From c0a99de20c167332f1435106e30324f498dcb7c9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 22 Dec 2020 11:32:08 +0000
Subject: [PATCH 01/55] Add openvpn-bonding

---
 openvpn-bonding1.conf | 17 +++++++++++++++++
 openvpn-bonding2.conf | 17 +++++++++++++++++
 openvpn-bonding3.conf | 17 +++++++++++++++++
 openvpn-bonding4.conf | 17 +++++++++++++++++
 openvpn-bonding5.conf | 17 +++++++++++++++++
 openvpn-bonding6.conf | 17 +++++++++++++++++
 openvpn-bonding7.conf | 17 +++++++++++++++++
 openvpn-bonding8.conf | 17 +++++++++++++++++
 8 files changed, 136 insertions(+)
 create mode 100644 openvpn-bonding1.conf
 create mode 100644 openvpn-bonding2.conf
 create mode 100644 openvpn-bonding3.conf
 create mode 100644 openvpn-bonding4.conf
 create mode 100644 openvpn-bonding5.conf
 create mode 100644 openvpn-bonding6.conf
 create mode 100644 openvpn-bonding7.conf
 create mode 100644 openvpn-bonding8.conf

diff --git a/openvpn-bonding1.conf b/openvpn-bonding1.conf
new file mode 100644
index 0000000..d675d34
--- /dev/null
+++ b/openvpn-bonding1.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding1
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65351
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding2.conf b/openvpn-bonding2.conf
new file mode 100644
index 0000000..8920940
--- /dev/null
+++ b/openvpn-bonding2.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding2
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65352
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding3.conf b/openvpn-bonding3.conf
new file mode 100644
index 0000000..b04099e
--- /dev/null
+++ b/openvpn-bonding3.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding3
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65353
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding4.conf b/openvpn-bonding4.conf
new file mode 100644
index 0000000..d977b4e
--- /dev/null
+++ b/openvpn-bonding4.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding4
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65354
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding5.conf b/openvpn-bonding5.conf
new file mode 100644
index 0000000..e5866b4
--- /dev/null
+++ b/openvpn-bonding5.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding5
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65355
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding6.conf b/openvpn-bonding6.conf
new file mode 100644
index 0000000..fb9ad29
--- /dev/null
+++ b/openvpn-bonding6.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding6
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65356
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding7.conf b/openvpn-bonding7.conf
new file mode 100644
index 0000000..f197366
--- /dev/null
+++ b/openvpn-bonding7.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding7
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65357
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding8.conf b/openvpn-bonding8.conf
new file mode 100644
index 0000000..2e6d7a6
--- /dev/null
+++ b/openvpn-bonding8.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding8
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65358
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server

From e87ff9af8e9bec07a7db6e77ca8c6a6c2b7fcc68 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 6 Jan 2021 07:53:55 +0000
Subject: [PATCH 02/55] Update kernel, API and latest glorytun udp fix

---
 debian9-x86_64.sh    | 17 +++++++++++------
 glorytun-udp-post.sh |  3 ++-
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 1e8a1d3..e2ee6ef 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -15,7 +15,7 @@ OBFS=${OBFS:-yes}
 V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes}
 V2RAY=${V2RAY:-yes}
 V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")}
-UPDATE_O7S=${UPDATE_OS:-yes}
+UPDATE_OS=${UPDATE_OS:-yes}
 UPDATE=${UPDATE:-yes}
 TLS=${TLS:-yes}
 OMR_ADMIN=${OMR_ADMIN:-yes}
@@ -32,15 +32,15 @@ NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.81"
-KERNEL_PACKAGE_VERSION="1.15+9d3f35b"
+KERNEL_VERSION="5.4.86"
+KERNEL_PACKAGE_VERSION="1.16+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="a3ffef1222177bb48d3de121c5be9159bdfaeb7a"
+OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 V2RAY_VERSION="4.31.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"
@@ -51,7 +51,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com
 VPSPATH="server"
 VPSURL="https://www.openmptcprouter.com/"
 
-OMR_VERSION="0.1023"
+OMR_VERSION="0.1025-test"
 
 DIR=$( pwd )
 #"
@@ -568,8 +568,10 @@ fi
 
 if [ "$V2RAY" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
-	rm -f /etc/systemd/system/v2ray.service
 	wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+	if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then
+		wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service
+	fi
 	dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	if [ ! -f /etc/v2ray/v2ray-server.json ]; then
@@ -578,6 +580,9 @@ if [ "$V2RAY" = "yes" ]; then
 		rm /etc/v2ray/config.json
 		ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	fi
+	if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
+		mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
+	fi
 	systemctl daemon-reload
 	systemctl enable v2ray.service
 fi
diff --git a/glorytun-udp-post.sh b/glorytun-udp-post.sh
index 2c1dc40..51a20f0 100644
--- a/glorytun-udp-post.sh
+++ b/glorytun-udp-post.sh
@@ -13,4 +13,5 @@ done
 	ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
 }
 tc qdisc replace dev $INTF root cake
-ip link set $INTF txqlen 100
\ No newline at end of file
+ip link set $INTF txqlen 100
+glorytun set dev gt-udp-tun0 kxtimeout 7d 2>&1 >/dev/null
\ No newline at end of file

From 5cf11f2650bb3400a1673e2f20451e3f40e2d224 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 2 Mar 2021 08:52:33 +0000
Subject: [PATCH 03/55] Server scripts update

---
 debian9-x86_64.sh                 |  92 ++++++++++++++++++++++++------
 dsvpn-run                         |   2 +-
 dsvpn0-config                     |   1 +
 glorytun-tcp-run                  |   2 +-
 glorytun-udp-run                  |   5 +-
 omr-admin.service.in              |   2 +-
 omr-service                       |  29 +++++-----
 openmptcprouter-shorewall.tar.gz  | Bin 4076 -> 4080 bytes
 openmptcprouter-shorewall6.tar.gz | Bin 3809 -> 3780 bytes
 shorewall4/policy                 |   4 +-
 shorewall6/policy                 |   4 +-
 tun0.glorytun                     |   1 +
 tun0.glorytun-udp                 |   2 +
 v2ray-server.json                 |   2 +-
 14 files changed, 104 insertions(+), 42 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index e2ee6ef..84ef712 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -32,23 +32,23 @@ NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.86"
-KERNEL_PACKAGE_VERSION="1.16+9d3f35b"
+KERNEL_VERSION="5.4.100"
+KERNEL_PACKAGE_VERSION="1.18+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba"
+OMR_ADMIN_VERSION="376322a61dc53e671e7e3c7eaaf6645c0537a9d3"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
-V2RAY_VERSION="4.31.0"
+V2RAY_VERSION="4.34.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
-VPSPATH="server"
+VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
 
 OMR_VERSION="0.1025-test"
@@ -167,11 +167,9 @@ Pin-Priority: 1001
 EOF
 wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
 
-# Install mptcp kernel and shadowsocks
-echo "Install mptcp kernel and shadowsocks..."
-apt-get update
-sleep 2
-apt-get -y install dirmngr patch
+# Add buster-backports repo
+echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/buster-backports.list
+
 #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
 if [ "$ID" = "debian" ]; then
 	if [ "$VERSION_ID" = "9" ]; then
@@ -182,8 +180,12 @@ elif [ "$ID" = "ubuntu" ]; then
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
 fi
+# Install mptcp kernel and shadowsocks
+echo "Install mptcp kernel and shadowsocks..."
 apt-get update
 sleep 2
+apt-get -y install dirmngr patch
+
 wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
 wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
 # Rename bzImage to vmlinuz, needed when custom kernel was used
@@ -400,6 +402,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	mkdir -p /var/opt/openmptcprouter
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
+		wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in
 		wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
 		cd /tmp
 		unzip -q -o openmptcprouter-vps-admin.zip
@@ -427,6 +430,10 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 		}
 		chmod u+x /usr/local/bin/omr-admin.py
+		#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
+		[ "$(ip -6 a)" != "" ] && {
+			systemctl enable omr-admin-ipv6.service
+		}
 		systemctl enable omr-admin.service
 		rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
 	else
@@ -580,6 +587,8 @@ if [ "$V2RAY" = "yes" ]; then
 		rm /etc/v2ray/config.json
 		ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	fi
+	sed -i 's:debug:warning:' /etc/v2ray/v2ray-server.json
+	rm -f /tmp/v2rayError.log
 	if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
 		mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
 	fi
@@ -644,10 +653,6 @@ if [ "$MLVPN" = "yes" ]; then
 	systemctl enable systemd-networkd.service
 	echo "install mlvpn done"
 fi
-if systemctl -q is-active openvpn-server@tun0.service; then
-	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
-	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
-fi
 if systemctl -q is-active ubond@ubond0.service; then
 	systemctl -q stop ubond@ubond0 > /dev/null 2>&1
 	systemctl -q disable ubond@ubond0 > /dev/null 2>&1
@@ -703,6 +708,32 @@ if [ "$UBOND" = "yes" ]; then
 	systemctl enable systemd-networkd.service
 	echo "install ubond done"
 fi
+
+if systemctl -q is-active wg-quick@wg0.service; then
+	systemctl -q stop wg-quick@wg0 > /dev/null 2>&1
+	systemctl -q disable wg-quick@wg0 > /dev/null 2>&1
+fi
+
+if [ "$WIREGUARD" = "yes" ]; then
+	echo "Install WireGuard"
+	rm -f /var/lib/dpkg/lock
+	rm -f /var/lib/dpkg/lock-frontend
+	apt-get --no-install-recommends -y wireguard-tools
+	if [ ! -f /etc/wireguard/wg0.conf ]; then
+		cd /etc/wireguard
+		umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key
+		cat > /etc/wireguard/wg0.conf <<-EOF
+		[Interface]
+		PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n")
+		ListenPort = 65311
+		Address = 10.255.247.1/24
+		SaveConfig = true
+		EOF
+	fi
+	systemctl enable wg-quick@wg0
+	echo "Install wireguard done"
+fi
+
 if systemctl -q is-active openvpn-server@tun0.service; then
 	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
 	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
@@ -974,6 +1005,14 @@ else
 fi
 chmod 755 /usr/local/bin/multipath
 
+# Add omr-test-speed utility
+if [ "$LOCALFILES" = "no" ]; then
+	wget -O /usr/local/bin/omr-test-speed ${VPSURL}${VPSPATH}/omr-test-speed
+else
+	cp ${DIR}/omr-test-speed /usr/local/bin/omr-test-speed
+fi
+chmod 755 /usr/local/bin/omr-test-speed
+
 # Add OpenMPTCProuter service
 if [ "$LOCALFILES" = "no" ]; then
 	wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service
@@ -1094,6 +1133,12 @@ if [ "$TLS" = "yes" ]; then
 			systemctl -q restart shorewall
 			~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null
 			set -e
+			if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then
+				rm -f /etc/openmptcprouter-vps-admin/cert.pem
+				ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer /etc/openmptcprouter-vps-admin/cert.pem
+				rm -f /etc/openmptcprouter-vps-admin/key.pem
+				ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.key /etc/openmptcprouter-vps-admin/key.pem
+			fi
 #			mkdir -p /etc/ssl/v2ray
 #			ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key
 #			ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer
@@ -1227,6 +1272,7 @@ if [ "$update" = "0" ]; then
 		Your OpenMPTCProuter Server username: openmptcprouter
 		EOF
 	fi
+	systemctl -q restart sshd
 else
 	echo '===================================================================================='
 	echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !"
@@ -1276,6 +1322,11 @@ else
 		systemctl -q restart openvpn@tun1
 		echo 'done'
 	fi
+	if [ "$WIREGUARD" = "yes" ]; then
+		echo 'Restarting WireGuard'
+		systemctl -q restart wg-quick@wg0
+		echo 'done'
+	fi
 	if [ "$OMR_ADMIN" = "yes" ]; then
 		echo 'Restarting OpenMPTCProuter VPS admin'
 		systemctl -q restart omr-admin
@@ -1293,16 +1344,14 @@ else
 			echo 'openmptcprouter'
 			echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
 			echo '===================================================================================='
+		else
+			echo '!!! Keys are in /root/openmptcprouter_config.txt !!!'
 		fi
 	fi
 	if [ "$VPS_CERT" = "0" ]; then
 		echo 'No working domain detected, not able to generate certificate for v2ray.'
 		echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.'
 	fi
-	echo 'Restarting shorewall...'
-	systemctl -q restart shorewall
-	systemctl -q restart shorewall6
-	echo 'done'
 	echo 'Apply latest sysctl...'
 	sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1
 	echo 'done'
@@ -1317,4 +1366,11 @@ else
 #		done
 #	fi
 	echo 'done'
+	echo 'Restarting shorewall...'
+	systemctl -q restart shorewall
+	systemctl -q restart shorewall6
+	echo 'done'
+	echo '===================================================================================='
+	echo '\033[1m  /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m'
+	echo '===================================================================================='
 fi
diff --git a/dsvpn-run b/dsvpn-run
index e4000c2..f4a2a5d 100644
--- a/dsvpn-run
+++ b/dsvpn-run
@@ -12,7 +12,7 @@ fi
 exec dsvpn \
 	${MODE} \
 	"$1".key \
-	auto \
+	${HOST:-auto} \
 	${PORT} \
 	${DEV} \
 	${LOCALTUNIP} \
diff --git a/dsvpn0-config b/dsvpn0-config
index 933e98b..647f160 100644
--- a/dsvpn0-config
+++ b/dsvpn0-config
@@ -1,4 +1,5 @@
 PORT=65401
+HOST=0.0.0.0
 DEV=dsvpn0
 MODE=server
 LOCALTUNIP=10.255.251.1
diff --git a/glorytun-tcp-run b/glorytun-tcp-run
index 9ccbee6..0572861 100644
--- a/glorytun-tcp-run
+++ b/glorytun-tcp-run
@@ -9,7 +9,7 @@ fi
 
 . "$(readlink -f "$1")"
 
-DEV="gt${HOST:+c}-$(basename "$1")"
+DEV="gt-$(basename "$1")"
 
 exec glorytun-tcp \
 	${SERVER:+listener} \
diff --git a/glorytun-udp-run b/glorytun-udp-run
index 9aeb930..fb66c92 100644
--- a/glorytun-udp-run
+++ b/glorytun-udp-run
@@ -9,11 +9,10 @@ fi
 
 . "$(readlink -f "$1")"
 
-DEV="gt${HOST:+c}-udp-$(basename "$1")"
+DEV="gt-udp-$(basename "$1")"
 
 exec glorytun \
-	bind from addr $BIND port $BIND_PORT \
+	bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \
 	keyfile "$1".key \
 	${DEV:+dev "$DEV"} \
-	${HOST:+to addr "$HOST" port "$PORT"} \
 	${OPTIONS:+$OPTIONS}
diff --git a/omr-admin.service.in b/omr-admin.service.in
index d76318a..ba30724 100644
--- a/omr-admin.service.in
+++ b/omr-admin.service.in
@@ -6,7 +6,7 @@ After=network.target network-online.target
 Type=simple
 Restart=always
 ExecStart=/usr/local/bin/omr-admin.py
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
 
 [Install]
 WantedBy=multi-user.target
diff --git a/omr-service b/omr-service
index 1aa788f..4b8e54d 100755
--- a/omr-service
+++ b/omr-service
@@ -30,7 +30,10 @@ _glorytun_tcp() {
 		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
 	done
 	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
-		if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then
+		localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
+		[ -z "$localip" ] && localip="10.255.255.1"
+		remoteip="$(echo $localip | sed 's/\.1/\.2/')"
+		if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then
 			logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
 			systemctl restart glorytun-tcp@tun0
 		fi
@@ -66,9 +69,9 @@ _gre_tunnels() {
 			iface="$(basename $intf)"
 			if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
 				ip tunnel del $iface 2>&1 >/dev/null
-				ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR
-				ip link set $iface up
-				ip addr add $LOCALIP dev $iface
+				ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null
+				ip link set $iface up 2>&1 >/dev/null
+				ip addr add $LOCALIP dev $iface 2>&1 >/dev/null
 				ip route add $NETWORK dev $iface 2>&1 >/dev/null
 			fi
 		fi
@@ -77,23 +80,23 @@ _gre_tunnels() {
 
 _openvpn_bonding() {
 	if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
-		echo 0 > /sys/class/net/omr-bonding/bonding/mode
+		echo 0 > /sys/class/net/omr-bonding/bonding/mode 2>&1 >/dev/null
 		ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding1 up
+		ip link set ovpnbonding1 up 2>&1 >/dev/null
 		ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding2 up
+		ip link set ovpnbonding2 up 2>&1 >/dev/null
 		ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding3 up
+		ip link set ovpnbonding3 up 2>&1 >/dev/null
 		ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding4 up
+		ip link set ovpnbonding4 up 2>&1 >/dev/null
 		ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding5 up
+		ip link set ovpnbonding5 up 2>&1 >/dev/null
 		ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding6 up
+		ip link set ovpnbonding6 up 2>&1 >/dev/null
 		ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding7 up
+		ip link set ovpnbonding7 up 2>&1 >/dev/null
 		ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding8 up
+		ip link set ovpnbonding8 up 2>&1 >/dev/null
 		ip link set omr-bonding up mtu 1440 2>&1 >/dev/null
 		ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null
 		ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null
diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index dbbaefbae4907faea3d9be6dd77f680a5a4cbb83..b7120120fce994d29ba0944d3beb4d99a80aeecf 100644
GIT binary patch
delta 4068
zcmV<A4;%38AMhW4ABzY8RCXy~00ZqD?Q)~YasQ&Hn6jPRZpHevB%hs9E*OwRjDQ1V
zpRZCyVF}yRNuU5)pL4bEp6(ey2+6BWR`Mnn+PeaJdb+1)db)dHU=sL#96FO<-W?7a
z0Nr+*9s!ES<~f`<&(53eR=d$XJAc<`Hrw6qJJL8{n=)8`MzIqT@-7U5_;Yl-%Kt~<
zxN=O)ryz8no!N|3tEBG6lX{e5>XXzyDoEK6LgM)kK{$6}FYt+TA1q_y0)^*BP(tD-
zFCq`#%snOX%fcl`bH^tcw`#`i2-yA5*NhQwk+aJ2n?U857c5y*IgT^6u^~ttCrYNp
zak`;d8Yk+1ngJIkJ&aAs;LKau5{8w^58eYg;m4LXloVYuO!CJ+65AFm+v1IZWHAEU
z=106L@-`!?2-fA3J6pKnr2~C1buM*{t8(~nIbCqgM&tWN<p<ZFdJk#+zNK$geux*V
zn(<`8wVH)$!?V`eW<7&93lh(p7rF8uYZqtDb<WLy^H#A*vLS4;_QJ_}#csEIUZ|)_
z)|IT8wrXzH_ucs33!<tY6<T;!<f7}_x@55^_6fB7tWeeDRcW(o<oIr(?VWD7SXJI4
zH1Zbft?e|r#ojX2(YBiYyim2-EsmkJb?oD{!N;22i&aH-{Mz~N`LP>5I1@M8hd0>{
zJN$ott8spY{{OsjcGhh-n&|(#XN}VTzXh!O|Br4Mp<i#;8l*~0XTF%ZM9xfv^ue<e
zaQ`HJ4yu{y5OC`c-s3W)L7@g5g<$a#dXG;rc`tk*Eg1f4tI=$e`xl51Zcd=(I&&IX
zEDRho?>=<G7lJV)bX^h!5Am}Tx_>4w!IDgWAe4me)Qce6+%IF7crgLbS`R{~KM!Cw
zydY}nPu-A;f#%I45<Jk0fjTCN8%0nyaD6v)W<+1!&%6m#R=kPpM=o(9vOrw)<WAGJ
z_OT&m(hvxMz@Do4XX1KLj<VBUYt@>mw1nd+fxde0#Mu6j1PiSA0UG^6W)8G2ty!ag
zU0{MBtc&537!ogzq+0xIO#Ay`8KN*Ubz{eyMNpx-SJ*>rUwM+FeFyX`RcP&<^YPD`
zDiK0t)sl=pFW@<XremsLRv=h$ClJkS84J1T(`0c9apPg;JVvJ>^pFcZ0*asdK{Q{6
z57B7^Lp^b6QLj<?xbV5hxEe40KXF`tMw4<#i@~=ulI;}p8T`Il|8u;j(dTMDhHiBU
zGvYP5!91+q2M}lc$1N1!+I5w%2Us|vGe2PLN7%LgYqi>i^<M*$finKT1?*b?G5etL
ziH{=h(WlYtqZ4}0{S4wl{KTRg@m+|S5TaZb%;XrOc(i<cbfXwbC|z2O_|6=E>fXDL
z5LTWci~>`#TtLnXK_24p%#C9jS>u3Uya)fYgrJPkaSoY5FwZpr{MVGw*yBTcUnn~o
ztlTxt7Gdz1X(IhfGn-4i;Fxpox$#pYxw;Z~)9N+P8nspjVtNCQoun*@3%zyMA3jW)
z7tQbU%*p#gPp;x4WHFN<oPJ<`@^cY}V<%KTJ59q7OOaft87*fqC<!XvvveVXzQoMM
zW0?ozO`aUcU|bivH}s%0{Y(_<$#DhcxL4KLbGVgNK^cn@VP;i>1{F~dcfR$U_<w@c
zKpalS4*w4kpj*8E*Xf*<{{Jl?OKqtG{MM~0;jQ5<yzb8Vf4({Y&&&IN|8D{}x@q&G
zX!M#i5upE@6>Vf}U|SWWWxj%~XdC4c@P8f_!OWYy99G88=YQSCyJj2Lf#<Dmw}tb+
z(P)?R|1IDP?*Ho4M9O==<-Olm@BK0_vj6+O$Lv8ZNdceNk{sxoA`5q`YegFnMY@rc
z^jaRt*5%dMFs%yS(ahI>C9vjMyXFN!(ya}$hv#in1uQAndWGy2nME{Ck35KmrqesJ
z9Q~n}FmHwu>1&Fj-OB19?TgVEy68$G3J*F1AC99xhV(Z{fKDjR|8O}w<fA_dJN$pU
z-7fC`0P<Gp|K9?>!2cU)B46wNPvPvmi~+yn7(hMA-b27Qf^@HcQ09RPfoL-l;U1zK
zzDTbb@<3MkG%yi^x1@Z1+;CKf<A^t|@mkPSl}4|m+>%FY^h2-@+=`U7kM32<m($H8
z$K*c)+ys>#-<uyYd{OOu6A=c6Hr6XYm=fzfUQt#TP?f(@WOFEqE2JSQ&=Wa?tlsd7
zoI{LN%ix9UJdG-U-BvQy#K8Y9#)ug_qc`&12{qq^H~D3`U{4EhR^hGY<BIHmbY|Z4
zJw{N}YFFTmCkr|^8Ss;dyNHRXnmI|)O2&hixV1P)Wj+TXZk>ZF?^&#8eR<NqU6aFF
zm&u{Z=$`*bdDjzmH@XT$h|cpWW*)$LgQh4B>bx#)hbp^&c&Dm}VX!DLJ-T<MN3_rX
z8Tf9khVGjzLiZzh8RjBqK|+4-(weg%n7Y#%b&ynWI&hmqw@vSDH25GS8OWTuP@#(;
zjLBa}w*y%Tb-U4%GYy`jVDd{u+xj>Q!k2jIlfYl=C1A>=u609EbkVZtkqWDJJDs!6
zzs+Mg-Q@9q8TCwam=5P&8s2KPs5o&b=-6ElA*W<ztDDAz69H%+o~P*`aloA>wUm(o
z(LIC~(`iTtgR*EM({B6X;v&y|GV{=E@)JC<&|^{MEsj3zLe`fj>Fq4GS+Gi3eTIte
z(Mzblb$)he$l`YmGr7aa_<a7~Y&E+b%>Ub+^G>IK*~0w4)$Wwf|K9}mo;P7sS>^XP
zNow5LvbA8{^jOX9Nhp2H?Z&td;0rQQ%I=8q8#(^Md4$Y<76st6XPyt|F?ovP#bv$z
z{QO*7RRd2@pELTX(74)DJfH3V?gqytKGh@^;fVpiW1_>gL?Cw}S44p`aqn^~kcb)9
zShppA6%sN@?A^Ih<q+C2^=?231C-G~O&L_Y+rL6Ll5wS(vUS&M9#9bg9foCq`s`l^
zogYX>?|{wkL+=~V_FK?FA<F(W=*xz53n~90m4GD&7}5a#WSAp^{VQ>$z+wYdDVD8h
z1DoDV1bvcK$r=vNuW)6eipdo$-Yl6{&7K;6FvQ9(TNDAE18WyX-Io=qSO4gQbx3;a
zb2p06@vtJg+qHL;`O(WiMELKBmRkHkQ<b|^2wj2!%MmXWnvIUMQb|@=YfU$FkZwuF
z2C?}Xel#}vo7lvU0Dh%Oen+qu*8o+iSb}c%6@FlDu*g<-Ywg?js2+1@H3AsE1$Lu<
z5fzL{BYh611o~K9NAqA$A{@nJng~Fv!I_NZ`?oXR&~Z5|nV>E#_WSa{)_H5#J39Fd
zFGbn-wCc*sli$oCZ%FG{Fo%Jp$vR+r^<@-7i4(f@Ut{~x4ZKBNk-%_QQe>U}n36>e
zP`IWR2!^AHW1v7Tm5SPj%p3_=W9rd=z2{%n=?|5Von<GpVB*Y*mq-WA(<MXcrR4R6
z8_v)kO-nN*Dm-+f7?c4^8fwgU*yd0I4?^jqCny+SnRh0(ws&-dhIAO`BElf|!34%&
z4i+^AAvF~+jyf4pjDa!i0H#3KLbfRN`LSa4d{`Uj+)#=>x(WklI&q?yErL&fN6T64
z<*ui&;8ug!e1Wx0Hkl|kx$BWf<LX>g&Cp%sutyc-^u-d7z*>GBOJixh>040j>BGOl
z_%H#)fUz9HXc{n<Iw!zrj_AnZ#6Q5e8sPN=ZG^7{_P&c?*?jUFCauvYIKkz_r@x;3
z7QIBVJO2a|eCpyxSDN;I`mSPsn8RG%=xMVGU?#yF-z^04gY;J+VW2)!UrmdHOau)A
zf~*c$O1iqXsTb?99jZ_uingrV5R!RQV&N81CamZS$dRndCVyp0ss*QFn(X4+oY=j9
zULlg#J6DJie=SiySG*|;Hj9mnb2dMFM-b6Zll<T`3ukD;!jP9$+Y}6caKZ^!LE%UG
z$YeYOMdA$`TpBCVM!F(dOd!k@h{7;IZE%;GGRE7Uj7*e}$hL-(igzngq($c!>M!ef
z6N5<*QFlcG+)bAuz>z|h$xc;F7I;iv#5<KAfrcxsC|l_#9qiAhPZnj#%#fO4B|(Fs
z`aEO;)QM5fkiOjVhG;W?{qT-9h)6pZLeM}3XFpc2RqYnK&5&7u!kRL40f@4|^l{k7
ztTT>fRgqN*I9b9lrNlU9gBTU8BWVU$L?Rk3Nb@U|Ye~{=!?LZFh+|YadDqgkX(B}{
zr|HwWp=DT0p(&O+fZkkRHjQ}bACWySU?Nas8%93s2eboL0@gTx)>U0(O<|pAo8x|8
z{;Bs15`cS@>GpF<KDMNvY`pcajjdj{0pWQJA<}>=$u{}|ZqlZNxJ`T{|19+yt8+Uy
zn^c+yQXkA3iaDV4;}{ZlJA3mfp`uA0jm%CMXW=^a-Ap)BJuRXrRN74O78-tjBC;m4
z3B-s@{sx+uB|%7kL{W5L*|jBPU2S^!D3YOmf|0XQ0^N{dn(Doy7CEDTcx=L7YyA&%
z2b`HuLA#N~bQ&|9F;1H>HglRLvjB1W@D4lxuh=k8a-?8dD+EjS!AvF7gtc7K8EB$l
z9|EsKxtUGlTg|xUp;uIqRsLBrG@JDyz0_2xg+IOOVSKxPP7|7I@a|TU^P1q>(<M6f
z@P}Mmfn(BfVTAobcQa%wtb9r81y=JgUz%=dNEbNyvSeSyYN4|!kS%Gp;9sq=TE%RZ
zt=2Ky71(oMZW+W8y@Pa(3uK<$!2phlwSTcV=dNT6{dhW)Hm<dPpDi**ym_6LqA|1c
za@**C5k!zLaUNR6&iDV>{r~*_pLVC*|NSOVc>gcm^MjdmedI*{Sh}Gzb=|Mr{?jdY
z{``)U5e^?wLEP5;KOFsb5N5Cfhq+w-GeR8h0HWU;0@5q~N>*g+4mu5D<d0*?;6>n?
zylv5_HR{do>EA0Lr`f##TzegN4))e%s8)iyK-BjM8JGKH0h56a8h<}Y-wFA^ag7@N
zt2cmU_WDN|zkfdv#ld3XP7k^bcvt*yofY5zZ^2m^|K9>$+yC3i<pMbq`H%B}W~)pA
ze$OdD&PERK8pu~}#$B)XRhwe-n_-jdjU9B!_kObL>IOx%z&WY0jZ^w*pfBf?*4Us;
zKO?l83!~g1OTQ+xn|}eL+#qA0D%xG0Hor_W-T>ms;lBX5>;3O$xA^`~tJ&$4@&7I0
zxcK2S2G*UPL&$3NidV&3S+ufO479PeLRNC0NaLhm*~fS)s}%#s$;lUbzO}w3tOIVu
z|HkkCH9MQ%|LV5O`+si&U-16l&uAj$>)&Pe|7!M6oyY;w{#E4LoM|vhK88k$Agddw
zG(>%IuKybE^aE_^i`?0(Ea_`9-r{3BduN<plzD3jC6rJ?2_=+JLJ1|5P(leMlu$wm
WC6rJ?2_=;9P2pc@jbV`hcmM!e6ak(9

