN2-dd=FWMZi5K^<)`;{3pldG#Q7i7<@Y;*-kN^!SAc}zr_3b@ztVf z{3WK3kyl^BWO=Pg;XJC}hY*5-$1N1!+pAUZwXkp_cYeUwkFaa~$Mfyd`mcF@-mK#P zTfnaMAF~e{pM*H}9|Ib_KDm+a-p?Q|Bu^~5k-&qP2_ed3!AwaoipR^xM=wr)poG$8 z)kxsZq3*r+2w~+J!YD8$%LU}T5ab~a&%7j|ku?bk#(QuwO9;vs9p{i4g!4iJz)4LB zjXeRh_l2^f!OC0HY!QWzxhC@OG_$$H3ywMWo|il|)2k~{ubN-)i&j0i3 z{{Nf6jbS;0B$>SyO$6xwR!tw78(6-Ew9Hqq6>YOx=l$EmBAoe?m&3}~`TVcjr1yV$ z{+#c2d7S^vX1kjIZvkI%|JR@y{fi=(CwIGVJVQ-K|L$D9rij=pH z?o}$5)6FEuSRZqIS?yvI5eB9{HfldvGV47-RaX~KRk%_WYbZ-Aq$#V= z69t5#-3Y2uK#Vni+Z4p>B8?{B)^gRPF!&+Ch#5YkHwwH7HQ$9l`E9viPYZBX;jQN5 zni70+Xa4j9Mo`phSKv)13pzI$2$PAoNQk6a1xfKr#)F@_wIs}BK8F!*or5YLSgdD# z`M!UnOrsVe?tvL(BsW&~P4w4Ga25xicw&}f%1|Ni^ z16eQ^Ds&M>3HdM5?LbyS-EREkPQ&LooctEkwm#0n=p|VOBn;Mi379geYu!*5UA8QG zq{8amPUozD^AGb_PB(dcK|RYFX2ZFchVwj6#Ysca!0v(wIVCGw-83eg2tfPrJk17) z1MW1brHo97?h&+@PD45vltl}fcH0*h7e(%qnU7{uoZzX29!r{FbM$E!vc7zu-Ogg0 z1?!a67pUkSy_D*E=Vyn8Jbs^ICU+PaU(Wwqe5>1k!Ti77Iq!5@Jm&v=yHh>?e-qey z-h@$QmEYf_sc~n^)`E4@V>P!Yq4Y7gm*75tugF9xyCcSLuH`2n0K zftc_+CI(!~1ac>GMN~MG z_Aa-728ozyj}1rGAR&{b-klfM4xt@W?*^1GK^Yy?R6xbM{VQ}Mn^(G}*mu3w0Tlr- zU|0sI&;E5Vgn?}K4%qxY^u7sgzXcssqV8XVzGBL^kn$f=30QJ~Ar0V9fjKhRzY}hB&FX0(L#*tQrwHgASi3OlzM{&# z#wRywK+@ZodvT18hZWJ?uDzq&k6!*qjQ@^ksVxk2O})#6&?OkK90_8n+2}}XwRDBG z)^yVV>9%Zc5L>U|M`N?UiB0_o;8&UycLe*%DWGaKTQr=$Dh#X*7WwLKt$q6*)ng8S ztwsdHx4~|7qJc5#q|f1$Kp%_iXaVd=f}@m96A@^2I8(5E|8^#r1}=wX3)F?heqR|l zhF}kSNALf@OGz<5ue$Q`{U6p)Fy(bDn8QHU6$7xn#xjne#Erbh?}_v1h5n+U%3!!F zDT+aVEZL?8C|*+w1jEs#F;F0vT21SJLuQTytTB!F-VZJt^oL5w&+?O5IB{p?OQeJ5 z8M3MNGV;d4i)Lt#maUsI6&`tU0?L3T4Rz)_9BU|p2ch)w6BLZEtUC)^+dDc!LpqFe zkzkPfU;<+>2b&s$n3)O~M}v$g#>5zQ08^lAAxDz?!dSI?0j!M+ZYV<^T}7dPJDs?3 z!WO|Nqvb5|3)fRvaBE>=y}()~pG*{+-t{P=adj?fR^%-T*rOV9`f7K-fG7)qL2#PjfDe3CkpKJc(GBQaI;wwP$x!zIYat#E0~hQ^us&aAR_Br2tfl4oc&n4*7RHGHdA2%3TrCR z1t7`>)5l>Sv(7kHG*!`L;AD%#j1uFR17b9=j~RNPRGCDCU6j&tpi~o&3$Gl!_*GG%~wUl85WecQfHk^{j}ZP-!c} z+i3X3iO8DFCJ-ZkvVi@D^smtbmig-+Rs8;c^FW-0i-k8m=r-V8@&AlJXW#!hZ?