literal 4076
zcmV<I4-@boiwFP!E81TG1MM8`a-+!c{-URtvYor#iuGwpK0BpcFd&H-0SCxFU!{t|
z61J(6KmoKq=W5?Q-7|m?l2?0K$(vkg?+WPY>7JhH>F$AnN#Of&=uCe3=5Wve=(gMR
z2v9sW&*8jzcHV5a+Kukn`8SPbv)%1}LmCHcQwGZ@c0xkF34<X16y2`!|4}%u924^?
z2;FCAHY3$4sk`x{9;KN2B(;wUQuc$8c>Y5W&Yjo`eB#^(%b2)8;kgl%kod`q$b&a?
zPf7f;aLLi!@kz$5nsGY<c0cqrW5iqJtaAJ&P&wuWOV(75<4kRA2olGMl4)_AZfKUq
ziMnRMg-H)%Q!+U7R<?v;rSgOKKu-9vr41!Tmkg79`z^6;!Llvh7)TZ)ux)<Ct0HeR
zqKaT$KDo1n8(uol2UF)#*SIQ&|CZAQ*K9PtZ&ZG8{i*km*6&;TX61)?v8owQ7F?@Y
zs5U%noo&`Lc(Wk!ym^r;|FL#))?DY@JZ}}7BpbpeYcHIvSL}AX=Y@)@WL?RcX{+XD
zecz4my&$UkQK5xrMJ~F&txFb*VxK_E&k9vdUX?bhMvm_m+TQ7Qi&f<<LL+an-r7#1
zTkI`U9c`=W&kI$X-QpNpTgN_L8+@$Uy;xOb$1k1#o*%p6gEMiXeRz}Yu*3hi8s}%|
z|GVw;W~<X_q5to;8>Rn$3t0F6AKWlPzuvAjNR^n*d@*y0oS6vegJ&n;{z?2CR5Q~d
z;MO0!$7M)^LJc?y!Qv(K9-m_JPIymRF#Oe4quD0+FAyQzoIuNU<}|Wc7&vC$edvTQ
z1Y=0(x+Dr7;%6sx|3Y4ZC7D1d3Eim|LA1GF#xC(<0-m)VgiwDTz-)Ly)Y6~2Ar%A7
zn@1#gpceymOcXbYplsm!Zs^R2zPz7#6R50s6W5Pi;zVSDxai59rfuzGL(HTh5CDNa
zRr4>z^`IPOr@hvyHB)H`$5R4*_0Ea0{UHe!Sn)kH`i0CKXkA*fM!UcSL0A{VCov>m
z97(nK*O>PA!!kr+Wa`F_H;bS`b+538*uL^4NBa)wS*p<5JLlt{HB};n$f_k7eO|zG
z1Wm_O!K^^A;!Yr%*)kS#)2GSe6ynCi%z2DXL+BwFdIS_d^@C`>3?HJ?2!?v%(xP6Y
z@?qg~k8w3#`hVuQj3(uf7K3kRB-<(GGx&YA{-=0Pqfga*4BhGyX2ff9gLzoJ4<OF?
zk6S3dw(BZk53q1TXMVugkFaa~*J`y3>%YeNc^UuT1a__en0?Ur#7B|$=+o%+!3jO*
zeg<(Neqzy$_%6gu2vIHzW^#;CJX$_Jx={=zlrF7Cd}j`I@7+fTE6)%{fhk!oAm@c3
z4{><r#xaeoaX>KMga27VP{!yuhs+?D=NbV1Yf5PB@u9shlpPIL?wV$cFnG)~k$$C_
z%_UxN%(?g6_^FXxT?xEt^_pjmTB`#wy@AJ0QkKMp-n#1#A12L<=J$E#<XxdBSMd?D
zm`M;$-!u8S2*a@xDxaOEVTh$jF4T;cvlx^FmF`)(5J6vJ=Hju;gYhO$4rDN{3*8%f
z(3yTF3iaf;f^yue>g+k(%BrA@MTs!8szHN_D2O{>drtg6!D=85Cu4{IhX~Lu-v8@#
z&PxCP7LcX3)B%3&)|Bwp@D^To=lnn4od4(L{r@+C8{M>dQ8ao@nh4PU&5AZMHn6P<
z(lTGcR<w<B3HUz`i(uwWUJff`=l$Qt#{6$I%J}~#@EP}ib!sBzz2EZQ@2mHInHSmr
zecxmDpq8Y7&ud8zbWM?kyVbR#4TvJ$NJ@Gwk7VoeYHXNR1@CC)>k?S=tX=bhAnDcy
z*~9ZTssff2YrR7Dip(M!r$-({L(}uuI9BuyEk}Q_80XPYB7IF!v|Cvnq<u3QLzi7i
zMB$+ifG@|<A4B@PBv>3rIhAqz{}#gK?2wOsDeQ><?RLAk{|CrhW&D2&_>A~(pox5G
z_&<fS^D+nc1LpwLlk7bO_)3uO70V)SAraZkL~svT4qv3#40#}{e43aLgSVu7ecW(X
zhvSGhuJKyXRF!5gNx3DD*64>|AGj4QYaiXKmM^E9iH^yC2Dk|>J-##FXZWJp`6eO^
z3~j7eelR80d%U8oE}$xZrO4(`5?4q=QlKYt2wA=16*-3(tCqnF*LfOMx~*iYiGlxJ
zj2Tn#jNZt1C)9iw-sG3%f;}z5S%r@pjw`bN!I^o}cbGAuR=X0fc(R~#lL0@OxQm#G
zs+p4%tz<lSiCc?<ROWLK;?_y1@{Z+ttS?Xcw`+1(>oPf18Qt?ADerp1?nYOE2+?_7
z#mo~}Z_pIQL7msd?NDVG?^G2r3>F2ZNB7S3i1zuv0^hCG(0!9d=zah%!(8MnNXYM9
zT5}czQ+HaU4w4E^2X1rdw&}f%1|Nha1DP`yDs&NqG5IU$b|5REZZ~>zronR*On!-I
zTOVgZ_!2LD68LMq1WcLKwQeYiE?O2nQeo9@r*qc%-8`1lO&*_6&oqbWaPFnytyYVQ
z6NiG1-31YHN>;YIX-qf~fcD{enhp{N-032QGBO~#htOg=4e4M|7ENT@ZC_km<hf5~
z9-2*lf+rSwEUG*#ZSZL)vc5b?Z)dX2qE*W36I67MW<vF~^Rq)k7Qbtl$sI<<r}O`2
ztJ&>f{@?DLcRI}$=KrmBr`-SXCb0Ls38Ts?zrRUR<Ia|?CF`cgYHm+L={5&9#(f~4
zk%>}vM~vUd@fXe`WcITt0H;0kd^nHEQyecY>-Fd7=h~_oc!K(z(MN^G)t=({Z2xz+
zI4<$2Cb0-l4EP-rywM{O$eqX)QQ%D6yW9#SVum%=ZApcMOcHx{Zd5shc1*n+P{IIZ
zG*D9p74P=1(2ZnVX{K!5^_mA%1VD#j8K6G<*Fon8lF>V0^ZU^I2DJSabWn)0e+~Mw
zA>BgCe@G=@$pMBmfIk`L$YB3UTq&^FfK`fRE84)OH<Ll1WL2_;!}BX#nW$oN1&cRJ
z=2f$&1`M&X%N9jI=fK*9QTJs<>eW9uVI7j*`rM5obUdtx?so1SWq$PXPZ9n*qNNr;
z&{X9v6+)L_z;eV3g=VvRyU7Y`t?7mi(k;o@AU0pakH$uS6Px%Ez^^pP?+Ewe8lWl_
zOVI7U!Vk<17TM}<t$q6*)ng8=MgYUNz-~06f-z~N&*79nAB*c~9_&ekqnJz+0cbTi
zld*jNcE%ezE{7!()P==<Umn;xZw-4#C%@sPC>tMFU3q!(n>pkSX&npZFpxA^2W+pt
zj6x`JLbv{FY(Khzx2P);8171ntkWM;vZw(H*VF>Ra5QlY6v(AgQTvdYBLQnnJ-YY&
z%R2p`60)=GWEM=ES@9C-pn1AvD7}=tzHq}C+M{V{hD3#jZWMzuU`a!b`3~D0O5i~#
zee?tc<16#d#MbtXj?j<}<6J}-<UW|d7|g+<#vr7o0>)7%BZ@IFh8@5Z=vv4Yr9MAa
ztey{R<D45x(MMNd;7lh@6thL}>1a8Nz1;N_7TjtOn=i1I$tDxUCU-sZXk49(su{YA
z9QLS!oIYFP5m?KQV`(g{H+>6=J#G3Oj1Ln)3>eEHjHUr&sdEC1=7^3gPW%Ims{vk5
z&_?)LXz#lSmdz)>VbU6XgcDp&eEi$VZ_!H>yYr7Q!KW^6bf#(V$L}hJIn33Ko;Irh
zW)jTt-BKVwNPiU)2I@2Q)wDRsM9?50$m)Qlq^oP2da)kcp$rA0Xv?|{A(=NN7H$z`
z!iv6t9LcI|@>iy$T5u|+$u7Rli`@(86(V`PcZC@7*AnG(#hbEVv)ITuXY;dn1QGo-
z$q!DmaE2x<40&0#O~C*soNyHsex#2~#zRmf-mt-?u_A4xE0V<o!c2iE3=`A_cd033
zyzR-zL<xy(YbdFBw<1Mabbg`!vW_<~m;@1ZS0upQbQuC1DP)=KRK;Y0$K*x4Q~42S
zxYCNUm44E}{%rarS(eNUsTo!hG#IMSLnc6-808G<%Pnt+Hq#I9XoHBfb0Gu`RB-lV
z^;*?#q1z0Z1t_d3Ll=N33rrt}eat%JSXLETm4K5a3{y&sV>XCU!8(#=fJG#t(SkI;
zQn{8S-8L-ST8TJDm6LaEO`9fCv~rq0ts7c~wG^6SsRQWE^<~qDhyD@S;{qlEHMU{o
zvwlE3U?pIUV_nrn))dx>wmI(i<)3=LAOW~XnZABN$;X!Tla06jwXxOfHXuBYAw(K*
zCD}$_z)kv;5ML7*$v;cI#_HV8%_f!Rfz$`HhGGsV{Wyk%-Ok>8OQ>j4M<cTn##y*d
zeK!-%R8Na23Y9ifyoH9JpNOo<YyvSNlfQu`W=RkdQ4}3mc5Mk+SDPL_ie#vtVC1Zn
zKsRKVrh4zFMb79S9-HvjTK~h`0cR#u&~9WgoyH7jjMFBJ&77vmEI^z-yaNxwD>lrN
z94VOA3c-?nFjL7iVJ(+*2AU|?hrsJlZf4W?Rx_@7=oM9Dm4B8D&1QW_FEv$a;ZLu6
z7~ihbgytH&yOrd;CiwPriB3KIA=g&mm~>niVSmuwE7=MwUy^!()jZ6XGJ{?%aPnoz
zzM9oSXHy_s(rm%MT4S|}*(_VFW40@>=f2!Bh$DIj=^7WvJh_7b920B*VsXx0$rk$Y
zbS7<FYyCc3WQ=(8IxR(GX6NO$;r}9tAmco=jGg;`+5P|g{-1WI-2eY3P<a0{-SdN)
zbbaJR|6IDEGj-iB-2T%ocmDi=cmALcIm#4Co~`V9u0m_k=PFdqIiT~6_;1=rwB^H5
z+}8a+9Q}3_X0QT>xm^A;QXK98qTibW(kuQ-R%GiAIt^mvk7LQ;Mc|seZPTbV>do%y
zKPn)n*}VW<dmVQU_SR*nR)V@f)b|M)m-}P|jtWd>_M9A_o5MT+<D;EUpU`EG(xb{T
zQocJ$-wArpag7@Nt2cmU_WDm5zyCN8#ld3XP7k^bcvt*yofW_T&}x<6e|j5uZU1j4
zmkZ=f<Uh^>nyoSg_#>wPIU6~^Yd~MP8F#(j7j25oZ-z~-H+Ik^-+Rigs~Z&60_UX0
zHcsiMp+28eT4RGY{fyLZE{t-6Ed83)ZU&5UgN%KuYIk+o{4&jW1BfSw{{rN$_y3#S
z;`=|XW~Woe|F?kS;)m}TSa*63A*<CZUKMX;(aK&i(8ksZS;>7OkCT37A7iSlRty{`
zCtqm#+WMBT4!9BjE5HBO>}-Djt=lf||Gf!(#`}LiqluKS|CibStJyzwA_qwOlW()8
z!6^9{9w~yXZlKZ-_1U@pYrNAB@TD*EXRorPugQ3e5AE!m0raBGTT3XRgc3?9p@b4j
eD4~QBN+_X(5=tncgc3^l>hN!#D3<g9cmMz~cm87l

diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz
index 2f4dee49c8cd7be2a6734da76cc5f231add1b4f1..d5769fae4f168217f983a780a6bdd3be7bb4e23a 100644
GIT binary patch
literal 3780
zcmV;#4m<H5iwFQ<b}3*01MOUGbE8HQ-mmCaOv%1vx6ZQOEII3xE{9<xaYjG@*>UQs
zC@f){iUb^>b$na<->-Xk5klVeW><1@32m1IGt)giGd)lD41;FA=f$Bt`{mXCs0GwN
zIbq*G<?nX?wDYRnJ#C+KPFnr$>8n<|eRA4=MOu5*DW_Ew+aV#ZLf?-+Rqna`|5G}s
z9T4N*51j{lvFMXVgEXCZ){OF`<}9<28kQaUA#uH1KU~_e>wCn$@mDc%poHs0kVE2o
zHzK$0!Z{-GW8jeb()P$&Tq74(2YEjXRei#nq+2`KE7cBo!IV^m<2XZ|>H_6Bks2n)
zX}W5voT#a~$r<c(YEYdst|U_!*J?kwx8#tYn(CO!8r2Q*%{Rod1k*BkeMHTqfMxL$
zUJ-dKDO3~8vwLR|IN_NMZJ*m`n#wge{9nxjuH9;V*Q)*CcysqQ;~$#ZHuG&9tU2RZ
zz;)UswsE)9-R9GIqg3N*`)wir$K$u%_NL_aX{W4`qzl`k-Eg+a*zfmGON<IN&n4Bc
z6l0s;bK)D<j~ZT7(y&{WqG?ZcNf4C#1T^oKSPfpG+pLl8IVIhD{eGEMdZN<E4K}sy
zwfg1WGL*?voZhm;+U}Rf(0p?2<Bh>b&i>mqWAeS5`R{tM6W-c0C)$m?r|4Py@Ak_0
z-|trV|01-3|Kyz$Mu_Ss$1TzzhP@0H4v}&bAw$4*0^m>L2fvY<4gpNRb?;Uoa|y>F
zQSgJu(7n5l$!p;a>A>(eI<58zxp@Tt;1nt}9ec_AiivJx;ogLH_(;%$gpNZZ|2BTG
zL+5+)=&#5O97*WR-3WZm%_???8xz3SrXK?T(uX<mh)FAN?u4uwP;VI#|CZg1lqr#&
zD1y9^<2j+dAlm9?;m&|rc4v+kImC`gfN9aaGtYD#q9R7B2)I8G&zku?aa_p9y0c#E
z9JjODQi(?d`s%eEqy8cB17v&yN<Wf?4ccX#$E*tss0ew{c@mxS;)EW@zs9V;Z&x8!
zM&?dzyNd`I8at)0_v~wPi0Zrc=6RgZ*}3F{pH+ntLL|kc`j8j!8cEeKUNCClvbaO=
zX_i#TWHi5@1xMgWZWs1lbQA{AGtdD?(1Bnn^FjM4g#L4GFmQSoc$~is8-3S1X{^8m
z|DFlS`JZCj5yXFz0z0&qd&GXE=kUMX>6h@ob$Z&a@c$*~`S?Gv5Qb2E6uEaE!>@OC
z=-M|6K!*4}!8hVLfSLeOP6B6Aj5r>x?(Uo@h8$KdV<Vou1l}9x4uItWfE0w1RRFOM
zz&s%F!ii&st+7uK@m=q31+a|xxCGzeFAEC5gqjnEJ{~Ci$iy+YayHu*g#KOL6#6T3
zZfAJICG&gW#P_ZAE}i}ZHpx9dTCT#|4My_1+)r!#11~l6!}*&;cmY8$nma6rPd%Rl
z4AE*4gXZ88ZxSyMK?k8jaubJ=h$QzmI3~w|J_}vwAuq21bw}}A3hx*%B}I^@A|;7c
z97EORBmldY0IrI5LhEtdUmefjKdu1E@qe$^t?>UPC=YEI`u*P8RP@rc2JQXT@$CGE
z>+<~XSMlGAP~gK7_;J5=JiGtX>%3~8wA!7{X}8tsCh`ACHU2L_pRxa=F%zlweyY8n
zkM8{>D6;!~pM&ISO}^)X4{eHjFq$e$!u9%IR!2mpmsHN~rHN#oolkYctl=(9k(Zzi
z7Ks-Gs+qOh2l6?^AY%SxF;Q1FwCyn^Lsgd5D@hq;`c9_MjB`q49`q_RmhW}?FDjV(
z+6)R;i+yhWGkOO9Pfj{z{}07m75={jeFpyPXd+(=|3`3jTKRxKu@7KKvU3;kJ5hFE
zAV=YnBii;vc#xowUM{cd(nwPH%rOz2H#eRp;IV@yd{21&0`CP?QJD8i^G#{8QGN{e
zfd>+D{n&|xVm^DMd_ca8@F+y~{n~hwr<a>uR1s;Ut5dD^gF%zt<7Ih$1FZbHEE!`e
zt`l`CLr)YEB;}Hqr9#3~F?C+JD3(#^RV{Ct=zHJB=r#QZL?h3cG4l=F*)OXg*(=6b
zg*%l8HOYHtFWmWS^v>9-=e&443)tLDh@Z`zASR+>6l#jrb=<lsti^s-=Yt>O!5LtA
zodga^UmgyxHtI>V%j;o{(OmD2$!@0NE;R)TC1N-ZA1ZMmhvVGfUBBVZmceEoZVNw=
z$5>c_b>2s-ex_L)GE4QLOfmF>lCb)XJ+HHV|F7>k$HxfaBnX{%fHVnAF8s9kjl(z>
zzCU;7#|$KK+*nN;z4wt`U<#G;aKAhq#)7f1>H<HE$v;TH2Qdi)-RRz)`wx*n`z2yp
z-Yxv_F<yDZ_cr<^?}&}@ENfV{EB4JQYxH})ZtpkCSk1R(e4=@VG0p~XCyIAE9afz<
z7BrGRz9ef)-8P@Hy)YYO2Wq-c7;c(@HR#~<Lud+{ootkt>^9ccKY9E1ZL!+f!bM9e
z&im9@4@8B}tODveYqyT^uag`kYA{KExhEIv2Uy1#%I&3&Psji5cK@_|{-@LHcB=UQ
zC1~ey6MB+$e1DmS#=WPWESGFA;e9#`Wluz%7@q@w&M8wSubv2;*j`}YL2$o_d_eAn
z>%n!5IrniKoHd&d4-dyVD?SNpE)$k$OU2{+c)8g9E(gb@=xPv?@I;5tDbe7b5{RM5
zIg#N?+<Cn<2*`AEs##Qlz>JE6YbUDhqjgF1E};=RG)9GHO3=jX-8blx>gTE<nb(8%
z9vcFr!LW?5J-cs%#*e5z*rWPG=zSe@zk)W%MBaT1hLTRNAoSm7BVg$PhBSgd3FgRX
z_l-E0VbKAr71NT{k;OI@p*`v9WFrl)&vAvKi0R$h3_C0V`T~|LN#;<J>7e<}4x13?
zHkVEmA<`sS?2y}_p2O$a-y;04vs|{+N@SS)NLA$Pf#TO{6J983iRf9Yr3<SKO?3@w
zH>ti=*!WobWU3FhQ&ZT0^mR)LNBmvSjgKL%Rx<_78p{00*piX2>NXVI^(Y>2Xe9y|
zx(Rlo5(SJ$B|{FU0AebxpLwt!5x&KAS_n{9g)0g3cW+m)updezOXJP)pnmusZ$(M}
zQ0Tw2<|+!|-VU8&>fw81%<FWsFqp=Os*(n&g96*Hv32M8ZqSq|*sRvag*P?Oel_-C
z(8Q923ucaBMXET35-6rtQ-%<ZV*!ooaw7J|^_qbbE)bqj@n!@mXHE9Os?D$Ri-kY4
z7v)<lS4ZPCOjW0>^3aK5XbqUvSWR%lGR73pgH;;cL&o&nxHeGRLA{PfwI5&+VZeuA
z4pT4<lNpAPnGG09lT28Oj{a-+W|1s_ERhcRsca5BSQ{50C`+!h<+&tGwCLzO^zHe~
zj^bo9<7l#4#BSk!4r_14kBvv~>@c5WEH&K(DJJ7WT~v(F2@0w88cO<-%Ijc5KTheC
zZZ_zNq~z(wm({T!@1nzCk72lV7;KFbV7Mo2=n*CMFz`A+q@Ygl4Whxf5v;Bc-(y@G
zeSiyGbA0&c;rr+@ik;;LfPlG!XCYZ+{NdZ0Zj1}O(fu|Hq|E#!zJ>(F_tIabXo3N(
zww^b8nJFrG4@ns%@#^~CVlX#I4q`)wIFS^|;Li=Jm~bg(5iY*ah1~|p>xA?TuXVzN
zzo5*+p7VwzSc!);l9X&>4(j07kJ6yvDEDb#n!=cu6w45FNi$QSg3M2}iIIp9WXkIn
zKpDGHCz?#nq&k=i;E7=}T7Z(OJjET)M1V-KkY$dkV)0_y7*SQw`STcih}Q}~0bSSn
zu_E**4J^cB4<99J<cX?ornsLZ4SDeF42PH^5RP2&x@aY;;>L7REbA$7BqIeNd#YS0
z>J{{XE+uXTnI&iu)MkQx;@C`+wn>UCDHLRx!Z<64&d7p_6d1u&5ecG(q;ec()vMJm
zDAg?8v{FZQokUE$n7%q?SS%i5$yq?OX$*O)iE#$Zn2}63*FD%k3&t#OHjZEtVzExL
zjOlPF{WSOmQ>G^U$-+H(b!ra!ty&FF^iHIoDK0#+YpY<Y3Jb{?)+J9CFdU;lP9apb
z@^=r?QY^k=e$fu&+*w*W)J0LtwEYHu3B1^SNl%(W-k|LEC+Hh9yVG<Dj9MGiJEY70
z@VgCvoy|XVv1rG@pk7L1X7ov#KFvmWYUEH3Ba^6vY1;T2<_j-dV2g#KFnH^PBtQm3
zpoRg<owPw{1gb0wyaxG3ZuVEIe!)ZI6)|D{nd+*Q^aHz9723g%L1RA%r!l{O0T^ed
zVWI&Dm#tzM&h2ygAxegZiwW!xcBmj<gcNhKX|}fXVs3VZAX^j^^V0JS`5IumzI@rR
zos}#Qw$s;v|90Lw^nbbmJMPOT264hRSuSu5$&+gsz$r0zUoFnLbIC-Y%x2Qoy*eBw
zvG{~HF0x!S=HwcH<p2+f5QI(KLKDH*RFmj*qF&NnY*t4QOzc3+C+V5<ADvdKy#L!e
z=~d@HUW7K!f8=LA423tF6Fd6P$_eec<9y}ukA8LX<4=6@12LqYHzeIve|kr~xyi-$
z(^)f@kX%&ak93aYiC>T4o;?4-v0sqDkWAn(Kq>y11cxU;*pE&?(R2P>k|pyRIt_py
zmc=?Rg4A2*yVluRv)wxScMa;eowxAzJFf5sDt0o=&E)weKJNsx23ul%$R4=lk3gf^
z0hWB72(>{}`who|ycSn_8TBvs(6gePqSy}tXTH~CpwFHE@Ab;>e|0)1)$c#N2z~7Q
zXRi<o6inoc<A8Rj3IYDiAwa=K_V60OS02XP<ol{ak;TK1={>5KoL<V@D%V)2HP*>5
z@`Db)k?;`S?|lBh-RqoepZ~A$|3&CC&j0_6CQ`lrRiXb!(Vv0H9$-KHZ65PlV_={D
zYQ`2WOUhOfBXw$iHr9VkcJ@mh*;`@xVb<)REFLY+UoB%de?XM4sG^E0s;HuhDypcW
uiYlt8qKYc2sG^E0s;HuhDypcWiYlt8qKYc2sG^GgjPySSZ@`TJcmM!h5`xnJ

delta 3806
zcmV<44k7Wx9pN2+ABzY8x&6yt00Zq@dvl{k65oH(r<js`$!?uxy(~HFlx`0Lk~kwE
zfb2MRRTP%6O+^9@&^o@<e)sF10fdluz1fwVTteF=F|VGUnVw(wJkTug{UmZ`Kfl@^
zwSf93C-fVr{N3)Kc3!o+{Z{*=ciQQ8U$xrplhf`i(%PecOgXLM#EA%b6$L@^seI3+
z|DV!9?SPo~LF7I-i$$L_8l>qavu2z}HD{TI)G+Tbh=}Lk2GP<<yuc^UO|VLc3pqSD
zh7^+Adoj877VZ&A9z&PZmyS=?>>4?{I`Dfp)Qkylk#6l^uT(qW1xwacj^j*iY6ud?
ziIQn?oNj1;md1&?W>}m_Kc}W-aORb43FBJrop(zP`KhIiB}JDElYH|Hv2DS!E#4SO
z7RzAU{DfCU-e#F<f^~N9E<!gtbD-^W=S<hQ28aKvdC0X}t?yd3cdkG8ZnN@3OW!Vh
zn}q9<$t>hL?NYIEx6|D&XYgjJ#?$uOLi!KKZ@cY(P0sDpPFW<`5Vl!+(QLC|zu!MC
z6;vhbT-HomHMh(AZgS%Val?;G5_Zd6bp5F=3Bz)qfaKj$QIl7t?V_>cyCvCs{eHQq
z{6wX(7j8=1YxT>$WvY{>O8U!E(RRN)hSrl~pKJ_1mh8V>7i8bNng5=jxY4aMbK~9c
zdy1Za#s6*(@xRjt*l+b(i2wa=h5s)?8~9J&yHSj&esbI*4PrXWaN!a;R}nG<Tqgkj
zBzXuLx#|$W^jq(46;YFL3><|Ze2l!i`-Hp}-jEIqf1?BDo!mTveQ*mETCTICcEv)o
zvG8spCwe4kK_b^Bad4YFIFb83c??!$28JYma_3$Qw&rG)xWr2c;A=C8p!_m`Iq`^5
zD}U}rv>Fg^8I$0a21e?XC~h1>+Q{|Y$XO75b+hnhP+0M1t{=O^iAjiY@x43GWF4X)
zW-17nKVVOr`8{zxNXNRfUh5pUv)WRQM+ExnwUeOy5eY&p_y&Z2Bnt<m%Ss;8E-;~g
zA}ou>lNb^&PNd`HmxT8B?JB~`$lOgFZxKU*#!l($E&Ey>;`*+wdG054cFy_WCry<I
zA+l;o#*i2A8A;R8UodN6vbaOAX|`NQq%^;ug-2jWZWqp7d=!PyGtdD?(1D;S^FjM4
zg8p-F&~bVn`dqM#8hy_{X{<m6|DG{_$;&@gY)26PNeZ3FS?&@0k)Ff<cBfDA{{#ZP
z&MDx3>$Kml@c$*~dH<hj2t_D9j=ejd;@5j8@|>FmAVYG`@QwH`peBHn%iv5-5Xa-y
z-JKgJkV5li#fa}Lq3n%&2f*?GKnhIBDg@sLU>=Zo;U)>i)+8W^_?~~a0$4_Wd|ZNU
z2$lr_U_#9aMIRpoex&RuT)CTV3!~sJZ;JE_HEw4Z;Mn{gxXFDh4W-k6Kqt8$#LHE5
zyHSw5F89+K|G-Mkf@uDRF)ttpdUJ;b_NnD_p+LM^Bp^AM#2aP>V(1_=NFFmNj3v2u
zz%aQk^jYLV5BYfwC_A#>5_rddcqyxbG8HAlwBi`5E=K{_y##Pov=ds7<NoS+2LEvd
zP~QLP!7`x2{}-U#wV~+udrMQ%OVb*(_gBZW^B<l!{XdxhmH+o56b7&ae%x;z&-wqS
z?N%B8A+{R-m!Qws|Iw+6RC_<w-p@z(ei(}Ee&6SSoz~=gE_i5D+=J17HANP#*I`8)
z5k<O`lq@VyWb5pFYM53HcVUWU3F=^xctMbKt9JW9J|`P^%%99A8k$}VWA~!2k0mnH
z6h*s|)lnw@WD3nXmx#iHoMlGkup#|R608#AFJ5s)tHnOI{wY0!|0gG%GXA&lNT9<1
z7og9;e*;zIYvKP0o=z)&8}KK#0TfAgZUTNM$}SA#C|fc_+m;9~5)|Ug`87ix$ts^2
zCSvf`#%TgxJ7~i9gf}iQENH4qtyh|E$&-!zW6%%0kdVtqZ!8qk>5=jQ`7*+*5ZU)@
z^GzOKZgx>bq>-Ub_1ZgAV!g*J$~pi=`Ex}!$C9{?G$aLjq7Wf}tCzeY7b2#rW$?m9
zF^?);)$*o^f&XoSRx)@%H1gdURo~E?{k#g<UNO!p+^IaM$^Lt1;mu#8b;edbXT_6Q
zNarRael~N%govtHs3~68aqFe9mIPUy4?%<%XQ0Sy<~XpvJRDwa)Wf99>!FR&J^zmK
zZl>%mbrmu(HXMh4he{mq;W#gR-*0%cWw@D!+rm$z(IPa%I_;xXKhvxYo~8Pbrx*oc
ziCO)|nb&E*|2Od6<70$y5=QQOKpF;<iy+N@<I<9gAeg)JV+xWuZnUP2-up-|P=QKm
zxL=+QV?kMHbzu-C<R7Hp1D}L~ZhY^|gNHbn{Tx#%?-oIS^q8!C68Ibal6S<$c$OtB
z>lOW`l{NakUbpv~d93E!JU-Dp(;R05xD&xUoer%|91A*0k1xquQ@7QptS?jt>4lo^
z6N;NAU=0Qs{Ro;uXD1yc%DauV^-tcueOs({w(wAsit|2I)&o)HGp&Gn&f2YG{Ohob
zL=DR6FL!c(u|B{$Mptexb$r_YZ@2rW^#0GuX}8^n0Qmo%-buCp^CGl!zX>hL+P}X{
zUE|(UC(9+>V`ZOqL+OdAo8UR{=iD--{OXM1#PLJt4xIZ%8~}1JJRhDDOu0{z@T}Q<
zcz8I@i{eRGbIFRtTOuCcC(Fg|cR4sNMOTwpgeL}nd`=1O9!LayC~{5|coKJBZw(wW
z!<y>0q=I86iGyo5uI;0Bta+Ev2m>0UK{I7&;`QzubSW9<nkie?gZ3U90;I#RjIces
zZ-dT{BxA5g@rTg+2FQK|ZBU4^`xXpkL%IUjf1izjr3Wa|2>xW4Bct6n;#`462dq{s
zThT^;Hr-T&_N1$mjW~Qh#}$eyrlGYOc4!3j1uR)u;!swkLG!&6HNnqqF5Ngrq+v<)
zlG~u3!{^!GV*IbuRJzn+JS={ssmk?04QjOsFO;NY8-nS=YC}>(huSU4*vf2vEPgUI
zhTE|zY(V_FC50>gp6?~c5Lc^Nf^H8Leq?Tc@yJ(o8v^cn6c0Gm5&;z50zJ`)3d*CA
zA%{}{F%{R(Jm`-I-(or~1jwtwlZ@%R*DF}q59N`q^VWD!Kl~MgqHKI9^xs)?6-N+u
zBDWZO_^UbQ4QVqosK!XrWF2A$g<`)X_MIDeVN;PnXZ1cVyd@L$SEnDQ#575`py~*J
zTBM0n$boEXHFXH?IA+i#Lt$)hJii&b(E{NK1#iX>bJnCEwA%bBe^>-FXHgDfzB($W
zX=#Q;E05ebf!2UpjWvcFwmFsnJ!qxzJtR!e&1(~-9n|ZnRQmxI5e9q+>M#Y>u&81P
znc9G&G|7a<7-+wCuNG_pWQ)>}pDNaWz=ySQ0fMsVI$fU2!bFdc&ZEGY&zv}6n;A!w
z)gti<;W@0m)gUn+{j<Y-j?vh36Qmf83w2R7BR4F>)@#V=ODeB}4*f8drqX7Eo`_<n
z8DCb%eyocDgFS}fHej%IPJrQ_(4j|^*u%gZ0Fi<=!8eEo-^Q@IKKvE^+V}&1Jm8w+
z!#@vyjUVI0U48%vn7eovl6uA;zO5PNxKK8}-!1|%vtWs@Awl-N^jFE7pa83{=gnSb
ziU!t0R!7WVU59N7a|3n}8xq8ctjZ>TZc3^Jk7DNG;tO5aZ4kYVNZ;^UM@;w&iCWlm
z-joHKSxA$`WD|2x2fKchIt536xlIGr6vn))+NNO0x|K2&6n>&lOvXY`B;K$A%4k5F
z=!#^q>R>8>C5Fjp14?Sj6n8us15v_Ewl$Vin-|l@h?<JVpGV(AyjJ-M$hww~W|4l>
zK|^eM*eFY89;q2tiu){T$b)64I79^jcjSsUM4O3<8`CUX)>B|eMk+vm_Ef!4wJYcY
zLuO_M3(L?VsLcZX#Ic#Ow#lj@s}k_CgmIP;jgbu%sW5`6AToFjta2P>&9BuiBuTdo
z%T5j1HS?HwF@1H)w5dNtqcewSQyKDD3;hh3F(XCVT=!rDZ5Xq>**JpC#iE^Lo73S?
z{&Da##!M~gM;rI#wW&3K=(lP$ywN+6f0A(Fkv-c5RaL1=MzM~aETB6k{V)Yr+0NfR
zNOMvDirPgdN^)aq8&H>oQl{-U`AaB^-N$;;67mLR!5^V-tSqD(GAOk^sCP)0{^55U
z{yLj~Xkt;1p@4QNi<#21IAfZP@YKwq97cwTgmL=#8s-bH*r1Dlg{&}m>j>r`gCa<#
z3Co?dL8t_pA_}|?>1M9>SDJCbL*rGE75+&wG@JDU4Qi^?!H+>>KM1E&yMF-~XQghU
z2?&?1Vkyq;bNM04rjCmV><=`2>qSU0C7WhzO)sW0&08-DifQS6hI|dMU0=Rz*iK>#
zgzfmX<G-D@cKx4!ZorQF@`*v5&`p*LTto8Y8U}Dmtld|ObM9QW5Gb>mv=!EdL*|Q5
zc=IAlMP+8s04xW1DTE+w;ue|+%BESwkS5xtw2RH^7@Ub6u=ylCbN{2$YSI1Qe&_VG
z-|2Sn{>Mr0wA%lD3EI5>k>B|+Ro-e&ocKR0H*)5#`<2&!Kl;_pk3aFv55$mq-jH-x
z{plU`=4L6npH7>(gy^CWf24aPPyBiW_vHN#j{brKx?}=}4odOIBsjbQLVt7uvYzwj
zvLaj8&}jhtuq-xs5xCyE-?h%pn(fxnziUv(?YxD-@3_JnsMyIcH`)0no_B&;gD%lN
zqz5kf5olb0JHVW;8B+&Xwcl_Y@N03Umr?(6hn^MX6emF#y7RqW1AXrPf3Mds{r*Fz
zb5i~O!;8?z?tk_QzCb}mzSs|FcPba)&+GyebYu^&0et0U%*}FNbt$rV88Qu{c<lC4
zW>&ezI<B#fevuz^_>F{@@P6m}|LtDqWb6Kah5s)`L!WW~|0h(D>h-S*{XdHS6h!s_
z`{{4<Sl2oQ`}9{cws2Wix1uO%Q|q&_{$sqeU+T!-3d=9EW*24gYH|K*84dgaQNELo
U4k`{R`ZLo10ClEqp#XRQ041<>6#xJL

diff --git a/shorewall4/policy b/shorewall4/policy
index 59142ff..2e5fe13 100644
--- a/shorewall4/policy
+++ b/shorewall4/policy
@@ -17,8 +17,8 @@ vpn             net             ACCEPT
 vpn             fw             ACCEPT
 fw              vpn             ACCEPT
 fw              net             ACCEPT
-net             all             DROP            info
+net             all             DROP
 vpn		vpn		DROP
 # THE FOLLOWING POLICY MUST BE LAST
-all		all		REJECT		info
+all		all		REJECT
 
diff --git a/shorewall6/policy b/shorewall6/policy
index 9a01ad9..8b37313 100644
--- a/shorewall6/policy
+++ b/shorewall6/policy
@@ -15,7 +15,7 @@
 
 vpn             all             ACCEPT
 fw              all             ACCEPT
-net             all             DROP            info
+net             all             DROP
 # THE FOLLOWING POLICY MUST BE LAST
-all             all             REJECT          info
+all             all             REJECT
 
diff --git a/tun0.glorytun b/tun0.glorytun
index abd7ab1..a7fd471 100644
--- a/tun0.glorytun
+++ b/tun0.glorytun
@@ -1,4 +1,5 @@
 PORT=65001
+HOST=0.0.0.0
 DEV=tun0
 SERVER=true
 MPTCP=true
diff --git a/tun0.glorytun-udp b/tun0.glorytun-udp
index a89e1a8..670bbac 100644
--- a/tun0.glorytun-udp
+++ b/tun0.glorytun-udp
@@ -1,4 +1,6 @@
 BIND=0.0.0.0
 BIND_PORT=65001
+HOST=0.0.0.0
+PORT=5000
 DEV=tun0
 OPTIONS="chacha persist"
diff --git a/v2ray-server.json b/v2ray-server.json
index 5d2b544..1fae64e 100644
--- a/v2ray-server.json
+++ b/v2ray-server.json
@@ -1,6 +1,6 @@
 {
 	"log": {
-		"loglevel": "debug",
+		"loglevel": "warning",
 		"error": "/tmp/v2rayError.log"
 	},
 	"transport": {

From 379b30a65e4659978873293fa8becdee10733777 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 4 Mar 2021 14:16:24 +0000
Subject: [PATCH 04/55] Add omr-admin-ipv6

---
 omr-admin-ipv6.service.in | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 omr-admin-ipv6.service.in

diff --git a/omr-admin-ipv6.service.in b/omr-admin-ipv6.service.in
new file mode 100644
index 0000000..9af8b55
--- /dev/null
+++ b/omr-admin-ipv6.service.in
@@ -0,0 +1,12 @@
+[Unit]
+Description=OMR-Admin IPv6
+After=network.target network-online.target
+
+[Service]
+Type=simple
+Restart=always
+ExecStart=/usr/local/bin/omr-admin.py --host="::"
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
+
+[Install]
+WantedBy=multi-user.target

From 637e2ee08ae9a1f8359bf037747480f823bb5122 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 4 Mar 2021 14:18:14 +0000
Subject: [PATCH 05/55] Add symbolic link for ubuntu

---
 ubuntu19.04-x86_64.sh | 1 +
 ubuntu20.04-x86_64.sh | 1 +
 2 files changed, 2 insertions(+)
 create mode 120000 ubuntu19.04-x86_64.sh
 create mode 120000 ubuntu20.04-x86_64.sh

diff --git a/ubuntu19.04-x86_64.sh b/ubuntu19.04-x86_64.sh
new file mode 120000
index 0000000..814a06c
--- /dev/null
+++ b/ubuntu19.04-x86_64.sh
@@ -0,0 +1 @@
+debian9-x86_64.sh
\ No newline at end of file
diff --git a/ubuntu20.04-x86_64.sh b/ubuntu20.04-x86_64.sh
new file mode 120000
index 0000000..814a06c
--- /dev/null
+++ b/ubuntu20.04-x86_64.sh
@@ -0,0 +1 @@
+debian9-x86_64.sh
\ No newline at end of file

From 91116306a13ef67223b5940b03ddae1e577eb5c6 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 4 Mar 2021 16:41:52 +0100
Subject: [PATCH 06/55] Add initial Debian packages files