&3y2cQ4*)%Sni2436$ z+bQG%1rzzF^MDp#r2v2C6rf-u2Y3zS8#m*w*ZZbTvBk}>>Gj4Ay7YTL`E`ARqF&;h z*4V}=`!vwkbINLL&}N?z+RcSgZjfc44BE|rQErg2PZjO1zP0&(^jk)|>jK&4Yc3VM z0?Fj?UjW?o{&%Zee*cGWbvjl2e+xJ+fB1}nePF`n9L#lUe&`h}kFt#1YEfE)3@^ZS3T&gS>Oy6x)z-xLz6;x0`1r=0KK?N05P(cM1R8T<$6;x0`1r>Z(_&YCMBK81y001LV57qzx diff --git a/shadowsocks.conf b/shadowsocks.conf index 302bbe0..5fb5da0 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -23,6 +23,8 @@ net.ipv4.tcp_tw_reuse = 1 #net.ipv4.tcp_tw_recycle = 0 # short FIN timeout net.ipv4.tcp_fin_timeout = 80 +# Increase max orphans +net.ipv4.tcp_max_orphans = 16384 # short keepalive time net.ipv4.tcp_keepalive_time = 7200 # outbound port range @@ -49,6 +51,7 @@ net.ipv4.tcp_congestion_control = cubic net.core.default_qdisc = fq # Default conntrack is too small net.netfilter.nf_conntrack_max = 131072 +net.netfilter.nf_conntrack_tcp_timeout_established = 86400 net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.default.log_martians = 0 diff --git a/shorewall4/snat b/shorewall4/snat index a240a09..8435e40 100644 --- a/shorewall4/snat +++ b/shorewall4/snat @@ -15,7 +15,14 @@ ########################################################################################################################################### #ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY # -MASQUERADE 10.255.0.0/16,\ +MASQUERADE 10.255.247.0/24,\ + 10.255.248.0/24,\ + 10.255.250.0/24,\ + 10.255.251.0/24,\ + 10.255.252.0/24,\ + 10.255.253.0/24,\ + 10.255.254.0/24,\ + 10.255.255.0/24,\ 169.254.0.0/16,\ 172.16.0.0/12,\ 192.168.0.0/16 $NET_IFACE From 33cf1b4718ad8ff70e1b0f6a451a4906808e0fe9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 14 Jun 2021 05:46:38 +0000 Subject: [PATCH 55/55] Update to 0.1026 --- debian/changelog | 6 ++++++ debian9-x86_64.sh | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 33cf21b..12a86ee 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +omr-server (0.1026) unstable; urgency=medium + + * Many changes + + -- OpenMPTCProuter Mon, 14 Jun 2021 07:43:42 +0200 + omr-server (0.1025-test) unstable; urgency=medium * Wireguard support and fixed diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 99f120a..098148c 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -62,7 +62,7 @@ VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} -OMR_VERSION="0.1025-test" +OMR_VERSION="0.1026" DIR=$( pwd ) #"