---
 debian/changelog |  5 +++++
 debian/compat    |  1 +
 debian/control   | 14 ++++++++++++++
 debian/install   |  3 +++
 debian/postinst  | 15 +++++++++++++++
 debian/rules     | 13 +++++++++++++
 6 files changed, 51 insertions(+)
 create mode 100644 debian/changelog
 create mode 100644 debian/compat
 create mode 100644 debian/control
 create mode 100644 debian/install
 create mode 100644 debian/postinst
 create mode 100755 debian/rules

diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..1e55a02
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+omr-server (0.1025) unstable; urgency=medium
+
+    * Wireguard support and fixed
+
+ -- OpenMPTCProuter <contact@openmptcprouter.com>  Thu, 04 Mar 2021 14:36:12 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..9a03714
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+10
\ No newline at end of file
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..5f0b05c
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,14 @@
+Source: omr-server
+Section: net
+Priority: optional
+Maintainer: OpenMPTCProuter <contact@openmptcprouter.com>
+Build-Depends: debhelper (>= 10)
+X-Python-Version: >= 3.2
+Standards-Version: 0.0.1
+Homepage: https://github.com/ysurac/openmptcprouter-vps
+
+Package: omr-server
+Architecture: all
+Multi-Arch: foreign
+Depends: ${misc:Depends}
+Description: OpenMPTCProuter Server script
\ No newline at end of file
diff --git a/debian/install b/debian/install
new file mode 100644
index 0000000..2595ec1
--- /dev/null
+++ b/debian/install
@@ -0,0 +1,3 @@
+* usr/share/omr-server
+shorewall4/* usr/share/omr-server/shorewall4
+shorewall6/* usr/share/omr-server/shorewall6
diff --git a/debian/postinst b/debian/postinst
new file mode 100644
index 0000000..9631851
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,15 @@
+#!/bin/sh -e
+
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
+
+# use debconf
+. /usr/share/debconf/confmodule
+
+cd /usr/share/omr-server
+LOCALFILES=no SOURCES=no sh build.sh
+
+db_stop
+
+#DEBHELPER#
+exit 0
+# vim:set ai et sts=2 sw=2 tw=0:
\ No newline at end of file
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..a45cfea
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,13 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE = 1
+
+# Security Hardening
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+%:
+	dh $@
+
+override_dh_auto_install:
+	mkdir -p /usr/share/omr-server/shorewall4
+	mkdir -p /usr/share/omr-server/shorewall6
+

From 377ad59134538cd0d66afbbb624ae53bd5c95891 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 4 Mar 2021 16:38:04 +0000
Subject: [PATCH 07/55] Fix debian package

---
 debian/install | 3 ---
 debian/rules   | 7 +++++--
 2 files changed, 5 insertions(+), 5 deletions(-)
 delete mode 100644 debian/install

diff --git a/debian/install b/debian/install
deleted file mode 100644
index 2595ec1..0000000
--- a/debian/install
+++ /dev/null
@@ -1,3 +0,0 @@
-* usr/share/omr-server
-shorewall4/* usr/share/omr-server/shorewall4
-shorewall6/* usr/share/omr-server/shorewall6
diff --git a/debian/rules b/debian/rules
index a45cfea..10d24ab 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,6 +8,9 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 	dh $@
 
 override_dh_auto_install:
-	mkdir -p /usr/share/omr-server/shorewall4
-	mkdir -p /usr/share/omr-server/shorewall6
+	mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server
+	find . -type f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';'
+	cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
+	cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
+	cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
 

From 795c693d13cfc996169fc89e9890857a3cf95838 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 5 Mar 2021 09:09:48 +0000
Subject: [PATCH 08/55] Add wireguard interface in firewall

---
 openmptcprouter-shorewall.tar.gz | Bin 4080 -> 4106 bytes
 shorewall4/interfaces            |   1 +
 shorewall4/stoppedrules          |   2 ++
 3 files changed, 3 insertions(+)

diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index b7120120fce994d29ba0944d3beb4d99a80aeecf..f45840887cfcf10e3701975cb3de7fd86e8e40d0 100644
GIT binary patch
literal 4106
zcmV+l5cTgLiwFQQl0RSo1MNIvbE8PE^A-P!u4LZrOuaa^iS2B1<+qOjwz*(n0VkWS
zS49z<B-GmA2Y9l1Tl3#f>IRIlGoHJ#Gk5z?W(=s+Qmb1nsi9#K20;?Jli%JQ4w?Yn
zcAFjn%E#6@oVU)-TW!AG?4F&!YqnbLZucE&9<WV0EaSwD2zeKUVe%!qUFH9#a9lek
z)>9aH&+cqS>UGlal1U@ZFpWuOA2p=xhY|6EhcKGEi5~{Uy$_cO@qohjVkjZWlOK}@
zf99Q#<YnQJqq!T9oLfETb_DEx>g(o6u*q5N_)Va8EQq$EYaGW}`q&g@j+11|<~YOD
zZJm=0-GmE^9>$hza@MV4i^E#&C;x%G7sj?elvP7EE%KMY5XTX1#}>?iY%>DK5k`V0
z2@WHwiT34_H(Pkor3-y9buSH_t8@5oIbCqAX7k5p?I$mo`VU$CzHMw)en=Lpn#p9r
z@vTy|;TeCnS<e)#lEm}YMWOuX(~Gm#I_K6oUv83OikqzcXtG|h+wGp0Dr&NQrRbKU
zS)26(FS+-_xE{o%7M_*47{<0PSuDzZ0xdr)RkZ|7-mDtCfmdpKr`s)8RkjF?{l$7~
zJI!vnw=8Y6t!6MURc&?4V`y(3`($nKv1a#TRgoRPb^iN7;zbYc#EbXgO}4`h|IfGh
z?z>hS;y|}^e%5TG|L>mhmH&SWSoi;*yeLM$-ac)TI<egOV&)MgHxbeY&rZPoljJ$9
z=cYrztv~pW%ZLVrQ{X6ui<iiMd`id%@gw13`0ISL)h72Z5FxyRK-+WYG_u$jIA;ER
z<VG(9V@TwABn}^vXE*ZxN?yVxnLsFsyr~~Uw7Fj<9`O?bp0yE1P=6l6Y<NM`GMIW1
z6$8zi$0U597XxifR4<O9Y~Tf6<j#n(yr20KsI2-EFNi(j#$<uG_{p1QZS7-2th6Bz
z0D(PK^RLA7p&Vsry~dxmGHEHt69Rqp!A-FJ5eXMq@gp?)h0I)NT~_myc7X+gur7vA
zV#<Ovl24Q06WZSo%Ls*$sh7C^EQSj8y}}-1`^u9X?K`07sRF-u&d0y%noI~$G+Q?N
zf{5n`x`C;JRfAx~y@zP#C|Jl%pC*eFh#L<x_c1<+pocu@5m5Xj2;=!OdWcVA80v{f
zi+au4r$xX$CiP?){3pldG#Q7i7<@Y;*-kN^!SAc}zr_3b@ztVf{3WK3kyl^BWO=Pg
z;XJC}hY*5-$1N1!+pAUZwXkp_cYeUwkFaa~$Mfyd`mcF@-mK#PTfnaMAF~e{pM*H}
z9|Ib_KDm+a-p?Q|Bu^~5k-&qP2_ed3!AwaoipR^xM=wsGgwkczNZ`()?!EU2VdWXZ
zC@>|<1?0RC<RK2vyd<HKH3<pEdvG#K2+9~8=a3nM^Fjl_NlgijJpr`$g|ef;%3ITH
z5rvPrCi3qzv$@0zjyd<9mpnDot1D5k>|X1vdCGSnrZ@4}Nz2l>&|7!?(Zi&5(fYB-
zoO~$t<SITw7BdN>=|?8N5MelWLglm5EDW&}$%C5la+ZLSpwc}{7h>p3%v^kyc`)AO
z$%PEY^PqbpA38J0MWLP?S5l69Rh>PDTSXJqu_O~_R;SRQG75sr_ns5~pI|i*hm*0x
z|3d`mmhb;{I%k#te+$S{Tj~J6cWWwmYj_K<yL0}ZZ_fYo>i++mz>Q%!f+U%}7EJ``
z|5i;OnHyNXhP2FAuoZ2yTIc=S!y=sdlb6HF*!ldg+obn@dH$U5c6prt&1Sor|8D_b
zasSt#CQ{w|t?vE4dheHck^SHIJ!TJTNe1}5mK4CyRYkm8U90+lsPc`hX4lF{u`jR2
zre)Xgwq>y{fi=(CwIGVJVQ-K<Ja3~aVM)2xD`c<8ETeIH6hSg|gWh)K=nuVwc{7wr
zUsqNAR?!AoUyR1kMOQLW1<)Dza2)+H<-f@ybV7OlN6XnEAN^6-;s4w1c6t8?kXO(D
z-UPnF|C?wc-|GHP;OxAL0e|8cKt0LcL%?@}Y_Cx6flGmCGZNt*q5{55ubaw1(S$58
z5mT_`Vtw3j)PUniFt71i)HRJpue97&Mr-s#un*jdl(&!WRVtR#%_PU<p99<kl^s7=
zA9H+J?P3!V2BtnXYCl;r>pekLR~JxKxKb5sC`&7(DXY*E1%#sA2&z&*j5XU7#OorB
zCg0X_)ub@^A;E|lKBG4Zya_emg+KXixnNHVa8}{1=Hr?Yd~#?0^aDmv)M{7YO(qLE
zHyH?%iML3Iq*(<?@k+*npSraq%w#@?5pJD>Dj!&^XMOp;f4e4!wJw)Kl`;I_k@9Y&
z>~0JVh!9=mRn9zs^#)B@9MpMT+zwTC@y=9{qHs}SdUWqjk7%F&Ul@3&r|7=PBJw_g
zmtih)7N+F)9<4bG!>Kntr4Et`&IWFC=(g#-jRqftqyt$n7b<iSMhW>Z((OQ2Lfvls
z<W9rqIGp?z)3!d&!ssPg1|$sDdI^{^scYR(7G1V1dZfbY-A?DM^AGb_PB(dcK|RYF
zX2ZFchVwj6#Ysca!0v(wIVCGw-83eg2tfPrJk17)1MW1brHo97?h&+@PD45vltl}f
zcH0*h7e(%qnU7{uoZzX29!r{FbM$E!vc7zu-Ogg01?!a67pUkSy_D*E=Vyn8Jbs^I
zCU+PaU(Wwqe5>2R{J-5f?{r!`=Kp-VQ$7EG6WDv+gi&Rc-`}LEac9fcf_2klHMb|B
z^f9-W;68w_$V4f-BgSv!1`GEQGW%H^g43S)0h}k~DM=QWjmGoy^XaM@c!I{9(Z{96
zojxV=+5Ycta9rwBEn*XanD9F$23*Soawl>{R5+9NF1H4Wm}!p<N7f)AlcnCB7uOD<
z9aHZHlrTXV9n@4n#k>70bR(Nrx~156z19I00We@#2B^>ebufg1Z1xV={66%)32nax
z9aN(3UxU74%D0g6A5sZea)2QX;7@@$GT6ToS1K$vV3lG!sy=Y&%|y^AU6rii@car_
zCYqF9!Q#zU1kLJcAw#U}lBWph99X+B>b|1Ny~ZauYCzK4n0s-Ij)xV|-LAc(+>c)V
zM~wfDXsIm>bWOd>gwQ1zup9|usoCgAYqfNRwbpdg0O_`DZV+3q;YVY$zllx#2;f(m
z6n6ys$tj>}HCr^CzA6l?4Ho(8ZmoU$9@S$GtwsdHx4~|7qJc5#q|f1$Kp%_iXaVd=
zf}@m96A@^2I8(5E|8^#r1}=wX3)F?heqR|lhF}kSNALf@OGz<5ue$Q`{U6p)Fy(bD
zn8QHU6$7xn#xjne#Erbh?}_v1h5n+U%3!!FDT+aVEZL?8C|*+w1jEs#F;F0vT21Ri
zW{w1`F^%}%4=x+@hf2uL@{?IOacAXAq=V)evZ?km^2Wl8W@wL=t(!6x9(i#B%77&e
zb>=%9Ybb*Uq4e<+6pXK|I}2OeJ32x`I*fCXV37M@0%I@-n;L_dnF<(3gN!J~#29t}
zQ=n@hN0R%(Shafrtc?q9C_^7zMWH*LxN*W3!6&2TEb$B1Q&@0oVPd_&S|*=N6r0}l
zD57z7E@@WeEehD98glw-iAP{9Kab_Hyx#OJDE9Q>A7Ff#0Aj*e4q-G+7)yf_VKhf{
zWO3pjU|db`dZIqU*8+P##IS6B{|6?m@n<-}<;3Uze*Z`O5+~mLGfeQQhZ|jK+WYy3
znrRISb>pYaDu9`Ub9}cD$PdzArG$a{Ok*`I4l)sR2ndQcU@7V9+M!;o$9AYffh0MK
z;Xp_hESZH{L|L$+FCj;YrdYz2C2KaEN?EdtZ*yYz0(yl=U+-KYM#8mB`CJK>B04NK
zGS2z@>>WWwKS}e0lRTWE35!EP(Hu)O!3n2aMO7FXBa876Rar0{aA~Ya9~r7_Gl4Ku
zAPU0-b--Qf>KJc(GBQa<BF7%e8s4qQkT#uPsJ~+1O$;VMLfusva5r6s07nX0COg$I
zSr9OJk?u5M1RAciqHN_~46r|kK3P;`D@W?4odykt>I;wwP$xz?L;7+nn3BWv!#mm_
zBI{fTK?4n({aCx!^jqjQQ(*xLYbwwMAj$^Q$6+6{&Nx;yRncVNWQ)U$662TyVl=Rh
zv>9L#sc5tyJ*d^LW!Z2{+p$+7j#1_GT}#WMi4?7zrBCaImSb&|rdZkldUJi*G!meH
zB=)#~i9n4V82P*(&<<D$SmW5x42d;`b)sX9`+en?-fu_%?opxJ&nfxXmVa^Z*1tZs
zd)+34=P`sx6Ru>(?2EWbn-bzS@saYY+-t7Rox*I=XdXy?Fl#90fb!2{NZ6hH&8L)#
zCUrD2yHS#d>&$mE;Y{_ch@wzwE5qAp_{E9Hn#?8;BeH}WXkwlOArVE<fo0dWn0K}1
z<D*E1`UOVL&Ik-sfoW>=j(BoL|M1v?KYslWa|fK6P(i;@q-+{9oH@>#Ft!Ssrn3NX
z#_$e2fS@`sPYR@9S}O!g_Q6bL%YwCB+8Jn~U>~AjK)IDq<6GUl7NA!&iB<kpHg$*f
zA-&W!na7`A{V=}Wpb5=2cy~L^c`fkm*%F<4_(QI(z%d!PFv9+zyBYEoR<R`W0;_pg
zEX}qwWDA^PS-P)cwb0oV$d)u)@UPZbtztIIR_mDU3hcQrw+!Nl-a)#?1+qZyU;xL&
z-oIF!b61Luemt8=8`pZj&lVXY!Me^$(U{qJwQclY2x7=M4=rQY`~OXL|G&8Zr`@Uc
zf4>Qo-v7(?{9q>C7`gHPF1^T|dfqo~|LImcfBwWff6#{<<%*=wR(3sCp|$996{_YO
z(8WglEA1oN^5GzE>;4~(eme*=SdqhAuJ{=t4tD_2?+pRzm2jn~ihT#21~KyIv1|$w
za82K~Xr4A3t?tSH)Id(FdjYuiI_@0ot;<k+in>75k0}{f_+$Z&3QT79oE)E<!#n`v
zqn%El(B+TP<JvJ&et4g~6Y`Pcny2)y(FB(H>mOD8{_{Ybgo}kYJ?J*zUGe{nKWE?n
zId8R^d<UQZ^VRo%-UeRV|Jy0#0tFNKr}KaoU!?$l<`ke{BL{d5<Qq5RuGjmfO|iwz
zu<7;24!ZPvKlycigQ8yIoYvUJDf=|g*K^8hY|v((5!%g#QErfBpA6c~fKhIcu}>B4
zuD-ST^jk)|>jK&4Yc3VM0?Fj?UjW?o{&%Zee*cGWbvjl2e+xJ+fB1}neP<L9idMf8
zH0f56?EDo2eQd9gwZbRTIQe(>F`n9L#lUe&`h}kFt#1YEfE)3@^ZS3T&gS>Oy6x)z
z-<!Z!y#Mzrnn?Bfca{CWn*CEJa)7iy{WfP7jM9&xkuoUS1}Y0tU!Ci}#yk4}TlOM%
z{whoMnvB2r)Xv`-rx#W7SwRIAR8T<$6;x0`1r=0KK?N05P(cM1R8T<$6?|9tJ1<=#
I_5gSQ0DDv#?EnA(

literal 4080
zcmV<M4-fDkiwFQzb}3*01MM8`a-+y`|DvauvYp&+#rm`)pPf=J7?4DafCFTouTn)}
z3ER|3pa5E*bG7fD?ioM`$*WCP@+KGBy8?Q8x~FG)x_e+?68L@`I+I`C9S#}*-FBNE
z0gA`wIh;4o&YSI4yU{&6f7fU>+uiOv(l}t7GFV2j6B6<+41)M`bi2y`N8z|~Ow6Ys
zbf2Bsj8v<n?#7dPlw#_W)IKUm*$+bE`42%jcVaK_iE|$;W8wmZ=SEOM;wLX658li@
zCGpF`B}a3|CmFYD#_b5${m|Ep5pR*R%JG{(<(L;NSyMTVGqtfHNE|0hrp0l(p;;Oy
z>Y4!;COwQz$>7Xe*%F48$`9THIpN2aHk1@yGEDNvKN8y(EZgFZfn+fP+vZ2SD)KfX
zstDHQlRI0u;iUt8Fm*0<jjM9_Z#i9X%|_$<M&$?BpL!2z{l2AdR(^;VtD5m-!L^!&
zYQwYE*=9Y1HwzNan-{tAA8Qw9&2`Sr^H#A*vLS4;_QJ_}#csEIUZ|)_)|IT8wrXzH
z_ucs33!<tY6<T;!<f7}_x@55^_6fB7tWeeDRcW(o<oIr(?VWD7SXJI4H1Zbft?e|r
z#ojX2(YBiYyim2-EsmkJb?oD{!N;22i&aH-{Mz~N`LP>5I1@M8hd0>{JN$pEaejvW
z|GaT_)@?VM=>NNCjne<W1+4r3k8T*DUvJkMq)JR@zL>d0&P;^#!Lt)^|0I46s+s8!
zaO)4=<1(Z{p#~g<VDS=qk54gqFMJ>^82)Oj(QK3Z7l;sUPN3yFa~fGJ3>-7>K6Jtt
zf-xj?T@nQk@v{@Ue<m-%l1w0!gznUfAllq7W0!a_0nb_wLa09vU^cuUYUxkikcxrk
z%_9;#(2IdOCW;$HP&ROVH*{u1U*6BW2~<|RiR(u$aU!xnT=e8l)3)}pA!gDL2!Ozz
zs`+Q)dQgtC(_U-UnyIve<0*l@dhf*8{*VL<toQ*M{X%9Av@We#qg`NvAgqhwlNb^&
zj-*=rYfSt5VHu(@GIe9en?+Eex>wjkY+rejqkRYTELCXjo%8X}nko@OWYv<4J}=-o
zf~I4tU{)YlaVHSXY#9r=>C<F!3UT9M<~&BHA@q<7JpziK`av{bh7Zwc1VcS>X;H6H
z`MB`8$G93V{XcPBMw4<#i@~=ulI;}p8T`Il|8u;j(dTMDhHiBUGvYP5!91+q2M}lc
z$1N1!+I5w%2Us|vGe2PLN7%LgYqi>i^<M*$finKT1?*b?G5etLiH{=h(WlYtqZ4}0
z{S4wl{KTRg@m+|S5TaZb%;XrOc(i<cbfXwbC|z2O_|6>a-n)+wR-Pe@0#mYFK+X$6
z9^&xKjbj>F<A7ki2miB#pp4OR4w*qP&ou!2*ObuM<3oF2C_5Ug+%?S>Vept~BK=A;
zn@halm~-#B@lzwYx)ONP>NU?AwN?jWdIOK0q%4UGy>-_gK1`Yy&F}Nf$@@Z2uHqwP
zF_R#ieqi!*5r$(YR6aXR!w^f6T&Ni>XE7)VD&4bmA%ecd%*A7w2jfki9LQi?7rHm}
zpfmkU6za)w1?9L`)!B2nl~q9*ixOdGRf7f<Q4n{&^_=*Bg4IAAPR0)Z4-ueSy#Lqf
zoR$9nEg(y6sRR7httsKH;Vr!G&iQ}7Isebg`~PnOH@a!_qG<G*G!dZxn-y(jY+zdz
zq-DN>t!NwN67YW>7QxJ$yc|}>&gXyK#=B-4*MaA)ZnuT=ztL!y^Zza23-15w)I`dA
zzvaE(SMU8YFS7spzQ^oAElB~N*ODCQnj#B#t7}CY5JkF?l=NC2$=2o7*f6aM-qFn0
zC9vjMyXFN!(ya}$hv#in1uQAndWGy2nME{Ck35KmrqesJ9Q~n}FmHwu>1&Fj-OB19
z?TgVEy68$G3J*F1AC99xhV(Z{fKDjR|8O}w<fA_dJN$pU-7fC`0P<Gp|K9?>!2cU)
zB46wNPvPvmi~+yn7(hMA-b27Qf^@G?=79@=XfqPw9-<t+NUs_4KvwxQFcE{dq<nqc
za8!rmh&QhBTF_LLMz5sYl1FRwL$D9rij=jF?p4Z{)6FEu<Ua%41eG4&n;$ZKQSE#a
z5e9}f)+;}l66-x)QC1gFmA_JCb0~=`q#-HL6FG#e-tdZ?LyT3+;DzfvjVj$%GS$Su
z|1QRe89bvm^4$qF--S2%Ww~Ha3vgE9t>)v3?0<A--t;|2P}FKy;Eg8>IyV{clZm^C
ziKv=6NzqEigO|9qI7nqa2O(~qgDUS?tY>|B(!X7k!&;Zgp~~o<|44b)6LvSc3Pgy`
z^D1T@z<PtGC=TkpE^db^yLhLnh+(iOFg?0=rbo2T{~7pht%mNKEJF7qcp2s*XF)=K
z@6wvHAeg$-8g-CVa5`|CL$^)uZ8Z2GBpJw@xlo~tAdJahNVfx733a>ClQRvTqhRt&
zMBDl}3&NLp>65@;>m^{yq^@;CQFPI==#dJmb~~N3&cDrLIo;&(8TCwam=5P&8s2KP
zs5o&b=-6ElA*W<ztDDAz69H%+o~P*`aloA>wUm(o(LIC~(`iTtgR*EM({B6X;v&y|
zGV{=E@)JC<&|^{MEsj3zLe`fj>Fq4GS+Gi3eTIte(Mzblb$)he$l`YmGr7aa_<a7~
zY&E+b%>Ub+^G>JP!u-G0?v&5}-vsuaH(^v+<@Yy9YTVhfwP4-!Sk3K8D1FTB#<&mQ
z3o=p4?uhXlIsU?Vgv@>x1>m%2o)70Sd5Yu3Wxf9V{9IdA15Z$&Gy15|xY|=ZpY8wd
z2FE2n)g%_-i2=W3qQkXBAa^2HM1eDL?{X`Uh#A&cw<Q%4GD+;+xl!d1+A;NRKnVks
z(LhZZRJ_~2LN}6erJ1sI*J~b75da;AWq|tZUk9BZNJj5~&F@3+8_@P!&_N-}{x#^!
zhI9)l{~?utB?lPN0RCi{BZK`baizdw16C=Pt!M+A-b@62l2yqX4$rS}Wul776)fH?
znODu88ZgAlE?X1<odatZM%|YcsaOB#gmp-I>vK1X(DAS$y4$sPl=;!iKScQNh?ZLX
zKvR{wR0v&y0m~6D6q=2Wv{Fe{SZhr;bdYXI#s;zZ8h$i3`kUCqj{tt9Nq$GL7uNt)
zsaS$;_Z5C%Zm`H!cWdq2_oyCoXf*;Dz6Exp5fzL{BYh611o~K9NAqA$A{@nJng~Fv
z!I_NZ`?oXR&~Z5|nV>E#_WSa{)_H5#J39FdFGbn-wCc*sli$oCZ%FG{Fo%Jp$vR+r
z^<@-7i4(f@Ut{~x4ZKBNk-%_QQe>U}n36>eP`IWR2!^AHW1v7Tm5SPj%p3_=W9rep
z=U>+850#LeWhb*>;>?PdNC(Z+B}3_@<n@Ic&d?rBOEV-YJanTNlmSZ`YRq@o=1>9;
zLg}L?C>URvcP6&BcXWh?bQtF%!XWp-1jb+v7BvPTH5D+9IvG)nfidg=ra;$1wkY-a
zv10XnSR3cuP>Mdf3Ik_4aiW+lf=@@wS?uMmr?B8wgV=n5wM;gdC^ot4kw@d|TvW}_
zUF5Jw73B2A5|6-IejH0<X}#%NQ0(c$zrpx00mOi@9KvWCFqS$ez-W%>$l}C5z_=RV
z^#pB%uLbtLi(uJ&@*5_t(I+^;<;17Ip8OWQM6o;n1QUGf;zn1R_I~=VVwl5R-RNnv
z3ScI|9N#Sj@`LnOAz`3CQ(sMsgG>Ys0)ng#SW3FOwy78Eu^p;VAd0rE+Ypj@Q)1y3
zQ6{YD3&@eI$|iqhN~#5?Vw&vY+nm_FfL<Yz*E?5;5q~XFK3BXc3pR_5jB_?Wdq)t_
zPm}!MGz({F!orZ3RofH{aKZ^!LE%UG$YeYOMdA$`TpBCVM!F(dOd!k@h{7;IZE%;G
zGRE7Uj7*e}$hL-(igzngq($c!>M!ef6N5<*QFlcG+)bAuz>z|h$xc;F7I;iv#5<KA
zfrcxsC|l_#9qiAhPZnj#%#fO4B|(Fs`aEO;)QM5fkiOjVhG;YW@QyZ!NIMro&_D%e
zKUS|*?H0PtkXeAjnlf|&h_b-+aoESKGmd3dkyQyeS;8=-#5iVy7!|A|X$DwCA{s47
z^DC8WNz!e@vaOYfV^leL*V43UB1J2w>C?KQWmrq0DV92b-dtZcjd<uEkv%S8B2Z%+
zMn3BYv;$TG);QKxU1UvRooJimeqa8n_X`q$dz9(+b4ot8q@QfO^{<VsUbg|^c?==a
zfGf#1`T}m!ri8dnd?f!Y^%|>lJ2#tDng>!J%o>V0p!DMy5_UU#^C_XCNga*MP8et5
zI`!R5I8!|>q9|0_Oz{>PetsgdCbJ2|h)n(lnwTX)NJLR|VA-`LWL<4~_$ZR0eu9y+
zQUcwOVVdf_qZT=%e|T)dUu*pja|fK6P(izq#dI1ooH0(DFgA0VCbIx>`tS}s0I%3E
zPjaMSS}O!g_Q6ag(}cBL(iv!?U>^dnL%Eqv<6F(R=Al<qkyZX#GBlg@A-&X8sf9ni
z>S27lP7|7I@a|TU^P1q>(<M6f@P}Mmfn(BfVTAobcQa%wtb9r81y=JgUz%=dNEbNy
zvSeSyYN4|!kS%Gp;9sq=TE%RZt=2Ky71(oMZW+W8y@Pa(3uK<$!2phlwSTcV=dNT6
z{dhW)Hm<dPpDi**ym_6LqA|1ca@**C5k!!29$LoE_y5`b|NQ=+cBkC`{U%U&|1aJ1
zgPC-F<V62ix}h_5-LKsK(=B)Y{Em12pbt696iJ?~?0T+3YtiQ_RLwb{^Nsj#+DEkI
z!$I8E{XZQ2b`WN;0*AR={xd=x?f|0S8v@cR{z_J4>kc{%V&sow$>2rcn!Ih%s5R=%
z?&;qvAg9^A09<<=cMkT}WvEtyx<J(T2^p9BWC4x}OlJ0+9G{!RJOJaPolc+7WslOM
z$}v*DKS|#S`M`0F8vUy`fMxdjM;X6=KM=*iV&P5?x(#?&{BNBV-~VsHSsDM|0$$ty
z+sWkuITQJh^MGcnOaXq+DL~Ff4)7YtS8m2#ulH4(V)L6}lk1HgbjkOAvg_&wMYX^=
zsj-by`e~pq=akmipiMs`w3`c~+#pN8CbXLYqud~4pDNm2oi@KrGu{B=$>F~Mxa<Az
zX1DnMPpjGKl=1&9;JEnVGX~b3o<qoL^@>-;TUoTSR}8eVwL(^MpGf1RU)jfaDytO(
z$H~bTdcL*3C9DH(#Q(<c|1~?C-~Z~i%lm(C0$=d{-_K|w<?G*N_Wx@3Po2mC(*ESz
zoM|vhK88k$AgddwG(>%IuKybE^aE_^i`?0(Ea_`9-r{3BduN<plzD3jC6rJ?2_=+J
iLJ1|5P(leMlu$wmC6rJ?2_=;9P2pc@jbV`hcmMz?84VQx

diff --git a/shorewall4/interfaces b/shorewall4/interfaces
index 715e62b..fa28d7d 100644
--- a/shorewall4/interfaces
+++ b/shorewall4/interfaces
@@ -19,6 +19,7 @@ vpn	gt-tun+		nosmurfs,tcpflags
 vpn	gt-udp-tun+	nosmurfs,tcpflags
 vpn	mlvpn+		nosmurfs,tcpflags
 vpn	tun+		nosmurfs,tcpflags
+vpn	wg+		nosmurfs,tcpflags
 vpn	dsvpn+		nosmurfs,tcpflags
 vpn	gre-user+	nosmurfs,tcpflags
 vpn	omr-bonding	nosmurfs,tcpflags
diff --git a/shorewall4/stoppedrules b/shorewall4/stoppedrules
index aa5bfd5..203a000 100644
--- a/shorewall4/stoppedrules
+++ b/shorewall4/stoppedrules
@@ -23,4 +23,6 @@ ACCEPT          dsvpn+		-
 ACCEPT          -               dsvpn+
 ACCEPT          tun+		-
 ACCEPT          -               tun+
+ACCEPT          wg+		-
+ACCEPT          -               wg+
 

From 3cd9952c6978b977ef234a03c7b66c3d0b5658e4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 5 Mar 2021 09:10:30 +0000
Subject: [PATCH 09/55] Force use of version for binaries, enable wireguard by
 default

---
 debian9-x86_64.sh | 79 +++++++++++++++++++++++++++--------------------
 1 file changed, 45 insertions(+), 34 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 84ef712..231325a 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -27,6 +27,7 @@ UBOND=${UBOND:-no}
 UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 OPENVPN=${OPENVPN:-yes}
 DSVPN=${DSVPN:-yes}
+WIREGUARD=${WIREGUARD:-yes}
 SOURCES=${SOURCES:-yes}
 NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
@@ -36,20 +37,28 @@ KERNEL_VERSION="5.4.100"
 KERNEL_PACKAGE_VERSION="1.18+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
+GLORYTUN_UDP_BINARY_VERSION="0.3.4-4"
+GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
+MLVPN_BINARY_VERSION="3.0.0+20180903.git.8f97209"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="376322a61dc53e671e7e3c7eaaf6645c0537a9d3"
+OBFS_BINARY_VERSION="0.0.5-1"
+OMR_ADMIN_VERSION="6404f52ef4e285ae5760c363bc9d6f682f6d9099"
+OMR_ADMIN_BINARY_VERSION="0.3+20210304"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
+DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.34.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"
 EASYRSA_VERSION="3.0.6"
-SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
+SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a"
+SHADOWSOCKS_BINARY_VERSION="3.3.5-1"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
+REPO="repo.openmptcprouter.com"
 
 OMR_VERSION="0.1025-test"
 
@@ -78,7 +87,7 @@ elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" !=
 	echo "This script only work with Ubuntu 18.04, 19.04 or 20.04"
 	exit 1
 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
-	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)"
+	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x) or Debian Buster (10.x)"
 	exit 1
 fi
 
@@ -158,17 +167,14 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 fi
 # Add OpenMPTCProuter repo
 echo "Add OpenMPTCProuter repo..."
-echo 'deb [arch=amd64] https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list
+echo "deb [arch=amd64] https://${REPO} stretch main" > /etc/apt/sources.list.d/openmptcprouter.list
 cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
 Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
 Package: *
-Pin: origin repo.openmptcprouter.com
+Pin: origin ${REPO}
 Pin-Priority: 1001
 EOF
-wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
-
-# Add buster-backports repo
-echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/buster-backports.list
+wget -O - http://${REPO}/openmptcprouter.gpg.key | apt-key add -
 
 #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
 if [ "$ID" = "debian" ]; then
@@ -176,6 +182,8 @@ if [ "$ID" = "debian" ]; then
 		#echo 'deb http://dl.bintray.com/cpaasch/deb jessie main' >> /etc/apt/sources.list
 		echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list
 	fi
+	# Add buster-backports repo
+	echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list
 elif [ "$ID" = "ubuntu" ]; then
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
@@ -302,7 +310,7 @@ if [ "$SOURCES" = "yes" ]; then
 	#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
 	rm -rf /tmp/shadowsocks-libev
 else
-	apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev
+	apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION}
 fi
 
 # Load OLIA Congestion module at boot time
@@ -421,27 +429,28 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/
 			cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
 			cd /etc/openmptcprouter-vps-admin
-			sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
 		fi
-		openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps"
-		sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
-		sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
-		[ "$NOINTERNET" = "yes" ] && {
-			sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
-		}
-		chmod u+x /usr/local/bin/omr-admin.py
-		#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
-		[ "$(ip -6 a)" != "" ] && {
-			systemctl enable omr-admin-ipv6.service
-		}
-		systemctl enable omr-admin.service
 		rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
 	else
-		apt-get -y install omr-vps-admin
-		OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
-		OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
+		apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
+		#OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
+		#OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
 	fi
-
+	if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then
+		openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps"
+	fi
+	sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	[ "$NOINTERNET" = "yes" ] && {
+		sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	}
+	chmod u+x /usr/local/bin/omr-admin.py
+	#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
+	[ "$(ip -6 a)" != "" ] && {
+		systemctl enable omr-admin-ipv6.service
+	}
+	systemctl enable omr-admin.service
 fi
 
 # Get shadowsocks optimization
@@ -531,7 +540,7 @@ if [ "$OBFS" = "yes" ]; then
 		cd /tmp
 		rm -rf /tmp/simple-obfs
 	else
-		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs
+		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION}
 	fi
 	#sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json
 fi
@@ -626,7 +635,7 @@ if [ "$MLVPN" = "yes" ]; then
 		cd /tmp
 		rm -rf /tmp/mlvpn
 	else
-		apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn
+		apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn=${MLVPN_BINARY_VERSION}
 	fi
 	if [ "$LOCALFILES" = "no" ]; then
 		wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network
@@ -718,7 +727,7 @@ if [ "$WIREGUARD" = "yes" ]; then
 	echo "Install WireGuard"
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
-	apt-get --no-install-recommends -y wireguard-tools
+	apt-get -y install wireguard-tools --no-install-recommends
 	if [ ! -f /etc/wireguard/wg0.conf ]; then
 		cd /etc/wireguard
 		umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key
@@ -895,9 +904,11 @@ if [ "$SOURCES" = "yes" ]; then
 	cd /tmp
 	rm -rf /tmp/glorytun-udp
 else
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
 	GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
 fi
+[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
+
 
 # Add chrony for time sync
 apt-get install -y chrony
@@ -939,7 +950,7 @@ if [ "$DSVPN" = "yes" ]; then
 		cd /tmp
 		rm -rf /tmp/dsvpn
 	else
-		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn
+		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
 		DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
 	fi
 fi
@@ -987,9 +998,9 @@ if [ "$SOURCES" = "yes" ]; then
 	cd /tmp
 	rm -rf /tmp/glorytun-0.0.35
 else
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION}
 fi
-
+[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0
 
 
 # Load tun module at boot time

From 8319728f56c1e43856b811229d955d13ff0fddfa Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 8 Mar 2021 08:12:51 +0000
Subject: [PATCH 10/55] Fix script

---
 debian9-x86_64.sh | 44 ++++++++++++++++++++++++++++----------------
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 231325a..b987c45 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -41,7 +41,7 @@ GLORYTUN_UDP_BINARY_VERSION="0.3.4-4"
 GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
-MLVPN_BINARY_VERSION="3.0.0+20180903.git.8f97209"
+MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
@@ -167,7 +167,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 fi
 # Add OpenMPTCProuter repo
 echo "Add OpenMPTCProuter repo..."
-echo "deb [arch=amd64] https://${REPO} stretch main" > /etc/apt/sources.list.d/openmptcprouter.list
+echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list
 cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
 Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
 Package: *
@@ -431,8 +431,19 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			cd /etc/openmptcprouter-vps-admin
 		fi
 		rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
+		chmod u+x /usr/local/bin/omr-admin.py
 	else
+		if [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
+			OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d  "\n")
+			[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
+			[ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
+			OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
+			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
+		fi
 		apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
+		if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
+			cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/
+		fi
 		#OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
 		#OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
 	fi
@@ -445,7 +456,6 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	[ "$NOINTERNET" = "yes" ] && {
 		sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	}
-	chmod u+x /usr/local/bin/omr-admin.py
 	#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
 	[ "$(ip -6 a)" != "" ] && {
 		systemctl enable omr-admin-ipv6.service
@@ -634,23 +644,25 @@ if [ "$MLVPN" = "yes" ]; then
 		make install
 		cd /tmp
 		rm -rf /tmp/mlvpn
+		if [ "$LOCALFILES" = "no" ]; then
+			wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network
+			wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in
+		else
+			cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network
+			cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service
+		fi
+		if [ "$mlvpnupdate" = "0" ]; then
+			if [ "$LOCALFILES" = "no" ]; then
+				wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf
+			else
+				cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf
+			fi
+		fi
 	else
-		apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn=${MLVPN_BINARY_VERSION}
-	fi
-	if [ "$LOCALFILES" = "no" ]; then
-		wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network
-		wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in
-	else
-		cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network
-		cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service
+		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-mlvpn=${MLVPN_BINARY_VERSION}
 	fi
 	mkdir -p /etc/mlvpn
 	if [ "$mlvpnupdate" = "0" ]; then
-		if [ "$LOCALFILES" = "no" ]; then
-			wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf
-		else
-			cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf
-		fi
 		sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf
 	fi
 	chmod 0600 /etc/mlvpn/mlvpn0.conf

From ea0993c781bb813d775d5d5dc044c8b158a993f9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 8 Mar 2021 14:02:06 +0000
Subject: [PATCH 11/55] Add version and depends in Debian package

---
 debian/control | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/debian/control b/debian/control
index 5f0b05c..b95f591 100644
--- a/debian/control
+++ b/debian/control
@@ -10,5 +10,25 @@ Homepage: https://github.com/ysurac/openmptcprouter-vps
 Package: omr-server
 Architecture: all
 Multi-Arch: foreign
-Depends: ${misc:Depends}
+Depends:
+ curl,
+ rename,
+ libcurl4,
+ unzip,
+ tracebox,
+ omr-iperf3,
+ omr-shadowsocks-libev (= 3.3.5-1),
+ omr-vps-admin (= 0.3+20210304),
+ omr-simple-obfs,
+ mlvpn (= 3.0.0+20201216.git.2263bab),
+ omr-glorytun (= 0.3.4-4),
+ omr-glorytun-tcp (= 0.0.35-3),
+ omr-dsvpn (= 0.1.4-2),
+ shorewall,
+ shorewall6,
+ iptables,
+ ${misc:Depends}
+Provides: omr-server
+Conflicts: omr-server
+Replaces: omr-server
 Description: OpenMPTCProuter Server script
\ No newline at end of file

From aacad49aa4c5619744add3b5b6777daba4fc5b9f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 8 Mar 2021 14:53:06 +0000
Subject: [PATCH 12/55] Update API and fix debian mlvpn depend

---
 debian/control    | 2 +-
 debian9-x86_64.sh | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian/control b/debian/control
index b95f591..fccd12e 100644
--- a/debian/control
+++ b/debian/control
@@ -20,7 +20,7 @@ Depends:
  omr-shadowsocks-libev (= 3.3.5-1),
  omr-vps-admin (= 0.3+20210304),
  omr-simple-obfs,
- mlvpn (= 3.0.0+20201216.git.2263bab),
+ omr-mlvpn (= 3.0.0+20201216.git.2263bab),
  omr-glorytun (= 0.3.4-4),
  omr-glorytun-tcp (= 0.0.35-3),
  omr-dsvpn (= 0.1.4-2),
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index b987c45..c052fbf 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -45,7 +45,7 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="6404f52ef4e285ae5760c363bc9d6f682f6d9099"
+OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9"
 OMR_ADMIN_BINARY_VERSION="0.3+20210304"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -174,7 +174,7 @@ Package: *
 Pin: origin ${REPO}
 Pin-Priority: 1001
 EOF
-wget -O - http://${REPO}/openmptcprouter.gpg.key | apt-key add -
+wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
 
 #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
 if [ "$ID" = "debian" ]; then

From c64bed8db51e8a28009d6a3aec24d6f25b49b6f2 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 8 Mar 2021 15:50:32 +0000
Subject: [PATCH 13/55] Fix script name

---
 debian/postinst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/postinst b/debian/postinst
index 9631851..66b1e91 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -6,7 +6,7 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
 . /usr/share/debconf/confmodule
 
 cd /usr/share/omr-server
-LOCALFILES=no SOURCES=no sh build.sh
+LOCALFILES=no SOURCES=no sh debian9-x86_64.sh
 
 db_stop
 

From 3c6e85e07fb7d6f9019e2aea7e76cf25da392401 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 10:23:46 +0100
Subject: [PATCH 14/55] Add a service to do update after reboot

---
 debian/postinst       |  6 ++++--
 debian/rules          |  3 ++-
 debian9-x86_64.sh     |  7 +++++++
 omr-update.service.in | 14 ++++++++++++++
 4 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 omr-update.service.in

diff --git a/debian/postinst b/debian/postinst
index 66b1e91..3f2400b 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -5,8 +5,10 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
 # use debconf
 . /usr/share/debconf/confmodule
 
-cd /usr/share/omr-server
-LOCALFILES=no SOURCES=no sh debian9-x86_64.sh
+sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" debian9-x86_64.sh
+echo 'To finish installation reboot'
+
+systemctl enable omr-update
 
 db_stop
 
diff --git a/debian/rules b/debian/rules
index 10d24ab..4db8990 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,8 +9,9 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
 override_dh_auto_install:
 	mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server
-	find . -type f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';'
+	find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';'
 	cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
+	cp omr-update.service.in /lib/systemd/system/omr-update.service
 
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index c052fbf..c805f90 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -30,6 +30,7 @@ DSVPN=${DSVPN:-yes}
 WIREGUARD=${WIREGUARD:-yes}
 SOURCES=${SOURCES:-yes}
 NOINTERNET=${NOINTERNET:-no}
+REINSTALL=${REINSTALL:-yes}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
@@ -133,6 +134,12 @@ if [ "$UPDATE" = "yes" ]; then
 	echo "Update mode"
 fi
 
+CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')"
+if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then
+	exit 1
+fi
+
+
 echo "Remove lock and update packages list..."
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
diff --git a/omr-update.service.in b/omr-update.service.in
new file mode 100644
index 0000000..c543d73
--- /dev/null
+++ b/omr-update.service.in
@@ -0,0 +1,14 @@
+[Unit]
+Description=OMR Update
+After=network.target network-online.target
+
+[Service]
+Type=simple
+Restart=no
+Environment="SOURCES=no"
+Environment="REINSTALL=no"
+Environment="LOCALFILES=yes"
+ExecStart=/usr/share/omr-server/debian9-x86_64.sh
+
+[Install]
+WantedBy=multi-user.target

From 0ddc538c87294424b9c2f5b06fac9469d273c08a Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 09:29:59 +0000
Subject: [PATCH 15/55] Add dependencie in debian package

---
 debian/control | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/debian/control b/debian/control
index fccd12e..37756a6 100644
--- a/debian/control
+++ b/debian/control
@@ -27,6 +27,8 @@ Depends:
  shorewall,
  shorewall6,
  iptables,
+ v2ray-plugin,
+ linux-image (= 5.4.100-mptcp_1.18+9d3f35b),
  ${misc:Depends}
 Provides: omr-server
 Conflicts: omr-server

From 96eb181b403ad71405bf3717eb476e6799bd0dbb Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 09:30:19 +0000
Subject: [PATCH 16/55] Use Debian package for kernel

---
 debian9-x86_64.sh | 39 +++++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 14 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index c052fbf..cdd7d57 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -194,22 +194,29 @@ apt-get update
 sleep 2
 apt-get -y install dirmngr patch
 
-wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
-wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
-# Rename bzImage to vmlinuz, needed when custom kernel was used
-cd /boot
-apt-get -y install rename curl libcurl4 unzip git
-rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
-#apt-get -y install linux-mptcp
-#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
-#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
-if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
+if [ "$SOURCES" = "yes" ]; then
+	wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
+	wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
+	# Rename bzImage to vmlinuz, needed when custom kernel was used
+	cd /boot
+	apt-get -y install rename curl libcurl4 unzip git
+	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
+	#apt-get -y install linux-mptcp
+	#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
+	#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
+	if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
+		echo "Install kernel linux-image-${KERNEL_RELEASE}"
+		echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
+		dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
+		dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
+	fi
+else
+	cd /boot
+	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
 	echo "Install kernel linux-image-${KERNEL_RELEASE}"
 	echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
-	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
-	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
+	apt-get -y install linux-image=${KERNEL_RELEASE} linux-headers=${KERNEL_RELEASE}
 fi
-
 # Check if mptcp kernel is grub default kernel
 echo "Set MPTCP kernel as grub default..."
 if [ "$LOCALFILES" = "no" ]; then
@@ -594,7 +601,11 @@ fi
 
 if [ "$V2RAY" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
-	wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+	if [ "$SOURCES" = "yes" ]; then
+		wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+	else
+		apt-get -y install v2ray=${V2RAY_VERSION}
+	fi
 	if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then
 		wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service
 	fi

From cf1eca052a1107562c6d0980857c65330864c442 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 09:33:15 +0000
Subject: [PATCH 17/55] Fix kernel package version

---
 debian/control | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/control b/debian/control
index 37756a6..17c4b9b 100644
--- a/debian/control
+++ b/debian/control
@@ -28,7 +28,7 @@ Depends:
  shorewall6,
  iptables,
  v2ray-plugin,
- linux-image (= 5.4.100-mptcp_1.18+9d3f35b),
+ linux-image-5.4.100-mptcp (= 1.18+9d3f35b),
  ${misc:Depends}
 Provides: omr-server
 Conflicts: omr-server

From 605acd1ffdda1154e0233b02dec267a3f450ae14 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 09:35:54 +0000
Subject: [PATCH 18/55] Fix kernel package version in install script

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 72760df..30cb01c 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -222,7 +222,7 @@ else
 	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
 	echo "Install kernel linux-image-${KERNEL_RELEASE}"
 	echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
-	apt-get -y install linux-image=${KERNEL_RELEASE} linux-headers=${KERNEL_RELEASE}
+	apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
 fi
 # Check if mptcp kernel is grub default kernel
 echo "Set MPTCP kernel as grub default..."

From 95453a801372c2db4b608fd84e6250ef2e694ee6 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 09:51:50 +0000
Subject: [PATCH 19/55] Fix sed in debian package

---
 debian/postinst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/postinst b/debian/postinst
index 3f2400b..03edb58 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -5,7 +5,7 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
 # use debconf
 . /usr/share/debconf/confmodule
 
-sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" debian9-x86_64.sh
+sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
 echo 'To finish installation reboot'
 
 systemctl enable omr-update

From 382fc59a4f87cc6789a7dd18641a46fa733a1ad0 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 10:30:05 +0000
Subject: [PATCH 20/55] Fix v2ray

---
 debian9-x86_64.sh |  4 ++--
 old-v2ray.service | 25 +++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 debian9-x86_64.sh
 create mode 100644 old-v2ray.service

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
old mode 100644
new mode 100755
index 30cb01c..bc28a86
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -610,14 +610,14 @@ if [ "$V2RAY" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+		dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
+		rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	else
 		apt-get -y install v2ray=${V2RAY_VERSION}
 	fi
 	if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then
 		wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service
 	fi
-	dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
-	rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	if [ ! -f /etc/v2ray/v2ray-server.json ]; then
 		wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
 		sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
diff --git a/old-v2ray.service b/old-v2ray.service
new file mode 100644
index 0000000..9ed715a
--- /dev/null
+++ b/old-v2ray.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=V2Ray - A unified platform for anti-censorship
+Documentation=https://v2ray.com https://guide.v2fly.org
+After=network.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
+#Type=exec
+Type=simple
+# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port.
+# This service runs as root. You may consider to run it as another user for security concerns.
+# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray.
+# More discussion at https://github.com/v2ray/v2ray-core/issues/1011
+User=root
+#User=v2ray
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
+NoNewPrivileges=yes
+ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json
+Restart=on-failure
+# Don't restart in the case of configuration error
+RestartPreventExitStatus=23
+
+[Install]
+WantedBy=multi-user.target

From f573c43ce0f1a587b9452aa10641d5dd4cb97342 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 10:30:32 +0000
Subject: [PATCH 21/55] Fix omr-update service script install

---
 debian/rules | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 4db8990..d411dc4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -13,5 +13,6 @@ override_dh_auto_install:
 	cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
-	cp omr-update.service.in /lib/systemd/system/omr-update.service
+	mkdir -p $(CURDIR)/debian/omr-server/lib/systemd/system
+	cp omr-update.service.in $(CURDIR)/debian/omr-server/lib/systemd/system/omr-update.service
 

From 2dbc4e4f0fab5a029a4693a0bab2740e34b3beb0 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 10:31:20 +0000
Subject: [PATCH 22/55] Fix output of omr-update

---
 omr-update.service.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/omr-update.service.in b/omr-update.service.in
index c543d73..1a21135 100644
--- a/omr-update.service.in
+++ b/omr-update.service.in
@@ -9,6 +9,8 @@ Environment="SOURCES=no"
 Environment="REINSTALL=no"
 Environment="LOCALFILES=yes"
 ExecStart=/usr/share/omr-server/debian9-x86_64.sh
+StandardOutput=file:/var/log/omr-update.log
+StandardError=file:/var/log/omr-update.log
 
 [Install]
 WantedBy=multi-user.target

From 8e795b035b46cb5175131a7e2d047ab110c8d82e Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 13:00:31 +0000
Subject: [PATCH 23/55] Reboot not needed after install

---
 debian/postinst | 2 --
 1 file changed, 2 deletions(-)

diff --git a/debian/postinst b/debian/postinst
index 03edb58..bd08d7f 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -6,8 +6,6 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
 . /usr/share/debconf/confmodule
 
 sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
-echo 'To finish installation reboot'
-
 systemctl enable omr-update
 
 db_stop

From 5bfd42770dfd6cb9d304ffccda4bdd2ebb52b197 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 13:00:54 +0000
Subject: [PATCH 24/55] Fix get previous pass for omr-admin

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index bc28a86..837d4d6 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -450,9 +450,9 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		if [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
 			OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d  "\n")
 			[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
-			[ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
+			[ -n "$OMR_ADMIN_PASS2" ] && [ "$OMR_ADMIN_PASS2" != "MySecretKey" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
 			OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
-			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
+			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
 		fi
 		apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
 		if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then

From 269b986cbe12f4cb8166fe88ed0f9f29ca800da9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 13:04:17 +0000
Subject: [PATCH 25/55] Install omr-server debian package at end of install
 script

---
 debian9-x86_64.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 837d4d6..b7e98d2 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1219,6 +1219,10 @@ else
 	echo "< OpenMPTCProuter VPS $OMR_VERSION >" > /etc/motd
 fi
 
+if [ "$SOURCES" != "yes" ]; then
+	apt-get -y install omr-server=${OMR_VERSION}
+fi
+
 if [ "$update" = "0" ]; then
 	# Display important info
 	echo '===================================================================================='

From 7ce28a948188cfc8b3a40b30fc68d7e0f714bf8f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 13:43:18 +0000
Subject: [PATCH 26/55] Fix script for kernel binary install

---
 debian9-x86_64.sh | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index b7e98d2..f8b3f97 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -199,14 +199,14 @@ fi
 echo "Install mptcp kernel and shadowsocks..."
 apt-get update
 sleep 2
-apt-get -y install dirmngr patch
+apt-get -y install dirmngr patch rename curl libcurl4 unzip
 
 if [ "$SOURCES" = "yes" ]; then
 	wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
 	wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
 	# Rename bzImage to vmlinuz, needed when custom kernel was used
 	cd /boot
-	apt-get -y install rename curl libcurl4 unzip git
+	apt-get -y install git
 	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
 	#apt-get -y install linux-mptcp
 	#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
@@ -220,9 +220,11 @@ if [ "$SOURCES" = "yes" ]; then
 else
 	cd /boot
 	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
-	echo "Install kernel linux-image-${KERNEL_RELEASE}"
-	echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
-	apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
+	if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
+		echo "Install kernel linux-image-${KERNEL_RELEASE}"
+		echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
+		apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
+	fi
 fi
 # Check if mptcp kernel is grub default kernel
 echo "Set MPTCP kernel as grub default..."

From a713d44645de0311a8289bd0b9a8b77ef5c2163d Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 13:46:55 +0000
Subject: [PATCH 27/55] No error if omr-server not installed

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index f8b3f97..8c2fb45 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1222,7 +1222,7 @@ else
 fi
 
 if [ "$SOURCES" != "yes" ]; then
-	apt-get -y install omr-server=${OMR_VERSION}
+	apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true
 fi
 
 if [ "$update" = "0" ]; then

From e70303ba3f1be88a0259ee94e4d90037bcde0cec Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 14:11:54 +0000
Subject: [PATCH 28/55] Change version

---
 debian/changelog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 1e55a02..33cf21b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-omr-server (0.1025) unstable; urgency=medium
+omr-server (0.1025-test) unstable; urgency=medium
 
     * Wireguard support and fixed
 

From 8856fece584efb8c4244899d43a24461e98ffefb Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 14:38:35 +0000
Subject: [PATCH 29/55] Use v2ray_plugin debian package

---
 debian/control    |  3 ++-
 debian9-x86_64.sh | 52 +++++++++++++++++++++++++----------------------
 2 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/debian/control b/debian/control
index 17c4b9b..0da3629 100644
--- a/debian/control
+++ b/debian/control
@@ -27,7 +27,8 @@ Depends:
  shorewall,
  shorewall6,
  iptables,
- v2ray-plugin,
+ v2ray-plugin (= 4.35.1),
+ v2ray (=4.35.1),
  linux-image-5.4.100-mptcp (= 1.18+9d3f35b),
  ${misc:Depends}
 Provides: omr-server
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 8c2fb45..fd83af2 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -50,8 +50,8 @@ OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9"
 OMR_ADMIN_BINARY_VERSION="0.3+20210304"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
-V2RAY_VERSION="4.34.0"
-V2RAY_PLUGIN_VERSION="v1.4.3"
+V2RAY_VERSION="4.35.1"
+V2RAY_PLUGIN_VERSION="4.35.1"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a"
 SHADOWSOCKS_BINARY_VERSION="3.3.5-1"
@@ -574,29 +574,33 @@ fi
 # Install v2ray-plugin
 if [ "$V2RAY_PLUGIN" = "yes" ]; then
 	echo "Install v2ray plugin"
-	rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	cd /tmp
-	tar xzvf v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
-	cd /tmp
-	rm -rf /tmp/v2ray-plugin_linux_amd64
-	rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
+	if [ "$SOURCES" = "yes" ]; then
+		rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
+		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		cd /tmp
+		tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
+		cd /tmp
+		rm -rf /tmp/v2ray-plugin_linux_amd64
+		rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
 	
-	#rm -rf /tmp/v2ray-plugin
-	#cd /tmp
-	#rm -f /var/lib/dpkg/lock
-	#apt-get install -y --no-install-recommends git ca-certificates golang-go
-	#git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin
-	#cd /tmp/v2ray-plugin
-	#git checkout ${V2RAY_PLUGIN_VERSION}
-	#git submodule update --init --recursive
-	#CGO_ENABLED=0 go build -o v2ray-plugin
-	#cp v2ray-plugin /usr/local/bin/v2ray-plugin
-	#cd /tmp
-	#rm -rf /tmp/simple-obfs
+		#rm -rf /tmp/v2ray-plugin
+		#cd /tmp
+		#rm -f /var/lib/dpkg/lock
+		#apt-get install -y --no-install-recommends git ca-certificates golang-go
+		#git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin
+		#cd /tmp/v2ray-plugin
+		#git checkout ${V2RAY_PLUGIN_VERSION}
+		#git submodule update --init --recursive
+		#CGO_ENABLED=0 go build -o v2ray-plugin
+		#cp v2ray-plugin /usr/local/bin/v2ray-plugin
+		#cd /tmp
+		#rm -rf /tmp/simple-obfs
+	else
+		apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION}
+	fi
 fi
 
 if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then

From 47df28fdc67b2f5927da84924d18edd8c4ec1133 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 11 Mar 2021 08:07:55 +0000
Subject: [PATCH 30/55] Fix symbolic link for v2ray config

---
 debian9-x86_64.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index fd83af2..3706227 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -630,6 +630,7 @@ if [ "$V2RAY" = "yes" ]; then
 		rm /etc/v2ray/config.json
 		ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	fi
+	ln -sf /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	sed -i 's:debug:warning:' /etc/v2ray/v2ray-server.json
 	rm -f /tmp/v2rayError.log
 	if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then

From 83e81cfd9ffb14d8495a8f210d3a9854e52d84bb Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 11 Mar 2021 14:48:12 +0000
Subject: [PATCH 31/55] Go to openmptcprouter-vps-admin dir before creating key

---
 debian9-x86_64.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 3706227..4be25a4 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -464,6 +464,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		#OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
 	fi
 	if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then
+		cd /etc/openmptcprouter-vps-admin
 		openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps"
 	fi
 	sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json

From 8e738a8f197f823f1ac6a0cee5e1b81f16fcf21f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 12 Mar 2021 06:46:05 +0000
Subject: [PATCH 32/55] Fix
 https://github.com/Ysurac/openmptcprouter-vps/issues/46

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 4be25a4..2d1af03 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -579,7 +579,7 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then
 		rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
 		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
 		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
-		wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
 		cd /tmp
 		tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
 		cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin

From fd10d9ac2002dbf1eade75fd113b683893fc2201 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 12 Mar 2021 13:21:25 +0000
Subject: [PATCH 33/55] Force update repo key

---
 debian9-x86_64.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 2d1af03..60966c2 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -139,6 +139,10 @@ if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then
 	exit 1
 fi
 
+[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
+	echo "Update ${REPO} key"
+	wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+}
 
 echo "Remove lock and update packages list..."
 rm -f /var/lib/dpkg/lock

From 5291876fe682ca6404944030cae2235c90016a26 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 12 Mar 2021 16:57:04 +0000
Subject: [PATCH 34/55] Fix mlvpn source install and use binary by default

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 60966c2..0a3520b 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -28,7 +28,7 @@ UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 OPENVPN=${OPENVPN:-yes}
 DSVPN=${DSVPN:-yes}
 WIREGUARD=${WIREGUARD:-yes}
-SOURCES=${SOURCES:-yes}
+SOURCES=${SOURCES:-no}
 NOINTERNET=${NOINTERNET:-no}
 REINSTALL=${REINSTALL:-yes}
 SPEEDTEST=${SPEEDTEST:-no}
@@ -657,6 +657,7 @@ if [ "$MLVPN" = "yes" ]; then
 	if [ -f /etc/mlvpn/mlvpn0.conf ]; then
 		mlvpnupdate="1"
 	fi
+	mkdir -p /etc/mlvpn
 	if [ "$SOURCES" = "yes" ]; then
 		rm -f /var/lib/dpkg/lock
 		rm -f /var/lib/dpkg/lock-frontend
@@ -691,7 +692,6 @@ if [ "$MLVPN" = "yes" ]; then
 	else
 		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-mlvpn=${MLVPN_BINARY_VERSION}
 	fi
-	mkdir -p /etc/mlvpn
 	if [ "$mlvpnupdate" = "0" ]; then
 		sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf
 	fi

From 69df502cb9eff01699e1a037b568689da3613086 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 12 Mar 2021 17:13:56 +0000
Subject: [PATCH 35/55] Keep old config

---
 debian9-x86_64.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 0a3520b..136053e 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -330,7 +330,7 @@ if [ "$SOURCES" = "yes" ]; then
 	#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
 	rm -rf /tmp/shadowsocks-libev
 else
-	apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION}
+	apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION}
 fi
 
 # Load OLIA Congestion module at boot time
@@ -460,7 +460,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
 			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
 		fi
-		apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
+		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
 		if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
 			cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/
 		fi
@@ -624,7 +624,7 @@ if [ "$V2RAY" = "yes" ]; then
 		dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 		rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	else
-		apt-get -y install v2ray=${V2RAY_VERSION}
+		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION}
 	fi
 	if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then
 		wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service
@@ -690,7 +690,7 @@ if [ "$MLVPN" = "yes" ]; then
 			fi
 		fi
 	else
-		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-mlvpn=${MLVPN_BINARY_VERSION}
+		apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION}
 	fi
 	if [ "$mlvpnupdate" = "0" ]; then
 		sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf

From 507f49413cd3a7bdefe45a9d122e3b3f2d97d67a Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 15 Mar 2021 19:12:01 +0000
Subject: [PATCH 36/55] Update API

---
 debian9-x86_64.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 136053e..90a710b 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
+# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
 #
 # This is free software, licensed under the GNU General Public License v3 or later.
 # See /LICENSE for more information.
@@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9"
-OMR_ADMIN_BINARY_VERSION="0.3+20210304"
+OMR_ADMIN_VERSION="f408dfb7e73970d3ae10bb188174c070e5b18fe7"
+OMR_ADMIN_BINARY_VERSION="0.3+20210315"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.35.1"

From 454046f830402050b6c7143eac494520ec4b46f1 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 15 Mar 2021 19:40:17 +0000
Subject: [PATCH 37/55] Update API

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 90a710b..540473f 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -46,7 +46,7 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="f408dfb7e73970d3ae10bb188174c070e5b18fe7"
+OMR_ADMIN_VERSION="db77dc0508bf14089a185cbf3b2c1aee5333b2d7"
 OMR_ADMIN_BINARY_VERSION="0.3+20210315"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"

From 9a764d0eaf95b27a750e6a910e6531e9345ad9a8 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 12:36:53 +0000
Subject: [PATCH 38/55] Fix LAN default route, fix
 https://github.com/Ysurac/openmptcprouter-vps/pull/47 in an other way

---
 omr-service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omr-service b/omr-service
index 4b8e54d..0711abc 100755
--- a/omr-service
+++ b/omr-service
@@ -52,7 +52,7 @@ _lan_route() {
 	while IFS=$"\n" read -r c; do
 		vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
 		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
-			echo "$c" | jq -c '.lanips //empty' | 
+			echo "$c" | jq -c '.lanips[] //empty' | 
 			while IFS=$"\n" read -r d; do
 				network=$(ipcalc -n $d | grep Network | awk '{print $2}')
 				[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null

From 98ee07f6a6cd7e8bc7f4559788b018b9e641747a Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:41:26 +0000
Subject: [PATCH 39/55] Add a test for a China compatible script

---
 debian9-x86_64.sh | 46 ++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 38 insertions(+), 8 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 540473f..8cf27d3 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -60,6 +60,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com
 VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
+CHINA=${CHINA:-no}
 
 OMR_VERSION="0.1025-test"
 
@@ -176,16 +177,45 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="20.04"
 fi
+
 # Add OpenMPTCProuter repo
 echo "Add OpenMPTCProuter repo..."
-echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list
-cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
-Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
-Package: *
-Pin: origin ${REPO}
-Pin-Priority: 1001
-EOF
-wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+if [ "$CHINA" = "yes" ]; then
+	echo "Install git..."
+	apt-get -y install git
+	if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then
+		git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
+	fi
+	cd /var/lib/openmptcprouter-vps-debian
+	git pull
+#	if [ "$VPS_PATH" = "server-test" ]; then
+#		git checkout develop
+#	else
+#		git checkout main
+#	fi
+	echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list
+	cat /var/lib/openmptcprouter-vps-debian | apt-key add -
+	if [ ! -d /usr/share/omr-server ]; then
+	git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server
+	fi
+	cd /usr/share/omr-server
+	git pull
+	if [ "$VPS_PATH" = "server-test" ]; then
+		git checkout develop
+	else
+		git checkout master
+	fi
+	DIR="/usr/share/omr-server"
+else
+	echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list
+	cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
+		Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
+		Package: *
+		Pin: origin ${REPO}
+		Pin-Priority: 1001
+	EOF
+	wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+fi
 
 #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
 if [ "$ID" = "debian" ]; then

From dae3133a1d308601b718b59911e2c052f185cd7f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:44:43 +0000
Subject: [PATCH 40/55] Fix

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 8cf27d3..c8722ba 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -194,7 +194,7 @@ if [ "$CHINA" = "yes" ]; then
 #		git checkout main
 #	fi
 	echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list
-	cat /var/lib/openmptcprouter-vps-debian | apt-key add -
+	cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add -
 	if [ ! -d /usr/share/omr-server ]; then
 	git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server
 	fi

From 31d4712c8314283508475a4f0fb0b4cb11145c9e Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:49:12 +0000
Subject: [PATCH 41/55] Fix

---
 debian9-x86_64.sh | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index c8722ba..bd715f1 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -142,7 +142,11 @@ fi
 
 [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
 	echo "Update ${REPO} key"
-	wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+	if [ "$CHINA" = "yes" ]; then
+		wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
+	else
+		wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+	fi
 }
 
 echo "Remove lock and update packages list..."
@@ -195,17 +199,17 @@ if [ "$CHINA" = "yes" ]; then
 #	fi
 	echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list
 	cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add -
-	if [ ! -d /usr/share/omr-server ]; then
-	git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server
+	if [ ! -d /usr/share/omr-server-git ]; then
+	git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
 	fi
-	cd /usr/share/omr-server
+	cd /usr/share/omr-server-git
 	git pull
 	if [ "$VPS_PATH" = "server-test" ]; then
 		git checkout develop
 	else
 		git checkout master
 	fi
-	DIR="/usr/share/omr-server"
+	DIR="/usr/share/omr-server-git"
 else
 	echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list
 	cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref

From cedb65670e46ea680bddb3304e2f842569251be4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:53:25 +0000
Subject: [PATCH 42/55] Add missing files and use localfiles for china

---
 debian9-x86_64.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index bd715f1..6045365 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -209,6 +209,7 @@ if [ "$CHINA" = "yes" ]; then
 	else
 		git checkout master
 	fi
+	LOCALFILES="yes"
 	DIR="/usr/share/omr-server-git"
 else
 	echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list

From 07e23b78512794d7902387fe92151e4ee0488cca Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:57:16 +0000
Subject: [PATCH 43/55] fix

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 6045365..a9c2151 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -192,7 +192,7 @@ if [ "$CHINA" = "yes" ]; then
 	fi
 	cd /var/lib/openmptcprouter-vps-debian
 	git pull
-#	if [ "$VPS_PATH" = "server-test" ]; then
+#	if [ "$VPSPATH" = "server-test" ]; then
 #		git checkout develop
 #	else
 #		git checkout main
@@ -204,7 +204,7 @@ if [ "$CHINA" = "yes" ]; then
 	fi
 	cd /usr/share/omr-server-git
 	git pull
-	if [ "$VPS_PATH" = "server-test" ]; then
+	if [ "$VPSPATH" = "server-test" ]; then
 		git checkout develop
 	else
 		git checkout master

From 1d2887c747f7fc3d0c3aa8a2fd5cfa77c0d226dc Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:58:37 +0000
Subject: [PATCH 44/55] Add omr-test-speed

---
 omr-test-speed | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100755 omr-test-speed

diff --git a/omr-test-speed b/omr-test-speed
new file mode 100755
index 0000000..fa95ff2
--- /dev/null
+++ b/omr-test-speed
@@ -0,0 +1,42 @@
+#!/bin/sh
+# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
+INTERFACE="$1"
+
+echo "Select best test server..."
+HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+bestping="999"
+for pinghost in $HOSTLST; do
+	domain=$(echo $pinghost | awk -F/ '{print $3}')
+	if [ -z "$INTERFACE" ]; then
+		ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+	else
+		ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+	fi
+	echo "host: $domain - ping: $ping"
+	if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
+		bestping=$ping
+		HOST=$pinghost
+	fi
+done
+
+[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+
+echo "Best server is $HOST, running test:"
+trap : HUP INT TERM
+if [ -z "$INTERFACE" ]; then
+	curl -4 $HOST >/dev/null || echo
+else
+	domain=$(echo $HOST | awk -F/ '{print $3}')
+	hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
+	if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
+		for ip in $hostip; do
+			ipset add ss_rules_dst_bypass_all $ip
+		done
+	fi
+	curl -4 --interface $INTERFACE $HOST >/dev/null || echo
+	if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
+		for ip in $hostip; do
+			ipset del ss_rules_dst_bypass_all $ip
+		done
+	fi
+fi

From 5023d5cf33a4381d85e0b2d804c552a1591f2834 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 24 Mar 2021 14:02:18 +0000
Subject: [PATCH 45/55] Fix

---
 omr-service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omr-service b/omr-service
index 0711abc..6fe97bf 100755
--- a/omr-service
+++ b/omr-service
@@ -52,7 +52,7 @@ _lan_route() {
 	while IFS=$"\n" read -r c; do
 		vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
 		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
-			echo "$c" | jq -c '.lanips[] //empty' | 
+			echo "$c" | jq -c -r '.lanips[] //empty' | 
 			while IFS=$"\n" read -r d; do
 				network=$(ipcalc -n $d | grep Network | awk '{print $2}')
 				[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null

From fd915dfbb974675fa7e7f38db7aa0ab08ea5abb2 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 25 Mar 2021 09:19:08 +0000
Subject: [PATCH 46/55] Update API version

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index a9c2151..6a3e7e2 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="db77dc0508bf14089a185cbf3b2c1aee5333b2d7"
-OMR_ADMIN_BINARY_VERSION="0.3+20210315"
+OMR_ADMIN_VERSION="2694612565aba58cc0a9bd2ad5d550aa4ef7bcf5"
+OMR_ADMIN_BINARY_VERSION="0.3+20210325"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.35.1"

From db95630ef98657da896dcdeefa212224b2ef9357 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 29 Mar 2021 14:32:39 +0000
Subject: [PATCH 47/55] Disable TLS from let's encrypt in China

---
 debian9-x86_64.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 6a3e7e2..a7f8d39 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -210,6 +210,7 @@ if [ "$CHINA" = "yes" ]; then
 		git checkout master
 	fi
 	LOCALFILES="yes"
+	TLS="no"
 	DIR="/usr/share/omr-server-git"
 else
 	echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list

From 950b704495a080ee65b4f39554aca34a97102916 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 14 Apr 2021 19:16:45 +0000
Subject: [PATCH 48/55] Update server API

---
 debian9-x86_64.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index a7f8d39..34e2969 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="2694612565aba58cc0a9bd2ad5d550aa4ef7bcf5"
-OMR_ADMIN_BINARY_VERSION="0.3+20210325"
+OMR_ADMIN_VERSION="b40c6b615eca1a7171d83e3a3f58c7d4d17e0fd5"
+OMR_ADMIN_BINARY_VERSION="0.3+20210414"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.35.1"
@@ -1295,7 +1295,7 @@ if [ "$update" = "0" ]; then
 	echo 'Your glorytun key: '
 	echo $GLORYTUN_PASS
 	if [ "$DSVPN" = "yes" ]; then
-		echo 'A Dead Simple VPN port: 65011'
+		echo 'A Dead Simple VPN port: 65401'
 		echo 'A Dead Simple VPN key: '
 		echo $DSVPN_PASS
 	fi
@@ -1342,7 +1342,7 @@ if [ "$update" = "0" ]; then
 	EOF
 	if [ "$DSVPN" = "yes" ]; then
 		cat >> /root/openmptcprouter_config.txt <<-EOF
-		A Dead Simple VPN port: 65011
+		A Dead Simple VPN port: 65401
 		A Dead Simple VPN key: ${DSVPN_PASS}
 		EOF
 	fi

From 180a3fc0acc21e51b906ebde2f1dccf8139eb939 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 19 Apr 2021 19:15:43 +0000
Subject: [PATCH 49/55] Remove bad dsvpn ipv6 route

---
 omr-service | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/omr-service b/omr-service
index 6fe97bf..ff51abe 100755
--- a/omr-service
+++ b/omr-service
@@ -40,6 +40,11 @@ _glorytun_tcp() {
 	fi
 }
 
+_dsvpn() {
+	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
+}
+
+
 _omr_api() {
 	[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
 		logger -t "OMR-Service" "Restart OMR-Admin"
@@ -109,6 +114,7 @@ ip link add omr-bonding type bond 2>&1 >/dev/null
 while true; do
 	_glorytun_udp
 	_glorytun_tcp
+	_dsvpn
 	_multipath
 	_omr_api
 	_lan_route

From c39b07eaa57fdd0c86652b80f3b42ddadf5388f5 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 27 Apr 2021 08:24:10 +0000
Subject: [PATCH 50/55] Doesn't download each firewall file for update

---
 debian9-x86_64.sh | 53 ++++++++++++++++++++---------------------------
 1 file changed, 22 insertions(+), 31 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 34e2969..2d6ddf7 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1157,38 +1157,29 @@ if [ "$update" = "0" ]; then
 else
 	# Update only needed firewall files
 	if [ "$LOCALFILES" = "no" ]; then
-		wget -O /etc/shorewall/interfaces ${VPSURL}${VPSPATH}/shorewall4/interfaces
-		wget -O /etc/shorewall/snat ${VPSURL}${VPSPATH}/shorewall4/snat
-		wget -O /etc/shorewall/stoppedrules ${VPSURL}${VPSPATH}/shorewall4/stoppedrules
-		wget -O /etc/shorewall/tcinterfaces ${VPSURL}${VPSPATH}/shorewall4/tcinterfaces
-		wget -O /etc/shorewall/shorewall.conf ${VPSURL}${VPSPATH}/shorewall4/shorewall.conf
-		wget -O /etc/shorewall/policy ${VPSURL}${VPSPATH}/shorewall4/policy
-		wget -O /etc/shorewall/params ${VPSURL}${VPSPATH}/shorewall4/params
-		wget -O /etc/shorewall/params.vpn ${VPSURL}${VPSPATH}/shorewall4/params.vpn
-		wget -O /etc/shorewall/params.net ${VPSURL}${VPSPATH}/shorewall4/params.net
-		wget -O /etc/shorewall6/params ${VPSURL}${VPSPATH}/shorewall6/params
-		wget -O /etc/shorewall6/params.net ${VPSURL}${VPSPATH}/shorewall6/params.net
-		wget -O /etc/shorewall6/params.vpn ${VPSURL}${VPSPATH}/shorewall6/params.vpn
-		wget -O /etc/shorewall6/interfaces ${VPSURL}${VPSPATH}/shorewall6/interfaces
-		wget -O /etc/shorewall6/stoppedrules ${VPSURL}${VPSPATH}/shorewall6/stoppedrules
-		wget -O /etc/shorewall6/snat ${VPSURL}${VPSPATH}/shorewall6/snat
-	else
-		cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces
-		cp ${DIR}/shorewall4/snat /etc/shorewall/snat
-		cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules
-		cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces
-		cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
-		cp ${DIR}/shorewall4/policy /etc/shorewall/policy
-		cp ${DIR}/shorewall4/params /etc/shorewall/params
-		cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
-		cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
-		cp ${DIR}/shorewall6/params /etc/shorewall6/params
-		cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
-		cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
-		cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
-		cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
-		cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
+		mkdir -p ${DIR}
+		wget -O ${DIR}/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz
+		wget -O ${DIR}/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz
+		mkdir -p ${DIR}/shorewall4
+		tar xzvf ${DIR}/openmptcprouter-shorewall.tar.gz -C ${DIR}/shorewall4
+		mkdir -p ${DIR}/shorewall6
+		tar xzvf ${DIR}/openmptcprouter-shorewall6.tar.gz -C ${DIR}/shorewall6
 	fi
+	cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces
+	cp ${DIR}/shorewall4/snat /etc/shorewall/snat
+	cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules
+	cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces
+	cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
+	cp ${DIR}/shorewall4/policy /etc/shorewall/policy
+	cp ${DIR}/shorewall4/params /etc/shorewall/params
+	cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
+	cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
+	cp ${DIR}/shorewall6/params /etc/shorewall6/params
+	cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
+	cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
+	cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
+	cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
+	cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
 	sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules
 	sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules

From df637bb0c455c4a3bf8360d6eca0407cd68cf4c9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sat, 8 May 2021 06:46:40 +0000
Subject: [PATCH 51/55] Fix VPS update via web and update omr-test-speed

---
 debian/postinst       |  3 ++-
 debian/rules          |  4 ++--
 debian9-x86_64.sh     | 11 +++++++--
 omr-test-speed        | 51 ++++++++++++++++++++++++---------------
 omr-test-speedv6      | 56 +++++++++++++++++++++++++++++++++++++++++++
 omr-update            | 11 +++++++++
 omr-update.service.in |  9 ++++---
 7 files changed, 116 insertions(+), 29 deletions(-)
 mode change 100755 => 100644 omr-test-speed
 create mode 100644 omr-test-speedv6
 create mode 100755 omr-update

diff --git a/debian/postinst b/debian/postinst
index bd08d7f..57ee50d 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -6,7 +6,8 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
 . /usr/share/debconf/confmodule
 
 sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
-systemctl enable omr-update
+systemctl daemon-reload
+systemctl restart omr-update
 
 db_stop
 
diff --git a/debian/rules b/debian/rules
index d411dc4..9a69cc6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -13,6 +13,6 @@ override_dh_auto_install:
 	cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
-	mkdir -p $(CURDIR)/debian/omr-server/lib/systemd/system
-	cp omr-update.service.in $(CURDIR)/debian/omr-server/lib/systemd/system/omr-update.service
+	mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin
+	touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin
 
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 2d6ddf7..a75b4a4 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="b40c6b615eca1a7171d83e3a3f58c7d4d17e0fd5"
-OMR_ADMIN_BINARY_VERSION="0.3+20210414"
+OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c"
+OMR_ADMIN_BINARY_VERSION="0.3+20210508"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.35.1"
@@ -582,6 +582,12 @@ if systemctl -q is-active shadowsocks-libev-manager@manager; then
 	systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1
 fi
 
+if [ "$LOCALFILES" = "no" ]; then
+	wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in
+else
+	cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service
+fi
+
 # Install simple-obfs
 if [ "$OBFS" = "yes" ]; then
 	echo "Install OBFS"
@@ -1260,6 +1266,7 @@ fi
 
 if [ "$SOURCES" != "yes" ]; then
 	apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true
+	rm -f /etc/openmtpcprouter-vps-admin/update-bin
 fi
 
 if [ "$update" = "0" ]; then
diff --git a/omr-test-speed b/omr-test-speed
old mode 100755
new mode 100644
index fa95ff2..863232f
--- a/omr-test-speed
+++ b/omr-test-speed
@@ -1,30 +1,43 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
-INTERFACE="$1"
+OVH=false
+if [ "$1" = "ovh" ]; then
+	OVH=true
+	INTERFACE="$2"
+else
+	INTERFACE="$1"
+fi
 
-echo "Select best test server..."
-HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
-bestping="999"
-for pinghost in $HOSTLST; do
-	domain=$(echo $pinghost | awk -F/ '{print $3}')
-	if [ -z "$INTERFACE" ]; then
-		ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
-	else
-		ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
-	fi
-	echo "host: $domain - ping: $ping"
-	if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
-		bestping=$ping
-		HOST=$pinghost
-	fi
-done
+[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
+	echo "You must use a real interface. You wan find them using 'ip a' for example"
+	exit 0
+}
+
+if [ "$OVH" = false ]; then
+	echo "Select best test server..."
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	bestping="9999"
+	for pinghost in $HOSTLST; do
+		domain=$(echo $pinghost | awk -F/ '{print $3}')
+		if [ -z "$INTERFACE" ]; then
+			ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+		else
+			ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+		fi
+		echo "host: $domain - ping: $ping"
+		if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
+			bestping=$ping
+			HOST=$pinghost
+		fi
+	done
+fi
 
 [ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
 
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM
 if [ -z "$INTERFACE" ]; then
-	curl -4 $HOST >/dev/null || echo
+	curl -4 -o /dev/null $HOST || echo
 else
 	domain=$(echo $HOST | awk -F/ '{print $3}')
 	hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
@@ -33,7 +46,7 @@ else
 			ipset add ss_rules_dst_bypass_all $ip
 		done
 	fi
-	curl -4 --interface $INTERFACE $HOST >/dev/null || echo
+	curl -4 -o /dev/null --interface $INTERFACE $HOST || echo
 	if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
 		for ip in $hostip; do
 			ipset del ss_rules_dst_bypass_all $ip
diff --git a/omr-test-speedv6 b/omr-test-speedv6
new file mode 100644
index 0000000..ca3d64d
--- /dev/null
+++ b/omr-test-speedv6
@@ -0,0 +1,56 @@
+#!/bin/sh
+# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
+OVH=false
+if [ "$1" = "ovh" ]; then
+	OVH=true
+	INTERFACE="$2"
+else
+	INTERFACE="$1"
+fi
+
+[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
+	echo "You must use a real interface. You wan find them using 'ip a' for example"
+	exit 0
+}
+
+
+if [ "$OVH" = false ]; then
+	echo "Select best test server..."
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	bestping="9999"
+	for pinghost in $HOSTLST; do
+		domain=$(echo $pinghost | awk -F/ '{print $3}')
+		if [ -z "$INTERFACE" ]; then
+			ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+		else
+			ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+		fi
+		echo "host: $domain - ping: $ping"
+		if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
+			bestping=$ping
+			HOST=$pinghost
+		fi
+	done
+fi
+
+[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+
+echo "Best server is $HOST, running test:"
+trap : HUP INT TERM
+if [ -z "$INTERFACE" ]; then
+	curl -6 $HOST >/dev/null || echo
+else
+	domain=$(echo $HOST | awk -F/ '{print $3}')
+	hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
+	if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
+		for ip in $hostip; do
+			ipset add ss_rules6_dst_bypass_all $ip
+		done
+	fi
+	curl -6 --interface $INTERFACE $HOST >/dev/null || echo
+	if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
+		for ip in $hostip; do
+			ipset del ss_rules6_dst_bypass_all $ip
+		done
+	fi
+fi
diff --git a/omr-update b/omr-update
new file mode 100755
index 0000000..33b3fa6
--- /dev/null
+++ b/omr-update
@@ -0,0 +1,11 @@
+#!/bin/sh
+if [ -f /etc/openmptcprouter-vps-admin/update ]; then
+        wget -O - http://www.openmptcprouter.com/server-test/debian10-x86_64.sh | sh
+        rm -f /etc/openmptcprouter-vps-admin/update
+        reboot
+fi
+if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then
+        LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh
+        rm -f /etc/openmptcprouter-vps-admin/update-bin
+        #reboot
+fi
diff --git a/omr-update.service.in b/omr-update.service.in
index 1a21135..231803a 100644
--- a/omr-update.service.in
+++ b/omr-update.service.in
@@ -4,11 +4,10 @@ After=network.target network-online.target
 
 [Service]
 Type=simple
-Restart=no
-Environment="SOURCES=no"
-Environment="REINSTALL=no"
-Environment="LOCALFILES=yes"
-ExecStart=/usr/share/omr-server/debian9-x86_64.sh
+Restart=never
+ExecStart=/usr/bin/omr-update
+#ExecStart=/usr/share/omr-server/debian9-x86_64.sh
+AmbientCapabilities=
 StandardOutput=file:/var/log/omr-update.log
 StandardError=file:/var/log/omr-update.log
 

From 4b8a9432cd91f68f38d26ad56e33b170715cc0b4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 9 May 2021 08:35:34 +0000
Subject: [PATCH 52/55] Replace gitee by gitlab

---
 debian9-x86_64.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index a75b4a4..9e9b397 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -143,7 +143,8 @@ fi
 [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
 	echo "Update ${REPO} key"
 	if [ "$CHINA" = "yes" ]; then
-		wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
+		#wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
+		wget -O - https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
 	else
 		wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
 	fi
@@ -188,7 +189,8 @@ if [ "$CHINA" = "yes" ]; then
 	echo "Install git..."
 	apt-get -y install git
 	if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then
-		git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
+		#git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
+		git clone https://gitlab.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
 	fi
 	cd /var/lib/openmptcprouter-vps-debian
 	git pull
@@ -200,7 +202,8 @@ if [ "$CHINA" = "yes" ]; then
 	echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list
 	cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add -
 	if [ ! -d /usr/share/omr-server-git ]; then
-	git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
+		#git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
+		git clone https://gitlab.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
 	fi
 	cd /usr/share/omr-server-git
 	git pull

From a02b30624347dfc4d056c180c2f0300cff61a615 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 9 May 2021 08:35:55 +0000
Subject: [PATCH 53/55] Check wireguard ip

---
 omr-service | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/omr-service b/omr-service
index ff51abe..d6d751d 100755
--- a/omr-service
+++ b/omr-service
@@ -44,6 +44,10 @@ _dsvpn() {
 	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
 }
 
+_wireguard() {
+	[ -n "$(ip a show dev wg0)" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
+}
+
 
 _omr_api() {
 	[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
@@ -115,6 +119,7 @@ while true; do
 	_glorytun_udp
 	_glorytun_tcp
 	_dsvpn
+	_wireguard
 	_multipath
 	_omr_api
 	_lan_route

From c19bade451c2e9380edaf539f38208af962370b4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 8 Jun 2021 17:42:39 +0000
Subject: [PATCH 54/55] Add latest omr vps script changes

---
 debian/control                   |   4 ++--
 debian9-x86_64.sh                |  20 ++++++++++++++------
 omr-service                      |  11 ++++++++++-
 openmptcprouter-shorewall.tar.gz | Bin 4106 -> 4136 bytes
 shadowsocks.conf                 |   3 +++
 shorewall4/snat                  |   9 ++++++++-
 6 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/debian/control b/debian/control
index 0da3629..72af96a 100644
--- a/debian/control
+++ b/debian/control
@@ -17,8 +17,8 @@ Depends:
  unzip,
  tracebox,
  omr-iperf3,
- omr-shadowsocks-libev (= 3.3.5-1),
- omr-vps-admin (= 0.3+20210304),
+ omr-shadowsocks-libev (= 3.3.5-2),
+ omr-vps-admin (= 0.3+20210508),
  omr-simple-obfs,
  omr-mlvpn (= 3.0.0+20201216.git.2263bab),
  omr-glorytun (= 0.3.4-4),
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 9e9b397..99f120a 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -31,7 +31,7 @@ WIREGUARD=${WIREGUARD:-yes}
 SOURCES=${SOURCES:-no}
 NOINTERNET=${NOINTERNET:-no}
 REINSTALL=${REINSTALL:-yes}
-SPEEDTEST=${SPEEDTEST:-no}
+SPEEDTEST=${SPEEDTEST:-yes}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
 KERNEL_VERSION="5.4.100"
@@ -53,8 +53,8 @@ DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.35.1"
 V2RAY_PLUGIN_VERSION="4.35.1"
 EASYRSA_VERSION="3.0.6"
-SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a"
-SHADOWSOCKS_BINARY_VERSION="3.3.5-1"
+SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead"
+SHADOWSOCKS_BINARY_VERSION="3.3.5-2"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server-test"
@@ -100,6 +100,13 @@ if [ "$ARCH" != "amd64" ]; then
 	exit 1
 fi
 
+echo "Check virtualized environment"
+VIRT="$(systemd-detect-virt 2>/dev/null || true)"
+if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then
+	echo "Container are not supported: kernel can't be modified."
+	exit 1
+fi
+
 # Check if DPKG is locked and for broken packages
 #dpkg -i /dev/zero 2>/dev/null
 #if [ "$?" -eq 2 ]; then
@@ -269,6 +276,7 @@ else
 		apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
 	fi
 fi
+
 # Check if mptcp kernel is grub default kernel
 echo "Set MPTCP kernel as grub default..."
 if [ "$LOCALFILES" = "no" ]; then
@@ -280,7 +288,7 @@ fi
 rm -f /etc/grub.d/30_os-prober
 bash update-grub.sh ${KERNEL_VERSION}-mptcp
 bash update-grub.sh ${KERNEL_RELEASE}
-sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
+[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
 
 echo "Install tracebox OpenMPTCProuter edition"
 apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
@@ -1240,9 +1248,9 @@ if [ "$TLS" = "yes" ]; then
 fi
 
 if [ "$SPEEDTEST" = "yes" ]; then
-	if [ ! -f /usr/share/omr-server/speedtest/test.img ]; then
+	mkdir -p /usr/share/omr-server/speedtest
+	if [ ! -f /usr/share/omr-server/speedtest/test.img ] && [ "$(df /usr/share/omr-server/speedtest | awk '/[0-9]%/{print $(NF-2)}')" -gt 2000000 ]; then
 		echo "Generate speedtest image..."
-		mkdir -p /usr/share/omr-server/speedtest
 		dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576
 		echo "Done"
 	fi
diff --git a/omr-service b/omr-service
index d6d751d..e1eaa5e 100755
--- a/omr-service
+++ b/omr-service
@@ -44,8 +44,15 @@ _dsvpn() {
 	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
 }
 
+_shadowsocks() {
+	[ -z "$(pgrep ss-server)" ] && {
+		logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks"
+		systemctl restart shadowsocks-libev-manager@manager
+	}
+}
+
 _wireguard() {
-	[ -n "$(ip a show dev wg0)" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
+	[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
 }
 
 
@@ -113,11 +120,13 @@ _openvpn_bonding() {
 	fi
 }
 
+sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null
 modprobe bonding 2>&1 >/dev/null
 ip link add omr-bonding type bond 2>&1 >/dev/null
 while true; do
 	_glorytun_udp
 	_glorytun_tcp
+	_shadowsocks
 	_dsvpn
 	_wireguard
 	_multipath
diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index f45840887cfcf10e3701975cb3de7fd86e8e40d0..356841434047882f570e6ccb2c8c8c84ccfd1e9a 100644
GIT binary patch
delta 4121
zcmV+!5a#cSAgCaJABzY8l5?7100Zqje{-YAj`J`66kW;O+nKr~HpD+RdF9(9fNd@q
zSis3<>#8VXlZ0B^_yA8fw>97Wq;9|%JL7pfcILf3lo<nRwbbfXOKNBshx2(7dE?*S
z9S#}*?Pil60m?_d1LypChi?kaM*F<;uEF!ocKaP^9I#D)IV|JEiwJoag<<j~x?Sb}
zqHtV0CiYVp`On^TN={En-A~5#IK$M(nSIodvKK}qm_LNk%u9lBPQ3eYnGhc+0zZZl
zk~{@5c?hQd2}xcSJ~^6sbCPpA&AA-`yPtZ7H546kUORphs2z)vqZ&HLakeqCB!%N-
z#dbK(v<%08;AGRV;KHVdk*!#qeXBaspjP`Scp&e^kz))L%~UL#{OxbVbtT7jM60hj
zjKFopp{UEE%ZO@{bNS>?7k+f<K_5)KOVi*^IsCVrEI7W=__0y@$)8Vxhpc|jF*hqe
zB#TweWW3-6zEo{+E}U=HvqZZjvBO^!%6~q)IOo@YIrAN%+$7bKHdzPJc)en~-R_hs
z>WXuv8n&z3oAu{@avy~8={zpA@Vv~$G`DrhVo~lBX!&`msx9iuX4Tl6`=z$G+U;^x
zb&JqASgg0U)o7P{%hre6YR+e+s(iaVhR)WpPu2z>Yql>|71{Ay=YKFy{OG|O`|&=!
z$#&R(;r|6*Xuso|5C__=&UvGW{=a=LRQ~@hVBP<J@}n62dh@J7PKoW!7E_<7xrvY-
zcy<ErpCr%WX>K|M-1<ZCxQu8}I0KGSxOj<z$ESpRkUkOthW}J(@J(|60ujP52y}dJ
zMk9-ZfnyrnM_%+oFos0FPvY<)dG;dz@8l(aT#_+_lE|L~F+`jDW#W?{A>di-VFdMO
zA<TvsL@nnNKcZrwd9#>=5A>q1kBH{SF_iWFxgU8`VlMBe!5AuQ!PuY2KJj9*KwSLf
zPqMc5upxHZ5D0+4o~rqG;s;QUva?<j&iG7P%JGCiUw!ZrY=1<;1y=kBjea3h4_cRh
z)jXqJV1pp6i{X=4iYO12v*h=L_V>dwLSba$Ctfg(p~C52VGpr=<w=hA9nkYsLD)Oz
z<6jM3A%v*9qgXvr!gB<}#8knqL9pW9Lo{<$EaWCn<HZTYjfbiC7@tJYLq7BfD1I^z
z<JmHLh)-e|>akCYx{cbW#hiOgPLt(-{NFh)r^z^E#o*f+$##m_6n<Z=|0UkfkFOR@
z;x93MjQrCjOqSQ06wad4`w&9V{BaA#_x5TPd@U@z$eSH7_9N_C{|Q2~wEk;!I*ls+
zzXj}C|1tZZ@kxy1;Bii)*C#Iuy!$D{h2)7vH!}AjW<rSaSuj%*jN<X~@zIZe6DXl{
zSv4~EW>ELue}u5|3}F<QlH~$&UI_9Kho^p$(8!vE1mit8nI!~ejE*zN48mEV0pO%2
zgvOpZwD*Owqru8w(`*rikGUqw?=-Wy#0!o&_pYBjHPWjqNwl3Vf8IC~S`gD4cx<I*
zX<X>8yZ-25%wO<77MYU|rJh`W#Yf0u#$h!1$mACy498BWe0G|JA(kTfP%~am6HpRV
zx@YM^41I~2OTaP@#+y8OkiqyqbZ-<uXU=m`s3*sjl;d7iXV2kQ)g^5tD}<TV88oPj
zg5dJK=fwXfSPjJCWbE+&5CPid`+u$0dFB7#0`k<BI>7JUnhM?;-oopD?wtRf&H3M{
z?*G3D+?cj2%CgnvX(B-X^EG2=ZD55O(lTGcR<w<3o%b&fi*Oo@Uk)o{=kvdIgWmrY
zgpSZ|3poE9jb=6f-vYkk{;x?*q`LQ8-TQs@-Y@ea`@ipd%pTN|4Dfj^DS&Bcs&u!y
z){H*Ulp96MuGOLHTwaZTEZeE!ZOdX^0&AYNYf+LE)7c<<c-}@;!jf{WSIAzGSw`dZ
zD1vMmCcW*-(I0vV^Jbuso}p>Rt*ZC4z8H?6i>?%+iJ&v^;W+wZDgUKN&<W-FA1$Yc
zeDp_QhyQOjo8|o<KwdrndlUEy|8Jp*e5?CEfwN8(1OCD>fO?XDy@!DB1leAp+yj>a
z(PkvVJwye3nclF}zN(8^U?P_2D8>4?;iwMBp=e#>wPffzjb3TFqYl^T2Vft#6)A5Y
z-K$hAr<+NR$)5w<1eF~>*dKFzS?yvI5&D)fGHXBC3hO;l(^eNyRlL$vd!WcGq@`%k
z69t5---w!8K#X*M#}cLMB8{%x)^gS4aQ;Jr5i@*7Z#4JE)O;7g__yVPJuSdlg}0iI
zYwG-yHw`8qFoL31y8>@AUeLM8Kpc<#MM7lVE=Y=3G9H4|ttDY5^Er%g>l{@1z+ye?
z%lEz8H94$xxg4sD8O$Fk?|RDa#?*lb(M4Y6%mY|&(3Hi0L7msd?NDVG?@Sdr3Ku1&
zNB7?3i1zvahI9Yy4Ba<bME)o6GR#Fz!<78qr!}WxIPoWE)In0g*}!cM-8Q|q(cpuS
zbRY}nLWM5EC?Wqr+AYXRsN0R7yh->RhvVO3+SbQu7`-IRISJ=$y#!2|)U|FXi!NIh
zJyKz(?N;l5y!8+BSWY&1d_g_i9%RG0mxc?1K*h-e$;9r02st4uTirA!oCrYs@I1)|
zi39F5sill8i0%=zm`+1F7?cH%Oxw+ii;E)n@iaiQDNgXzLXTx#bU6C73t3;j&u(Y2
z&4Q<t)fcGf9=(+6d*^3|hCF_sVJ3GN8DGx-d4X?#w=n;2wmPjAFJS&JG+Wj4|2KiX
z=S>(@R{8x+ni{vZY%N$fJyvsj5=tL)`w8v?_=-%FvO8k@hTeSPJwj$bjYDwS(_jwg
z33*DA#bv$z{QP{jss^5*K4bK8sc~md$!xm+yBi#r`c#`ZL?jmcj))1@3W3~-ToDb<
z<h{#(twADYIV00mbV$e)xqIiwwL@sf)Vl#CEKtS(HC0gYZvP71DAtu>tIl1QKcFH2
zCJaj-_1V7;rr1}k?g5+MgWk8G?YE$VMzsBF&{Hkt7E=C0DgjFlFr+^GsW3<S`&Z&h
zgT)4{QXE$^`Yyeh2>PU}k~JKjU*XC`m(weMSiCu^sM}pVWQdhr3KRjI18WyX-BUHC
zTmR%mbx3;aGe3^e@vtJg+qHX?`_apPi}BwPEp^1cp=)=U5V`~dmP1i0H5(mit(LB^
z)|zgaAl*@{4PyH>{BUITHnFK60sKmn;*Q`TIRjL!=18X7)5N~L!6IMXt+j98qk7DL
zq18xW_zu{OL3A)CgY-C@66j-b9W8=A$#9g@X(9ow0cR?f@88Zu%f#idVuQM{*zc)*
z*A$&W_vrl}cqyya=T%o;zW>7>h?cUB1#{>thH3(~TVKWzlz5R}|2=UZ{V-V6H3bZJ
zB}FyqkF7Y=0HtecfnYd>JOT>jQmg5IJ;=<FfHkHb-v{%{I{l#%^0WM88jihb`4Z`%
zd8T4%-Hg1x@S`c(qwN@$LWM_uoPaW5NdtrV4%Z$i;6W&T`~(G~EBnsI)^?AM(2x$}
zTx1yJ9+<!g%)z0?AZ4Zk#!)9jim@<;9l#XmTF8}^o;cE+?i|*}1viwTkFKJB(3_0C
zIAM$6li_lj1cmDfEV%VBv0q><lTRj!P49XX(YQL7bvyDG1?*7`IeoRnBe0gAN6JW9
zZ~7J#d;0JXFg{EGv0y9*Fq#&OrO8P!nnOCWIPniKt`>Mb$r$2mf!!ZsST?`^1C!SH
zGo0XZ;`4vL|08~h6Myy@CiujE$BnKu?fv{i&9VoDy7ALy6~K(c8NOQx<Ok`mQo=xe
zrn#CH2bl;41O!#@vy^mo?NTq+Wjj=%K$czAbRi^*w!*?KqHI{vmyknMS8egiR&)nW
z<t*97w>hzU0lh+`uXnBxL-AUne6B=Wm0T7Z8RvX{c8?&UpQQQ0NgmFB(1fLdsOqjQ
zS>S|Iu97AW&7sYBNSY#AF1R#SWDHGBahO1uDG-HWg1X=?4Q+(CJsFv-Ad%|~6dmtY
zWJrh3FVtT(@g@e7AfxV@0=SztLx3ZNER&t;m@J5xyvTRDI0Ow>T2Z#jFDBTZOP?&N
zik%}3%SnR<L-j<+1gH~#qnsgqxfLzhW%}VAZ4i-lE`*@I4$gk0U+cy#bepBJ0EIPG
z=mHSsfa&9~k633MtGcG@3UG3yK}Lyj%mpzzSV!6nu!vMNT97fX)vguAbS=kqRw9m3
z<@8-k+og#Vt(>J#>xPzN9gU_~dLMdoec3b=p?_rdxPXa3ja?Xj`Me*{4p<3T<H*!a
znKgxVqHB+OJ@uFFZ%6>{QKj3@Df!4zesS^EzcF&U?FNMB5rjw!t`yhmNw`Uy65=-T
zq57-RZLH4S!feuM9!PyKYbfS`%FiQ6*xmfir<95&bu==2QId!2%y%>4O!cgYqEKl&
z!#imB#fiw8%q9?jBeKOCXkwlOArVE<fo0c@ly|iq;G;-}`UOVL$p}nKg=uPbj|6f~
z|M1AepRoRixdYBjs9@ZvayE?_&KhM+7}*6)(^-Hxb8rV9K-65ACk0Y4trdbL`(UPu
zZNpkF?F=+gun$Qzq1?`=@vUK9i_j~&%qst?Scc2`kX{-fx+36D_w+En-J}W4HF$R?
z&3SF`?b#BYdiX=Gt-vvvlY|X8e~{imy2b^vNbX<&N5t8`Se$cLs)K$!n@JnjMz6;f
z8AH*&&Pvgk*?F~X^q&Y~$T$xzW7qrt=e&UXKb!4lhi|g|Kh0LP|MN|t^!{JA=La+C
z`p}F2XX!`Y#P`2(`%k;t`STav`GY>>C|4wXwzBKF3av$-t57v(fG#%Tf1ha|(UuPf
zaa;HQaP-?jn88XM=5oc)2ywUrh<<MfNUy{zRa2ci=ro9tKaUhkl!0sZwnejZ)~E~3
zlmD)91>}!gkgdixB)<(QY(t)JLpHY|TSa91f{_7^Z>P8pOoBE;2`TCVQ9q_+T;V$k
zXe!`g*u#5#m=BW^W(2hafBM)kf4(2rj*;@i`|L%Pj~v%Hqkr`Vu*}~{sgjC61#uEC
z7XIX*+kkh*f1$&^|I^|5hS0+2|3dZspSOY6_W!mDxj?~0{&XI|3snm6S55&6HgbU1
zK)!J^?s~m%+7w&d44YnW?4V1(_mf|rZcv<-IHxtXamqdo^!1#we;OOK*=K}yb77Pl
zWZ5T!b~9j<8)WQLMZ2qSZ9e^$(eAoHw)vV%1+PFdKKvH|cfJ43x6AMU2z;wm#s9Z}
z<MM~k7&v!k0io)rSE4T8s<M;6VqlD%6|z?NL>j03&OXLdTP5clr>0-%`QG|gunxEp
z|2x0`$G0}W|J80*Z{L4-6Znev|9(Xisb2rCvj11Jf9gaIkoKqF=FEao`Y|+8236lc
zWg+UTbN$zNXCGk8UgXYSWyxNX2^OE4`8(tEqDnq1sGx!hDyX1>3M#0ef(k0Apn?i2
XsGx!hDyX1>?+X71gZNS90C)fZ9&A2V

delta 4091
zcmV<X4+QY2Ac`P=ABzY8F_J%E00ZqjVRNHMuJaZDimqhd?M%Hmwu$X*a^<&=0Jgbc
zU;!tatye`6n<UiQ;0JiJd0X?}PwEDYu``~#u`_r3P-YCM)l#clEvcbl5(YsMxs%`C
z9S)iR-FBNE0m{eLIh?o7&RcE1-Rz#7ziYNy?QZuSX&$hDO*t&%#El4f7lmQ+CAwYZ
z|E6$UJ0{js7<td`Y)0yJ((sZ=BhE05NoF54r0j<g@q>pjn!AY~2E@G&mkIHJ!uMh*
zA<2^;lLvq1osi^Z;gO@c8<3n^J?C}=?0)L&=18!~S?%~upmr>XwxVks$65N=6lIQ+
zWXt9_!_;kmos$gRgbRxv#+Gby)~#ZT!&>bp|AD+0#<o6`RYNu{@|V95#}RGE7R-Tc
zGXlpEMuH{@4kN0G_T`f|TX@l>3w<zkFAbfmbNFvLU2v^t^T%fGCoh=#4_W=bZERM4
zNEWM_$z;Lttx~n&8Gp7}&lIeZ#Pilgq5S95i?h~$I_K6oUv83OikqzcXtG|h+wGp0
zDr&NQrRbKUS)26(FS+-_xE{o%7M_*47{<0PSuDzZ0xdr)RkZ|7-mDtCfmdpKr`s)8
zRkjF?{l$7~JI!vnw=8Y6t!6MURc&?4V`y(3`($nKv1a#TRgoRPb^iN7;zbYc#EbXg
zO}4{-4*$=$`0l$_8{$B>bAHxrqyO)o@s<C73t0F6pS&nWzurD=k~*>6`C{e~B{vb$
z2hUEx{gdQ5tmmdfz^y;{kIRS#g;U@thKrZTe|$>F2k|4}VfgEOv(+Z|FAyQTf<W7I
z=QOg|7&vDBedI<j1Y=0#c_a=Wl4m#a{z_hd!X=qND2cqOA49acUnU;$69S&K5k^pd
z9>Q#RLDVvsdJz=^&6~$0e4rNtZA?@zj-hPe1zzONh_Sq%`4gzD`V%jRJ>te>fw=g|
zn`Uk8V?(U8ArJt8Jyr9s#PgvXWoNy{pSCh-DaR86ef7aju>BDU7g+HlH2Q_iTxeZ?
zR`Zm0fdzuFE{0EH%7QeKPm|vh+TRb$2!)ZUm$?2ch6?q)!X9G#%99-JJD}&O0>5|8
z$G_^DObAglTQ>WGi025pfvJL3gJ8wIhiK*~SjbJECW{k@8xJ%0F+Pc)hdk&JQ2Zna
z<M}drh)-e|>WN2-dd=FWMZi5K^<)`;{3pldG#Q7i7<@Y;*-kN^!SAc}zr_3b@ztVf
z{3WK3kyl^BWO=Pg;XJC}hY*5-$1N1!+pAUZwXkp_cYeUwkFaa~$Mfyd`mcF@-mK#P
zTfnaMAF~e{pM*H}9|Ib_KDm+a-p?Q|Bu^~5k-&qP2_ed3!AwaoipR^xM=wr)poG$8
z)kxsZq3*r+2w~+J!YD8$%LU}T5ab~a&%7j|ku?bk#(QuwO9;vs9p{i4g!4iJz)4LB
zjXeRh_l2^f!OC0HY!QWzxhC@OG_$$H3ywMWo|il|)2k~{u<Tyzta-|JAf`9**h$OM
zxX@d7{n5jub<z5<$eesA_2eplK0+2V38U#pCchA2ICetiv(qdLu@uRJn(=a$fRdon
zJxdp2=u6C8e3p4I-sH)J494@Idm|q@Gss1uo*Y+Fj(b&|J%?LG6V<UK6J}PY(4aC3
zg3I@w6aSxJH4ulBvBUpE1n8FU|8+WNmH&SW$WvSD0Ka!@DtK#n3$MF>bN-)i&j0i3
z{{Nf6jbS;0B$>SyO$6xwR!tw78(6-Ew9Hqq6>YOx=l$EmBAoe?m&3}~`TVcjr1yV$
z{+#c2d7S^vX1kjIZvkI%|JR@<Qr-Kl?)|=c@0WRz{onUJW)Esf2Kc;|6u{6`MZ8;G
ztNMVb@{O!!*UCt-FR#Xbre)Xgwq>y{fi=(CwIGVJVQ-K<Ja3~aVM)2xD`c<8ETeIH
z6hSg|gWh)K=nuVwc{7wrUsqNAR?!AoUyR1kMOQLW1<)Dza2)+H<-f@ybV7OlN6XnE
zAN^6-;s4w1c6t8?kXO(D-UPnF|C?wc-|GHP;OxAL0e|8cKt0KS-b285f^4r)?tx2z
zXfqPw9-;!iOs|{DK+%LOFcDL*<zju@aMXa~NHDMQTGTa-Mz6HoRz_>|L$D9rij=pH
z?o}$5)6FEu<evlF1eF~>SRZqIS?yvI5eB9{HfldvGV47-RaX~KRk%_WYbZ-Aq$#V=
z69t5#-3Y2uK#Vni+Z4p>B8?{B)^gRPF!&+Ch#5YkHwwH7HQ$9l`E9viPYZBX;jQN5
zni70+Xa4j9Mo`phSKv)13pzI$2$PAoNQk6a1xfKr#)F@_wIs}BK8F!*or5YLSgdD#
z`M!U<CWo~ymqV2?{NR!DZlvsP3=N17UF22HJb?8EO<5d&)OlUp4pnyX&Qy`2a8Y7<
zbni}&XrKRI7<i|r=)TD!@;-r=VJ>nOrsVe?tvL(BsW&~P4w4Ga25xicw&}f%1|Ni^
z16eQ^Ds&M>3HdM5?LbyS-EREkPQ&LooctEkwm#0n=p|VOBn;Mi379geYu!*5UA8QG
zq{8amPUozD^AGb_PB(dcK|RYFX2ZFchVwj6#Ysca!0v(wIVCGw-83eg2tfPrJk17)
z1MW1brHo97?h&+@PD45vltl}fcH0*h7e(%qnU7{uoZzX29!r{FbM$E!vc7zu-Ogg0
z1?!a67pUkSy_D*E=Vyn8Jbs^ICU+PaU(Wwqe5>1k!Ti77Iq!5@Jm&v=yHh>?e-qey
z-h@$QmEYf_sc~n^)`E4@V>P!Yq4Y7gm*75tugF9xyCcSL<OU1(5i<K(9D>uH`2n0K
z<S9uOmyO2r^YiJd8hC=noYBXn#+^PT^V$CIZg5=cQ!Qc>ftc_+CI(!~1ac>GMN~MG
z_Aa-728ozyj}1rGAR&{b-klfM4xt@W?*^1GK^Yy?R6xbM{VQ}Mn^(G}*mu3w0Tlr-
zU|0sI&;E5Vgn?}K4%qxY^u7sgzXcssqV8XVzGBL^kn$f=30QJ~Ar0V9fjKhRzY<p}
zEH+@3VmqonaOllM&?jA$tl{wd3RfnYlwQGq;>}hB&FX0(L#*tQrwHgASi3OlzM{&#
z#wRywK+@ZodvT18hZWJ?uDzq&k6!*qjQ@^ksVxk2O})#6&?OkK90_8n+2}}XwRDBG
z)^yVV>9%Zc5L>U|M`N?UiB0_o;8&UycLe*%DWGaKTQr=$Dh#X*7WwLKt$q6*)ng8S
ztwsdHx4~|7qJc5#q|f1$Kp%_iXaVd=f}@m96A@^2I8(5E|8^#r1}=wX3)F?heqR|l
zhF}kSNALf@OGz<5ue$Q`{U6p)Fy(bDn8QHU6$7xn#xjne#Erbh?}_v1h5n+U%3!!F
zDT+aVEZL?8C|*+w1jEs#F;F0vT21SJLuQTytTB!F-VZJt^oL5w&+?O5IB{p?OQeJ5
z8M3MNGV;d4i)Lt#maUsI6&`tU0?L3T4Rz)_9BU|p2ch)w6BLZEtUC)^+dDc!LpqFe
zkzkPfU;<+>2b&s$n3)O~M}v$g#>5zQ08^lAAxDz?!dSI?0j!M+ZYV<^T}7dPJDs?3
z!WO|Nqvb5|3)fRvaBE>=y}()~pG*{+-t{P=adj?fR^%-T*rOV9`f7<sU@bq7<*~fp
z^erg%^x+?1e3$@Y!dMPrG))*wgA-viM|5Oy;vZmKP4If6KEl@mdq2dmY<~X-Cav*j
zIKkz_=l_2HNBj~e-uyF6@TrG?8(nGI`}v2OX$=c?<EPCkfSH7Ie76wD57J+ygn{}@
zV>K-fG7)qL2#PjfDe3Ckp<b-VcBn#uBsq%VKu8uWnT1<KS+JrnAxDa)Si+ShYc`xp
zS+a|7b7J=bdWA?|?_429!nI8KTnUyUIxIFa&iVZ89YI7tN%Mn~Je;9_35!EP(Hu)O
z!3n2aMO7FXBa876Rar0{aA~Ya9~r7_Gl4KuAPU0-b--Qf>KJc(GBQa<BF7%e8s4qQ
zkT#uPsJ~+1O$;VMLfusva5r6s07nX0COg$ISr9OJk?u5M1RAciqHN_~46r|kK3P;`
zD@W?4odykt>I;wwP$x!zIYat#E0~hQ^us&aAR_Br2tfl4oc&n4*7RHGHdA2%3TrCR
z1t7`>)5l>Sv(7kHG*!`L;AD%#j1uFR17b9=j<gwI5vgdjAU&wnu4UP9Oxv+nB92kz
z^j%BKp@|f&oTX3ehL&S(m8MwQ0D5zM*)$TMe<b#}fQdkj9T@q4ydTgGSP59;*w74#
zHHCGeV~zWL<(J-XNC56pq1(?X`Pi0!aq!l^KDK+^CWPlPgh&&vWXJ4_xJjE5;x_S-
z@~hlyuFjppY|>~RNPRGCDCU6j&tpi~o&3$Gl!_*GG%~wUl85WecQfHk^{j}ZP-!c}
z+i3X3iO8DFCJ-ZkvV<FGVx9yc5k=8~W!JWtceUl?qezDO1xC)!2n<t!X=?P2cydPn
z@YsSse*F(~2b`HuLBCO?Y#KA1InJ6ewhEf2vjB0%@D4nHpgJ&53Z!6KD+EjS!Axb#
zg0)=Q8EB$lAEIDDxs^}jTiv`CpjR}BRsK~rb%*sKz0@@yna7`A{V=}Wpb5=2cy~L^
zc`fkm*%F<4_(QI(z%dz<g$+1=h~7cE#s#uK?qC4N#NNMHoO4%-jeb0vNgLOCzt0vK
zBf+}PO3|3vd9`iyUkGBzI1epj*ZcoXcK^S)|EJxl_J6+#l-~c#_WWQb-59y?|1Q1A
zoqFCkZvW|4JAeMfJAcrJ9Oa6n&sKIlSE04&a}}!Q9MHu^{44Dv+VbIlAa3jaAC7)I
z2s2ob!(6WT86ggL0MYLa0qK=+rKpO12b~5n^5?N^3KDQl-?nI;HXE(($^X<qPOEzX
zxb`~k9PF*jP<)EIK-7;Z8CUpZ0gehxX7-#MpPR!x0OO;bPM^@_kJ97XF;aebpS=_E
zk>i@D^smtbmig-+Rs8;c^FW-0i-k8m=r-V8@&AlJXW#!hZ?&3y2cQ4*)%Sni2436$
z+bQG%1rzzF^MDp#r2v2C6rf-u2Y3zS8#m*w*ZZbTvBk}>>Gj4Ay7YTL`E`ARqF&;h
z*4V}=`!vwkbINLL&}N?z+RcSgZjfc44BE|rQErg2PZjO1zP0&(^jk)|>jK&4Yc3VM
z0?Fj?UjW?o{&%Zee*cGWbvjl2e+xJ+fB1}neP<L9idMf8H0f56?EDo2eQd9gwZbRT
zIQe(>F`n9L#lUe&`h}kFt#1YEfE)3@^ZS3T&gS>Oy6x)z-<!Z!y#Mzrnn?Bfca{CW
zn*CEJa)7iy{WfP(7L3x5p^-8u+6F2MQD2?wzs5WJ09*DVcm66%_L_{p_|(qd8K)Oj
t@>xLz6;x0`1r=0KK?N05P(cM1R8T<$6;x0`1r>Z(_&YCMBK81y001LV57qzx

diff --git a/shadowsocks.conf b/shadowsocks.conf
index 302bbe0..5fb5da0 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -23,6 +23,8 @@ net.ipv4.tcp_tw_reuse = 1
 #net.ipv4.tcp_tw_recycle = 0
 # short FIN timeout
 net.ipv4.tcp_fin_timeout = 80
+# Increase max orphans
+net.ipv4.tcp_max_orphans = 16384
 # short keepalive time
 net.ipv4.tcp_keepalive_time = 7200
 # outbound port range
@@ -49,6 +51,7 @@ net.ipv4.tcp_congestion_control = cubic
 net.core.default_qdisc = fq
 # Default conntrack is too small
 net.netfilter.nf_conntrack_max = 131072
+net.netfilter.nf_conntrack_tcp_timeout_established = 86400
 
 net.ipv4.conf.all.log_martians = 0
 net.ipv4.conf.default.log_martians = 0
diff --git a/shorewall4/snat b/shorewall4/snat
index a240a09..8435e40 100644
--- a/shorewall4/snat
+++ b/shorewall4/snat
@@ -15,7 +15,14 @@
 ###########################################################################################################################################
 #ACTION			SOURCE			DEST            PROTO	PORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
 #
-MASQUERADE		10.255.0.0/16,\
+MASQUERADE		10.255.247.0/24,\
+			10.255.248.0/24,\
+			10.255.250.0/24,\
+			10.255.251.0/24,\
+			10.255.252.0/24,\
+			10.255.253.0/24,\
+			10.255.254.0/24,\
+			10.255.255.0/24,\
 			169.254.0.0/16,\
 			172.16.0.0/12,\
 			192.168.0.0/16		$NET_IFACE

From 33cf1b4718ad8ff70e1b0f6a451a4906808e0fe9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 14 Jun 2021 05:46:38 +0000
Subject: [PATCH 55/55] Update to 0.1026

---
 debian/changelog  | 6 ++++++
 debian9-x86_64.sh | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 33cf21b..12a86ee 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+omr-server (0.1026) unstable; urgency=medium
+
+    * Many changes
+
+ -- OpenMPTCProuter <contact@openmptcprouter.com>  Mon, 14 Jun 2021 07:43:42 +0200
+
 omr-server (0.1025-test) unstable; urgency=medium
 
     * Wireguard support and fixed
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 99f120a..098148c 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -62,7 +62,7 @@ VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}
 
-OMR_VERSION="0.1025-test"
+OMR_VERSION="0.1026"
 
 DIR=$( pwd )
 #"